Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu logu - ransomware

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
nowas
Návštěvník
Návštěvník
Příspěvky: 20
Registrován: 05 úno 2006 02:54

Prosím o kontrolu logu - ransomware

#1 Příspěvek od nowas »

Zdravím. Prosím o kontrolu logu. Děkuji

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-09-2019
Ran by San (administrator) on CUBE-PC (FUJITSU ESPRIMO P710) (10-09-2019 23:13:53)
Running from C:\Users\San\Desktop
Loaded Profiles: San & Administrator (Available Profiles: San & uce & Fil & Administrator)
Platform: Windows 10 Pro Version 1903 18362.295 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Conexant Systems, Inc.) [File not signed] C:\Windows\SysWOW64\SASrv.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\San\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
HKLM\...\Run: [MouseDriver] => TiltWheelMouse.exe
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe /t
HKLM-x32\...\Run: [Autodesk Desktop App] => "C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe" -tray
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
HKLM-x32\...\Run: [NetLockMngr] => C:\Program Files (x86)\CIGLER SOFTWARE\NetLicence\CSW_NetSWKeyNTMngr.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\Run: [OneDrive] => "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #0] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #1] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #2] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #3] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #4] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #5] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #6] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #7] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #8] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #9] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #10] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #11] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #12] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #13] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #14] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #15] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #16] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #17] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #18] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #19] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #20] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #21] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #22] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #23] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\RunOnce: [Application Restart #24] => C:\Windows\SysWOW64\mshta.exe [13312 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\AppCompatFlags\Custom\CSW_NetSWKeyNTService.exe: [{aa3d0df8-d205-43a6-a65f-b5a3ce52a2bf}.sdb] -> MoneyNetLicenceServer
HKLM\Software\...\AppCompatFlags\InstalledSDB\{aa3d0df8-d205-43a6-a65f-b5a3ce52a2bf}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{aa3d0df8-d205-43a6-a65f-b5a3ce52a2bf}.sdb [2019-08-08]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk.[BFEBFBFF000306A9][recoverdatasupport@cock.li].[BFEBFBFF000306A9][recoverdatasupport@cock.li] [2019-03-14]
ShortcutTarget: CodeMeter Control Center.lnk.[BFEBFBFF000306A9][recoverdatasupport@cock.li].[BFEBFBFF000306A9][recoverdatasupport@cock.li] -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk.[BFEBFBFF000306A9][recoverdatasupport@cock.li].[BFEBFBFF000306A9][recoverdatasupport@cock.li] [2019-03-14]
ShortcutTarget: Network Server.lnk.[BFEBFBFF000306A9][recoverdatasupport@cock.li].[BFEBFBFF000306A9][recoverdatasupport@cock.li] -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (No File)
Startup: C:\Users\CUBE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sledovat výstrahy inkoustu - HP Deskjet 3050 J610 series.lnk [2019-06-21]
ShortcutAndArgument: Sledovat výstrahy inkoustu - HP Deskjet 3050 J610 series.lnk -> C:\Windows\system32\RunDll32.exe => "C:\Program Files\HP\HP Deskjet 3050 J610 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN0BT3J23D05HX;CONNECTION=USB;MONITOR=1;
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BD3F7EC-746F-4679-B151-B5DDA38AF21E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {13E44638-B65B-485E-A334-0F99B8E35391} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1554B6D6-4F59-4589-B024-85997C3BD1CC} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2795FAA3-A685-489C-952F-19DDAE5B1DB6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {27BDDA3C-92FA-454B-A3D5-7180344DD725} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {31CB4EC1-5F7B-434F-B4EF-21B972071907} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {4B6D278D-E2BE-4105-9E15-053F0415EA84} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4F35F062-0BEF-46B2-8C08-502ADFFA5BE8} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {53635FEE-72A1-4D40-A710-1A3F2D367B8D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {60033671-3BD1-45F2-A494-7F9DCFE938D3} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {60338C88-E0BB-4B33-9368-E02A57C33AE2} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {65146AC3-7EE7-4493-B1E7-0194C70B2766} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {6A71160F-5D66-4CE8-B3BC-F992B1B960F1} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {6C840FE9-48D8-4F1C-9F2D-7CFBC102F467} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {75DC0782-5965-4C1D-A572-074B8587FBEE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7768136D-67D5-458E-8EEF-2E766FDBE9B6} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {7C8F47BE-1CD4-46BD-8989-DE49FFAEF08F} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {948BE8AD-283F-4144-B764-6E637019F750} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {9E3F82F8-EE0C-43D8-8958-617612E56E18} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {A2BB3567-FF27-4276-AA40-80A4AA3C2532} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {AE78C538-C46C-4F53-9428-659AF8F06E1E} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {B1A75382-47C2-4B0A-95BF-FCA843448D57} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B23563E2-2859-4519-AA1B-8F5490717141} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BC5828A4-5980-4347-B572-E50928B917BD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {CACF8A71-405F-4E8B-BF85-277EA8103FB2} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D1B71BA6-DB0F-4AD7-B448-47A23052F7E7} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D3DD69D1-6C43-4516-9F9D-7795FE557001} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {D498A999-DDA2-48D3-A1DF-FDBE0CD0AC66} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {D650D52F-83D2-4CB1-A3C0-976FD872C34E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D88B5B04-9086-4F7C-9747-2CD55B6C46A4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DAF6CDF1-8732-451A-9087-423CC0420A8C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DC3307DE-1E8A-45F3-A7D8-C2B402618321} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F2165EA0-0F36-43D0-88A0-EBD6CE850302} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe
Task: {F45D6D0E-E098-43C5-852E-D38EAB605E56} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {FFAB13B4-34F3-409A-9970-989BAA503D74} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FFC16A88-04D8-4A03-BA98-0AC63FEE8590} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{90BF43E7-1BDA-4E13-AD28-CF68106B0C87}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{9F17BAF9-6761-4F23-8137-48F5D7E2084D}: [NameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1836498613-3010024522-2400828536-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/cs-cz/?ocid=iehp
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll => No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll => No File
BHO-x32: PDF Architect 5 Helper -> {AEA429F3-D2D4-4BD7-A03E-5357DA017733} -> C:\Program Files (x86)\PDF Architect 5\creator\plugins\IEAddin\creator-ie-helper.dll => No File
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll => No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No File
Toolbar: HKLM-x32 - PDF Architect 5 Toolbar - {84F23192-A475-4038-B5C0-8584777F2DF4} - C:\Program Files (x86)\PDF Architect 5\creator\plugins\IEAddin\creator-ie-plugin.dll No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll" No File

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [No File]

Chrome:
=======
CHR Profile: C:\Users\San\AppData\Local\Google\Chrome\User Data\Default [2019-08-14]
CHR Extension: (Prezentace) - C:\Users\San\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-07-30]
CHR Extension: (Dokumenty) - C:\Users\San\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-06-21]
CHR Extension: (Disk Google) - C:\Users\San\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-06-21]
CHR Extension: (YouTube) - C:\Users\San\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-06-21]
CHR Extension: (Adobe Acrobat) - C:\Users\San\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-06-21]
CHR Extension: (Tabulky) - C:\Users\San\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-06-21]
CHR Extension: (Dokumenty Google offline) - C:\Users\San\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-07-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\San\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-06-21]
CHR Extension: (Gmail) - C:\Users\San\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-21]
CHR Extension: (Chrome Media Router) - C:\Users\San\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-21]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [328608 2015-07-30] (Intel Corporation - pGFX -> Intel Corporation)
R2 SAService; C:\WINDOWS\SysWOW64\SAsrv.exe [440320 2011-09-01] (Conexant Systems, Inc.) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5775208 2019-08-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 AdAppMgrSvc; "C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe" [X]
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S2 Apple Mobile Device Service; "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [X]
S2 BBSvc; C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe [X]
S3 BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe [X]
S2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X]
S2 CmWebAdmin.exe; "C:\Program Files\CodeMeter\Runtime\bin\CmWebAdmin.exe" [X]
S2 CodeMeter.exe; "C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" [X]
S2 FlexNet License Manager; "C:\SEFlex\Program\lmgrd.exe" [X]
S3 FlexNet Licensing Service 64; "C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe" [X]
S3 GoogleChromeElevationService; "C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\elevation_service.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S2 MSSQL$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [X]
S3 PDF Architect 5; "C:\Program Files\PDF Architect 5\ws.exe" [X]
S2 PDF Architect 5 Creator; "C:\Program Files\PDF Architect 5\creator\common\creator-ws.exe" [X]
S2 PDF Architect 5 Manager; "C:\Program Files (x86)\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe" [X]
S2 SentinelKeysServer; "C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" [X]
S2 SentinelProtectionServer; "C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" [X]
S2 SentinelSecurityRuntime; "C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe" [X]
S4 SQLAgent$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [X]
S4 SQLBrowser; "c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [X]
S2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [X]
S2 SWLckServer; C:\Program Files (x86)\CIGLER SOFTWARE\NetLicence\CSW_NetSWKeyNTService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [232448 2019-03-19] (Microsoft Corporation) [File not signed]
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [125952 2014-06-24] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S4 RsFx0201; C:\WINDOWS\System32\DRIVERS\RsFx0201.sys [336880 2012-10-20] (Microsoft Corporation -> Microsoft Corporation)
R2 Sentinel64; C:\WINDOWS\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc. -> SafeNet, Inc.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2017-10-11] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-31] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-31] (Microsoft Windows -> Microsoft Corporation)
R2 WIBUKEY; C:\WINDOWS\System32\DRIVERS\WibuKey64.sys [118200 2016-12-22] (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-10 23:13 - 2019-09-10 23:15 - 000026372 _____ C:\Users\San\Desktop\FRST.txt
2019-09-10 23:12 - 2019-09-10 23:13 - 000000000 ____D C:\FRST
2019-09-10 23:12 - 2019-09-10 23:11 - 001614848 _____ (Farbar) C:\Users\San\Desktop\FRST64.exe
2019-09-10 23:12 - 2019-09-10 23:05 - 064333800 _____ (Malwarebytes ) C:\Users\San\Desktop\mb3-setup-43841.43841-3.8.3.2965-1.0.613-1.0.11270 (1).exe
2019-09-10 23:12 - 2019-07-09 03:57 - 000072856 _____ (Microsoft Corporation) C:\Users\San\Desktop\setup.exe
2019-09-10 23:04 - 2019-09-10 23:04 - 000000000 ____D C:\Users\San\AppData\Local\PeerDistRepub
2019-09-10 22:28 - 2019-08-14 17:20 - 000410814 __RSH C:\bootmgr
2019-09-10 22:28 - 2019-03-19 06:44 - 000000001 ___SH C:\BOOTNXT
2019-09-10 21:51 - 2019-09-10 21:51 - 000182072 _____ C:\WINDOWS\ntbtlog.txt
2019-09-10 21:29 - 2019-09-10 21:29 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2019-09-09 23:15 - 2019-09-09 23:15 - 000000000 ____D C:\EFI
2019-09-08 15:39 - 2019-09-08 15:39 - 000000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-09-08 11:02 - 2019-09-08 11:02 - 000000000 ____D C:\Users\Administrator\Desktop\Nová složka
2019-09-08 11:01 - 2019-09-08 11:01 - 000006803 _____ C:\info.hta
2019-09-08 11:01 - 2019-09-08 11:01 - 000000385 _____ C:\INFO.txt
2019-09-08 10:27 - 2019-09-07 10:26 - 001119232 _____ () C:\File Encryption.exe.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-08 10:27 - 2019-09-06 18:29 - 001117184 _____ () C:\EncryptionChecker.exe.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-08 10:27 - 2019-07-18 00:47 - 000128000 _____ C:\exploit.exe.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-08 10:24 - 2019-09-08 10:24 - 000000422 __RSH C:\ProgramData\ntuser.pol.[BFEBFBFF000306A9][recoverdatasupport@cock.li].[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-08 06:17 - 2019-09-08 06:17 - 000000000 ____D C:\Users\Administrator\AppData\Local\PeerDistRepub
2019-09-02 19:39 - 2019-09-02 19:39 - 000000000 ____D C:\Users\Test\Desktop\kopie dokladu 2018
2019-08-21 22:16 - 2019-08-21 22:16 - 000000000 ____D C:\Users\Fil\AppData\LocalLow\Temp
2019-08-21 12:53 - 2019-08-21 12:53 - 000000000 ____D C:\Users\Fil\AppData\Roaming\HpUpdate
2019-08-16 10:02 - 2019-08-16 10:02 - 000000000 ____D C:\Users\Fil\Documents\PDF Architect
2019-08-16 10:02 - 2019-08-16 10:02 - 000000000 ____D C:\Users\Fil\AppData\Roaming\PDF Architect 5
2019-08-16 10:02 - 2019-08-16 10:02 - 000000000 ____D C:\Users\Fil\AppData\Local\PDFCreator
2019-08-15 12:57 - 2019-08-15 12:57 - 000000000 ____D C:\Users\Fil\AppData\Local\D3DSCache
2019-08-14 17:20 - 2019-08-14 17:20 - 025901056 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 022625280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 019849216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 018017792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 017785856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 009926672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-08-14 17:20 - 2019-08-14 17:20 - 008012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 007890256 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 007753728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 007277568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 007251808 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 007008768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 006518184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 006226864 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 006071432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 005941760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 005916160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 005753944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 004562904 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-08-14 17:20 - 2019-08-14 17:20 - 004012032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 003724800 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 003698176 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 003590672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 003550720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 002990096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 002798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2019-08-14 17:20 - 2019-08-14 17:20 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2019-08-14 17:20 - 2019-08-14 17:20 - 002724352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 002494440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 002449432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 002094592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 002031104 _____ C:\WINDOWS\system32\rdpnano.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001954960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001822720 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-08-14 17:20 - 2019-08-14 17:20 - 001717776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001715000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001647280 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001608192 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001562112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001535288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001509936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-08-14 17:20 - 2019-08-14 17:20 - 001505808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001458176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001413328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001391416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-08-14 17:20 - 2019-08-14 17:20 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-08-14 17:20 - 2019-08-14 17:20 - 001337872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001301008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 001262016 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001259008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001213240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001182240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-08-14 17:20 - 2019-08-14 17:20 - 001146880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001072144 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-08-14 17:20 - 2019-08-14 17:20 - 001056704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 001037312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000889664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000876560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000830976 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000829776 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2019-08-14 17:20 - 2019-08-14 17:20 - 000821904 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-08-14 17:20 - 2019-08-14 17:20 - 000817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 000796088 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000782120 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-08-14 17:20 - 2019-08-14 17:20 - 000752792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 000701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000672944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-08-14 17:20 - 2019-08-14 17:20 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000633344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 000531456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000524216 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000481592 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-08-14 17:20 - 2019-08-14 17:20 - 000477712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-08-14 17:20 - 2019-08-14 17:20 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000441360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 000437760 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2PGraph.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000428544 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000386320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000382976 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000373248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2PGraph.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComposableShellProxyStub.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 000316432 _____ (Microsoft Corporation) C:\WINDOWS\system32\computestorage.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000300176 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000283152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000210448 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000210400 _____ (Microsoft Corporation) C:\WINDOWS\system32\xmllite.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000202256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2pnetsh.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\p2pnetsh.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000170920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xmllite.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000166400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComposableShellProxyStub.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000135480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000127280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000123920 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShellExtFramework.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000093104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-08-14 17:20 - 2019-08-14 17:20 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000089328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Groupinghc.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpapi.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cellulardatacapabilityhandler.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6r.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2019-08-14 17:20 - 2019-08-14 17:20 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6r.dll
2019-08-14 17:19 - 2019-08-14 17:19 - 001428992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-08-14 17:19 - 2019-08-14 17:19 - 000804880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2019-08-14 17:19 - 2019-08-14 17:19 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2019-08-14 17:19 - 2019-08-14 17:19 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2019-08-14 17:19 - 2019-08-14 17:19 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthMini.SYS
2019-08-14 12:00 - 2019-09-08 10:40 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\HpUpdate

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-10 22:38 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-09-10 22:30 - 2019-07-31 14:54 - 000000000 __SHD C:\Users\San\IntelGraphicsProfiles
2019-09-10 22:30 - 2019-07-31 09:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-09-10 22:30 - 2019-07-31 09:20 - 000000000 ___RD C:\Users\San\3D Objects
2019-09-10 22:30 - 2019-03-19 06:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-09-10 22:18 - 2019-07-30 19:24 - 002010080 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-09-10 22:18 - 2019-03-19 13:57 - 000779936 _____ C:\WINDOWS\system32\perfh005.dat
2019-09-10 22:18 - 2019-03-19 13:57 - 000177824 _____ C:\WINDOWS\system32\perfc005.dat
2019-09-10 22:18 - 2019-03-19 06:50 - 000000000 ____D C:\WINDOWS\INF
2019-09-10 22:05 - 2019-07-30 19:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-09-10 21:56 - 2019-03-19 06:37 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2019-09-10 21:29 - 2019-07-31 16:31 - 000000000 ____D C:\Users\Administrator
2019-09-09 23:15 - 2019-03-19 06:49 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2019-09-08 16:13 - 2019-08-08 15:18 - 000000000 __SHD C:\Users\Fil\IntelGraphicsProfiles
2019-09-08 16:12 - 2019-07-30 19:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-09-08 10:41 - 2019-07-31 16:31 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2019-09-08 10:41 - 2019-07-30 19:25 - 000000000 ____D C:\Users\CUBE
2019-09-08 10:41 - 2019-04-25 14:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Screen Capture 2
2019-09-08 10:41 - 2019-03-14 14:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeMeter
2019-09-08 10:41 - 2019-03-14 14:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WibuKey
2019-09-08 10:41 - 2018-09-27 09:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012
2019-09-08 10:41 - 2018-08-22 09:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MayTec
2019-09-08 10:41 - 2018-08-07 12:27 - 000000000 ____D C:\Users\CUBE\AppData\Local\CrashDumps
2019-09-08 10:41 - 2018-07-30 13:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Siemens Solid Edge 2019
2019-09-08 10:41 - 2018-07-30 13:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyShot 7 64
2019-09-08 10:41 - 2018-06-05 18:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-09-08 10:41 - 2018-05-14 13:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2019-09-08 10:41 - 2018-04-25 16:09 - 000000000 ____D C:\Users\CUBE\.gimp-2.8
2019-09-08 10:41 - 2018-03-03 13:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2019-09-08 10:41 - 2018-02-15 22:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2019-09-08 10:41 - 2018-02-09 13:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2019-09-08 10:41 - 2018-02-09 12:48 - 000000000 ____D C:\Users\CUBE\AppData\Local\Akamai
2019-09-08 10:41 - 2017-10-28 11:11 - 000070768 _____ C:\Users\CUBE\AppData\Local\GDIPFONTCACHEV1.DAT.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-08 10:40 - 2019-07-31 16:37 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CÍGLER SOFTWARE
2019-09-08 10:40 - 2019-07-31 16:35 - 000000000 ___RD C:\Users\Administrator\OneDrive
2019-09-08 10:40 - 2019-07-31 16:31 - 000000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2019-09-08 10:40 - 2019-07-31 16:31 - 000000000 ___RD C:\Users\Administrator\3D Objects
2019-09-08 10:40 - 2019-03-14 14:02 - 000000000 ____D C:\ProgramData\Install.GS
2019-09-08 10:40 - 2018-07-30 13:19 - 000000000 ____D C:\SEWebInstall
2019-09-08 10:40 - 2018-07-24 14:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2019-09-08 10:40 - 2018-07-24 14:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-09-08 10:40 - 2018-05-14 13:40 - 000000000 ____D C:\ProgramData\HP Photo Creations
2019-09-08 10:40 - 2018-03-03 13:39 - 000000000 ____D C:\Program Files (x86)\PDF Architect 5
2019-09-08 10:40 - 2018-03-03 12:28 - 000000000 ____D C:\ProgramData\McAfee
2019-09-08 10:40 - 2018-02-09 13:35 - 000000000 ____D C:\ProgramData\FLEXnet
2019-09-08 10:40 - 2018-02-09 12:49 - 000000000 ____D C:\ProgramData\Autodesk
2019-09-08 10:40 - 2016-06-21 15:06 - 000000000 ___HD C:\Reseal
2019-09-08 10:38 - 2019-04-25 14:01 - 000000000 ____D C:\Program Files (x86)\Easy Screen Capture 2
2019-09-08 10:38 - 2018-05-14 13:40 - 000000000 ____D C:\Program Files (x86)\HP Photo Creations
2019-09-08 10:37 - 2019-03-14 14:12 - 000000000 ____D C:\Program Files (x86)\CodeMeter
2019-09-08 10:37 - 2018-06-05 18:34 - 000000000 ____D C:\Program Files\WinRAR
2019-09-08 10:37 - 2018-04-16 07:32 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2019-09-08 10:37 - 2017-11-07 21:58 - 000000000 ____D C:\Program Files (x86)\Bonjour
2019-09-08 10:31 - 2018-03-03 13:39 - 000000000 ____D C:\Program Files\PDF Architect 5
2019-09-08 10:31 - 2018-03-03 13:38 - 000000000 ____D C:\Program Files\PDFCreator
2019-09-08 10:30 - 2018-07-30 13:40 - 000000000 ____D C:\Program Files\KeyShot7
2019-09-08 10:30 - 2017-11-07 21:58 - 000000000 ____D C:\Program Files\Bonjour
2019-09-08 10:28 - 2018-02-15 22:17 - 000000048 _____ C:\script.txt.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-08 06:07 - 2019-07-31 16:41 - 000000000 ____D C:\Users\Administrator\AppData\Local\D3DSCache
2019-09-08 06:07 - 2019-07-31 16:35 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1836498613-3010024522-2400828536-500
2019-09-08 06:07 - 2019-07-31 16:31 - 000002422 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-08 06:06 - 2019-07-31 16:31 - 000000402 ___SH C:\Users\Administrator\Documents\desktop.ini.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-08 06:06 - 2019-07-31 16:31 - 000000282 ___SH C:\Users\Administrator\Downloads\desktop.ini.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-08 06:06 - 2019-07-31 16:31 - 000000282 ___SH C:\Users\Administrator\Desktop\desktop.ini.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-08 06:06 - 2019-07-31 16:31 - 000000264 ___SH C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-08 06:06 - 2019-07-31 16:31 - 000000174 ___SH C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-09-03 22:54 - 2019-07-31 15:51 - 000000000 ____D C:\Users\Test\AppData\Local\Packages
2019-09-03 15:37 - 2019-07-31 15:57 - 000000000 ____D C:\Users\Test\AppData\Local\PlaceholderTileLogoFolder
2019-09-02 19:27 - 2019-07-31 15:54 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1836498613-3010024522-2400828536-1003
2019-09-02 19:27 - 2019-07-31 15:54 - 000000000 ___RD C:\Users\Test\OneDrive
2019-09-02 19:27 - 2019-07-31 15:51 - 000002399 _____ C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-09-02 19:26 - 2019-07-31 15:51 - 000000000 ___RD C:\Users\Test\3D Objects
2019-09-02 11:52 - 2019-03-19 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-08-30 10:11 - 2019-08-08 15:21 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1836498613-3010024522-2400828536-1004
2019-08-30 10:11 - 2019-08-08 15:21 - 000002426 _____ C:\Users\Fil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-08-30 10:11 - 2019-08-08 15:21 - 000000000 ___RD C:\Users\Fil\OneDrive
2019-08-29 22:41 - 2019-06-21 18:27 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk.[BFEBFBFF000306A9][recoverdatasupport@cock.li].[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-08-29 22:41 - 2019-06-21 18:27 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-08-24 00:06 - 2019-03-19 06:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-08-23 20:48 - 2018-02-09 14:30 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk.[BFEBFBFF000306A9][recoverdatasupport@cock.li].[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-08-22 20:17 - 2019-08-08 15:19 - 000000000 ____D C:\Users\Fil\AppData\Local\Autodesk
2019-08-18 09:41 - 2019-08-08 15:18 - 000000000 ____D C:\Users\Fil
2019-08-17 18:39 - 2019-03-19 06:37 - 000000000 ____D C:\WINDOWS\servicing
2019-08-16 14:35 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-08-14 22:20 - 2019-08-08 15:18 - 000000000 ___RD C:\Users\Fil\3D Objects
2019-08-14 18:29 - 2019-07-30 19:13 - 000308136 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-08-14 18:27 - 2019-03-19 13:59 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-08-14 18:27 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\SystemResources
2019-08-14 18:27 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-08-14 18:27 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-08-14 17:27 - 2016-06-17 08:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-08-14 17:24 - 2019-03-19 06:49 - 000000400 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini.[BFEBFBFF000306A9][recoverdatasupport@cock.li].[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-08-14 17:24 - 2016-06-17 08:25 - 134272480 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-08-14 17:20 - 2017-07-26 14:59 - 000410814 __RSH C:\bootmgr.[BFEBFBFF000306A9][recoverdatasupport@cock.li]
2019-08-14 15:44 - 2019-03-19 06:59 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\telnet.exe
2019-08-14 15:01 - 2019-07-30 19:38 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-08-13 16:53 - 2019-07-30 18:16 - 000000000 ___DC C:\WINDOWS\Panther

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================





Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-09-2019
Ran by San (10-09-2019 23:16:12)
Running from C:\Users\San\Desktop
Windows 10 Pro Version 1903 18362.295 (X64) (2019-07-30 17:40:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1836498613-3010024522-2400828536-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1836498613-3010024522-2400828536-503 - Limited - Disabled)
Fil (S-1-5-21-1836498613-3010024522-2400828536-1004 - Limited - Enabled) => C:\Users\Fil
Guest (S-1-5-21-1836498613-3010024522-2400828536-501 - Limited - Disabled)
Mir (S-1-5-21-1836498613-3010024522-2400828536-1005 - Limited - Enabled)
San (S-1-5-21-1836498613-3010024522-2400828536-1002 - Administrator - Enabled) => C:\Users\San
uce (S-1-5-21-1836498613-3010024522-2400828536-1003 - Limited - Enabled) => C:\Users\Test
Vas (S-1-5-21-1836498613-3010024522-2400828536-1006 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-1836498613-3010024522-2400828536-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Application Compatibility Toolkit (HKLM\...\{D70F2D01-43C9-18A8-FC9C-3A088433BA65}) (Version: 10.1.18362.1 - Microsoft) Hidden
Autodesk Advanced Material Library Image Library 2018 (HKLM-x32\...\{177AD7F6-9C77-4E50-BA53-B7259C5F282D}) (Version: 16.11.1.0 - Autodesk)
Autodesk App Manager 2016-2018 (HKLM-x32\...\{20EC0CA2-346E-4660-9903-51B278DF15F6}) (Version: 2.4.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.8 (HKLM-x32\...\{214D3370-746E-4886-8EAA-5769EB87D044}) (Version: 1.2.8.0 - Autodesk)
Autodesk Material Library 2018 (HKLM-x32\...\{7847611E-92E9-4917-B395-71C91D523104}) (Version: 16.11.1.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2018 (HKLM-x32\...\{FCDED119-A969-4E48-8A32-D21AD6B03253}) (Version: 16.11.1.0 - Autodesk)
Autodesk ReCap (HKLM\...\{6ED27C84-0000-1033-0102-D4DAEFFC23C2}) (Version: 4.0.0.28 - Autodesk) Hidden
Autodesk ReCap (HKLM\...\Autodesk ReCap 360) (Version: 4.0.0.28 - Autodesk)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MF631C (HKLM\...\{ED33D4BE-708F-4688-A642-EC47ADB4B488}) (Version: 5.4.0.0 - CANON INC.)
CodeMeter Runtime Kit v6.60a (HKLM\...\{34F620A7-AAD8-4C48-8ED6-9A8E7F894D15}) (Version: 6.60.2878.501 - WIBU-SYSTEMS AG)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.43.0 - Conexant)
Easy Screen Capture 2 (HKLM-x32\...\Easy Screen Capture 2_is1) (Version: - Longfine Software)
Ekonomický systém Money S3 (HKLM-x32\...\Money S3) (Version: 19.602 (20190726_15) - Solitea Česká republika, a.s.)
FARO LS 1.1.600.6 (64bit) (HKLM-x32\...\{510A08AF-1649-4844-94E5-EAC43A023685}) (Version: 6.0.6.5 - FARO Scanner Production)
GDR 3128 for SQL Server 2012 (KB2793634) (64-bit) (HKLM\...\KB2793634) (Version: 11.1.3128.0 - Microsoft Corporation)
GDR 3156 for SQL Server 2012 (KB3045318) (64-bit) (HKLM\...\KB3045318) (Version: 11.1.3156.0 - Microsoft Corporation)
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 76.0.3809.132 - Google LLC)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
GRAPHISOFT BIMx Desktop Viewer (HKLM\...\BIMx Viewer 22.0 GEN FULL R1 1) (Version: 2018.2.1534.0 - GRAPHISOFT SE)
GRAPHISOFT License Manager Tool (HKLM\...\License Manager Tool 20.0 INT FULL R1 1) (Version: 20.0.0.4590 - GRAPHISOFT SE)
HP Deskjet 3050 J610 series Nápověda (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{3DAC4F8C-80E6-4204-8A58-747FA4CBAA03}) (Version: 16.0.246 - Intel Corporation)
KeyShot 7 64 bit (HKLM\...\KeyShot 7_64) (Version: 7.3 64 bit - Luxion ApS)
Kits Configuration Installer (HKLM-x32\...\{63AAA877-5536-9481-2385-28A082100D78}) (Version: 10.1.18362.1 - Microsoft) Hidden
Licenční server Solitea verze 4.20 (HKLM-x32\...\Licenční server Solitea verze 4.20) (Version: - )
Manager (HKLM-x32\...\{8DED36D9-54D6-4127-A112-5A1BA1CDD66B}) (Version: 5.0.26.33533 - 2017 pdfforge GmbH. All rights reserved) Hidden
MAY-CAD (HKLM-x32\...\{92B4EFEA-0BA8-45E6-8774-741626F6F30F}) (Version: 7.000.1 - MayTec)
Microsoft OneDrive (HKU\S-1-5-21-1836498613-3010024522-2400828536-1002\...\OneDriveSetup.exe) (Version: 19.123.0624.0005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1836498613-3010024522-2400828536-500\...\OneDriveSetup.exe) (Version: 19.152.0801.0007 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version: - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{4F640A82-635E-431A-856A-F43E5EAAC130}) (Version: 11.1.3156.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8AC82589-7217-48FE-9051-AE6D3B211B14}) (Version: 11.1.3156.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.1.3000.0 - Microsoft Corporation)
MoneyNetLicenceServer (HKLM\...\{aa3d0df8-d205-43a6-a65f-b5a3ce52a2bf}.sdb) (Version: - )
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 60.6.1.7023 - Mozilla)
Mozilla Thunderbird 60.6.1 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 60.6.1 (x86 cs)) (Version: 60.6.1 - Mozilla)
O2 (HKLM-x32\...\O2CZ) (Version: - O2)
PDF Architect 5 Create Module (HKLM\...\{E6BB3749-AC9F-4BDE-84D9-1E22EF689573}) (Version: 5.1.28.35989 - pdfforge GmbH) Hidden
PDF Architect 5 Edit Module (HKLM\...\{CC1439A7-3054-4C5F-AF60-7F770DAD7793}) (Version: 5.1.28.35989 - pdfforge GmbH) Hidden
PDF Architect 5 View Module (HKLM\...\{23AFD2CD-3930-451E-A27C-07A9457CE07F}) (Version: 5.1.28.35989 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.1.2 - pdfforge GmbH)
Počítačová aplikace Autodesk (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.7.232 - Autodesk)
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.0.0.790 - Samsung Electronics)
Sentinel Protection Installer 7.6.1 (HKLM-x32\...\{7B1AA2AB-ACD2-45C7-B1B1-364BEA40615F}) (Version: 7.6.1 - SafeNet, Inc.)
Service Pack 1 for SQL Server 2012 (KB2674319) (64-bit) (HKLM\...\KB2674319) (Version: 11.1.3000.0 - Microsoft Corporation)
Siemens Solid Edge 2019 (HKLM\...\{C62CE6BD-CC1D-4459-AA70-19295563C462}) (Version: 219.00.00091 - Siemens)
Solid Edge License Manager (HKLM\...\{5B3C98CB-9E13-4C5E-9679-BD9AC959F16D}) (Version: 219.00.00091 - Siemens)
Solid Edge Standard Parts Administrator (HKLM\...\{1FB59B96-9361-43C9-AEB1-85E4B17D90AF}) (Version: 219.00.00091 - Siemens)
Solid Edge Standard Parts Machinery Library (HKLM\...\{FE274D7D-F9FB-402D-931C-E8FE7732B0EE}) (Version: 219.00.00091 - Siemens)
Speciální aplikace Autodesk 2016-2018 (HKLM-x32\...\{384C4B74-B749-4AB6-9367-4D51A6AA9CB8}) (Version: 2.4.0 - Autodesk)
SQL Server 2012 Common Files (HKLM\...\{1D411379-9CE0-4B13-A19B-72D3222DD620}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (HKLM\...\{202AAF1F-69AA-442A-B59F-6B54B1AD07C6}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{18B2A97C-92C3-4AC7-BE72-F823E0BC895B}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{84FBCA4A-D650-4B0D-8094-EC0671FA9B91}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{54FF8FAB-DE27-4187-82F1-EBAE6AEE869A}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{6603C2CE-3C54-4F1D-92F9-8390CD4CCCA8}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.1.3000.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{BED1EA3D-592D-4305-9D1F-20F03726EFC1}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
Studie vylepšování produktu HP Deskjet 3050 J610 series (HKLM\...\{8310B4FA-2ADE-4022-BD5A-28C4BDADC7D2}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Toolkit Documentation (HKLM-x32\...\{2BBA97A1-176F-DA72-96DE-0FEA66AF3EFF}) (Version: 10.1.18362.1 - Microsoft) Hidden
WibuKey Setup (WibuKey Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 6.40 of 2016-Dec-22 (Build 2402) (Setup) - WIBU-SYSTEMS AG)
Windows Assessment and Deployment Kit - Windows 10 (HKLM-x32\...\{fb450356-9879-4b2e-8dc9-282709286661}) (Version: 10.1.18362.1 - Microsoft Corporation)
WinRAR 5.60 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.4 - win.rar GmbH)
Základní software zařízení HP Deskjet 3050 J610 series (HKLM\...\{A74FCB98-0C9F-4D35-8F81-79BD5AA6A88F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-07-31] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-07-31] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-07-31] (Microsoft Studios) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-31] (Microsoft Corporation) [MS Ad]
Pošta a Kalendář -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-18] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-1002_Classes\CLSID\{6BE99E87-B6FB-4CC3-AE69-DFCF33303D55} -> [Tiskové exporty z Money S3] => C:\Users\Public\Documents\Solitea\Money S3\Bin\PRINT\ [0000-00-00 00:00]
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{6BE99E87-B6FB-4CC3-AE69-DFCF33303D55} -> [Tiskové exporty z Money S3] => C:\Users\Public\Documents\Solitea\Money S3\Bin\PRINT\ [0000-00-00 00:00]
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1836498613-3010024522-2400828536-500_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\amd64\FileSyncShell64.dll => No File
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:/Program Files/PDFCreator/PDFCreatorShell.DLL -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll -> No File
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-07-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll -> No File
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll -> No File

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-03-03 13:38 - 2018-03-03 13:38 - 000117248 _____ (pdfforge GmbH) [File not signed] C:\WINDOWS\System32\pdfcmon.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2018-04-16 07:21 - 000000828 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64_win\compiler;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files\Microsoft SQL Server\110\DTS\Binn\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1836498613-3010024522-2400828536-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1836498613-3010024522-2400828536-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run32: => "NetLockMngr"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3DC354BB-2C51-4ECF-9FCD-FE004CEB0652}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe No File
FirewallRules: [{3A1A5EA7-155E-4A81-9115-86C7467929A9}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe No File
FirewallRules: [{B75DBA7D-19F2-4B88-B485-B832807D3D27}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CmWebAdmin.exe No File
FirewallRules: [{03EB398A-778B-4394-A30A-C219BF29A37F}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe No File
FirewallRules: [{FD43D7F5-AE42-4327-BDE1-C02FF0633FC2}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe No File
FirewallRules: [{F96BA42B-BED1-4CD3-9195-D20647CC62D1}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe No File
FirewallRules: [{4D10606E-398A-4C76-99DF-3C04C2177930}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe No File
FirewallRules: [{4BDE80D7-4205-4999-BD98-5268E30A3865}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe No File
FirewallRules: [{D9E64183-5846-4CE3-AA3E-B82A08716D3E}] => (Allow) C:\Program Files\KeyShot7\bin\keyshot_daemon.exe No File
FirewallRules: [{20F0FF85-28BD-4657-8C9C-74359394A05E}] => (Allow) C:\Program Files\KeyShot7\bin\keyshot.exe No File
FirewallRules: [{F36F0A36-25BF-4BF9-9C12-DB764BF2C3B5}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicatorCom.exe No File
FirewallRules: [{8F93C0EF-2772-47F6-9D65-DF8CF6986A12}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe No File
FirewallRules: [{09646E77-05C4-47B0-AA7C-171071074B85}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe No File
FirewallRules: [{D1181257-C461-45FE-B2CE-F3B2A5AA1C57}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe No File
FirewallRules: [UDP Query User{F26B1BF5-25A0-4699-961A-6B2B7BA6100F}C:\users\cube\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\cube\appdata\local\akamai\netsession_win.exe No File
FirewallRules: [TCP Query User{A1E87DFE-AAA3-4101-A14E-551A89929AE0}C:\users\cube\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\cube\appdata\local\akamai\netsession_win.exe No File
FirewallRules: [{57717DBE-EB48-46B4-9FED-D10F6A4B8766}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe No File
FirewallRules: [{2B041C67-3063-4C69-8679-5857E65964D7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe No File
FirewallRules: [{65AE5862-E184-459A-AE60-ECF47CA382A0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe No File
FirewallRules: [{116DFDF8-E9D6-466B-A19A-A497823C623E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe No File
FirewallRules: [{5FBD6234-ECD8-4145-B952-BF149E129017}] => (Allow) LPort=511
FirewallRules: [{1F579F9F-2064-4C1A-905A-4BD6B2B34675}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe No File
FirewallRules: [{C59BDAE9-2818-499A-B7AA-EF5AE699F57F}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe No File
FirewallRules: [{02314169-BE0E-48EC-A316-432EF00D0A96}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe No File
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server

==================== Restore Points =========================

22-08-2019 07:22:06 Instalační služba modulů systému Windows
31-08-2019 14:44:53 Naplánovaný kontrolní bod
02-09-2019 11:51:14 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/10/2019 11:10:26 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9648,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (09/10/2019 10:38:14 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2764,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (09/10/2019 10:15:26 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4480,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (09/10/2019 10:06:28 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\CUBE-PC$ přes https://IFX-KeyId-bbcf7cc184213166dab5b ... s/Aik/scep se nepovedla:

GetCACaps

Metoda: GET(0ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (09/10/2019 10:06:16 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\CUBE-PC$ přes https://IFX-KeyId-bbcf7cc184213166dab5b ... s/Aik/scep se nepovedla:

GetCACaps

Metoda: GET(31ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (09/10/2019 10:03:34 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\CUBE-PC$ přes https://IFX-KeyId-bbcf7cc184213166dab5b ... s/Aik/scep se nepovedla:

GetCACaps

Metoda: GET(0ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (09/10/2019 10:03:22 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\CUBE-PC$ přes https://IFX-KeyId-bbcf7cc184213166dab5b ... s/Aik/scep se nepovedla:

GetCACaps

Metoda: GET(16ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (09/10/2019 09:48:48 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.


System errors:
=============
Error: (09/10/2019 10:07:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (09/10/2019 10:05:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba FlexNet License Manager neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (09/10/2019 10:05:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba SQLWriter neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (09/10/2019 10:05:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba SentinelSecurityRuntime neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (09/10/2019 10:05:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba PDF Architect 5 Manager neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (09/10/2019 10:05:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba PDF Architect 5 Creator neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (09/10/2019 10:05:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba MSSQL$SQLEXPRESS neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (09/10/2019 10:05:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Bonjour Service neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.


Windows Defender:
===================================
Date: 2019-09-08 10:25:37.395
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Ransom:Win32/Higuniel.A
ID: 2147725777
Závažnost: Vážné
Kategorie: Ransomware
Cesta: file:_C:\Users\Administrator\Desktop\EncryptionChecker.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: CUBE-PC\Administrator
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.299.2860.0, AS: 1.299.2860.0, NIS: 1.299.2860.0
Verze modulu: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-09-08 10:25:27.946
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Ransom:Win32/Higuniel.A
ID: 2147725777
Závažnost: Vážné
Kategorie: Ransomware
Cesta: file:_C:\Users\Administrator\Desktop\EncryptionChecker.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: CUBE-PC\Administrator
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.299.2860.0, AS: 1.299.2860.0, NIS: 1.299.2860.0
Verze modulu: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-09-08 10:25:19.617
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Casdet!rfn
ID: 2147727512
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Administrator\Desktop\exploit.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: CUBE-PC\Administrator
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.299.2860.0, AS: 1.299.2860.0, NIS: 1.299.2860.0
Verze modulu: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-09-08 10:25:14.903
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Wacatac.B!ml
ID: 2147735505
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Administrator\Desktop\File Encryption.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: CUBE-PC\Administrator
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.299.2860.0, AS: 1.299.2860.0, NIS: 1.299.2860.0
Verze modulu: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-09-08 10:24:54.106
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Ransom:Win32/Higuniel.A
ID: 2147725777
Závažnost: Vážné
Kategorie: Ransomware
Cesta: file:_C:\Users\Administrator\Desktop\EncryptionChecker.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: CUBE-PC\Administrator
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.299.2860.0, AS: 1.299.2860.0, NIS: 1.299.2860.0
Verze modulu: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-09-10 22:58:53.553
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 0.0.0.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 0.0.0.0
Kód chyby: 0x8024402c
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2019-09-10 22:33:53.260
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 0.0.0.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 0.0.0.0
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2019-09-10 22:33:53.259
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 0.0.0.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 0.0.0.0
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2019-09-10 22:33:53.258
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 0.0.0.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 0.0.0.0
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2019-09-10 22:33:53.247
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 0.0.0.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 0.0.0.0
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

==================== Memory info ===========================

BIOS: FUJITSU // American Megatrends Inc. V4.6.5.3 R1.19.0 for D3161-A1x 12/17/2012
Motherboard: FUJITSU D3161-A1
Processor: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
Percentage of memory in use: 15%
Total physical RAM: 16231.55 MB
Available physical RAM: 13676.03 MB
Total Virtual: 32615.55 MB
Available Virtual: 30183.84 MB

==================== Drives ================================

Drive a: () (Fixed) (Total:0.53 GB) (Free:0.08 GB) NTFS
Drive c: () (Fixed) (Total:465.23 GB) (Free:315.74 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (ESD-USB) (Removable) (Total:7.6 GB) (Free:0.92 GB) FAT32


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 42A6D53C)
Partition 1: (Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=541 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 7.6 GB) (Disk ID: 31507526)
Partition 1: (Active) - (Size=7.6 GB) - (Type=0C)

==================== End of Addition.txt ============================

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o kontrolu logu - ransomware

#2 Příspěvek od Conder »

Ahoj :)

:arrow: Jedna sa o PC po utoku ransomware? Prisiel si o nejake subory alebo si mal zalohu?

:arrow: Urob v Malwarebytes uplny sken
  • Stiahni a nainstaluj Malwarebytes (MB/MBAM): https://www.malwarebytes.com/mwb-download/thankyou/
  • Otvor Malwarebytes a vlavo klikni na "Skenovat"
  • Klikni na "Vlastne skenovanie" a potom na "Nakonfigurovat skenovanie" (Nastavit sken)
  • Vpravo oznac vsetky disky v PC a vlavo oznac moznost "Vyhladavat rootkity"
  • Klikni na Skenovat teraz a pockaj na dokoncenie
  • Po dokonceni klikni na Exportovat zhrnutie -> Skopirovat do schranky
  • Skopirovany log vloz do dalsej odpovede
  • Obrazkovy navod (bohuzial pre starsiu verziu): https://forum.viry.cz/viewtopic.php?f=29&t=144868
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

nowas
Návštěvník
Návštěvník
Příspěvky: 20
Registrován: 05 úno 2006 02:54

Re: Prosím o kontrolu logu - ransomware

#3 Příspěvek od nowas »

Asi ano. To nejdulezitejsi jsem samozrejme zazalohovany nemel, ale zda se ze to nebylo zasifrovano.
Jinak jsem musel obnovovat zavadeni windows, aby me vubec najeli a vytvoril se mi tam disk A s info souborem o zasifrovani.

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 11.09.19
Čas skenování: 0:14
Logovací soubor: 5dab6e24-d418-11e9-906b-001999fdab43.json

-Informace o softwaru-
Verze: 3.8.3.2965
Verze komponentů: 1.0.613
Aktualizovat verzi balíku komponent: 1.0.12405
Licence: Bezplatný

-Systémová informace-
OS: Windows 10 (Build 18362.295)
CPU: x64
Systém souborů: NTFS
Uživatel: CUBE-PC\San

-Shrnutí skenování-
Typ skenování: Vlastní skenování
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 612868
Zjištěné hrozby: 1
Hrozby umístěné do karantény: 1
Uplynulý čas: 8 hod, 19 min, 19 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 1
RiskWare.NetTool, C:\EXPLOIT.EXE.[BFEBFBFF000306A9][RECOVERDATASUPPORT@COCK.LI], Smazání při restartu, [5912], [714471],1.0.12405

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o kontrolu logu - ransomware

#4 Příspěvek od Conder »

:arrow: Stiahni TDSSKiller: http://www.bleepingcomputer.com/download/tdsskiller/
  • Uloz na plochu a spusti ako spravca
  • Potvrd licencne podmienky
  • Klikni na Change parameters a zaskrtni "Loaded modules"
  • Potvrd restart PC
  • Po restartovani klikni na "Start Scan"
  • V pripade nalezu vyber u vsetkych nalezov "Skip" a klikni na "Continue"
  • Klikni na "Report" (vpravo hore) a tento log sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

nowas
Návštěvník
Návštěvník
Příspěvky: 20
Registrován: 05 úno 2006 02:54

Re: Prosím o kontrolu logu - ransomware

#5 Příspěvek od nowas »

prikladam v souboru
Přílohy
report_tdsskiller.zip
(143.78 KiB) Staženo 62 x

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o kontrolu logu - ransomware

#6 Příspěvek od Conder »

OK, preistotu este urob sken cez Kaspersky Virus Removal Tool (KVRT): https://www.kaspersky.com/downloads/tha ... moval-tool
Klikni na "Change Parameters" a oznac moznost "System Drive"
Klikin na "Start Scan" a pockaj na dokoncenie
V pripade nalezov urob screenshot a posli v dalsom prispevku (nakolko KVRT neumoznuje vytvorit skopirovatelny log)
Nalezy potom nechaj zmazat - klikni na "Neutralize all" a nasledne na "Continue"
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Odpovědět