VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Pomoc s odstraněním JS/CoinMiner.AH LOGY RSIT

https://forum.viry.cz:443/viewtopic.php?t=154861

Stránka 1 z 1

Pomoc s odstraněním JS/CoinMiner.AH LOGY RSIT

Napsal: 18 zář 2018 09:45
od KEnik
Dobrý den,
na všech počítačích s Windows 10 v lokální síti - nám vyskakuje hláška při každém spuštění prohlížečů (Firefox i Chrome.)Obrázek

V síti jsou i další PC s Win kde problem není. Ty kde ten problém je mají společný ucet pro sync na Firefoxu.

Kolega počítač už bohužel pročistil:
ESET
Malwarebytes
CCcleanerem včetně registrů

Předem díky za pomoc

FRST LOG:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.09.2018
Ran by Admin (administrator) on ADMIN-PC (18-09-2018 10:33:02)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Windows 10 Home Version 1803 17134.285 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: "kernel32::GetLongPathNameW(w R8, w .R7, i 1024)i .R6" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
() C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo) C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Users\Admin\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
() C:\Users\Admin\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\StatusAlerts\bin\HPStatusAlerts.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-05-27] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [324216 2017-12-08] (ESET)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1087960 2014-03-20] (Intel Corporation)
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313656 2013-10-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [MagicPlusHelper] => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2499240 2015-01-27] (Lenovo)
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [432776 2018-06-28] (Geek Software GmbH)
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe [8192 2013-04-29] ()
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09172018204013587\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-2547403967-366569612-2425474682-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29625472 2016-09-12] (Skype Technologies S.A.)
HKU\S-1-5-21-2547403967-366569612-2425474682-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Admin\AppData\Roaming\Seznam.cz\szninstall.exe [1069296 2018-03-27] ()
HKU\S-1-5-21-2547403967-366569612-2425474682-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Admin\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [109808 2018-03-27] ()
HKU\S-1-5-21-2547403967-366569612-2425474682-1001\...\Run: [Google Update] => C:\Users\Admin\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-16] (Google Inc.)
HKU\S-1-5-21-2547403967-366569612-2425474682-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-17] (Piriform Ltd)
HKU\S-1-5-21-2547403967-366569612-2425474682-1001\...\MountPoints2: {0ddbb37f-67d6-11e7-82d2-fcaa143088de} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2547403967-366569612-2425474682-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [804352 2018-04-12] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2017-11-23]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.20
Tcpip\..\Interfaces\{2ecf7463-c25f-4421-ace9-e81e7483848e}: [DhcpNameServer] 192.168.1.20
Tcpip\..\Interfaces\{d73f3e4d-3dba-49e7-9cbd-f4fad297583b}: [DhcpNameServer] 192.168.1.20

Internet Explorer:
==================
HKU\S-1-5-21-2547403967-366569612-2425474682-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
SearchScopes: HKU\S-1-5-21-2547403967-366569612-2425474682-1001 -> {10B30B9E-B179-4DAF-83F3-6173745ADEE1} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_28314
SearchScopes: HKU\S-1-5-21-2547403967-366569612-2425474682-1001 -> {32581500-F635-49F7-BEB0-353764B82682} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_28314
SearchScopes: HKU\S-1-5-21-2547403967-366569612-2425474682-1001 -> {3D1E74E4-F7A9-43A8-963E-FC4C9168CAC7} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_28314
SearchScopes: HKU\S-1-5-21-2547403967-366569612-2425474682-1001 -> {511AE949-4F4D-4D77-9E28-AED215573709} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_28314
SearchScopes: HKU\S-1-5-21-2547403967-366569612-2425474682-1001 -> {81B9A75E-DE17-467D-AD3F-CD4EEAA8B752} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_28314
SearchScopes: HKU\S-1-5-21-2547403967-366569612-2425474682-1001 -> {CAFDF499-7C49-4592-932C-AC96AD3D92A4} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_28314
SearchScopes: HKU\S-1-5-21-2547403967-366569612-2425474682-1001 -> {D577E34B-A738-4041-B7E2-1CFE61547FE0} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_28314
SearchScopes: HKU\S-1-5-21-2547403967-366569612-2425474682-1001 -> {DF27773A-8CFF-4851-9D6C-F4F511D12158} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_28314
SearchScopes: HKU\S-1-5-21-2547403967-366569612-2425474682-1001 -> {E83B9A84-B566-4D93-AE9E-0C7F74875DB0} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_28314
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-09-05] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-09-05] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0xxqbxdt.default [2018-09-18]
FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0xxqbxdt.default\user.js [2015-02-20]
FF Homepage: Mozilla\Firefox\Profiles\0xxqbxdt.default -> hxxp://seznam.cz/
FF Extension: (Firebug) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0xxqbxdt.default\Extensions\firebug@software.joehewitt.com.xpi [2017-03-01] [Legacy]
FF Extension: (Open in IE) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0xxqbxdt.default\Extensions\openinie@wittersworld.com.xpi [2017-09-02] [Legacy]
FF Extension: (Seznam pro Firefox - Esko) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0xxqbxdt.default\Extensions\sko-extension@firma.seznam.cz.xpi [2017-11-29]
FF Extension: (AVG SafePrice) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0xxqbxdt.default\Extensions\sp@avg.com.xpi [2016-11-18]
FF Extension: (blockcoinm) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0xxqbxdt.default\Extensions\{74b0af75-8791-44e2-95a6-7f0ab94143ec}.xpi [2018-09-17]
FF Extension: (Seznam pro Firefox - Email) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0xxqbxdt.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2017-11-04]
FF Extension: (Seznam pro Firefox - Email) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0xxqbxdt.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}.xpi [2017-10-25]
FF Extension: (Firefox Monitor) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0xxqbxdt.default\features\{7aefbc63-a6bc-4588-abe0-59948fa366a6}\fxmonitor@mozilla.org.xpi [2018-09-14]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_108.dll [2018-09-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-10] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2016-06-27] ()
FF Plugin HKU\S-1-5-21-2547403967-366569612-2425474682-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2547403967-366569612-2425474682-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2547403967-366569612-2425474682-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Admin\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-11-21] (Zoom Video Communications, Inc.)
StartMenuInternet: Firefox- - kernel32::GetLongPathNameW(w R8, w .R7, i 1024)i .R6

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.2hmoto.cz/"
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2018-09-18]
CHR Extension: (Prezentace) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-25]
CHR Extension: (Dokumenty) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-25]
CHR Extension: (Disk Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-18]
CHR Extension: (Seznam doplněk - Email) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2018-09-14]
CHR Extension: (Seznam doplněk - Esko-) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2018-09-14]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-18]
CHR Extension: (Vyhledávání Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-07]
CHR Extension: (Tabulky) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-25]
CHR Extension: (Dokumenty Google offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-14]
CHR Extension: (AVG SafePrice | Comparison, deals, coupons) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2018-09-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Seznam doplněk - Esko) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2018-09-14]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-18]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-14]
CHR HKU\S-1-5-21-2547403967-366569612-2425474682-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058416 2017-09-05] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2648184 2017-12-08] (ESET)
R2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16896 2015-04-14] () [File not signed]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2013-08-22] (HP) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 PDF24; C:\Program Files (x86)\PDF24\pdf24.exe [432776 2018-06-28] (Geek Software GmbH)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2018-03-01] (TeamViewer GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-07-31] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-07-31] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [132848 2017-12-08] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [107344 2017-03-09] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15872 2018-02-19] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180088 2017-12-08] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50752 2017-03-09] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [78192 2017-03-09] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [102160 2017-12-08] (ESET)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-07-12] (Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193256 2018-09-17] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [117472 2018-09-17] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [52328 2018-09-17] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [259360 2018-09-17] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [109872 2018-09-18] (Malwarebytes)
S3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-12] (Realtek )
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46584 2018-07-31] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [340008 2018-07-31] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-07-31] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

Error(1) reading file: "C:\Users\Admin\Desktop\krytbLRUwHFEIFcb4SwtXJsNQBXXmMPzNDl2-9LJURLNTH8gIuc3M-vahBEe4fjeVqKnSwSRuNKwiKQVKWrI4EX50npliNXfxuOcvFzMVFpSl0hecnXXA44MDBnMYJUTBysEhMFBF_KNRE3gruwEXTz0r18gCZtdoyqCX-rk-pBzg5SUFwWsaH7seXx2kzkMmFy-iXbJmsjszZ9Xr6XLFTVc_IYywYS-tzf4DSVoAPlb1-sqELDTgqT46q.htm"
2018-09-18 10:33 - 2018-09-18 10:33 - 000023345 _____ C:\Users\Admin\Desktop\FRST.txt
2018-09-18 10:32 - 2018-09-18 10:33 - 000000000 ____D C:\FRST
2018-09-18 10:30 - 2018-09-18 10:31 - 002413568 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2018-09-18 05:33 - 2018-09-18 05:33 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-09-18 05:33 - 2018-09-18 05:33 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-09-18 05:32 - 2018-09-18 05:32 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-09-18 05:31 - 2018-09-18 05:32 - 040184160 _____ (Igor Pavlov) C:\Users\Admin\Downloads\Firefox Setup 62.0.exe
2018-09-17 20:31 - 2018-09-17 20:31 - 000000000 ____D C:\Users\Admin\AppData\Local\mbam
2018-09-17 20:30 - 2018-09-18 09:50 - 000109872 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-09-17 20:30 - 2018-09-17 20:38 - 000117472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-09-17 20:30 - 2018-09-17 20:38 - 000052328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-09-17 20:30 - 2018-09-17 20:30 - 000259360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-09-17 20:30 - 2018-09-17 20:30 - 000193256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-09-17 20:30 - 2018-09-17 20:30 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-09-17 20:30 - 2018-09-17 20:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-09-17 20:30 - 2018-09-17 20:30 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-09-17 20:30 - 2018-09-17 20:30 - 000000000 ____D C:\Program Files\Malwarebytes
2018-09-17 20:30 - 2018-07-12 08:42 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-09-17 20:26 - 2018-09-17 20:29 - 081554232 _____ (Malwarebytes ) C:\Users\Admin\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.441-1.0.6859.exe
2018-09-17 20:19 - 2018-09-17 20:19 - 000153526 _____ C:\Users\Admin\Documents\cc_20180917_201946.reg
2018-09-17 20:12 - 2018-09-17 20:37 - 000000000 ____D C:\Program Files\CCleaner
2018-09-17 20:12 - 2018-09-17 20:12 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-09-17 20:12 - 2018-09-17 20:12 - 000002856 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-09-17 20:12 - 2018-09-17 20:12 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-09-17 20:12 - 2018-09-17 20:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-09-17 20:09 - 2018-09-17 20:10 - 015813864 _____ (Piriform Ltd) C:\Users\Admin\Downloads\ccsetup542.exe
2018-09-17 19:58 - 2018-09-17 19:59 - 000000000 ____D C:\AdwCleaner
2018-09-17 19:57 - 2018-09-17 19:58 - 007571152 _____ (Malwarebytes) C:\Users\Admin\Downloads\adwcleaner_7.2.3.1.exe
2018-09-17 18:20 - 2018-09-17 18:21 - 006980216 _____ (ESET spol. s r.o.) C:\Users\Admin\Downloads\esetonlinescanner_csy.exe
2018-09-17 16:18 - 2018-09-17 16:18 - 000113273 _____ C:\Users\Admin\Downloads\DPPO 2017 plná verze(1).pdf
2018-09-17 16:18 - 2018-09-17 16:18 - 000058874 _____ C:\Users\Admin\Downloads\Výkaz_zisku_a_ztráty_v_plném_rozsahu_2017.pdf
2018-09-17 16:17 - 2018-09-17 16:17 - 000049786 _____ C:\Users\Admin\Downloads\doručenka DPPO 2017.pdf
2018-09-15 14:06 - 2018-09-15 14:06 - 000009432 _____ C:\Users\Admin\Desktop\opraveno.odt
2018-09-14 16:01 - 2018-09-14 16:01 - 000008395 _____ C:\Users\Admin\Desktop\Omlouvám se předem jelikož si myslím.odt
2018-09-13 09:09 - 2018-08-31 05:42 - 007520064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-09-13 09:09 - 2018-08-31 05:28 - 006570040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-09-13 09:09 - 2018-08-31 05:26 - 025847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-09-13 09:09 - 2018-08-31 05:20 - 022715904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-09-13 09:09 - 2018-08-28 09:17 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-09-13 09:08 - 2018-08-31 09:46 - 000542504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-09-13 09:08 - 2018-08-31 09:45 - 000348328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-09-13 09:08 - 2018-08-31 09:43 - 001524152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-09-13 09:08 - 2018-08-31 09:42 - 001636232 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-09-13 09:08 - 2018-08-31 09:27 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-09-13 09:08 - 2018-08-31 09:27 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2018-09-13 09:08 - 2018-08-31 09:26 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2018-09-13 09:08 - 2018-08-31 09:25 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll
2018-09-13 09:08 - 2018-08-31 09:25 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2018-09-13 09:08 - 2018-08-31 09:24 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-09-13 09:08 - 2018-08-31 09:24 - 000482304 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2018-09-13 09:08 - 2018-08-31 09:24 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-09-13 09:08 - 2018-08-31 09:23 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-09-13 09:08 - 2018-08-31 09:23 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-09-13 09:08 - 2018-08-31 09:22 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-09-13 09:08 - 2018-08-31 09:22 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-09-13 09:08 - 2018-08-31 08:55 - 001455960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-09-13 09:08 - 2018-08-31 08:53 - 001327504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-09-13 09:08 - 2018-08-31 08:41 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-09-13 09:08 - 2018-08-31 08:41 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2018-09-13 09:08 - 2018-08-31 08:40 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll
2018-09-13 09:08 - 2018-08-31 08:37 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-09-13 09:08 - 2018-08-31 08:37 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-09-13 09:08 - 2018-08-31 08:37 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-09-13 09:08 - 2018-08-31 08:36 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-09-13 09:08 - 2018-08-31 05:50 - 000273720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-09-13 09:08 - 2018-08-31 05:50 - 000270648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-09-13 09:08 - 2018-08-31 05:44 - 001222440 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-09-13 09:08 - 2018-08-31 05:44 - 001064744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-09-13 09:08 - 2018-08-31 05:44 - 001030952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-09-13 09:08 - 2018-08-31 05:44 - 000568600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-09-13 09:08 - 2018-08-31 05:44 - 000136488 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-09-13 09:08 - 2018-08-31 05:44 - 000076256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-09-13 09:08 - 2018-08-31 05:43 - 002719216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-09-13 09:08 - 2018-08-31 05:43 - 000722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-09-13 09:08 - 2018-08-31 05:42 - 009090016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-09-13 09:08 - 2018-08-31 05:42 - 007436192 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-09-13 09:08 - 2018-08-31 05:42 - 002824672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-09-13 09:08 - 2018-08-31 05:42 - 002461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-09-13 09:08 - 2018-08-31 05:42 - 001767064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-09-13 09:08 - 2018-08-31 05:42 - 001458552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-09-13 09:08 - 2018-08-31 05:42 - 001258352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-09-13 09:08 - 2018-08-31 05:42 - 001142000 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-09-13 09:08 - 2018-08-31 05:42 - 001097720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-09-13 09:08 - 2018-08-31 05:42 - 000983080 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-09-13 09:08 - 2018-08-31 05:42 - 000885928 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-09-13 09:08 - 2018-08-31 05:42 - 000632296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
2018-09-13 09:08 - 2018-08-31 05:42 - 000604640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-09-13 09:08 - 2018-08-31 05:42 - 000527328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-09-13 09:08 - 2018-08-31 05:42 - 000494472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2018-09-13 09:08 - 2018-08-31 05:42 - 000155112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2018-09-13 09:08 - 2018-08-31 05:28 - 006043680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-09-13 09:08 - 2018-08-31 05:28 - 001989496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-09-13 09:08 - 2018-08-31 05:28 - 001514352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2018-09-13 09:08 - 2018-08-31 05:28 - 001129728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-09-13 09:08 - 2018-08-31 05:28 - 000568568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-09-13 09:08 - 2018-08-31 05:28 - 000453104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
2018-09-13 09:08 - 2018-08-31 05:28 - 000134936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2018-09-13 09:08 - 2018-08-31 05:21 - 022008320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-09-13 09:08 - 2018-08-31 05:18 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-09-13 09:08 - 2018-08-31 05:17 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-09-13 09:08 - 2018-08-31 05:17 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\netevent.dll
2018-09-13 09:08 - 2018-08-31 05:16 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-09-13 09:08 - 2018-08-31 05:16 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-09-13 09:08 - 2018-08-31 05:16 - 004382720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-09-13 09:08 - 2018-08-31 05:15 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-09-13 09:08 - 2018-08-31 05:15 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-09-13 09:08 - 2018-08-31 05:15 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-09-13 09:08 - 2018-08-31 05:15 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-09-13 09:08 - 2018-08-31 05:15 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-09-13 09:08 - 2018-08-31 05:15 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-09-13 09:08 - 2018-08-31 05:14 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-09-13 09:08 - 2018-08-31 05:14 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-09-13 09:08 - 2018-08-31 05:14 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-09-13 09:08 - 2018-08-31 05:14 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-09-13 09:08 - 2018-08-31 05:14 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-09-13 09:08 - 2018-08-31 05:13 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-09-13 09:08 - 2018-08-31 05:13 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-09-13 09:08 - 2018-08-31 05:13 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-09-13 09:08 - 2018-08-31 05:12 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-09-13 09:08 - 2018-08-31 05:12 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netevent.dll
2018-09-13 09:08 - 2018-08-31 05:11 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-09-13 09:08 - 2018-08-31 05:11 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-09-13 09:08 - 2018-08-31 05:11 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-09-13 09:08 - 2018-08-31 05:11 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-09-13 09:08 - 2018-08-31 05:11 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-09-13 09:08 - 2018-08-31 05:11 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-09-13 09:08 - 2018-08-31 05:11 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-09-13 09:08 - 2018-08-31 05:10 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-09-13 09:08 - 2018-08-31 05:10 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-09-13 09:08 - 2018-08-31 05:10 - 001375744 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-09-13 09:08 - 2018-08-31 05:10 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-09-13 09:08 - 2018-08-31 05:10 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-09-13 09:08 - 2018-08-31 05:10 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-09-13 09:08 - 2018-08-31 05:10 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-09-13 09:08 - 2018-08-31 05:10 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-09-13 09:08 - 2018-08-31 05:10 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-09-13 09:08 - 2018-08-31 05:09 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-09-13 09:08 - 2018-08-31 05:09 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-09-13 09:08 - 2018-08-31 05:08 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-09-13 09:08 - 2018-08-31 05:07 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-09-13 09:08 - 2018-08-31 05:07 - 000856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-09-13 09:08 - 2018-08-31 05:07 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-09-13 09:08 - 2018-08-31 05:06 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-09-13 09:08 - 2018-08-31 03:57 - 000001308 _____ C:\WINDOWS\system32\tcbres.wim
2018-09-13 09:08 - 2018-08-28 08:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-09-13 09:08 - 2018-08-28 08:49 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-09-13 09:08 - 2018-08-28 08:48 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2018-09-13 09:08 - 2018-08-28 08:45 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2018-09-13 09:08 - 2018-08-28 07:51 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-09-13 09:08 - 2018-08-14 04:14 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2018-09-13 09:08 - 2018-08-14 04:14 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-09-13 09:08 - 2018-08-09 11:32 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-09-13 09:08 - 2018-08-09 11:31 - 001617728 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-09-13 09:08 - 2018-08-09 11:31 - 000766872 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-09-13 09:08 - 2018-08-09 11:31 - 000253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-09-13 09:08 - 2018-08-09 11:31 - 000236624 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-09-13 09:08 - 2018-08-09 11:17 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-09-13 09:08 - 2018-08-09 11:16 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-09-13 09:08 - 2018-08-09 11:14 - 012709376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-09-13 09:08 - 2018-08-09 11:14 - 000466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2018-09-13 09:08 - 2018-08-09 11:14 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollUI.dll
2018-09-13 09:08 - 2018-08-09 11:14 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2018-09-13 09:08 - 2018-08-09 11:13 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2018-09-13 09:08 - 2018-08-09 11:13 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\certreq.exe
2018-09-13 09:08 - 2018-08-09 11:13 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-09-13 09:08 - 2018-08-09 11:13 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll
2018-09-13 09:08 - 2018-08-09 11:12 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-09-13 09:08 - 2018-08-09 11:12 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-09-13 09:08 - 2018-08-09 11:12 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-09-13 09:08 - 2018-08-09 11:11 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-09-13 09:08 - 2018-08-09 11:11 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-09-13 09:08 - 2018-08-09 11:11 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-09-13 09:08 - 2018-08-09 11:11 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-09-13 09:08 - 2018-08-09 11:11 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-09-13 09:08 - 2018-08-09 11:10 - 001557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2018-09-13 09:08 - 2018-08-09 11:10 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-09-13 09:08 - 2018-08-09 11:10 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-09-13 09:08 - 2018-08-09 11:09 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2018-09-13 09:08 - 2018-08-09 11:09 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2018-09-13 09:08 - 2018-08-09 11:09 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-09-13 09:08 - 2018-08-09 10:36 - 000660896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-09-13 09:08 - 2018-08-09 10:36 - 000221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2018-09-13 09:08 - 2018-08-09 10:24 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-09-13 09:08 - 2018-08-09 10:24 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2018-09-13 09:08 - 2018-08-09 10:23 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-09-13 09:08 - 2018-08-09 10:23 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-09-13 09:08 - 2018-08-09 10:23 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollUI.dll
2018-09-13 09:08 - 2018-08-09 10:22 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-09-13 09:08 - 2018-08-09 10:22 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-09-13 09:08 - 2018-08-09 10:22 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-09-13 09:08 - 2018-08-09 10:22 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certreq.exe
2018-09-13 09:08 - 2018-08-09 10:21 - 002894848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-09-13 09:08 - 2018-08-09 10:21 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-09-13 09:08 - 2018-08-09 10:21 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2018-09-13 09:08 - 2018-08-09 10:21 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-09-13 09:08 - 2018-08-09 10:20 - 002401792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-09-13 09:08 - 2018-08-09 10:20 - 000423424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2018-09-13 09:08 - 2018-08-09 10:20 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2018-09-13 09:08 - 2018-08-09 10:20 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2018-09-13 09:08 - 2018-08-09 10:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-09-13 09:08 - 2018-08-09 07:02 - 001035144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-09-13 09:08 - 2018-08-09 07:01 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2018-09-13 09:08 - 2018-08-09 06:55 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-09-13 09:08 - 2018-08-09 06:54 - 001019016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-09-13 09:08 - 2018-08-09 06:54 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-09-13 09:08 - 2018-08-09 06:54 - 000375704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-09-13 09:08 - 2018-08-09 06:54 - 000203568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2018-09-13 09:08 - 2018-08-09 06:54 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-09-13 09:08 - 2018-08-09 06:53 - 002765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-09-13 09:08 - 2018-08-09 06:53 - 001947720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-09-13 09:08 - 2018-08-09 06:53 - 001026456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-09-13 09:08 - 2018-08-09 06:53 - 000932136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-09-13 09:08 - 2018-08-09 06:53 - 000714792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-09-13 09:08 - 2018-08-09 06:53 - 000482480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-09-13 09:08 - 2018-08-09 06:53 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-09-13 09:08 - 2018-08-09 06:53 - 000125600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptxml.dll
2018-09-13 09:08 - 2018-08-09 06:30 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-09-13 09:08 - 2018-08-09 06:30 - 000183992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2018-09-13 09:08 - 2018-08-09 06:29 - 002253584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-09-13 09:08 - 2018-08-09 06:29 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-09-13 09:08 - 2018-08-09 06:29 - 001174552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-09-13 09:08 - 2018-08-09 06:29 - 000581696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-09-13 09:08 - 2018-08-09 06:29 - 000099208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptxml.dll
2018-09-13 09:08 - 2018-08-09 06:28 - 003395072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-09-13 09:08 - 2018-08-09 06:28 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-09-13 09:08 - 2018-08-09 06:27 - 000428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-09-13 09:08 - 2018-08-09 06:27 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2018-09-13 09:08 - 2018-08-09 06:27 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollCtrl.exe
2018-09-13 09:08 - 2018-08-09 06:26 - 000990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2018-09-13 09:08 - 2018-08-09 06:26 - 000572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2018-09-13 09:08 - 2018-08-09 06:26 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-09-13 09:08 - 2018-08-09 06:26 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-09-13 09:08 - 2018-08-09 06:26 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll
2018-09-13 09:08 - 2018-08-09 06:26 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll
2018-09-13 09:08 - 2018-08-09 06:26 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-09-13 09:08 - 2018-08-09 06:25 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-09-13 09:08 - 2018-08-09 06:25 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-09-13 09:08 - 2018-08-09 06:25 - 000797184 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2018-09-13 09:08 - 2018-08-09 06:25 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-09-13 09:08 - 2018-08-09 06:25 - 000460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2018-09-13 09:08 - 2018-08-09 06:25 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2018-09-13 09:08 - 2018-08-09 06:25 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-09-13 09:08 - 2018-08-09 06:24 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-09-13 09:08 - 2018-08-09 06:24 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-09-13 09:08 - 2018-08-09 06:23 - 003148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2018-09-13 09:08 - 2018-08-09 06:23 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-09-13 09:08 - 2018-08-09 06:23 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-09-13 09:08 - 2018-08-09 06:23 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-09-13 09:08 - 2018-08-09 06:22 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-09-13 09:08 - 2018-08-09 06:22 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-09-13 09:08 - 2018-08-09 06:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-09-13 09:08 - 2018-08-09 06:22 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2018-09-13 09:08 - 2018-08-09 06:21 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-09-13 09:08 - 2018-08-09 06:13 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-09-13 09:08 - 2018-08-09 06:13 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe
2018-09-13 09:08 - 2018-08-09 06:12 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2018-09-13 09:08 - 2018-08-09 06:11 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-09-13 09:08 - 2018-08-09 06:11 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-09-13 09:08 - 2018-08-09 06:11 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2018-09-13 09:08 - 2018-08-09 06:11 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-09-13 09:08 - 2018-08-09 06:11 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsAuth.dll
2018-09-13 09:08 - 2018-08-09 06:11 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsCfg.dll
2018-09-13 09:08 - 2018-08-09 06:11 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2018-09-13 09:08 - 2018-08-09 06:10 - 002893824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2018-09-13 09:08 - 2018-08-09 06:10 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-09-13 09:08 - 2018-08-09 06:10 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-09-13 09:08 - 2018-08-09 06:09 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-09-13 09:08 - 2018-08-09 06:09 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-09-13 09:08 - 2018-08-09 06:08 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2018-09-13 09:08 - 2018-08-09 05:08 - 000806416 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-09-13 09:08 - 2018-08-09 05:08 - 000806416 _____ C:\WINDOWS\system32\locale.nls
2018-09-12 10:42 - 2018-09-12 10:42 - 000599106 _____ C:\Users\Admin\Downloads\Doklad_2184426358.pdf
2018-09-10 09:18 - 2018-09-10 09:19 - 002104623 _____ C:\Users\Admin\Downloads\prilohy_229274.zip
2018-09-07 09:11 - 2018-09-07 09:12 - 000529743 _____ C:\Users\Admin\Downloads\Objednat_nástavec_2_Nástavec PM50 na STABIL 180mm 1,35m.pdf
2018-09-07 09:11 - 2018-09-07 09:11 - 001081060 _____ C:\Users\Admin\Downloads\Objednat_komín1_Schiedel UNI ADV 160mm 7,66 1xT45 1xT90.pdf
2018-09-07 09:11 - 2018-09-07 09:11 - 000834641 _____ C:\Users\Admin\Downloads\Objednat_komín2__Schiedel UNI ADVANCED 18 7,66 4xT90.pdf
2018-09-07 09:11 - 2018-09-07 09:11 - 000529741 _____ C:\Users\Admin\Downloads\Objednat_nástavec_1_Nástavec PM50 na STABIL 160mm 1,35m.pdf
2018-09-06 11:36 - 2018-09-06 11:36 - 000131237 _____ C:\Users\Admin\Downloads\Přijetí_zakázky_18Pro03009.pdf
2018-09-04 19:28 - 2018-09-04 19:28 - 000001398 _____ C:\Users\Admin\Downloads\VCA1009586.crt
2018-09-03 18:18 - 2018-09-03 18:18 - 000163564 _____ C:\Users\Admin\Downloads\Uvodni_9.jpg.part
2018-09-03 17:27 - 2018-09-03 17:27 - 002889278 _____ C:\Users\Admin\Downloads\ANO2011_zajecov_A2.pdf
2018-09-03 14:38 - 2018-09-03 14:38 - 000001743 _____ C:\Users\Admin\Documents\2HMOTO.pem
2018-09-03 14:36 - 2018-09-03 14:36 - 005887120 _____ C:\Users\Admin\Downloads\iSignum.exe
2018-09-03 13:09 - 2018-09-03 13:09 - 094928804 _____ C:\Users\Admin\Desktop\noviny 032018.zip
2018-09-03 09:50 - 2018-09-03 12:37 - 000000000 ____D C:\Users\Admin\Desktop\noviny 032018
2018-08-29 01:49 - 2018-08-29 01:49 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AdWords Editor
2018-08-27 20:18 - 2018-08-27 20:18 - 000011871 _____ C:\Users\Admin\Downloads\pohoda-29847-20180827-201803.xml
2018-08-19 15:21 - 2018-08-19 15:21 - 000094252 _____ C:\Users\Admin\Documents\Faktura_180400175.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-18 10:33 - 2018-05-18 10:10 - 000004196 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9E94B701-CFDB-4F6E-AB96-6EA9FC0237E3}
2018-09-18 10:23 - 2016-11-23 21:02 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla
2018-09-18 10:22 - 2018-05-18 09:48 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-09-18 10:22 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-09-18 05:33 - 2015-02-07 18:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-09-18 04:21 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2018-09-18 03:18 - 2015-02-07 17:45 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-09-17 20:51 - 2016-08-23 14:51 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2018-09-17 20:45 - 2017-04-05 19:43 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Seznam.cz
2018-09-17 20:44 - 2018-05-18 09:59 - 001692472 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-09-17 20:44 - 2018-04-12 17:50 - 000716072 _____ C:\WINDOWS\system32\perfh005.dat
2018-09-17 20:44 - 2018-04-12 17:50 - 000144864 _____ C:\WINDOWS\system32\perfc005.dat
2018-09-17 20:39 - 2017-07-10 14:21 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-09-17 20:39 - 2015-02-11 11:36 - 000026192 _____ (Windows (R) Server 2003 DDK provider) C:\WINDOWS\gdrv.sys
2018-09-17 20:39 - 2015-02-04 11:09 - 000000000 __SHD C:\Users\Admin\IntelGraphicsProfiles
2018-09-17 20:38 - 2018-05-18 10:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-09-17 20:37 - 2018-04-11 23:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-09-17 20:37 - 2017-12-13 05:15 - 000017730 _____ C:\WINDOWS\SysWOW64\PCPELog.txt
2018-09-17 20:17 - 2015-02-23 18:26 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Media Player Classic
2018-09-17 20:14 - 2018-05-12 23:15 - 000000000 ___DC C:\WINDOWS\Panther
2018-09-17 20:13 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-09-17 18:21 - 2017-04-25 16:08 - 000000000 ____D C:\Users\Admin\AppData\Local\ESET
2018-09-17 16:16 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-09-17 15:53 - 2015-03-21 19:06 - 000000000 ____D C:\Users\Admin\Desktop\2hmoto
2018-09-17 00:45 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-09-15 05:12 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-09-15 05:12 - 2017-12-05 17:34 - 000000000 ____D C:\Users\Admin\AppData\Local\Packages
2018-09-14 14:47 - 2017-12-05 17:54 - 000000000 ___RD C:\Users\Admin\3D Objects
2018-09-14 14:47 - 2016-02-13 15:12 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-09-14 14:44 - 2018-05-18 09:48 - 000407016 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ___RD C:\Program Files\Windows Defender
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-09-14 14:41 - 2018-04-11 23:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-09-12 07:46 - 2015-02-04 11:36 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-09-12 07:44 - 2015-02-04 11:36 - 139184408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-09-12 01:55 - 2018-05-18 10:10 - 000004640 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-09-12 01:55 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-09-12 01:55 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-09-11 01:19 - 2016-05-22 14:03 - 000000000 ____D C:\Users\Admin\AppData\Local\Publishers
2018-09-09 16:41 - 2018-03-06 18:39 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Brother
2018-09-07 16:02 - 2018-08-16 08:37 - 000000000 ____D C:\Users\Admin\Desktop\FOTO SBS
2018-09-06 14:34 - 2018-05-18 10:10 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2547403967-366569612-2425474682-1001
2018-09-06 14:34 - 2018-05-18 09:52 - 000002425 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-09-06 14:34 - 2015-02-07 14:59 - 000000000 ___RD C:\Users\Admin\OneDrive
2018-09-05 01:04 - 2018-07-25 11:49 - 000835144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-09-05 01:04 - 2018-07-25 11:49 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-09-03 18:43 - 2018-08-10 16:44 - 000000000 ____D C:\Users\Admin\Desktop\volby foto
2018-08-27 20:18 - 2015-04-08 18:09 - 000000000 ____D C:\Users\Admin\Downloads\Response
2018-08-27 13:00 - 2018-07-03 15:42 - 000001948 _____ C:\Users\Admin\AppData\Roaming\Doprava.UserPrint.newconfig

==================== Files in the root of some directories =======

2017-11-23 16:50 - 2017-11-23 16:50 - 000021368 _____ (Schneider Electric) C:\Users\Admin\en_res.dll
2017-11-23 16:50 - 2017-11-23 16:50 - 000021368 _____ (Schneider Electric) C:\Users\Admin\es_res.dll
2017-11-23 16:50 - 2017-11-23 16:50 - 000021880 _____ (Schneider Electric) C:\Users\Admin\fr_res.dll
2017-11-23 16:50 - 2017-11-23 16:50 - 000021880 _____ (Schneider Electric) C:\Users\Admin\grm_res.dll
2017-11-23 16:50 - 2017-11-23 16:50 - 000021368 _____ (Schneider Electric) C:\Users\Admin\it_res.dll
2017-11-23 16:50 - 2017-11-23 16:50 - 000020344 _____ (Schneider Electric) C:\Users\Admin\jp_res.dll
2017-11-23 16:50 - 2017-11-23 16:50 - 001079808 _____ (Microsoft Corporation) C:\Users\Admin\mfc80u.dll
2017-11-23 16:50 - 2017-11-23 16:50 - 000626688 _____ (Microsoft Corporation) C:\Users\Admin\msvcr80.dll
2017-11-23 16:50 - 2017-11-23 16:50 - 013923704 _____ (Schneider Electric) C:\Users\Admin\PCPE Setup.exe
2017-11-23 16:50 - 2017-11-23 16:50 - 000021368 _____ (Schneider Electric) C:\Users\Admin\pt_res.dll
2017-11-23 16:50 - 2017-11-23 16:50 - 000018808 _____ () C:\Users\Admin\ResourceReader.dll
2017-11-23 16:50 - 2017-11-23 16:50 - 000020856 _____ (Schneider Electric) C:\Users\Admin\ru_res.dll
2017-11-23 16:50 - 2017-11-23 16:50 - 000019832 _____ (Schneider Electric) C:\Users\Admin\zh_res.dll
2015-03-21 18:54 - 2018-07-20 18:11 - 000002392 _____ () C:\Users\Admin\AppData\Roaming\ADMIN-PC.MTBF.txt
2018-07-03 15:42 - 2018-08-27 13:00 - 000001948 _____ () C:\Users\Admin\AppData\Roaming\Doprava.UserPrint.newconfig
2015-03-21 18:55 - 2018-07-23 13:12 - 000002226 _____ () C:\Users\Admin\AppData\Roaming\__AvidCloudManager.log
2015-03-21 18:55 - 2018-06-06 21:28 - 000001702 _____ () C:\Users\Admin\AppData\Roaming\__AvidCloudManagerPrevious.log
2018-04-07 16:54 - 2018-04-07 16:54 - 000001899 _____ () C:\Users\Admin\AppData\Local\34A67AB56AD44e49A44ADF390E67282D.Rozvržení2.lbx
2015-03-21 19:05 - 2017-12-17 15:29 - 000006656 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-12 10:23 - 2015-02-13 14:52 - 001065984 _____ () C:\Users\Admin\AppData\Local\file__0.localstorage

Some files in TEMP:
====================
2018-09-17 20:12 - 2018-09-17 20:12 - 000503208 _____ (Piriform Ltd) C:\Users\Admin\AppData\Local\Temp\ccupdate.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-18 09:48

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.09.2018
Ran by Admin (18-09-2018 10:34:24)
Running from C:\Users\Admin\Desktop
Windows 10 Home Version 1803 17134.285 (X64) (2018-05-18 08:11:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-2547403967-366569612-2425474682-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2547403967-366569612-2425474682-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2547403967-366569612-2425474682-503 - Limited - Disabled)
Guest (S-1-5-21-2547403967-366569612-2425474682-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2547403967-366569612-2425474682-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Smart Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{345F3F90-0505-4EDF-B7A9-5E3AC1AC6CE4}) (Version: 15.2.1 - Hewlett-Packard) Hidden
7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 18.011.20058 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)
AdWords Editor (HKLM-x32\...\{0584D7C0-AAFD-11E8-BC5D-DC4A3E998CF6}) (Version: 12.5.3.0 - Google)
AmaSeis version 3.2 Level 2012.07.06 (HKLM-x32\...\{88A3C4BA-F79F-4DF1-8646-9BC0E6DC27AE}_is1) (Version: 3.2 Level 2012.07.06 - IRIS)
APP Center (HKLM-x32\...\{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.17.0801 - Gigabyte) Hidden
APP Center (HKLM-x32\...\InstallShield_{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.17.0801 - Gigabyte)
Balsamiq Mockups 3 (HKLM-x32\...\{51829447-5720-3DA1-0BD1-24A2890CFCA7}) (Version: 3.4.2 - Balsamiq SRL) Hidden
Balsamiq Mockups 3 (HKLM-x32\...\BalsamiqMockups3.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1) (Version: 3.4.2 - Balsamiq SRL)
Brother Printer Setting Tool (HKLM-x32\...\{8DA2E2DC-C572-4F87-89FC-833DB588CC7B}) (Version: 1.6.0051 - Brother Industries, Ltd.)
Brother P-touch Editor 5.2 (HKLM-x32\...\{456127E4-D660-4680-8C96-609AD6C485E2}) (Version: 5.2.0110 - Brother Industries, Ltd.)
Brother P-touch Update Software (HKLM-x32\...\{F378BDF5-4CE7-461B-990D-F409BB9C0CB9}) (Version: 1.0.0140 - Brother Industries, Ltd.)
Brother PT-P700 Series Utility (HKLM-x32\...\{8F7AD37E-A622-468A-9DC5-CDB5A4341535}) (Version: 1.00.7046 - Brother Industries, ltd.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6499 - CDBurnerXP)
Creative Pack Volume 1 (HKLM-x32\...\{05181A78-3BA6-4B63-BCE8-888A4BCAACFA}) (Version: 3.0.1 - Corel Corporation)
Dazzle Video Capture DVC100 X64 Driver 1.06 (HKLM-x32\...\{BFF23267-1D19-444E-93E2-E5059BE805EA}) (Version: 1.06.0000 - Pinnacle)
ESET Smart Security (HKLM\...\{90F08DAA-64CD-40CE-B42A-C5AEBE81C86B}) (Version: 10.1.204.1 - ESET, spol. s r.o.)
FormApps Signing Extension (HKLM-x32\...\{1896CB18-36FE-4AA6-8F9C-F42C087941CD}) (Version: 2.19.0.37 - Software602 a.s.)
Free Screen To Video V 2.0 (HKLM-x32\...\Free Screen To Video_is1) (Version: 2.0.0.0 - Koyote Soft)
GnuWin32: Wget-1.11.4-1 (HKLM-x32\...\Wget-1.11.4-1_is1) (Version: 1.11.4-1 - GnuWin32)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HappyFoto-Designer 5.4 (HKLM-x32\...\HappyFoto-Designer_is1) (Version: - )
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Hollywood FX Volumes 1-3 (HKLM-x32\...\{E3D181F8-246B-497F-945E-6DB98CBA6677}) (Version: 2.0.1 - Corel Corporation)
HP Color LaserJet Pro MFP M476 (HKLM-x32\...\{4b849805-3b07-4b35-874a-705c0d103672}) (Version: 10.0.13302.320 - Hewlett-Packard)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.002.004 - Hewlett-Packard)
HPCLJProMFPM476 (HKLM-x32\...\{C44C593D-3009-4D03-910E-243050C5E193}) (Version: 0.05.0000 - Hewlett-Packard)
HPDXP (HKLM-x32\...\{6BAA82C9-42B6-4B7D-A490-23EAC0E70C17}) (Version: 3.0.26.15 - HP) Hidden
HPLJDXPHelper (HKLM-x32\...\{5E4DD8C2-A906-4F1B-94B6-4F6A51D625B2}) (Version: 060.048.005 - HP) Hidden
HPLJUTCore (HKLM-x32\...\{30DD7187-F392-4D83-8AED-D9A2DC64EF15}) (Version: 008.000.0001 - HP) Hidden
HPLJUTM476 (HKLM-x32\...\{92AB9371-D327-4D56-9BDD-B38A671A631D}) (Version: 010.000.0001 - HP) Hidden
hppLaserJetService (HKLM-x32\...\{743A3155-96BD-4660-8E73-A23FBE10F3AF}) (Version: 009.033.00906 - Hewlett-Packard) Hidden
hppM476LaserJetService (HKLM-x32\...\{CD86BE42-2844-4A15-A487-0F60CAB31664}) (Version: 001.034.00634 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (HKLM-x32\...\{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}) (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (HKLM-x32\...\{853F464A-B2B8-404E-BA3E-B98FF6862C41}) (Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
hpStatusAlerts (HKLM-x32\...\{06CE2B24-EC8C-4847-AF33-098255B5D32D}) (Version: 100.040.00198 - Hewlett Packard) Hidden
hpStatusAlertsM476 (HKLM-x32\...\{C864CA6F-3A1D-45B5-A115-C8D47CAE3845}) (Version: 100.046.00121 - Hewlett-Packard) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{d370215a-d003-43ae-a3b6-1028af64d5a1}) (Version: 10.0.20 - Intel(R) Corporation) Hidden
K-Lite Mega Codec Pack 10.0.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.0.5 - )
Lenovo Phone Manager (HKLM-x32\...\{5E794B10-7A71-4B45-BFD7-41FFF3C20E49}) (Version: 1.4.1.10098 - Lenovo)
LenovoUsbDriver 1.0.13 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.0.13 - Lenovo)
LJDXPHelperUI (HKLM-x32\...\{EAECD0D7-F27D-4F13-8312-A9C0B5C5F1B7}) (Version: 060.048.005 - HP) Hidden
Locklizard Safeguard - PDF Viewer (HKLM-x32\...\Locklizard Safeguard - PDF Viewer_sf) (Version: 2.6.41 - Locklizard Ltd.)
Malwarebytes verze 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 2013 pro podnikatele - cs-cz (HKLM\...\HomeBusinessRetail - cs-cz) (Version: 15.0.4981.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2547403967-366569612-2425474682-1001\...\OneDriveSetup.exe) (Version: 18.151.0729.0006 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 39.0.3 (x86 cs) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 cs)) (Version: 39.0.3 - Mozilla)
Mozilla Firefox 40.0.3 (x86 cs) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 cs)) (Version: 40.0.3 - Mozilla)
Mozilla Firefox 42.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 cs)) (Version: 42.0 - Mozilla)
Mozilla Firefox 43.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 cs)) (Version: 43.0.1 - Mozilla)
Mozilla Firefox 45.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 45.0 (x86 cs)) (Version: 45.0 - Mozilla)
Mozilla Firefox 45.0.2 (x86 cs) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 cs)) (Version: 45.0.2 - Mozilla)
Mozilla Firefox 46.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 cs)) (Version: 46.0.1 - Mozilla)
Mozilla Firefox 47.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 cs)) (Version: 47.0 - Mozilla)
Mozilla Firefox 48.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 48.0.1 (x86 cs)) (Version: 48.0.1 - Mozilla)
Mozilla Firefox 48.0.2 (x86 cs) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 cs)) (Version: 48.0.2 - Mozilla)
Mozilla Firefox 49.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 cs)) (Version: 49.0.1 - Mozilla)
Mozilla Firefox 52.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 52.0.1 (x86 cs)) (Version: 52.0.1 - Mozilla)
Mozilla Firefox 52.0.2 (x86 cs) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 cs)) (Version: 52.0.2 - Mozilla)
Mozilla Firefox 56.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 cs)) (Version: 56.0 - Mozilla)
Mozilla Firefox 57.0.3 (x64 cs) (HKLM\...\Mozilla Firefox 57.0.3 (x64 cs)) (Version: 57.0.3 - Mozilla)
Mozilla Firefox 57.0.4 (x64 cs) (HKLM\...\Mozilla Firefox 57.0.4 (x64 cs)) (Version: 57.0.4 - Mozilla)
Mozilla Firefox 58.0 (x64 cs) (HKLM\...\Mozilla Firefox 58.0 (x64 cs)) (Version: 58.0 - Mozilla)
Mozilla Firefox 59.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.3 (x64 en-US)) (Version: 59.0.3 - Mozilla)
Mozilla Firefox 62.0 (x64 cs) (HKLM\...\Mozilla Firefox 62.0 (x64 cs)) (Version: 62.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0 - Mozilla)
Nitro Reader 3 (HKLM\...\{9EA981E5-EE67-4662-86F1-58937D31FE07}) (Version: 3.5.6.5 - Nitro)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0405-0000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
PDF24 Creator 8.4.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Pinnacle Studio 17 - Install Manager (HKLM-x32\...\{F04D92CC-5C3A-46FA-9C98-6EACBDD262FF}) (Version: 17.0.127 - Corel Corporation)
Pinnacle Studio 17 - Standard Content Pack (HKLM-x32\...\{BA98BFA8-5EDF-450B-A92E-C096DC135D0E}) (Version: 17.0 - Corel Corporation)
Pinnacle Studio 17 (HKLM-x32\...\{3DA8F808-72E2-4361-82EC-433081D23005}) (Version: 17.0.0.127 - Corel Corporation)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.12.0 - Prolific Technology INC)
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
Premium Pack Volumes 1-2 (HKLM-x32\...\{88C4D8A6-9954-46A0-965D-92E55DAB8734}) (Version: 2.0.1 - Corel Corporation)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7256 - Realtek Semiconductor Corp.)
ScoreFitter Volumes 1-2 (HKLM-x32\...\{0FDA9ECA-6DA3-480E-B7A9-76F353AF6B6C}) (Version: 2.0.1 - Corel Corporation)
Seznam Software (HKU\S-1-5-21-2547403967-366569612-2425474682-1001\...\SeznamInstall) (Version: 2.1.32 - Seznam.cz)
Skype™ 7.28 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 7.28.101 - Skype Technologies S.A.)
STORMWARE GLX CZ Mini (HKLM-x32\...\{9561B758-DFD0-42C4-80D3-CEA2BB77DE34}) (Version: 10900.11 - STORMWARE)
STORMWARE POHODA E1 Klient CZ Komplet (HKLM-x32\...\{FADE360D-9615-472E-94FE-E69C7E50D2DE}) (Version: 11901.7 - STORMWARE)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.95388 - TeamViewer)
Title Extreme (HKLM-x32\...\{F7214014-27EE-4237-9978-2F9D1551559B}) (Version: 2.0.1 - Corel Corporation)
TP-LINK TL-WN781ND Driver (HKLM-x32\...\{87C7B472-9BC2-43C8-9F03-86D2908E1A51}) (Version: 1.3.1 - TP-LINK)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Web Components (HKLM-x32\...\{03B13AF8-9625-478A-AF0E-205337B9415A}_is1) (Version: - )
Zebra Font Downloader (HKLM-x32\...\Zebra Font Downloader_is1) (Version: - Zebra Technologies Corporation)
Zebra Setup Utilities (HKLM-x32\...\{9207A8EC-3B2D-4A4A-8BF7-957FC19BB3DE}) (Version: 1.1.9.1245 - Zebra Technologies) Hidden
Zebra Setup Utilities (HKLM-x32\...\Zebra Setup Utilities) (Version: 1.1.9.1245 - Zebra Technologies)
Zoom (HKU\S-1-5-21-2547403967-366569612-2425474682-1001\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2547403967-366569612-2425474682-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2547403967-366569612-2425474682-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-12-08] (ESET)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-12-08] (ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-10-20] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-12-08] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C05C409-14A3-4984-9D1A-DF9BDFF24267} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {11C6A59A-6FAD-4BA6-B101-6425E3E0A300} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2547403967-366569612-2425474682-1001UA => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2017-08-01] (Google Inc.)
Task: {18820D4A-E1AB-4DE8-8B48-86A1801AAA3E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-17] (Piriform Ltd)
Task: {2F100463-4CFE-48CA-8F13-5BCA9480BA46} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {36744E1E-425E-49AF-B7B0-64F80BF44632} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-18] (Google Inc.)
Task: {3CE4D5CC-7A57-411D-8B2C-8DB3A5FB8089} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3FA4FEF2-EA43-4824-81D3-214AA4864543} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3FC5158E-560D-47B9-9F07-C217A27FB87D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {4765248E-E6F9-48B7-9ABD-2E7FC416C393} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {4CE19C44-A739-4920-A4BF-659D0A203215} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {517314D1-59D1-4B88-86E9-405368CBEE2A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {526A2D94-D226-4956-958B-8D999A662858} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5F31E154-E87C-4CCE-A97D-D05C3F1EFDF5} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {6EF8898B-11BE-441B-9C26-67FED1CF34C3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {75A262FB-1018-4536-90DF-5B8B100BAC5E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {85A96576-AC74-4CF2-933D-18E4B37F4102} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8A6BC92F-6142-4162-A090-5AD2D91E59E5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9D2D7911-8F1D-428C-A9E5-B39139DF08E8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9D754218-192A-4683-BC17-BE8846090B1A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-17] (Piriform Ltd)
Task: {AED8FC15-4B0B-4C66-B335-093A59C56878} - \WPD\SqmUpload_S-1-5-21-2547403967-366569612-2425474682-1001 -> No File <==== ATTENTION
Task: {B23576FA-FC80-43FA-A6E8-59539C64120E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {BE48009D-3AE9-4E2C-B7D1-CAD4A73E27E8} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_108_Plugin.exe [2018-09-12] (Adobe Systems Incorporated)
Task: {C04E9874-6F3C-4AED-B2DD-D005B087839E} - System32\Tasks\lenovo mobile auto run => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2015-01-27] (Lenovo)
Task: {CC0A7CC4-2B2B-4CFD-97B3-C177137D7C55} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-18] (Google Inc.)
Task: {D57EE19C-C7EC-413D-B284-2836A7DF78F4} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2013-04-16] (Hewlett Packard)
Task: {D6414FAE-C2A7-4054-89A5-BA0232F9CE47} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {D9D82A75-8278-4159-9F5B-6E6E5B78208A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2547403967-366569612-2425474682-1001Core => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2017-08-01] (Google Inc.)
Task: {E8418ABA-43A6-49CC-B909-6C7E25126086} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {F1E9D1D2-F4F4-476B-B118-23EF8A6580C7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-09-12] (Adobe Systems Incorporated)
Task: {FC424B6D-051E-4375-98F6-1331DC197CEC} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {FC6B5B21-A07C-496D-BFE4-573F01C3A898} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Admin\Desktop\exporty - zitra.lnk -> C:\Users\Admin\Desktop\2hmoto\Import-export\exporty-zitra.bat ()
Shortcut: C:\Users\Admin\Desktop\exporty.lnk -> C:\Users\Admin\Desktop\2hmoto\Import-export\exporty.bat ()

==================== Loaded Modules (Whitelisted) ==============

2018-04-12 01:34 - 2018-04-12 01:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2015-02-20 18:24 - 2012-08-31 16:03 - 000288768 _____ () C:\WINDOWS\System32\HP1100LM.DLL
2017-07-10 14:22 - 2012-08-31 16:02 - 000074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2018-03-10 17:29 - 2018-03-01 11:39 - 000020208 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2015-04-14 15:27 - 2015-04-14 15:27 - 000016896 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
2015-02-07 14:40 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2018-09-17 20:30 - 2018-07-24 12:32 - 002681424 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-09-17 20:30 - 2018-08-06 14:20 - 002769768 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-04-07 17:55 - 2017-11-13 16:46 - 000092368 _____ () C:\Users\Admin\AppData\Roaming\Seznam.cz\bin\3095libfoxloader-x64.dll
2017-10-20 17:42 - 2017-10-20 17:42 - 000393200 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-07-12 15:17 - 2017-07-12 15:17 - 001244080 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe
2018-09-13 09:08 - 2018-08-31 05:12 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-17 03:39 - 2018-07-17 03:39 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-07-17 03:39 - 2018-07-17 03:39 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-17 03:39 - 2018-07-17 03:39 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-07-17 03:39 - 2018-07-17 03:39 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-10 19:42 - 2018-07-10 19:42 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-09-12 21:12 - 2018-09-12 21:13 - 035124736 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-09-12 21:12 - 2018-09-12 21:13 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-09-12 21:12 - 2018-09-12 21:12 - 006417408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-26 17:47 - 2017-09-26 17:47 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-09-12 21:12 - 2018-09-12 21:12 - 009010176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\EntPlat.dll
2017-04-05 19:43 - 2017-11-13 16:38 - 000506064 _____ () C:\Users\Admin\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
2017-04-05 19:43 - 2017-02-08 13:39 - 000080576 _____ () C:\Users\Admin\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
2018-08-29 01:18 - 2018-08-29 01:19 - 000479232 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-08-29 01:18 - 2018-08-29 01:19 - 069283840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-05 09:53 - 2017-10-05 09:54 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-08-17 11:37 - 2018-08-17 11:37 - 000049664 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-08-29 01:18 - 2018-08-29 01:18 - 003699200 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-05-04 05:01 - 2018-05-04 05:02 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-08-29 01:18 - 2018-08-29 01:19 - 000035328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-08-17 11:37 - 2018-08-17 11:37 - 002480640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\opencv_imgproc320.dll
2018-08-17 11:37 - 2018-08-17 11:37 - 002280960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\opencv_core320.dll
2018-03-30 00:26 - 2018-03-30 00:27 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-08-29 01:18 - 2018-08-29 01:19 - 014333440 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-08-29 01:18 - 2018-08-29 01:18 - 003544576 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-08-29 01:18 - 2018-08-29 01:18 - 002869248 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-08-29 01:18 - 2018-08-29 01:19 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-27 19:48 - 2018-07-27 19:49 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-08-08 21:42 - 2018-08-08 02:41 - 004855640 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libglesv2.dll
2018-08-08 21:42 - 2018-08-08 02:41 - 000115544 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libegl.dll
2017-11-23 16:47 - 2017-11-13 16:49 - 000085200 _____ () C:\Users\Admin\AppData\Roaming\Seznam.cz\bin\9223libfoxloader.dll
2015-01-27 17:10 - 2015-01-27 17:10 - 000109736 _____ () C:\Program Files (x86)\MagicPlus\crashreport.dll
2015-01-27 17:10 - 2015-01-27 17:10 - 000354472 _____ () C:\Program Files (x86)\MagicPlus\UsbHelper.dll
2014-01-22 13:53 - 2014-01-22 13:53 - 001607680 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\BDR_info.dll
2015-02-16 10:47 - 2015-02-16 10:47 - 000105472 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\ycc.dll
2017-04-05 19:43 - 2018-02-21 11:36 - 000869584 _____ () C:\Users\Admin\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
2014-03-20 12:43 - 2014-03-20 12:43 - 001241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Admin\Desktop\1seznam.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\1seznam.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\2seznam.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\2seznam.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\aci opr.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\aci opr.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap4.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\czcdobro.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\czcdobro.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\fakm1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\fakm1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\fakm2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\fakm2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\geis scan.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\geis scan.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\GEIS zrušit.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\GEIS zrušit.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\geisreklam1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\geisreklam1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\geisreklam2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\geisreklam2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\geiszz.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\geiszz.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\k2moto.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\k2moto.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\karel1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\karel1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\karel2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\karel2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\karel3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\karel3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\mtz faktura prox inter.jpg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\mtz faktura prox inter.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\mtz fakturaprox.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\mtz fakturaprox.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\navod.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\navod.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\navod2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\navod2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\njm1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\njm1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\njm2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\njm2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\njm3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\njm3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\njm4.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\njm4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\O1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\O1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\O2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\O2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\p1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\p1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\p2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\p2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\p3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\p3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\p4.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\p4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\seznam smlouva 2018.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\seznam smlouva 2018.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\smlouva vito 1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\smlouva vito 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\smlouva vito 2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\smlouva vito 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T4.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T5.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T5.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T6.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T6.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\tp1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\tp1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\tp2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\tp2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\tp3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\tp3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\UP Vlada.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\UP Vlada.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\vt.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\vt.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\zdenazadost.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\zdenazadost.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Documents\kodex1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Documents\kodex1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Documents\kodex2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Documents\kodex2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Documents\kodex3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Documents\kodex3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Documents\kodex3a.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Documents\kodex3a.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09172018204013587\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2547403967-366569612-2425474682-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F795A73E-0293-48D2-AB42-8C103C20AD39}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6201AF9B-1F22-4328-9557-6FEAFCCA5052}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{02BCD9DF-1088-4EE9-BF9E-C676245030D9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6C3AF8EC-0CC0-489C-A367-87D62ACB2CE2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7B7CF6A5-5945-476E-A332-F3494CD90628}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{16C041EF-53E3-498B-AD37-2360B78FFC07}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M476\bin\EWSProxy.exe
FirewallRules: [{1B076A7B-35FC-47E3-9ED6-82259BF0180F}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M476\bin\FaxApplications.exe
FirewallRules: [{081F1A42-E0CD-4970-B083-DC860A7F7789}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M476\bin\DigitalWizards.exe
FirewallRules: [{D481106C-2EDF-4C48-95B9-17C84EBC4DD0}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M476\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{1011BEBA-1C35-49E8-9B6A-75D3CD20A084}] => (Allow) C:\Program Files\HP\HP Color LaserJet Pro MFP M476\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{51FB98C5-0BDA-4324-95EA-A7E7731D5782}] => (Allow) C:\Program Files\HP\HP Color LaserJet Pro MFP M476\bin\FaxPrinterUtility.exe
FirewallRules: [{FBDD0F82-B960-4D65-B675-8F6C4F1F2AC9}] => (Allow) C:\Program Files\HP\HP Color LaserJet Pro MFP M476\bin\SendAFax.exe
FirewallRules: [{EFFD4A87-FAB0-41F5-90E6-D0E1D94638BB}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\UMI.exe
FirewallRules: [{2376BC9A-C3EF-4EFE-9F6B-774EE5E2B24E}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\UMI.exe
FirewallRules: [{B411437F-A4DB-4285-9596-1515CDBB3182}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\NGStudio.exe
FirewallRules: [{934EA327-76A9-48CD-9AE8-BBA0058DFCB6}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\NGStudio.exe
FirewallRules: [{940E5BE0-A9C4-4B4E-ACA1-D5F63B64ADE5}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\RM.exe
FirewallRules: [{DC539DFF-DA0C-486A-83D2-BBA8E406D0B1}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\RM.exe
FirewallRules: [UDP Query User{B06AEC4D-5016-4739-9F93-4FC02BC586F3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{56931A72-63EE-4109-BC74-FB31C939B856}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{66485757-8A4A-4A18-9AB7-F30CFD8D694C}] => (Allow) LPort=427
FirewallRules: [{B2AFBF5C-B415-4991-80AA-E1E675D79CA3}] => (Allow) LPort=161
FirewallRules: [{551B51A3-FF28-447C-B20F-CDD6BF0DAE20}] => (Allow) LPort=427
FirewallRules: [{D1CDD011-9817-49BE-9F78-9F20FEAD108B}] => (Allow) LPort=9100
FirewallRules: [UDP Query User{3EB6306E-2505-493C-91B1-EC354FC84692}C:\program files (x86)\gigabyte\appcenter\gbupdate.exe] => (Allow) C:\program files (x86)\gigabyte\appcenter\gbupdate.exe
FirewallRules: [TCP Query User{32C4F8A7-0B3B-44B0-B68C-28034FF9DC04}C:\program files (x86)\gigabyte\appcenter\gbupdate.exe] => (Allow) C:\program files (x86)\gigabyte\appcenter\gbupdate.exe
FirewallRules: [{30B7D373-6355-44B6-9E6F-A90172EF37FA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{25ECA732-91A6-4F0F-84AC-5614AF3E76D3}C:\program files (x86)\magicplus\magicplus.exe] => (Allow) C:\program files (x86)\magicplus\magicplus.exe
FirewallRules: [UDP Query User{9DE90534-BB16-4BF9-907A-26E4D45F4E87}C:\program files (x86)\magicplus\magicplus.exe] => (Allow) C:\program files (x86)\magicplus\magicplus.exe
FirewallRules: [{F80B7D57-5307-44DD-862A-F4906722B298}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F75E6FC8-B433-4ED1-B115-7691A932636B}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{CD5BFDF3-6502-4C2A-B348-BECBC5B4BF0C}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{CFC605A1-F4C4-4677-AA38-1E7415714143}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4A3547CF-8B0D-4541-B236-7521D580F326}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

01-09-2018 21:17:45 Instalační služba modulů systému Windows
02-09-2018 23:17:45 Instalační služba modulů systému Windows
04-09-2018 01:17:25 Instalační služba modulů systému Windows
05-09-2018 03:17:16 Instalační služba modulů systému Windows
06-09-2018 05:17:47 Instalační služba modulů systému Windows
07-09-2018 07:17:46 Instalační služba modulů systému Windows
08-09-2018 09:17:24 Instalační služba modulů systému Windows
09-09-2018 11:17:34 Instalační služba modulů systému Windows
10-09-2018 13:17:31 Instalační služba modulů systému Windows
11-09-2018 15:17:24 Instalační služba modulů systému Windows
12-09-2018 17:17:26 Instalační služba modulů systému Windows
13-09-2018 19:18:59 Instalační služba modulů systému Windows
14-09-2018 20:44:46 Instalační služba modulů systému Windows
15-09-2018 22:44:27 Instalační služba modulů systému Windows
17-09-2018 00:44:41 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/18/2018 05:33:04 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\MagicPlus\MagicPlus.exe se nezdařilo. Chyba v souboru manifestu nebo zásad na řádku .
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.285_none_fb4297e330656775.manifest.
Součást 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.285_none_42efceba44e1907b.manifest.

Error: (09/18/2018 05:29:51 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\MagicPlus\MagicPlus.exe se nezdařilo. Chyba v souboru manifestu nebo zásad na řádku .
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.285_none_fb4297e330656775.manifest.
Součást 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.285_none_42efceba44e1907b.manifest.

Error: (09/18/2018 05:29:22 AM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: Admin-PC)
Description: httphttp-2147467263

Error: (09/18/2018 05:28:34 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\MagicPlus\MagicPlus.exe se nezdařilo. Chyba v souboru manifestu nebo zásad na řádku .
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.285_none_fb4297e330656775.manifest.
Součást 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.285_none_42efceba44e1907b.manifest.

Error: (09/18/2018 05:24:19 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\MagicPlus\MagicPlus.exe se nezdařilo. Chyba v souboru manifestu nebo zásad na řádku .
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.285_none_fb4297e330656775.manifest.
Součást 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.285_none_42efceba44e1907b.manifest.

Error: (09/17/2018 08:39:54 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\MagicPlus\MagicPlus.exe se nezdařilo. Chyba v souboru manifestu nebo zásad na řádku .
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.285_none_fb4297e330656775.manifest.
Součást 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.285_none_42efceba44e1907b.manifest.

Error: (09/17/2018 08:31:12 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\MagicPlus\MagicPlus.exe se nezdařilo. Chyba v souboru manifestu nebo zásad na řádku .
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.285_none_fb4297e330656775.manifest.
Součást 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.285_none_42efceba44e1907b.manifest.

Error: (09/17/2018 08:30:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program explorer.exe verze 10.0.17134.165 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 1aec

Čas spuštění: 01d44eb0db87437b

Čas ukončení: 0

Cesta k aplikaci: C:\Windows\explorer.exe

ID hlášení: 2d3826b5-75f2-40de-98e6-dde00c5334eb

Úplný název balíčku s chybou:

ID aplikace související s balíčkem s chybou:


System errors:
=============
Error: (09/18/2018 08:37:46 AM) (Source: DCOM) (EventID: 10016) (User: Admin-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
a APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
uživateli Admin-PC\Admin (SID: S-1-5-21-2547403967-366569612-2425474682-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (09/18/2018 05:30:00 AM) (Source: DCOM) (EventID: 10016) (User: Admin-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Admin-PC\Admin (SID: S-1-5-21-2547403967-366569612-2425474682-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (09/18/2018 05:28:34 AM) (Source: DCOM) (EventID: 10016) (User: Admin-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Admin-PC\Admin (SID: S-1-5-21-2547403967-366569612-2425474682-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (09/17/2018 09:11:52 PM) (Source: DCOM) (EventID: 10016) (User: Admin-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
a APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
uživateli Admin-PC\Admin (SID: S-1-5-21-2547403967-366569612-2425474682-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (09/17/2018 08:44:06 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Správce stažených map přestala během spouštění reagovat.

Error: (09/17/2018 08:41:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscBrokerManager
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (09/17/2018 08:00:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Služba Windows Media Player Network Sharing závisí na službě Windows Search, která neuspěla při spuštění v důsledku následující chyby:
Médium je chráněno proti zápisu.

Error: (09/17/2018 08:00:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Windows Search neuspěla při spuštění v důsledku následující chyby:
Médium je chráněno proti zápisu.


Windows Defender:
===================================
Date: 2018-09-17 15:50:41.548
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:JS/CoinHive.A
ID: 2147729066
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\ProgramData\ESET\ESET Security\httpblk.dat; file:_C:\Windows\System32\config\systemprofile\AppData\Local\ESET\ESET Security\Quarantine\0544FD0AE1797A6F5F357A2E82677B55A3048A8E.tmp
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\ESET\ESET Security\ekrn.exe
Verze podpisu: AV: 1.275.1362.0, AS: 1.275.1362.0, NIS: 1.275.1362.0
Verze modulu: AM: 1.1.15200.1, NIS: 1.1.15200.1

Date: 2018-09-17 15:50:41.424
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:JS/CoinHive.A
ID: 2147729066
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Windows\System32\config\systemprofile\AppData\Local\ESET\ESET Security\Quarantine\0544FD0AE1797A6F5F357A2E82677B55A3048A8E.tmp
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\ESET\ESET Security\ekrn.exe
Verze podpisu: AV: 1.275.1362.0, AS: 1.275.1362.0, NIS: 1.275.1362.0
Verze modulu: AM: 1.1.15200.1, NIS: 1.1.15200.1

Date: 2018-09-14 14:55:24.256
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {66A48287-BEB0-48C4-9B23-B171CA677D5C}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

CodeIntegrity:
===================================

Date: 2018-05-18 10:13:35.051
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.

Date: 2018-05-18 10:13:34.549
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.

Date: 2018-05-18 10:13:15.605
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.

Date: 2018-05-18 10:13:14.708
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4160 CPU @ 3.60GHz
Percentage of memory in use: 31%
Total physical RAM: 16249.14 MB
Available physical RAM: 11101.14 MB
Total Virtual: 18681.14 MB
Available Virtual: 13641.2 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.73 GB) (Free:741.57 GB) NTFS

\\?\Volume{1950d401-abba-11e4-824e-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.34 GB) (Free:0.07 GB) NTFS
\\?\Volume{ef91a368-0000-0000-0000-80c4e8000000}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: EF91A368)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

Re: Pomoc s odstraněním JS/CoinMiner.AH LOGY RSIT

Napsal: 18 zář 2018 11:19
od Rudy
Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Re: Pomoc s odstraněním JS/CoinMiner.AH LOGY RSIT

Napsal: 18 zář 2018 14:47
od KEnik
Zdravím,

kolega ho spustil včera 3x přikládám proto i ty včerejší logy
Díky moc
:
# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.1
# -------------------------------
# Build: 09-03-2018
# Database: 2018-09-14.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-17-2018
# Duration: 00:00:05
# OS: Windows 10 Home
# Cleaned: 19
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\OLBPre
Deleted C:\Users\Admin\AppData\Local\RegistryDr
Deleted C:\Users\Admin\Documents\RegistryDr
Deleted C:\Program Files (x86)\Registry Dr
Deleted C:\ProgramData\apn

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\RegistryDr_Start
Deleted C:\Windows\System32\Tasks\RegistryDr_Popup

***** [ Registry ] *****

Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\OLBPre
Deleted HKCU\Software\RegistryDrLanguage
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CC862C7-1BBB-4DA5-AAA7-04B4A2FA4F3C}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegistryDr_Start
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4CA3FD30-3368-4C12-B091-C224B3EA61C3}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CA3FD30-3368-4C12-B091-C224B3EA61C3}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegistryDr_Popup
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{606AD098-9531-46E5-A6D5-96830B66C269}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BBB78E6-75A7-44C5-98A1-ACCFE16FF655}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BBB78E6-75A7-44C5-98A1-ACCFE16FF655}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup
Deleted HKCU\Software\RegistryDrConfig

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3106 octets] - [17/09/2018 19:59:18]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.1
# -------------------------------
# Build: 09-03-2018
# Database: 2018-09-14.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 09-17-2018
# Duration: 00:00:40
# OS: Windows 10 Home
# Scanned: 41927
# Detected: 19


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy C:\Program Files (x86)\OLBPre
PUP.Optional.RegistryDr C:\Users\Admin\AppData\Local\RegistryDr
PUP.Optional.RegistryDr C:\Users\Admin\Documents\RegistryDr
PUP.Optional.RegistryDr C:\Program Files (x86)\Registry Dr
Rogue.ForcedExtension C:\ProgramData\apn

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.Legacy C:\Windows\System32\Tasks\RegistryDr_Start
PUP.Optional.Legacy C:\Windows\System32\Tasks\RegistryDr_Popup

***** [ Registry ] *****

PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\OLBPre
PUP.Optional.Legacy HKCU\Software\RegistryDrLanguage
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CC862C7-1BBB-4DA5-AAA7-04B4A2FA4F3C}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegistryDr_Start
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4CA3FD30-3368-4C12-B091-C224B3EA61C3}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CA3FD30-3368-4C12-B091-C224B3EA61C3}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegistryDr_Popup
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{606AD098-9531-46E5-A6D5-96830B66C269}
PUP.Optional.MyPCBackup HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BBB78E6-75A7-44C5-98A1-ACCFE16FF655}
PUP.Optional.MyPCBackup HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BBB78E6-75A7-44C5-98A1-ACCFE16FF655}
PUP.Optional.MyPCBackup HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup
PUP.Optional.RegistryDr HKCU\Software\RegistryDrConfig

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.1
# -------------------------------
# Build: 09-03-2018
# Database: 2018-09-14.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 09-17-2018
# Duration: 00:00:24
# OS: Windows 10 Home
# Scanned: 41927
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [3106 octets] - [17/09/2018 19:59:18]
AdwCleaner[C00].txt - [2944 octets] - [17/09/2018 19:59:39]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.1
# -------------------------------
# Build: 09-03-2018
# Database: 2018-09-17.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 09-18-2018
# Duration: 00:00:13
# OS: Windows 10 Home
# Scanned: 41925
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [3106 octets] - [17/09/2018 19:59:18]
AdwCleaner[C00].txt - [2944 octets] - [17/09/2018 19:59:39]
AdwCleaner[S01].txt - [1372 octets] - [17/09/2018 20:08:39]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########

Re: Pomoc s odstraněním JS/CoinMiner.AH LOGY RSIT

Napsal: 18 zář 2018 14:51
od Rudy
Dejte nový log FRST.

Re: Pomoc s odstraněním JS/CoinMiner.AH LOGY RSIT

Napsal: 18 zář 2018 15:00
od KEnik
Zde logy díky
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.09.2018
Ran by Admin (administrator) on ADMIN-PC (18-09-2018 15:58:14)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Windows 10 Home Version 1803 17134.285 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: "kernel32::GetLongPathNameW(w R8, w .R7, i 1024)i .R6" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
() C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo) C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Users\Admin\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
() C:\Users\Admin\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\StatusAlerts\bin\HPStatusAlerts.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(BHIT CZ s.r.o.) \\192.168.1.30\pohodae1\BHIT\scripts\Doprava.PrintServer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Malwarebytes) C:\Users\Admin\Downloads\adwcleaner_7.2.3.1.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Users\Admin\Downloads\adwcleaner_7.2.3.1.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-05-27] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [324216 2017-12-08] (ESET)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1087960 2014-03-20] (Intel Corporation)
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313656 2013-10-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [MagicPlusHelper] => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2499240 2015-01-27] (Lenovo)
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [432776 2018-06-28] (Geek Software GmbH)
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe [8192 2013-04-29] ()
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09172018204013587\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-2547403967-366569612-2425474682-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29625472 2016-09-12] (Skype Technologies S.A.)
HKU\S-1-5-21-2547403967-366569612-2425474682-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Admin\AppData\Roaming\Seznam.cz\szninstall.exe [1069296 2018-03-27] ()
HKU\S-1-5-21-2547403967-366569612-2425474682-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Admin\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [109808 2018-03-27] ()
HKU\S-1-5-21-2547403967-366569612-2425474682-1001\...\Run: [Google Update] => C:\Users\Admin\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-16] (Google Inc.)
HKU\S-1-5-21-2547403967-366569612-2425474682-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-17] (Piriform Ltd)
HKU\S-1-5-21-2547403967-366569612-2425474682-1001\...\MountPoints2: {0ddbb37f-67d6-11e7-82d2-fcaa143088de} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2547403967-366569612-2425474682-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [804352 2018-04-12] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2017-11-23]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.20
Tcpip\..\Interfaces\{2ecf7463-c25f-4421-ace9-e81e7483848e}: [DhcpNameServer] 192.168.1.20
Tcpip\..\Interfaces\{d73f3e4d-3dba-49e7-9cbd-f4fad297583b}: [DhcpNameServer] 192.168.1.20

Internet Explorer:
==================
HKU\S-1-5-21-2547403967-366569612-2425474682-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
SearchScopes: HKU\S-1-5-21-2547403967-366569612-2425474682-1001 -> {10B30B9E-B179-4DAF-83F3-6173745ADEE1} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_28314
SearchScopes: HKU\S-1-5-21-2547403967-366569612-2425474682-1001 -> {32581500-F635-49F7-BEB0-353764B82682} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_28314
SearchScopes: HKU\S-1-5-21-2547403967-366569612-2425474682-1001 -> {3D1E74E4-F7A9-43A8-963E-FC4C9168CAC7} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_28314
SearchScopes: HKU\S-1-5-21-2547403967-366569612-2425474682-1001 -> {511AE949-4F4D-4D77-9E28-AED215573709} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_28314
SearchScopes: HKU\S-1-5-21-2547403967-366569612-2425474682-1001 -> {81B9A75E-DE17-467D-AD3F-CD4EEAA8B752} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_28314
SearchScopes: HKU\S-1-5-21-2547403967-366569612-2425474682-1001 -> {CAFDF499-7C49-4592-932C-AC96AD3D92A4} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_28314
SearchScopes: HKU\S-1-5-21-2547403967-366569612-2425474682-1001 -> {D577E34B-A738-4041-B7E2-1CFE61547FE0} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_28314
SearchScopes: HKU\S-1-5-21-2547403967-366569612-2425474682-1001 -> {DF27773A-8CFF-4851-9D6C-F4F511D12158} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_28314
SearchScopes: HKU\S-1-5-21-2547403967-366569612-2425474682-1001 -> {E83B9A84-B566-4D93-AE9E-0C7F74875DB0} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_28314
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-09-05] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-09-05] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0xxqbxdt.default [2018-09-18]
FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0xxqbxdt.default\user.js [2015-02-20]
FF Homepage: Mozilla\Firefox\Profiles\0xxqbxdt.default -> hxxp://seznam.cz/
FF Extension: (Firebug) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0xxqbxdt.default\Extensions\firebug@software.joehewitt.com.xpi [2017-03-01] [Legacy]
FF Extension: (Open in IE) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0xxqbxdt.default\Extensions\openinie@wittersworld.com.xpi [2017-09-02] [Legacy]
FF Extension: (Seznam pro Firefox - Esko) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0xxqbxdt.default\Extensions\sko-extension@firma.seznam.cz.xpi [2017-11-29]
FF Extension: (AVG SafePrice) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0xxqbxdt.default\Extensions\sp@avg.com.xpi [2016-11-18]
FF Extension: (blockcoinm) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0xxqbxdt.default\Extensions\{74b0af75-8791-44e2-95a6-7f0ab94143ec}.xpi [2018-09-17]
FF Extension: (Seznam pro Firefox - Email) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0xxqbxdt.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2017-11-04]
FF Extension: (Seznam pro Firefox - Email) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0xxqbxdt.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}.xpi [2017-10-25]
FF Extension: (Firefox Monitor) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0xxqbxdt.default\features\{7aefbc63-a6bc-4588-abe0-59948fa366a6}\fxmonitor@mozilla.org.xpi [2018-09-14]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_108.dll [2018-09-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-10] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2016-06-27] ()
FF Plugin HKU\S-1-5-21-2547403967-366569612-2425474682-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2547403967-366569612-2425474682-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2547403967-366569612-2425474682-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Admin\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-11-21] (Zoom Video Communications, Inc.)
StartMenuInternet: Firefox- - kernel32::GetLongPathNameW(w R8, w .R7, i 1024)i .R6

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.2hmoto.cz/"
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2018-09-18]
CHR Extension: (Prezentace) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-25]
CHR Extension: (Dokumenty) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-25]
CHR Extension: (Disk Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-18]
CHR Extension: (Seznam doplněk - Email) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2018-09-14]
CHR Extension: (Seznam doplněk - Esko-) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2018-09-14]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-18]
CHR Extension: (Vyhledávání Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-07]
CHR Extension: (Tabulky) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-25]
CHR Extension: (Dokumenty Google offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-14]
CHR Extension: (AVG SafePrice | Comparison, deals, coupons) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2018-09-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Seznam doplněk - Esko) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2018-09-14]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-18]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-14]
CHR HKU\S-1-5-21-2547403967-366569612-2425474682-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058416 2017-09-05] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2648184 2017-12-08] (ESET)
R2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16896 2015-04-14] () [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [136512 2018-09-18] (SurfRight B.V.)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2013-08-22] (HP) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 PDF24; C:\Program Files (x86)\PDF24\pdf24.exe [432776 2018-06-28] (Geek Software GmbH)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2018-03-01] (TeamViewer GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-07-31] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-07-31] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [132848 2017-12-08] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [107344 2017-03-09] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15872 2018-02-19] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180088 2017-12-08] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50752 2017-03-09] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [78192 2017-03-09] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [102160 2017-12-08] (ESET)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-07-12] (Malwarebytes)
R4 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2018-09-18] ()
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193256 2018-09-17] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [117472 2018-09-17] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [52328 2018-09-17] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [259360 2018-09-17] (Malwarebytes)
S3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-12] (Realtek )
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46584 2018-07-31] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [340008 2018-07-31] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-07-31] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

Error(1) reading file: "C:\Users\Admin\Desktop\krytbLRUwHFEIFcb4SwtXJsNQBXXmMPzNDl2-9LJURLNTH8gIuc3M-vahBEe4fjeVqKnSwSRuNKwiKQVKWrI4EX50npliNXfxuOcvFzMVFpSl0hecnXXA44MDBnMYJUTBysEhMFBF_KNRE3gruwEXTz0r18gCZtdoyqCX-rk-pBzg5SUFwWsaH7seXx2kzkMmFy-iXbJmsjszZ9Xr6XLFTVc_IYywYS-tzf4DSVoAPlb1-sqELDTgqT46q.htm"
2018-09-18 13:50 - 2018-09-18 13:50 - 000109872 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-09-18 11:16 - 2018-09-18 11:16 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2018-09-18 11:16 - 2018-09-18 11:16 - 000001962 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2018-09-18 11:16 - 2018-09-18 11:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2018-09-18 11:16 - 2018-09-18 11:16 - 000000000 ____D C:\Program Files\HitmanPro
2018-09-18 11:15 - 2018-09-18 11:33 - 000000000 ____D C:\ProgramData\HitmanPro
2018-09-18 11:15 - 2018-09-18 11:15 - 011576808 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\hitmanpro_x64.exe
2018-09-18 10:34 - 2018-09-18 10:34 - 000060946 _____ C:\Users\Admin\Desktop\Addition.txt
2018-09-18 10:33 - 2018-09-18 15:58 - 000023229 _____ C:\Users\Admin\Desktop\FRST.txt
2018-09-18 10:32 - 2018-09-18 15:58 - 000000000 ____D C:\FRST
2018-09-18 10:30 - 2018-09-18 10:31 - 002413568 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2018-09-18 05:33 - 2018-09-18 05:33 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-09-18 05:33 - 2018-09-18 05:33 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-09-18 05:32 - 2018-09-18 05:32 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-09-18 05:31 - 2018-09-18 05:32 - 040184160 _____ (Igor Pavlov) C:\Users\Admin\Downloads\Firefox Setup 62.0.exe
2018-09-17 20:31 - 2018-09-17 20:31 - 000000000 ____D C:\Users\Admin\AppData\Local\mbam
2018-09-17 20:30 - 2018-09-17 20:38 - 000117472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-09-17 20:30 - 2018-09-17 20:38 - 000052328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-09-17 20:30 - 2018-09-17 20:30 - 000259360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-09-17 20:30 - 2018-09-17 20:30 - 000193256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-09-17 20:30 - 2018-09-17 20:30 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-09-17 20:30 - 2018-09-17 20:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-09-17 20:30 - 2018-09-17 20:30 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-09-17 20:30 - 2018-09-17 20:30 - 000000000 ____D C:\Program Files\Malwarebytes
2018-09-17 20:30 - 2018-07-12 08:42 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-09-17 20:26 - 2018-09-17 20:29 - 081554232 _____ (Malwarebytes ) C:\Users\Admin\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.441-1.0.6859.exe
2018-09-17 20:19 - 2018-09-17 20:19 - 000153526 _____ C:\Users\Admin\Documents\cc_20180917_201946.reg
2018-09-17 20:12 - 2018-09-17 20:37 - 000000000 ____D C:\Program Files\CCleaner
2018-09-17 20:12 - 2018-09-17 20:12 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-09-17 20:12 - 2018-09-17 20:12 - 000002856 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-09-17 20:12 - 2018-09-17 20:12 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-09-17 20:12 - 2018-09-17 20:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-09-17 20:09 - 2018-09-17 20:10 - 015813864 _____ (Piriform Ltd) C:\Users\Admin\Downloads\ccsetup542.exe
2018-09-17 19:58 - 2018-09-17 19:59 - 000000000 ____D C:\AdwCleaner
2018-09-17 19:57 - 2018-09-17 19:58 - 007571152 _____ (Malwarebytes) C:\Users\Admin\Downloads\adwcleaner_7.2.3.1.exe
2018-09-17 18:20 - 2018-09-17 18:21 - 006980216 _____ (ESET spol. s r.o.) C:\Users\Admin\Downloads\esetonlinescanner_csy.exe
2018-09-17 16:18 - 2018-09-17 16:18 - 000113273 _____ C:\Users\Admin\Downloads\DPPO 2017 plná verze(1).pdf
2018-09-17 16:18 - 2018-09-17 16:18 - 000058874 _____ C:\Users\Admin\Downloads\Výkaz_zisku_a_ztráty_v_plném_rozsahu_2017.pdf
2018-09-17 16:17 - 2018-09-17 16:17 - 000049786 _____ C:\Users\Admin\Downloads\doručenka DPPO 2017.pdf
2018-09-15 14:06 - 2018-09-15 14:06 - 000009432 _____ C:\Users\Admin\Desktop\opraveno.odt
2018-09-14 16:01 - 2018-09-14 16:01 - 000008395 _____ C:\Users\Admin\Desktop\Omlouvám se předem jelikož si myslím.odt
2018-09-13 09:09 - 2018-08-31 05:42 - 007520064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-09-13 09:09 - 2018-08-31 05:28 - 006570040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-09-13 09:09 - 2018-08-31 05:26 - 025847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-09-13 09:09 - 2018-08-31 05:20 - 022715904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-09-13 09:09 - 2018-08-28 09:17 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-09-13 09:08 - 2018-08-31 09:46 - 000542504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-09-13 09:08 - 2018-08-31 09:45 - 000348328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-09-13 09:08 - 2018-08-31 09:43 - 001524152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-09-13 09:08 - 2018-08-31 09:42 - 001636232 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-09-13 09:08 - 2018-08-31 09:27 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-09-13 09:08 - 2018-08-31 09:27 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2018-09-13 09:08 - 2018-08-31 09:26 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2018-09-13 09:08 - 2018-08-31 09:25 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll
2018-09-13 09:08 - 2018-08-31 09:25 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2018-09-13 09:08 - 2018-08-31 09:24 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-09-13 09:08 - 2018-08-31 09:24 - 000482304 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2018-09-13 09:08 - 2018-08-31 09:24 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-09-13 09:08 - 2018-08-31 09:23 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-09-13 09:08 - 2018-08-31 09:23 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-09-13 09:08 - 2018-08-31 09:22 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-09-13 09:08 - 2018-08-31 09:22 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-09-13 09:08 - 2018-08-31 08:55 - 001455960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-09-13 09:08 - 2018-08-31 08:53 - 001327504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-09-13 09:08 - 2018-08-31 08:41 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-09-13 09:08 - 2018-08-31 08:41 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2018-09-13 09:08 - 2018-08-31 08:40 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll
2018-09-13 09:08 - 2018-08-31 08:37 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-09-13 09:08 - 2018-08-31 08:37 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-09-13 09:08 - 2018-08-31 08:37 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-09-13 09:08 - 2018-08-31 08:36 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-09-13 09:08 - 2018-08-31 05:50 - 000273720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-09-13 09:08 - 2018-08-31 05:50 - 000270648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-09-13 09:08 - 2018-08-31 05:44 - 001222440 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-09-13 09:08 - 2018-08-31 05:44 - 001064744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-09-13 09:08 - 2018-08-31 05:44 - 001030952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-09-13 09:08 - 2018-08-31 05:44 - 000568600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-09-13 09:08 - 2018-08-31 05:44 - 000136488 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-09-13 09:08 - 2018-08-31 05:44 - 000076256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-09-13 09:08 - 2018-08-31 05:43 - 002719216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-09-13 09:08 - 2018-08-31 05:43 - 000722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-09-13 09:08 - 2018-08-31 05:42 - 009090016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-09-13 09:08 - 2018-08-31 05:42 - 007436192 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-09-13 09:08 - 2018-08-31 05:42 - 002824672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-09-13 09:08 - 2018-08-31 05:42 - 002461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-09-13 09:08 - 2018-08-31 05:42 - 001767064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-09-13 09:08 - 2018-08-31 05:42 - 001458552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-09-13 09:08 - 2018-08-31 05:42 - 001258352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-09-13 09:08 - 2018-08-31 05:42 - 001142000 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-09-13 09:08 - 2018-08-31 05:42 - 001097720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-09-13 09:08 - 2018-08-31 05:42 - 000983080 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-09-13 09:08 - 2018-08-31 05:42 - 000885928 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-09-13 09:08 - 2018-08-31 05:42 - 000632296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
2018-09-13 09:08 - 2018-08-31 05:42 - 000604640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-09-13 09:08 - 2018-08-31 05:42 - 000527328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-09-13 09:08 - 2018-08-31 05:42 - 000494472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2018-09-13 09:08 - 2018-08-31 05:42 - 000155112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2018-09-13 09:08 - 2018-08-31 05:28 - 006043680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-09-13 09:08 - 2018-08-31 05:28 - 001989496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-09-13 09:08 - 2018-08-31 05:28 - 001514352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2018-09-13 09:08 - 2018-08-31 05:28 - 001129728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-09-13 09:08 - 2018-08-31 05:28 - 000568568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-09-13 09:08 - 2018-08-31 05:28 - 000453104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
2018-09-13 09:08 - 2018-08-31 05:28 - 000134936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2018-09-13 09:08 - 2018-08-31 05:21 - 022008320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-09-13 09:08 - 2018-08-31 05:18 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-09-13 09:08 - 2018-08-31 05:17 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-09-13 09:08 - 2018-08-31 05:17 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\netevent.dll
2018-09-13 09:08 - 2018-08-31 05:16 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-09-13 09:08 - 2018-08-31 05:16 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-09-13 09:08 - 2018-08-31 05:16 - 004382720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-09-13 09:08 - 2018-08-31 05:15 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-09-13 09:08 - 2018-08-31 05:15 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-09-13 09:08 - 2018-08-31 05:15 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-09-13 09:08 - 2018-08-31 05:15 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-09-13 09:08 - 2018-08-31 05:15 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-09-13 09:08 - 2018-08-31 05:15 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-09-13 09:08 - 2018-08-31 05:14 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-09-13 09:08 - 2018-08-31 05:14 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-09-13 09:08 - 2018-08-31 05:14 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-09-13 09:08 - 2018-08-31 05:14 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-09-13 09:08 - 2018-08-31 05:14 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-09-13 09:08 - 2018-08-31 05:13 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-09-13 09:08 - 2018-08-31 05:13 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-09-13 09:08 - 2018-08-31 05:13 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-09-13 09:08 - 2018-08-31 05:12 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-09-13 09:08 - 2018-08-31 05:12 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netevent.dll
2018-09-13 09:08 - 2018-08-31 05:11 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-09-13 09:08 - 2018-08-31 05:11 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-09-13 09:08 - 2018-08-31 05:11 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-09-13 09:08 - 2018-08-31 05:11 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-09-13 09:08 - 2018-08-31 05:11 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-09-13 09:08 - 2018-08-31 05:11 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-09-13 09:08 - 2018-08-31 05:11 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-09-13 09:08 - 2018-08-31 05:10 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-09-13 09:08 - 2018-08-31 05:10 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-09-13 09:08 - 2018-08-31 05:10 - 001375744 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-09-13 09:08 - 2018-08-31 05:10 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-09-13 09:08 - 2018-08-31 05:10 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-09-13 09:08 - 2018-08-31 05:10 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-09-13 09:08 - 2018-08-31 05:10 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-09-13 09:08 - 2018-08-31 05:10 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-09-13 09:08 - 2018-08-31 05:10 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-09-13 09:08 - 2018-08-31 05:09 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-09-13 09:08 - 2018-08-31 05:09 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-09-13 09:08 - 2018-08-31 05:08 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-09-13 09:08 - 2018-08-31 05:07 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-09-13 09:08 - 2018-08-31 05:07 - 000856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-09-13 09:08 - 2018-08-31 05:07 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-09-13 09:08 - 2018-08-31 05:06 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-09-13 09:08 - 2018-08-31 03:57 - 000001308 _____ C:\WINDOWS\system32\tcbres.wim
2018-09-13 09:08 - 2018-08-28 08:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-09-13 09:08 - 2018-08-28 08:49 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-09-13 09:08 - 2018-08-28 08:48 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2018-09-13 09:08 - 2018-08-28 08:45 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2018-09-13 09:08 - 2018-08-28 07:51 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-09-13 09:08 - 2018-08-14 04:14 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2018-09-13 09:08 - 2018-08-14 04:14 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-09-13 09:08 - 2018-08-09 11:32 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-09-13 09:08 - 2018-08-09 11:31 - 001617728 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-09-13 09:08 - 2018-08-09 11:31 - 000766872 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-09-13 09:08 - 2018-08-09 11:31 - 000253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-09-13 09:08 - 2018-08-09 11:31 - 000236624 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-09-13 09:08 - 2018-08-09 11:17 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-09-13 09:08 - 2018-08-09 11:16 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-09-13 09:08 - 2018-08-09 11:14 - 012709376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-09-13 09:08 - 2018-08-09 11:14 - 000466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2018-09-13 09:08 - 2018-08-09 11:14 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollUI.dll
2018-09-13 09:08 - 2018-08-09 11:14 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2018-09-13 09:08 - 2018-08-09 11:13 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2018-09-13 09:08 - 2018-08-09 11:13 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\certreq.exe
2018-09-13 09:08 - 2018-08-09 11:13 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-09-13 09:08 - 2018-08-09 11:13 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll
2018-09-13 09:08 - 2018-08-09 11:12 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-09-13 09:08 - 2018-08-09 11:12 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-09-13 09:08 - 2018-08-09 11:12 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-09-13 09:08 - 2018-08-09 11:11 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-09-13 09:08 - 2018-08-09 11:11 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-09-13 09:08 - 2018-08-09 11:11 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-09-13 09:08 - 2018-08-09 11:11 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-09-13 09:08 - 2018-08-09 11:11 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-09-13 09:08 - 2018-08-09 11:10 - 001557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2018-09-13 09:08 - 2018-08-09 11:10 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-09-13 09:08 - 2018-08-09 11:10 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-09-13 09:08 - 2018-08-09 11:09 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2018-09-13 09:08 - 2018-08-09 11:09 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2018-09-13 09:08 - 2018-08-09 11:09 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-09-13 09:08 - 2018-08-09 10:36 - 000660896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-09-13 09:08 - 2018-08-09 10:36 - 000221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2018-09-13 09:08 - 2018-08-09 10:24 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-09-13 09:08 - 2018-08-09 10:24 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2018-09-13 09:08 - 2018-08-09 10:23 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-09-13 09:08 - 2018-08-09 10:23 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-09-13 09:08 - 2018-08-09 10:23 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollUI.dll
2018-09-13 09:08 - 2018-08-09 10:22 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-09-13 09:08 - 2018-08-09 10:22 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-09-13 09:08 - 2018-08-09 10:22 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-09-13 09:08 - 2018-08-09 10:22 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certreq.exe
2018-09-13 09:08 - 2018-08-09 10:21 - 002894848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-09-13 09:08 - 2018-08-09 10:21 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-09-13 09:08 - 2018-08-09 10:21 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2018-09-13 09:08 - 2018-08-09 10:21 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-09-13 09:08 - 2018-08-09 10:20 - 002401792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-09-13 09:08 - 2018-08-09 10:20 - 000423424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2018-09-13 09:08 - 2018-08-09 10:20 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2018-09-13 09:08 - 2018-08-09 10:20 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2018-09-13 09:08 - 2018-08-09 10:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-09-13 09:08 - 2018-08-09 07:02 - 001035144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-09-13 09:08 - 2018-08-09 07:01 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2018-09-13 09:08 - 2018-08-09 06:55 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-09-13 09:08 - 2018-08-09 06:54 - 001019016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-09-13 09:08 - 2018-08-09 06:54 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-09-13 09:08 - 2018-08-09 06:54 - 000375704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-09-13 09:08 - 2018-08-09 06:54 - 000203568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2018-09-13 09:08 - 2018-08-09 06:54 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-09-13 09:08 - 2018-08-09 06:53 - 002765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-09-13 09:08 - 2018-08-09 06:53 - 001947720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-09-13 09:08 - 2018-08-09 06:53 - 001026456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-09-13 09:08 - 2018-08-09 06:53 - 000932136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-09-13 09:08 - 2018-08-09 06:53 - 000714792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-09-13 09:08 - 2018-08-09 06:53 - 000482480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-09-13 09:08 - 2018-08-09 06:53 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-09-13 09:08 - 2018-08-09 06:53 - 000125600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptxml.dll
2018-09-13 09:08 - 2018-08-09 06:30 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-09-13 09:08 - 2018-08-09 06:30 - 000183992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2018-09-13 09:08 - 2018-08-09 06:29 - 002253584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-09-13 09:08 - 2018-08-09 06:29 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-09-13 09:08 - 2018-08-09 06:29 - 001174552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-09-13 09:08 - 2018-08-09 06:29 - 000581696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-09-13 09:08 - 2018-08-09 06:29 - 000099208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptxml.dll
2018-09-13 09:08 - 2018-08-09 06:28 - 003395072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-09-13 09:08 - 2018-08-09 06:28 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-09-13 09:08 - 2018-08-09 06:27 - 000428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-09-13 09:08 - 2018-08-09 06:27 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2018-09-13 09:08 - 2018-08-09 06:27 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollCtrl.exe
2018-09-13 09:08 - 2018-08-09 06:26 - 000990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2018-09-13 09:08 - 2018-08-09 06:26 - 000572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2018-09-13 09:08 - 2018-08-09 06:26 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-09-13 09:08 - 2018-08-09 06:26 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-09-13 09:08 - 2018-08-09 06:26 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll
2018-09-13 09:08 - 2018-08-09 06:26 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll
2018-09-13 09:08 - 2018-08-09 06:26 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-09-13 09:08 - 2018-08-09 06:25 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-09-13 09:08 - 2018-08-09 06:25 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-09-13 09:08 - 2018-08-09 06:25 - 000797184 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2018-09-13 09:08 - 2018-08-09 06:25 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-09-13 09:08 - 2018-08-09 06:25 - 000460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2018-09-13 09:08 - 2018-08-09 06:25 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2018-09-13 09:08 - 2018-08-09 06:25 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-09-13 09:08 - 2018-08-09 06:24 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-09-13 09:08 - 2018-08-09 06:24 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-09-13 09:08 - 2018-08-09 06:23 - 003148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2018-09-13 09:08 - 2018-08-09 06:23 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-09-13 09:08 - 2018-08-09 06:23 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-09-13 09:08 - 2018-08-09 06:23 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-09-13 09:08 - 2018-08-09 06:22 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-09-13 09:08 - 2018-08-09 06:22 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-09-13 09:08 - 2018-08-09 06:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-09-13 09:08 - 2018-08-09 06:22 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2018-09-13 09:08 - 2018-08-09 06:21 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-09-13 09:08 - 2018-08-09 06:13 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-09-13 09:08 - 2018-08-09 06:13 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe
2018-09-13 09:08 - 2018-08-09 06:12 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2018-09-13 09:08 - 2018-08-09 06:11 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-09-13 09:08 - 2018-08-09 06:11 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-09-13 09:08 - 2018-08-09 06:11 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2018-09-13 09:08 - 2018-08-09 06:11 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-09-13 09:08 - 2018-08-09 06:11 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsAuth.dll
2018-09-13 09:08 - 2018-08-09 06:11 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsCfg.dll
2018-09-13 09:08 - 2018-08-09 06:11 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2018-09-13 09:08 - 2018-08-09 06:10 - 002893824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2018-09-13 09:08 - 2018-08-09 06:10 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-09-13 09:08 - 2018-08-09 06:10 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-09-13 09:08 - 2018-08-09 06:09 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-09-13 09:08 - 2018-08-09 06:09 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-09-13 09:08 - 2018-08-09 06:08 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2018-09-13 09:08 - 2018-08-09 05:08 - 000806416 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-09-13 09:08 - 2018-08-09 05:08 - 000806416 _____ C:\WINDOWS\system32\locale.nls
2018-09-12 10:42 - 2018-09-12 10:42 - 000599106 _____ C:\Users\Admin\Downloads\Doklad_2184426358.pdf
2018-09-10 09:18 - 2018-09-10 09:19 - 002104623 _____ C:\Users\Admin\Downloads\prilohy_229274.zip
2018-09-07 09:11 - 2018-09-07 09:12 - 000529743 _____ C:\Users\Admin\Downloads\Objednat_nástavec_2_Nástavec PM50 na STABIL 180mm 1,35m.pdf
2018-09-07 09:11 - 2018-09-07 09:11 - 001081060 _____ C:\Users\Admin\Downloads\Objednat_komín1_Schiedel UNI ADV 160mm 7,66 1xT45 1xT90.pdf
2018-09-07 09:11 - 2018-09-07 09:11 - 000834641 _____ C:\Users\Admin\Downloads\Objednat_komín2__Schiedel UNI ADVANCED 18 7,66 4xT90.pdf
2018-09-07 09:11 - 2018-09-07 09:11 - 000529741 _____ C:\Users\Admin\Downloads\Objednat_nástavec_1_Nástavec PM50 na STABIL 160mm 1,35m.pdf
2018-09-06 11:36 - 2018-09-06 11:36 - 000131237 _____ C:\Users\Admin\Downloads\Přijetí_zakázky_18Pro03009.pdf
2018-09-04 19:28 - 2018-09-04 19:28 - 000001398 _____ C:\Users\Admin\Downloads\VCA1009586.crt
2018-09-03 18:18 - 2018-09-03 18:18 - 000163564 _____ C:\Users\Admin\Downloads\Uvodni_9.jpg.part
2018-09-03 17:27 - 2018-09-03 17:27 - 002889278 _____ C:\Users\Admin\Downloads\ANO2011_zajecov_A2.pdf
2018-09-03 14:38 - 2018-09-03 14:38 - 000001743 _____ C:\Users\Admin\Documents\2HMOTO.pem
2018-09-03 14:36 - 2018-09-03 14:36 - 005887120 _____ C:\Users\Admin\Downloads\iSignum.exe
2018-09-03 13:09 - 2018-09-03 13:09 - 094928804 _____ C:\Users\Admin\Desktop\noviny 032018.zip
2018-09-03 09:50 - 2018-09-03 12:37 - 000000000 ____D C:\Users\Admin\Desktop\noviny 032018
2018-08-29 01:49 - 2018-08-29 01:49 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AdWords Editor
2018-08-27 20:18 - 2018-08-27 20:18 - 000011871 _____ C:\Users\Admin\Downloads\pohoda-29847-20180827-201803.xml
2018-08-19 15:21 - 2018-08-19 15:21 - 000094252 _____ C:\Users\Admin\Documents\Faktura_180400175.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-18 15:54 - 2018-05-18 10:10 - 000004196 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9E94B701-CFDB-4F6E-AB96-6EA9FC0237E3}
2018-09-18 15:54 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-09-18 15:39 - 2016-11-23 21:02 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla
2018-09-18 15:33 - 2018-05-18 09:48 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-09-18 10:51 - 2015-02-07 17:45 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-09-18 05:33 - 2015-02-07 18:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-09-18 04:21 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2018-09-17 20:51 - 2016-08-23 14:51 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2018-09-17 20:45 - 2017-04-05 19:43 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Seznam.cz
2018-09-17 20:44 - 2018-05-18 09:59 - 001692472 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-09-17 20:44 - 2018-04-12 17:50 - 000716072 _____ C:\WINDOWS\system32\perfh005.dat
2018-09-17 20:44 - 2018-04-12 17:50 - 000144864 _____ C:\WINDOWS\system32\perfc005.dat
2018-09-17 20:39 - 2017-07-10 14:21 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-09-17 20:39 - 2015-02-11 11:36 - 000026192 _____ (Windows (R) Server 2003 DDK provider) C:\WINDOWS\gdrv.sys
2018-09-17 20:39 - 2015-02-04 11:09 - 000000000 __SHD C:\Users\Admin\IntelGraphicsProfiles
2018-09-17 20:38 - 2018-05-18 10:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-09-17 20:37 - 2018-04-11 23:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-09-17 20:37 - 2017-12-13 05:15 - 000017730 _____ C:\WINDOWS\SysWOW64\PCPELog.txt
2018-09-17 20:17 - 2015-02-23 18:26 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Media Player Classic
2018-09-17 20:14 - 2018-05-12 23:15 - 000000000 ___DC C:\WINDOWS\Panther
2018-09-17 20:13 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-09-17 18:21 - 2017-04-25 16:08 - 000000000 ____D C:\Users\Admin\AppData\Local\ESET
2018-09-17 16:16 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-09-17 15:53 - 2015-03-21 19:06 - 000000000 ____D C:\Users\Admin\Desktop\2hmoto
2018-09-17 00:45 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-09-15 05:12 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-09-15 05:12 - 2017-12-05 17:34 - 000000000 ____D C:\Users\Admin\AppData\Local\Packages
2018-09-14 14:47 - 2017-12-05 17:54 - 000000000 ___RD C:\Users\Admin\3D Objects
2018-09-14 14:47 - 2016-02-13 15:12 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-09-14 14:44 - 2018-05-18 09:48 - 000407016 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ___RD C:\Program Files\Windows Defender
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-09-14 14:41 - 2018-04-11 23:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-09-12 07:46 - 2015-02-04 11:36 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-09-12 07:44 - 2015-02-04 11:36 - 139184408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-09-12 01:55 - 2018-05-18 10:10 - 000004640 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-09-12 01:55 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-09-12 01:55 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-09-11 01:19 - 2016-05-22 14:03 - 000000000 ____D C:\Users\Admin\AppData\Local\Publishers
2018-09-09 16:41 - 2018-03-06 18:39 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Brother
2018-09-07 16:02 - 2018-08-16 08:37 - 000000000 ____D C:\Users\Admin\Desktop\FOTO SBS
2018-09-06 14:34 - 2018-05-18 10:10 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2547403967-366569612-2425474682-1001
2018-09-06 14:34 - 2018-05-18 09:52 - 000002425 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-09-06 14:34 - 2015-02-07 14:59 - 000000000 ___RD C:\Users\Admin\OneDrive
2018-09-05 01:04 - 2018-07-25 11:49 - 000835144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-09-05 01:04 - 2018-07-25 11:49 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-09-03 18:43 - 2018-08-10 16:44 - 000000000 ____D C:\Users\Admin\Desktop\volby foto
2018-08-27 20:18 - 2015-04-08 18:09 - 000000000 ____D C:\Users\Admin\Downloads\Response
2018-08-27 13:00 - 2018-07-03 15:42 - 000001948 _____ C:\Users\Admin\AppData\Roaming\Doprava.UserPrint.newconfig

==================== Files in the root of some directories =======

2017-11-23 16:50 - 2017-11-23 16:50 - 000021368 _____ (Schneider Electric) C:\Users\Admin\en_res.dll
2017-11-23 16:50 - 2017-11-23 16:50 - 000021368 _____ (Schneider Electric) C:\Users\Admin\es_res.dll
2017-11-23 16:50 - 2017-11-23 16:50 - 000021880 _____ (Schneider Electric) C:\Users\Admin\fr_res.dll
2017-11-23 16:50 - 2017-11-23 16:50 - 000021880 _____ (Schneider Electric) C:\Users\Admin\grm_res.dll
2017-11-23 16:50 - 2017-11-23 16:50 - 000021368 _____ (Schneider Electric) C:\Users\Admin\it_res.dll
2017-11-23 16:50 - 2017-11-23 16:50 - 000020344 _____ (Schneider Electric) C:\Users\Admin\jp_res.dll
2017-11-23 16:50 - 2017-11-23 16:50 - 001079808 _____ (Microsoft Corporation) C:\Users\Admin\mfc80u.dll
2017-11-23 16:50 - 2017-11-23 16:50 - 000626688 _____ (Microsoft Corporation) C:\Users\Admin\msvcr80.dll
2017-11-23 16:50 - 2017-11-23 16:50 - 013923704 _____ (Schneider Electric) C:\Users\Admin\PCPE Setup.exe
2017-11-23 16:50 - 2017-11-23 16:50 - 000021368 _____ (Schneider Electric) C:\Users\Admin\pt_res.dll
2017-11-23 16:50 - 2017-11-23 16:50 - 000018808 _____ () C:\Users\Admin\ResourceReader.dll
2017-11-23 16:50 - 2017-11-23 16:50 - 000020856 _____ (Schneider Electric) C:\Users\Admin\ru_res.dll
2017-11-23 16:50 - 2017-11-23 16:50 - 000019832 _____ (Schneider Electric) C:\Users\Admin\zh_res.dll
2015-03-21 18:54 - 2018-07-20 18:11 - 000002392 _____ () C:\Users\Admin\AppData\Roaming\ADMIN-PC.MTBF.txt
2018-07-03 15:42 - 2018-08-27 13:00 - 000001948 _____ () C:\Users\Admin\AppData\Roaming\Doprava.UserPrint.newconfig
2015-03-21 18:55 - 2018-07-23 13:12 - 000002226 _____ () C:\Users\Admin\AppData\Roaming\__AvidCloudManager.log
2015-03-21 18:55 - 2018-06-06 21:28 - 000001702 _____ () C:\Users\Admin\AppData\Roaming\__AvidCloudManagerPrevious.log
2018-04-07 16:54 - 2018-04-07 16:54 - 000001899 _____ () C:\Users\Admin\AppData\Local\34A67AB56AD44e49A44ADF390E67282D.Rozvržení2.lbx
2015-03-21 19:05 - 2017-12-17 15:29 - 000006656 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-12 10:23 - 2015-02-13 14:52 - 001065984 _____ () C:\Users\Admin\AppData\Local\file__0.localstorage

Some files in TEMP:
====================
2018-09-17 20:12 - 2018-09-17 20:12 - 000503208 _____ (Piriform Ltd) C:\Users\Admin\AppData\Local\Temp\ccupdate.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-18 09:48

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.09.2018
Ran by Admin (18-09-2018 15:59:08)
Running from C:\Users\Admin\Desktop
Windows 10 Home Version 1803 17134.285 (X64) (2018-05-18 08:11:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-2547403967-366569612-2425474682-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2547403967-366569612-2425474682-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2547403967-366569612-2425474682-503 - Limited - Disabled)
Guest (S-1-5-21-2547403967-366569612-2425474682-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2547403967-366569612-2425474682-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Smart Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{345F3F90-0505-4EDF-B7A9-5E3AC1AC6CE4}) (Version: 15.2.1 - Hewlett-Packard) Hidden
7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 18.011.20058 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)
AdWords Editor (HKLM-x32\...\{0584D7C0-AAFD-11E8-BC5D-DC4A3E998CF6}) (Version: 12.5.3.0 - Google)
AmaSeis version 3.2 Level 2012.07.06 (HKLM-x32\...\{88A3C4BA-F79F-4DF1-8646-9BC0E6DC27AE}_is1) (Version: 3.2 Level 2012.07.06 - IRIS)
APP Center (HKLM-x32\...\{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.17.0801 - Gigabyte) Hidden
APP Center (HKLM-x32\...\InstallShield_{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.17.0801 - Gigabyte)
Balsamiq Mockups 3 (HKLM-x32\...\{51829447-5720-3DA1-0BD1-24A2890CFCA7}) (Version: 3.4.2 - Balsamiq SRL) Hidden
Balsamiq Mockups 3 (HKLM-x32\...\BalsamiqMockups3.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1) (Version: 3.4.2 - Balsamiq SRL)
Brother Printer Setting Tool (HKLM-x32\...\{8DA2E2DC-C572-4F87-89FC-833DB588CC7B}) (Version: 1.6.0051 - Brother Industries, Ltd.)
Brother P-touch Editor 5.2 (HKLM-x32\...\{456127E4-D660-4680-8C96-609AD6C485E2}) (Version: 5.2.0110 - Brother Industries, Ltd.)
Brother P-touch Update Software (HKLM-x32\...\{F378BDF5-4CE7-461B-990D-F409BB9C0CB9}) (Version: 1.0.0140 - Brother Industries, Ltd.)
Brother PT-P700 Series Utility (HKLM-x32\...\{8F7AD37E-A622-468A-9DC5-CDB5A4341535}) (Version: 1.00.7046 - Brother Industries, ltd.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6499 - CDBurnerXP)
Creative Pack Volume 1 (HKLM-x32\...\{05181A78-3BA6-4B63-BCE8-888A4BCAACFA}) (Version: 3.0.1 - Corel Corporation)
Dazzle Video Capture DVC100 X64 Driver 1.06 (HKLM-x32\...\{BFF23267-1D19-444E-93E2-E5059BE805EA}) (Version: 1.06.0000 - Pinnacle)
ESET Smart Security (HKLM\...\{90F08DAA-64CD-40CE-B42A-C5AEBE81C86B}) (Version: 10.1.204.1 - ESET, spol. s r.o.)
FormApps Signing Extension (HKLM-x32\...\{1896CB18-36FE-4AA6-8F9C-F42C087941CD}) (Version: 2.19.0.37 - Software602 a.s.)
Free Screen To Video V 2.0 (HKLM-x32\...\Free Screen To Video_is1) (Version: 2.0.0.0 - Koyote Soft)
GnuWin32: Wget-1.11.4-1 (HKLM-x32\...\Wget-1.11.4-1_is1) (Version: 1.11.4-1 - GnuWin32)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HappyFoto-Designer 5.4 (HKLM-x32\...\HappyFoto-Designer_is1) (Version: - )
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.295 - SurfRight B.V.)
Hollywood FX Volumes 1-3 (HKLM-x32\...\{E3D181F8-246B-497F-945E-6DB98CBA6677}) (Version: 2.0.1 - Corel Corporation)
HP Color LaserJet Pro MFP M476 (HKLM-x32\...\{4b849805-3b07-4b35-874a-705c0d103672}) (Version: 10.0.13302.320 - Hewlett-Packard)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.002.004 - Hewlett-Packard)
HPCLJProMFPM476 (HKLM-x32\...\{C44C593D-3009-4D03-910E-243050C5E193}) (Version: 0.05.0000 - Hewlett-Packard)
HPDXP (HKLM-x32\...\{6BAA82C9-42B6-4B7D-A490-23EAC0E70C17}) (Version: 3.0.26.15 - HP) Hidden
HPLJDXPHelper (HKLM-x32\...\{5E4DD8C2-A906-4F1B-94B6-4F6A51D625B2}) (Version: 060.048.005 - HP) Hidden
HPLJUTCore (HKLM-x32\...\{30DD7187-F392-4D83-8AED-D9A2DC64EF15}) (Version: 008.000.0001 - HP) Hidden
HPLJUTM476 (HKLM-x32\...\{92AB9371-D327-4D56-9BDD-B38A671A631D}) (Version: 010.000.0001 - HP) Hidden
hppLaserJetService (HKLM-x32\...\{743A3155-96BD-4660-8E73-A23FBE10F3AF}) (Version: 009.033.00906 - Hewlett-Packard) Hidden
hppM476LaserJetService (HKLM-x32\...\{CD86BE42-2844-4A15-A487-0F60CAB31664}) (Version: 001.034.00634 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (HKLM-x32\...\{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}) (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (HKLM-x32\...\{853F464A-B2B8-404E-BA3E-B98FF6862C41}) (Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
hpStatusAlerts (HKLM-x32\...\{06CE2B24-EC8C-4847-AF33-098255B5D32D}) (Version: 100.040.00198 - Hewlett Packard) Hidden
hpStatusAlertsM476 (HKLM-x32\...\{C864CA6F-3A1D-45B5-A115-C8D47CAE3845}) (Version: 100.046.00121 - Hewlett-Packard) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{d370215a-d003-43ae-a3b6-1028af64d5a1}) (Version: 10.0.20 - Intel(R) Corporation) Hidden
K-Lite Mega Codec Pack 10.0.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.0.5 - )
Lenovo Phone Manager (HKLM-x32\...\{5E794B10-7A71-4B45-BFD7-41FFF3C20E49}) (Version: 1.4.1.10098 - Lenovo)
LenovoUsbDriver 1.0.13 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.0.13 - Lenovo)
LJDXPHelperUI (HKLM-x32\...\{EAECD0D7-F27D-4F13-8312-A9C0B5C5F1B7}) (Version: 060.048.005 - HP) Hidden
Locklizard Safeguard - PDF Viewer (HKLM-x32\...\Locklizard Safeguard - PDF Viewer_sf) (Version: 2.6.41 - Locklizard Ltd.)
Malwarebytes verze 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 2013 pro podnikatele - cs-cz (HKLM\...\HomeBusinessRetail - cs-cz) (Version: 15.0.4981.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2547403967-366569612-2425474682-1001\...\OneDriveSetup.exe) (Version: 18.151.0729.0006 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 39.0.3 (x86 cs) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 cs)) (Version: 39.0.3 - Mozilla)
Mozilla Firefox 40.0.3 (x86 cs) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 cs)) (Version: 40.0.3 - Mozilla)
Mozilla Firefox 42.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 cs)) (Version: 42.0 - Mozilla)
Mozilla Firefox 43.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 cs)) (Version: 43.0.1 - Mozilla)
Mozilla Firefox 45.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 45.0 (x86 cs)) (Version: 45.0 - Mozilla)
Mozilla Firefox 45.0.2 (x86 cs) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 cs)) (Version: 45.0.2 - Mozilla)
Mozilla Firefox 46.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 cs)) (Version: 46.0.1 - Mozilla)
Mozilla Firefox 47.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 cs)) (Version: 47.0 - Mozilla)
Mozilla Firefox 48.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 48.0.1 (x86 cs)) (Version: 48.0.1 - Mozilla)
Mozilla Firefox 48.0.2 (x86 cs) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 cs)) (Version: 48.0.2 - Mozilla)
Mozilla Firefox 49.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 cs)) (Version: 49.0.1 - Mozilla)
Mozilla Firefox 52.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 52.0.1 (x86 cs)) (Version: 52.0.1 - Mozilla)
Mozilla Firefox 52.0.2 (x86 cs) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 cs)) (Version: 52.0.2 - Mozilla)
Mozilla Firefox 56.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 cs)) (Version: 56.0 - Mozilla)
Mozilla Firefox 57.0.3 (x64 cs) (HKLM\...\Mozilla Firefox 57.0.3 (x64 cs)) (Version: 57.0.3 - Mozilla)
Mozilla Firefox 57.0.4 (x64 cs) (HKLM\...\Mozilla Firefox 57.0.4 (x64 cs)) (Version: 57.0.4 - Mozilla)
Mozilla Firefox 58.0 (x64 cs) (HKLM\...\Mozilla Firefox 58.0 (x64 cs)) (Version: 58.0 - Mozilla)
Mozilla Firefox 59.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.3 (x64 en-US)) (Version: 59.0.3 - Mozilla)
Mozilla Firefox 62.0 (x64 cs) (HKLM\...\Mozilla Firefox 62.0 (x64 cs)) (Version: 62.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0 - Mozilla)
Nitro Reader 3 (HKLM\...\{9EA981E5-EE67-4662-86F1-58937D31FE07}) (Version: 3.5.6.5 - Nitro)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0405-0000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
PDF24 Creator 8.4.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Pinnacle Studio 17 - Install Manager (HKLM-x32\...\{F04D92CC-5C3A-46FA-9C98-6EACBDD262FF}) (Version: 17.0.127 - Corel Corporation)
Pinnacle Studio 17 - Standard Content Pack (HKLM-x32\...\{BA98BFA8-5EDF-450B-A92E-C096DC135D0E}) (Version: 17.0 - Corel Corporation)
Pinnacle Studio 17 (HKLM-x32\...\{3DA8F808-72E2-4361-82EC-433081D23005}) (Version: 17.0.0.127 - Corel Corporation)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.12.0 - Prolific Technology INC)
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
Premium Pack Volumes 1-2 (HKLM-x32\...\{88C4D8A6-9954-46A0-965D-92E55DAB8734}) (Version: 2.0.1 - Corel Corporation)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7256 - Realtek Semiconductor Corp.)
ScoreFitter Volumes 1-2 (HKLM-x32\...\{0FDA9ECA-6DA3-480E-B7A9-76F353AF6B6C}) (Version: 2.0.1 - Corel Corporation)
Seznam Software (HKU\S-1-5-21-2547403967-366569612-2425474682-1001\...\SeznamInstall) (Version: 2.1.32 - Seznam.cz)
Skype™ 7.28 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 7.28.101 - Skype Technologies S.A.)
STORMWARE GLX CZ Mini (HKLM-x32\...\{9561B758-DFD0-42C4-80D3-CEA2BB77DE34}) (Version: 10900.11 - STORMWARE)
STORMWARE POHODA E1 Klient CZ Komplet (HKLM-x32\...\{FADE360D-9615-472E-94FE-E69C7E50D2DE}) (Version: 11901.7 - STORMWARE)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.95388 - TeamViewer)
Title Extreme (HKLM-x32\...\{F7214014-27EE-4237-9978-2F9D1551559B}) (Version: 2.0.1 - Corel Corporation)
TP-LINK TL-WN781ND Driver (HKLM-x32\...\{87C7B472-9BC2-43C8-9F03-86D2908E1A51}) (Version: 1.3.1 - TP-LINK)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Web Components (HKLM-x32\...\{03B13AF8-9625-478A-AF0E-205337B9415A}_is1) (Version: - )
Zebra Font Downloader (HKLM-x32\...\Zebra Font Downloader_is1) (Version: - Zebra Technologies Corporation)
Zebra Setup Utilities (HKLM-x32\...\{9207A8EC-3B2D-4A4A-8BF7-957FC19BB3DE}) (Version: 1.1.9.1245 - Zebra Technologies) Hidden
Zebra Setup Utilities (HKLM-x32\...\Zebra Setup Utilities) (Version: 1.1.9.1245 - Zebra Technologies)
Zoom (HKU\S-1-5-21-2547403967-366569612-2425474682-1001\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2547403967-366569612-2425474682-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2547403967-366569612-2425474682-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-12-08] (ESET)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-12-08] (ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-10-20] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-12-08] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C05C409-14A3-4984-9D1A-DF9BDFF24267} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {11C6A59A-6FAD-4BA6-B101-6425E3E0A300} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2547403967-366569612-2425474682-1001UA => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2017-08-01] (Google Inc.)
Task: {18820D4A-E1AB-4DE8-8B48-86A1801AAA3E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-17] (Piriform Ltd)
Task: {2F100463-4CFE-48CA-8F13-5BCA9480BA46} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {36744E1E-425E-49AF-B7B0-64F80BF44632} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-18] (Google Inc.)
Task: {3CE4D5CC-7A57-411D-8B2C-8DB3A5FB8089} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3FA4FEF2-EA43-4824-81D3-214AA4864543} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3FC5158E-560D-47B9-9F07-C217A27FB87D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {4765248E-E6F9-48B7-9ABD-2E7FC416C393} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {4CE19C44-A739-4920-A4BF-659D0A203215} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {517314D1-59D1-4B88-86E9-405368CBEE2A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {526A2D94-D226-4956-958B-8D999A662858} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5F31E154-E87C-4CCE-A97D-D05C3F1EFDF5} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {6EF8898B-11BE-441B-9C26-67FED1CF34C3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {75A262FB-1018-4536-90DF-5B8B100BAC5E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {85A96576-AC74-4CF2-933D-18E4B37F4102} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8A6BC92F-6142-4162-A090-5AD2D91E59E5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9D2D7911-8F1D-428C-A9E5-B39139DF08E8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9D754218-192A-4683-BC17-BE8846090B1A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-17] (Piriform Ltd)
Task: {AED8FC15-4B0B-4C66-B335-093A59C56878} - \WPD\SqmUpload_S-1-5-21-2547403967-366569612-2425474682-1001 -> No File <==== ATTENTION
Task: {B23576FA-FC80-43FA-A6E8-59539C64120E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {BE48009D-3AE9-4E2C-B7D1-CAD4A73E27E8} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_108_Plugin.exe [2018-09-12] (Adobe Systems Incorporated)
Task: {C04E9874-6F3C-4AED-B2DD-D005B087839E} - System32\Tasks\lenovo mobile auto run => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2015-01-27] (Lenovo)
Task: {CC0A7CC4-2B2B-4CFD-97B3-C177137D7C55} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-18] (Google Inc.)
Task: {D57EE19C-C7EC-413D-B284-2836A7DF78F4} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2013-04-16] (Hewlett Packard)
Task: {D6414FAE-C2A7-4054-89A5-BA0232F9CE47} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {D9D82A75-8278-4159-9F5B-6E6E5B78208A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2547403967-366569612-2425474682-1001Core => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2017-08-01] (Google Inc.)
Task: {E8418ABA-43A6-49CC-B909-6C7E25126086} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {F1E9D1D2-F4F4-476B-B118-23EF8A6580C7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-09-12] (Adobe Systems Incorporated)
Task: {FC424B6D-051E-4375-98F6-1331DC197CEC} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {FC6B5B21-A07C-496D-BFE4-573F01C3A898} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Admin\Desktop\exporty - zitra.lnk -> C:\Users\Admin\Desktop\2hmoto\Import-export\exporty-zitra.bat ()
Shortcut: C:\Users\Admin\Desktop\exporty.lnk -> C:\Users\Admin\Desktop\2hmoto\Import-export\exporty.bat ()

==================== Loaded Modules (Whitelisted) ==============

2018-04-12 01:34 - 2018-04-12 01:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2015-02-20 18:24 - 2012-08-31 16:03 - 000288768 _____ () C:\WINDOWS\System32\HP1100LM.DLL
2017-07-10 14:22 - 2012-08-31 16:02 - 000074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2018-03-10 17:29 - 2018-03-01 11:39 - 000020208 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2018-04-15 20:07 - 2016-02-25 15:39 - 002839552 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpM11M13su.dll
2018-04-15 20:07 - 2016-02-25 15:39 - 001038336 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\HPM11M13GC.dll
2015-04-14 15:27 - 2015-04-14 15:27 - 000016896 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
2015-02-07 14:40 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2018-09-17 20:30 - 2018-07-24 12:32 - 002681424 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-04-07 17:55 - 2017-11-13 16:46 - 000092368 _____ () C:\Users\Admin\AppData\Roaming\Seznam.cz\bin\3095libfoxloader-x64.dll
2017-10-20 17:42 - 2017-10-20 17:42 - 000393200 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-07-12 15:17 - 2017-07-12 15:17 - 001244080 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe
2018-09-13 09:08 - 2018-08-31 05:12 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-17 03:39 - 2018-07-17 03:39 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-07-17 03:39 - 2018-07-17 03:39 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-17 03:39 - 2018-07-17 03:39 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-07-17 03:39 - 2018-07-17 03:39 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-10 19:42 - 2018-07-10 19:42 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-09-12 21:12 - 2018-09-12 21:13 - 035124736 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-09-12 21:12 - 2018-09-12 21:13 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-09-12 21:12 - 2018-09-12 21:12 - 006417408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-26 17:47 - 2017-09-26 17:47 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-09-12 21:12 - 2018-09-12 21:12 - 009010176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\EntPlat.dll
2017-04-05 19:43 - 2017-11-13 16:38 - 000506064 _____ () C:\Users\Admin\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
2017-04-05 19:43 - 2017-02-08 13:39 - 000080576 _____ () C:\Users\Admin\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
2018-08-29 01:18 - 2018-08-29 01:19 - 000479232 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-08-29 01:18 - 2018-08-29 01:19 - 069283840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-05 09:53 - 2017-10-05 09:54 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-08-17 11:37 - 2018-08-17 11:37 - 000049664 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-08-29 01:18 - 2018-08-29 01:18 - 003699200 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-05-04 05:01 - 2018-05-04 05:02 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-08-29 01:18 - 2018-08-29 01:19 - 000035328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-08-17 11:37 - 2018-08-17 11:37 - 002480640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\opencv_imgproc320.dll
2018-08-17 11:37 - 2018-08-17 11:37 - 002280960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\opencv_core320.dll
2018-03-30 00:26 - 2018-03-30 00:27 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-08-29 01:18 - 2018-08-29 01:19 - 014333440 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-08-29 01:18 - 2018-08-29 01:18 - 003544576 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-08-29 01:18 - 2018-08-29 01:18 - 002869248 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-08-29 01:18 - 2018-08-29 01:19 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-27 19:48 - 2018-07-27 19:49 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-04-15 20:07 - 2016-02-25 15:39 - 000374272 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpM11M13sd.dll
2018-08-08 21:42 - 2018-08-08 02:41 - 004855640 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libglesv2.dll
2018-08-08 21:42 - 2018-08-08 02:41 - 000115544 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libegl.dll
2017-11-23 16:47 - 2017-11-13 16:49 - 000085200 _____ () C:\Users\Admin\AppData\Roaming\Seznam.cz\bin\9223libfoxloader.dll
2015-01-27 17:10 - 2015-01-27 17:10 - 000109736 _____ () C:\Program Files (x86)\MagicPlus\crashreport.dll
2015-01-27 17:10 - 2015-01-27 17:10 - 000354472 _____ () C:\Program Files (x86)\MagicPlus\UsbHelper.dll
2014-01-22 13:53 - 2014-01-22 13:53 - 001607680 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\BDR_info.dll
2015-02-16 10:47 - 2015-02-16 10:47 - 000105472 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\ycc.dll
2017-04-05 19:43 - 2018-02-21 11:36 - 000869584 _____ () C:\Users\Admin\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
2014-03-20 12:43 - 2014-03-20 12:43 - 001241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Admin\Desktop\1seznam.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\1seznam.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\2seznam.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\2seznam.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\aci opr.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\aci opr.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap4.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\czcdobro.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\czcdobro.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\fakm1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\fakm1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\fakm2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\fakm2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\geis scan.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\geis scan.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\GEIS zrušit.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\GEIS zrušit.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\geisreklam1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\geisreklam1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\geisreklam2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\geisreklam2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\geiszz.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\geiszz.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\k2moto.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\k2moto.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\karel1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\karel1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\karel2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\karel2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\karel3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\karel3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\mtz faktura prox inter.jpg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\mtz faktura prox inter.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\mtz fakturaprox.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\mtz fakturaprox.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\navod.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\navod.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\navod2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\navod2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\njm1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\njm1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\njm2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\njm2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\njm3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\njm3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\njm4.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\njm4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\O1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\O1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\O2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\O2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\p1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\p1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\p2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\p2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\p3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\p3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\p4.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\p4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\seznam smlouva 2018.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\seznam smlouva 2018.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\smlouva vito 1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\smlouva vito 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\smlouva vito 2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\smlouva vito 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T4.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T5.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T5.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T6.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T6.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\tp1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\tp1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\tp2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\tp2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\tp3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\tp3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\UP Vlada.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\UP Vlada.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\vt.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\vt.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\zdenazadost.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\zdenazadost.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Documents\kodex1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Documents\kodex1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Documents\kodex2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Documents\kodex2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Documents\kodex3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Documents\kodex3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Documents\kodex3a.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Documents\kodex3a.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09172018204013587\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2547403967-366569612-2425474682-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F795A73E-0293-48D2-AB42-8C103C20AD39}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6201AF9B-1F22-4328-9557-6FEAFCCA5052}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{02BCD9DF-1088-4EE9-BF9E-C676245030D9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6C3AF8EC-0CC0-489C-A367-87D62ACB2CE2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7B7CF6A5-5945-476E-A332-F3494CD90628}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{16C041EF-53E3-498B-AD37-2360B78FFC07}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M476\bin\EWSProxy.exe
FirewallRules: [{1B076A7B-35FC-47E3-9ED6-82259BF0180F}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M476\bin\FaxApplications.exe
FirewallRules: [{081F1A42-E0CD-4970-B083-DC860A7F7789}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M476\bin\DigitalWizards.exe
FirewallRules: [{D481106C-2EDF-4C48-95B9-17C84EBC4DD0}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M476\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{1011BEBA-1C35-49E8-9B6A-75D3CD20A084}] => (Allow) C:\Program Files\HP\HP Color LaserJet Pro MFP M476\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{51FB98C5-0BDA-4324-95EA-A7E7731D5782}] => (Allow) C:\Program Files\HP\HP Color LaserJet Pro MFP M476\bin\FaxPrinterUtility.exe
FirewallRules: [{FBDD0F82-B960-4D65-B675-8F6C4F1F2AC9}] => (Allow) C:\Program Files\HP\HP Color LaserJet Pro MFP M476\bin\SendAFax.exe
FirewallRules: [{EFFD4A87-FAB0-41F5-90E6-D0E1D94638BB}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\UMI.exe
FirewallRules: [{2376BC9A-C3EF-4EFE-9F6B-774EE5E2B24E}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\UMI.exe
FirewallRules: [{B411437F-A4DB-4285-9596-1515CDBB3182}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\NGStudio.exe
FirewallRules: [{934EA327-76A9-48CD-9AE8-BBA0058DFCB6}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\NGStudio.exe
FirewallRules: [{940E5BE0-A9C4-4B4E-ACA1-D5F63B64ADE5}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\RM.exe
FirewallRules: [{DC539DFF-DA0C-486A-83D2-BBA8E406D0B1}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\RM.exe
FirewallRules: [UDP Query User{B06AEC4D-5016-4739-9F93-4FC02BC586F3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{56931A72-63EE-4109-BC74-FB31C939B856}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{66485757-8A4A-4A18-9AB7-F30CFD8D694C}] => (Allow) LPort=427
FirewallRules: [{B2AFBF5C-B415-4991-80AA-E1E675D79CA3}] => (Allow) LPort=161
FirewallRules: [{551B51A3-FF28-447C-B20F-CDD6BF0DAE20}] => (Allow) LPort=427
FirewallRules: [{D1CDD011-9817-49BE-9F78-9F20FEAD108B}] => (Allow) LPort=9100
FirewallRules: [UDP Query User{3EB6306E-2505-493C-91B1-EC354FC84692}C:\program files (x86)\gigabyte\appcenter\gbupdate.exe] => (Allow) C:\program files (x86)\gigabyte\appcenter\gbupdate.exe
FirewallRules: [TCP Query User{32C4F8A7-0B3B-44B0-B68C-28034FF9DC04}C:\program files (x86)\gigabyte\appcenter\gbupdate.exe] => (Allow) C:\program files (x86)\gigabyte\appcenter\gbupdate.exe
FirewallRules: [{30B7D373-6355-44B6-9E6F-A90172EF37FA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{25ECA732-91A6-4F0F-84AC-5614AF3E76D3}C:\program files (x86)\magicplus\magicplus.exe] => (Allow) C:\program files (x86)\magicplus\magicplus.exe
FirewallRules: [UDP Query User{9DE90534-BB16-4BF9-907A-26E4D45F4E87}C:\program files (x86)\magicplus\magicplus.exe] => (Allow) C:\program files (x86)\magicplus\magicplus.exe
FirewallRules: [{F80B7D57-5307-44DD-862A-F4906722B298}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F75E6FC8-B433-4ED1-B115-7691A932636B}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{CD5BFDF3-6502-4C2A-B348-BECBC5B4BF0C}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{CFC605A1-F4C4-4677-AA38-1E7415714143}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4A3547CF-8B0D-4541-B236-7521D580F326}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/18/2018 03:44:51 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\MagicPlus\MagicPlus.exe se nezdařilo. Chyba v souboru manifestu nebo zásad na řádku .
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.285_none_fb4297e330656775.manifest.
Součást 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.285_none_42efceba44e1907b.manifest.

Error: (09/18/2018 03:09:47 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\MagicPlus\MagicPlus.exe se nezdařilo. Chyba v souboru manifestu nebo zásad na řádku .
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.285_none_fb4297e330656775.manifest.
Součást 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.285_none_42efceba44e1907b.manifest.

Error: (09/18/2018 03:08:35 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\MagicPlus\MagicPlus.exe se nezdařilo. Chyba v souboru manifestu nebo zásad na řádku .
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.285_none_fb4297e330656775.manifest.
Součást 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.285_none_42efceba44e1907b.manifest.

Error: (09/18/2018 11:26:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny RegSetValueExW(0x00000500,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000006C62CFE7D0.72) došlo k neočekávané chybě. hr= 0x80070005, Přístup byl odepřen.
.

Error: (09/18/2018 11:26:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny RegSetValueExW(0x0000091c,(null),0,REG_BINARY,0000002A492FD470.72) došlo k neočekávané chybě. hr= 0x80070005, Přístup byl odepřen.
.


Operace:
Událost BackupShutdown

Kontext:
Kontext spuštění: Writer
ID třídy modulu pro zápis: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Název modulu pro zápis: MSSearch Service Writer
ID instance modulu pro zápis: {635cf57b-71b0-4f3f-b587-4bb41cd6a712}

Error: (09/18/2018 11:26:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny RegSetValueExW(0x00000270,(null),0,REG_BINARY,0000007B8527D550.72) došlo k neočekávané chybě. hr= 0x80070005, Přístup byl odepřen.
.


Operace:
Událost BackupShutdown

Kontext:
Kontext spuštění: Writer
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {5caf8f62-d467-4d72-a116-f604de0ad125}

Error: (09/18/2018 11:26:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny RegSetValueExW(0x00000270,(null),0,REG_BINARY,0000002BDC5FD5F0.72) došlo k neočekávané chybě. hr= 0x80070005, Přístup byl odepřen.
.


Operace:
Událost BackupShutdown

Kontext:
Kontext spuštění: Writer
ID třídy modulu pro zápis: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Název modulu pro zápis: WMI Writer
ID instance modulu pro zápis: {fe1a4fa5-31d8-4f4e-a956-270b6e56199f}

Error: (09/18/2018 11:26:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny RegSetValueExW(0x0000091c,(null),0,REG_BINARY,0000002A492FD480.72) došlo k neočekávané chybě. hr= 0x80070005, Přístup byl odepřen.
.


Operace:
Událost BackupShutdown

Kontext:
Kontext spuštění: Writer
ID třídy modulu pro zápis: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Název modulu pro zápis: MSSearch Service Writer
ID instance modulu pro zápis: {635cf57b-71b0-4f3f-b587-4bb41cd6a712}


System errors:
=============
Error: (09/18/2018 03:43:27 PM) (Source: DCOM) (EventID: 10016) (User: Admin-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Admin-PC\Admin (SID: S-1-5-21-2547403967-366569612-2425474682-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (09/18/2018 03:40:29 PM) (Source: DCOM) (EventID: 10016) (User: Admin-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Admin-PC\Admin (SID: S-1-5-21-2547403967-366569612-2425474682-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (09/18/2018 01:50:24 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Volání ScRegSetValueExW skončilo neúspěšné pro Type s touto chybou:
Přístup byl odepřen.

Error: (09/18/2018 12:50:28 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Volání ScRegSetValueExW skončilo neúspěšné pro Type s touto chybou:
Přístup byl odepřen.

Error: (09/18/2018 12:50:27 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Volání ScRegSetValueExW skončilo neúspěšné pro DeleteFlag s touto chybou:
Přístup byl odepřen.

Error: (09/18/2018 12:19:08 PM) (Source: DCOM) (EventID: 10016) (User: Admin-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
a APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
uživateli Admin-PC\Admin (SID: S-1-5-21-2547403967-366569612-2425474682-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (09/18/2018 10:51:09 AM) (Source: DCOM) (EventID: 10016) (User: Admin-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Admin-PC\Admin (SID: S-1-5-21-2547403967-366569612-2425474682-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (09/18/2018 10:49:23 AM) (Source: DCOM) (EventID: 10016) (User: Admin-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Admin-PC\Admin (SID: S-1-5-21-2547403967-366569612-2425474682-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


Windows Defender:
===================================
Date: 2018-09-17 15:50:41.548
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:JS/CoinHive.A
ID: 2147729066
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\ProgramData\ESET\ESET Security\httpblk.dat; file:_C:\Windows\System32\config\systemprofile\AppData\Local\ESET\ESET Security\Quarantine\0544FD0AE1797A6F5F357A2E82677B55A3048A8E.tmp
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\ESET\ESET Security\ekrn.exe
Verze podpisu: AV: 1.275.1362.0, AS: 1.275.1362.0, NIS: 1.275.1362.0
Verze modulu: AM: 1.1.15200.1, NIS: 1.1.15200.1

Date: 2018-09-17 15:50:41.424
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:JS/CoinHive.A
ID: 2147729066
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Windows\System32\config\systemprofile\AppData\Local\ESET\ESET Security\Quarantine\0544FD0AE1797A6F5F357A2E82677B55A3048A8E.tmp
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\ESET\ESET Security\ekrn.exe
Verze podpisu: AV: 1.275.1362.0, AS: 1.275.1362.0, NIS: 1.275.1362.0
Verze modulu: AM: 1.1.15200.1, NIS: 1.1.15200.1

Date: 2018-09-14 14:55:24.256
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {66A48287-BEB0-48C4-9B23-B171CA677D5C}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

CodeIntegrity:
===================================

Date: 2018-05-18 10:13:35.051
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.

Date: 2018-05-18 10:13:34.549
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.

Date: 2018-05-18 10:13:15.605
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.

Date: 2018-05-18 10:13:14.708
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4160 CPU @ 3.60GHz
Percentage of memory in use: 32%
Total physical RAM: 16249.14 MB
Available physical RAM: 10999.41 MB
Total Virtual: 18681.14 MB
Available Virtual: 13623.24 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.73 GB) (Free:742.33 GB) NTFS

\\?\Volume{1950d401-abba-11e4-824e-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.34 GB) (Free:0.07 GB) NTFS
\\?\Volume{ef91a368-0000-0000-0000-80c4e8000000}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: EF91A368)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

Re: Pomoc s odstraněním JS/CoinMiner.AH LOGY RSIT

Napsal: 18 zář 2018 15:00
od KEnik
Zde logy díky
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.09.2018
Ran by Admin (administrator) on ADMIN-PC (18-09-2018 15:58:14)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Windows 10 Home Version 1803 17134.285 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: "kernel32::GetLongPathNameW(w R8, w .R7, i 1024)i .R6" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
() C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo) C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Users\Admin\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
() C:\Users\Admin\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\StatusAlerts\bin\HPStatusAlerts.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(BHIT CZ s.r.o.) \\192.168.1.30\pohodae1\BHIT\scripts\Doprava.PrintServer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Malwarebytes) C:\Users\Admin\Downloads\adwcleaner_7.2.3.1.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Users\Admin\Downloads\adwcleaner_7.2.3.1.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-05-27] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [324216 2017-12-08] (ESET)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1087960 2014-03-20] (Intel Corporation)
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313656 2013-10-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [MagicPlusHelper] => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2499240 2015-01-27] (Lenovo)
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [432776 2018-06-28] (Geek Software GmbH)
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe [8192 2013-04-29] ()
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09172018204013587\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-2547403967-366569612-2425474682-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29625472 2016-09-12] (Skype Technologies S.A.)
HKU\S-1-5-21-2547403967-366569612-2425474682-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Admin\AppData\Roaming\Seznam.cz\szninstall.exe [1069296 2018-03-27] ()
HKU\S-1-5-21-2547403967-366569612-2425474682-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Admin\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [109808 2018-03-27] ()
HKU\S-1-5-21-2547403967-366569612-2425474682-1001\...\Run: [Google Update] => C:\Users\Admin\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-16] (Google Inc.)
HKU\S-1-5-21-2547403967-366569612-2425474682-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-17] (Piriform Ltd)
HKU\S-1-5-21-2547403967-366569612-2425474682-1001\...\MountPoints2: {0ddbb37f-67d6-11e7-82d2-fcaa143088de} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2547403967-366569612-2425474682-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [804352 2018-04-12] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2017-11-23]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.20
Tcpip\..\Interfaces\{2ecf7463-c25f-4421-ace9-e81e7483848e}: [DhcpNameServer] 192.168.1.20
Tcpip\..\Interfaces\{d73f3e4d-3dba-49e7-9cbd-f4fad297583b}: [DhcpNameServer] 192.168.1.20

Internet Explorer:
==================
HKU\S-1-5-21-2547403967-366569612-2425474682-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
SearchScopes: HKU\S-1-5-21-2547403967-366569612-2425474682-1001 -> {10B30B9E-B179-4DAF-83F3-6173745ADEE1} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_28314
SearchScopes: HKU\S-1-5-21-2547403967-366569612-2425474682-1001 -> {32581500-F635-49F7-BEB0-353764B82682} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_28314
SearchScopes: HKU\S-1-5-21-2547403967-366569612-2425474682-1001 -> {3D1E74E4-F7A9-43A8-963E-FC4C9168CAC7} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_28314
SearchScopes: HKU\S-1-5-21-2547403967-366569612-2425474682-1001 -> {511AE949-4F4D-4D77-9E28-AED215573709} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_28314
SearchScopes: HKU\S-1-5-21-2547403967-366569612-2425474682-1001 -> {81B9A75E-DE17-467D-AD3F-CD4EEAA8B752} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_28314
SearchScopes: HKU\S-1-5-21-2547403967-366569612-2425474682-1001 -> {CAFDF499-7C49-4592-932C-AC96AD3D92A4} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_28314
SearchScopes: HKU\S-1-5-21-2547403967-366569612-2425474682-1001 -> {D577E34B-A738-4041-B7E2-1CFE61547FE0} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_28314
SearchScopes: HKU\S-1-5-21-2547403967-366569612-2425474682-1001 -> {DF27773A-8CFF-4851-9D6C-F4F511D12158} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_28314
SearchScopes: HKU\S-1-5-21-2547403967-366569612-2425474682-1001 -> {E83B9A84-B566-4D93-AE9E-0C7F74875DB0} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_28314
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-09-05] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-09-05] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0xxqbxdt.default [2018-09-18]
FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0xxqbxdt.default\user.js [2015-02-20]
FF Homepage: Mozilla\Firefox\Profiles\0xxqbxdt.default -> hxxp://seznam.cz/
FF Extension: (Firebug) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0xxqbxdt.default\Extensions\firebug@software.joehewitt.com.xpi [2017-03-01] [Legacy]
FF Extension: (Open in IE) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0xxqbxdt.default\Extensions\openinie@wittersworld.com.xpi [2017-09-02] [Legacy]
FF Extension: (Seznam pro Firefox - Esko) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0xxqbxdt.default\Extensions\sko-extension@firma.seznam.cz.xpi [2017-11-29]
FF Extension: (AVG SafePrice) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0xxqbxdt.default\Extensions\sp@avg.com.xpi [2016-11-18]
FF Extension: (blockcoinm) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0xxqbxdt.default\Extensions\{74b0af75-8791-44e2-95a6-7f0ab94143ec}.xpi [2018-09-17]
FF Extension: (Seznam pro Firefox - Email) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0xxqbxdt.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2017-11-04]
FF Extension: (Seznam pro Firefox - Email) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0xxqbxdt.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}.xpi [2017-10-25]
FF Extension: (Firefox Monitor) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0xxqbxdt.default\features\{7aefbc63-a6bc-4588-abe0-59948fa366a6}\fxmonitor@mozilla.org.xpi [2018-09-14]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_108.dll [2018-09-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-10] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2016-06-27] ()
FF Plugin HKU\S-1-5-21-2547403967-366569612-2425474682-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2547403967-366569612-2425474682-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2547403967-366569612-2425474682-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Admin\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-11-21] (Zoom Video Communications, Inc.)
StartMenuInternet: Firefox- - kernel32::GetLongPathNameW(w R8, w .R7, i 1024)i .R6

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.2hmoto.cz/"
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2018-09-18]
CHR Extension: (Prezentace) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-25]
CHR Extension: (Dokumenty) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-25]
CHR Extension: (Disk Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-18]
CHR Extension: (Seznam doplněk - Email) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2018-09-14]
CHR Extension: (Seznam doplněk - Esko-) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2018-09-14]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-18]
CHR Extension: (Vyhledávání Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-07]
CHR Extension: (Tabulky) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-25]
CHR Extension: (Dokumenty Google offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-14]
CHR Extension: (AVG SafePrice | Comparison, deals, coupons) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2018-09-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Seznam doplněk - Esko) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2018-09-14]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-18]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-14]
CHR HKU\S-1-5-21-2547403967-366569612-2425474682-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058416 2017-09-05] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2648184 2017-12-08] (ESET)
R2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16896 2015-04-14] () [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [136512 2018-09-18] (SurfRight B.V.)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2013-08-22] (HP) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 PDF24; C:\Program Files (x86)\PDF24\pdf24.exe [432776 2018-06-28] (Geek Software GmbH)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2018-03-01] (TeamViewer GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-07-31] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-07-31] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [132848 2017-12-08] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [107344 2017-03-09] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15872 2018-02-19] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180088 2017-12-08] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50752 2017-03-09] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [78192 2017-03-09] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [102160 2017-12-08] (ESET)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-07-12] (Malwarebytes)
R4 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2018-09-18] ()
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193256 2018-09-17] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [117472 2018-09-17] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [52328 2018-09-17] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [259360 2018-09-17] (Malwarebytes)
S3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-12] (Realtek )
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46584 2018-07-31] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [340008 2018-07-31] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-07-31] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

Error(1) reading file: "C:\Users\Admin\Desktop\krytbLRUwHFEIFcb4SwtXJsNQBXXmMPzNDl2-9LJURLNTH8gIuc3M-vahBEe4fjeVqKnSwSRuNKwiKQVKWrI4EX50npliNXfxuOcvFzMVFpSl0hecnXXA44MDBnMYJUTBysEhMFBF_KNRE3gruwEXTz0r18gCZtdoyqCX-rk-pBzg5SUFwWsaH7seXx2kzkMmFy-iXbJmsjszZ9Xr6XLFTVc_IYywYS-tzf4DSVoAPlb1-sqELDTgqT46q.htm"
2018-09-18 13:50 - 2018-09-18 13:50 - 000109872 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-09-18 11:16 - 2018-09-18 11:16 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2018-09-18 11:16 - 2018-09-18 11:16 - 000001962 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2018-09-18 11:16 - 2018-09-18 11:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2018-09-18 11:16 - 2018-09-18 11:16 - 000000000 ____D C:\Program Files\HitmanPro
2018-09-18 11:15 - 2018-09-18 11:33 - 000000000 ____D C:\ProgramData\HitmanPro
2018-09-18 11:15 - 2018-09-18 11:15 - 011576808 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\hitmanpro_x64.exe
2018-09-18 10:34 - 2018-09-18 10:34 - 000060946 _____ C:\Users\Admin\Desktop\Addition.txt
2018-09-18 10:33 - 2018-09-18 15:58 - 000023229 _____ C:\Users\Admin\Desktop\FRST.txt
2018-09-18 10:32 - 2018-09-18 15:58 - 000000000 ____D C:\FRST
2018-09-18 10:30 - 2018-09-18 10:31 - 002413568 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2018-09-18 05:33 - 2018-09-18 05:33 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-09-18 05:33 - 2018-09-18 05:33 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-09-18 05:32 - 2018-09-18 05:32 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-09-18 05:31 - 2018-09-18 05:32 - 040184160 _____ (Igor Pavlov) C:\Users\Admin\Downloads\Firefox Setup 62.0.exe
2018-09-17 20:31 - 2018-09-17 20:31 - 000000000 ____D C:\Users\Admin\AppData\Local\mbam
2018-09-17 20:30 - 2018-09-17 20:38 - 000117472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-09-17 20:30 - 2018-09-17 20:38 - 000052328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-09-17 20:30 - 2018-09-17 20:30 - 000259360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-09-17 20:30 - 2018-09-17 20:30 - 000193256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-09-17 20:30 - 2018-09-17 20:30 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-09-17 20:30 - 2018-09-17 20:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-09-17 20:30 - 2018-09-17 20:30 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-09-17 20:30 - 2018-09-17 20:30 - 000000000 ____D C:\Program Files\Malwarebytes
2018-09-17 20:30 - 2018-07-12 08:42 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-09-17 20:26 - 2018-09-17 20:29 - 081554232 _____ (Malwarebytes ) C:\Users\Admin\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.441-1.0.6859.exe
2018-09-17 20:19 - 2018-09-17 20:19 - 000153526 _____ C:\Users\Admin\Documents\cc_20180917_201946.reg
2018-09-17 20:12 - 2018-09-17 20:37 - 000000000 ____D C:\Program Files\CCleaner
2018-09-17 20:12 - 2018-09-17 20:12 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-09-17 20:12 - 2018-09-17 20:12 - 000002856 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-09-17 20:12 - 2018-09-17 20:12 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-09-17 20:12 - 2018-09-17 20:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-09-17 20:09 - 2018-09-17 20:10 - 015813864 _____ (Piriform Ltd) C:\Users\Admin\Downloads\ccsetup542.exe
2018-09-17 19:58 - 2018-09-17 19:59 - 000000000 ____D C:\AdwCleaner
2018-09-17 19:57 - 2018-09-17 19:58 - 007571152 _____ (Malwarebytes) C:\Users\Admin\Downloads\adwcleaner_7.2.3.1.exe
2018-09-17 18:20 - 2018-09-17 18:21 - 006980216 _____ (ESET spol. s r.o.) C:\Users\Admin\Downloads\esetonlinescanner_csy.exe
2018-09-17 16:18 - 2018-09-17 16:18 - 000113273 _____ C:\Users\Admin\Downloads\DPPO 2017 plná verze(1).pdf
2018-09-17 16:18 - 2018-09-17 16:18 - 000058874 _____ C:\Users\Admin\Downloads\Výkaz_zisku_a_ztráty_v_plném_rozsahu_2017.pdf
2018-09-17 16:17 - 2018-09-17 16:17 - 000049786 _____ C:\Users\Admin\Downloads\doručenka DPPO 2017.pdf
2018-09-15 14:06 - 2018-09-15 14:06 - 000009432 _____ C:\Users\Admin\Desktop\opraveno.odt
2018-09-14 16:01 - 2018-09-14 16:01 - 000008395 _____ C:\Users\Admin\Desktop\Omlouvám se předem jelikož si myslím.odt
2018-09-13 09:09 - 2018-08-31 05:42 - 007520064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-09-13 09:09 - 2018-08-31 05:28 - 006570040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-09-13 09:09 - 2018-08-31 05:26 - 025847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-09-13 09:09 - 2018-08-31 05:20 - 022715904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-09-13 09:09 - 2018-08-28 09:17 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-09-13 09:08 - 2018-08-31 09:46 - 000542504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-09-13 09:08 - 2018-08-31 09:45 - 000348328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-09-13 09:08 - 2018-08-31 09:43 - 001524152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-09-13 09:08 - 2018-08-31 09:42 - 001636232 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-09-13 09:08 - 2018-08-31 09:27 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-09-13 09:08 - 2018-08-31 09:27 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2018-09-13 09:08 - 2018-08-31 09:26 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2018-09-13 09:08 - 2018-08-31 09:25 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll
2018-09-13 09:08 - 2018-08-31 09:25 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2018-09-13 09:08 - 2018-08-31 09:24 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-09-13 09:08 - 2018-08-31 09:24 - 000482304 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2018-09-13 09:08 - 2018-08-31 09:24 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-09-13 09:08 - 2018-08-31 09:23 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-09-13 09:08 - 2018-08-31 09:23 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-09-13 09:08 - 2018-08-31 09:22 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-09-13 09:08 - 2018-08-31 09:22 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-09-13 09:08 - 2018-08-31 08:55 - 001455960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-09-13 09:08 - 2018-08-31 08:53 - 001327504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-09-13 09:08 - 2018-08-31 08:41 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-09-13 09:08 - 2018-08-31 08:41 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2018-09-13 09:08 - 2018-08-31 08:40 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll
2018-09-13 09:08 - 2018-08-31 08:37 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-09-13 09:08 - 2018-08-31 08:37 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-09-13 09:08 - 2018-08-31 08:37 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-09-13 09:08 - 2018-08-31 08:36 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-09-13 09:08 - 2018-08-31 05:50 - 000273720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-09-13 09:08 - 2018-08-31 05:50 - 000270648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-09-13 09:08 - 2018-08-31 05:44 - 001222440 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-09-13 09:08 - 2018-08-31 05:44 - 001064744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-09-13 09:08 - 2018-08-31 05:44 - 001030952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-09-13 09:08 - 2018-08-31 05:44 - 000568600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-09-13 09:08 - 2018-08-31 05:44 - 000136488 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-09-13 09:08 - 2018-08-31 05:44 - 000076256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-09-13 09:08 - 2018-08-31 05:43 - 002719216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-09-13 09:08 - 2018-08-31 05:43 - 000722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-09-13 09:08 - 2018-08-31 05:42 - 009090016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-09-13 09:08 - 2018-08-31 05:42 - 007436192 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-09-13 09:08 - 2018-08-31 05:42 - 002824672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-09-13 09:08 - 2018-08-31 05:42 - 002461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-09-13 09:08 - 2018-08-31 05:42 - 001767064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-09-13 09:08 - 2018-08-31 05:42 - 001458552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-09-13 09:08 - 2018-08-31 05:42 - 001258352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-09-13 09:08 - 2018-08-31 05:42 - 001142000 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-09-13 09:08 - 2018-08-31 05:42 - 001097720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-09-13 09:08 - 2018-08-31 05:42 - 000983080 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-09-13 09:08 - 2018-08-31 05:42 - 000885928 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-09-13 09:08 - 2018-08-31 05:42 - 000632296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
2018-09-13 09:08 - 2018-08-31 05:42 - 000604640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-09-13 09:08 - 2018-08-31 05:42 - 000527328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-09-13 09:08 - 2018-08-31 05:42 - 000494472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2018-09-13 09:08 - 2018-08-31 05:42 - 000155112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2018-09-13 09:08 - 2018-08-31 05:28 - 006043680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-09-13 09:08 - 2018-08-31 05:28 - 001989496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-09-13 09:08 - 2018-08-31 05:28 - 001514352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2018-09-13 09:08 - 2018-08-31 05:28 - 001129728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-09-13 09:08 - 2018-08-31 05:28 - 000568568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-09-13 09:08 - 2018-08-31 05:28 - 000453104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
2018-09-13 09:08 - 2018-08-31 05:28 - 000134936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2018-09-13 09:08 - 2018-08-31 05:21 - 022008320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-09-13 09:08 - 2018-08-31 05:18 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-09-13 09:08 - 2018-08-31 05:17 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-09-13 09:08 - 2018-08-31 05:17 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\netevent.dll
2018-09-13 09:08 - 2018-08-31 05:16 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-09-13 09:08 - 2018-08-31 05:16 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-09-13 09:08 - 2018-08-31 05:16 - 004382720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-09-13 09:08 - 2018-08-31 05:15 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-09-13 09:08 - 2018-08-31 05:15 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-09-13 09:08 - 2018-08-31 05:15 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-09-13 09:08 - 2018-08-31 05:15 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-09-13 09:08 - 2018-08-31 05:15 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-09-13 09:08 - 2018-08-31 05:15 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-09-13 09:08 - 2018-08-31 05:14 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-09-13 09:08 - 2018-08-31 05:14 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-09-13 09:08 - 2018-08-31 05:14 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-09-13 09:08 - 2018-08-31 05:14 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-09-13 09:08 - 2018-08-31 05:14 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-09-13 09:08 - 2018-08-31 05:13 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-09-13 09:08 - 2018-08-31 05:13 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-09-13 09:08 - 2018-08-31 05:13 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-09-13 09:08 - 2018-08-31 05:12 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-09-13 09:08 - 2018-08-31 05:12 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netevent.dll
2018-09-13 09:08 - 2018-08-31 05:11 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-09-13 09:08 - 2018-08-31 05:11 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-09-13 09:08 - 2018-08-31 05:11 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-09-13 09:08 - 2018-08-31 05:11 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-09-13 09:08 - 2018-08-31 05:11 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-09-13 09:08 - 2018-08-31 05:11 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-09-13 09:08 - 2018-08-31 05:11 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-09-13 09:08 - 2018-08-31 05:10 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-09-13 09:08 - 2018-08-31 05:10 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-09-13 09:08 - 2018-08-31 05:10 - 001375744 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-09-13 09:08 - 2018-08-31 05:10 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-09-13 09:08 - 2018-08-31 05:10 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-09-13 09:08 - 2018-08-31 05:10 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-09-13 09:08 - 2018-08-31 05:10 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-09-13 09:08 - 2018-08-31 05:10 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-09-13 09:08 - 2018-08-31 05:10 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-09-13 09:08 - 2018-08-31 05:09 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-09-13 09:08 - 2018-08-31 05:09 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-09-13 09:08 - 2018-08-31 05:08 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-09-13 09:08 - 2018-08-31 05:07 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-09-13 09:08 - 2018-08-31 05:07 - 000856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-09-13 09:08 - 2018-08-31 05:07 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-09-13 09:08 - 2018-08-31 05:06 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-09-13 09:08 - 2018-08-31 03:57 - 000001308 _____ C:\WINDOWS\system32\tcbres.wim
2018-09-13 09:08 - 2018-08-28 08:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-09-13 09:08 - 2018-08-28 08:49 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-09-13 09:08 - 2018-08-28 08:48 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2018-09-13 09:08 - 2018-08-28 08:45 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2018-09-13 09:08 - 2018-08-28 07:51 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-09-13 09:08 - 2018-08-14 04:14 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2018-09-13 09:08 - 2018-08-14 04:14 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-09-13 09:08 - 2018-08-09 11:32 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-09-13 09:08 - 2018-08-09 11:31 - 001617728 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-09-13 09:08 - 2018-08-09 11:31 - 000766872 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-09-13 09:08 - 2018-08-09 11:31 - 000253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-09-13 09:08 - 2018-08-09 11:31 - 000236624 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-09-13 09:08 - 2018-08-09 11:17 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-09-13 09:08 - 2018-08-09 11:16 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-09-13 09:08 - 2018-08-09 11:14 - 012709376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-09-13 09:08 - 2018-08-09 11:14 - 000466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2018-09-13 09:08 - 2018-08-09 11:14 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollUI.dll
2018-09-13 09:08 - 2018-08-09 11:14 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2018-09-13 09:08 - 2018-08-09 11:13 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2018-09-13 09:08 - 2018-08-09 11:13 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\certreq.exe
2018-09-13 09:08 - 2018-08-09 11:13 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-09-13 09:08 - 2018-08-09 11:13 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll
2018-09-13 09:08 - 2018-08-09 11:12 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-09-13 09:08 - 2018-08-09 11:12 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-09-13 09:08 - 2018-08-09 11:12 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-09-13 09:08 - 2018-08-09 11:11 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-09-13 09:08 - 2018-08-09 11:11 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-09-13 09:08 - 2018-08-09 11:11 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-09-13 09:08 - 2018-08-09 11:11 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-09-13 09:08 - 2018-08-09 11:11 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-09-13 09:08 - 2018-08-09 11:10 - 001557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2018-09-13 09:08 - 2018-08-09 11:10 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-09-13 09:08 - 2018-08-09 11:10 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-09-13 09:08 - 2018-08-09 11:09 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2018-09-13 09:08 - 2018-08-09 11:09 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2018-09-13 09:08 - 2018-08-09 11:09 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-09-13 09:08 - 2018-08-09 10:36 - 000660896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-09-13 09:08 - 2018-08-09 10:36 - 000221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2018-09-13 09:08 - 2018-08-09 10:24 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-09-13 09:08 - 2018-08-09 10:24 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2018-09-13 09:08 - 2018-08-09 10:23 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-09-13 09:08 - 2018-08-09 10:23 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-09-13 09:08 - 2018-08-09 10:23 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollUI.dll
2018-09-13 09:08 - 2018-08-09 10:22 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-09-13 09:08 - 2018-08-09 10:22 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-09-13 09:08 - 2018-08-09 10:22 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-09-13 09:08 - 2018-08-09 10:22 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certreq.exe
2018-09-13 09:08 - 2018-08-09 10:21 - 002894848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-09-13 09:08 - 2018-08-09 10:21 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-09-13 09:08 - 2018-08-09 10:21 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2018-09-13 09:08 - 2018-08-09 10:21 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-09-13 09:08 - 2018-08-09 10:20 - 002401792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-09-13 09:08 - 2018-08-09 10:20 - 000423424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2018-09-13 09:08 - 2018-08-09 10:20 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2018-09-13 09:08 - 2018-08-09 10:20 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2018-09-13 09:08 - 2018-08-09 10:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-09-13 09:08 - 2018-08-09 07:02 - 001035144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-09-13 09:08 - 2018-08-09 07:01 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2018-09-13 09:08 - 2018-08-09 06:55 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-09-13 09:08 - 2018-08-09 06:54 - 001019016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-09-13 09:08 - 2018-08-09 06:54 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-09-13 09:08 - 2018-08-09 06:54 - 000375704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-09-13 09:08 - 2018-08-09 06:54 - 000203568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2018-09-13 09:08 - 2018-08-09 06:54 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-09-13 09:08 - 2018-08-09 06:53 - 002765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-09-13 09:08 - 2018-08-09 06:53 - 001947720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-09-13 09:08 - 2018-08-09 06:53 - 001026456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-09-13 09:08 - 2018-08-09 06:53 - 000932136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-09-13 09:08 - 2018-08-09 06:53 - 000714792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-09-13 09:08 - 2018-08-09 06:53 - 000482480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-09-13 09:08 - 2018-08-09 06:53 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-09-13 09:08 - 2018-08-09 06:53 - 000125600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptxml.dll
2018-09-13 09:08 - 2018-08-09 06:30 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-09-13 09:08 - 2018-08-09 06:30 - 000183992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2018-09-13 09:08 - 2018-08-09 06:29 - 002253584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-09-13 09:08 - 2018-08-09 06:29 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-09-13 09:08 - 2018-08-09 06:29 - 001174552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-09-13 09:08 - 2018-08-09 06:29 - 000581696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-09-13 09:08 - 2018-08-09 06:29 - 000099208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptxml.dll
2018-09-13 09:08 - 2018-08-09 06:28 - 003395072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-09-13 09:08 - 2018-08-09 06:28 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-09-13 09:08 - 2018-08-09 06:27 - 000428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-09-13 09:08 - 2018-08-09 06:27 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2018-09-13 09:08 - 2018-08-09 06:27 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollCtrl.exe
2018-09-13 09:08 - 2018-08-09 06:26 - 000990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2018-09-13 09:08 - 2018-08-09 06:26 - 000572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2018-09-13 09:08 - 2018-08-09 06:26 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-09-13 09:08 - 2018-08-09 06:26 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-09-13 09:08 - 2018-08-09 06:26 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll
2018-09-13 09:08 - 2018-08-09 06:26 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll
2018-09-13 09:08 - 2018-08-09 06:26 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-09-13 09:08 - 2018-08-09 06:25 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-09-13 09:08 - 2018-08-09 06:25 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-09-13 09:08 - 2018-08-09 06:25 - 000797184 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2018-09-13 09:08 - 2018-08-09 06:25 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-09-13 09:08 - 2018-08-09 06:25 - 000460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2018-09-13 09:08 - 2018-08-09 06:25 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2018-09-13 09:08 - 2018-08-09 06:25 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-09-13 09:08 - 2018-08-09 06:24 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-09-13 09:08 - 2018-08-09 06:24 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-09-13 09:08 - 2018-08-09 06:23 - 003148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2018-09-13 09:08 - 2018-08-09 06:23 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-09-13 09:08 - 2018-08-09 06:23 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-09-13 09:08 - 2018-08-09 06:23 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-09-13 09:08 - 2018-08-09 06:22 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-09-13 09:08 - 2018-08-09 06:22 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-09-13 09:08 - 2018-08-09 06:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-09-13 09:08 - 2018-08-09 06:22 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2018-09-13 09:08 - 2018-08-09 06:21 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-09-13 09:08 - 2018-08-09 06:13 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-09-13 09:08 - 2018-08-09 06:13 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe
2018-09-13 09:08 - 2018-08-09 06:12 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2018-09-13 09:08 - 2018-08-09 06:11 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-09-13 09:08 - 2018-08-09 06:11 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-09-13 09:08 - 2018-08-09 06:11 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2018-09-13 09:08 - 2018-08-09 06:11 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-09-13 09:08 - 2018-08-09 06:11 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsAuth.dll
2018-09-13 09:08 - 2018-08-09 06:11 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsCfg.dll
2018-09-13 09:08 - 2018-08-09 06:11 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2018-09-13 09:08 - 2018-08-09 06:10 - 002893824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2018-09-13 09:08 - 2018-08-09 06:10 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-09-13 09:08 - 2018-08-09 06:10 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-09-13 09:08 - 2018-08-09 06:09 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-09-13 09:08 - 2018-08-09 06:09 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-09-13 09:08 - 2018-08-09 06:08 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2018-09-13 09:08 - 2018-08-09 05:08 - 000806416 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-09-13 09:08 - 2018-08-09 05:08 - 000806416 _____ C:\WINDOWS\system32\locale.nls
2018-09-12 10:42 - 2018-09-12 10:42 - 000599106 _____ C:\Users\Admin\Downloads\Doklad_2184426358.pdf
2018-09-10 09:18 - 2018-09-10 09:19 - 002104623 _____ C:\Users\Admin\Downloads\prilohy_229274.zip
2018-09-07 09:11 - 2018-09-07 09:12 - 000529743 _____ C:\Users\Admin\Downloads\Objednat_nástavec_2_Nástavec PM50 na STABIL 180mm 1,35m.pdf
2018-09-07 09:11 - 2018-09-07 09:11 - 001081060 _____ C:\Users\Admin\Downloads\Objednat_komín1_Schiedel UNI ADV 160mm 7,66 1xT45 1xT90.pdf
2018-09-07 09:11 - 2018-09-07 09:11 - 000834641 _____ C:\Users\Admin\Downloads\Objednat_komín2__Schiedel UNI ADVANCED 18 7,66 4xT90.pdf
2018-09-07 09:11 - 2018-09-07 09:11 - 000529741 _____ C:\Users\Admin\Downloads\Objednat_nástavec_1_Nástavec PM50 na STABIL 160mm 1,35m.pdf
2018-09-06 11:36 - 2018-09-06 11:36 - 000131237 _____ C:\Users\Admin\Downloads\Přijetí_zakázky_18Pro03009.pdf
2018-09-04 19:28 - 2018-09-04 19:28 - 000001398 _____ C:\Users\Admin\Downloads\VCA1009586.crt
2018-09-03 18:18 - 2018-09-03 18:18 - 000163564 _____ C:\Users\Admin\Downloads\Uvodni_9.jpg.part
2018-09-03 17:27 - 2018-09-03 17:27 - 002889278 _____ C:\Users\Admin\Downloads\ANO2011_zajecov_A2.pdf
2018-09-03 14:38 - 2018-09-03 14:38 - 000001743 _____ C:\Users\Admin\Documents\2HMOTO.pem
2018-09-03 14:36 - 2018-09-03 14:36 - 005887120 _____ C:\Users\Admin\Downloads\iSignum.exe
2018-09-03 13:09 - 2018-09-03 13:09 - 094928804 _____ C:\Users\Admin\Desktop\noviny 032018.zip
2018-09-03 09:50 - 2018-09-03 12:37 - 000000000 ____D C:\Users\Admin\Desktop\noviny 032018
2018-08-29 01:49 - 2018-08-29 01:49 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AdWords Editor
2018-08-27 20:18 - 2018-08-27 20:18 - 000011871 _____ C:\Users\Admin\Downloads\pohoda-29847-20180827-201803.xml
2018-08-19 15:21 - 2018-08-19 15:21 - 000094252 _____ C:\Users\Admin\Documents\Faktura_180400175.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-18 15:54 - 2018-05-18 10:10 - 000004196 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9E94B701-CFDB-4F6E-AB96-6EA9FC0237E3}
2018-09-18 15:54 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-09-18 15:39 - 2016-11-23 21:02 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla
2018-09-18 15:33 - 2018-05-18 09:48 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-09-18 10:51 - 2015-02-07 17:45 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-09-18 05:33 - 2015-02-07 18:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-09-18 04:21 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2018-09-17 20:51 - 2016-08-23 14:51 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2018-09-17 20:45 - 2017-04-05 19:43 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Seznam.cz
2018-09-17 20:44 - 2018-05-18 09:59 - 001692472 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-09-17 20:44 - 2018-04-12 17:50 - 000716072 _____ C:\WINDOWS\system32\perfh005.dat
2018-09-17 20:44 - 2018-04-12 17:50 - 000144864 _____ C:\WINDOWS\system32\perfc005.dat
2018-09-17 20:39 - 2017-07-10 14:21 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-09-17 20:39 - 2015-02-11 11:36 - 000026192 _____ (Windows (R) Server 2003 DDK provider) C:\WINDOWS\gdrv.sys
2018-09-17 20:39 - 2015-02-04 11:09 - 000000000 __SHD C:\Users\Admin\IntelGraphicsProfiles
2018-09-17 20:38 - 2018-05-18 10:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-09-17 20:37 - 2018-04-11 23:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-09-17 20:37 - 2017-12-13 05:15 - 000017730 _____ C:\WINDOWS\SysWOW64\PCPELog.txt
2018-09-17 20:17 - 2015-02-23 18:26 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Media Player Classic
2018-09-17 20:14 - 2018-05-12 23:15 - 000000000 ___DC C:\WINDOWS\Panther
2018-09-17 20:13 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-09-17 18:21 - 2017-04-25 16:08 - 000000000 ____D C:\Users\Admin\AppData\Local\ESET
2018-09-17 16:16 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-09-17 15:53 - 2015-03-21 19:06 - 000000000 ____D C:\Users\Admin\Desktop\2hmoto
2018-09-17 00:45 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-09-15 05:12 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-09-15 05:12 - 2017-12-05 17:34 - 000000000 ____D C:\Users\Admin\AppData\Local\Packages
2018-09-14 14:47 - 2017-12-05 17:54 - 000000000 ___RD C:\Users\Admin\3D Objects
2018-09-14 14:47 - 2016-02-13 15:12 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-09-14 14:44 - 2018-05-18 09:48 - 000407016 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-09-14 14:41 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ___RD C:\Program Files\Windows Defender
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-09-14 14:41 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-09-14 14:41 - 2018-04-11 23:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-09-12 07:46 - 2015-02-04 11:36 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-09-12 07:44 - 2015-02-04 11:36 - 139184408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-09-12 01:55 - 2018-05-18 10:10 - 000004640 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-09-12 01:55 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-09-12 01:55 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-09-11 01:19 - 2016-05-22 14:03 - 000000000 ____D C:\Users\Admin\AppData\Local\Publishers
2018-09-09 16:41 - 2018-03-06 18:39 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Brother
2018-09-07 16:02 - 2018-08-16 08:37 - 000000000 ____D C:\Users\Admin\Desktop\FOTO SBS
2018-09-06 14:34 - 2018-05-18 10:10 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2547403967-366569612-2425474682-1001
2018-09-06 14:34 - 2018-05-18 09:52 - 000002425 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-09-06 14:34 - 2015-02-07 14:59 - 000000000 ___RD C:\Users\Admin\OneDrive
2018-09-05 01:04 - 2018-07-25 11:49 - 000835144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-09-05 01:04 - 2018-07-25 11:49 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-09-03 18:43 - 2018-08-10 16:44 - 000000000 ____D C:\Users\Admin\Desktop\volby foto
2018-08-27 20:18 - 2015-04-08 18:09 - 000000000 ____D C:\Users\Admin\Downloads\Response
2018-08-27 13:00 - 2018-07-03 15:42 - 000001948 _____ C:\Users\Admin\AppData\Roaming\Doprava.UserPrint.newconfig

==================== Files in the root of some directories =======

2017-11-23 16:50 - 2017-11-23 16:50 - 000021368 _____ (Schneider Electric) C:\Users\Admin\en_res.dll
2017-11-23 16:50 - 2017-11-23 16:50 - 000021368 _____ (Schneider Electric) C:\Users\Admin\es_res.dll
2017-11-23 16:50 - 2017-11-23 16:50 - 000021880 _____ (Schneider Electric) C:\Users\Admin\fr_res.dll
2017-11-23 16:50 - 2017-11-23 16:50 - 000021880 _____ (Schneider Electric) C:\Users\Admin\grm_res.dll
2017-11-23 16:50 - 2017-11-23 16:50 - 000021368 _____ (Schneider Electric) C:\Users\Admin\it_res.dll
2017-11-23 16:50 - 2017-11-23 16:50 - 000020344 _____ (Schneider Electric) C:\Users\Admin\jp_res.dll
2017-11-23 16:50 - 2017-11-23 16:50 - 001079808 _____ (Microsoft Corporation) C:\Users\Admin\mfc80u.dll
2017-11-23 16:50 - 2017-11-23 16:50 - 000626688 _____ (Microsoft Corporation) C:\Users\Admin\msvcr80.dll
2017-11-23 16:50 - 2017-11-23 16:50 - 013923704 _____ (Schneider Electric) C:\Users\Admin\PCPE Setup.exe
2017-11-23 16:50 - 2017-11-23 16:50 - 000021368 _____ (Schneider Electric) C:\Users\Admin\pt_res.dll
2017-11-23 16:50 - 2017-11-23 16:50 - 000018808 _____ () C:\Users\Admin\ResourceReader.dll
2017-11-23 16:50 - 2017-11-23 16:50 - 000020856 _____ (Schneider Electric) C:\Users\Admin\ru_res.dll
2017-11-23 16:50 - 2017-11-23 16:50 - 000019832 _____ (Schneider Electric) C:\Users\Admin\zh_res.dll
2015-03-21 18:54 - 2018-07-20 18:11 - 000002392 _____ () C:\Users\Admin\AppData\Roaming\ADMIN-PC.MTBF.txt
2018-07-03 15:42 - 2018-08-27 13:00 - 000001948 _____ () C:\Users\Admin\AppData\Roaming\Doprava.UserPrint.newconfig
2015-03-21 18:55 - 2018-07-23 13:12 - 000002226 _____ () C:\Users\Admin\AppData\Roaming\__AvidCloudManager.log
2015-03-21 18:55 - 2018-06-06 21:28 - 000001702 _____ () C:\Users\Admin\AppData\Roaming\__AvidCloudManagerPrevious.log
2018-04-07 16:54 - 2018-04-07 16:54 - 000001899 _____ () C:\Users\Admin\AppData\Local\34A67AB56AD44e49A44ADF390E67282D.Rozvržení2.lbx
2015-03-21 19:05 - 2017-12-17 15:29 - 000006656 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-12 10:23 - 2015-02-13 14:52 - 001065984 _____ () C:\Users\Admin\AppData\Local\file__0.localstorage

Some files in TEMP:
====================
2018-09-17 20:12 - 2018-09-17 20:12 - 000503208 _____ (Piriform Ltd) C:\Users\Admin\AppData\Local\Temp\ccupdate.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-18 09:48

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.09.2018
Ran by Admin (18-09-2018 15:59:08)
Running from C:\Users\Admin\Desktop
Windows 10 Home Version 1803 17134.285 (X64) (2018-05-18 08:11:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-2547403967-366569612-2425474682-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2547403967-366569612-2425474682-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2547403967-366569612-2425474682-503 - Limited - Disabled)
Guest (S-1-5-21-2547403967-366569612-2425474682-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2547403967-366569612-2425474682-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Smart Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{345F3F90-0505-4EDF-B7A9-5E3AC1AC6CE4}) (Version: 15.2.1 - Hewlett-Packard) Hidden
7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 18.011.20058 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)
AdWords Editor (HKLM-x32\...\{0584D7C0-AAFD-11E8-BC5D-DC4A3E998CF6}) (Version: 12.5.3.0 - Google)
AmaSeis version 3.2 Level 2012.07.06 (HKLM-x32\...\{88A3C4BA-F79F-4DF1-8646-9BC0E6DC27AE}_is1) (Version: 3.2 Level 2012.07.06 - IRIS)
APP Center (HKLM-x32\...\{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.17.0801 - Gigabyte) Hidden
APP Center (HKLM-x32\...\InstallShield_{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.17.0801 - Gigabyte)
Balsamiq Mockups 3 (HKLM-x32\...\{51829447-5720-3DA1-0BD1-24A2890CFCA7}) (Version: 3.4.2 - Balsamiq SRL) Hidden
Balsamiq Mockups 3 (HKLM-x32\...\BalsamiqMockups3.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1) (Version: 3.4.2 - Balsamiq SRL)
Brother Printer Setting Tool (HKLM-x32\...\{8DA2E2DC-C572-4F87-89FC-833DB588CC7B}) (Version: 1.6.0051 - Brother Industries, Ltd.)
Brother P-touch Editor 5.2 (HKLM-x32\...\{456127E4-D660-4680-8C96-609AD6C485E2}) (Version: 5.2.0110 - Brother Industries, Ltd.)
Brother P-touch Update Software (HKLM-x32\...\{F378BDF5-4CE7-461B-990D-F409BB9C0CB9}) (Version: 1.0.0140 - Brother Industries, Ltd.)
Brother PT-P700 Series Utility (HKLM-x32\...\{8F7AD37E-A622-468A-9DC5-CDB5A4341535}) (Version: 1.00.7046 - Brother Industries, ltd.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6499 - CDBurnerXP)
Creative Pack Volume 1 (HKLM-x32\...\{05181A78-3BA6-4B63-BCE8-888A4BCAACFA}) (Version: 3.0.1 - Corel Corporation)
Dazzle Video Capture DVC100 X64 Driver 1.06 (HKLM-x32\...\{BFF23267-1D19-444E-93E2-E5059BE805EA}) (Version: 1.06.0000 - Pinnacle)
ESET Smart Security (HKLM\...\{90F08DAA-64CD-40CE-B42A-C5AEBE81C86B}) (Version: 10.1.204.1 - ESET, spol. s r.o.)
FormApps Signing Extension (HKLM-x32\...\{1896CB18-36FE-4AA6-8F9C-F42C087941CD}) (Version: 2.19.0.37 - Software602 a.s.)
Free Screen To Video V 2.0 (HKLM-x32\...\Free Screen To Video_is1) (Version: 2.0.0.0 - Koyote Soft)
GnuWin32: Wget-1.11.4-1 (HKLM-x32\...\Wget-1.11.4-1_is1) (Version: 1.11.4-1 - GnuWin32)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HappyFoto-Designer 5.4 (HKLM-x32\...\HappyFoto-Designer_is1) (Version: - )
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.295 - SurfRight B.V.)
Hollywood FX Volumes 1-3 (HKLM-x32\...\{E3D181F8-246B-497F-945E-6DB98CBA6677}) (Version: 2.0.1 - Corel Corporation)
HP Color LaserJet Pro MFP M476 (HKLM-x32\...\{4b849805-3b07-4b35-874a-705c0d103672}) (Version: 10.0.13302.320 - Hewlett-Packard)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.002.004 - Hewlett-Packard)
HPCLJProMFPM476 (HKLM-x32\...\{C44C593D-3009-4D03-910E-243050C5E193}) (Version: 0.05.0000 - Hewlett-Packard)
HPDXP (HKLM-x32\...\{6BAA82C9-42B6-4B7D-A490-23EAC0E70C17}) (Version: 3.0.26.15 - HP) Hidden
HPLJDXPHelper (HKLM-x32\...\{5E4DD8C2-A906-4F1B-94B6-4F6A51D625B2}) (Version: 060.048.005 - HP) Hidden
HPLJUTCore (HKLM-x32\...\{30DD7187-F392-4D83-8AED-D9A2DC64EF15}) (Version: 008.000.0001 - HP) Hidden
HPLJUTM476 (HKLM-x32\...\{92AB9371-D327-4D56-9BDD-B38A671A631D}) (Version: 010.000.0001 - HP) Hidden
hppLaserJetService (HKLM-x32\...\{743A3155-96BD-4660-8E73-A23FBE10F3AF}) (Version: 009.033.00906 - Hewlett-Packard) Hidden
hppM476LaserJetService (HKLM-x32\...\{CD86BE42-2844-4A15-A487-0F60CAB31664}) (Version: 001.034.00634 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (HKLM-x32\...\{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}) (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (HKLM-x32\...\{853F464A-B2B8-404E-BA3E-B98FF6862C41}) (Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
hpStatusAlerts (HKLM-x32\...\{06CE2B24-EC8C-4847-AF33-098255B5D32D}) (Version: 100.040.00198 - Hewlett Packard) Hidden
hpStatusAlertsM476 (HKLM-x32\...\{C864CA6F-3A1D-45B5-A115-C8D47CAE3845}) (Version: 100.046.00121 - Hewlett-Packard) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{d370215a-d003-43ae-a3b6-1028af64d5a1}) (Version: 10.0.20 - Intel(R) Corporation) Hidden
K-Lite Mega Codec Pack 10.0.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.0.5 - )
Lenovo Phone Manager (HKLM-x32\...\{5E794B10-7A71-4B45-BFD7-41FFF3C20E49}) (Version: 1.4.1.10098 - Lenovo)
LenovoUsbDriver 1.0.13 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.0.13 - Lenovo)
LJDXPHelperUI (HKLM-x32\...\{EAECD0D7-F27D-4F13-8312-A9C0B5C5F1B7}) (Version: 060.048.005 - HP) Hidden
Locklizard Safeguard - PDF Viewer (HKLM-x32\...\Locklizard Safeguard - PDF Viewer_sf) (Version: 2.6.41 - Locklizard Ltd.)
Malwarebytes verze 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 2013 pro podnikatele - cs-cz (HKLM\...\HomeBusinessRetail - cs-cz) (Version: 15.0.4981.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2547403967-366569612-2425474682-1001\...\OneDriveSetup.exe) (Version: 18.151.0729.0006 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 39.0.3 (x86 cs) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 cs)) (Version: 39.0.3 - Mozilla)
Mozilla Firefox 40.0.3 (x86 cs) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 cs)) (Version: 40.0.3 - Mozilla)
Mozilla Firefox 42.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 cs)) (Version: 42.0 - Mozilla)
Mozilla Firefox 43.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 cs)) (Version: 43.0.1 - Mozilla)
Mozilla Firefox 45.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 45.0 (x86 cs)) (Version: 45.0 - Mozilla)
Mozilla Firefox 45.0.2 (x86 cs) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 cs)) (Version: 45.0.2 - Mozilla)
Mozilla Firefox 46.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 cs)) (Version: 46.0.1 - Mozilla)
Mozilla Firefox 47.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 cs)) (Version: 47.0 - Mozilla)
Mozilla Firefox 48.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 48.0.1 (x86 cs)) (Version: 48.0.1 - Mozilla)
Mozilla Firefox 48.0.2 (x86 cs) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 cs)) (Version: 48.0.2 - Mozilla)
Mozilla Firefox 49.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 cs)) (Version: 49.0.1 - Mozilla)
Mozilla Firefox 52.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 52.0.1 (x86 cs)) (Version: 52.0.1 - Mozilla)
Mozilla Firefox 52.0.2 (x86 cs) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 cs)) (Version: 52.0.2 - Mozilla)
Mozilla Firefox 56.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 cs)) (Version: 56.0 - Mozilla)
Mozilla Firefox 57.0.3 (x64 cs) (HKLM\...\Mozilla Firefox 57.0.3 (x64 cs)) (Version: 57.0.3 - Mozilla)
Mozilla Firefox 57.0.4 (x64 cs) (HKLM\...\Mozilla Firefox 57.0.4 (x64 cs)) (Version: 57.0.4 - Mozilla)
Mozilla Firefox 58.0 (x64 cs) (HKLM\...\Mozilla Firefox 58.0 (x64 cs)) (Version: 58.0 - Mozilla)
Mozilla Firefox 59.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.3 (x64 en-US)) (Version: 59.0.3 - Mozilla)
Mozilla Firefox 62.0 (x64 cs) (HKLM\...\Mozilla Firefox 62.0 (x64 cs)) (Version: 62.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0 - Mozilla)
Nitro Reader 3 (HKLM\...\{9EA981E5-EE67-4662-86F1-58937D31FE07}) (Version: 3.5.6.5 - Nitro)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0405-0000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
PDF24 Creator 8.4.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Pinnacle Studio 17 - Install Manager (HKLM-x32\...\{F04D92CC-5C3A-46FA-9C98-6EACBDD262FF}) (Version: 17.0.127 - Corel Corporation)
Pinnacle Studio 17 - Standard Content Pack (HKLM-x32\...\{BA98BFA8-5EDF-450B-A92E-C096DC135D0E}) (Version: 17.0 - Corel Corporation)
Pinnacle Studio 17 (HKLM-x32\...\{3DA8F808-72E2-4361-82EC-433081D23005}) (Version: 17.0.0.127 - Corel Corporation)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.12.0 - Prolific Technology INC)
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
Premium Pack Volumes 1-2 (HKLM-x32\...\{88C4D8A6-9954-46A0-965D-92E55DAB8734}) (Version: 2.0.1 - Corel Corporation)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7256 - Realtek Semiconductor Corp.)
ScoreFitter Volumes 1-2 (HKLM-x32\...\{0FDA9ECA-6DA3-480E-B7A9-76F353AF6B6C}) (Version: 2.0.1 - Corel Corporation)
Seznam Software (HKU\S-1-5-21-2547403967-366569612-2425474682-1001\...\SeznamInstall) (Version: 2.1.32 - Seznam.cz)
Skype™ 7.28 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 7.28.101 - Skype Technologies S.A.)
STORMWARE GLX CZ Mini (HKLM-x32\...\{9561B758-DFD0-42C4-80D3-CEA2BB77DE34}) (Version: 10900.11 - STORMWARE)
STORMWARE POHODA E1 Klient CZ Komplet (HKLM-x32\...\{FADE360D-9615-472E-94FE-E69C7E50D2DE}) (Version: 11901.7 - STORMWARE)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.95388 - TeamViewer)
Title Extreme (HKLM-x32\...\{F7214014-27EE-4237-9978-2F9D1551559B}) (Version: 2.0.1 - Corel Corporation)
TP-LINK TL-WN781ND Driver (HKLM-x32\...\{87C7B472-9BC2-43C8-9F03-86D2908E1A51}) (Version: 1.3.1 - TP-LINK)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Web Components (HKLM-x32\...\{03B13AF8-9625-478A-AF0E-205337B9415A}_is1) (Version: - )
Zebra Font Downloader (HKLM-x32\...\Zebra Font Downloader_is1) (Version: - Zebra Technologies Corporation)
Zebra Setup Utilities (HKLM-x32\...\{9207A8EC-3B2D-4A4A-8BF7-957FC19BB3DE}) (Version: 1.1.9.1245 - Zebra Technologies) Hidden
Zebra Setup Utilities (HKLM-x32\...\Zebra Setup Utilities) (Version: 1.1.9.1245 - Zebra Technologies)
Zoom (HKU\S-1-5-21-2547403967-366569612-2425474682-1001\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2547403967-366569612-2425474682-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2547403967-366569612-2425474682-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-12-08] (ESET)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-12-08] (ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-10-20] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-12-08] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C05C409-14A3-4984-9D1A-DF9BDFF24267} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {11C6A59A-6FAD-4BA6-B101-6425E3E0A300} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2547403967-366569612-2425474682-1001UA => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2017-08-01] (Google Inc.)
Task: {18820D4A-E1AB-4DE8-8B48-86A1801AAA3E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-17] (Piriform Ltd)
Task: {2F100463-4CFE-48CA-8F13-5BCA9480BA46} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {36744E1E-425E-49AF-B7B0-64F80BF44632} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-18] (Google Inc.)
Task: {3CE4D5CC-7A57-411D-8B2C-8DB3A5FB8089} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3FA4FEF2-EA43-4824-81D3-214AA4864543} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3FC5158E-560D-47B9-9F07-C217A27FB87D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {4765248E-E6F9-48B7-9ABD-2E7FC416C393} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {4CE19C44-A739-4920-A4BF-659D0A203215} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {517314D1-59D1-4B88-86E9-405368CBEE2A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {526A2D94-D226-4956-958B-8D999A662858} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5F31E154-E87C-4CCE-A97D-D05C3F1EFDF5} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {6EF8898B-11BE-441B-9C26-67FED1CF34C3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {75A262FB-1018-4536-90DF-5B8B100BAC5E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {85A96576-AC74-4CF2-933D-18E4B37F4102} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8A6BC92F-6142-4162-A090-5AD2D91E59E5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9D2D7911-8F1D-428C-A9E5-B39139DF08E8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9D754218-192A-4683-BC17-BE8846090B1A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-17] (Piriform Ltd)
Task: {AED8FC15-4B0B-4C66-B335-093A59C56878} - \WPD\SqmUpload_S-1-5-21-2547403967-366569612-2425474682-1001 -> No File <==== ATTENTION
Task: {B23576FA-FC80-43FA-A6E8-59539C64120E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {BE48009D-3AE9-4E2C-B7D1-CAD4A73E27E8} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_108_Plugin.exe [2018-09-12] (Adobe Systems Incorporated)
Task: {C04E9874-6F3C-4AED-B2DD-D005B087839E} - System32\Tasks\lenovo mobile auto run => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2015-01-27] (Lenovo)
Task: {CC0A7CC4-2B2B-4CFD-97B3-C177137D7C55} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-18] (Google Inc.)
Task: {D57EE19C-C7EC-413D-B284-2836A7DF78F4} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2013-04-16] (Hewlett Packard)
Task: {D6414FAE-C2A7-4054-89A5-BA0232F9CE47} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {D9D82A75-8278-4159-9F5B-6E6E5B78208A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2547403967-366569612-2425474682-1001Core => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2017-08-01] (Google Inc.)
Task: {E8418ABA-43A6-49CC-B909-6C7E25126086} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {F1E9D1D2-F4F4-476B-B118-23EF8A6580C7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-09-12] (Adobe Systems Incorporated)
Task: {FC424B6D-051E-4375-98F6-1331DC197CEC} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {FC6B5B21-A07C-496D-BFE4-573F01C3A898} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Admin\Desktop\exporty - zitra.lnk -> C:\Users\Admin\Desktop\2hmoto\Import-export\exporty-zitra.bat ()
Shortcut: C:\Users\Admin\Desktop\exporty.lnk -> C:\Users\Admin\Desktop\2hmoto\Import-export\exporty.bat ()

==================== Loaded Modules (Whitelisted) ==============

2018-04-12 01:34 - 2018-04-12 01:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2015-02-20 18:24 - 2012-08-31 16:03 - 000288768 _____ () C:\WINDOWS\System32\HP1100LM.DLL
2017-07-10 14:22 - 2012-08-31 16:02 - 000074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2018-03-10 17:29 - 2018-03-01 11:39 - 000020208 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2018-04-15 20:07 - 2016-02-25 15:39 - 002839552 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpM11M13su.dll
2018-04-15 20:07 - 2016-02-25 15:39 - 001038336 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\HPM11M13GC.dll
2015-04-14 15:27 - 2015-04-14 15:27 - 000016896 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
2015-02-07 14:40 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2018-09-17 20:30 - 2018-07-24 12:32 - 002681424 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-04-07 17:55 - 2017-11-13 16:46 - 000092368 _____ () C:\Users\Admin\AppData\Roaming\Seznam.cz\bin\3095libfoxloader-x64.dll
2017-10-20 17:42 - 2017-10-20 17:42 - 000393200 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-07-12 15:17 - 2017-07-12 15:17 - 001244080 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe
2018-09-13 09:08 - 2018-08-31 05:12 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-17 03:39 - 2018-07-17 03:39 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-07-17 03:39 - 2018-07-17 03:39 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-17 03:39 - 2018-07-17 03:39 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-07-17 03:39 - 2018-07-17 03:39 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-10 19:42 - 2018-07-10 19:42 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-09-12 21:12 - 2018-09-12 21:13 - 035124736 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-09-12 21:12 - 2018-09-12 21:13 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-09-12 21:12 - 2018-09-12 21:12 - 006417408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-26 17:47 - 2017-09-26 17:47 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-09-12 21:12 - 2018-09-12 21:12 - 009010176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\EntPlat.dll
2017-04-05 19:43 - 2017-11-13 16:38 - 000506064 _____ () C:\Users\Admin\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
2017-04-05 19:43 - 2017-02-08 13:39 - 000080576 _____ () C:\Users\Admin\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
2018-08-29 01:18 - 2018-08-29 01:19 - 000479232 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-08-29 01:18 - 2018-08-29 01:19 - 069283840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-05 09:53 - 2017-10-05 09:54 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-08-17 11:37 - 2018-08-17 11:37 - 000049664 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-08-29 01:18 - 2018-08-29 01:18 - 003699200 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-05-04 05:01 - 2018-05-04 05:02 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-08-29 01:18 - 2018-08-29 01:19 - 000035328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-08-17 11:37 - 2018-08-17 11:37 - 002480640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\opencv_imgproc320.dll
2018-08-17 11:37 - 2018-08-17 11:37 - 002280960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\opencv_core320.dll
2018-03-30 00:26 - 2018-03-30 00:27 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-08-29 01:18 - 2018-08-29 01:19 - 014333440 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-08-29 01:18 - 2018-08-29 01:18 - 003544576 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-08-29 01:18 - 2018-08-29 01:18 - 002869248 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-08-29 01:18 - 2018-08-29 01:19 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-27 19:48 - 2018-07-27 19:49 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.1000_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-04-15 20:07 - 2016-02-25 15:39 - 000374272 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpM11M13sd.dll
2018-08-08 21:42 - 2018-08-08 02:41 - 004855640 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libglesv2.dll
2018-08-08 21:42 - 2018-08-08 02:41 - 000115544 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libegl.dll
2017-11-23 16:47 - 2017-11-13 16:49 - 000085200 _____ () C:\Users\Admin\AppData\Roaming\Seznam.cz\bin\9223libfoxloader.dll
2015-01-27 17:10 - 2015-01-27 17:10 - 000109736 _____ () C:\Program Files (x86)\MagicPlus\crashreport.dll
2015-01-27 17:10 - 2015-01-27 17:10 - 000354472 _____ () C:\Program Files (x86)\MagicPlus\UsbHelper.dll
2014-01-22 13:53 - 2014-01-22 13:53 - 001607680 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\BDR_info.dll
2015-02-16 10:47 - 2015-02-16 10:47 - 000105472 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\ycc.dll
2017-04-05 19:43 - 2018-02-21 11:36 - 000869584 _____ () C:\Users\Admin\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
2014-03-20 12:43 - 2014-03-20 12:43 - 001241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Admin\Desktop\1seznam.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\1seznam.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\2seznam.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\2seznam.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\aci opr.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\aci opr.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap4.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\czcdobro.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\czcdobro.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\fakm1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\fakm1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\fakm2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\fakm2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\geis scan.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\geis scan.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\GEIS zrušit.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\GEIS zrušit.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\geisreklam1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\geisreklam1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\geisreklam2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\geisreklam2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\geiszz.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\geiszz.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\k2moto.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\k2moto.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\karel1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\karel1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\karel2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\karel2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\karel3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\karel3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\mtz faktura prox inter.jpg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\mtz faktura prox inter.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\mtz fakturaprox.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\mtz fakturaprox.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\navod.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\navod.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\navod2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\navod2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\njm1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\njm1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\njm2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\njm2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\njm3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\njm3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\njm4.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\njm4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\O1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\O1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\O2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\O2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\p1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\p1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\p2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\p2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\p3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\p3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\p4.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\p4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\seznam smlouva 2018.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\seznam smlouva 2018.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\smlouva vito 1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\smlouva vito 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\smlouva vito 2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\smlouva vito 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T4.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T5.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T5.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T6.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T6.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\tp1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\tp1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\tp2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\tp2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\tp3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\tp3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\UP Vlada.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\UP Vlada.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\vt.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\vt.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\zdenazadost.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\zdenazadost.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Documents\kodex1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Documents\kodex1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Documents\kodex2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Documents\kodex2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Documents\kodex3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Documents\kodex3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Documents\kodex3a.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Documents\kodex3a.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09172018204013587\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2547403967-366569612-2425474682-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F795A73E-0293-48D2-AB42-8C103C20AD39}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6201AF9B-1F22-4328-9557-6FEAFCCA5052}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{02BCD9DF-1088-4EE9-BF9E-C676245030D9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6C3AF8EC-0CC0-489C-A367-87D62ACB2CE2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7B7CF6A5-5945-476E-A332-F3494CD90628}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{16C041EF-53E3-498B-AD37-2360B78FFC07}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M476\bin\EWSProxy.exe
FirewallRules: [{1B076A7B-35FC-47E3-9ED6-82259BF0180F}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M476\bin\FaxApplications.exe
FirewallRules: [{081F1A42-E0CD-4970-B083-DC860A7F7789}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M476\bin\DigitalWizards.exe
FirewallRules: [{D481106C-2EDF-4C48-95B9-17C84EBC4DD0}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M476\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{1011BEBA-1C35-49E8-9B6A-75D3CD20A084}] => (Allow) C:\Program Files\HP\HP Color LaserJet Pro MFP M476\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{51FB98C5-0BDA-4324-95EA-A7E7731D5782}] => (Allow) C:\Program Files\HP\HP Color LaserJet Pro MFP M476\bin\FaxPrinterUtility.exe
FirewallRules: [{FBDD0F82-B960-4D65-B675-8F6C4F1F2AC9}] => (Allow) C:\Program Files\HP\HP Color LaserJet Pro MFP M476\bin\SendAFax.exe
FirewallRules: [{EFFD4A87-FAB0-41F5-90E6-D0E1D94638BB}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\UMI.exe
FirewallRules: [{2376BC9A-C3EF-4EFE-9F6B-774EE5E2B24E}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\UMI.exe
FirewallRules: [{B411437F-A4DB-4285-9596-1515CDBB3182}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\NGStudio.exe
FirewallRules: [{934EA327-76A9-48CD-9AE8-BBA0058DFCB6}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\NGStudio.exe
FirewallRules: [{940E5BE0-A9C4-4B4E-ACA1-D5F63B64ADE5}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\RM.exe
FirewallRules: [{DC539DFF-DA0C-486A-83D2-BBA8E406D0B1}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\RM.exe
FirewallRules: [UDP Query User{B06AEC4D-5016-4739-9F93-4FC02BC586F3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{56931A72-63EE-4109-BC74-FB31C939B856}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{66485757-8A4A-4A18-9AB7-F30CFD8D694C}] => (Allow) LPort=427
FirewallRules: [{B2AFBF5C-B415-4991-80AA-E1E675D79CA3}] => (Allow) LPort=161
FirewallRules: [{551B51A3-FF28-447C-B20F-CDD6BF0DAE20}] => (Allow) LPort=427
FirewallRules: [{D1CDD011-9817-49BE-9F78-9F20FEAD108B}] => (Allow) LPort=9100
FirewallRules: [UDP Query User{3EB6306E-2505-493C-91B1-EC354FC84692}C:\program files (x86)\gigabyte\appcenter\gbupdate.exe] => (Allow) C:\program files (x86)\gigabyte\appcenter\gbupdate.exe
FirewallRules: [TCP Query User{32C4F8A7-0B3B-44B0-B68C-28034FF9DC04}C:\program files (x86)\gigabyte\appcenter\gbupdate.exe] => (Allow) C:\program files (x86)\gigabyte\appcenter\gbupdate.exe
FirewallRules: [{30B7D373-6355-44B6-9E6F-A90172EF37FA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{25ECA732-91A6-4F0F-84AC-5614AF3E76D3}C:\program files (x86)\magicplus\magicplus.exe] => (Allow) C:\program files (x86)\magicplus\magicplus.exe
FirewallRules: [UDP Query User{9DE90534-BB16-4BF9-907A-26E4D45F4E87}C:\program files (x86)\magicplus\magicplus.exe] => (Allow) C:\program files (x86)\magicplus\magicplus.exe
FirewallRules: [{F80B7D57-5307-44DD-862A-F4906722B298}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F75E6FC8-B433-4ED1-B115-7691A932636B}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{CD5BFDF3-6502-4C2A-B348-BECBC5B4BF0C}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{CFC605A1-F4C4-4677-AA38-1E7415714143}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4A3547CF-8B0D-4541-B236-7521D580F326}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/18/2018 03:44:51 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\MagicPlus\MagicPlus.exe se nezdařilo. Chyba v souboru manifestu nebo zásad na řádku .
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.285_none_fb4297e330656775.manifest.
Součást 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.285_none_42efceba44e1907b.manifest.

Error: (09/18/2018 03:09:47 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\MagicPlus\MagicPlus.exe se nezdařilo. Chyba v souboru manifestu nebo zásad na řádku .
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.285_none_fb4297e330656775.manifest.
Součást 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.285_none_42efceba44e1907b.manifest.

Error: (09/18/2018 03:08:35 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\MagicPlus\MagicPlus.exe se nezdařilo. Chyba v souboru manifestu nebo zásad na řádku .
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.285_none_fb4297e330656775.manifest.
Součást 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.285_none_42efceba44e1907b.manifest.

Error: (09/18/2018 11:26:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny RegSetValueExW(0x00000500,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000006C62CFE7D0.72) došlo k neočekávané chybě. hr= 0x80070005, Přístup byl odepřen.
.

Error: (09/18/2018 11:26:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny RegSetValueExW(0x0000091c,(null),0,REG_BINARY,0000002A492FD470.72) došlo k neočekávané chybě. hr= 0x80070005, Přístup byl odepřen.
.


Operace:
Událost BackupShutdown

Kontext:
Kontext spuštění: Writer
ID třídy modulu pro zápis: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Název modulu pro zápis: MSSearch Service Writer
ID instance modulu pro zápis: {635cf57b-71b0-4f3f-b587-4bb41cd6a712}

Error: (09/18/2018 11:26:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny RegSetValueExW(0x00000270,(null),0,REG_BINARY,0000007B8527D550.72) došlo k neočekávané chybě. hr= 0x80070005, Přístup byl odepřen.
.


Operace:
Událost BackupShutdown

Kontext:
Kontext spuštění: Writer
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {5caf8f62-d467-4d72-a116-f604de0ad125}

Error: (09/18/2018 11:26:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny RegSetValueExW(0x00000270,(null),0,REG_BINARY,0000002BDC5FD5F0.72) došlo k neočekávané chybě. hr= 0x80070005, Přístup byl odepřen.
.


Operace:
Událost BackupShutdown

Kontext:
Kontext spuštění: Writer
ID třídy modulu pro zápis: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Název modulu pro zápis: WMI Writer
ID instance modulu pro zápis: {fe1a4fa5-31d8-4f4e-a956-270b6e56199f}

Error: (09/18/2018 11:26:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny RegSetValueExW(0x0000091c,(null),0,REG_BINARY,0000002A492FD480.72) došlo k neočekávané chybě. hr= 0x80070005, Přístup byl odepřen.
.


Operace:
Událost BackupShutdown

Kontext:
Kontext spuštění: Writer
ID třídy modulu pro zápis: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Název modulu pro zápis: MSSearch Service Writer
ID instance modulu pro zápis: {635cf57b-71b0-4f3f-b587-4bb41cd6a712}


System errors:
=============
Error: (09/18/2018 03:43:27 PM) (Source: DCOM) (EventID: 10016) (User: Admin-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Admin-PC\Admin (SID: S-1-5-21-2547403967-366569612-2425474682-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (09/18/2018 03:40:29 PM) (Source: DCOM) (EventID: 10016) (User: Admin-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Admin-PC\Admin (SID: S-1-5-21-2547403967-366569612-2425474682-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (09/18/2018 01:50:24 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Volání ScRegSetValueExW skončilo neúspěšné pro Type s touto chybou:
Přístup byl odepřen.

Error: (09/18/2018 12:50:28 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Volání ScRegSetValueExW skončilo neúspěšné pro Type s touto chybou:
Přístup byl odepřen.

Error: (09/18/2018 12:50:27 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Volání ScRegSetValueExW skončilo neúspěšné pro DeleteFlag s touto chybou:
Přístup byl odepřen.

Error: (09/18/2018 12:19:08 PM) (Source: DCOM) (EventID: 10016) (User: Admin-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
a APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
uživateli Admin-PC\Admin (SID: S-1-5-21-2547403967-366569612-2425474682-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (09/18/2018 10:51:09 AM) (Source: DCOM) (EventID: 10016) (User: Admin-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Admin-PC\Admin (SID: S-1-5-21-2547403967-366569612-2425474682-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (09/18/2018 10:49:23 AM) (Source: DCOM) (EventID: 10016) (User: Admin-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Admin-PC\Admin (SID: S-1-5-21-2547403967-366569612-2425474682-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


Windows Defender:
===================================
Date: 2018-09-17 15:50:41.548
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:JS/CoinHive.A
ID: 2147729066
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\ProgramData\ESET\ESET Security\httpblk.dat; file:_C:\Windows\System32\config\systemprofile\AppData\Local\ESET\ESET Security\Quarantine\0544FD0AE1797A6F5F357A2E82677B55A3048A8E.tmp
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\ESET\ESET Security\ekrn.exe
Verze podpisu: AV: 1.275.1362.0, AS: 1.275.1362.0, NIS: 1.275.1362.0
Verze modulu: AM: 1.1.15200.1, NIS: 1.1.15200.1

Date: 2018-09-17 15:50:41.424
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:JS/CoinHive.A
ID: 2147729066
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Windows\System32\config\systemprofile\AppData\Local\ESET\ESET Security\Quarantine\0544FD0AE1797A6F5F357A2E82677B55A3048A8E.tmp
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\ESET\ESET Security\ekrn.exe
Verze podpisu: AV: 1.275.1362.0, AS: 1.275.1362.0, NIS: 1.275.1362.0
Verze modulu: AM: 1.1.15200.1, NIS: 1.1.15200.1

Date: 2018-09-14 14:55:24.256
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {66A48287-BEB0-48C4-9B23-B171CA677D5C}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

CodeIntegrity:
===================================

Date: 2018-05-18 10:13:35.051
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.

Date: 2018-05-18 10:13:34.549
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.

Date: 2018-05-18 10:13:15.605
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.

Date: 2018-05-18 10:13:14.708
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4160 CPU @ 3.60GHz
Percentage of memory in use: 32%
Total physical RAM: 16249.14 MB
Available physical RAM: 10999.41 MB
Total Virtual: 18681.14 MB
Available Virtual: 13623.24 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.73 GB) (Free:742.33 GB) NTFS

\\?\Volume{1950d401-abba-11e4-824e-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.34 GB) (Free:0.07 GB) NTFS
\\?\Volume{ef91a368-0000-0000-0000-80c4e8000000}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: EF91A368)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

Re: Pomoc s odstraněním JS/CoinMiner.AH LOGY RSIT

Napsal: 18 zář 2018 15:59
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKU\S-1-5-21-2547403967-366569612-2425474682-1001\...\MountPoints2: {0ddbb37f-67d6-11e7-82d2-fcaa143088de} - "E:\HiSuiteDownLoader.exe"
C:\Users\Admin\Desktop\krytbLRUwHFEIFcb4SwtXJsNQBXXmMPzNDl2-9LJURLNTH8gIuc3M-vahBEe4fjeVqKnSwSRuNKwiKQVKWrI4EX50npliNXfxuOcvFzMVFpSl0hecnXXA44MDBnMYJUTBysEhMFBF_KNRE3gruwEXTz0r18gCZtdoyqCX-rk-pBzg5SUFwWsaH7seXx2kzkMmFy-iXbJmsjszZ9Xr6XLFTVc_IYywYS-tzf4DSVoAPlb1-sqELDTgqT46q.htm"
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Admin\AppData\Local\Temp
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {0C05C409-14A3-4984-9D1A-DF9BDFF24267} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {11C6A59A-6FAD-4BA6-B101-6425E3E0A300} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2547403967-366569612-2425474682-1001UA => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2017-08-01] (Google Inc.)
Task: {2F100463-4CFE-48CA-8F13-5BCA9480BA46} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {36744E1E-425E-49AF-B7B0-64F80BF44632} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-18] (Google Inc.)
Task: {3CE4D5CC-7A57-411D-8B2C-8DB3A5FB8089} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3FA4FEF2-EA43-4824-81D3-214AA4864543} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3FC5158E-560D-47B9-9F07-C217A27FB87D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {4CE19C44-A739-4920-A4BF-659D0A203215} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {517314D1-59D1-4B88-86E9-405368CBEE2A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {526A2D94-D226-4956-958B-8D999A662858} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5F31E154-E87C-4CCE-A97D-D05C3F1EFDF5} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {75A262FB-1018-4536-90DF-5B8B100BAC5E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {85A96576-AC74-4CF2-933D-18E4B37F4102} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8A6BC92F-6142-4162-A090-5AD2D91E59E5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9D2D7911-8F1D-428C-A9E5-B39139DF08E8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {AED8FC15-4B0B-4C66-B335-093A59C56878} - \WPD\SqmUpload_S-1-5-21-2547403967-366569612-2425474682-1001 -> No File <==== ATTENTION
Task: {CC0A7CC4-2B2B-4CFD-97B3-C177137D7C55} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-18] (Google Inc.)
Task: {FC424B6D-051E-4375-98F6-1331DC197CEC} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {FC6B5B21-A07C-496D-BFE4-573F01C3A898} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Admin\Desktop\1seznam.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\1seznam.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\2seznam.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\2seznam.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\aci opr.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\aci opr.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap4.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\czcdobro.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\czcdobro.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\fakm1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\fakm1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\fakm2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\fakm2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\geis scan.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\geis scan.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\GEIS zrušit.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\GEIS zrušit.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\geisreklam1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\geisreklam1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\geisreklam2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\geisreklam2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\geiszz.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\geiszz.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\k2moto.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\k2moto.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\karel1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\karel1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\karel2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\karel2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\karel3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\karel3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\mtz faktura prox inter.jpg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\mtz faktura prox inter.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\mtz fakturaprox.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\mtz fakturaprox.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\navod.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\navod.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\navod2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\navod2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\njm1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\njm1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\njm2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\njm2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\njm3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\njm3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\njm4.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\njm4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\O1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\O1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\O2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\O2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\p1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\p1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\p2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\p2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\p3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\p3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\p4.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\p4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\seznam smlouva 2018.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\seznam smlouva 2018.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\smlouva vito 1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\smlouva vito 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\smlouva vito 2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\smlouva vito 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T4.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T5.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T5.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T6.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T6.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\tp1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\tp1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\tp2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\tp2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\tp3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\tp3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\UP Vlada.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\UP Vlada.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\vt.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\vt.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\zdenazadost.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\zdenazadost.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Documents\kodex1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Documents\kodex1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Documents\kodex2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Documents\kodex2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Documents\kodex3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Documents\kodex3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Documents\kodex3a.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Documents\kodex3a.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Pomoc s odstraněním JS/CoinMiner.AH LOGY RSIT

Napsal: 19 zář 2018 09:00
od KEnik
Díky,
fixnuto log níže.
Chtělo to restart pri spustení fixu
obtíže přetrvávají.
Kam se můžeme ozvat pro opravu na dálku?
Díky

*************************************
Fix result of Farbar Recovery Scan Tool (x64) Version: 15.09.2018
Ran by Admin (19-09-2018 09:46:02) Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKU\S-1-5-21-2547403967-366569612-2425474682-1001\...\MountPoints2: {0ddbb37f-67d6-11e7-82d2-fcaa143088de} - "E:\HiSuiteDownLoader.exe"
C:\Users\Admin\Desktop\krytbLRUwHFEIFcb4SwtXJsNQBXXmMPzNDl2-9LJURLNTH8gIuc3M-vahBEe4fjeVqKnSwSRuNKwiKQVKWrI4EX50npliNXfxuOcvFzMVFpSl0hecnXXA44MDBnMYJUTBysEhMFBF_KNRE3gruwEXTz0r18gCZtdoyqCX-rk-pBzg5SUFwWsaH7seXx2kzkMmFy-iXbJmsjszZ9Xr6XLFTVc_IYywYS-tzf4DSVoAPlb1-sqELDTgqT46q.htm"
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Admin\AppData\Local\Temp
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {0C05C409-14A3-4984-9D1A-DF9BDFF24267} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {11C6A59A-6FAD-4BA6-B101-6425E3E0A300} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2547403967-366569612-2425474682-1001UA => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2017-08-01] (Google Inc.)
Task: {2F100463-4CFE-48CA-8F13-5BCA9480BA46} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {36744E1E-425E-49AF-B7B0-64F80BF44632} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-18] (Google Inc.)
Task: {3CE4D5CC-7A57-411D-8B2C-8DB3A5FB8089} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3FA4FEF2-EA43-4824-81D3-214AA4864543} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3FC5158E-560D-47B9-9F07-C217A27FB87D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {4CE19C44-A739-4920-A4BF-659D0A203215} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {517314D1-59D1-4B88-86E9-405368CBEE2A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {526A2D94-D226-4956-958B-8D999A662858} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5F31E154-E87C-4CCE-A97D-D05C3F1EFDF5} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {75A262FB-1018-4536-90DF-5B8B100BAC5E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {85A96576-AC74-4CF2-933D-18E4B37F4102} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8A6BC92F-6142-4162-A090-5AD2D91E59E5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9D2D7911-8F1D-428C-A9E5-B39139DF08E8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {AED8FC15-4B0B-4C66-B335-093A59C56878} - \WPD\SqmUpload_S-1-5-21-2547403967-366569612-2425474682-1001 -> No File <==== ATTENTION
Task: {CC0A7CC4-2B2B-4CFD-97B3-C177137D7C55} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-18] (Google Inc.)
Task: {FC424B6D-051E-4375-98F6-1331DC197CEC} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {FC6B5B21-A07C-496D-BFE4-573F01C3A898} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Admin\Desktop\1seznam.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\1seznam.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\2seznam.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\2seznam.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\aci opr.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\aci opr.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap4.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\czcdobro.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\czcdobro.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\fakm1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\fakm1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\fakm2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\fakm2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\geis scan.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\geis scan.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\GEIS zru�it.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\GEIS zru�it.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\geisreklam1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\geisreklam1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\geisreklam2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\geisreklam2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\geiszz.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\geiszz.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\k2moto.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\k2moto.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\karel1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\karel1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\karel2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\karel2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\karel3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\karel3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\mtz faktura prox inter.jpg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\mtz faktura prox inter.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\mtz fakturaprox.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\mtz fakturaprox.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\navod.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\navod.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\navod2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\navod2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\njm1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\njm1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\njm2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\njm2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\njm3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\njm3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\njm4.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\njm4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\O1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\O1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\O2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\O2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\p1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\p1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\p2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\p2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\p3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\p3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\p4.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\p4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\seznam smlouva 2018.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\seznam smlouva 2018.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\smlouva vito 1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\smlouva vito 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\smlouva vito 2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\smlouva vito 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T4.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T5.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T5.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T6.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T6.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\tp1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\tp1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\tp2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\tp2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\tp3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\tp3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\UP Vlada.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\UP Vlada.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\vt.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\vt.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\zdenazadost.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\zdenazadost.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Documents\kodex1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Documents\kodex1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Documents\kodex2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Documents\kodex2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Documents\kodex3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Documents\kodex3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Documents\kodex3a.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Documents\kodex3a.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

EmptyTemp:
End
*****************

Processes closed successfully.
"HKU\S-1-5-21-2547403967-366569612-2425474682-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ddbb37f-67d6-11e7-82d2-fcaa143088de}" => removed successfully
HKLM\Software\Classes\CLSID\{0ddbb37f-67d6-11e7-82d2-fcaa143088de} => not found
"C:\Users\Admin\Desktop\krytbLRUwHFEIFcb4SwtXJsNQBXXmMPzNDl2-9LJURLNTH8gIuc3M-vahBEe4fjeVqKnSwSRuNKwiKQVKWrI4EX50npliNXfxuOcvFzMVFpSl0hecnXXA44MDBnMYJUTBysEhMFBF_KNRE3gruwEXTz0r18gCZtdoyqCX-rk-pBzg5SUFwWsaH7seXx2kzkMmFy-iXbJmsjszZ9Xr6XLFTVc_IYywYS-tzf4DSVoAPlb1-sqELDTgqT46q.htm" => not found
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully

"C:\Users\Admin\AppData\Local\Temp" folder move:

Could not move "C:\Users\Admin\AppData\Local\Temp" => Scheduled to move on reboot.

"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0C05C409-14A3-4984-9D1A-DF9BDFF24267}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C05C409-14A3-4984-9D1A-DF9BDFF24267}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11C6A59A-6FAD-4BA6-B101-6425E3E0A300}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11C6A59A-6FAD-4BA6-B101-6425E3E0A300}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2547403967-366569612-2425474682-1001UA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-2547403967-366569612-2425474682-1001UA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F100463-4CFE-48CA-8F13-5BCA9480BA46}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F100463-4CFE-48CA-8F13-5BCA9480BA46}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{36744E1E-425E-49AF-B7B0-64F80BF44632}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36744E1E-425E-49AF-B7B0-64F80BF44632}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3CE4D5CC-7A57-411D-8B2C-8DB3A5FB8089}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CE4D5CC-7A57-411D-8B2C-8DB3A5FB8089}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3FA4FEF2-EA43-4824-81D3-214AA4864543}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FA4FEF2-EA43-4824-81D3-214AA4864543}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3FC5158E-560D-47B9-9F07-C217A27FB87D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FC5158E-560D-47B9-9F07-C217A27FB87D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4CE19C44-A739-4920-A4BF-659D0A203215}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CE19C44-A739-4920-A4BF-659D0A203215}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{517314D1-59D1-4B88-86E9-405368CBEE2A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{517314D1-59D1-4B88-86E9-405368CBEE2A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{526A2D94-D226-4956-958B-8D999A662858}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{526A2D94-D226-4956-958B-8D999A662858}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F31E154-E87C-4CCE-A97D-D05C3F1EFDF5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F31E154-E87C-4CCE-A97D-D05C3F1EFDF5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75A262FB-1018-4536-90DF-5B8B100BAC5E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75A262FB-1018-4536-90DF-5B8B100BAC5E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{85A96576-AC74-4CF2-933D-18E4B37F4102}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85A96576-AC74-4CF2-933D-18E4B37F4102}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A6BC92F-6142-4162-A090-5AD2D91E59E5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A6BC92F-6142-4162-A090-5AD2D91E59E5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9D2D7911-8F1D-428C-A9E5-B39139DF08E8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D2D7911-8F1D-428C-A9E5-B39139DF08E8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AED8FC15-4B0B-4C66-B335-093A59C56878}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AED8FC15-4B0B-4C66-B335-093A59C56878}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2547403967-366569612-2425474682-1001" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC0A7CC4-2B2B-4CFD-97B3-C177137D7C55}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC0A7CC4-2B2B-4CFD-97B3-C177137D7C55}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC424B6D-051E-4375-98F6-1331DC197CEC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC424B6D-051E-4375-98F6-1331DC197CEC}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC6B5B21-A07C-496D-BFE4-573F01C3A898}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC6B5B21-A07C-496D-BFE4-573F01C3A898}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => removed successfully
C:\Users\Admin\Desktop\1seznam.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\1seznam.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\2seznam.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\2seznam.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\aci opr.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\aci opr.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\ANO zap1.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\ANO zap1.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\ANO zap2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\ANO zap2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\ANO zap3.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\ANO zap3.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\ANO zap4.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\ANO zap4.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\czcdobro.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\czcdobro.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\fakm1.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\fakm1.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\fakm2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\fakm2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\geis scan.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\geis scan.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
"C:\Users\Admin\Desktop\GEIS zru�it.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
"C:\Users\Admin\Desktop\GEIS zru�it.jpeg" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found.
C:\Users\Admin\Desktop\geisreklam1.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\geisreklam1.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\geisreklam2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\geisreklam2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\geiszz.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\geiszz.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\k2moto.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\k2moto.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\karel1.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\karel1.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\karel2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\karel2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\karel3.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\karel3.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\mtz faktura prox inter.jpg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\mtz faktura prox inter.jpg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\mtz fakturaprox.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\mtz fakturaprox.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\navod.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\navod.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\navod2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\navod2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\njm1.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\njm1.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\njm2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\njm2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\njm3.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\njm3.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\njm4.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\njm4.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\O1.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\O1.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\O2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\O2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\p1.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\p1.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\p2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\p2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\p3.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\p3.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\p4.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\p4.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\seznam smlouva 2018.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\seznam smlouva 2018.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\smlouva vito 1.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\smlouva vito 1.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\smlouva vito 2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\smlouva vito 2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\T1.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\T1.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\T2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\T2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\T3.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\T3.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\T4.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\T4.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\T5.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\T5.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\T6.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\T6.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\tp1.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\tp1.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\tp2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\tp2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\tp3.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\tp3.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\UP Vlada.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\UP Vlada.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\vt.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\vt.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\zdenazadost.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\zdenazadost.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Documents\kodex1.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Documents\kodex1.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Documents\kodex2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Documents\kodex2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Documents\kodex3.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Documents\kodex3.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Documents\kodex3a.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Documents\kodex3a.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 191785841 B
Java, Flash, Steam htmlcache => 1710 B
Windows/system/drivers => 9203923 B
Edge => 15511 B
Chrome => 106036125 B
Firefox => 719194048 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 7048 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 7952 B
LocalService => 0 B
NetworkService => 7048 B
NetworkService => 0 B
Admin => 23800696 B

RecycleBin => 0 B
EmptyTemp: => 1010.2 MB temporary data Removed.

================================

Re: Pomoc s odstraněním JS/CoinMiner.AH LOGY RSIT

Napsal: 19 zář 2018 09:00
od KEnik
Díky,
fixnuto log níže.
Chtělo to restart pri spustení fixu
obtíže přetrvávají.
Kam se můžeme ozvat pro opravu na dálku?
Díky

*************************************
Fix result of Farbar Recovery Scan Tool (x64) Version: 15.09.2018
Ran by Admin (19-09-2018 09:46:02) Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKU\S-1-5-21-2547403967-366569612-2425474682-1001\...\MountPoints2: {0ddbb37f-67d6-11e7-82d2-fcaa143088de} - "E:\HiSuiteDownLoader.exe"
C:\Users\Admin\Desktop\krytbLRUwHFEIFcb4SwtXJsNQBXXmMPzNDl2-9LJURLNTH8gIuc3M-vahBEe4fjeVqKnSwSRuNKwiKQVKWrI4EX50npliNXfxuOcvFzMVFpSl0hecnXXA44MDBnMYJUTBysEhMFBF_KNRE3gruwEXTz0r18gCZtdoyqCX-rk-pBzg5SUFwWsaH7seXx2kzkMmFy-iXbJmsjszZ9Xr6XLFTVc_IYywYS-tzf4DSVoAPlb1-sqELDTgqT46q.htm"
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Admin\AppData\Local\Temp
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {0C05C409-14A3-4984-9D1A-DF9BDFF24267} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {11C6A59A-6FAD-4BA6-B101-6425E3E0A300} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2547403967-366569612-2425474682-1001UA => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2017-08-01] (Google Inc.)
Task: {2F100463-4CFE-48CA-8F13-5BCA9480BA46} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {36744E1E-425E-49AF-B7B0-64F80BF44632} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-18] (Google Inc.)
Task: {3CE4D5CC-7A57-411D-8B2C-8DB3A5FB8089} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3FA4FEF2-EA43-4824-81D3-214AA4864543} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3FC5158E-560D-47B9-9F07-C217A27FB87D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {4CE19C44-A739-4920-A4BF-659D0A203215} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {517314D1-59D1-4B88-86E9-405368CBEE2A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {526A2D94-D226-4956-958B-8D999A662858} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5F31E154-E87C-4CCE-A97D-D05C3F1EFDF5} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {75A262FB-1018-4536-90DF-5B8B100BAC5E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {85A96576-AC74-4CF2-933D-18E4B37F4102} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8A6BC92F-6142-4162-A090-5AD2D91E59E5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9D2D7911-8F1D-428C-A9E5-B39139DF08E8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {AED8FC15-4B0B-4C66-B335-093A59C56878} - \WPD\SqmUpload_S-1-5-21-2547403967-366569612-2425474682-1001 -> No File <==== ATTENTION
Task: {CC0A7CC4-2B2B-4CFD-97B3-C177137D7C55} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-18] (Google Inc.)
Task: {FC424B6D-051E-4375-98F6-1331DC197CEC} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {FC6B5B21-A07C-496D-BFE4-573F01C3A898} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Admin\Desktop\1seznam.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\1seznam.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\2seznam.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\2seznam.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\aci opr.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\aci opr.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap4.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\ANO zap4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\czcdobro.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\czcdobro.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\fakm1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\fakm1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\fakm2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\fakm2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\geis scan.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\geis scan.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\GEIS zru�it.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\GEIS zru�it.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\geisreklam1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\geisreklam1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\geisreklam2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\geisreklam2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\geiszz.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\geiszz.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\k2moto.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\k2moto.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\karel1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\karel1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\karel2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\karel2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\karel3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\karel3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\mtz faktura prox inter.jpg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\mtz faktura prox inter.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\mtz fakturaprox.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\mtz fakturaprox.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\navod.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\navod.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\navod2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\navod2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\njm1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\njm1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\njm2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\njm2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\njm3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\njm3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\njm4.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\njm4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\O1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\O1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\O2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\O2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\p1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\p1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\p2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\p2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\p3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\p3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\p4.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\p4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\seznam smlouva 2018.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\seznam smlouva 2018.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\smlouva vito 1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\smlouva vito 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\smlouva vito 2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\smlouva vito 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T4.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T5.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T5.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\T6.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\T6.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\tp1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\tp1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\tp2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\tp2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\tp3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\tp3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\UP Vlada.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\UP Vlada.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\vt.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\vt.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Desktop\zdenazadost.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Desktop\zdenazadost.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Documents\kodex1.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Documents\kodex1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Documents\kodex2.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Documents\kodex2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Documents\kodex3.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Documents\kodex3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Admin\Documents\kodex3a.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Admin\Documents\kodex3a.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

EmptyTemp:
End
*****************

Processes closed successfully.
"HKU\S-1-5-21-2547403967-366569612-2425474682-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ddbb37f-67d6-11e7-82d2-fcaa143088de}" => removed successfully
HKLM\Software\Classes\CLSID\{0ddbb37f-67d6-11e7-82d2-fcaa143088de} => not found
"C:\Users\Admin\Desktop\krytbLRUwHFEIFcb4SwtXJsNQBXXmMPzNDl2-9LJURLNTH8gIuc3M-vahBEe4fjeVqKnSwSRuNKwiKQVKWrI4EX50npliNXfxuOcvFzMVFpSl0hecnXXA44MDBnMYJUTBysEhMFBF_KNRE3gruwEXTz0r18gCZtdoyqCX-rk-pBzg5SUFwWsaH7seXx2kzkMmFy-iXbJmsjszZ9Xr6XLFTVc_IYywYS-tzf4DSVoAPlb1-sqELDTgqT46q.htm" => not found
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully

"C:\Users\Admin\AppData\Local\Temp" folder move:

Could not move "C:\Users\Admin\AppData\Local\Temp" => Scheduled to move on reboot.

"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0C05C409-14A3-4984-9D1A-DF9BDFF24267}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C05C409-14A3-4984-9D1A-DF9BDFF24267}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11C6A59A-6FAD-4BA6-B101-6425E3E0A300}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11C6A59A-6FAD-4BA6-B101-6425E3E0A300}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2547403967-366569612-2425474682-1001UA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-2547403967-366569612-2425474682-1001UA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F100463-4CFE-48CA-8F13-5BCA9480BA46}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F100463-4CFE-48CA-8F13-5BCA9480BA46}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{36744E1E-425E-49AF-B7B0-64F80BF44632}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36744E1E-425E-49AF-B7B0-64F80BF44632}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3CE4D5CC-7A57-411D-8B2C-8DB3A5FB8089}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CE4D5CC-7A57-411D-8B2C-8DB3A5FB8089}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3FA4FEF2-EA43-4824-81D3-214AA4864543}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FA4FEF2-EA43-4824-81D3-214AA4864543}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3FC5158E-560D-47B9-9F07-C217A27FB87D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FC5158E-560D-47B9-9F07-C217A27FB87D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4CE19C44-A739-4920-A4BF-659D0A203215}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CE19C44-A739-4920-A4BF-659D0A203215}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{517314D1-59D1-4B88-86E9-405368CBEE2A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{517314D1-59D1-4B88-86E9-405368CBEE2A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{526A2D94-D226-4956-958B-8D999A662858}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{526A2D94-D226-4956-958B-8D999A662858}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F31E154-E87C-4CCE-A97D-D05C3F1EFDF5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F31E154-E87C-4CCE-A97D-D05C3F1EFDF5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75A262FB-1018-4536-90DF-5B8B100BAC5E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75A262FB-1018-4536-90DF-5B8B100BAC5E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{85A96576-AC74-4CF2-933D-18E4B37F4102}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85A96576-AC74-4CF2-933D-18E4B37F4102}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A6BC92F-6142-4162-A090-5AD2D91E59E5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A6BC92F-6142-4162-A090-5AD2D91E59E5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9D2D7911-8F1D-428C-A9E5-B39139DF08E8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D2D7911-8F1D-428C-A9E5-B39139DF08E8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AED8FC15-4B0B-4C66-B335-093A59C56878}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AED8FC15-4B0B-4C66-B335-093A59C56878}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2547403967-366569612-2425474682-1001" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC0A7CC4-2B2B-4CFD-97B3-C177137D7C55}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC0A7CC4-2B2B-4CFD-97B3-C177137D7C55}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC424B6D-051E-4375-98F6-1331DC197CEC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC424B6D-051E-4375-98F6-1331DC197CEC}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC6B5B21-A07C-496D-BFE4-573F01C3A898}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC6B5B21-A07C-496D-BFE4-573F01C3A898}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => removed successfully
C:\Users\Admin\Desktop\1seznam.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\1seznam.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\2seznam.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\2seznam.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\aci opr.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\aci opr.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\ANO zap1.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\ANO zap1.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\ANO zap2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\ANO zap2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\ANO zap3.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\ANO zap3.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\ANO zap4.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\ANO zap4.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\czcdobro.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\czcdobro.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\fakm1.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\fakm1.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\fakm2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\fakm2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\geis scan.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\geis scan.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
"C:\Users\Admin\Desktop\GEIS zru�it.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
"C:\Users\Admin\Desktop\GEIS zru�it.jpeg" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found.
C:\Users\Admin\Desktop\geisreklam1.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\geisreklam1.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\geisreklam2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\geisreklam2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\geiszz.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\geiszz.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\k2moto.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\k2moto.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\karel1.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\karel1.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\karel2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\karel2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\karel3.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\karel3.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\mtz faktura prox inter.jpg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\mtz faktura prox inter.jpg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\mtz fakturaprox.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\mtz fakturaprox.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\navod.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\navod.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\navod2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\navod2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\njm1.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\njm1.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\njm2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\njm2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\njm3.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\njm3.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\njm4.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\njm4.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\O1.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\O1.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\O2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\O2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\p1.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\p1.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\p2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\p2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\p3.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\p3.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\p4.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\p4.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\seznam smlouva 2018.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\seznam smlouva 2018.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\smlouva vito 1.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\smlouva vito 1.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\smlouva vito 2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\smlouva vito 2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\T1.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\T1.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\T2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\T2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\T3.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\T3.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\T4.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\T4.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\T5.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\T5.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\T6.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\T6.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\tp1.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\tp1.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\tp2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\tp2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\tp3.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\tp3.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\UP Vlada.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\UP Vlada.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\vt.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\vt.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Desktop\zdenazadost.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Desktop\zdenazadost.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Documents\kodex1.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Documents\kodex1.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Documents\kodex2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Documents\kodex2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Documents\kodex3.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Documents\kodex3.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Admin\Documents\kodex3a.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Admin\Documents\kodex3a.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 191785841 B
Java, Flash, Steam htmlcache => 1710 B
Windows/system/drivers => 9203923 B
Edge => 15511 B
Chrome => 106036125 B
Firefox => 719194048 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 7048 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 7952 B
LocalService => 0 B
NetworkService => 7048 B
NetworkService => 0 B
Admin => 23800696 B

RecycleBin => 0 B
EmptyTemp: => 1010.2 MB temporary data Removed.

================================

Re: Pomoc s odstraněním JS/CoinMiner.AH LOGY RSIT

Napsal: 19 zář 2018 09:13
od Rudy
OK, smazáno. Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz