Právě je 13 lis 2019 22:11

Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Všechny časy jsou v UTC + 1 hodina


Pravidla fóra


Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz



Odeslat nové téma Odpovědět na téma  [ Příspěvků: 8 ] 
Autor Zpráva
 Předmět příspěvku: Preventivní kontrola
PříspěvekNapsal: 16 úno 2019 15:48 
Offline
Návštěvník
Návštěvník

Registrován: 05 pro 2006 19:17
Příspěvky: 76
Dobrý den,

prosím o kontrolu, jde o poměrně čerstvou instalaci systému, ale i přes to reaguje značně pomalu.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.02.2019
Ran by Káťa (administrator) on LAPTOP-OJK0R611 (16-02-2019 15:40:11)
Running from C:\Users\Káťa\Desktop
Loaded Profiles: Káťa (Available Profiles: Káťa)
Platform: Windows 10 Home Version 1803 17134.590 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\DriverStore\FileRepository\c0328133.inf_amd64_4186281ba390473e\B325971\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1901.7-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1901.7-0\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Realtek) C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.580_none_ead976921d8220dc\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9279328 2018-09-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4436520 2018-04-19] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2018-07-15] (Ivaylo Beltchev -> IvoSoft)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [709152 2018-03-22] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [2097600 2018-02-23] (Realtek Semiconductor Corp. -> Realtek)
HKLM-x32\...\Winlogon: [Userinit]
HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\...\MountPoints2: {9cd68dad-fcbf-11e8-9487-d0c5d37d1a7c} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\...\MountPoints2: {9cd69005-fcbf-11e8-9487-d0c5d37d1a7c} - "F:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\Installer\chrmstp.exe [2019-02-15] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.119\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.17.1
Tcpip\..\Interfaces\{1dfb0327-3149-4dec-9e13-f578932cebd6}: [DhcpNameServer] 192.168.17.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {D364EFC1-7D57-4C49-8A57-6EB68479FE78} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {D364EFC1-7D57-4C49-8A57-6EB68479FE78} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1572241333-3680237035-3324955502-1001 -> {D364EFC1-7D57-4C49-8A57-6EB68479FE78} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-09-27] (HP Inc. -> HP Inc.)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-09-27] (HP Inc. -> HP Inc.)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)

FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-02-01] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default [2019-02-16]
CHR Extension: (Prezentace) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-05]
CHR Extension: (Dokumenty) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-05]
CHR Extension: (Disk Google) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-05]
CHR Extension: (YouTube) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-05]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-01-30]
CHR Extension: (Adobe Acrobat) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-12-05]
CHR Extension: (Tabulky) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-12-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-05]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-05]
CHR Extension: (Gmail) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-12-05]
CHR Extension: (Chrome Media Router) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-16]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\windows\System32\DriverStore\FileRepository\c0328133.inf_amd64_4186281ba390473e\B325971\atiesrxx.exe [489832 2018-05-08] (Advanced Micro Devices, Inc. -> AMD)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [679400 2018-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1322632 2017-12-13] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [477184 2017-10-06] (HP Inc. -> HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [268128 2018-09-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-11] (@ByELDI -> @ByELDI) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [351784 2018-04-19] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\NisSrv.exe [4096976 2019-01-25] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MsMpEng.exe [113992 2019-01-25] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\windows\System32\drivers\AmdAS4.sys [26984 2018-05-08] (Advanced Micro Devices Inc. -> Advanced Micro Devices, INC.)
R3 amdkmdag; C:\windows\System32\DriverStore\FileRepository\c0328133.inf_amd64_4186281ba390473e\B325971\atikmdag.sys [40413544 2018-05-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\windows\System32\DriverStore\FileRepository\c0328133.inf_amd64_4186281ba390473e\B325971\atikmpag.sys [553832 2018-05-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\windows\System32\drivers\amdpsp.sys [145792 2018-05-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\windows\system32\drivers\AtihdWT6.sys [111112 2018-05-08] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 rt640x64; C:\windows\System32\drivers\rt640x64.sys [1026896 2018-04-13] (Realtek Semiconductor Corp. -> Realtek )
R3 RtkBtFilter; C:\windows\system32\DRIVERS\RtkBtfilter.sys [784264 2018-05-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
S3 RTSUER; C:\windows\system32\Drivers\RtsUer.sys [424384 2018-03-28] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 RTWlanE; C:\windows\System32\drivers\rtwlane.sys [7904088 2018-04-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
R3 SmbDrv; C:\windows\system32\DRIVERS\Smb_driver_AMDASF.sys [45096 2018-04-19] (Synaptics Incorporated -> Synaptics Incorporated)
S3 SmbDrvI; C:\windows\System32\drivers\Smb_driver_Intel.sys [46632 2018-04-19] (Synaptics Incorporated -> Synaptics Incorporated)
S0 WdBoot; C:\windows\System32\drivers\wd\WdBoot.sys [46488 2019-01-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\windows\System32\drivers\wd\WdFilter.sys [343032 2019-01-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [63480 2019-01-25] (Microsoft Windows -> Microsoft Corporation)
U4 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2018-12-05] (Nemea Mjukvaruutveckling AB -> Basil Projects)
R3 WirelessButtonDriver64; C:\windows\System32\drivers\WirelessButtonDriver64.sys [35568 2018-08-31] (HP Inc. -> HP)
S3 H2OFFT; \SystemRoot\System32\drivers\H2OFFT64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-16 15:40 - 2019-02-16 15:41 - 000017541 _____ C:\Users\Káťa\Desktop\FRST.txt
2019-02-16 15:38 - 2019-02-16 15:40 - 000000000 ____D C:\FRST
2019-02-16 15:36 - 2019-02-16 15:37 - 002433536 _____ (Farbar) C:\Users\Káťa\Desktop\FRST64.exe
2019-02-16 15:20 - 2019-02-16 15:20 - 246546432 _____ C:\Users\Káťa\Downloads\A Discovery of Witches S01E04 CZtit V OBRAZE.avi.crdownload
2019-02-15 09:31 - 2019-02-06 08:54 - 004527584 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe
2019-02-15 09:31 - 2019-02-06 08:32 - 003648512 _____ (Microsoft Corporation) C:\windows\system32\win32kfull.sys
2019-02-15 09:31 - 2019-02-06 08:30 - 004052992 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2019-02-15 09:31 - 2019-02-06 04:01 - 001221432 _____ (Microsoft Corporation) C:\windows\system32\hvix64.exe
2019-02-15 09:31 - 2019-02-06 04:01 - 001029944 _____ (Microsoft Corporation) C:\windows\system32\hvax64.exe
2019-02-15 09:31 - 2019-02-06 04:00 - 009084432 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2019-02-15 09:31 - 2019-02-06 04:00 - 007520112 _____ (Microsoft Corporation) C:\windows\system32\Windows.Media.Protection.PlayReady.dll
2019-02-15 09:31 - 2019-02-06 04:00 - 006572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-15 09:31 - 2019-02-06 04:00 - 002421264 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2019-02-15 09:31 - 2019-02-06 03:41 - 025853952 _____ (Microsoft Corporation) C:\windows\system32\edgehtml.dll
2019-02-15 09:31 - 2019-02-06 03:33 - 022714880 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2019-02-15 09:31 - 2019-02-06 03:29 - 004865536 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2019-02-15 09:31 - 2019-02-06 03:27 - 000894464 _____ (Microsoft Corporation) C:\windows\system32\webplatstorageserver.dll
2019-02-15 09:31 - 2019-02-06 03:27 - 000808448 _____ (Microsoft Corporation) C:\windows\system32\EdgeManager.dll
2019-02-15 09:31 - 2019-02-06 03:26 - 007599616 _____ (Microsoft Corporation) C:\windows\system32\Chakra.dll
2019-02-15 09:31 - 2019-02-06 03:26 - 000726528 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2019-02-15 09:31 - 2019-02-06 03:26 - 000154112 _____ (Microsoft Corporation) C:\windows\system32\Chakradiag.dll
2019-02-15 09:31 - 2019-02-06 03:24 - 004937728 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2019-02-15 09:31 - 2019-02-06 03:22 - 000960512 _____ (Microsoft Corporation) C:\windows\system32\StorSvc.dll
2019-02-15 09:31 - 2019-01-09 18:41 - 012730368 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2019-02-15 09:31 - 2019-01-09 18:40 - 000171520 _____ (Microsoft Corporation) C:\windows\system32\itss.dll
2019-02-15 09:31 - 2019-01-09 06:42 - 001035232 _____ (Microsoft Corporation) C:\windows\system32\ApplyTrustOffline.exe
2019-02-15 09:31 - 2019-01-09 06:39 - 007436016 _____ (Microsoft Corporation) C:\windows\system32\windows.storage.dll
2019-02-15 09:31 - 2019-01-09 06:39 - 000789696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2019-02-15 09:31 - 2019-01-09 06:29 - 008188928 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2019-02-15 09:31 - 2019-01-09 06:27 - 004710912 _____ (Microsoft Corporation) C:\windows\system32\cdp.dll
2019-02-15 09:31 - 2019-01-09 06:27 - 004384256 _____ (Microsoft Corporation) C:\windows\system32\EdgeContent.dll
2019-02-15 09:31 - 2019-01-09 06:26 - 003396608 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentServer.dll
2019-02-15 09:31 - 2019-01-09 06:23 - 002368000 _____ (Microsoft Corporation) C:\windows\system32\WebRuntimeManager.dll
2019-02-15 09:31 - 2019-01-09 06:22 - 001551360 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentExtensions.desktop.dll
2019-02-15 09:31 - 2019-01-09 06:22 - 000624640 _____ (Microsoft Corporation) C:\windows\system32\PsmServiceExtHost.dll
2019-02-15 09:31 - 2019-01-09 06:21 - 002173440 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentExtensions.onecore.dll
2019-02-15 09:30 - 2019-02-06 08:53 - 001634704 _____ (Microsoft Corporation) C:\windows\system32\gdi32full.dll
2019-02-15 09:30 - 2019-02-06 08:35 - 000058368 _____ (Microsoft Corporation) C:\windows\system32\mf3216.dll
2019-02-15 09:30 - 2019-02-06 08:30 - 001662464 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2019-02-15 09:30 - 2019-02-06 08:30 - 001364992 _____ (Microsoft Corporation) C:\windows\system32\bcastdvruserservice.dll
2019-02-15 09:30 - 2019-02-06 08:11 - 001454648 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32full.dll
2019-02-15 09:30 - 2019-02-06 07:57 - 000044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf3216.dll
2019-02-15 09:30 - 2019-02-06 07:52 - 004053504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2019-02-15 09:30 - 2019-02-06 07:52 - 002891776 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32kfull.sys
2019-02-15 09:30 - 2019-02-06 07:52 - 001470976 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2019-02-15 09:30 - 2019-02-06 04:01 - 001989040 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2019-02-15 09:30 - 2019-02-06 04:01 - 000720480 _____ (Microsoft Corporation) C:\windows\SysWOW64\winhttp.dll
2019-02-15 09:30 - 2019-02-06 04:01 - 000566568 _____ (Microsoft Corporation) C:\windows\system32\tcblaunch.exe
2019-02-15 09:30 - 2019-02-06 04:01 - 000134968 _____ (Microsoft Corporation) C:\windows\system32\hvloader.dll
2019-02-15 09:30 - 2019-02-06 04:01 - 000076088 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hvservice.sys
2019-02-15 09:30 - 2019-02-06 04:01 - 000033576 _____ (Microsoft Corporation) C:\windows\SysWOW64\NtlmShared.dll
2019-02-15 09:30 - 2019-02-06 04:00 - 002719760 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2019-02-15 09:30 - 2019-02-06 04:00 - 002465792 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2019-02-15 09:30 - 2019-02-06 04:00 - 001257904 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2019-02-15 09:30 - 2019-02-06 04:00 - 001140680 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2019-02-15 09:30 - 2019-02-06 04:00 - 001130568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvproc.dll
2019-02-15 09:30 - 2019-02-06 04:00 - 001098272 _____ (Microsoft Corporation) C:\windows\system32\msvproc.dll
2019-02-15 09:30 - 2019-02-06 04:00 - 000945680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\refsv1.sys
2019-02-15 09:30 - 2019-02-06 04:00 - 000899728 _____ (Microsoft Corporation) C:\windows\system32\winhttp.dll
2019-02-15 09:30 - 2019-02-06 04:00 - 000466960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2019-02-15 09:30 - 2019-02-06 04:00 - 000376120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fastfat.sys
2019-02-15 09:30 - 2019-02-06 04:00 - 000043536 _____ (Microsoft Corporation) C:\windows\system32\browser_broker.exe
2019-02-15 09:30 - 2019-02-06 04:00 - 000038792 _____ (Microsoft Corporation) C:\windows\system32\NtlmShared.dll
2019-02-15 09:30 - 2019-02-06 03:59 - 001922064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\refs.sys
2019-02-15 09:30 - 2019-02-06 03:59 - 001457248 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2019-02-15 09:30 - 2019-02-06 03:59 - 000983128 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2019-02-15 09:30 - 2019-02-06 03:59 - 000144288 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2019-02-15 09:30 - 2019-02-06 03:52 - 022014464 _____ (Microsoft Corporation) C:\windows\SysWOW64\edgehtml.dll
2019-02-15 09:30 - 2019-02-06 03:45 - 019404288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2019-02-15 09:30 - 2019-02-06 03:42 - 003711488 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2019-02-15 09:30 - 2019-02-06 03:41 - 005307392 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2019-02-15 09:30 - 2019-02-06 03:40 - 005792256 _____ (Microsoft Corporation) C:\windows\SysWOW64\Chakra.dll
2019-02-15 09:30 - 2019-02-06 03:40 - 000021504 _____ (Microsoft Corporation) C:\windows\SysWOW64\npmproxy.dll
2019-02-15 09:30 - 2019-02-06 03:38 - 000608768 _____ (Microsoft Corporation) C:\windows\SysWOW64\EdgeManager.dll
2019-02-15 09:30 - 2019-02-06 03:38 - 000561152 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2019-02-15 09:30 - 2019-02-06 03:37 - 004515840 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2019-02-15 09:30 - 2019-02-06 03:37 - 000578560 _____ (Microsoft Corporation) C:\windows\SysWOW64\webplatstorageserver.dll
2019-02-15 09:30 - 2019-02-06 03:28 - 000046080 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2019-02-15 09:30 - 2019-02-06 03:28 - 000039936 _____ (Microsoft Corporation) C:\windows\system32\npmproxy.dll
2019-02-15 09:30 - 2019-02-06 03:27 - 000358912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\exfat.sys
2019-02-15 09:30 - 2019-02-06 03:27 - 000266752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2019-02-15 09:30 - 2019-02-06 03:26 - 000324608 _____ (Microsoft Corporation) C:\windows\system32\Drivers\udfs.sys
2019-02-15 09:30 - 2019-02-06 03:26 - 000174592 _____ (Microsoft Corporation) C:\windows\system32\wuuhosdeployment.dll
2019-02-15 09:30 - 2019-02-06 03:25 - 000736256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2019-02-15 09:30 - 2019-02-06 03:25 - 000507392 _____ (Microsoft Corporation) C:\windows\system32\netprofmsvc.dll
2019-02-15 09:30 - 2019-02-06 03:24 - 000466432 _____ (Microsoft Corporation) C:\windows\system32\wuuhext.dll
2019-02-15 09:30 - 2019-02-06 03:23 - 000393216 _____ (Microsoft Corporation) C:\windows\system32\WpAXHolder.dll
2019-02-15 09:30 - 2019-02-06 03:22 - 000885760 _____ (Microsoft Corporation) C:\windows\system32\MPSSVC.dll
2019-02-15 09:30 - 2019-02-06 03:21 - 000093696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cdfs.sys
2019-02-15 09:30 - 2019-02-06 02:04 - 000001314 _____ C:\windows\system32\tcbres.wim
2019-02-15 09:30 - 2019-01-12 09:56 - 001008640 _____ (Microsoft Corporation) C:\windows\system32\Windows.Media.MixedRealityCapture.dll
2019-02-15 09:30 - 2019-01-12 03:28 - 000352768 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrd3x40.dll
2019-02-15 09:30 - 2019-01-09 19:08 - 000309560 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2019-02-15 09:30 - 2019-01-09 18:57 - 000720536 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2019-02-15 09:30 - 2019-01-09 18:42 - 004716032 _____ (Microsoft Corporation) C:\windows\system32\twinui.pcshell.dll
2019-02-15 09:30 - 2019-01-09 18:41 - 000064000 _____ (Microsoft Corporation) C:\windows\system32\iemigplugin.dll
2019-02-15 09:30 - 2019-01-09 18:36 - 001054720 _____ (Microsoft Corporation) C:\windows\HelpPane.exe
2019-02-15 09:30 - 2019-01-09 18:35 - 002919936 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Logon.dll
2019-02-15 09:30 - 2019-01-09 11:14 - 000607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2019-02-15 09:30 - 2019-01-09 10:55 - 011919872 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2019-02-15 09:30 - 2019-01-09 10:55 - 000150016 _____ (Microsoft Corporation) C:\windows\SysWOW64\itss.dll
2019-02-15 09:30 - 2019-01-09 09:55 - 001285432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2019-02-15 09:30 - 2019-01-09 09:48 - 000527368 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
2019-02-15 09:30 - 2019-01-09 06:59 - 000611848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2019-02-15 09:30 - 2019-01-09 06:44 - 000078688 _____ (Microsoft Corporation) C:\windows\SysWOW64\wldp.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 006043496 _____ (Microsoft Corporation) C:\windows\SysWOW64\windows.storage.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 004789944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 002253480 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 001981280 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 001620264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 000607376 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 000581592 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSVideoDSP.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 000287640 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 000129088 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 000127744 _____ (Microsoft Corporation) C:\windows\SysWOW64\rmclient.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 000071456 _____ (Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
2019-02-15 09:30 - 2019-01-09 06:42 - 000092704 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bindflt.sys
2019-02-15 09:30 - 2019-01-09 06:40 - 002765336 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2019-02-15 09:30 - 2019-01-09 06:40 - 001063224 _____ (Microsoft Corporation) C:\windows\system32\SecConfig.efi
2019-02-15 09:30 - 2019-01-09 06:40 - 000432952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys
2019-02-15 09:30 - 2019-01-09 06:40 - 000226104 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2019-02-15 09:30 - 2019-01-09 06:40 - 000090872 _____ (Microsoft Corporation) C:\windows\system32\wldp.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 004404720 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 002571632 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 001943128 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 000713264 _____ (Microsoft Corporation) C:\windows\system32\MSVideoDSP.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 000349656 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 000269624 _____ (Microsoft Corporation) C:\windows\system32\browserbroker.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 000260800 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 000175416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spacedump.sys
2019-02-15 09:30 - 2019-01-09 06:39 - 000164192 _____ (Microsoft Corporation) C:\windows\system32\rmclient.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 000085472 _____ (Microsoft Corporation) C:\windows\system32\svchost.exe
2019-02-15 09:30 - 2019-01-09 06:33 - 016597504 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2019-02-15 09:30 - 2019-01-09 06:32 - 013878272 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2019-02-15 09:30 - 2019-01-09 06:29 - 002500096 _____ (Microsoft Corporation) C:\windows\system32\smartscreen.exe
2019-02-15 09:30 - 2019-01-09 06:27 - 001587712 _____ (Microsoft Corporation) C:\windows\system32\Windows.Globalization.dll
2019-02-15 09:30 - 2019-01-09 06:26 - 006661632 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2019-02-15 09:30 - 2019-01-09 06:26 - 002966016 _____ (Microsoft Corporation) C:\windows\SysWOW64\cdp.dll
2019-02-15 09:30 - 2019-01-09 06:25 - 000161792 _____ (Microsoft Corporation) C:\windows\system32\spacebridge.dll
2019-02-15 09:30 - 2019-01-09 06:24 - 000209408 _____ (Microsoft Corporation) C:\windows\system32\AppXApplicabilityBlob.dll
2019-02-15 09:30 - 2019-01-09 06:24 - 000174080 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-15 09:30 - 2019-01-09 06:24 - 000157184 _____ (Microsoft Corporation) C:\windows\SysWOW64\spacebridge.dll
2019-02-15 09:30 - 2019-01-09 06:23 - 001708544 _____ (Microsoft Corporation) C:\windows\system32\MSPhotography.dll
2019-02-15 09:30 - 2019-01-09 06:23 - 001361408 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSPhotography.dll
2019-02-15 09:30 - 2019-01-09 06:23 - 001189888 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Globalization.dll
2019-02-15 09:30 - 2019-01-09 06:23 - 000898560 _____ (Microsoft Corporation) C:\windows\system32\MusUpdateHandlers.dll
2019-02-15 09:30 - 2019-01-09 06:23 - 000145920 _____ (Microsoft Corporation) C:\windows\system32\srpapi.dll
2019-02-15 09:30 - 2019-01-09 06:23 - 000100864 _____ (Microsoft Corporation) C:\windows\system32\CapabilityAccessManagerClient.dll
2019-02-15 09:30 - 2019-01-09 06:23 - 000067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-15 09:30 - 2019-01-09 06:22 - 001395200 _____ (Microsoft Corporation) C:\windows\system32\TokenBroker.dll
2019-02-15 09:30 - 2019-01-09 06:22 - 000392704 _____ (Microsoft Corporation) C:\windows\system32\WaaSMedicSvc.dll
2019-02-15 09:30 - 2019-01-09 06:22 - 000333824 _____ (Microsoft Corporation) C:\windows\SysWOW64\edgeIso.dll
2019-02-15 09:30 - 2019-01-09 06:22 - 000266752 _____ (Microsoft Corporation) C:\windows\system32\CapabilityAccessManager.dll
2019-02-15 09:30 - 2019-01-09 06:22 - 000138752 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-15 09:30 - 2019-01-09 06:22 - 000126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\srpapi.dll
2019-02-15 09:30 - 2019-01-09 06:21 - 000197632 _____ (Microsoft Corporation) C:\windows\system32\smartscreenps.dll
2019-02-15 09:30 - 2019-01-09 06:21 - 000106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-15 09:30 - 2019-01-09 06:20 - 001000448 _____ (Microsoft Corporation) C:\windows\SysWOW64\TokenBroker.dll
2019-02-15 09:30 - 2019-01-09 06:20 - 000916480 _____ (Microsoft Corporation) C:\windows\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-15 09:30 - 2019-01-09 06:20 - 000607232 _____ (Microsoft Corporation) C:\windows\system32\updatehandlers.dll
2019-02-15 09:30 - 2019-01-09 06:20 - 000135680 _____ (Microsoft Corporation) C:\windows\SysWOW64\smartscreenps.dll
2019-02-15 09:30 - 2019-01-09 06:19 - 000678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-15 09:30 - 2019-01-09 06:19 - 000507392 _____ (Microsoft Corporation) C:\windows\system32\edgeIso.dll
2019-02-15 09:30 - 2019-01-09 06:19 - 000316928 _____ (Microsoft Corporation) C:\windows\system32\GlobCollationHost.dll
2019-02-15 09:30 - 2019-01-09 06:19 - 000251904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msIso.dll
2019-02-15 09:30 - 2019-01-09 06:18 - 000195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\GlobCollationHost.dll
2019-02-15 09:30 - 2019-01-09 05:34 - 000806320 _____ C:\windows\SysWOW64\locale.nls
2019-02-15 09:30 - 2019-01-09 05:34 - 000806320 _____ C:\windows\system32\locale.nls
2019-02-15 09:30 - 2019-01-08 10:08 - 000868864 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-15 09:30 - 2019-01-08 04:06 - 001311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msjet40.dll
2019-02-15 09:30 - 2019-01-08 04:06 - 000313344 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrd2x40.dll
2019-02-15 09:30 - 2019-01-08 04:06 - 000000072 _____ C:\windows\system32\edgehtmlpluginpolicy.bin
2019-02-12 20:05 - 2019-02-12 22:34 - 1643868808 _____ C:\Users\Káťa\Downloads\Sedm _ Se7en _ Seven 1995, EN - CZ tit.mkv
2019-02-11 11:20 - 2019-02-11 14:10 - 1870359732 _____ C:\Users\Káťa\Downloads\Muzikanti CZ film.avi
2019-02-10 19:58 - 2019-02-10 21:30 - 1016224028 _____ C:\Users\Káťa\Downloads\Smrt ve Tmě (2016,cz,dabing)ddd.avi
2019-02-10 14:09 - 2019-02-10 16:09 - 1329916984 _____ C:\Users\Káťa\Downloads\Lék na život (2017) - CZ dabing.avi
2019-02-09 12:04 - 2019-02-09 12:35 - 335146866 _____ C:\Users\Káťa\Downloads\A discovery of witches (Čas čarodějnic ) S01E03 CZ titulky.avi
2019-02-09 11:00 - 2019-02-09 11:21 - 235704262 _____ C:\Users\Káťa\Downloads\A discovery of witches (Čas čarodějnic ) S01E01 CZ titulky.avi
2019-02-09 09:23 - 2019-02-09 09:45 - 234604831 _____ C:\Users\Káťa\Downloads\A discovery of witches (Čas čarodějnic ) S01E02 CZ titulky.mkv
2019-02-04 08:45 - 2019-02-13 11:40 - 000000000 ____D C:\Users\Káťa\Desktop\absolventka
2019-02-04 08:28 - 2019-02-04 08:28 - 000000000 ____D C:\Users\Káťa\AppData\Local\DBG
2019-02-03 14:43 - 2019-02-01 18:10 - 1198452823 _____ C:\Users\Káťa\Downloads\Pustina.S01E03.mp4
2019-02-03 14:42 - 2019-02-03 14:42 - 000324006 _____ C:\Users\Káťa\Desktop\ceZF9_dkoyoxM6nQyoSHDe7Svv1CJsyJmP_73atlOhZOHbsgsF3OitvRRKRDzUME0.pdf
2019-02-03 13:39 - 2019-02-01 18:15 - 1103363742 _____ C:\Users\Káťa\Downloads\Pustina.S01E02.mp4
2019-02-01 23:00 - 2019-02-01 18:15 - 1178800870 _____ C:\Users\Káťa\Downloads\Pustina.S01E01.mp4
2019-01-28 18:56 - 2019-01-28 19:56 - 656020814 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E10 CZTit. (frpli).avi
2019-01-28 17:23 - 2019-01-28 17:55 - 577388656 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E09 CZTit. (frpli).avi
2019-01-27 13:10 - 2019-01-27 13:51 - 458447258 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E08 CZTit. (frpli).avi
2019-01-26 16:33 - 2019-01-26 17:01 - 487946678 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E07 CZtit V OBRAZE.avi
2019-01-26 15:18 - 2019-01-26 16:23 - 717253674 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E06 CZTit. (frpli).avi
2019-01-26 12:54 - 2019-01-26 13:58 - 710336856 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E05 CZTit. (frpli).avi
2019-01-26 09:28 - 2019-01-26 10:21 - 589389878 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E04 CZTit. (frpli).avi
2019-01-25 19:53 - 2019-01-25 20:50 - 622175922 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E03 CZTit. (frpli).avi
2019-01-23 21:08 - 2019-01-23 21:08 - 000045409 _____ C:\Users\Káťa\Downloads\The.Haunting.of.House.Hill.S01E02.Open.Casket.1080p.Webrip.X264.srt
2019-01-23 18:26 - 2019-01-23 18:44 - 2897973329 _____ C:\Users\Káťa\Downloads\The.Haunting.of.House.Hill.S01E02.Open.Casket.1080p.Webrip.X264.mkv
2019-01-23 18:08 - 2019-01-23 19:03 - 614572786 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E02 CZTit. (frpli).avi
2019-01-23 13:28 - 2019-01-23 13:29 - 000045463 _____ C:\Users\Káťa\Downloads\The.Haunting.of.Hill.House.S01E02.Open.Casket.720p.NF.WEB-DL.DDP5.1.x264-NTG.srt
2019-01-22 20:25 - 2019-01-22 21:23 - 642607658 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E01 CZTit. (frpli).avi
2019-01-21 10:12 - 2019-01-21 10:29 - 320751541 _____ C:\Users\Káťa\Downloads\Čarodějův učeň-anim.pohádka (Karel Zeman) 1977.mp4
2019-01-18 19:41 - 2019-01-18 20:49 - 1255254016 _____ C:\Users\Káťa\Downloads\Král Rybář _ The Fisher King 1991, CZ.avi
2019-01-17 17:39 - 2019-01-17 17:39 - 000000000 ____D C:\Users\Káťa\Documents\Vlastní šablony Office

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-16 15:33 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-16 15:19 - 2018-12-05 11:20 - 000000000 ____D C:\Users\Káťa\AppData\Roaming\vlc
2019-02-16 15:18 - 2018-04-28 07:06 - 000000000 ____D C:\windows\system32\SleepStudy
2019-02-16 14:18 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-16 14:18 - 2018-04-12 00:38 - 000000000 ____D C:\windows\AppReadiness
2019-02-16 00:36 - 2018-05-28 20:45 - 000744924 _____ C:\windows\system32\perfh005.dat
2019-02-16 00:36 - 2018-05-28 20:45 - 000159594 _____ C:\windows\system32\perfc005.dat
2019-02-16 00:36 - 2018-04-28 07:11 - 001826110 _____ C:\windows\system32\PerfStringBackup.INI
2019-02-16 00:36 - 2018-04-12 00:36 - 000000000 ____D C:\windows\INF
2019-02-15 17:47 - 2018-04-28 07:06 - 000411656 _____ C:\windows\system32\FNTCACHE.DAT
2019-02-15 17:46 - 2018-04-28 07:06 - 000000006 ____H C:\windows\Tasks\SA.DAT
2019-02-15 17:45 - 2018-10-06 22:38 - 000065536 _____ C:\windows\psp_storage.bin
2019-02-15 17:45 - 2018-04-11 22:04 - 000786432 _____ C:\windows\system32\config\BBI
2019-02-15 17:44 - 2018-04-12 00:38 - 000000000 ___SD C:\windows\SysWOW64\F12
2019-02-15 17:44 - 2018-04-12 00:38 - 000000000 ___SD C:\windows\system32\F12
2019-02-15 17:44 - 2018-04-12 00:38 - 000000000 ____D C:\windows\TextInput
2019-02-15 17:44 - 2018-04-12 00:38 - 000000000 ____D C:\windows\ShellExperiences
2019-02-15 17:44 - 2018-04-12 00:38 - 000000000 ____D C:\windows\bcastdvr
2019-02-15 17:44 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\Windows Defender
2019-02-15 17:35 - 2019-01-03 00:30 - 000000360 _____ C:\windows\Tasks\HPCeeScheduleForKáťa.job
2019-02-15 17:24 - 2018-04-12 00:30 - 000000000 ____D C:\windows\CbsTemp
2019-02-15 09:52 - 2018-12-10 11:30 - 000000000 ____D C:\windows\system32\MRT
2019-02-15 09:48 - 2018-12-10 11:29 - 129330784 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2019-02-15 09:33 - 2018-12-05 10:57 - 000004562 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2019-02-15 09:32 - 2018-12-05 10:56 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-15 08:37 - 2018-12-09 17:40 - 000000000 ____D C:\Program Files\rempl
2019-02-15 08:32 - 2018-12-05 10:58 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-15 08:32 - 2018-12-05 10:58 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-02-12 20:45 - 2019-01-03 00:30 - 000003248 _____ C:\windows\System32\Tasks\HPCeeScheduleForKáťa
2019-02-10 23:15 - 2018-12-05 10:39 - 000000000 ____D C:\Users\Káťa\AppData\Local\ClassicShell
2019-02-10 12:55 - 2018-12-05 12:20 - 000003376 _____ C:\windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1572241333-3680237035-3324955502-1001
2019-02-10 12:55 - 2018-12-05 11:08 - 000000000 ___RD C:\Users\Káťa\OneDrive
2019-02-10 12:55 - 2018-12-05 10:24 - 000002395 _____ C:\Users\Káťa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-08 08:43 - 2018-10-06 22:54 - 000000000 ____D C:\ProgramData\Packages
2019-02-04 09:44 - 2018-12-05 10:26 - 000000000 ____D C:\Users\Káťa\AppData\Local\Packages
2019-02-02 23:53 - 2018-12-10 22:10 - 000835480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2019-02-02 23:53 - 2018-12-10 22:10 - 000179600 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-25 09:27 - 2018-04-28 07:06 - 000000000 ____D C:\windows\system32\Drivers\wd
2019-01-17 17:43 - 2018-12-18 19:50 - 000000000 ____D C:\Users\Káťa\Desktop\škola VDA

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\dllhost.exe => File is digitally signed
C:\windows\SysWOW64\dllhost.exe => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-28 07:06

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.02.2019
Ran by Káťa (16-02-2019 15:42:59)
Running from C:\Users\Káťa\Desktop
Windows 10 Home Version 1803 17134.590 (X64) (2018-12-05 06:39:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1572241333-3680237035-3324955502-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1572241333-3680237035-3324955502-503 - Limited - Disabled)
Guest (S-1-5-21-1572241333-3680237035-3324955502-501 - Limited - Disabled)
Káťa (S-1-5-21-1572241333-3680237035-3324955502-1001 - Administrator - Enabled) => C:\Users\Káťa
WDAGUtilityAccount (S-1-5-21-1572241333-3680237035-3324955502-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.010.20091 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.7 - Advanced Micro Devices, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.109 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.11.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{cdb5f70f-5107-4613-bf69-15de903b5b5d}) (Version: 5.5.22560 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{3FC961DB-BD36-4D8D-B276-0C456A2BB638}) (Version: 1.4.0.441 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{F213102E-FD30-4E22-AF73-4C682D65FFEE}) (Version: 1.4.441.0 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}) (Version: 8.7.50.3 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{4E100CB6-9312-48BC-9DC0-4F4D5C338449}) (Version: 12.10.49.21 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{5D308D1F-E37B-431A-8D35-67D16287467D}) (Version: 1.4.28 - HP Inc.)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM-x32\...\{90150000-001F-0405-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM-x32\...\{90150000-001F-041B-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{12C2AEB0-ED60-4CCF-DD83-C65BC7CCFB50}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.88 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.16299.31241 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.25.119.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8544 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.113 - REALTEK Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.69 - Synaptics Incorporated)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => c:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-04-02] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\windows\system32\StartMenuHelper64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A26421A-81F2-44F9-ABFD-E6F4EBBACF4E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {0C541767-CA33-412E-BE46-83735AA2FD03} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe (HP Inc. -> HP Inc.)
Task: {1D58BF89-4020-4C2B-B7D8-CCEC133439DA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {1E02C25D-0BF6-4813-95FF-D815039C295C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe (HP Inc. -> HP Inc.)
Task: {32F248C4-13F1-4498-B51F-1CB1AEA4D1F0} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {385A03C1-8A15-4393-B355-142A942A1A7C} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe (HP Inc. -> HP Inc.)
Task: {3B420611-1738-48B4-A6CF-4553AFCB7835} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {3F2D0252-4A6E-454B-8670-62979774EBE5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)
Task: {4E77BE36-F990-42E7-9BC6-E6FAA0E0F075} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {4F83790B-F67A-4C0B-953B-363347C967DD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)
Task: {6CADA4BE-ABDB-4660-BD71-1A3EECB9B54D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe (HP Inc. -> HP Inc.)
Task: {78AD77C9-1415-4C8B-9764-3E719B8F8296} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {817815E2-4494-464D-8743-96DE7C3B73A5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {92215D30-CC59-43FE-8566-9E5C137346E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {9BE40D03-746A-4656-98EF-E825130CF003} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe (HP Inc. -> HP Inc.)
Task: {9FA008BA-4CEF-4AA2-990B-2AD99A14D667} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {A3F28181-003B-4BA9-9200-EDD1355E2A8D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe (HP Inc. -> HP Inc.)
Task: {B7DC6623-B320-47E5-9ECE-830E260632D4} - System32\Tasks\HPCeeScheduleForKáťa => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe (Hewlett-Packard Company -> HP Inc.)
Task: {D0C79140-3261-414E-88B1-1167AA092F51} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {DAAF64C4-A808-46C2-AF10-1CA09DEF0E4F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe (HP Inc. -> HP Inc.)
Task: {E30896C0-805E-464C-AD6B-8AD4AAB91177} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe (@ByELDI -> @ByELDI) [File not signed]
Task: {EC147115-1283-4C5C-9F57-5A299F51F55C} - System32\Tasks\StartCN => c:\Program Files\AMD\CNext\CNext\cncmd.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {ED2C073B-FD79-437F-8F15-A001686EA31D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\HPCeeScheduleForKáťa.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-12-05 12:39 - 2018-12-05 12:39 - 000016896 _____ () C:\Program Files\KMSpico\WinDivert.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\windows\SYSTEM32\inputhost.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-13 11:41 - 2018-11-09 03:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-02-15 09:30 - 2019-02-06 03:25 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-12-05 11:50 - 2018-12-05 11:54 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-02-15 08:36 - 2019-02-15 08:36 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2019-02-15 08:36 - 2019-02-15 08:36 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2017-12-15 20:17 - 2017-12-15 20:17 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2017-12-15 20:17 - 2017-12-15 20:17 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2019-02-15 08:31 - 2019-02-13 06:14 - 005186032 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libglesv2.dll
2019-02-15 08:31 - 2019-02-13 06:14 - 000117232 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libegl.dll
2019-01-31 17:48 - 2019-01-31 17:48 - 000481280 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2019-01-31 17:48 - 2019-01-31 17:48 - 080636416 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-12-05 11:45 - 2018-12-05 11:45 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2019-01-31 17:48 - 2019-01-31 17:48 - 003824640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2019-01-17 15:11 - 2019-01-17 15:12 - 000012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2019-01-31 17:48 - 2019-01-31 17:48 - 014225408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2019-01-31 17:48 - 2019-01-31 17:48 - 002871296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-12-05 11:45 - 2018-12-05 11:45 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-12-05 11:45 - 2018-12-05 11:45 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-01-31 17:48 - 2019-01-31 17:48 - 000146432 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\SKU.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 00:38 - 2018-04-12 00:36 - 000000824 _____ C:\windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.17.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CF466E2D-5369-4CB1-BF0C-027DBD5FF8BF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{ADCCCD04-44F2-49D6-870C-E9EA9C1B7C8B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9FED2B69-D117-4281-B4D1-C82BA139DDB7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8FDF0E60-58B7-4A4F-9922-AFFEBB966E19}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E1FDF6E5-D0A3-44CA-AE95-3F3FBBB73C52}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{037E051A-77A9-4AC6-A4AB-9FDA5F65E2EE}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{3184A31B-D753-4E51-AFB3-7742842E76D8}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe No File
FirewallRules: [{B1DDCA0E-3AA8-4239-B65C-30BDDF7CF882}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe No File
FirewallRules: [{49C9A7CE-E1B4-4D9A-BC9F-C55FAF193EBE}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe No File
FirewallRules: [{AEB21790-07D2-46A8-8836-877412845E3A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe No File
FirewallRules: [{9FC0DC78-C4E0-4572-AA3A-D4A3438573D3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.11126.20266.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5A82183B-9F3A-4B84-9C8D-3184CBF8539D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

26-01-2019 15:36:27 Naplánovaný kontrolní bod
03-02-2019 11:48:04 Naplánovaný kontrolní bod
08-02-2019 20:40:59 Instalační služba modulů systému Windows
15-02-2019 08:33:16 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/16/2019 03:18:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 25547

Error: (02/16/2019 03:18:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 25547

Error: (02/16/2019 03:18:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/16/2019 03:18:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1750

Error: (02/16/2019 03:18:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1750

Error: (02/16/2019 03:18:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/16/2019 12:20:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1969

Error: (02/16/2019 12:20:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1969


System errors:
=============
Error: (02/16/2019 09:54:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/15/2019 05:53:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscBrokerManager
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/15/2019 05:51:41 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-OJK0R611)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli LAPTOP-OJK0R611\Káťa (SID: S-1-5-21-1572241333-3680237035-3324955502-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/15/2019 05:51:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby HPWMISVC bylo dosaženo časového limitu (30000 ms).

Error: (02/15/2019 05:51:05 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-OJK0R611)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli LAPTOP-OJK0R611\Káťa (SID: S-1-5-21-1572241333-3680237035-3324955502-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/15/2019 05:48:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/15/2019 05:48:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/15/2019 05:48:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


Windows Defender:
===================================
Date: 2019-02-16 15:33:56.004
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {43C2959C-00B0-4C37-BDD2-D90BEC3DA809}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-02-16 15:18:52.755
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {5B865FA9-4A79-41D1-8E20-7254B1676DE8}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-02-15 17:57:47.748
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win64/AutoKMS
ID: 2147723334
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Windows\SECOH-QAD.dll; file:_C:\Windows\Temp\SECOH-QAD.dll; file:_C:\Windows\Temp\SECOH-QAD.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\KMSpico\Service_KMS.exe
Verze podpisu: AV: 1.287.13.0, AS: 1.287.13.0, NIS: 1.287.13.0
Verze modulu: AM: 1.1.15700.8, NIS: 1.1.15700.8

Date: 2019-02-15 17:57:47.512
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win64/AutoKMS
ID: 2147723334
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Windows\SECOH-QAD.dll; file:_C:\Windows\Temp\SECOH-QAD.dll
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\KMSpico\Service_KMS.exe
Verze podpisu: AV: 1.287.13.0, AS: 1.287.13.0, NIS: 1.287.13.0
Verze modulu: AM: 1.1.15700.8, NIS: 1.1.15700.8

Date: 2019-02-15 17:57:47.158
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win64/AutoKMS
ID: 2147723334
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Windows\SECOH-QAD.dll
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\KMSpico\Service_KMS.exe
Verze podpisu: AV: 1.287.13.0, AS: 1.287.13.0, NIS: 1.287.13.0
Verze modulu: AM: 1.1.15700.8, NIS: 1.1.15700.8

Date: 2019-02-15 08:45:50.173
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.285.1418.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15700.8
Kód chyby: 0x80240016
Popis chyby :Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

CodeIntegrity:
===================================

Date: 2019-02-16 15:29:11.304
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-16 15:29:11.302
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-16 15:16:44.980
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-16 15:16:44.978
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-16 15:16:38.693
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-16 15:16:38.689
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-16 14:59:11.181
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-16 14:59:11.178
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: AMD E2-9000e RADEON R2, 4 COMPUTE CORES 2C+2G
Percentage of memory in use: 77%
Total physical RAM: 3981.68 MB
Available physical RAM: 886.96 MB
Total Virtual: 4941.68 MB
Available Virtual: 1387.29 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:450.58 GB) (Free:343.47 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:13.94 GB) (Free:1.67 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{302fff6d-74bb-469d-b2db-218953e3b4aa}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.53 GB) NTFS
\\?\Volume{38e2630b-f6b3-4766-b35b-d14e13d18c8b}\ () (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 7BC58E7F)

Partition: GPT.

==================== End of Addition.txt ============================


Nahoru
 Profil  
Odpovědět s citací  
 Předmět příspěvku: Re: Preventivní kontrola
PříspěvekNapsal: 16 úno 2019 17:19 
Offline
Rádce
Rádce
Uživatelský avatar

Registrován: 27 dub 2008 10:34
Příspěvky: 1739
Dobry den.

:arrow: Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.

_________________
¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky


Nahoru
 Profil  
Odpovědět s citací  
 Předmět příspěvku: Re: Preventivní kontrola
PříspěvekNapsal: 17 úno 2019 18:17 
Offline
Návštěvník
Návštěvník

Registrován: 05 pro 2006 19:17
Příspěvky: 76
# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-02-15.6 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-17-2019
# Duration: 00:00:24
# OS: Windows 10 Home
# Scanned: 31826
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [1250 octets] - [17/02/2019 18:04:39]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########


Nahoru
 Profil  
Odpovědět s citací  
 Předmět příspěvku: Re: Preventivní kontrola
PříspěvekNapsal: 17 úno 2019 18:40 
Offline
Rádce
Rádce
Uživatelský avatar

Registrován: 27 dub 2008 10:34
Příspěvky: 1739
Preskenujte pocitac s FRST - navod tu: https://forum.viry.cz/viewtopic.php?f=24&t=132509, skopirujte FRST.log + Addition log sem.

_________________
¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky


Nahoru
 Profil  
Odpovědět s citací  
 Předmět příspěvku: Re: Preventivní kontrola
PříspěvekNapsal: 23 úno 2019 11:50 
Offline
Návštěvník
Návštěvník

Registrován: 05 pro 2006 19:17
Příspěvky: 76
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.02.2019 02
Ran by Káťa (administrator) on LAPTOP-OJK0R611 (23-02-2019 11:35:41)
Running from C:\Users\Káťa\Desktop
Loaded Profiles: Káťa (Available Profiles: Káťa)
Platform: Windows 10 Home Version 1803 17134.590 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\DriverStore\FileRepository\c0328133.inf_amd64_4186281ba390473e\B325971\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Realtek) C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\NisSrv.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9279328 2018-09-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4436520 2018-04-19] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2018-07-15] (Ivaylo Beltchev -> IvoSoft)
HKLM-x32...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [709152 2018-03-22] (HP Inc. -> HP Inc.)
HKLM-x32...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [2097600 2018-02-23] (Realtek Semiconductor Corp. -> Realtek)
HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\...\MountPoints2: {9cd68dad-fcbf-11e8-9487-d0c5d37d1a7c} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\...\MountPoints2: {9cd69005-fcbf-11e8-9487-d0c5d37d1a7c} - "F:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\Installer\chrmstp.exe [2019-02-15] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.119\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.17.1
Tcpip\..\Interfaces\{1dfb0327-3149-4dec-9e13-f578932cebd6}: [DhcpNameServer] 192.168.17.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {D364EFC1-7D57-4C49-8A57-6EB68479FE78} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {D364EFC1-7D57-4C49-8A57-6EB68479FE78} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1572241333-3680237035-3324955502-1001 -> {D364EFC1-7D57-4C49-8A57-6EB68479FE78} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-09-27] (HP Inc. -> HP Inc.)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-09-27] (HP Inc. -> HP Inc.)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)

FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-02-01] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default [2019-02-23]
CHR Extension: (Prezentace) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-05]
CHR Extension: (Dokumenty) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-05]
CHR Extension: (Disk Google) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-05]
CHR Extension: (YouTube) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-05]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-01-30]
CHR Extension: (Adobe Acrobat) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-12-05]
CHR Extension: (Tabulky) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-12-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-05]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-05]
CHR Extension: (Gmail) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-12-05]
CHR Extension: (Chrome Media Router) - C:\Users\Káťa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-17]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\windows\System32\DriverStore\FileRepository\c0328133.inf_amd64_4186281ba390473e\B325971\atiesrxx.exe [489832 2018-05-08] (Advanced Micro Devices, Inc. -> AMD)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [679400 2018-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1322632 2017-12-13] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [477184 2017-10-06] (HP Inc. -> HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [268128 2018-09-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-11] (@ByELDI -> @ByELDI) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [351784 2018-04-19] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-02-23] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-02-23] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\windows\System32\drivers\AmdAS4.sys [26984 2018-05-08] (Advanced Micro Devices Inc. -> Advanced Micro Devices, INC.)
R3 amdkmdag; C:\windows\System32\DriverStore\FileRepository\c0328133.inf_amd64_4186281ba390473e\B325971\atikmdag.sys [40413544 2018-05-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\windows\System32\DriverStore\FileRepository\c0328133.inf_amd64_4186281ba390473e\B325971\atikmpag.sys [553832 2018-05-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\windows\System32\drivers\amdpsp.sys [145792 2018-05-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\windows\system32\drivers\AtihdWT6.sys [111112 2018-05-08] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 rt640x64; C:\windows\System32\drivers\rt640x64.sys [1026896 2018-04-13] (Realtek Semiconductor Corp. -> Realtek )
R3 RtkBtFilter; C:\windows\system32\DRIVERS\RtkBtfilter.sys [784264 2018-05-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
S3 RTSUER; C:\windows\system32\Drivers\RtsUer.sys [424384 2018-03-28] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 RTWlanE; C:\windows\System32\drivers\rtwlane.sys [7904088 2018-04-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
R3 SmbDrv; C:\windows\system32\DRIVERS\Smb_driver_AMDASF.sys [45096 2018-04-19] (Synaptics Incorporated -> Synaptics Incorporated)
S3 SmbDrvI; C:\windows\System32\drivers\Smb_driver_Intel.sys [46632 2018-04-19] (Synaptics Incorporated -> Synaptics Incorporated)
S0 WdBoot; C:\windows\System32\drivers\wd\WdBoot.sys [46472 2019-02-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\windows\System32\drivers\wd\WdFilter.sys [333792 2019-02-23] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [62432 2019-02-23] (Microsoft Windows -> Microsoft Corporation)
U4 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2018-12-05] (Nemea Mjukvaruutveckling AB -> Basil Projects)
R3 WirelessButtonDriver64; C:\windows\System32\drivers\WirelessButtonDriver64.sys [35568 2018-08-31] (HP Inc. -> HP)
S3 H2OFFT; \SystemRoot\System32\drivers\H2OFFT64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-21 18:12 - 2019-02-21 18:12 - 000000772 _____ C:\Users\Káťa\Desktop\škola VDA – zástupce.lnk
2019-02-21 17:27 - 2019-02-23 11:35 - 000000000 ____D C:\Users\Káťa\Desktop\FRST-OlderVersion
2019-02-17 18:52 - 2019-02-17 20:33 - 1111003014 _____ C:\Users\Káťa\Downloads\Zootropolis-Město zvířat (2016) CZ-dabing TOP.avi
2019-02-17 18:36 - 2019-02-17 18:37 - 000228728 _____ C:\Users\Káťa\Documents\cc_20190217_183650.reg
2019-02-17 18:31 - 2019-02-17 18:31 - 000003936 _____ C:\windows\System32\Tasks\CCleaner Update
2019-02-17 18:31 - 2019-02-17 18:31 - 000002886 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2019-02-17 18:31 - 2019-02-17 18:31 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-02-17 18:31 - 2019-02-17 18:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-02-17 18:31 - 2019-02-17 18:31 - 000000000 ____D C:\Program Files\CCleaner
2019-02-17 18:28 - 2019-02-17 18:29 - 019341880 _____ (Piriform Software Ltd) C:\Users\Káťa\Downloads\ccsetup552.exe
2019-02-17 18:03 - 2019-02-17 18:04 - 000000000 ____D C:\AdwCleaner
2019-02-17 16:21 - 2019-02-17 16:22 - 007316688 _____ (Malwarebytes) C:\Users\Káťa\Desktop\adwcleaner_7.2.7.0.exe
2019-02-16 15:42 - 2019-02-21 17:31 - 000033506 _____ C:\Users\Káťa\Desktop\Addition.txt
2019-02-16 15:40 - 2019-02-23 11:37 - 000017058 _____ C:\Users\Káťa\Desktop\FRST.txt
2019-02-16 15:38 - 2019-02-23 11:35 - 000000000 ____D C:\FRST
2019-02-16 15:36 - 2019-02-23 11:35 - 002435072 _____ (Farbar) C:\Users\Káťa\Desktop\FRST64.exe
2019-02-16 15:20 - 2019-02-16 15:52 - 350700300 _____ C:\Users\Káťa\Downloads\A Discovery of Witches S01E04 CZtit V OBRAZE.avi
2019-02-15 09:31 - 2019-02-06 08:54 - 004527584 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe
2019-02-15 09:31 - 2019-02-06 08:32 - 003648512 _____ (Microsoft Corporation) C:\windows\system32\win32kfull.sys
2019-02-15 09:31 - 2019-02-06 08:30 - 004052992 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2019-02-15 09:31 - 2019-02-06 04:01 - 001221432 _____ (Microsoft Corporation) C:\windows\system32\hvix64.exe
2019-02-15 09:31 - 2019-02-06 04:01 - 001029944 _____ (Microsoft Corporation) C:\windows\system32\hvax64.exe
2019-02-15 09:31 - 2019-02-06 04:00 - 009084432 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2019-02-15 09:31 - 2019-02-06 04:00 - 007520112 _____ (Microsoft Corporation) C:\windows\system32\Windows.Media.Protection.PlayReady.dll
2019-02-15 09:31 - 2019-02-06 04:00 - 006572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-15 09:31 - 2019-02-06 04:00 - 002421264 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2019-02-15 09:31 - 2019-02-06 03:41 - 025853952 _____ (Microsoft Corporation) C:\windows\system32\edgehtml.dll
2019-02-15 09:31 - 2019-02-06 03:33 - 022714880 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2019-02-15 09:31 - 2019-02-06 03:29 - 004865536 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2019-02-15 09:31 - 2019-02-06 03:27 - 000894464 _____ (Microsoft Corporation) C:\windows\system32\webplatstorageserver.dll
2019-02-15 09:31 - 2019-02-06 03:27 - 000808448 _____ (Microsoft Corporation) C:\windows\system32\EdgeManager.dll
2019-02-15 09:31 - 2019-02-06 03:26 - 007599616 _____ (Microsoft Corporation) C:\windows\system32\Chakra.dll
2019-02-15 09:31 - 2019-02-06 03:26 - 000726528 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2019-02-15 09:31 - 2019-02-06 03:26 - 000154112 _____ (Microsoft Corporation) C:\windows\system32\Chakradiag.dll
2019-02-15 09:31 - 2019-02-06 03:24 - 004937728 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2019-02-15 09:31 - 2019-02-06 03:22 - 000960512 _____ (Microsoft Corporation) C:\windows\system32\StorSvc.dll
2019-02-15 09:31 - 2019-01-09 18:41 - 012730368 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2019-02-15 09:31 - 2019-01-09 18:40 - 000171520 _____ (Microsoft Corporation) C:\windows\system32\itss.dll
2019-02-15 09:31 - 2019-01-09 06:42 - 001035232 _____ (Microsoft Corporation) C:\windows\system32\ApplyTrustOffline.exe
2019-02-15 09:31 - 2019-01-09 06:39 - 007436016 _____ (Microsoft Corporation) C:\windows\system32\windows.storage.dll
2019-02-15 09:31 - 2019-01-09 06:39 - 000789696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2019-02-15 09:31 - 2019-01-09 06:29 - 008188928 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2019-02-15 09:31 - 2019-01-09 06:27 - 004710912 _____ (Microsoft Corporation) C:\windows\system32\cdp.dll
2019-02-15 09:31 - 2019-01-09 06:27 - 004384256 _____ (Microsoft Corporation) C:\windows\system32\EdgeContent.dll
2019-02-15 09:31 - 2019-01-09 06:26 - 003396608 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentServer.dll
2019-02-15 09:31 - 2019-01-09 06:23 - 002368000 _____ (Microsoft Corporation) C:\windows\system32\WebRuntimeManager.dll
2019-02-15 09:31 - 2019-01-09 06:22 - 001551360 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentExtensions.desktop.dll
2019-02-15 09:31 - 2019-01-09 06:22 - 000624640 _____ (Microsoft Corporation) C:\windows\system32\PsmServiceExtHost.dll
2019-02-15 09:31 - 2019-01-09 06:21 - 002173440 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentExtensions.onecore.dll
2019-02-15 09:30 - 2019-02-06 08:53 - 001634704 _____ (Microsoft Corporation) C:\windows\system32\gdi32full.dll
2019-02-15 09:30 - 2019-02-06 08:35 - 000058368 _____ (Microsoft Corporation) C:\windows\system32\mf3216.dll
2019-02-15 09:30 - 2019-02-06 08:30 - 001662464 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2019-02-15 09:30 - 2019-02-06 08:30 - 001364992 _____ (Microsoft Corporation) C:\windows\system32\bcastdvruserservice.dll
2019-02-15 09:30 - 2019-02-06 08:11 - 001454648 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32full.dll
2019-02-15 09:30 - 2019-02-06 07:57 - 000044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf3216.dll
2019-02-15 09:30 - 2019-02-06 07:52 - 004053504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2019-02-15 09:30 - 2019-02-06 07:52 - 002891776 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32kfull.sys
2019-02-15 09:30 - 2019-02-06 07:52 - 001470976 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2019-02-15 09:30 - 2019-02-06 04:01 - 001989040 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2019-02-15 09:30 - 2019-02-06 04:01 - 000720480 _____ (Microsoft Corporation) C:\windows\SysWOW64\winhttp.dll
2019-02-15 09:30 - 2019-02-06 04:01 - 000566568 _____ (Microsoft Corporation) C:\windows\system32\tcblaunch.exe
2019-02-15 09:30 - 2019-02-06 04:01 - 000134968 _____ (Microsoft Corporation) C:\windows\system32\hvloader.dll
2019-02-15 09:30 - 2019-02-06 04:01 - 000076088 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hvservice.sys
2019-02-15 09:30 - 2019-02-06 04:01 - 000033576 _____ (Microsoft Corporation) C:\windows\SysWOW64\NtlmShared.dll
2019-02-15 09:30 - 2019-02-06 04:00 - 002719760 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2019-02-15 09:30 - 2019-02-06 04:00 - 002465792 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2019-02-15 09:30 - 2019-02-06 04:00 - 001257904 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2019-02-15 09:30 - 2019-02-06 04:00 - 001140680 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2019-02-15 09:30 - 2019-02-06 04:00 - 001130568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvproc.dll
2019-02-15 09:30 - 2019-02-06 04:00 - 001098272 _____ (Microsoft Corporation) C:\windows\system32\msvproc.dll
2019-02-15 09:30 - 2019-02-06 04:00 - 000945680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\refsv1.sys
2019-02-15 09:30 - 2019-02-06 04:00 - 000899728 _____ (Microsoft Corporation) C:\windows\system32\winhttp.dll
2019-02-15 09:30 - 2019-02-06 04:00 - 000466960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2019-02-15 09:30 - 2019-02-06 04:00 - 000376120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fastfat.sys
2019-02-15 09:30 - 2019-02-06 04:00 - 000043536 _____ (Microsoft Corporation) C:\windows\system32\browser_broker.exe
2019-02-15 09:30 - 2019-02-06 04:00 - 000038792 _____ (Microsoft Corporation) C:\windows\system32\NtlmShared.dll
2019-02-15 09:30 - 2019-02-06 03:59 - 001922064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\refs.sys
2019-02-15 09:30 - 2019-02-06 03:59 - 001457248 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2019-02-15 09:30 - 2019-02-06 03:59 - 000983128 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2019-02-15 09:30 - 2019-02-06 03:59 - 000144288 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2019-02-15 09:30 - 2019-02-06 03:52 - 022014464 _____ (Microsoft Corporation) C:\windows\SysWOW64\edgehtml.dll
2019-02-15 09:30 - 2019-02-06 03:45 - 019404288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2019-02-15 09:30 - 2019-02-06 03:42 - 003711488 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2019-02-15 09:30 - 2019-02-06 03:41 - 005307392 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2019-02-15 09:30 - 2019-02-06 03:40 - 005792256 _____ (Microsoft Corporation) C:\windows\SysWOW64\Chakra.dll
2019-02-15 09:30 - 2019-02-06 03:40 - 000021504 _____ (Microsoft Corporation) C:\windows\SysWOW64\npmproxy.dll
2019-02-15 09:30 - 2019-02-06 03:38 - 000608768 _____ (Microsoft Corporation) C:\windows\SysWOW64\EdgeManager.dll
2019-02-15 09:30 - 2019-02-06 03:38 - 000561152 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2019-02-15 09:30 - 2019-02-06 03:37 - 004515840 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2019-02-15 09:30 - 2019-02-06 03:37 - 000578560 _____ (Microsoft Corporation) C:\windows\SysWOW64\webplatstorageserver.dll
2019-02-15 09:30 - 2019-02-06 03:28 - 000046080 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2019-02-15 09:30 - 2019-02-06 03:28 - 000039936 _____ (Microsoft Corporation) C:\windows\system32\npmproxy.dll
2019-02-15 09:30 - 2019-02-06 03:27 - 000358912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\exfat.sys
2019-02-15 09:30 - 2019-02-06 03:27 - 000266752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2019-02-15 09:30 - 2019-02-06 03:26 - 000324608 _____ (Microsoft Corporation) C:\windows\system32\Drivers\udfs.sys
2019-02-15 09:30 - 2019-02-06 03:26 - 000174592 _____ (Microsoft Corporation) C:\windows\system32\wuuhosdeployment.dll
2019-02-15 09:30 - 2019-02-06 03:25 - 000736256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2019-02-15 09:30 - 2019-02-06 03:25 - 000507392 _____ (Microsoft Corporation) C:\windows\system32\netprofmsvc.dll
2019-02-15 09:30 - 2019-02-06 03:24 - 000466432 _____ (Microsoft Corporation) C:\windows\system32\wuuhext.dll
2019-02-15 09:30 - 2019-02-06 03:23 - 000393216 _____ (Microsoft Corporation) C:\windows\system32\WpAXHolder.dll
2019-02-15 09:30 - 2019-02-06 03:22 - 000885760 _____ (Microsoft Corporation) C:\windows\system32\MPSSVC.dll
2019-02-15 09:30 - 2019-02-06 03:21 - 000093696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cdfs.sys
2019-02-15 09:30 - 2019-02-06 02:04 - 000001314 _____ C:\windows\system32\tcbres.wim
2019-02-15 09:30 - 2019-01-12 09:56 - 001008640 _____ (Microsoft Corporation) C:\windows\system32\Windows.Media.MixedRealityCapture.dll
2019-02-15 09:30 - 2019-01-12 03:28 - 000352768 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrd3x40.dll
2019-02-15 09:30 - 2019-01-09 19:08 - 000309560 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2019-02-15 09:30 - 2019-01-09 18:57 - 000720536 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2019-02-15 09:30 - 2019-01-09 18:42 - 004716032 _____ (Microsoft Corporation) C:\windows\system32\twinui.pcshell.dll
2019-02-15 09:30 - 2019-01-09 18:41 - 000064000 _____ (Microsoft Corporation) C:\windows\system32\iemigplugin.dll
2019-02-15 09:30 - 2019-01-09 18:36 - 001054720 _____ (Microsoft Corporation) C:\windows\HelpPane.exe
2019-02-15 09:30 - 2019-01-09 18:35 - 002919936 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Logon.dll
2019-02-15 09:30 - 2019-01-09 11:14 - 000607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2019-02-15 09:30 - 2019-01-09 10:55 - 011919872 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2019-02-15 09:30 - 2019-01-09 10:55 - 000150016 _____ (Microsoft Corporation) C:\windows\SysWOW64\itss.dll
2019-02-15 09:30 - 2019-01-09 09:55 - 001285432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2019-02-15 09:30 - 2019-01-09 09:48 - 000527368 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
2019-02-15 09:30 - 2019-01-09 06:59 - 000611848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2019-02-15 09:30 - 2019-01-09 06:44 - 000078688 _____ (Microsoft Corporation) C:\windows\SysWOW64\wldp.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 006043496 _____ (Microsoft Corporation) C:\windows\SysWOW64\windows.storage.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 004789944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 002253480 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 001981280 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 001620264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 000607376 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 000581592 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSVideoDSP.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 000287640 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 000129088 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 000127744 _____ (Microsoft Corporation) C:\windows\SysWOW64\rmclient.dll
2019-02-15 09:30 - 2019-01-09 06:43 - 000071456 _____ (Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
2019-02-15 09:30 - 2019-01-09 06:42 - 000092704 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bindflt.sys
2019-02-15 09:30 - 2019-01-09 06:40 - 002765336 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2019-02-15 09:30 - 2019-01-09 06:40 - 001063224 _____ (Microsoft Corporation) C:\windows\system32\SecConfig.efi
2019-02-15 09:30 - 2019-01-09 06:40 - 000432952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys
2019-02-15 09:30 - 2019-01-09 06:40 - 000226104 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2019-02-15 09:30 - 2019-01-09 06:40 - 000090872 _____ (Microsoft Corporation) C:\windows\system32\wldp.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 004404720 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 002571632 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 001943128 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 000713264 _____ (Microsoft Corporation) C:\windows\system32\MSVideoDSP.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 000349656 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 000269624 _____ (Microsoft Corporation) C:\windows\system32\browserbroker.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 000260800 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 000175416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spacedump.sys
2019-02-15 09:30 - 2019-01-09 06:39 - 000164192 _____ (Microsoft Corporation) C:\windows\system32\rmclient.dll
2019-02-15 09:30 - 2019-01-09 06:39 - 000085472 _____ (Microsoft Corporation) C:\windows\system32\svchost.exe
2019-02-15 09:30 - 2019-01-09 06:33 - 016597504 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2019-02-15 09:30 - 2019-01-09 06:32 - 013878272 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2019-02-15 09:30 - 2019-01-09 06:29 - 002500096 _____ (Microsoft Corporation) C:\windows\system32\smartscreen.exe
2019-02-15 09:30 - 2019-01-09 06:27 - 001587712 _____ (Microsoft Corporation) C:\windows\system32\Windows.Globalization.dll
2019-02-15 09:30 - 2019-01-09 06:26 - 006661632 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2019-02-15 09:30 - 2019-01-09 06:26 - 002966016 _____ (Microsoft Corporation) C:\windows\SysWOW64\cdp.dll
2019-02-15 09:30 - 2019-01-09 06:25 - 000161792 _____ (Microsoft Corporation) C:\windows\system32\spacebridge.dll
2019-02-15 09:30 - 2019-01-09 06:24 - 000209408 _____ (Microsoft Corporation) C:\windows\system32\AppXApplicabilityBlob.dll
2019-02-15 09:30 - 2019-01-09 06:24 - 000174080 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-15 09:30 - 2019-01-09 06:24 - 000157184 _____ (Microsoft Corporation) C:\windows\SysWOW64\spacebridge.dll
2019-02-15 09:30 - 2019-01-09 06:23 - 001708544 _____ (Microsoft Corporation) C:\windows\system32\MSPhotography.dll
2019-02-15 09:30 - 2019-01-09 06:23 - 001361408 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSPhotography.dll
2019-02-15 09:30 - 2019-01-09 06:23 - 001189888 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Globalization.dll
2019-02-15 09:30 - 2019-01-09 06:23 - 000898560 _____ (Microsoft Corporation) C:\windows\system32\MusUpdateHandlers.dll
2019-02-15 09:30 - 2019-01-09 06:23 - 000145920 _____ (Microsoft Corporation) C:\windows\system32\srpapi.dll
2019-02-15 09:30 - 2019-01-09 06:23 - 000100864 _____ (Microsoft Corporation) C:\windows\system32\CapabilityAccessManagerClient.dll
2019-02-15 09:30 - 2019-01-09 06:23 - 000067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-15 09:30 - 2019-01-09 06:22 - 001395200 _____ (Microsoft Corporation) C:\windows\system32\TokenBroker.dll
2019-02-15 09:30 - 2019-01-09 06:22 - 000392704 _____ (Microsoft Corporation) C:\windows\system32\WaaSMedicSvc.dll
2019-02-15 09:30 - 2019-01-09 06:22 - 000333824 _____ (Microsoft Corporation) C:\windows\SysWOW64\edgeIso.dll
2019-02-15 09:30 - 2019-01-09 06:22 - 000266752 _____ (Microsoft Corporation) C:\windows\system32\CapabilityAccessManager.dll
2019-02-15 09:30 - 2019-01-09 06:22 - 000138752 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-15 09:30 - 2019-01-09 06:22 - 000126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\srpapi.dll
2019-02-15 09:30 - 2019-01-09 06:21 - 000197632 _____ (Microsoft Corporation) C:\windows\system32\smartscreenps.dll
2019-02-15 09:30 - 2019-01-09 06:21 - 000106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-15 09:30 - 2019-01-09 06:20 - 001000448 _____ (Microsoft Corporation) C:\windows\SysWOW64\TokenBroker.dll
2019-02-15 09:30 - 2019-01-09 06:20 - 000916480 _____ (Microsoft Corporation) C:\windows\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-15 09:30 - 2019-01-09 06:20 - 000607232 _____ (Microsoft Corporation) C:\windows\system32\updatehandlers.dll
2019-02-15 09:30 - 2019-01-09 06:20 - 000135680 _____ (Microsoft Corporation) C:\windows\SysWOW64\smartscreenps.dll
2019-02-15 09:30 - 2019-01-09 06:19 - 000678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-15 09:30 - 2019-01-09 06:19 - 000507392 _____ (Microsoft Corporation) C:\windows\system32\edgeIso.dll
2019-02-15 09:30 - 2019-01-09 06:19 - 000316928 _____ (Microsoft Corporation) C:\windows\system32\GlobCollationHost.dll
2019-02-15 09:30 - 2019-01-09 06:19 - 000251904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msIso.dll
2019-02-15 09:30 - 2019-01-09 06:18 - 000195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\GlobCollationHost.dll
2019-02-15 09:30 - 2019-01-09 05:34 - 000806320 _____ C:\windows\SysWOW64\locale.nls
2019-02-15 09:30 - 2019-01-09 05:34 - 000806320 _____ C:\windows\system32\locale.nls
2019-02-15 09:30 - 2019-01-08 10:08 - 000868864 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-15 09:30 - 2019-01-08 04:06 - 001311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msjet40.dll
2019-02-15 09:30 - 2019-01-08 04:06 - 000313344 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrd2x40.dll
2019-02-15 09:30 - 2019-01-08 04:06 - 000000072 _____ C:\windows\system32\edgehtmlpluginpolicy.bin
2019-02-12 20:05 - 2019-02-12 22:34 - 1643868808 _____ C:\Users\Káťa\Downloads\Sedm _ Se7en _ Seven 1995, EN - CZ tit.mkv
2019-02-11 11:20 - 2019-02-11 14:10 - 1870359732 _____ C:\Users\Káťa\Downloads\Muzikanti CZ film.avi
2019-02-10 19:58 - 2019-02-10 21:30 - 1016224028 _____ C:\Users\Káťa\Downloads\Smrt ve Tmě (2016,cz,dabing)ddd.avi
2019-02-10 14:09 - 2019-02-10 16:09 - 1329916984 _____ C:\Users\Káťa\Downloads\Lék na život (2017) - CZ dabing.avi
2019-02-09 12:04 - 2019-02-09 12:35 - 335146866 _____ C:\Users\Káťa\Downloads\A discovery of witches (Čas čarodějnic ) S01E03 CZ titulky.avi
2019-02-09 11:00 - 2019-02-09 11:21 - 235704262 _____ C:\Users\Káťa\Downloads\A discovery of witches (Čas čarodějnic ) S01E01 CZ titulky.avi
2019-02-09 09:23 - 2019-02-09 09:45 - 234604831 _____ C:\Users\Káťa\Downloads\A discovery of witches (Čas čarodějnic ) S01E02 CZ titulky.mkv
2019-02-04 08:45 - 2019-02-19 22:10 - 000000000 ____D C:\Users\Káťa\Desktop\absolventka
2019-02-04 08:28 - 2019-02-04 08:28 - 000000000 ____D C:\Users\Káťa\AppData\Local\DBG
2019-02-03 14:43 - 2019-02-01 18:10 - 1198452823 _____ C:\Users\Káťa\Downloads\Pustina.S01E03.mp4
2019-02-03 13:39 - 2019-02-01 18:15 - 1103363742 _____ C:\Users\Káťa\Downloads\Pustina.S01E02.mp4
2019-02-01 23:00 - 2019-02-01 18:15 - 1178800870 _____ C:\Users\Káťa\Downloads\Pustina.S01E01.mp4
2019-01-28 18:56 - 2019-01-28 19:56 - 656020814 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E10 CZTit. (frpli).avi
2019-01-28 17:23 - 2019-01-28 17:55 - 577388656 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E09 CZTit. (frpli).avi
2019-01-27 13:10 - 2019-01-27 13:51 - 458447258 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E08 CZTit. (frpli).avi
2019-01-26 16:33 - 2019-01-26 17:01 - 487946678 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E07 CZtit V OBRAZE.avi
2019-01-26 15:18 - 2019-01-26 16:23 - 717253674 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E06 CZTit. (frpli).avi
2019-01-26 12:54 - 2019-01-26 13:58 - 710336856 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E05 CZTit. (frpli).avi
2019-01-26 09:28 - 2019-01-26 10:21 - 589389878 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E04 CZTit. (frpli).avi
2019-01-25 19:53 - 2019-01-25 20:50 - 622175922 _____ C:\Users\Káťa\Downloads\The Haunting of Hill House S01E03 CZTit. (frpli).avi

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-23 11:34 - 2018-04-28 07:06 - 000000000 ____D C:\windows\system32\SleepStudy
2019-02-23 11:34 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-23 10:18 - 2018-04-28 07:06 - 000000000 ____D C:\windows\system32\Drivers\wd
2019-02-23 10:12 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-23 10:12 - 2018-04-12 00:38 - 000000000 ____D C:\windows\AppReadiness
2019-02-21 18:12 - 2018-12-05 10:39 - 000000000 ____D C:\Users\Káťa\AppData\Local\ClassicShell
2019-02-21 17:54 - 2019-01-03 00:30 - 000003248 _____ C:\windows\System32\Tasks\HPCeeScheduleForKáťa
2019-02-21 17:54 - 2019-01-03 00:30 - 000000360 _____ C:\windows\Tasks\HPCeeScheduleForKáťa.job
2019-02-21 14:26 - 2018-12-05 10:56 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-21 11:10 - 2018-04-12 00:36 - 000000000 ____D C:\windows\INF
2019-02-18 12:17 - 2018-12-18 19:50 - 000000000 ____D C:\škola VDA
2019-02-18 11:12 - 2018-12-05 11:20 - 000000000 ____D C:\Users\Káťa\AppData\Roaming\vlc
2019-02-17 18:33 - 2018-04-28 08:02 - 000000000 ____D C:\windows\Panther
2019-02-17 18:33 - 2018-04-12 00:38 - 000000000 ____D C:\windows\LiveKernelReports
2019-02-16 00:36 - 2018-05-28 20:45 - 000744924 _____ C:\windows\system32\perfh005.dat
2019-02-16 00:36 - 2018-05-28 20:45 - 000159594 _____ C:\windows\system32\perfc005.dat
2019-02-16 00:36 - 2018-04-28 07:11 - 001826110 _____ C:\windows\system32\PerfStringBackup.INI
2019-02-15 17:47 - 2018-04-28 07:06 - 000411656 _____ C:\windows\system32\FNTCACHE.DAT
2019-02-15 17:46 - 2018-04-28 07:06 - 000000006 ____H C:\windows\Tasks\SA.DAT
2019-02-15 17:45 - 2018-10-06 22:38 - 000065536 _____ C:\windows\psp_storage.bin
2019-02-15 17:45 - 2018-04-11 22:04 - 000786432 _____ C:\windows\system32\config\BBI
2019-02-15 17:44 - 2018-04-12 00:38 - 000000000 ___SD C:\windows\SysWOW64\F12
2019-02-15 17:44 - 2018-04-12 00:38 - 000000000 ___SD C:\windows\system32\F12
2019-02-15 17:44 - 2018-04-12 00:38 - 000000000 ____D C:\windows\TextInput
2019-02-15 17:44 - 2018-04-12 00:38 - 000000000 ____D C:\windows\ShellExperiences
2019-02-15 17:44 - 2018-04-12 00:38 - 000000000 ____D C:\windows\bcastdvr
2019-02-15 17:44 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\Windows Defender
2019-02-15 17:24 - 2018-04-12 00:30 - 000000000 ____D C:\windows\CbsTemp
2019-02-15 09:52 - 2018-12-10 11:30 - 000000000 ____D C:\windows\system32\MRT
2019-02-15 09:48 - 2018-12-10 11:29 - 129330784 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2019-02-15 09:33 - 2018-12-05 10:57 - 000004562 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2019-02-15 08:37 - 2018-12-09 17:40 - 000000000 ____D C:\Program Files\rempl
2019-02-15 08:32 - 2018-12-05 10:58 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-15 08:32 - 2018-12-05 10:58 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-02-10 12:55 - 2018-12-05 12:20 - 000003376 _____ C:\windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1572241333-3680237035-3324955502-1001
2019-02-10 12:55 - 2018-12-05 11:08 - 000000000 ___RD C:\Users\Káťa\OneDrive
2019-02-10 12:55 - 2018-12-05 10:24 - 000002395 _____ C:\Users\Káťa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-08 08:43 - 2018-10-06 22:54 - 000000000 ____D C:\ProgramData\Packages
2019-02-04 09:44 - 2018-12-05 10:26 - 000000000 ____D C:\Users\Káťa\AppData\Local\Packages
2019-02-02 23:53 - 2018-12-10 22:10 - 000835480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2019-02-02 23:53 - 2018-12-10 22:10 - 000179600 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\dllhost.exe => File is digitally signed
C:\windows\SysWOW64\dllhost.exe => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-28 07:06

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.02.2019 02
Ran by Káťa (23-02-2019 11:38:24)
Running from C:\Users\Káťa\Desktop
Windows 10 Home Version 1803 17134.590 (X64) (2018-12-05 06:39:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1572241333-3680237035-3324955502-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1572241333-3680237035-3324955502-503 - Limited - Disabled)
Guest (S-1-5-21-1572241333-3680237035-3324955502-501 - Limited - Disabled)
Káťa (S-1-5-21-1572241333-3680237035-3324955502-1001 - Administrator - Enabled) => C:\Users\Káťa
WDAGUtilityAccount (S-1-5-21-1572241333-3680237035-3324955502-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.7 - Advanced Micro Devices, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.109 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.11.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{cdb5f70f-5107-4613-bf69-15de903b5b5d}) (Version: 5.5.22560 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{3FC961DB-BD36-4D8D-B276-0C456A2BB638}) (Version: 1.4.0.441 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{F213102E-FD30-4E22-AF73-4C682D65FFEE}) (Version: 1.4.441.0 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}) (Version: 8.7.50.3 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{4E100CB6-9312-48BC-9DC0-4F4D5C338449}) (Version: 12.10.49.21 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{5D308D1F-E37B-431A-8D35-67D16287467D}) (Version: 1.4.28 - HP Inc.)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM-x32\...\{90150000-001F-0405-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM-x32\...\{90150000-001F-041B-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{12C2AEB0-ED60-4CCF-DD83-C65BC7CCFB50}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.88 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.16299.31241 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.25.119.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8544 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.113 - REALTEK Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.69 - Synaptics Incorporated)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1572241333-3680237035-3324955502-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\windows\system32\shell32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1572241333-3680237035-3324955502-1001_Classes\CLSID\{C591CFEA-E432-495d-A0BE-58E4CCD87B17}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => c:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-04-02] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\windows\system32\StartMenuHelper64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A26421A-81F2-44F9-ABFD-E6F4EBBACF4E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {0C541767-CA33-412E-BE46-83735AA2FD03} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe (HP Inc. -> HP Inc.)
Task: {1D58BF89-4020-4C2B-B7D8-CCEC133439DA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {1E02C25D-0BF6-4813-95FF-D815039C295C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe (HP Inc. -> HP Inc.)
Task: {23CBAED1-8C15-4317-A8A5-8A1EDFB644DF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {276EA9C2-5D11-482D-9BDC-C4A7ED3BB5E5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {32F248C4-13F1-4498-B51F-1CB1AEA4D1F0} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {385A03C1-8A15-4393-B355-142A942A1A7C} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe (HP Inc. -> HP Inc.)
Task: {3F2D0252-4A6E-454B-8670-62979774EBE5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)
Task: {4D0703FE-437E-4FFC-9232-35E53FEE46A4} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {4F83790B-F67A-4C0B-953B-363347C967DD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)
Task: {6232658C-0205-484E-A700-6E38909788BF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {69B177B6-FB4C-4F2C-A1D8-9484D72E3364} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {6CADA4BE-ABDB-4660-BD71-1A3EECB9B54D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe (HP Inc. -> HP Inc.)
Task: {752A4CB5-B895-47A2-99F2-306BD5F80108} - System32\Tasks\HPCeeScheduleForKáťa => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe (Hewlett-Packard Company -> HP Inc.)
Task: {817815E2-4494-464D-8743-96DE7C3B73A5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {92215D30-CC59-43FE-8566-9E5C137346E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {9BE40D03-746A-4656-98EF-E825130CF003} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe (HP Inc. -> HP Inc.)
Task: {9FA008BA-4CEF-4AA2-990B-2AD99A14D667} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {A3F28181-003B-4BA9-9200-EDD1355E2A8D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe (HP Inc. -> HP Inc.)
Task: {DAAF64C4-A808-46C2-AF10-1CA09DEF0E4F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe (HP Inc. -> HP Inc.)
Task: {DFE0A551-FA78-4309-9189-EA6209FE4047} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {E30896C0-805E-464C-AD6B-8AD4AAB91177} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe (@ByELDI -> @ByELDI) [File not signed]
Task: {EC147115-1283-4C5C-9F57-5A299F51F55C} - System32\Tasks\StartCN => c:\Program Files\AMD\CNext\CNext\cncmd.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {ED2C073B-FD79-437F-8F15-A001686EA31D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\HPCeeScheduleForKáťa.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-12-05 12:39 - 2018-12-05 12:39 - 000016896 _____ () C:\Program Files\KMSpico\WinDivert.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-13 11:41 - 2018-11-09 03:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2017-12-15 20:17 - 2017-12-15 20:17 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2017-12-15 20:17 - 2017-12-15 20:17 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2019-02-15 08:31 - 2019-02-13 06:14 - 005186032 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libglesv2.dll
2019-02-15 08:31 - 2019-02-13 06:14 - 000117232 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libegl.dll
2019-02-15 09:30 - 2019-02-06 03:25 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2019-01-31 17:48 - 2019-01-31 17:48 - 000481280 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2019-01-31 17:48 - 2019-01-31 17:48 - 080636416 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2019-01-17 15:11 - 2019-01-17 15:12 - 000012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-12-05 11:45 - 2018-12-05 11:45 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2019-01-31 17:48 - 2019-01-31 17:48 - 003824640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2019-01-31 17:48 - 2019-01-31 17:48 - 014225408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2019-01-31 17:48 - 2019-01-31 17:48 - 002871296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-12-05 11:45 - 2018-12-05 11:45 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-12-05 11:45 - 2018-12-05 11:45 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-01-31 17:48 - 2019-01-31 17:48 - 000146432 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\SKU.dll
2019-02-12 18:24 - 2019-02-12 18:24 - 008562688 _____ () C:\Program Files\WindowsApps\Microsoft.OneConnect_5.1901.311.0_x64__8wekyb3d8bbwe\OneConnect.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 00:38 - 2018-04-12 00:36 - 000000824 _____ C:\windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.17.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CF466E2D-5369-4CB1-BF0C-027DBD5FF8BF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{ADCCCD04-44F2-49D6-870C-E9EA9C1B7C8B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9FED2B69-D117-4281-B4D1-C82BA139DDB7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8FDF0E60-58B7-4A4F-9922-AFFEBB966E19}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5A82183B-9F3A-4B84-9C8D-3184CBF8539D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{39FD399D-688D-4E5E-9DE8-973A1E91B432}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.11231.20174.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4F0DCB34-FDA6-4521-B6F2-27669C8558B1}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{297F15ED-D515-4EF5-B5DC-C645682409E7}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)

==================== Restore Points =========================

08-02-2019 20:40:59 Instalační služba modulů systému Windows
15-02-2019 08:33:16 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/23/2019 10:08:11 AM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Zpracování události PowerEvent se nezdařilo. Chyba, ke které došlo: System.IO.IOException: Proces nemůže přistupovat k souboru C:\Windows\Temp\signtool.exe, protože soubor je využíván jiným procesem.
v System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
v System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
v System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
v System.IO.FileStream..ctor(String path, FileMode mode)
v _HPCommRecovery.Tools.Signtool.ExtractSignTool()
v _HPCommRecovery.Tools.Signtool.Verify(String arg)
v _HPCommRecovery.HPAHAgent.CallAgent()
v _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
v _HPCommRecovery.HPAHLogger.NewSession()
v _HPCommRecovery.HPCommRecove....

Error: (02/22/2019 06:31:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8657

Error: (02/22/2019 06:31:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8657

Error: (02/22/2019 06:31:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/22/2019 06:31:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1922

Error: (02/22/2019 06:31:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1922

Error: (02/22/2019 06:31:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/22/2019 04:36:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9109


System errors:
=============
Error: (02/23/2019 10:42:03 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Nelze spustit server DCOM: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. Došlo k chybě:
5
při provádění příkazu:
C:\windows\system32\SppExtComObj.exe -Embedding

Error: (02/23/2019 10:32:03 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Nelze spustit server DCOM: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. Došlo k chybě:
5
při provádění příkazu:
C:\windows\system32\SppExtComObj.exe -Embedding

Error: (02/23/2019 10:12:12 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-OJK0R611)
Description: Server {355822FC-86F1-4BE8-B5F0-A33736789641} se v daném časovém limitu neregistroval u služby DCOM.

Error: (02/23/2019 10:11:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/22/2019 09:54:58 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/21/2019 11:08:24 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/20/2019 10:16:12 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-OJK0R611)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli LAPTOP-OJK0R611\Káťa (SID: S-1-5-21-1572241333-3680237035-3324955502-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/20/2019 10:15:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


Windows Defender:
===================================
Date: 2019-02-23 10:43:21.807
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win64/AutoKMS
ID: 2147723334
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Windows\SECOH-QAD.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\NETWORK SERVICE
Název procesu: C:\Windows\System32\svchost.exe
Verze podpisu: AV: 1.287.594.0, AS: 1.287.594.0, NIS: 1.287.594.0
Verze modulu: AM: 1.1.15700.8, NIS: 1.1.15700.8

Date: 2019-02-23 10:42:04.186
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win64/AutoKMS
ID: 2147723334
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Windows\SECOH-QAD.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\NETWORK SERVICE
Název procesu: C:\Windows\System32\svchost.exe
Verze podpisu: AV: 1.287.594.0, AS: 1.287.594.0, NIS: 1.287.594.0
Verze modulu: AM: 1.1.15700.8, NIS: 1.1.15700.8

Date: 2019-02-23 10:41:57.530
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win64/AutoKMS
ID: 2147723334
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Windows\SECOH-QAD.dll; file:_C:\Windows\SECOH-QAD.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\KMSpico\Service_KMS.exe
Verze podpisu: AV: 1.287.594.0, AS: 1.287.594.0, NIS: 1.287.594.0
Verze modulu: AM: 1.1.15700.8, NIS: 1.1.15700.8

Date: 2019-02-23 10:41:56.725
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win64/AutoKMS
ID: 2147723334
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Windows\SECOH-QAD.dll
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\KMSpico\Service_KMS.exe
Verze podpisu: AV: 1.287.594.0, AS: 1.287.594.0, NIS: 1.287.594.0
Verze modulu: AM: 1.1.15700.8, NIS: 1.1.15700.8

Date: 2019-02-23 10:33:36.027
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win64/AutoKMS
ID: 2147723334
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Windows\SECOH-QAD.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\NETWORK SERVICE
Název procesu: C:\Windows\System32\svchost.exe
Verze podpisu: AV: 1.287.594.0, AS: 1.287.594.0, NIS: 1.287.594.0
Verze modulu: AM: 1.1.15700.8, NIS: 1.1.15700.8

Date: 2019-02-15 08:45:50.173
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.285.1418.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15700.8
Kód chyby: 0x80240016
Popis chyby :Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

CodeIntegrity:
===================================

Date: 2019-02-23 11:38:18.585
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-23 11:38:18.583
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-23 11:23:02.611
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-23 11:23:02.609
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-23 10:53:03.045
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-23 10:53:03.043
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-23 10:28:34.893
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-23 10:28:34.891
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: AMD E2-9000e RADEON R2, 4 COMPUTE CORES 2C+2G
Percentage of memory in use: 68%
Total physical RAM: 3981.68 MB
Available physical RAM: 1251.26 MB
Total Virtual: 5421.43 MB
Available Virtual: 2072.32 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:450.58 GB) (Free:345.04 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:13.94 GB) (Free:1.67 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{302fff6d-74bb-469d-b2db-218953e3b4aa}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.53 GB) NTFS
\\?\Volume{38e2630b-f6b3-4766-b35b-d14e13d18c8b}\ () (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 7BC58E7F)

Partition: GPT.

==================== End of Addition.txt ============================


Nahoru
 Profil  
Odpovědět s citací  
 Předmět příspěvku: Re: Preventivní kontrola
PříspěvekNapsal: 23 úno 2019 12:24 
Offline
Rádce
Rádce
Uživatelský avatar

Registrován: 27 dub 2008 10:34
Příspěvky: 1739
Do poznamkoveho bloku skopirujte obsah dole:

Kód:
CloseProcesses:
CreateRestorePoint:

C:\Program Files\KMSpico\Service_KMS.exe
C:\Program Files\KMSpico
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Bonjour
HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\...\MountPoints2: {9cd68dad-fcbf-11e8-9487-d0c5d37d1a7c} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\...\MountPoints2: {9cd69005-fcbf-11e8-9487-d0c5d37d1a7c} - "F:\HiSuiteDownLoader.exe"
SearchScopes: HKLM -> {D364EFC1-7D57-4C49-8A57-6EB68479FE78} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {D364EFC1-7D57-4C49-8A57-6EB68479FE78} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1572241333-3680237035-3324955502-1001 -> {D364EFC1-7D57-4C49-8A57-6EB68479FE78} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
S3 H2OFFT; \SystemRoot\System32\drivers\H2OFFT64.sys [X]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
FirewallRules: [{CF466E2D-5369-4CB1-BF0C-027DBD5FF8BF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{ADCCCD04-44F2-49D6-870C-E9EA9C1B7C8B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9FED2B69-D117-4281-B4D1-C82BA139DDB7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8FDF0E60-58B7-4A4F-9922-AFFEBB966E19}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)



Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.

_________________
¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky


Nahoru
 Profil  
Odpovědět s citací  
 Předmět příspěvku: Re: Preventivní kontrola
PříspěvekNapsal: 23 úno 2019 16:18 
Offline
Návštěvník
Návštěvník

Registrován: 05 pro 2006 19:17
Příspěvky: 76
Fix result of Farbar Recovery Scan Tool (x64) Version: 20.02.2019 02
Ran by Káťa (23-02-2019 16:03:51) Run:1
Running from C:\Users\Káťa\Desktop
Loaded Profiles: Káťa (Available Profiles: Káťa)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

C:\Program Files\KMSpico\Service_KMS.exe
C:\Program Files\KMSpico
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Bonjour
HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\...\MountPoints2: {9cd68dad-fcbf-11e8-9487-d0c5d37d1a7c} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\...\MountPoints2: {9cd69005-fcbf-11e8-9487-d0c5d37d1a7c} - "F:\HiSuiteDownLoader.exe"
SearchScopes: HKLM -> {D364EFC1-7D57-4C49-8A57-6EB68479FE78} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {D364EFC1-7D57-4C49-8A57-6EB68479FE78} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1572241333-3680237035-3324955502-1001 -> {D364EFC1-7D57-4C49-8A57-6EB68479FE78} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
S3 H2OFFT; \SystemRoot\System32\drivers\H2OFFT64.sys [X]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
FirewallRules: [{CF466E2D-5369-4CB1-BF0C-027DBD5FF8BF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{ADCCCD04-44F2-49D6-870C-E9EA9C1B7C8B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9FED2B69-D117-4281-B4D1-C82BA139DDB7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8FDF0E60-58B7-4A4F-9922-AFFEBB966E19}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

*****************

Processes closed successfully.
Restore point was successfully created.
C:\Program Files\KMSpico\Service_KMS.exe => moved successfully
C:\Program Files\KMSpico => moved successfully
C:\Program Files\Bonjour\mDNSResponder.exe => moved successfully
C:\Program Files\Bonjour => moved successfully
HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9cd68dad-fcbf-11e8-9487-d0c5d37d1a7c} => removed successfully
HKLM\Software\Classes\CLSID\{9cd68dad-fcbf-11e8-9487-d0c5d37d1a7c} => not found
HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9cd69005-fcbf-11e8-9487-d0c5d37d1a7c} => removed successfully
HKLM\Software\Classes\CLSID\{9cd69005-fcbf-11e8-9487-d0c5d37d1a7c} => not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D364EFC1-7D57-4C49-8A57-6EB68479FE78} => removed successfully
HKLM\Software\Classes\CLSID\{D364EFC1-7D57-4C49-8A57-6EB68479FE78} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D364EFC1-7D57-4C49-8A57-6EB68479FE78} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{D364EFC1-7D57-4C49-8A57-6EB68479FE78} => not found
HKU\S-1-5-21-1572241333-3680237035-3324955502-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D364EFC1-7D57-4C49-8A57-6EB68479FE78} => removed successfully
HKLM\Software\Classes\CLSID\{D364EFC1-7D57-4C49-8A57-6EB68479FE78} => not found
HKLM\System\CurrentControlSet\Services\H2OFFT => removed successfully
H2OFFT => service removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CF466E2D-5369-4CB1-BF0C-027DBD5FF8BF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ADCCCD04-44F2-49D6-870C-E9EA9C1B7C8B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9FED2B69-D117-4281-B4D1-C82BA139DDB7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8FDF0E60-58B7-4A4F-9922-AFFEBB966E19}" => removed successfully


The system needed a reboot.

==== End of Fixlog 16:05:19 ====


Nahoru
 Profil  
Odpovědět s citací  
 Předmět příspěvku: Re: Preventivní kontrola
PříspěvekNapsal: 23 úno 2019 16:46 
Offline
Rádce
Rádce
Uživatelský avatar

Registrován: 27 dub 2008 10:34
Příspěvky: 1739
Ako je na tom pocitac?

_________________
¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky


Nahoru
 Profil  
Odpovědět s citací  
Zobrazit příspěvky za předchozí:  Seřadit podle  
Odeslat nové téma Odpovědět na téma  [ Příspěvků: 8 ] 

Všechny časy jsou v UTC + 1 hodina


Kdo je online

Uživatelé procházející toto fórum: Žádní registrovaní uživatelé


Nemůžete zakládat nová témata v tomto fóru
Nemůžete odpovídat v tomto fóru
Nemůžete upravovat své příspěvky v tomto fóru
Nemůžete mazat své příspěvky v tomto fóru
Nemůžete přikládat soubory v tomto fóru

Hledat:
Přejít na:  
Založeno na phpBB® Forum Software © phpBB Group
Český překlad – phpBB.cz
Přispějete na provoz fóra?