Prosím o kontrolu logů

Zpráva

Bubenos · #1 Příspěvek od **Bubenos** » 26 pro 2019 11:28

Prosím o kontrolu logů, můj počítač byl s největší pravděpodobností napaden Malwarem - nebo třetí stranou. Děkuji

Logfile of random's system information tool 1.10 (written by random/random)
Run by dbube at 2019-12-26 11:30:16
Microsoft Windows 10 Home
System drive C: has 66 GB (58%) free of 114 GB
Total RAM: 16327 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:30:21, on 26.12.2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.18362.0001)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Users\dbube\AppData\Local\Temp\Temp1_BakkesModInjector.zip\BakkesMod.exe
C:\Program Files\trend micro\dbube.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [BakkesMod] "C:\Users\dbube\AppData\Local\Temp\Temp1_BakkesModInjector.zip\BakkesMod.exe"
O4 - HKCU\..\Run: [qBittorrent] "C:\Program Files\qBittorrent\qbittorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_506716b - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\elevation_service.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem9.inf,%SocketHECIServiceName%;Intel(R) Capability Licensing Service TCP IP Interface (Intel(R) Capability Licensing Service TCP IP Interface) - Intel(R) Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe
O23 - Service: @oem9.inf,%TPMProvisioningServiceName%;Intel(R) TPM Provisioning Service (Intel(R) TPM Provisioning Service) - Intel(R) Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7680 bytes

======Listing Processes======

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p -s PlugPlay
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
"fontdrvhost.exe"
C:\WINDOWS\system32\svchost.exe -k RPCSS -p
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p -s LSM
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s Schedule
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s hidserv
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s ProfSvc
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
C:\WINDOWS\system32\svchost.exe -k LocalService -p
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s UserManager
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s nsi
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s EventSystem
C:\WINDOWS\System32\svchost.exe -k netsvcs -p -s Themes
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s SysMain
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp

C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s SENS
C:\WINDOWS\System32\svchost.exe -k NetworkService -p -s NlaSvc
C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s Dnscache
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s FontCache
C:\WINDOWS\System32\svchost.exe -k LocalService -p -s netprofm
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TabletInputService
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s TokenBroker
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s StateRepository
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
C:\WINDOWS\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s Winmgmt
"C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s CryptSvc
C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS
C:\WINDOWS\System32\svchost.exe -k NetworkService -p -s TapiSrv
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s LanmanServer
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s WpnService

C:\WINDOWS\system32\svchost.exe -k LocalService -p -s SstpSvc
C:\WINDOWS\System32\svchost.exe -k NetSvcs -p -s iphlpsvc
C:\WINDOWS\System32\svchost.exe -k LocalService -p -s WdiServiceHost
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s CDPSvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
C:\WINDOWS\System32\svchost.exe -k netsvcs -p
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s BthAvctpSvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV

C:\WINDOWS\System32\svchost.exe -k LocalService -p -s LicenseManager
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s Appinfo
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc

C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s UsoSvc

C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s lfsvc
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s QWAVE
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc

C:\WINDOWS\System32\WinLogon.exe -SpecialSession
"fontdrvhost.exe"
"dwm.exe"
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -f "C:\ProgramData\NVIDIA\DisplaySessionContainer%d.log" -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\Session" -r -l 3 -p 30000 -c
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
"C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -f "C:\ProgramData\NVIDIA\NvContainerUser%dSPUser.log" -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\SPUser" -r -l 3 -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" -c
"C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -f "C:\ProgramData\NVIDIA\NvContainerUser%d.log" -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\User" -r -l 3 -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" -c
sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup -s WpnUserService
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\WINDOWS\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
"C:\WINDOWS\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"ctfmon.exe"
"C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.55.131.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe" -ServerName:SkypeBackgroundHost
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.55.131.0_x64__kzf8qxf38zg5c\SkypeApp.exe" -ServerName:App.AppXffn3yxqvgawq9fpmnhy90fr3y01d1t5b.mca
"C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19112.111.0_x64__8wekyb3d8bbwe\YourPhone.exe" -ServerName:App.AppX9yct9q388jvt4h7y0gn06smzkxcsnt8m.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe" index.js
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe"
"C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe"
"C:\Windows\System32\SecurityHealthSystray.exe"
"C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe" --type=gpu-process --field-trial-handle=1948,10479702090428382420,14082831514044919577,131072 --disable-features=VizDisplayCompositor --no-sandbox --log-file="C:\Users\dbube\AppData\Local\NVIDIA Corporation\NVIDIA Share\debug.log" --lang=en-US --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --log-file="C:\Users\dbube\AppData\Local\NVIDIA Corporation\NVIDIA Share\debug.log" --service-request-channel-token=5975979298307026464 --mojo-platform-channel-handle=2080 /prefetch:2
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe" --type=renderer --no-sandbox --autoplay-policy=no-user-gesture-required --log-file="C:\Users\dbube\AppData\Local\NVIDIA Corporation\NVIDIA Share\debug.log" --field-trial-handle=1948,10479702090428382420,14082831514044919577,131072 --disable-features=VizDisplayCompositor --service-pipe-token=10401102824965717055 --lang=en-US --log-file="C:\Users\dbube\AppData\Local\NVIDIA Corporation\NVIDIA Share\debug.log" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10401102824965717055 --renderer-client-id=3 --mojo-platform-channel-handle=2576 /prefetch:1
"C:\Users\dbube\AppData\Local\Temp\Temp1_BakkesModInjector.zip\BakkesMod.exe"
"C:\Program Files\qBittorrent\qbittorrent.exe"
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe" -ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca
C:\Windows\System32\CompPkgSrv.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19101.10711.0_x64__8wekyb3d8bbwe\Music.UI.exe" -ServerName:Microsoft.ZuneMusic.AppX48dcrcgzqqdshm3kf61t0cm5e9pyd6h6.mca
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
"C:\WINDOWS\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe" -ServerName:App.AppXagta193n5rpf7mheremt3yyfa1g555vc.mca
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19081.22010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\dbube\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\dbube\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\dbube\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=79.0.3945.88 --initial-client-data=0xbc,0xc0,0xc4,0xb8,0xc8,0x7ffdfa97dd08,0x7ffdfa97dd18,0x7ffdfa97dd28
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=11032 --on-initialized-event-handle=64 --parent-handle=476 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1536,8568167889845792987,17554089207573142126,131072 --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=8938553765363163929 --mojo-platform-channel-handle=1552 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1536,8568167889845792987,17554089207573142126,131072 --lang=cs --service-sandbox-type=network --enable-audio-service-sandbox --service-request-channel-token=18243826042288453320 --mojo-platform-channel-handle=1792 /prefetch:8
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1536,8568167889845792987,17554089207573142126,131072 --lang=cs --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=963610068381292174 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1536,8568167889845792987,17554089207573142126,131072 --lang=cs --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=18368132443751016736 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1536,8568167889845792987,17554089207573142126,131072 --lang=cs --extension-process --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6933531572158158635 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1456 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1536,8568167889845792987,17554089207573142126,131072 --lang=cs --service-sandbox-type=audio --enable-audio-service-sandbox --service-request-channel-token=15819132256581178587 --mojo-platform-channel-handle=2836 --ignored=" --type=renderer " /prefetch:8
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1536,8568167889845792987,17554089207573142126,131072 --lang=cs --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8069509798443169167 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2504 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1536,8568167889845792987,17554089207573142126,131072 --lang=cs --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2613341885140937705 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1536,8568167889845792987,17554089207573142126,131072 --lang=cs --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5895359645632717377 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1536,8568167889845792987,17554089207573142126,131072 --lang=cs --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3552025137480952634 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1536,8568167889845792987,17554089207573142126,131072 --lang=cs --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10515606117655985354 --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2512 /prefetch:1

C:\WINDOWS\system32\svchost.exe -k appmodel -p -s camsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wlidsvc
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1536,8568167889845792987,17554089207573142126,131072 --lang=cs --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14670407658370980233 --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1536,8568167889845792987,17554089207573142126,131072 --lang=cs --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14334068175565169458 --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1536,8568167889845792987,17554089207573142126,131072 --lang=cs --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7006340223483662577 --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1536,8568167889845792987,17554089207573142126,131072 --lang=cs --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5072720740433398967 --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe141_ Global\UsGthrCtrlFltPipeMssGthrPipe141 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 768 772 780 8192 776
C:\Windows\System32\smartscreen.exe -Embedding
C:\WINDOWS\system32\AUDIODG.EXE 0x45c
"C:\Users\dbube\Desktop\RSITx64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\WINDOWS\tasks\Intel PTT EK Recertification.job - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\WINDOWS\system32\SecurityHealthSystray.exe [2019-03-19 84992]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2019-04-01 9270776]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2019-12-16 3288016]
"BakkesMod"=C:\Users\dbube\AppData\Local\Temp\Temp1_BakkesModInjector.zip\BakkesMod.exe [2019-08-28 11271168]
"qBittorrent"=C:\Program Files\qBittorrent\qbittorrent.exe [2019-12-03 25273856]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CBDHSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CBDHSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinQuic]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"aux"=wdmaud.drv
"midi"=wdmaud.drv
"midimapper"=midimap.dll
"mixer"=wdmaud.drv
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wave"=wdmaud.drv
"wavemapper"=msacm32.drv
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2019-12-26 11:30:16 ----D---- C:\rsit
2019-12-26 11:30:16 ----D---- C:\Program Files\trend micro
2019-12-14 22:12:55 ----D---- C:\Users\dbube\AppData\Roaming\qBittorrent
2019-12-14 22:12:51 ----D---- C:\Program Files\qBittorrent
2019-12-13 17:03:38 ----A---- C:\WINDOWS\system32\HologramCompositor.dll
2019-12-13 17:03:38 ----A---- C:\WINDOWS\system32\DolbyDecMFT.dll
2019-12-13 17:03:37 ----A---- C:\WINDOWS\system32\msmpeg2vdec.dll
2019-12-13 17:03:37 ----A---- C:\WINDOWS\system32\mfcore.dll
2019-12-13 17:03:37 ----A---- C:\WINDOWS\system32\Hydrogen.dll
2019-12-13 17:03:36 ----A---- C:\WINDOWS\SYSWOW64\Windows.Mirage.Internal.dll
2019-12-13 17:03:36 ----A---- C:\WINDOWS\SYSWOW64\Chakrathunk.dll
2019-12-13 17:03:36 ----A---- C:\WINDOWS\SYSWOW64\Chakradiag.dll
2019-12-13 17:03:36 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2019-12-13 17:03:35 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2019-12-13 17:03:35 ----A---- C:\WINDOWS\system32\rdpudd.dll
2019-12-13 17:03:35 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2019-12-13 17:03:35 ----A---- C:\WINDOWS\system32\Chakrathunk.dll
2019-12-13 17:03:35 ----A---- C:\WINDOWS\system32\Chakradiag.dll
2019-12-13 17:03:35 ----A---- C:\WINDOWS\system32\Chakra.dll
2019-12-13 17:03:35 ----A---- C:\WINDOWS\system32\fhcfg.dll
2019-12-13 17:03:35 ----A---- C:\WINDOWS\system32\drivers\udfs.sys
2019-12-13 17:03:35 ----A---- C:\WINDOWS\system32\drivers\rdpvideominiport.sys
2019-12-13 17:03:35 ----A---- C:\WINDOWS\system32\drivers\cdfs.sys
2019-12-13 17:03:33 ----A---- C:\WINDOWS\SYSWOW64\Windows.Internal.Management.dll
2019-12-13 17:03:33 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2019-12-13 17:03:33 ----A---- C:\WINDOWS\SYSWOW64\t2embed.dll
2019-12-13 17:03:33 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2019-12-13 17:03:33 ----A---- C:\WINDOWS\SYSWOW64\GdiPlus.dll
2019-12-13 17:03:33 ----A---- C:\WINDOWS\SYSWOW64\gdi32full.dll
2019-12-13 17:03:33 ----A---- C:\WINDOWS\SYSWOW64\DMAlertListener.ProxyStub.dll
2019-12-13 17:03:33 ----A---- C:\WINDOWS\system32\tcbloader.dll
2019-12-13 17:03:33 ----A---- C:\WINDOWS\system32\securekernel.exe
2019-12-13 17:03:33 ----A---- C:\WINDOWS\system32\hvix64.exe
2019-12-13 17:03:33 ----A---- C:\WINDOWS\system32\hvax64.exe
2019-12-13 17:03:32 ----A---- C:\WINDOWS\SYSWOW64\oleaut32.dll
2019-12-13 17:03:32 ----A---- C:\WINDOWS\SYSWOW64\lpk.dll
2019-12-13 17:03:32 ----A---- C:\WINDOWS\SYSWOW64\fontsub.dll
2019-12-13 17:03:32 ----A---- C:\WINDOWS\SYSWOW64\fontdrvhost.exe
2019-12-13 17:03:32 ----A---- C:\WINDOWS\SYSWOW64\dciman32.dll
2019-12-13 17:03:31 ----A---- C:\WINDOWS\SYSWOW64\windows.storage.dll
2019-12-13 17:03:31 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2019-12-13 17:03:31 ----A---- C:\WINDOWS\SYSWOW64\Windows.Devices.Enumeration.dll
2019-12-13 17:03:31 ----A---- C:\WINDOWS\SYSWOW64\Windows.Data.Pdf.dll
2019-12-13 17:03:31 ----A---- C:\WINDOWS\SYSWOW64\win32u.dll
2019-12-13 17:03:31 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2019-12-13 17:03:31 ----A---- C:\WINDOWS\SYSWOW64\win32k.sys
2019-12-13 17:03:31 ----A---- C:\WINDOWS\SYSWOW64\user32.dll
2019-12-13 17:03:31 ----A---- C:\WINDOWS\SYSWOW64\msctf.dll
2019-12-13 17:03:31 ----A---- C:\WINDOWS\SYSWOW64\CloudExperienceHostCommon.dll
2019-12-13 17:03:30 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2019-12-13 17:03:30 ----A---- C:\WINDOWS\system32\wow64win.dll
2019-12-13 17:03:30 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-12-13 17:03:30 ----A---- C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-12-13 17:03:30 ----A---- C:\WINDOWS\system32\vbscript.dll
2019-12-13 17:03:30 ----A---- C:\WINDOWS\system32\t2embed.dll
2019-12-13 17:03:30 ----A---- C:\WINDOWS\system32\pnidui.dll
2019-12-13 17:03:30 ----A---- C:\WINDOWS\system32\lpk.dll
2019-12-13 17:03:30 ----A---- C:\WINDOWS\system32\KernelBase.dll
2019-12-13 17:03:30 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2019-12-13 17:03:30 ----A---- C:\WINDOWS\system32\gdi32full.dll
2019-12-13 17:03:30 ----A---- C:\WINDOWS\system32\fontsub.dll
2019-12-13 17:03:30 ----A---- C:\WINDOWS\system32\fontdrvhost.exe
2019-12-13 17:03:30 ----A---- C:\WINDOWS\system32\fdProxy.dll
2019-12-13 17:03:30 ----A---- C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2019-12-13 17:03:30 ----A---- C:\WINDOWS\system32\dciman32.dll
2019-12-13 17:03:29 ----A---- C:\WINDOWS\system32\sppobjs.dll
2019-12-13 17:03:29 ----A---- C:\WINDOWS\system32\SppExtComObj.Exe
2019-12-13 17:03:29 ----A---- C:\WINDOWS\system32\services.exe
2019-12-13 17:03:29 ----A---- C:\WINDOWS\system32\oleaut32.dll
2019-12-13 17:03:29 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2019-12-13 17:03:29 ----A---- C:\WINDOWS\system32\msctf.dll
2019-12-13 17:03:29 ----A---- C:\WINDOWS\system32\drivers\ntfs.sys
2019-12-13 17:03:28 ----A---- C:\WINDOWS\system32\winresume.exe
2019-12-13 17:03:28 ----A---- C:\WINDOWS\system32\shell32.dll
2019-12-13 17:03:28 ----A---- C:\WINDOWS\system32\drivers\cldflt.sys
2019-12-13 17:03:27 ----A---- C:\WINDOWS\system32\winload.exe
2019-12-13 17:03:27 ----A---- C:\WINDOWS\system32\win32u.dll
2019-12-13 17:03:27 ----A---- C:\WINDOWS\system32\win32kfull.sys
2019-12-13 17:03:27 ----A---- C:\WINDOWS\system32\win32k.sys
2019-12-13 17:03:27 ----A---- C:\WINDOWS\system32\usosvc.dll
2019-12-13 17:03:27 ----A---- C:\WINDOWS\system32\usocoreworker.exe
2019-12-13 17:03:27 ----A---- C:\WINDOWS\system32\user32.dll
2019-12-13 17:03:27 ----A---- C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-12-13 17:03:27 ----A---- C:\WINDOWS\system32\MusNotificationUx.exe
2019-12-13 17:03:27 ----A---- C:\WINDOWS\system32\MusNotification.exe
2019-12-13 17:03:27 ----A---- C:\WINDOWS\system32\drivers\refsv1.sys
2019-12-13 17:03:26 ----A---- C:\WINDOWS\system32\windows.storage.dll
2019-12-13 17:03:26 ----A---- C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2019-12-13 17:03:26 ----A---- C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-12-13 17:03:26 ----A---- C:\WINDOWS\system32\win32kbase.sys
2019-12-13 17:03:26 ----A---- C:\WINDOWS\system32\DevQueryBroker.dll
2019-12-13 17:03:26 ----A---- C:\WINDOWS\system32\CustomInstallExec.exe
2019-12-13 17:03:26 ----A---- C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2019-12-13 17:03:26 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-12-13 17:03:26 ----A---- C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-12-13 17:03:26 ----A---- C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-12-13 17:03:25 ----A---- C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2019-12-13 17:03:25 ----A---- C:\WINDOWS\system32\Windows.Management.Service.dll
2019-12-13 17:03:25 ----A---- C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2019-12-13 17:03:25 ----A---- C:\WINDOWS\system32\printfilterpipelinesvc.exe
2019-12-13 17:03:25 ----A---- C:\WINDOWS\system32\printfilterpipelineprxy.dll
2019-12-13 17:03:25 ----A---- C:\WINDOWS\system32\drivers\fastfat.sys
2019-12-13 17:03:25 ----A---- C:\WINDOWS\system32\drivers\exfat.sys
2019-12-13 17:03:25 ----A---- C:\WINDOWS\system32\autopilotdiag.dll
2019-12-13 17:03:25 ----A---- C:\WINDOWS\system32\autopilot.dll
2019-12-13 17:03:25 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-12-13 17:03:25 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-12-10 11:03:56 ----D---- C:\WINDOWS\Panther
2019-12-06 20:30:13 ----A---- C:\WINDOWS\SYSWOW64\vulkaninfo-1-999-0-0-0.exe
2019-12-06 20:30:13 ----A---- C:\WINDOWS\SYSWOW64\vulkaninfo.exe
2019-12-06 20:30:13 ----A---- C:\WINDOWS\SYSWOW64\vulkan-1-999-0-0-0.dll
2019-12-06 20:30:13 ----A---- C:\WINDOWS\SYSWOW64\vulkan-1.dll
2019-12-06 20:30:13 ----A---- C:\WINDOWS\SYSWOW64\OpenCL.dll
2019-12-06 20:30:13 ----A---- C:\WINDOWS\SYSWOW64\nvptxJitCompiler.dll
2019-12-06 20:30:13 ----A---- C:\WINDOWS\SYSWOW64\nvofapi.dll
2019-12-06 20:30:13 ----A---- C:\WINDOWS\SYSWOW64\NvIFROpenGL.dll
2019-12-06 20:30:13 ----A---- C:\WINDOWS\SYSWOW64\NvIFR.dll
2019-12-06 20:30:13 ----A---- C:\WINDOWS\SYSWOW64\NvFBC.dll
2019-12-06 20:30:13 ----A---- C:\WINDOWS\SYSWOW64\nvfatbinaryLoader.dll
2019-12-06 20:30:13 ----A---- C:\WINDOWS\SYSWOW64\nvEncodeAPI.dll
2019-12-06 20:30:13 ----A---- C:\WINDOWS\SYSWOW64\nvcuvid.dll
2019-12-06 20:30:13 ----A---- C:\WINDOWS\SYSWOW64\nvcuda.dll
2019-12-06 20:30:13 ----A---- C:\WINDOWS\SYSWOW64\nvcompiler.dll
2019-12-06 20:30:13 ----A---- C:\WINDOWS\SYSWOW64\nvapi.dll
2019-12-06 20:30:13 ----A---- C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2019-12-06 20:30:13 ----A---- C:\WINDOWS\system32\vulkaninfo.exe
2019-12-06 20:30:13 ----A---- C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2019-12-06 20:30:13 ----A---- C:\WINDOWS\system32\vulkan-1.dll
2019-12-06 20:30:13 ----A---- C:\WINDOWS\system32\OpenCL.dll
2019-12-06 20:30:13 ----A---- C:\WINDOWS\system32\nvptxJitCompiler.dll
2019-12-06 20:30:13 ----A---- C:\WINDOWS\system32\nvofapi64.dll
2019-12-06 20:30:13 ----A---- C:\WINDOWS\system32\nvmcumd.dll
2019-12-06 20:30:13 ----A---- C:\WINDOWS\system32\NvIFROpenGL.dll
2019-12-06 20:30:13 ----A---- C:\WINDOWS\system32\NvIFR64.dll
2019-12-06 20:30:13 ----A---- C:\WINDOWS\system32\nvhdap64.dll
2019-12-06 20:30:13 ----A---- C:\WINDOWS\system32\NvFBC64.dll
2019-12-06 20:30:13 ----A---- C:\WINDOWS\system32\nvfatbinaryLoader.dll
2019-12-06 20:30:13 ----A---- C:\WINDOWS\system32\nvEncodeAPI64.dll
2019-12-06 20:30:13 ----A---- C:\WINDOWS\system32\nvdispgenco6443200.dll
2019-12-06 20:30:13 ----A---- C:\WINDOWS\system32\nvdispco6443200.dll
2019-12-06 20:30:13 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2019-12-06 20:30:13 ----A---- C:\WINDOWS\system32\nvcuda.dll
2019-12-06 20:30:13 ----A---- C:\WINDOWS\system32\nvcompiler.dll
2019-12-05 16:17:08 ----D---- C:\Program Files (x86)\Giovanni Software

======List of files/folders modified in the last 1 month======

2019-12-26 11:30:20 ----D---- C:\WINDOWS\Temp
2019-12-26 11:30:16 ----RD---- C:\Program Files
2019-12-26 11:30:15 ----D---- C:\WINDOWS\Prefetch
2019-12-26 11:27:57 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2019-12-26 11:19:47 ----D---- C:\WINDOWS\system32\SleepStudy
2019-12-26 11:01:06 ----D---- C:\Program Files (x86)\Steam
2019-12-26 10:59:00 ----D---- C:\WINDOWS\system32\sru
2019-12-26 10:39:59 ----RD---- C:\WINDOWS\Microsoft.NET
2019-12-26 09:59:57 ----D---- C:\ProgramData\NVIDIA
2019-12-25 10:14:59 ----HD---- C:\Program Files\WindowsApps
2019-12-25 10:14:58 ----D---- C:\WINDOWS\AppReadiness
2019-12-23 16:20:22 ----D---- C:\WINDOWS\system32\config
2019-12-21 12:45:29 ----D---- C:\WINDOWS\WinSxS
2019-12-16 10:30:45 ----D---- C:\WINDOWS\System32
2019-12-16 10:30:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2019-12-16 10:30:44 ----D---- C:\WINDOWS\INF
2019-12-14 22:11:48 ----D---- C:\Users\dbube\AppData\Roaming\uTorrent
2019-12-14 22:02:07 ----D---- C:\WINDOWS\system32\catroot2
2019-12-14 20:00:17 ----SD---- C:\Users\dbube\AppData\Roaming\Microsoft
2019-12-14 19:18:33 ----SHDC---- C:\WINDOWS\Installer
2019-12-13 19:25:16 ----D---- C:\Windows
2019-12-13 19:24:33 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2019-12-13 19:24:33 ----D---- C:\WINDOWS\SysWOW64
2019-12-13 19:24:33 ----D---- C:\WINDOWS\SystemResources
2019-12-13 19:24:33 ----D---- C:\WINDOWS\system32\uk-UA
2019-12-13 19:24:33 ----D---- C:\WINDOWS\system32\pl-PL
2019-12-13 19:24:33 ----D---- C:\WINDOWS\system32\migration
2019-12-13 19:24:33 ----D---- C:\WINDOWS\system32\en-US
2019-12-13 19:24:33 ----D---- C:\WINDOWS\system32\drivers
2019-12-13 19:24:33 ----D---- C:\WINDOWS\system32\cs-CZ
2019-12-13 19:24:32 ----D---- C:\WINDOWS\system32\DriverStore
2019-12-13 19:24:32 ----D---- C:\WINDOWS\system32\Boot
2019-12-13 19:24:32 ----D---- C:\WINDOWS\ShellExperiences
2019-12-13 19:24:32 ----D---- C:\WINDOWS\bcastdvr
2019-12-13 17:05:18 ----D---- C:\WINDOWS\system32\MRT
2019-12-13 17:05:16 ----AC---- C:\WINDOWS\system32\MRT.exe
2019-12-13 17:05:13 ----D---- C:\WINDOWS\CbsTemp
2019-12-11 13:38:36 ----D---- C:\WINDOWS\system32\WDI
2019-12-08 21:03:31 ----D---- C:\WINDOWS\system32\Tasks
2019-12-08 15:13:43 ----D---- C:\WINDOWS\system32\drivers\wd
2019-12-06 20:30:34 ----D---- C:\Program Files\NVIDIA Corporation
2019-12-05 16:17:08 ----RD---- C:\Program Files (x86)

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2019-04-03 1469952]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2019-03-19 56632]
R0 SgrmAgent;@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001; C:\WINDOWS\system32\drivers\SgrmAgent.sys [2019-03-19 89096]
R1 afunix;afunix; C:\WINDOWS\system32\drivers\afunix.sys [2019-03-19 40960]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2019-03-19 70456]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2019-03-19 59392]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2019-03-19 8704]
R1 MpKslDrv;MpKslDrv; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9FBA92AD-7E44-4547-BBD1-40D2AC3E869F}\MpKslDrv.sys [2019-12-14 43232]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2019-12-13 457216]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2019-03-19 53760]
R3 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\WINDOWS\system32\drivers\bindflt.sys [2019-10-09 117048]
R3 ICCWDT;@oem19.inf,%ICCWDT.SVCDESC%;Intel(R) Watchdog Timer Driver (Intel(R) WDT); C:\WINDOWS\System32\drivers\ICCWDT.sys [2019-04-03 39504]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2019-04-01 6794744]
R3 ISCT;@oem35.inf,%ISCT.DeviceDesc%;Intel(R) Smart Connect Technology Device Driver; C:\WINDOWS\System32\drivers\ISCTD64.sys [2019-04-03 47008]
R3 MEIx64;@oem9.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\system32\DRIVERS\TeeDriverW8x64.sys [2019-04-03 223832]
R3 NVHDA;@oem47.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda64v.sys [2019-10-04 237208]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_db678424d2641c3d\nvlddmkm.sys [2019-10-04 22094728]
R3 nvvad_WaveExtensible;@oem32.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\WINDOWS\system32\drivers\nvvad64v.sys [2019-03-19 69840]
R3 nvvhci;@oem17.inf,%ServiceDesc%;NVVHCI Enumerator Service; C:\WINDOWS\System32\drivers\nvvhci.sys [2019-04-17 75600]
R3 rt640x64;@oem2.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2019-02-20 1138136]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys [2019-03-19 42808]
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2019-03-19 319528]
S0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\WINDOWS\System32\drivers\iaStorAVC.sys [2019-03-19 885048]
S0 ItSas35i;ItSas35i; C:\WINDOWS\System32\drivers\ItSas35i.sys [2019-03-19 148520]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2019-03-19 124448]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2019-03-19 128528]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2019-03-19 75280]
S0 megasas35i;megasas35i; C:\WINDOWS\System32\drivers\megasas35i.sys [2019-03-19 94736]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2019-03-19 58896]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2019-03-19 68624]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2019-03-19 41784]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2019-03-19 151352]
S0 SmartSAMD;SmartSAMD; C:\WINDOWS\System32\drivers\SmartSAMD.sys [2019-03-19 220176]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2019-03-19 20992]
S3 Acx01000;@%SystemRoot%\system32\drivers\Acx01000.sys,-1000; C:\WINDOWS\system32\drivers\Acx01000.sys [2019-03-19 337920]
S3 amdgpio2;@amdgpio2.inf,%GPIO.SvcDesc%;AMD GPIO Client Driver; C:\WINDOWS\System32\drivers\amdgpio2.sys [2019-03-19 18432]
S3 amdi2c;@amdi2c.inf,%amdi2c.SVCDESC%;AMD I2C Controller Service; C:\WINDOWS\System32\drivers\amdi2c.sys [2019-03-19 37888]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2019-11-15 18432]
S3 BthA2dp;@microsoft_bluetooth_a2dp.inf,%BthA2dp.ServiceDescription%;Microsoft Bluetooth A2dp driver; C:\WINDOWS\System32\drivers\BthA2dp.sys [2019-09-12 231936]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\WINDOWS\System32\drivers\BthEnum.sys [2019-11-15 114688]
S3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2019-03-19 97280]
S3 BthMini;@bth.inf,%BTHMINI.SvcDesc%;Bluetooth Radio Driver; C:\WINDOWS\System32\drivers\BTHMINI.sys [2019-11-15 36864]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\WINDOWS\System32\drivers\BTHport.sys [2019-11-15 1428992]
S3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\WINDOWS\System32\drivers\BTHUSB.sys [2019-11-15 98304]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2019-03-19 43008]
S3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2019-03-19 64312]
S3 dg_ssudbus;@oem18.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2016-09-05 131712]
S3 DM150Drv;DM150Drv; C:\WINDOWS\System32\drivers\DM150Drv.sys [2010-07-30 24312]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\DriverStore\FileRepository\genericusbfn.inf_amd64_b9c53b80e63af230\genericusbfn.sys [2019-09-12 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2019-03-19 53560]
S3 hidspi;@hidspi_km.inf,%hidspi.SVCDESC%;Microsoft SPI HID Miniport Driver; C:\WINDOWS\System32\drivers\hidspi.sys [2019-10-09 64000]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2019-11-15 84488]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2019-03-19 28672]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2019-03-19 1866768]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2019-03-19 36352]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2019-03-19 91136]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2019-03-19 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2019-03-19 93184]
S3 iaLPSS2i_GPIO2_CNL;@iaLPSS2i_GPIO2_CNL.inf,%iaLPSS2i_GPIO2_CNL.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_CNL.sys [2019-03-19 112128]
S3 iaLPSS2i_GPIO2_GLK;@iaLPSS2i_GPIO2_GLK.inf,%iaLPSS2i_GPIO2_GLK.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_GLK.sys [2019-03-19 96256]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2019-03-19 171520]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2019-03-19 175104]
S3 iaLPSS2i_I2C_CNL;@iaLPSS2i_I2C_CNL.inf,%iaLPSS2i_I2C_CNL.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_CNL.sys [2019-03-19 180736]
S3 iaLPSS2i_I2C_GLK;@iaLPSS2i_I2C_GLK.inf,%iaLPSS2i_I2C_GLK.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_GLK.sys [2019-03-19 177664]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2019-03-19 566800]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2019-03-19 46592]
S3 intelpmax;@intelpmax.inf,%SvcDesc%;Intel Power Limit Driver; C:\WINDOWS\System32\drivers\intelpmax.sys [2019-03-19 28672]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2019-03-19 54584]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2019-03-19 535864]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2019-03-19 62264]
S3 MbbCx;MBB Network Adapter Class Extension; C:\WINDOWS\system32\drivers\MbbCx.sys [2019-11-15 359424]
S3 Microsoft_Bluetooth_AvrcpTransport;@microsoft_bluetooth_avrcptransport.inf,%Microsoft_Bluetooth_AvrcpTransport.ServiceDescription%;Microsoft Bluetooth Avrcp Transport Driver; C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys [2019-03-19 64512]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2019-03-19 1150480]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2019-03-19 153616]
S3 NDKPing;NDKPing Driver; C:\WINDOWS\system32\drivers\NDKPing.sys [2019-03-19 63488]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2019-03-19 187904]
S3 nvdimm;@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver; C:\WINDOWS\System32\drivers\nvdimm.sys [2019-03-19 158520]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM; C:\WINDOWS\System32\drivers\nvoclk64.sys [2009-09-15 42088]
S3 NvStreamKms;NVIDIA KMS; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2019-07-23 30336]
S3 PktMon;Packet Monitor Driver; C:\WINDOWS\system32\drivers\PktMon.sys [2019-03-19 96056]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2019-03-19 127800]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2019-03-19 17408]
S3 portcfg;portcfg; C:\WINDOWS\System32\drivers\portcfg.sys [2019-03-19 25600]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2019-12-13 986936]
S3 Revoflt;Revoflt; C:\WINDOWS\system32\DRIVERS\revoflt.sys [2016-12-21 40240]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2019-03-19 211456]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2019-03-19 113152]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2019-03-19 33592]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2019-03-19 76088]
S4 hvcrash;hvcrash; C:\WINDOWS\System32\drivers\hvcrash.sys [2019-03-19 32568]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
R2 CDPUserSvc_506716b;Uživatelská služba platformy připojených zařízení_506716b; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2019-03-19 53744]
R2 DispBrokerDesktopSvc;@%SystemRoot%\system32\dispbroker.desktop.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-03-19 53744]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\WINDOWS\System32\svchost.exe [2019-03-19 53744]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2019-08-27 860016]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2019-10-02 781680]
R2 OneSyncSvc_506716b;Hostitel synchronizace_506716b; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
R2 SgrmBroker;@%SystemRoot%\System32\SgrmBroker.exe,-100; C:\WINDOWS\system32\SgrmBroker.exe [2019-03-19 263904]
R3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
R3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
R3 cbdhsvc_506716b;Uživatelská služba schránky_506716b; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
R3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2019-03-19 53744]
R3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2019-03-19 53744]
R3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-03-19 53744]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-03-19 53744]
R3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
R3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
R3 PimIndexMaintenanceSvc_506716b;Data kontaktů_506716b; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
R3 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2019-09-12 913168]
R3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2019-05-21 154920]
S2 Intel(R) TPM Provisioning Service;@oem9.inf,%TPMProvisioningServiceName%;Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [2019-04-03 737552]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-03-19 53744]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 AarSvc;@%SystemRoot%\system32\AarSvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 AarSvc_506716b;Agent Activation Runtime_506716b; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 autotimesvc;@%SystemRoot%\System32\autotimesvc.dll,-6; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 BcastDVRUserService_506716b;Uživatelská služba pro GameDVR a vysílání her_506716b; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 BluetoothUserService_506716b;Služba pro podporu uživatelů Bluetooth_506716b; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 CaptureService;@%SystemRoot%\system32\CaptureService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 CaptureService_506716b;CaptureService_506716b; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 cbdhsvc;@%SystemRoot%\system32\cbdhsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 ConsentUxUserSvc;@%SystemRoot%\system32\ConsentUxClient.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 ConsentUxUserSvc_506716b;ConsentUX_506716b; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 CredentialEnrollmentManagerUserSvc;@%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100; C:\WINDOWS\system32\CredentialEnrollmentManager.exe [2019-03-19 380120]
S3 CredentialEnrollmentManagerUserSvc_506716b;CredentialEnrollmentManagerUserSvc_506716b; C:\WINDOWS\system32\CredentialEnrollmentManager.exe [2019-03-19 380120]
S3 DeviceAssociationBrokerSvc;@%SystemRoot%\system32\deviceaccess.dll,-107; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 DeviceAssociationBrokerSvc_506716b;DeviceAssociationBroker_506716b; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 DevicePickerUserSvc_506716b;DevicePicker_506716b; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 DevicesFlowUserSvc_506716b;Tok zařízení_506716b; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2019-09-12 97792]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-03-19 53744]
S3 DisplayEnhancementService;@%SystemRoot%\System32\Microsoft.Graphics.Display.DisplayEnhancementService.dll,-1000; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2019-03-19 53744]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2019-08-19 43704]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-03-19 53744]
S3 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\elevation_service.exe [2019-12-14 1113072]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-03-19 53744]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2019-05-21 154920]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 Intel(R) Capability Licensing Service TCP IP Interface;@oem9.inf,%SocketHECIServiceName%;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [2019-04-03 761088]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\WINDOWS\System32\svchost.exe [2019-03-19 53744]
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 MessagingService_506716b;Služba zasílání zpráv_506716b; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2019-03-19 53744]
S3 NvContainerNetworkService;NVIDIA NetworkService Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2019-08-27 860016]
S3 perceptionsimulation;@%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101; C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe [2019-03-19 103424]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 PrintWorkflowUserSvc_506716b;PrintWorkflow_506716b; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-03-19 53744]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2019-03-19 53744]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2019-03-19 53744]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2019-03-19 1264128]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2019-03-19 53744]
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\WINDOWS\system32\spectrum.exe [2019-08-19 986112]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-03-19 53744]
S4 ssh-agent;OpenSSH Authentication Agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [2019-03-19 384512]

-----------------EOF-----------------

Bubenos · #2 Příspěvek od **Bubenos** » 26 pro 2019 11:32

Příkládám dále logy z FRST

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-12-2019
Ran by dbube (26-12-2019 11:34:20)
Running from C:\Users\dbube\Desktop
Windows 10 Home Version 1903 18362.535 (X64) (2019-08-19 14:53:00)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1558997955-55845073-2629518697-500 - Administrator - Disabled)
dbube (S-1-5-21-1558997955-55845073-2629518697-1001 - Administrator - Enabled) => C:\Users\dbube
DefaultAccount (S-1-5-21-1558997955-55845073-2629518697-503 - Limited - Disabled)
Guest (S-1-5-21-1558997955-55845073-2629518697-501 - Limited - Disabled)
Vlasťule (S-1-5-21-1558997955-55845073-2629518697-1002 - Administrator - Enabled) => C:\Users\Vlasťule
WDAGUtilityAccount (S-1-5-21-1558997955-55845073-2629518697-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Aktualizace NVIDIA 38.0.1.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 38.0.1.0 - NVIDIA Corporation) Hidden
Ashampoo Burning Studio 20 (HKLM-x32\...\{91B33C97-155F-C10C-D4D6-CABA03805EE4}_is1) (Version: 20.0.4 - Ashampoo GmbH & Co. KG)
Auto Keys 1.0 (HKLM-x32\...\Auto Keys) (Version: - )
Far Cry 5 (HKLM-x32\...\{73B938C4-0DDA-448D-8E46-87401EA87339}_is1) (Version: - Ubisoft)
FiveM (HKU\S-1-5-21-1558997955-55845073-2629518697-1001\...\CitizenFX_FiveM) (Version: - The CitizenFX Collective)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
LibreOffice 6.2.5.2 (HKLM\...\{207F3229-8AA5-4544-BDB7-7995538A5ED5}) (Version: 6.2.5.2 - The Document Foundation)
Microsoft OneDrive (HKU\S-1-5-21-1558997955-55845073-2629518697-1001\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NHL™ 09 (HKLM-x32\...\{827B97A9-B347-4110-9F89-37AF2B758F94}) (Version: 2.0.1.0 - Electronic Arts)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.0.118 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.0.118 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.38.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.16 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 432.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 432.00 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Ovládací panel NVIDIA 432.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 432.00 - NVIDIA Corporation) Hidden
qBittorrent 4.2.0 (HKLM-x32\...\qBittorrent) (Version: 4.2.0 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8668 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.9 - VS Revo Group, Ltd.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.4.1 - Rockstar Games)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.3.0 - TeamSpeak Systems GmbH)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

Packages:
=========
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.4.4.0_x86__kgqvnymyfvs32 [2019-12-10] (king.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.27.6.0_x86__kgqvnymyfvs32 [2019-12-13] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1661.1.0_x86__kgqvnymyfvs32 [2019-12-25] (king.com)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-05-21] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-05-21] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-10] (Microsoft Studios) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-21] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Programy\WinRar\rarext.dll -> No File
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Programy\WinRar\rarext32.dll -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-10-02] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Programy\WinRar\rarext.dll -> No File
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Programy\WinRar\rarext32.dll -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-05-21 15:16 - 2019-05-21 15:14 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1558997955-55845073-2629518697-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\dbube\Desktop\328582.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{149C46C4-381D-453B-9296-52D5A5E0BC80}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{1C6C1601-D79E-4C74-86F3-00DC335F1EEF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{15637F6B-4B83-40C3-960C-E0C198322A71}C:\users\dbube\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\dbube\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{9C6B20A8-8F7A-4212-8E69-00DA9781089B}C:\users\dbube\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\dbube\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{0B000BC4-8ABF-47B0-8F15-59D63814864C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, Inc) [File not signed]
FirewallRules: [{15740F37-7BB5-4A1C-98C0-D896A5772467}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, Inc) [File not signed]
FirewallRules: [{362F35D2-870E-41C9-B4B4-F58E51FDB4F4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DA22F86F-F0AF-4CC9-9F4B-FF99018B0984}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{228D31F2-4AD6-4EC4-8CBB-4D0D3BB38CCA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{0B0FB921-DCC7-410C-AF49-EC3DAE7923C2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{E7413426-3073-4EA1-9B95-7F493B776FAE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{A58E956B-F463-4685-A3C0-752812D3B99E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{7A32A744-0734-4C60-A2C1-1893201B447D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{FABDAE47-027A-4351-A52C-FCA20B530CD4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{FBACE972-758B-4935-B802-7AFDB52BBB62}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C9E655CE-2F29-44B2-AEBB-83DA4AFBF5E1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8E9B0424-A741-4F1F-BF6A-41AE2E01C93D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, Inc) [File not signed]
FirewallRules: [{50467687-6F59-48D6-AED6-7254B3227A99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, Inc) [File not signed]
FirewallRules: [{6C58EA4A-0C8E-4CAF-8B82-162614D5FF52}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{045AE737-974F-4CA4-993F-5436D6933BC9}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{A8F8BC4A-9B94-4F66-9891-25E12BBD4D37}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:111.08 GB) (Free:63.88 GB) (58%)

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (12/26/2019 11:25:33 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (12576,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (12/26/2019 10:45:00 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6928,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (12/26/2019 10:38:59 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6236,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (12/26/2019 10:16:32 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9984,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (12/26/2019 10:09:32 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4576,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (12/25/2019 07:57:50 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3180,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (12/25/2019 07:52:38 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9008,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (12/25/2019 06:13:31 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9556,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

System errors:
=============
Error: (12/25/2019 10:24:00 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-48MB1C3)
Description: Server Microsoft.Windows.ContentDeliveryManager_10.0.18362.449_neutral_neutral_cw5n1h2txyewy!App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/25/2019 07:52:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Steam Client Service neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (12/25/2019 07:52:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Steam Client Service bylo dosaženo časového limitu (30000 ms).

Error: (12/21/2019 07:00:48 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-48MB1C3)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/21/2019 07:00:47 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-48MB1C3)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/21/2019 07:00:47 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-48MB1C3)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/21/2019 07:00:47 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-48MB1C3)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/17/2019 03:34:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Steam Client Service neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Windows Defender:
===================================
Date: 2019-12-16 10:38:05.934
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {5E4BCB7D-E8AA-43A0-96BA-0C2E6BF6D2E7}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-12-11 14:47:52.093
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {7A8DC42B-F1B9-4A1C-9C32-D987E7E7226E}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-10-27 14:43:45.120
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {2F44AB25-C0D7-4C5E-B36A-B9821B7C48A6}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

==================== Memory info ===========================

BIOS: American Megatrends Inc. V10.0 08/30/2013
Motherboard: MSI H81M-P33 V2 (MS-7846)
Processor: Intel(R) Core(TM) i5-4430 CPU @ 3.00GHz
Percentage of memory in use: 26%
Total physical RAM: 16326.65 MB
Available physical RAM: 12072.52 MB
Total Virtual: 18758.65 MB
Available Virtual: 12412.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.08 GB) (Free:63.88 GB) NTFS
Drive d: (Disk D) (Fixed) (Total:1863.01 GB) (Free:1758.44 GB) NTFS

\\?\Volume{b2b6ce9f-0000-0000-0000-100000000000}\ () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS
\\?\Volume{b2b6ce9f-0000-0000-0000-c0d11b000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: B2B6CE9F)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=524 MB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 4A7FA3EF)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-12-2019
Ran by dbube (administrator) on DESKTOP-48MB1C3 (MSI MS-7846) (26-12-2019 11:33:18)
Running from C:\Users\dbube\Desktop
Loaded Profiles: dbube (Available Profiles: dbube & Vlasťule)
Platform: Windows 10 Home Version 1903 18362.535 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\qBittorrent\qbittorrent.exe
() [File not signed] C:\Users\dbube\AppData\Local\Temp\Temp1_BakkesModInjector.zip\BakkesMod.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19081.22010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19101.10711.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\NisSrv.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9270776 2019-04-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-21-1558997955-55845073-2629518697-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3288016 2019-12-16] (Valve -> Valve Corporation)
HKU\S-1-5-21-1558997955-55845073-2629518697-1001\...\Run: [BakkesMod] => C:\Users\dbube\AppData\Local\Temp\Temp1_BakkesModInjector.zip\BakkesMod.exe [11271168 2019-08-28] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-1558997955-55845073-2629518697-1001\...\Run: [qBittorrent] => C:\Program Files\qBittorrent\qbittorrent.exe [25273856 2019-12-03] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\Installer\chrmstp.exe [2019-12-18] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {037AE7D1-70DD-4ABB-9DB6-D95C08958643} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0CFA70AC-C341-4638-A51E-D09491DF78EF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-05-21] (Google Inc -> Google LLC)
Task: {1EB038E0-B730-4F49-8210-5EC09265DA5A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913448 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3131800F-888C-48C1-B511-2551DC73405D} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3310688 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4AC8686F-653F-474A-AA3E-F56F63A12C1D} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5331388A-6548-46ED-9444-C09111397B8E} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5D7EBD43-8ADA-4E3C-989F-EAA0013ED439} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5F2CEC35-FD4C-4E51-B813-FF00522E3438} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7AE7D57F-5228-4180-A01C-83E9BFD7B68D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-05-21] (Google Inc -> Google LLC)
Task: {82D5FFE9-EB84-4C3E-BE93-E6EB7E5C307D} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {86C3F344-6AA6-494D-986A-6FE222B34534} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {91F438F5-807F-4C42-B4CA-D86058CB6AC7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9C04EB44-1838-4BDF-BF0D-4A385F092111} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AD3B71EC-3D10-4A3C-BBFB-7B3C4580F6E1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C647EA22-0AB0-4D8B-97E0-385F891C954F} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913448 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C748CBC0-8DD3-404A-8BC1-DF8DF3FA76C3} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe [834856 2019-04-03] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {EDBD8044-1D37-4A6F-9172-DA120397BB48} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [653864 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Intel PTT EK Recertification.job => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{b7f826c6-ea01-4714-a535-4e19bd4e854c}: [DhcpNameServer] 192.168.0.1 0.0.0.0

Internet Explorer:
==================

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Profile: C:\Users\dbube\AppData\Local\Google\Chrome\User Data\Default [2019-12-26]
CHR DownloadDir: C:\Users\dbube\Desktop
CHR Extension: (Prezentace) - C:\Users\dbube\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-05-21]
CHR Extension: (Dokumenty) - C:\Users\dbube\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-05-21]
CHR Extension: (Disk Google) - C:\Users\dbube\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-05-21]
CHR Extension: (YouTube) - C:\Users\dbube\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-05-21]
CHR Extension: (Tabulky) - C:\Users\dbube\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-05-21]
CHR Extension: (Dokumenty Google offline) - C:\Users\dbube\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-05-21]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\dbube\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\dbube\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-21]
CHR Extension: (Chrome Media Router) - C:\Users\dbube\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-17]
CHR Profile: C:\Users\dbube\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-12-25]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [761088 2019-04-03] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [737552 2019-04-03] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 DM150Drv; C:\WINDOWS\System32\drivers\DM150Drv.sys [24312 2010-07-30] (Pitney Bowes -> Pitney Bowes)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2019-04-03] (Intel(R) Smart Connect software -> )
R1 MpKslDrv; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9FBA92AD-7E44-4547-BBD1-40D2AC3E869F}\MpKslDrv.sys [43232 2019-12-14] (Microsoft Windows -> Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_db678424d2641c3d\nvlddmkm.sys [22094728 2019-10-04] (NVIDIA Corporation -> NVIDIA Corporation)
S3 nvoclk64; C:\WINDOWS\System32\drivers\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corporation -> NVIDIA Corp.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-07-23] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-03-19] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1138136 2019-02-20] (Realtek Semiconductor Corp. -> Realtek )
S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64640 2016-09-05] (Samsung Electronics CO., LTD. -> QUALCOMM Incorporated)
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [70400 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45664 2019-12-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [355760 2019-12-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-08] (Microsoft Windows -> Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [51536 2019-04-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-12-26 11:33 - 2019-12-26 11:33 - 000018833 _____ C:\Users\dbube\Desktop\FRST.txt
2019-12-26 11:33 - 2019-12-26 11:33 - 000000000 ____D C:\FRST
2019-12-26 11:32 - 2019-12-26 11:32 - 002271744 _____ (Farbar) C:\Users\dbube\Desktop\FRST64.exe
2019-12-26 11:30 - 2019-12-26 11:30 - 001222144 _____ C:\Users\dbube\Desktop\RSITx64.exe
2019-12-26 11:30 - 2019-12-26 11:30 - 000000000 ____D C:\rsit
2019-12-26 11:30 - 2019-12-26 11:30 - 000000000 ____D C:\Program Files\trend micro
2019-12-25 19:51 - 2019-12-25 19:51 - 001573568 _____ C:\Users\dbube\Desktop\SteamSetup.exe
2019-12-25 12:12 - 2019-12-25 12:12 - 025763945 _____ (The qBittorrent project) C:\Users\dbube\Desktop\qbittorrent_4.2.1_x64_setup (1).exe
2019-12-25 10:23 - 2019-12-25 10:23 - 000267033 _____ C:\Users\dbube\Desktop\Návod k použití CZ.pdf
2019-12-18 17:09 - 2019-12-18 17:09 - 000119939 _____ C:\Users\dbube\Desktop\Faktura_DL_2192990278.pdf
2019-12-18 17:07 - 2019-12-18 17:07 - 025763945 _____ (The qBittorrent project) C:\Users\dbube\Desktop\qbittorrent_4.2.1_x64_setup.exe
2019-12-15 11:51 - 2019-12-15 11:51 - 000000000 ____D C:\Users\dbube\Documents\CPY_SAVES
2019-12-14 22:12 - 2019-12-26 11:32 - 000000000 ____D C:\Users\dbube\AppData\Roaming\qBittorrent
2019-12-14 22:12 - 2019-12-14 22:12 - 000000889 _____ C:\Users\Public\Desktop\qBittorrent.lnk
2019-12-14 22:12 - 2019-12-14 22:12 - 000000000 ____D C:\Users\dbube\AppData\Local\qBittorrent
2019-12-14 22:12 - 2019-12-14 22:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2019-12-14 22:12 - 2019-12-14 22:12 - 000000000 ____D C:\Program Files\qBittorrent
2019-12-14 20:08 - 2019-12-14 20:08 - 000000825 _____ C:\Users\Public\Desktop\Far Cry 5.lnk
2019-12-14 20:08 - 2019-12-14 20:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Far Cry 5
2019-12-13 17:03 - 2019-12-13 17:03 - 025443840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 009927992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-12-13 17:03 - 2019-12-13 17:03 - 007905000 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 007754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 007278592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 007263992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 006516648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 006083832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 005943296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 005914112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-12-13 17:03 - 2019-12-13 17:03 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-12-13 17:03 - 2019-12-13 17:03 - 002762296 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-12-13 17:03 - 2019-12-13 17:03 - 002698768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-12-13 17:03 - 2019-12-13 17:03 - 002494432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 002284544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 002147328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 002082208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 001757304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-12-13 17:03 - 2019-12-13 17:03 - 001748480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 001743888 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 001664904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 001656600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 001647072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 001539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 001512528 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-12-13 17:03 - 2019-12-13 17:03 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2019-12-13 17:03 - 2019-12-13 17:03 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 001399312 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-12-13 17:03 - 2019-12-13 17:03 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-12-13 17:03 - 2019-12-13 17:03 - 001261464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-12-13 17:03 - 2019-12-13 17:03 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-12-13 17:03 - 2019-12-13 17:03 - 001098928 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-12-13 17:03 - 2019-12-13 17:03 - 001066496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 001054864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 001006904 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000986936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-12-13 17:03 - 2019-12-13 17:03 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000842552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2019-12-13 17:03 - 2019-12-13 17:03 - 000822416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-12-13 17:03 - 2019-12-13 17:03 - 000797112 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000774456 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-12-13 17:03 - 2019-12-13 17:03 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000674280 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2019-12-13 17:03 - 2019-12-13 17:03 - 000673456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-12-13 17:03 - 2019-12-13 17:03 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-12-13 17:03 - 2019-12-13 17:03 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000593128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2019-12-13 17:03 - 2019-12-13 17:03 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-12-13 17:03 - 2019-12-13 17:03 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000530944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-12-13 17:03 - 2019-12-13 17:03 - 000511000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-12-13 17:03 - 2019-12-13 17:03 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000422712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-12-13 17:03 - 2019-12-13 17:03 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-12-13 17:03 - 2019-12-13 17:03 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-12-13 17:03 - 2019-12-13 17:03 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2019-12-13 17:03 - 2019-12-13 17:03 - 000210744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000127272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-12-13 17:03 - 2019-12-13 17:03 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2019-12-13 17:03 - 2019-12-13 17:03 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000067112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000032056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2019-12-13 17:03 - 2019-12-13 17:03 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2019-12-13 17:03 - 2019-12-13 17:03 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2019-12-10 11:03 - 2019-12-10 11:03 - 000000000 ____D C:\WINDOWS\Panther
2019-12-09 23:18 - 2019-12-09 23:18 - 000000000 ____D C:\Users\Vlasťule\Desktop\Mamka Album
2019-12-08 22:33 - 2019-12-08 22:33 - 000000000 ____D C:\Users\Vlasťule\AppData\Local\D3DSCache
2019-12-06 20:30 - 2019-10-04 16:55 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2019-12-06 20:30 - 2019-10-04 16:55 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo.exe
2019-12-06 20:30 - 2019-10-04 16:55 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-12-06 20:30 - 2019-10-04 16:55 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2019-12-06 20:30 - 2019-10-04 16:54 - 011059640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2019-12-06 20:30 - 2019-10-04 16:54 - 009492896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2019-12-06 20:30 - 2019-10-04 16:54 - 001006800 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2019-12-06 20:30 - 2019-10-04 16:54 - 001006800 _____ C:\WINDOWS\system32\vulkan-1.dll
2019-12-06 20:30 - 2019-10-04 16:54 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2019-12-06 20:30 - 2019-10-04 16:54 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2019-12-06 20:30 - 2019-10-04 16:54 - 000552328 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2019-12-06 20:30 - 2019-10-04 16:54 - 000456632 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2019-12-06 20:30 - 2019-10-04 16:53 - 002041784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2019-12-06 20:30 - 2019-10-04 16:53 - 001721816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6443200.dll
2019-12-06 20:30 - 2019-10-04 16:53 - 001543424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2019-12-06 20:30 - 2019-10-04 16:53 - 001472200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2019-12-06 20:30 - 2019-10-04 16:53 - 001468504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6443200.dll
2019-12-06 20:30 - 2019-10-04 16:53 - 001164160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2019-12-06 20:30 - 2019-10-04 16:53 - 001135816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2019-12-06 20:30 - 2019-10-04 16:53 - 000914336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2019-12-06 20:30 - 2019-10-04 16:53 - 000822232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2019-12-06 20:30 - 2019-10-04 16:53 - 000810456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2019-12-06 20:30 - 2019-10-04 16:53 - 000676824 _____ C:\WINDOWS\system32\nvofapi64.dll
2019-12-06 20:30 - 2019-10-04 16:53 - 000656344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2019-12-06 20:30 - 2019-10-04 16:53 - 000633728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2019-12-06 20:30 - 2019-10-04 16:53 - 000544160 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2019-12-06 20:30 - 2019-10-04 16:53 - 000523520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2019-12-06 20:30 - 2019-10-04 16:53 - 000055448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2019-12-06 20:30 - 2019-10-04 16:52 - 040412760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2019-12-06 20:30 - 2019-10-04 16:52 - 035269832 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2019-12-06 20:30 - 2019-10-04 16:52 - 020194712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2019-12-06 20:30 - 2019-10-04 16:52 - 017471576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2019-12-06 20:30 - 2019-10-04 16:52 - 005425808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2019-12-06 20:30 - 2019-10-04 16:52 - 004768160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2019-12-06 20:30 - 2019-10-04 16:51 - 004342528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2019-12-05 18:43 - 2019-12-16 15:44 - 000000000 ____D C:\Users\dbube\Desktop\Žermanice
2019-12-05 16:17 - 2019-12-05 16:17 - 000000000 ____D C:\Users\dbube\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Giovanni Software
2019-12-05 16:17 - 2019-12-05 16:17 - 000000000 ____D C:\Program Files (x86)\Giovanni Software

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-12-26 11:27 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-12-26 11:19 - 2019-08-19 15:44 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-12-26 11:01 - 2019-05-21 14:54 - 000000000 ____D C:\Program Files (x86)\Steam
2019-12-26 09:59 - 2019-05-21 14:43 - 000000000 ____D C:\ProgramData\NVIDIA
2019-12-25 22:13 - 2019-05-22 11:04 - 000000222 _____ C:\Users\dbube\Desktop\Rocket League.url
2019-12-25 19:51 - 2019-05-21 14:54 - 000001032 _____ C:\Users\Public\Desktop\Steam.lnk
2019-12-25 16:47 - 2019-05-21 14:50 - 000000000 ____D C:\Users\dbube\AppData\Local\Packages
2019-12-25 10:15 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-12-25 10:14 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-12-18 17:06 - 2019-05-21 14:52 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-12-16 10:30 - 2019-08-19 15:54 - 001693640 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-12-16 10:30 - 2019-03-19 12:55 - 000716944 _____ C:\WINDOWS\system32\perfh005.dat
2019-12-16 10:30 - 2019-03-19 12:55 - 000145024 _____ C:\WINDOWS\system32\perfc005.dat
2019-12-16 10:30 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2019-12-16 10:24 - 2019-08-19 15:52 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-12-15 11:51 - 2019-05-21 15:22 - 000000000 ____D C:\Users\dbube\Documents\My Games
2019-12-14 22:15 - 2019-03-19 05:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-12-14 22:11 - 2019-05-28 15:45 - 000000000 ____D C:\Users\dbube\AppData\Roaming\uTorrent
2019-12-14 22:11 - 2019-05-21 17:27 - 000000000 ____D C:\Users\dbube\AppData\Local\CrashDumps
2019-12-14 20:07 - 2019-11-03 17:01 - 000000093 _____ C:\Users\dbube\Desktop\Co je třeba koupit nebo zaplatit.txt
2019-12-14 19:13 - 2019-08-19 15:52 - 000003474 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2019-12-14 19:13 - 2019-08-19 15:52 - 000003350 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2019-12-13 19:25 - 2019-08-19 15:44 - 000458488 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-12-13 19:25 - 2019-05-21 14:50 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-12-13 19:25 - 2019-05-21 14:50 - 000000000 ___RD C:\Users\dbube\3D Objects
2019-12-13 19:24 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2019-12-13 19:24 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-12-13 19:24 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-12-13 17:06 - 2019-05-22 11:01 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-12-13 17:05 - 2019-05-22 11:01 - 129221664 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-12-13 17:05 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-12-09 21:56 - 2019-05-25 08:16 - 000000000 ____D C:\Users\Vlasťule\AppData\Local\Packages
2019-12-08 21:03 - 2019-08-19 15:52 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1558997955-55845073-2629518697-1002
2019-12-08 21:03 - 2019-08-19 15:47 - 000002370 _____ C:\Users\Vlasťule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-12-08 21:03 - 2019-05-25 08:17 - 000000000 ___RD C:\Users\Vlasťule\OneDrive
2019-12-08 15:13 - 2019-05-21 14:43 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-12-06 20:30 - 2019-05-21 15:21 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-11-27 16:13 - 2019-05-21 17:41 - 000000000 ____D C:\Users\dbube\AppData\Local\D3DSCache
2019-11-26 15:51 - 2019-08-19 15:52 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1558997955-55845073-2629518697-1001
2019-11-26 15:51 - 2019-08-19 15:47 - 000002361 _____ C:\Users\dbube\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-11-26 15:51 - 2019-05-21 14:51 - 000000000 ___RD C:\Users\dbube\OneDrive

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

#3 Příspěvek od **Rudy** » 26 pro 2019 12:32

ZTdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Bubenos · #4 Příspěvek od **Bubenos** » 26 pro 2019 14:02

# -------------------------------
# Malwarebytes AdwCleaner 8.0.1.0
# -------------------------------
# Build: 12-17-2019
# Database: 2019-12-17.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-26-2019
# Duration: 00:00:00
# OS: Windows 10 Home
# Cleaned: 0
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1326 octets] - [26/12/2019 14:03:53]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

#5 Příspěvek od **Rudy** » 26 pro 2019 18:53

Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Programy\WinRar\rarext.dll -> No File
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Programy\WinRar\rarext32.dll -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Programy\WinRar\rarext.dll -> No File
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Programy\WinRar\rarext32.dll -> No File
HKU\S-1-5-21-1558997955-55845073-2629518697-1001\...\Run: [BakkesMod] => C:\Users\dbube\AppData\Local\Temp\Temp1_BakkesModInjector.zip\BakkesMod.exe [11271168 2019-08-28] () [File not signed] <==== ATTENTION
Task: {7AE7D57F-5228-4180-A01C-83E9BFD7B68D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-05-21] (Google Inc -> Google LLC)
Task: {0CFA70AC-C341-4638-A51E-D09491DF78EF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-05-21] (Google Inc -> Google LLC)
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore

EmptyTemp:
End

Bubenos · #6 Příspěvek od **Bubenos** » 26 pro 2019 19:52

Dobře ale co potom s tím poznámkovým blokem ? Nějak mi chybí konec postupu

#7 Příspěvek od **Rudy** » 26 pro 2019 20:52

Promiňte zapoměl jsem zkopírovat:

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Bubenos · #8 Příspěvek od **Bubenos** » 27 pro 2019 11:05

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-12-2019
Ran by dbube (27-12-2019 10:57:38) Run:1
Running from C:\Users\dbube\Desktop
Loaded Profiles: dbube (Available Profiles: dbube & Vlasťule)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Programy\WinRar\rarext.dll -> No File
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Programy\WinRar\rarext32.dll -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Programy\WinRar\rarext.dll -> No File
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Programy\WinRar\rarext32.dll -> No File
HKU\S-1-5-21-1558997955-55845073-2629518697-1001\...\Run: [BakkesMod] => C:\Users\dbube\AppData\Local\Temp\Temp1_BakkesModInjector.zip\BakkesMod.exe [11271168 2019-08-28] () [File not signed] <==== ATTENTION
Task: {7AE7D57F-5228-4180-A01C-83E9BFD7B68D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-05-21] (Google Inc -> Google LLC)
Task: {0CFA70AC-C341-4638-A51E-D09491DF78EF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-05-21] (Google Inc -> Google LLC)
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR => removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => removed successfully
"HKU\S-1-5-21-1558997955-55845073-2629518697-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BakkesMod" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7AE7D57F-5228-4180-A01C-83E9BFD7B68D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AE7D57F-5228-4180-A01C-83E9BFD7B68D}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CFA70AC-C341-4638-A51E-D09491DF78EF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CFA70AC-C341-4638-A51E-D09491DF78EF}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 76781086 B
Java, Flash, Steam htmlcache => 392379822 B
Windows/system/drivers => 1432584 B
Edge => 1270137 B
Chrome => 424611742 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 177752 B
dbube => 15607055 B
Vlasťule => 51659950 B

RecycleBin => 275717142 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 11:00:26 ====

#9 Příspěvek od **Rudy** » 27 pro 2019 13:52

Smazáno. Žadný malware jsem nezaznamenal, mazány byly jen zbytečnosti. Nastala nějaká změna?

Bubenos · #10 Příspěvek od **Bubenos** » 27 pro 2019 16:15

Ano děkuji

#11 Příspěvek od **Rudy** » 27 pro 2019 16:50

Nemáte zač!

VIRY.CZ

Prosím o kontrolu logů

Prosím o kontrolu logů

Re: Prosím o kontrolu logů

Re: Prosím o kontrolu logů

Re: Prosím o kontrolu logů

Re: Prosím o kontrolu logů

Re: Prosím o kontrolu logů

Re: Prosím o kontrolu logů

Re: Prosím o kontrolu logů

Re: Prosím o kontrolu logů

Re: Prosím o kontrolu logů

Re: Prosím o kontrolu logů