VIRY.CZ

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.01.2019
Ran by Agent (administrator) on DESKTOP-T54QBQ1 (23-01-2019 15:44:29)
Running from C:\Users\Agent\Desktop
Loaded Profiles: Agent (Available Profiles: Agent)
Platform: Windows 10 Pro Version 1803 17134.523 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\NisSrv.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Wargaming.net) C:\Games\World_of_Tanks\WargamingGameUpdater.exe
(Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\wgc.exe
(Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\wargamingerrormonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-357395720-4081436159-901972258-1001\...\Run: [World of Tanks] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net)
HKU\S-1-5-21-357395720-4081436159-901972258-1001\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2550136 2018-12-19] (Wargaming.net)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-18] (Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{dc203d49-5893-4b0d-b49d-cc9f229343f1}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-12-25] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Office\Office15\OCHelper.dll [2018-06-12] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> D:\Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Office\Office15\MSOSB.DLL [2018-03-14] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-06-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxps://www.seznam.cz/"
CHR DefaultSearchKeyword: Default -> google.cz_
CHR Profile: C:\Users\Agent\AppData\Local\Google\Chrome\User Data\Default [2019-01-23]
CHR Extension: (Prezentace) - C:\Users\Agent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-03]
CHR Extension: (Dokumenty) - C:\Users\Agent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-03]
CHR Extension: (Disk Google) - C:\Users\Agent\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-09]
CHR Extension: (Zhasnout světla) - C:\Users\Agent\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2018-12-29]
CHR Extension: (Seznam doplněk - Email) - C:\Users\Agent\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2018-11-22]
CHR Extension: (Seznam doplněk - Esko-) - C:\Users\Agent\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2018-11-22]
CHR Extension: (YouTube) - C:\Users\Agent\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-03]
CHR Extension: (Adobe Acrobat) - C:\Users\Agent\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-10-24]
CHR Extension: (Tabulky) - C:\Users\Agent\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-03]
CHR Extension: (Dokumenty Google offline) - C:\Users\Agent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-03]
CHR Extension: (Rozšíření Odběry RSS (od Googlu)) - C:\Users\Agent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2018-10-03]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Agent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-10-03]
CHR Extension: (Seznam doplněk - Esko) - C:\Users\Agent\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2018-11-22]
CHR Extension: (Gmail) - C:\Users\Agent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-10-03]
CHR Extension: (Chrome Media Router) - C:\Users\Agent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-18]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 KSDE3.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [617016 2018-02-28] (AO Kaspersky Lab)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2019-01-02] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2019-01-02] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [48080 2018-02-12] (The OpenVPN Project)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_2607ccebc5b08aba\nvlddmkm.sys [20158128 2018-09-26] (NVIDIA Corporation)
S3 NVSWCFilter; C:\WINDOWS\System32\drivers\nvswcfilter.sys [36384 2018-06-14] (NVIDIA Corporation)
S3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [65792 2018-09-25] (NVIDIA Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46680 2019-01-02] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [330936 2019-01-02] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2019-01-02] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-23 15:44 - 2019-01-23 15:44 - 000011731 _____ C:\Users\Agent\Desktop\FRST.txt
2019-01-23 15:44 - 2019-01-23 15:44 - 000000000 ____D C:\FRST
2019-01-23 15:43 - 2019-01-23 15:43 - 002428416 _____ (Farbar) C:\Users\Agent\Desktop\FRST64.exe
2019-01-21 15:31 - 2019-01-21 15:34 - 146554861 _____ (Aslain ) C:\Users\Agent\Downloads\Aslains_WoT_Modpack_Installer_v.1.3.0.1_17.1.exe
2019-01-19 14:04 - 2019-01-19 14:04 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2019-01-11 21:11 - 2019-01-11 21:26 - 187593952 _____ C:\Users\Agent\Downloads\Apollo 8 Cesta k odvracene strane Mesice Dokument CZ.mp4
2019-01-10 17:40 - 2019-01-10 17:43 - 144811876 _____ (Aslain ) C:\Users\Agent\Downloads\Aslains_WoT_Modpack_Installer_v.1.3.0.1_11.exe
2019-01-09 14:52 - 2019-01-01 14:50 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-01-09 14:52 - 2019-01-01 14:47 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2019-01-09 14:52 - 2019-01-01 14:46 - 012710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-01-09 14:52 - 2019-01-01 14:45 - 000714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2019-01-09 14:52 - 2019-01-01 14:45 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2019-01-09 14:52 - 2019-01-01 14:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-01-09 14:52 - 2019-01-01 14:20 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-01-09 14:52 - 2019-01-01 14:20 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
2019-01-09 14:52 - 2019-01-01 14:18 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2019-01-09 14:52 - 2019-01-01 14:17 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2019-01-09 14:52 - 2019-01-01 08:14 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-01-09 14:52 - 2019-01-01 08:14 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-01-09 14:52 - 2019-01-01 08:14 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-01-09 14:52 - 2019-01-01 08:14 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-01-09 14:52 - 2019-01-01 08:14 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-01-09 14:52 - 2019-01-01 08:14 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-01-09 14:52 - 2019-01-01 08:13 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-01-09 14:52 - 2019-01-01 08:13 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-01-09 14:52 - 2019-01-01 08:13 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-01-09 14:52 - 2019-01-01 08:13 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-01-09 14:52 - 2019-01-01 08:13 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-01-09 14:52 - 2019-01-01 08:12 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-01-09 14:52 - 2019-01-01 08:12 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-01-09 14:52 - 2019-01-01 08:12 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-01-09 14:52 - 2019-01-01 08:12 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-01-09 14:52 - 2019-01-01 08:12 - 002421288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-01-09 14:52 - 2019-01-01 08:12 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-01-09 14:52 - 2019-01-01 08:12 - 000268304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-01-09 14:52 - 2019-01-01 08:12 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-01-09 14:52 - 2019-01-01 08:12 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-01-09 14:52 - 2019-01-01 07:55 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-01-09 14:52 - 2019-01-01 07:50 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-01-09 14:52 - 2019-01-01 07:50 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-01-09 14:52 - 2019-01-01 07:48 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-01-09 14:52 - 2019-01-01 07:48 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-01-09 14:52 - 2019-01-01 07:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
2019-01-09 14:52 - 2019-01-01 07:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-01-09 14:52 - 2019-01-01 07:47 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-01-09 14:52 - 2019-01-01 07:46 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-01-09 14:52 - 2019-01-01 07:46 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-01-09 14:52 - 2019-01-01 07:46 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-01-09 14:52 - 2019-01-01 07:45 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-01-09 14:52 - 2019-01-01 07:45 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-01-09 14:52 - 2019-01-01 07:45 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-01-09 14:52 - 2019-01-01 07:44 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-01-09 14:52 - 2019-01-01 07:44 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-01-09 14:52 - 2019-01-01 07:44 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-01-09 14:52 - 2019-01-01 07:44 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2019-01-09 14:52 - 2019-01-01 07:44 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-01-09 14:52 - 2019-01-01 07:43 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-01-09 14:52 - 2019-01-01 07:42 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-01-09 14:52 - 2019-01-01 07:42 - 002247680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2019-01-09 14:52 - 2019-01-01 07:42 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-01-09 14:52 - 2019-01-01 07:42 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-01-09 14:52 - 2019-01-01 07:41 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-01-09 14:52 - 2019-01-01 07:41 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-01-09 14:52 - 2019-01-01 07:41 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2019-01-09 14:52 - 2019-01-01 07:41 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-01-09 14:52 - 2019-01-01 07:37 - 006571584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-01-09 14:52 - 2019-01-01 07:37 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-01-09 14:52 - 2019-01-01 07:37 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-01-09 14:52 - 2019-01-01 07:37 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-01-09 14:52 - 2019-01-01 07:37 - 000880048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-01-09 14:52 - 2019-01-01 07:37 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-01-09 14:52 - 2019-01-01 07:37 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-01-09 14:52 - 2019-01-01 07:29 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-01-09 14:52 - 2019-01-01 07:22 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-01-09 14:52 - 2019-01-01 07:17 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-01-09 14:52 - 2019-01-01 07:16 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-01-09 14:52 - 2019-01-01 07:16 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-01-09 14:52 - 2019-01-01 07:16 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-01-09 14:52 - 2019-01-01 07:15 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-01-09 14:52 - 2019-01-01 07:15 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-01-09 14:52 - 2019-01-01 07:15 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-01-09 14:52 - 2019-01-01 07:15 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-01-09 14:52 - 2019-01-01 07:14 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-01-09 14:52 - 2019-01-01 07:14 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-01-09 14:52 - 2019-01-01 07:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-01-09 14:52 - 2019-01-01 07:13 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-01-09 14:52 - 2019-01-01 07:13 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-01-09 14:52 - 2019-01-01 07:13 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-01-09 14:52 - 2019-01-01 07:12 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-01-09 14:52 - 2019-01-01 07:12 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2019-01-09 14:52 - 2019-01-01 07:12 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-01-09 14:52 - 2019-01-01 07:12 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2019-01-09 14:52 - 2019-01-01 06:23 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-01-09 14:52 - 2018-12-19 05:49 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-01-02 14:49 - 2019-01-02 14:49 - 000001639 _____ C:\Users\Agent\Desktop\Nainstalovat produkt Kaspersky Internet Security verze 19.0.0.1088.lnk
2019-01-01 22:58 - 2019-01-02 15:51 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-23 15:44 - 2018-10-03 15:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-01-23 15:38 - 2018-11-21 09:09 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-01-23 15:21 - 2018-10-03 15:26 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-01-22 22:29 - 2018-10-03 14:34 - 000000000 ____D C:\ProgramData\NVIDIA
2019-01-22 22:28 - 2018-12-11 15:09 - 000000000 ____D C:\Users\Agent\Desktop\Nová složka (2)
2019-01-22 21:58 - 2018-10-03 15:26 - 000000000 ___HD C:\Program Files\WindowsApps
2019-01-22 21:58 - 2018-10-03 14:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-01-21 15:45 - 2018-11-28 16:28 - 000000880 _____ C:\Users\Agent\Desktop\Aslains WoT Logs Archiver.lnk
2019-01-21 14:42 - 2018-10-03 15:29 - 000715034 _____ C:\WINDOWS\system32\perfh005.dat
2019-01-21 14:42 - 2018-10-03 15:29 - 000144328 _____ C:\WINDOWS\system32\perfc005.dat
2019-01-21 14:42 - 2018-10-03 15:25 - 000000000 ____D C:\WINDOWS\INF
2019-01-21 14:42 - 2018-10-03 14:43 - 001689050 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-01-21 14:37 - 2018-10-03 14:35 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-01-20 22:55 - 2018-10-03 15:22 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-01-19 20:18 - 2018-10-04 14:10 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-357395720-4081436159-901972258-1001
2019-01-19 20:18 - 2018-10-03 14:35 - 000002387 _____ C:\Users\Agent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-01-19 20:18 - 2018-09-26 16:56 - 000000000 ___RD C:\Users\Agent\OneDrive
2019-01-18 19:48 - 2018-11-17 18:37 - 000000000 ____D C:\Program Files\rempl
2019-01-16 16:29 - 2018-10-03 14:35 - 000000000 ____D C:\Users\Agent
2019-01-16 14:54 - 2018-10-03 14:33 - 000426960 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-01-10 15:16 - 2018-11-08 16:57 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-01-09 18:17 - 2018-10-03 15:26 - 000000000 ____D C:\WINDOWS\TextInput
2019-01-09 18:17 - 2018-10-03 15:26 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-01-09 14:57 - 2018-10-04 14:10 - 132790320 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-01-09 14:57 - 2018-10-04 14:10 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-01-09 14:56 - 2018-10-03 15:22 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-01-09 14:55 - 2018-10-03 15:26 - 000000167 _____ C:\WINDOWS\win.ini
2019-01-05 16:04 - 2018-10-24 15:52 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-01-02 20:41 - 2018-10-03 15:28 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-01-02 20:41 - 2018-10-03 15:28 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-02 15:55 - 2018-11-21 09:09 - 000000000 ____D C:\Program Files\Common Files\AV
2019-01-02 15:55 - 2018-11-21 09:09 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2019-01-02 15:55 - 2018-10-03 15:26 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-01-02 15:55 - 2018-10-03 15:22 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-01-02 14:48 - 2018-11-21 09:07 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2019-01-02 14:43 - 2018-10-03 14:35 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-01-01 23:01 - 2018-10-04 14:06 - 000592616 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-03 14:33

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.01.2019
Ran by Agent (23-01-2019 15:45:08)
Running from C:\Users\Agent\Desktop
Windows 10 Pro Version 1803 17134.523 (X64) (2018-10-03 13:36:12)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-357395720-4081436159-901972258-500 - Administrator - Disabled)
Agent (S-1-5-21-357395720-4081436159-901972258-1001 - Administrator - Enabled) => C:\Users\Agent
DefaultAccount (S-1-5-21-357395720-4081436159-901972258-503 - Limited - Disabled)
Guest (S-1-5-21-357395720-4081436159-901972258-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-357395720-4081436159-901972258-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
Aslain's WoT Modpack verze 1.3.0.1.17 (HKLM-x32\...\Aslains_WoT_Modpack_Installer_is1) (Version: 1.3.0.1.17 - Aslain)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Kaspersky Secure Connection (HKLM-x32\...\{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab)
Luxor 2 HD (HKLM-x32\...\Luxor 2 HD1.0) (Version: 1.0 - Foxy Games)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-357395720-4081436159-901972258-1001\...\OneDriveSetup.exe) (Version: 18.240.1202.0004 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM-x32\...\{90150000-001F-0405-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM-x32\...\{90150000-001F-041B-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Ovládací panel NVIDIA 411.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 411.70 - NVIDIA Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4461557) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{BB7D10A9-A135-4EB8-82F1-8A25FEB1B327}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4461557) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0405-0000-0000000FF1CE}_Office15.PROPLUSR_{BB7D10A9-A135-4EB8-82F1-8A25FEB1B327}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4461557) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{BB7D10A9-A135-4EB8-82F1-8A25FEB1B327}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
Wargaming.net Game Center (HKU\S-1-5-21-357395720-4081436159-901972258-1001\...\Wargaming.net Game Center) (Version: 18.8.0.2745 - Wargaming.net)
WinASO Registry Optimizer 5.6 (HKLM-x32\...\WinASO Registry Optimizer_is1) (Version: - X.M.Y International LLC)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
World of Tanks EU (HKU\S-1-5-21-357395720-4081436159-901972258-1001\...\WOT.EU.PRODUCTION) (Version: - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-09-25] (NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {008AFF00-43EB-4185-812A-023C9EB62797} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2019-01-02] (Microsoft Corporation)
Task: {0B6A13EC-DA89-4706-8E5A-A054501A5C2D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-03] (Google Inc.)
Task: {11EE361A-C7B6-4333-9D59-24EB033E19A4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2019-01-02] (Microsoft Corporation)
Task: {348A80F7-DDEB-4684-86A7-A9244A5813A5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {354B8B14-9827-4678-AF3D-C146DE083854} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {5B71B3F6-1104-479D-BA45-EF85B8532085} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2019-01-02] (Microsoft Corporation)
Task: {5D68FA6D-F381-4985-AFD5-BCF6C1BCBEFE} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {6817C510-0CB3-4F38-9079-D997D582DA76} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2019-01-02] (Microsoft Corporation)
Task: {683EB72E-122A-4749-9754-0908AB93927A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {6CF8A360-A46F-4933-A8AA-9101D502949F} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {9746180B-53A1-4072-A661-F4EBAF4B0344} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-03] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-10-03 14:34 - 2018-09-25 18:49 - 000143344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 ____N () C:\Windows\System32\InputHost.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 ____N () C:\Windows\ShellExperiences\TileControl.dll
2018-12-12 18:17 - 2018-11-09 03:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-01-09 14:52 - 2019-01-01 07:42 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2019-01-22 21:58 - 2019-01-22 21:58 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-10-04 15:59 - 2018-10-04 15:59 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-01-22 21:58 - 2019-01-22 21:58 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2018-12-18 15:03 - 2018-12-12 06:11 - 005237216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libglesv2.dll
2018-12-18 15:03 - 2018-12-12 06:11 - 000117216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libegl.dll
2018-10-08 23:33 - 2018-10-08 23:33 - 004389888 _____ () C:\Program Files\WindowsApps\Microsoft.OneConnect_5.1809.2571.0_x64__8wekyb3d8bbwe\OneConnect.dll
2018-12-05 05:29 - 2018-11-29 19:18 - 001663352 _____ () \\?\C:\ProgramData\Wargaming.net\GameCenter\dlls\libGLESv2.dll
2018-12-05 05:29 - 2018-11-29 18:56 - 049006456 _____ () \\?\C:\ProgramData\Wargaming.net\GameCenter\dlls\libcef.dll
2018-12-05 05:29 - 2018-11-29 19:18 - 000092536 _____ () \\?\C:\ProgramData\Wargaming.net\GameCenter\dlls\libEGL.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-10-03 15:26 - 2018-10-03 15:25 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-357395720-4081436159-901972258-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Agent\Downloads\wallpapers\43117948_1150092731806524_7584819615176327168_o.png
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{4F0D0111-6BE9-4238-8C72-0BED9BC5E33D}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe (Wargaming.net)
FirewallRules: [UDP Query User{D420C028-2EFA-4E1C-BC22-C9B081ED2EE1}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe (Wargaming.net)
FirewallRules: [TCP Query User{3B69D67B-BD35-4D34-A3CC-3C4F317889DF}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe (Wargaming.net)
FirewallRules: [UDP Query User{FAEC7B69-3B2B-48BC-8986-A716398F2DBE}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe (Wargaming.net)
FirewallRules: [{E2E0B2D6-F89F-4552-B0FA-9ADAFDFFC96B}] => (Allow) D:\Office\Office15\lync.exe (Microsoft Corporation)
FirewallRules: [{B8583603-0E91-4E1B-B750-C6A23C6F9208}] => (Allow) D:\Office\Office15\lync.exe (Microsoft Corporation)
FirewallRules: [{056D2040-A3E9-4398-863B-2772E32FCC97}] => (Allow) D:\Office\Office15\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{23A75077-FFC8-4E90-9CFA-34E2AF001EC9}] => (Allow) D:\Office\Office15\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{A8E31CE1-6EA8-4EC0-A90C-C2C1E5610413}] => (Allow) D:\Office\Office15\outlook.exe (Microsoft Corporation)
FirewallRules: [{A4936F38-F287-4000-9A17-C64CBFC73DCC}] => (Allow) LPort=1688
FirewallRules: [{06CF6568-30A3-4810-AAAA-9B6842E03A81}] => (Allow) D:\Office\KMSpico\Service_KMS.exe No File
FirewallRules: [{6A46BDA5-5D24-421B-A791-058379D647E7}] => (Allow) D:\Office\KMSpico\Service_KMS.exe No File
FirewallRules: [{BF365F53-2A81-4C19-AF90-631F413CEFBD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
FirewallRules: [{FEA906AA-2F07-4C93-8ED4-040AF66527DB}] => (Allow) C:\ProgramData\Wargaming.net\GameCenter\wgc.exe (Wargaming.net)
FirewallRules: [{71218710-3837-41A8-8AFA-71F7FED89F10}] => (Allow) C:\ProgramData\Wargaming.net\GameCenter\wgc.exe (Wargaming.net)
FirewallRules: [{4775A5F4-8AE6-4B3D-AA34-B6E64148A20A}] => (Allow) D:\Games\World_of_Tanks_EU\WorldOfTanks.exe (Wargaming.net)
FirewallRules: [{8CCC4D9A-3FC0-4DF1-B242-88EDBF17FA70}] => (Allow) D:\Games\World_of_Tanks_EU\WorldOfTanks.exe (Wargaming.net)

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/20/2019 08:49:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: NVDisplay.Container.exe, verze: 1.11.2451.4491, časové razítko: 0x5b483088
Název chybujícího modulu: RPCRT4.dll, verze: 10.0.17134.471, časové razítko: 0x4523823f
Kód výjimky: 0xc0020043
Posun chyby: 0x0000000000072353
ID chybujícího procesu: 0x21ac
Čas spuštění chybující aplikace: 0x01d4b094a0bc211b
Cesta k chybující aplikaci: C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\RPCRT4.dll
ID zprávy: 55366144-c066-43bf-a1d7-f1df8758475b
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/17/2019 05:51:06 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Produkt: Update for Windows 10 for x64-based Systems (KB4023057) - A later version of Update for Windows 10 for x64-based Systems (KB4023057) is already installed. Setup will now exit.

Error: (01/01/2019 11:26:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Service_KMS.exe, verze: 17.1.0.0, časové razítko: 0x56942c76
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.17134.441, časové razítko: 0x428de48c
Kód výjimky: 0xe0434352
Posun chyby: 0x000000000003a388
ID chybujícího procesu: 0x7a4
Čas spuštění chybující aplikace: 0x01d4a220f7b067b6
Cesta k chybující aplikaci: D:\Office\KMSpico\Service_KMS.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: c3caee2d-cf99-4f1a-a960-6bb5ac01e811
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/01/2019 11:26:16 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: Service_KMS.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.UnauthorizedAccessException
na System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32, IntPtr)
na System.Management.ManagementObject.InvokeMethod(System.String, System.Management.ManagementBaseObject, System.Management.InvokeMethodOptions)
na Service_KMS.Activador.WMI.SoftwareLicensingProduct.Activate()
na ᝑ.ᜀ(Service_KMS.Activador.Variables ByRef, System.Collections.Generic.List`1<Service_KMS.Activador.WMI.SoftwareLicensingProduct> ByRef)
na Service_KMS.Activador.Activador.ᜁ(Service_KMS.Activador.Variables ByRef)
na System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
na System.Threading.ThreadHelper.ThreadStart()

Error: (01/01/2019 11:21:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Service_KMS.exe, verze: 17.1.0.0, časové razítko: 0x56942c76
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.17134.441, časové razítko: 0x428de48c
Kód výjimky: 0xe0434352
Posun chyby: 0x000000000003a388
ID chybujícího procesu: 0xcc4
Čas spuštění chybující aplikace: 0x01d4a22046833d2b
Cesta k chybující aplikaci: D:\Office\KMSpico\Service_KMS.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: be039319-de68-4b8f-bba5-ee49d5f859cc
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/01/2019 11:21:20 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: Service_KMS.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.UnauthorizedAccessException
na System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32, IntPtr)
na System.Management.ManagementObject.InvokeMethod(System.String, System.Management.ManagementBaseObject, System.Management.InvokeMethodOptions)
na Service_KMS.Activador.WMI.SoftwareLicensingProduct.Activate()
na ᝑ.ᜀ(Service_KMS.Activador.Variables ByRef, System.Collections.Generic.List`1<Service_KMS.Activador.WMI.SoftwareLicensingProduct> ByRef)
na Service_KMS.Activador.Activador.ᜁ(Service_KMS.Activador.Variables ByRef)
na System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
na System.Threading.ThreadHelper.ThreadStart()

Error: (01/01/2019 11:11:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Service_KMS.exe, verze: 17.1.0.0, časové razítko: 0x56942c76
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.17134.441, časové razítko: 0x428de48c
Kód výjimky: 0xe0434352
Posun chyby: 0x000000000003a388
ID chybujícího procesu: 0xce4
Čas spuštění chybující aplikace: 0x01d4a21ee5b7ce82
Cesta k chybující aplikaci: D:\Office\KMSpico\Service_KMS.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: 1a22d1fd-a719-49e2-8c36-fd30434c67aa
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/01/2019 11:11:27 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: Service_KMS.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.UnauthorizedAccessException
na System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32, IntPtr)
na System.Management.ManagementObject.InvokeMethod(System.String, System.Management.ManagementBaseObject, System.Management.InvokeMethodOptions)
na Service_KMS.Activador.WMI.SoftwareLicensingProduct.Activate()
na ᝑ.ᜀ(Service_KMS.Activador.Variables ByRef, System.Collections.Generic.List`1<Service_KMS.Activador.WMI.SoftwareLicensingProduct> ByRef)
na Service_KMS.Activador.Activador.ᜁ(Service_KMS.Activador.Variables ByRef)
na System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
na System.Threading.ThreadHelper.ThreadStart()


System errors:
=============
Error: (01/23/2019 03:22:37 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-T54QBQ1)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
a APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
uživateli DESKTOP-T54QBQ1\Agent (SID: S-1-5-21-357395720-4081436159-901972258-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/23/2019 03:22:36 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-T54QBQ1)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
a APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
uživateli DESKTOP-T54QBQ1\Agent (SID: S-1-5-21-357395720-4081436159-901972258-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/23/2019 03:22:36 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-T54QBQ1)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
a APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
uživateli DESKTOP-T54QBQ1\Agent (SID: S-1-5-21-357395720-4081436159-901972258-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/23/2019 03:21:31 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-T54QBQ1)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-T54QBQ1\Agent (SID: S-1-5-21-357395720-4081436159-901972258-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/23/2019 03:21:26 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T54QBQ1)
Description: Server {D63B10C5-BB46-4990-A94F-E40B9D520160} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/22/2019 10:26:27 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-T54QBQ1)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-T54QBQ1\Agent (SID: S-1-5-21-357395720-4081436159-901972258-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/22/2019 09:28:11 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-T54QBQ1)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-T54QBQ1\Agent (SID: S-1-5-21-357395720-4081436159-901972258-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/22/2019 07:16:06 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-T54QBQ1)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-T54QBQ1\Agent (SID: S-1-5-21-357395720-4081436159-901972258-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


Windows Defender:
===================================
Date: 2019-01-02 17:44:21.497
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/AutoKMS
ID: 2147685180
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: containerfile:_D:\Office 2013.rar; file:_D:\Office 2013.rar->Office 2013\KMSpico v10.2.0 Final & Portable\KMSpico Install\KMSpico_setup.exe; file:_D:\Office 2013.rar->Office 2013\KMSpico v10.2.0 Final & Portable\KMSpico Install\UnInstall_Service.cmd; file:_D:\Office 2013\Office 2013\KMSpico v10.2.0 Final & Portable\KMSpico Install\KMSpico_setup.exe; file:_D:\Office 2013\Office 2013\KMSpico v10.2.0 Final & Portable\KMSpico Install\UnInstall_Service.cmd; file:_D:\Office\KMSpico\scripts\Install_Service.cmd; file:_D:\Office\KMSpico\scripts\Install_Task.cmd; file:_D:\Office\KMSpico\scripts\UnInstall_Service.cmd
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Uživatel
Uživatel: DESKTOP-T54QBQ1\Agent
Název procesu: Unknown
Verze podpisu: AV: 1.283.2050.0, AS: 1.283.2050.0, NIS: 1.283.2050.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2019-01-02 17:44:21.496
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Keygen
ID: 2147593794
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Windows.old\Users\Agent\AppData\Local\Temp\Rar$EXa4700.36987\O&O Defrag Professional v15.8 Build 801 x86 - Keymaker-ZWT\keygen.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Uživatel
Uživatel: DESKTOP-T54QBQ1\Agent
Název procesu: Unknown
Verze podpisu: AV: 1.283.2050.0, AS: 1.283.2050.0, NIS: 1.283.2050.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2019-01-02 17:44:21.495
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C
ID: 2147726780
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Agent\Downloads\KSv18x_-_Jedi_30d_TR\JediJuJu.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Uživatel
Uživatel: DESKTOP-T54QBQ1\Agent
Název procesu: Unknown
Verze podpisu: AV: 1.283.2050.0, AS: 1.283.2050.0, NIS: 1.283.2050.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2019-01-02 17:44:21.494
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:MSIL/AutoKMS
ID: 2147711767
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: containerfile:_D:\Office 2013.rar; file:_D:\Office 2013.rar->Office 2013\KMSpico v10.2.0 Final & Portable\KMSpico Portable\AutoPico.exe; file:_D:\Office 2013.rar->Office 2013\KMSpico v10.2.0 Final & Portable\KMSpico Portable\KMSELDI.exe; file:_D:\Office 2013\Office 2013\KMSpico v10.2.0 Final & Portable\KMSpico Portable\AutoPico.exe; file:_D:\Office 2013\Office 2013\KMSpico v10.2.0 Final & Portable\KMSpico Portable\KMSELDI.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Uživatel
Uživatel: DESKTOP-T54QBQ1\Agent
Název procesu: Unknown
Verze podpisu: AV: 1.283.2050.0, AS: 1.283.2050.0, NIS: 1.283.2050.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2019-01-02 16:02:49.328
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C
ID: 2147726780
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Agent\AppData\Local\Temp\Rar$EXb2480.21874\JediJuJu.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-T54QBQ1\Agent
Název procesu: C:\Program Files (x86)\WinASO\Registry Optimizer\RegOpt.exe
Verze podpisu: AV: 1.283.2050.0, AS: 1.283.2050.0, NIS: 1.283.2050.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2019-01-02 15:51:22.980
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

Date: 2019-01-02 14:52:57.620
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

Date: 2019-01-01 23:24:42.295
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

Date: 2019-01-01 23:15:44.496
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

Date: 2019-01-01 23:10:04.483
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

CodeIntegrity:
===================================

Date: 2018-12-27 06:48:56.016
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_739d05d5\updater.kdl that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-27 06:48:53.015
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_739d05d5\updater.kdl that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-26 19:26:13.865
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_739d05d5\updater.kdl that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-26 19:26:09.582
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_739d05d5\updater.kdl that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-26 14:34:40.271
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_739d05d5\updater.kdl that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-26 14:34:37.908
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_739d05d5\updater.kdl that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-26 10:41:11.025
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_739d05d5\updater.kdl that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-26 10:41:08.590
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_739d05d5\updater.kdl that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 14%
Total physical RAM: 16342.34 MB
Available physical RAM: 13930.06 MB
Total Virtual: 18774.34 MB
Available Virtual: 16057.36 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.19 GB) (Free:19.27 GB) NTFS
Drive d: () (Fixed) (Total:1397.26 GB) (Free:1365.7 GB) NTFS

\\?\Volume{3f59a275-5020-476d-a09d-f2810415b1b4}\ (Obnovení) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{456068d8-eaad-4809-ad7b-7749f5ef5d8d}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 111.8 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1397.3 GB) (Disk ID: 70E5BEAB)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Dobry den.

Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, klikni na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.

# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build: 12-18-2018
# Database: 2019-01-21.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-23-2019
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 6
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\chatango.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\chatango.com

***** [ Chromium (and derivatives) ] *****

Deleted Seznam doplněk - Email
Deleted Seznam doplněk - Esko

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2200 octets] - [23/01/2019 17:55:10]
AdwCleaner[S01].txt - [2261 octets] - [23/01/2019 17:56:10]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

Mozem poprosit o nove logy FRST + ADDITION?

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.01.2019
Ran by Agent (administrator) on DESKTOP-T54QBQ1 (23-01-2019 18:10:57)
Running from C:\Users\Agent\Desktop
Loaded Profiles: Agent (Available Profiles: Agent)
Platform: Windows 10 Pro Version 1803 17134.523 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Wargaming.net) C:\Games\World_of_Tanks\WargamingGameUpdater.exe
(Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\wgc.exe
(Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\wargamingerrormonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-357395720-4081436159-901972258-1001\...\Run: [World of Tanks] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net)
HKU\S-1-5-21-357395720-4081436159-901972258-1001\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2550136 2018-12-19] (Wargaming.net)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-18] (Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{dc203d49-5893-4b0d-b49d-cc9f229343f1}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-12-25] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Office\Office15\OCHelper.dll [2018-06-12] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> D:\Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Office\Office15\MSOSB.DLL [2018-03-14] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-06-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxps://www.seznam.cz/"
CHR DefaultSearchKeyword: Default -> google.cz_
CHR Profile: C:\Users\Agent\AppData\Local\Google\Chrome\User Data\Default [2019-01-23]
CHR Extension: (Prezentace) - C:\Users\Agent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-03]
CHR Extension: (Dokumenty) - C:\Users\Agent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-03]
CHR Extension: (Disk Google) - C:\Users\Agent\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-09]
CHR Extension: (Zhasnout světla) - C:\Users\Agent\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2018-12-29]
CHR Extension: (Seznam doplněk - Esko-) - C:\Users\Agent\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2018-11-22]
CHR Extension: (YouTube) - C:\Users\Agent\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-03]
CHR Extension: (Adobe Acrobat) - C:\Users\Agent\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-10-24]
CHR Extension: (Tabulky) - C:\Users\Agent\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-03]
CHR Extension: (Dokumenty Google offline) - C:\Users\Agent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-03]
CHR Extension: (Rozšíření Odběry RSS (od Googlu)) - C:\Users\Agent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2018-10-03]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Agent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-10-03]
CHR Extension: (Gmail) - C:\Users\Agent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-10-03]
CHR Extension: (Chrome Media Router) - C:\Users\Agent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-18]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 KSDE3.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [617016 2018-02-28] (AO Kaspersky Lab)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2019-01-02] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2019-01-02] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [48080 2018-02-12] (The OpenVPN Project)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_2607ccebc5b08aba\nvlddmkm.sys [20158128 2018-09-26] (NVIDIA Corporation)
S3 NVSWCFilter; C:\WINDOWS\System32\drivers\nvswcfilter.sys [36384 2018-06-14] (NVIDIA Corporation)
S3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [65792 2018-09-25] (NVIDIA Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46680 2019-01-02] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [330936 2019-01-02] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2019-01-02] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-23 17:53 - 2019-01-23 17:56 - 000000000 ____D C:\AdwCleaner
2019-01-23 17:51 - 2019-01-23 17:52 - 007320272 _____ (Malwarebytes) C:\Users\Agent\Downloads\adwcleaner_7.2.6.0.exe
2019-01-23 15:45 - 2019-01-23 15:45 - 000038484 _____ C:\Users\Agent\Desktop\Addition.txt
2019-01-23 15:44 - 2019-01-23 18:11 - 000010671 _____ C:\Users\Agent\Desktop\FRST.txt
2019-01-23 15:44 - 2019-01-23 18:10 - 000000000 ____D C:\FRST
2019-01-23 15:43 - 2019-01-23 15:43 - 002428416 _____ (Farbar) C:\Users\Agent\Desktop\FRST64.exe
2019-01-21 15:31 - 2019-01-21 15:34 - 146554861 _____ (Aslain ) C:\Users\Agent\Downloads\Aslains_WoT_Modpack_Installer_v.1.3.0.1_17.1.exe
2019-01-19 14:04 - 2019-01-19 14:04 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2019-01-10 17:40 - 2019-01-10 17:43 - 144811876 _____ (Aslain ) C:\Users\Agent\Downloads\Aslains_WoT_Modpack_Installer_v.1.3.0.1_11.exe
2019-01-09 14:52 - 2019-01-01 14:50 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-01-09 14:52 - 2019-01-01 14:47 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2019-01-09 14:52 - 2019-01-01 14:46 - 012710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-01-09 14:52 - 2019-01-01 14:45 - 000714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2019-01-09 14:52 - 2019-01-01 14:45 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2019-01-09 14:52 - 2019-01-01 14:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-01-09 14:52 - 2019-01-01 14:20 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-01-09 14:52 - 2019-01-01 14:20 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
2019-01-09 14:52 - 2019-01-01 14:18 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2019-01-09 14:52 - 2019-01-01 14:17 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2019-01-09 14:52 - 2019-01-01 08:14 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-01-09 14:52 - 2019-01-01 08:14 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-01-09 14:52 - 2019-01-01 08:14 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-01-09 14:52 - 2019-01-01 08:14 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-01-09 14:52 - 2019-01-01 08:14 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-01-09 14:52 - 2019-01-01 08:14 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-01-09 14:52 - 2019-01-01 08:13 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-01-09 14:52 - 2019-01-01 08:13 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-01-09 14:52 - 2019-01-01 08:13 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-01-09 14:52 - 2019-01-01 08:13 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-01-09 14:52 - 2019-01-01 08:13 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-01-09 14:52 - 2019-01-01 08:12 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-01-09 14:52 - 2019-01-01 08:12 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-01-09 14:52 - 2019-01-01 08:12 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-01-09 14:52 - 2019-01-01 08:12 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-01-09 14:52 - 2019-01-01 08:12 - 002421288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-01-09 14:52 - 2019-01-01 08:12 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-01-09 14:52 - 2019-01-01 08:12 - 000268304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-01-09 14:52 - 2019-01-01 08:12 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-01-09 14:52 - 2019-01-01 08:12 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-01-09 14:52 - 2019-01-01 07:55 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-01-09 14:52 - 2019-01-01 07:50 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-01-09 14:52 - 2019-01-01 07:50 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-01-09 14:52 - 2019-01-01 07:48 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-01-09 14:52 - 2019-01-01 07:48 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-01-09 14:52 - 2019-01-01 07:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
2019-01-09 14:52 - 2019-01-01 07:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-01-09 14:52 - 2019-01-01 07:47 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-01-09 14:52 - 2019-01-01 07:46 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-01-09 14:52 - 2019-01-01 07:46 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-01-09 14:52 - 2019-01-01 07:46 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-01-09 14:52 - 2019-01-01 07:45 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-01-09 14:52 - 2019-01-01 07:45 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-01-09 14:52 - 2019-01-01 07:45 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-01-09 14:52 - 2019-01-01 07:44 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-01-09 14:52 - 2019-01-01 07:44 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-01-09 14:52 - 2019-01-01 07:44 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-01-09 14:52 - 2019-01-01 07:44 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2019-01-09 14:52 - 2019-01-01 07:44 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-01-09 14:52 - 2019-01-01 07:43 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-01-09 14:52 - 2019-01-01 07:42 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-01-09 14:52 - 2019-01-01 07:42 - 002247680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2019-01-09 14:52 - 2019-01-01 07:42 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-01-09 14:52 - 2019-01-01 07:42 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-01-09 14:52 - 2019-01-01 07:41 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-01-09 14:52 - 2019-01-01 07:41 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-01-09 14:52 - 2019-01-01 07:41 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2019-01-09 14:52 - 2019-01-01 07:41 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-01-09 14:52 - 2019-01-01 07:37 - 006571584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-01-09 14:52 - 2019-01-01 07:37 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-01-09 14:52 - 2019-01-01 07:37 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-01-09 14:52 - 2019-01-01 07:37 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-01-09 14:52 - 2019-01-01 07:37 - 000880048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-01-09 14:52 - 2019-01-01 07:37 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-01-09 14:52 - 2019-01-01 07:37 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-01-09 14:52 - 2019-01-01 07:29 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-01-09 14:52 - 2019-01-01 07:22 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-01-09 14:52 - 2019-01-01 07:17 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-01-09 14:52 - 2019-01-01 07:16 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-01-09 14:52 - 2019-01-01 07:16 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-01-09 14:52 - 2019-01-01 07:16 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-01-09 14:52 - 2019-01-01 07:15 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-01-09 14:52 - 2019-01-01 07:15 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-01-09 14:52 - 2019-01-01 07:15 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-01-09 14:52 - 2019-01-01 07:15 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-01-09 14:52 - 2019-01-01 07:14 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-01-09 14:52 - 2019-01-01 07:14 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-01-09 14:52 - 2019-01-01 07:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-01-09 14:52 - 2019-01-01 07:13 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-01-09 14:52 - 2019-01-01 07:13 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-01-09 14:52 - 2019-01-01 07:13 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-01-09 14:52 - 2019-01-01 07:12 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-01-09 14:52 - 2019-01-01 07:12 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2019-01-09 14:52 - 2019-01-01 07:12 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-01-09 14:52 - 2019-01-01 07:12 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2019-01-09 14:52 - 2019-01-01 06:23 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-01-09 14:52 - 2018-12-19 05:49 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-01-02 14:49 - 2019-01-02 14:49 - 000001639 _____ C:\Users\Agent\Desktop\Nainstalovat produkt Kaspersky Internet Security verze 19.0.0.1088.lnk
2019-01-01 22:58 - 2019-01-02 15:51 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-23 18:02 - 2018-10-03 15:29 - 000715034 _____ C:\WINDOWS\system32\perfh005.dat
2019-01-23 18:02 - 2018-10-03 15:29 - 000144328 _____ C:\WINDOWS\system32\perfc005.dat
2019-01-23 18:02 - 2018-10-03 15:25 - 000000000 ____D C:\WINDOWS\INF
2019-01-23 18:02 - 2018-10-03 14:43 - 001689050 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-01-23 17:58 - 2018-11-21 09:09 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-01-23 17:56 - 2018-10-03 15:26 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-01-23 17:56 - 2018-10-03 15:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-01-23 17:56 - 2018-10-03 15:22 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-01-23 17:56 - 2018-10-03 14:35 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-01-23 17:56 - 2018-10-03 14:34 - 000000000 ____D C:\ProgramData\NVIDIA
2019-01-23 17:38 - 2018-10-03 14:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-01-23 17:06 - 2018-12-11 15:09 - 000000000 ____D C:\Users\Agent\Desktop\Nová složka (2)
2019-01-23 16:13 - 2018-10-03 15:26 - 000000000 ___HD C:\Program Files\WindowsApps
2019-01-21 15:45 - 2018-11-28 16:28 - 000000880 _____ C:\Users\Agent\Desktop\Aslains WoT Logs Archiver.lnk
2019-01-19 20:18 - 2018-10-04 14:10 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-357395720-4081436159-901972258-1001
2019-01-19 20:18 - 2018-10-03 14:35 - 000002387 _____ C:\Users\Agent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-01-19 20:18 - 2018-09-26 16:56 - 000000000 ___RD C:\Users\Agent\OneDrive
2019-01-18 19:48 - 2018-11-17 18:37 - 000000000 ____D C:\Program Files\rempl
2019-01-16 16:29 - 2018-10-03 14:35 - 000000000 ____D C:\Users\Agent
2019-01-16 14:54 - 2018-10-03 14:33 - 000426960 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-01-10 15:16 - 2018-11-08 16:57 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-01-09 18:17 - 2018-10-03 15:26 - 000000000 ____D C:\WINDOWS\TextInput
2019-01-09 18:17 - 2018-10-03 15:26 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-01-09 14:57 - 2018-10-04 14:10 - 132790320 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-01-09 14:57 - 2018-10-04 14:10 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-01-09 14:56 - 2018-10-03 15:22 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-01-09 14:55 - 2018-10-03 15:26 - 000000167 _____ C:\WINDOWS\win.ini
2019-01-05 16:04 - 2018-10-24 15:52 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-01-02 20:41 - 2018-10-03 15:28 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-01-02 20:41 - 2018-10-03 15:28 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-02 15:55 - 2018-11-21 09:09 - 000000000 ____D C:\Program Files\Common Files\AV
2019-01-02 15:55 - 2018-11-21 09:09 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2019-01-02 15:55 - 2018-10-03 15:26 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-01-02 15:55 - 2018-10-03 15:22 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-01-02 14:48 - 2018-11-21 09:07 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2019-01-02 14:43 - 2018-10-03 14:35 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-01-01 23:01 - 2018-10-04 14:06 - 000592616 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-03 14:33

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.01.2019
Ran by Agent (23-01-2019 18:11:42)
Running from C:\Users\Agent\Desktop
Windows 10 Pro Version 1803 17134.523 (X64) (2018-10-03 13:36:12)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-357395720-4081436159-901972258-500 - Administrator - Disabled)
Agent (S-1-5-21-357395720-4081436159-901972258-1001 - Administrator - Enabled) => C:\Users\Agent
DefaultAccount (S-1-5-21-357395720-4081436159-901972258-503 - Limited - Disabled)
Guest (S-1-5-21-357395720-4081436159-901972258-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-357395720-4081436159-901972258-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
Aslain's WoT Modpack verze 1.3.0.1.17 (HKLM-x32\...\Aslains_WoT_Modpack_Installer_is1) (Version: 1.3.0.1.17 - Aslain)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Kaspersky Secure Connection (HKLM-x32\...\{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab)
Luxor 2 HD (HKLM-x32\...\Luxor 2 HD1.0) (Version: 1.0 - Foxy Games)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-357395720-4081436159-901972258-1001\...\OneDriveSetup.exe) (Version: 18.240.1202.0004 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM-x32\...\{90150000-001F-0405-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM-x32\...\{90150000-001F-041B-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Ovládací panel NVIDIA 411.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 411.70 - NVIDIA Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4461557) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{BB7D10A9-A135-4EB8-82F1-8A25FEB1B327}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4461557) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0405-0000-0000000FF1CE}_Office15.PROPLUSR_{BB7D10A9-A135-4EB8-82F1-8A25FEB1B327}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4461557) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{BB7D10A9-A135-4EB8-82F1-8A25FEB1B327}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
Wargaming.net Game Center (HKU\S-1-5-21-357395720-4081436159-901972258-1001\...\Wargaming.net Game Center) (Version: 18.8.0.2745 - Wargaming.net)
WinASO Registry Optimizer 5.6 (HKLM-x32\...\WinASO Registry Optimizer_is1) (Version: - X.M.Y International LLC)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
World of Tanks EU (HKU\S-1-5-21-357395720-4081436159-901972258-1001\...\WOT.EU.PRODUCTION) (Version: - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-09-25] (NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {008AFF00-43EB-4185-812A-023C9EB62797} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2019-01-02] (Microsoft Corporation)
Task: {0B6A13EC-DA89-4706-8E5A-A054501A5C2D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-03] (Google Inc.)
Task: {11EE361A-C7B6-4333-9D59-24EB033E19A4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2019-01-02] (Microsoft Corporation)
Task: {348A80F7-DDEB-4684-86A7-A9244A5813A5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {354B8B14-9827-4678-AF3D-C146DE083854} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {5B71B3F6-1104-479D-BA45-EF85B8532085} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2019-01-02] (Microsoft Corporation)
Task: {5D68FA6D-F381-4985-AFD5-BCF6C1BCBEFE} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {6817C510-0CB3-4F38-9079-D997D582DA76} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2019-01-02] (Microsoft Corporation)
Task: {683EB72E-122A-4749-9754-0908AB93927A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {6CF8A360-A46F-4933-A8AA-9101D502949F} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {9746180B-53A1-4072-A661-F4EBAF4B0344} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-03] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 ____N () C:\Windows\System32\InputHost.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 ____N () C:\Windows\ShellExperiences\TileControl.dll
2018-12-12 18:17 - 2018-11-09 03:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-01-09 14:52 - 2019-01-01 07:42 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-10-04 15:59 - 2018-10-04 15:59 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-01-22 21:58 - 2019-01-22 21:58 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2019-01-22 21:58 - 2019-01-22 21:58 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-12-11 18:50 - 2018-12-11 18:50 - 034870272 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-12-11 18:50 - 2018-12-11 18:50 - 000292352 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-04-12 16:58 - 2018-04-12 16:58 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2018-11-30 05:18 - 2018-11-30 05:18 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-12-11 18:50 - 2018-12-11 18:50 - 005967872 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\EntCommon.dll
2018-12-11 18:50 - 2018-12-11 18:50 - 009072128 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-12-18 15:03 - 2018-12-12 06:11 - 005237216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libglesv2.dll
2018-12-18 15:03 - 2018-12-12 06:11 - 000117216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libegl.dll
2018-12-05 05:29 - 2018-11-29 19:18 - 001663352 _____ () \\?\C:\ProgramData\Wargaming.net\GameCenter\dlls\libGLESv2.dll
2018-12-05 05:29 - 2018-11-29 19:18 - 000092536 _____ () \\?\C:\ProgramData\Wargaming.net\GameCenter\dlls\libEGL.dll
2018-12-05 05:29 - 2018-11-29 18:56 - 049006456 _____ () \\?\C:\ProgramData\Wargaming.net\GameCenter\dlls\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-10-03 15:26 - 2018-10-03 15:25 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-357395720-4081436159-901972258-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Agent\Downloads\wallpapers\43117948_1150092731806524_7584819615176327168_o.png
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{4F0D0111-6BE9-4238-8C72-0BED9BC5E33D}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe (Wargaming.net)
FirewallRules: [UDP Query User{D420C028-2EFA-4E1C-BC22-C9B081ED2EE1}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe (Wargaming.net)
FirewallRules: [TCP Query User{3B69D67B-BD35-4D34-A3CC-3C4F317889DF}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe (Wargaming.net)
FirewallRules: [UDP Query User{FAEC7B69-3B2B-48BC-8986-A716398F2DBE}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe (Wargaming.net)
FirewallRules: [{E2E0B2D6-F89F-4552-B0FA-9ADAFDFFC96B}] => (Allow) D:\Office\Office15\lync.exe (Microsoft Corporation)
FirewallRules: [{B8583603-0E91-4E1B-B750-C6A23C6F9208}] => (Allow) D:\Office\Office15\lync.exe (Microsoft Corporation)
FirewallRules: [{056D2040-A3E9-4398-863B-2772E32FCC97}] => (Allow) D:\Office\Office15\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{23A75077-FFC8-4E90-9CFA-34E2AF001EC9}] => (Allow) D:\Office\Office15\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{A8E31CE1-6EA8-4EC0-A90C-C2C1E5610413}] => (Allow) D:\Office\Office15\outlook.exe (Microsoft Corporation)
FirewallRules: [{A4936F38-F287-4000-9A17-C64CBFC73DCC}] => (Allow) LPort=1688
FirewallRules: [{06CF6568-30A3-4810-AAAA-9B6842E03A81}] => (Allow) D:\Office\KMSpico\Service_KMS.exe No File
FirewallRules: [{6A46BDA5-5D24-421B-A791-058379D647E7}] => (Allow) D:\Office\KMSpico\Service_KMS.exe No File
FirewallRules: [{BF365F53-2A81-4C19-AF90-631F413CEFBD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
FirewallRules: [{FEA906AA-2F07-4C93-8ED4-040AF66527DB}] => (Allow) C:\ProgramData\Wargaming.net\GameCenter\wgc.exe (Wargaming.net)
FirewallRules: [{71218710-3837-41A8-8AFA-71F7FED89F10}] => (Allow) C:\ProgramData\Wargaming.net\GameCenter\wgc.exe (Wargaming.net)
FirewallRules: [{4775A5F4-8AE6-4B3D-AA34-B6E64148A20A}] => (Allow) D:\Games\World_of_Tanks_EU\WorldOfTanks.exe (Wargaming.net)
FirewallRules: [{8CCC4D9A-3FC0-4DF1-B242-88EDBF17FA70}] => (Allow) D:\Games\World_of_Tanks_EU\WorldOfTanks.exe (Wargaming.net)

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/23/2019 05:00:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program explorer.exe verze 10.0.17134.165 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 1354

Čas spuštění: 01d4b326dec4254d

Čas ukončení: 0

Cesta k aplikaci: C:\Windows\explorer.exe

ID hlášení: b5d7544a-37fa-41d9-9370-d05a21eb2c2f

Úplný název balíčku s chybou:

ID aplikace související s balíčkem s chybou:

Error: (01/20/2019 08:49:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: NVDisplay.Container.exe, verze: 1.11.2451.4491, časové razítko: 0x5b483088
Název chybujícího modulu: RPCRT4.dll, verze: 10.0.17134.471, časové razítko: 0x4523823f
Kód výjimky: 0xc0020043
Posun chyby: 0x0000000000072353
ID chybujícího procesu: 0x21ac
Čas spuštění chybující aplikace: 0x01d4b094a0bc211b
Cesta k chybující aplikaci: C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\RPCRT4.dll
ID zprávy: 55366144-c066-43bf-a1d7-f1df8758475b
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/17/2019 05:51:06 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Produkt: Update for Windows 10 for x64-based Systems (KB4023057) - A later version of Update for Windows 10 for x64-based Systems (KB4023057) is already installed. Setup will now exit.

Error: (01/01/2019 11:26:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Service_KMS.exe, verze: 17.1.0.0, časové razítko: 0x56942c76
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.17134.441, časové razítko: 0x428de48c
Kód výjimky: 0xe0434352
Posun chyby: 0x000000000003a388
ID chybujícího procesu: 0x7a4
Čas spuštění chybující aplikace: 0x01d4a220f7b067b6
Cesta k chybující aplikaci: D:\Office\KMSpico\Service_KMS.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: c3caee2d-cf99-4f1a-a960-6bb5ac01e811
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/01/2019 11:26:16 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: Service_KMS.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.UnauthorizedAccessException
na System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32, IntPtr)
na System.Management.ManagementObject.InvokeMethod(System.String, System.Management.ManagementBaseObject, System.Management.InvokeMethodOptions)
na Service_KMS.Activador.WMI.SoftwareLicensingProduct.Activate()
na ᝑ.ᜀ(Service_KMS.Activador.Variables ByRef, System.Collections.Generic.List`1<Service_KMS.Activador.WMI.SoftwareLicensingProduct> ByRef)
na Service_KMS.Activador.Activador.ᜁ(Service_KMS.Activador.Variables ByRef)
na System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
na System.Threading.ThreadHelper.ThreadStart()

Error: (01/01/2019 11:21:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Service_KMS.exe, verze: 17.1.0.0, časové razítko: 0x56942c76
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.17134.441, časové razítko: 0x428de48c
Kód výjimky: 0xe0434352
Posun chyby: 0x000000000003a388
ID chybujícího procesu: 0xcc4
Čas spuštění chybující aplikace: 0x01d4a22046833d2b
Cesta k chybující aplikaci: D:\Office\KMSpico\Service_KMS.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: be039319-de68-4b8f-bba5-ee49d5f859cc
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/01/2019 11:21:20 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: Service_KMS.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.UnauthorizedAccessException
na System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32, IntPtr)
na System.Management.ManagementObject.InvokeMethod(System.String, System.Management.ManagementBaseObject, System.Management.InvokeMethodOptions)
na Service_KMS.Activador.WMI.SoftwareLicensingProduct.Activate()
na ᝑ.ᜀ(Service_KMS.Activador.Variables ByRef, System.Collections.Generic.List`1<Service_KMS.Activador.WMI.SoftwareLicensingProduct> ByRef)
na Service_KMS.Activador.Activador.ᜁ(Service_KMS.Activador.Variables ByRef)
na System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
na System.Threading.ThreadHelper.ThreadStart()

Error: (01/01/2019 11:11:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Service_KMS.exe, verze: 17.1.0.0, časové razítko: 0x56942c76
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.17134.441, časové razítko: 0x428de48c
Kód výjimky: 0xe0434352
Posun chyby: 0x000000000003a388
ID chybujícího procesu: 0xce4
Čas spuštění chybující aplikace: 0x01d4a21ee5b7ce82
Cesta k chybující aplikaci: D:\Office\KMSpico\Service_KMS.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: 1a22d1fd-a719-49e2-8c36-fd30434c67aa
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (01/23/2019 05:58:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscDataProtection
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/23/2019 05:58:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscBrokerManager
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/23/2019 05:58:05 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-T54QBQ1)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-T54QBQ1\Agent (SID: S-1-5-21-357395720-4081436159-901972258-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/23/2019 05:56:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Kaspersky Secure Connection 3.0.0 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (01/23/2019 05:56:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Remediation Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (01/23/2019 05:56:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/23/2019 05:56:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA Display Container LS byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.

Error: (01/23/2019 05:50:49 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-T54QBQ1)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-T54QBQ1\Agent (SID: S-1-5-21-357395720-4081436159-901972258-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


Windows Defender:
===================================
Date: 2019-01-02 17:44:21.497
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/AutoKMS
ID: 2147685180
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: containerfile:_D:\Office 2013.rar; file:_D:\Office 2013.rar->Office 2013\KMSpico v10.2.0 Final & Portable\KMSpico Install\KMSpico_setup.exe; file:_D:\Office 2013.rar->Office 2013\KMSpico v10.2.0 Final & Portable\KMSpico Install\UnInstall_Service.cmd; file:_D:\Office 2013\Office 2013\KMSpico v10.2.0 Final & Portable\KMSpico Install\KMSpico_setup.exe; file:_D:\Office 2013\Office 2013\KMSpico v10.2.0 Final & Portable\KMSpico Install\UnInstall_Service.cmd; file:_D:\Office\KMSpico\scripts\Install_Service.cmd; file:_D:\Office\KMSpico\scripts\Install_Task.cmd; file:_D:\Office\KMSpico\scripts\UnInstall_Service.cmd
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Uživatel
Uživatel: DESKTOP-T54QBQ1\Agent
Název procesu: Unknown
Verze podpisu: AV: 1.283.2050.0, AS: 1.283.2050.0, NIS: 1.283.2050.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2019-01-02 17:44:21.496
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Keygen
ID: 2147593794
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Windows.old\Users\Agent\AppData\Local\Temp\Rar$EXa4700.36987\O&O Defrag Professional v15.8 Build 801 x86 - Keymaker-ZWT\keygen.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Uživatel
Uživatel: DESKTOP-T54QBQ1\Agent
Název procesu: Unknown
Verze podpisu: AV: 1.283.2050.0, AS: 1.283.2050.0, NIS: 1.283.2050.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2019-01-02 17:44:21.495
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C
ID: 2147726780
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Agent\Downloads\KSv18x_-_Jedi_30d_TR\JediJuJu.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Uživatel
Uživatel: DESKTOP-T54QBQ1\Agent
Název procesu: Unknown
Verze podpisu: AV: 1.283.2050.0, AS: 1.283.2050.0, NIS: 1.283.2050.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2019-01-02 17:44:21.494
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:MSIL/AutoKMS
ID: 2147711767
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: containerfile:_D:\Office 2013.rar; file:_D:\Office 2013.rar->Office 2013\KMSpico v10.2.0 Final & Portable\KMSpico Portable\AutoPico.exe; file:_D:\Office 2013.rar->Office 2013\KMSpico v10.2.0 Final & Portable\KMSpico Portable\KMSELDI.exe; file:_D:\Office 2013\Office 2013\KMSpico v10.2.0 Final & Portable\KMSpico Portable\AutoPico.exe; file:_D:\Office 2013\Office 2013\KMSpico v10.2.0 Final & Portable\KMSpico Portable\KMSELDI.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Uživatel
Uživatel: DESKTOP-T54QBQ1\Agent
Název procesu: Unknown
Verze podpisu: AV: 1.283.2050.0, AS: 1.283.2050.0, NIS: 1.283.2050.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2019-01-02 16:02:49.328
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C
ID: 2147726780
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Agent\AppData\Local\Temp\Rar$EXb2480.21874\JediJuJu.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-T54QBQ1\Agent
Název procesu: C:\Program Files (x86)\WinASO\Registry Optimizer\RegOpt.exe
Verze podpisu: AV: 1.283.2050.0, AS: 1.283.2050.0, NIS: 1.283.2050.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2019-01-02 15:51:22.980
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

Date: 2019-01-02 14:52:57.620
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

Date: 2019-01-01 23:24:42.295
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

Date: 2019-01-01 23:15:44.496
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

Date: 2019-01-01 23:10:04.483
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

CodeIntegrity:
===================================

Date: 2018-12-27 06:48:56.016
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_739d05d5\updater.kdl that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-27 06:48:53.015
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_739d05d5\updater.kdl that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-26 19:26:13.865
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_739d05d5\updater.kdl that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-26 19:26:09.582
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_739d05d5\updater.kdl that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-26 14:34:40.271
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_739d05d5\updater.kdl that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-26 14:34:37.908
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_739d05d5\updater.kdl that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-26 10:41:11.025
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_739d05d5\updater.kdl that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-26 10:41:08.590
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_739d05d5\updater.kdl that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 12%
Total physical RAM: 16342.34 MB
Available physical RAM: 14237.46 MB
Total Virtual: 18774.34 MB
Available Virtual: 16328.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.19 GB) (Free:19.09 GB) NTFS
Drive d: () (Fixed) (Total:1397.26 GB) (Free:1365.7 GB) NTFS

\\?\Volume{3f59a275-5020-476d-a09d-f2810415b1b4}\ (Obnovení) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{456068d8-eaad-4809-ad7b-7749f5ef5d8d}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 111.8 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1397.3 GB) (Disk ID: 70E5BEAB)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Do poznamkoveho bloku skopirujte obsah dole:
Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.

Fix result of Farbar Recovery Scan Tool (x64) Version: 20.01.2019
Ran by Agent (23-01-2019 20:07:30) Run:1
Running from C:\Users\Agent\Desktop\Nová složka
Loaded Profiles: Agent (Available Profiles: Agent)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
FirewallRules: [{06CF6568-30A3-4810-AAAA-9B6842E03A81}] => (Allow) D:\Office\KMSpico\Service_KMS.exe No File
FirewallRules: [{6A46BDA5-5D24-421B-A791-058379D647E7}] => (Allow) D:\Office\KMSpico\Service_KMS.exe No File
*****************

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{06CF6568-30A3-4810-AAAA-9B6842E03A81}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6A46BDA5-5D24-421B-A791-058379D647E7}" => removed successfully

==== End of Fixlog 20:07:30 ====

Ako je na tom pocitac ?