Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Podezření na havěť

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Time2Groove
2. Stupeň Varování
Příspěvky: 147
Registrován: 23 říj 2005 18:22

Podezření na havěť

#1 Příspěvek od Time2Groove »

Notebook se chová velmi divně. Kurzor se otevírá nahodile jnstance se sami otevírají, zkrátka tohle jsem nikdy neviděl.

přikládám log


Logfile of random's system information tool 1.10 (written by random/random)
Run by zastupitel at 2019-07-31 17:28:32
Microsoft Windows 10 Pro
System drive C: has 112 GB (46%) free of 243 GB
Total RAM: 8023 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:28:33, on 31.07.2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\Mindjet\MindManager 14\MmReminderService.exe
C:\Program Files\trend micro\zastupitel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O2 - BHO: PDF Architect 4 Helper - {38279E1A-7019-40C1-B579-E99DFB3312E8} - C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll
O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 14\Mm8InternetExplorer.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll
O3 - Toolbar: PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 14\MMReminderService.exe
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Skype for Desktop] C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'NETWORK SERVICE')
O4 - Startup: Odeslat do OneNote.lnk = C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: Send Image To Mindjet - res://C:\Program Files (x86)\Mindjet\MindManager 14\Mm8InternetExplorer.dll/201
O8 - Extra context menu item: Send Link To Mindjet - res://C:\Program Files (x86)\Mindjet\MindManager 14\Mm8InternetExplorer.dll/203
O8 - Extra context menu item: Send Page To Mindjet - res://C:\Program Files (x86)\Mindjet\MindManager 14\Mm8InternetExplorer.dll/204
O8 - Extra context menu item: Send Text To Mindjet - res://C:\Program Files (x86)\Mindjet\MindManager 14\Mm8InternetExplorer.dll/202
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Send to Mindjet - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 14\Mm8InternetExplorer.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{df0bb128-19c7-4137-82c3-f419da4d7ca2}: NameServer = 217.77.165.81,217.77.165.211
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Intel® SGX AESM (AESMService) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_10d045798a3d667e\aesm_service.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Intel(R) Content Protection HDCP Service (cplspcon) - Unknown owner - C:\WINDOWS\system32\IntelCpHDCPSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET Endpoint Antivirus\ehttpsrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe
O23 - Service: ESET Remote Administrator Agent (EraAgentSvc) - ESET - C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe
O23 - Service: ESET SHA Service (eshasrv) - ESET - C:\Program Files\ESET\ESET Endpoint Antivirus\eshasrv.exe
O23 - Service: Energy Server Service WILLAMETTE (ESRV_SVC_WILLAMETTE) - Unknown owner - C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\elevation_service.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @oem33.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\WINDOWS\system32\ibtsiva (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel SST Parameter Service (IntelSSTSvc) - Unknown owner - C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: PDF Architect 4 - pdfforge GmbH - C:\Program Files\PDF Architect 4\ws.exe
O23 - Service: PDF Architect 4 CrashHandler - pdfforge GmbH - C:\Program Files\PDF Architect 4\crash-handler-ws.exe
O23 - Service: PDF Architect 4 Creator - pdfforge GmbH - C:\Program Files\PDF Architect 4\creator-ws.exe
O23 - Service: PDF Architect 4 Manager - © pdfforge GmbH. - C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: Intel(R) System Usage Report Service SystemUsageReportSvc_WILLAMETTE (SystemUsageReportSvc_WILLAMETTE) - Unknown owner - C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: User Energy Server Service WILLAMETTE (USER_ESRV_SVC_WILLAMETTE) - Unknown owner - C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)

--
End of file - 14606 bytes

======Listing Processes======








winlogon.exe

C:\WINDOWS\system32\lsass.exe
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
"fontdrvhost.exe"
"fontdrvhost.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-9c4458b6-67f7-4fd5-9264-3d9023f18b6c -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-c2edd544-ccb6-4de3-91e6-ca8fbf464e2d -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-21bca760-559c-487f-97a2-cbb1efa9684b -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-0613868e-385a-4767-89ff-280478f0b5e3 -LifetimeId:0c4d0ad2-7e2a-4673-8b18-9d1f0782fdbb -DeviceGroupId:
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
"dwm.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s gpsvc
c:\windows\system32\svchost.exe -k localservice -p -s BthAvctpSvc
c:\windows\system32\svchost.exe -k localservice -p -s bthserv
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s BTAGService
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservice -p -s nsi
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k appmodel -p -s camsvc
dashost.exe {6053184b-864d-4022-b68d044a64f98f8a}

c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DevQueryBroker
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k localservice -p -s PhoneSvc
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
C:\WINDOWS\system32\igfxCUIService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s SmsRouter
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
"C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe"
"C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe"
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\WINDOWS\system32\svchost.exe -k LocalService -p
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SC
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s WwanSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc

C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
C:\WINDOWS\system32\AUDIODG.EXE 0x280
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
C:\WINDOWS\system32\WLANExt.exe 2084424893200
\??\C:\WINDOWS\system32\conhost.exe 0x4
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
"C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe"
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
"C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\WINDOWS\system32\ibtsiva
"C:\Program Files\ESET\ESET Endpoint Antivirus\eshasrv.exe"
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
"C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe"

c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
"C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe"
"C:\Program Files\PDF Architect 4\creator-ws.exe"
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc

C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"
"C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s upnphost
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
"C:\WINDOWS\system32\igfxEM.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
"C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"
"ctfmon.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
C:\WINDOWS\Explorer.EXE
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
c:\windows\system32\svchost.exe -k unistacksvcgroup
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
C:\WINDOWS\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
"C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\smartscreen.exe -Embedding
"C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe" /hide
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
"C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe" -ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s lmhosts
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\zastupitel\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\zastupitel\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\zastupitel\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=75.0.3770.142 --initial-client-data=0x1b8,0x1bc,0x1c0,0x8,0x1c4,0x7ffce8243ef8,0x7ffce8243f08,0x7ffce8243f18
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s NgcCtnrSvc
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=7564 --on-initialized-event-handle=636 --parent-handle=640 /prefetch:6
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1632,3736358171266503089,6839170483904518486,131072 --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=6914441120513939963 --mojo-platform-channel-handle=1772 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1632,3736358171266503089,6839170483904518486,131072 --lang=cs --service-sandbox-type=network --service-request-channel-token=14247557141701433381 --mojo-platform-channel-handle=1848 /prefetch:8
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3736358171266503089,6839170483904518486,131072 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=11231047172400970311 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3044 /prefetch:1
"C:\Program Files (x86)\Mindjet\MindManager 14\MmReminderService.exe"
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe" -ServerName:SkypeBackgroundHost
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeApp.exe" -ServerName:App.AppXffn3yxqvgawq9fpmnhy90fr3y01d1t5b.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
c:\windows\system32\svchost.exe -k netsvcs -p
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe" /InvokerPRAID: App
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3736358171266503089,6839170483904518486,131072 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=17755120104880447924 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_10d045798a3d667e\aesm_service.exe
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files\rempl\sedsvc.exe"

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3736358171266503089,6839170483904518486,131072 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3090631244766698429 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
c:\windows\system32\svchost.exe -k bcastdvruserservice -s BcastDVRUserService
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe -Embedding
"C:\Users\zastupitel\Downloads\RSITx64 (2).exe"
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\WINDOWS\system32\DllHost.exe /Processid:{7E55A26D-EF95-4A45-9F55-21E52ADF9887}
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3736358171266503089,6839170483904518486,131072 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12876111629766228531 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,3736358171266503089,6839170483904518486,131072 --lang=cs --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15541511975520419122 --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca
c:\windows\system32\svchost.exe -k netsvcs -p -s BITS
C:\WINDOWS\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}

C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\totalcmd\TOTALCMD64.EXE"
C:\WINDOWS\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\WINDOWS\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\zastupitel\Downloads\RSITx64 (2).exe"

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-07-01 221664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2018-05-15 2353944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-05-02 166360]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38279E1A-7019-40C1-B579-E99DFB3312E8}]
PDF Architect 4 Helper - C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-08-05 38112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6FE6A929-59D1-4763-91AD-29B61CFFB35B}]
CmjBrowserHelperObject Object - C:\Program Files (x86)\Mindjet\MindManager 14\Mm8InternetExplorer.dll [2013-09-06 82248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-04-06 473152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2018-05-15 1744672]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-06 186944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - PDF Architect 4 Toolbar - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-08-05 547040]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2018-04-12 638872]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-11-26 16409496]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2015-11-17 71168]
"Acer MotionProtect Tray Application"=C:\Program Files (x86)\ST Microelectronics\ST_ACCEL\FFP_Token.exe [2014-10-24 213168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Smart Cleaning"=C:\Program Files\CCleaner\CCleaner64.exe [2019-05-16 22588760]
"Skype for Desktop"=C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [2019-07-18 53646904]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23 926896]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-12-12 587288]
"Wondershare Helper Compact.exe"=C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2016-10-08 2137744]
"MMReminderService"=C:\Program Files (x86)\Mindjet\MindManager 14\MMReminderService.exe [2013-09-06 42312]
"KeePass 2 PreLoad"=C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2019-05-04 3312208]

C:\Users\zastupitel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Odeslat do OneNote.lnk - C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
"ConsentPromptBehaviorAdmin"=0
"PromptOnSecureDesktop"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.ac3filter"=ac3filter64.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2019-07-31 17:24:04 ----D---- C:\rsit
2019-07-31 17:24:04 ----D---- C:\Program Files\trend micro
2019-07-30 22:30:58 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2019-07-30 09:37:20 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-07-30 09:37:19 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2019-07-30 09:37:18 ----A---- C:\WINDOWS\system32\edgehtml.dll
2019-07-30 09:37:17 ----A---- C:\WINDOWS\system32\mshtml.dll
2019-07-30 09:37:12 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2019-07-30 09:37:12 ----A---- C:\WINDOWS\system32\shell32.dll
2019-07-30 09:37:11 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2019-07-30 09:37:10 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2019-07-30 09:37:09 ----A---- C:\WINDOWS\system32\windows.storage.dll
2019-07-30 09:37:08 ----A---- C:\WINDOWS\system32\Chakra.dll
2019-07-30 09:37:07 ----A---- C:\WINDOWS\SYSWOW64\AppVEntSubsystems32.dll
2019-07-30 09:37:07 ----A---- C:\WINDOWS\system32\StartTileData.dll
2019-07-30 09:37:06 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2019-07-30 09:37:06 ----A---- C:\WINDOWS\system32\sppobjs.dll
2019-07-30 09:37:06 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-07-30 09:37:06 ----A---- C:\WINDOWS\system32\appraiser.dll
2019-07-30 09:37:05 ----A---- C:\WINDOWS\SYSWOW64\windows.storage.dll
2019-07-30 09:37:05 ----A---- C:\WINDOWS\system32\ieframe.dll
2019-07-30 09:37:04 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2019-07-30 09:37:04 ----A---- C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-07-30 09:37:04 ----A---- C:\WINDOWS\system32\win32kfull.sys
2019-07-30 09:37:04 ----A---- C:\WINDOWS\system32\twinui.pcshell.dll
2019-07-30 09:37:03 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2019-07-30 09:37:03 ----A---- C:\WINDOWS\system32\jscript9.dll
2019-07-30 09:37:03 ----A---- C:\WINDOWS\system32\EdgeContent.dll
2019-07-30 09:37:03 ----A---- C:\WINDOWS\system32\combase.dll
2019-07-30 09:37:03 ----A---- C:\WINDOWS\explorer.exe
2019-07-30 09:37:02 ----A---- C:\WINDOWS\system32\twinui.dll
2019-07-30 09:37:02 ----A---- C:\WINDOWS\system32\iertutil.dll
2019-07-30 09:37:02 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-07-30 09:37:02 ----A---- C:\WINDOWS\system32\aepic.dll
2019-07-30 09:37:02 ----A---- C:\WINDOWS\system32\aeinv.dll
2019-07-30 09:37:01 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2019-07-30 09:37:01 ----A---- C:\WINDOWS\system32\InputService.dll
2019-07-30 09:37:01 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2019-07-30 09:37:00 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2019-07-30 09:37:00 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2019-07-30 09:37:00 ----A---- C:\WINDOWS\SYSWOW64\explorer.exe
2019-07-30 09:37:00 ----A---- C:\WINDOWS\SYSWOW64\combase.dll
2019-07-30 09:37:00 ----A---- C:\WINDOWS\system32\generaltel.dll
2019-07-30 09:37:00 ----A---- C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-07-30 09:37:00 ----A---- C:\WINDOWS\system32\aitstatic.exe
2019-07-30 09:36:59 ----A---- C:\WINDOWS\SYSWOW64\sppcext.dll
2019-07-30 09:36:59 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2019-07-30 09:36:59 ----A---- C:\WINDOWS\SYSWOW64\aepic.dll
2019-07-30 09:36:59 ----A---- C:\WINDOWS\system32\win32kbase.sys
2019-07-30 09:36:59 ----A---- C:\WINDOWS\system32\WebRuntimeManager.dll
2019-07-30 09:36:59 ----A---- C:\WINDOWS\system32\sppcext.dll
2019-07-30 09:36:59 ----A---- C:\WINDOWS\system32\hvix64.exe
2019-07-30 09:36:59 ----A---- C:\WINDOWS\system32\DWrite.dll
2019-07-30 09:36:59 ----A---- C:\WINDOWS\system32\dwmcore.dll
2019-07-30 09:36:59 ----A---- C:\WINDOWS\system32\drivers\ntfs.sys
2019-07-30 09:36:59 ----A---- C:\WINDOWS\system32\audiosrv.dll
2019-07-30 09:36:58 ----A---- C:\WINDOWS\SYSWOW64\dwmcore.dll
2019-07-30 09:36:58 ----A---- C:\WINDOWS\system32\wuaueng.dll
2019-07-30 09:36:58 ----A---- C:\WINDOWS\system32\win32appinventorycsp.dll
2019-07-30 09:36:58 ----A---- C:\WINDOWS\system32\sppcommdlg.dll
2019-07-30 09:36:58 ----A---- C:\WINDOWS\system32\slui.exe
2019-07-30 09:36:58 ----A---- C:\WINDOWS\system32\mstscax.dll
2019-07-30 09:36:58 ----A---- C:\WINDOWS\system32\KernelBase.dll
2019-07-30 09:36:58 ----A---- C:\WINDOWS\system32\hvax64.exe
2019-07-30 09:36:58 ----A---- C:\WINDOWS\system32\devinv.dll
2019-07-30 09:36:58 ----A---- C:\WINDOWS\system32\dcntel.dll
2019-07-30 09:36:58 ----A---- C:\WINDOWS\system32\CompatTelRunner.exe
2019-07-30 09:36:58 ----A---- C:\WINDOWS\system32\AppVEntSubsystems64.dll
2019-07-30 09:36:57 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2019-07-30 09:36:57 ----A---- C:\WINDOWS\SYSWOW64\d2d1.dll
2019-07-30 09:36:57 ----A---- C:\WINDOWS\system32\wevtsvc.dll
2019-07-30 09:36:57 ----A---- C:\WINDOWS\system32\TokenBroker.dll
2019-07-30 09:36:57 ----A---- C:\WINDOWS\system32\TextInputFramework.dll
2019-07-30 09:36:57 ----A---- C:\WINDOWS\system32\rpcss.dll
2019-07-30 09:36:57 ----A---- C:\WINDOWS\system32\NotificationController.dll
2019-07-30 09:36:57 ----A---- C:\WINDOWS\system32\invagent.dll
2019-07-30 09:36:57 ----A---- C:\WINDOWS\system32\gdi32full.dll
2019-07-30 09:36:57 ----A---- C:\WINDOWS\system32\enterprisecsps.dll
2019-07-30 09:36:57 ----A---- C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-07-30 09:36:57 ----A---- C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-07-30 09:36:56 ----A---- C:\WINDOWS\SYSWOW64\InputService.dll
2019-07-30 09:36:56 ----A---- C:\WINDOWS\SYSWOW64\gdi32full.dll
2019-07-30 09:36:56 ----A---- C:\WINDOWS\SYSWOW64\DWrite.dll
2019-07-30 09:36:56 ----A---- C:\WINDOWS\system32\wlansvc.dll
2019-07-30 09:36:56 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-07-30 09:36:56 ----A---- C:\WINDOWS\system32\SettingSyncCore.dll
2019-07-30 09:36:56 ----A---- C:\WINDOWS\system32\phoneactivate.exe
2019-07-30 09:36:56 ----A---- C:\WINDOWS\system32\ole32.dll
2019-07-30 09:36:56 ----A---- C:\WINDOWS\system32\FntCache.dll
2019-07-30 09:36:56 ----A---- C:\WINDOWS\system32\EdgeManager.dll
2019-07-30 09:36:56 ----A---- C:\WINDOWS\system32\ClipSVC.dll
2019-07-30 09:36:56 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-07-30 09:36:56 ----A---- C:\WINDOWS\system32\acmigration.dll
2019-07-30 09:36:55 ----A---- C:\WINDOWS\SYSWOW64\mstscax.dll
2019-07-30 09:36:55 ----A---- C:\WINDOWS\SYSWOW64\GdiPlus.dll
2019-07-30 09:36:55 ----A---- C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-07-30 09:36:55 ----A---- C:\WINDOWS\system32\webplatstorageserver.dll
2019-07-30 09:36:55 ----A---- C:\WINDOWS\system32\UpdateAgent.dll
2019-07-30 09:36:55 ----A---- C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-07-30 09:36:55 ----A---- C:\WINDOWS\system32\lsasrv.dll
2019-07-30 09:36:55 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2019-07-30 09:36:55 ----A---- C:\WINDOWS\system32\daxexec.dll
2019-07-30 09:36:55 ----A---- C:\WINDOWS\system32\AppxPackaging.dll
2019-07-30 09:36:55 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-07-30 09:36:54 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2019-07-30 09:36:54 ----A---- C:\WINDOWS\SYSWOW64\TokenBroker.dll
2019-07-30 09:36:54 ----A---- C:\WINDOWS\SYSWOW64\SettingSyncCore.dll
2019-07-30 09:36:54 ----A---- C:\WINDOWS\SYSWOW64\ole32.dll
2019-07-30 09:36:54 ----A---- C:\WINDOWS\SYSWOW64\EdgeManager.dll
2019-07-30 09:36:54 ----A---- C:\WINDOWS\SYSWOW64\AppxPackaging.dll
2019-07-30 09:36:54 ----A---- C:\WINDOWS\SYSWOW64\AppXDeploymentClient.dll
2019-07-30 09:36:54 ----A---- C:\WINDOWS\system32\winload.exe
2019-07-30 09:36:54 ----A---- C:\WINDOWS\system32\wer.dll
2019-07-30 09:36:54 ----A---- C:\WINDOWS\system32\SharedRealitySvc.dll
2019-07-30 09:36:54 ----A---- C:\WINDOWS\system32\SettingSyncHost.exe
2019-07-30 09:36:54 ----A---- C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-07-30 09:36:54 ----A---- C:\WINDOWS\system32\policymanager.dll
2019-07-30 09:36:54 ----A---- C:\WINDOWS\system32\nettrace.dll
2019-07-30 09:36:54 ----A---- C:\WINDOWS\system32\hal.dll
2019-07-30 09:36:54 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2019-07-30 09:36:54 ----A---- C:\WINDOWS\system32\bcryptprimitives.dll
2019-07-30 09:36:54 ----A---- C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-07-30 09:36:54 ----A---- C:\WINDOWS\system32\AppVIntegration.dll
2019-07-30 09:36:53 ----A---- C:\WINDOWS\SYSWOW64\wldp.dll
2019-07-30 09:36:53 ----A---- C:\WINDOWS\SYSWOW64\Windows.Security.Authentication.Web.Core.dll
2019-07-30 09:36:53 ----A---- C:\WINDOWS\SYSWOW64\SettingSyncHost.exe
2019-07-30 09:36:53 ----A---- C:\WINDOWS\SYSWOW64\msvproc.dll
2019-07-30 09:36:53 ----A---- C:\WINDOWS\SYSWOW64\bcryptprimitives.dll
2019-07-30 09:36:53 ----A---- C:\WINDOWS\system32\wpx.dll
2019-07-30 09:36:53 ----A---- C:\WINDOWS\system32\wldp.dll
2019-07-30 09:36:53 ----A---- C:\WINDOWS\system32\winresume.exe
2019-07-30 09:36:53 ----A---- C:\WINDOWS\system32\vbscript.dll
2019-07-30 09:36:53 ----A---- C:\WINDOWS\system32\TaskFlowDataEngine.dll
2019-07-30 09:36:53 ----A---- C:\WINDOWS\system32\sppwinob.dll
2019-07-30 09:36:53 ----A---- C:\WINDOWS\system32\QuietHours.dll
2019-07-30 09:36:53 ----A---- C:\WINDOWS\system32\pkeyhelper.dll
2019-07-30 09:36:53 ----A---- C:\WINDOWS\system32\MusNotification.exe
2019-07-30 09:36:53 ----A---- C:\WINDOWS\system32\msvproc.dll
2019-07-30 09:36:53 ----A---- C:\WINDOWS\system32\MPSSVC.dll
2019-07-30 09:36:53 ----A---- C:\WINDOWS\system32\edgeIso.dll
2019-07-30 09:36:53 ----A---- C:\WINDOWS\system32\dnsapi.dll
2019-07-30 09:36:53 ----A---- C:\WINDOWS\system32\ci.dll
2019-07-30 09:36:53 ----A---- C:\WINDOWS\system32\AppVReporting.dll
2019-07-30 09:36:53 ----A---- C:\WINDOWS\system32\AcGenral.dll
2019-07-30 09:36:52 ----A---- C:\WINDOWS\SYSWOW64\dnsapi.dll
2019-07-30 09:36:52 ----A---- C:\WINDOWS\SYSWOW64\daxexec.dll
2019-07-30 09:36:52 ----A---- C:\WINDOWS\SYSWOW64\AcGenral.dll
2019-07-30 09:36:52 ----A---- C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2019-07-30 09:36:52 ----A---- C:\WINDOWS\system32\tdh.dll
2019-07-30 09:36:52 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2019-07-30 09:36:52 ----A---- C:\WINDOWS\system32\fontdrvhost.exe
2019-07-30 09:36:51 ----A---- C:\WINDOWS\SYSWOW64\Windows.Storage.ApplicationData.dll
2019-07-30 09:36:51 ----A---- C:\WINDOWS\SYSWOW64\wer.dll
2019-07-30 09:36:51 ----A---- C:\WINDOWS\SYSWOW64\tdh.dll
2019-07-30 09:36:51 ----A---- C:\WINDOWS\SYSWOW64\policymanager.dll
2019-07-30 09:36:51 ----A---- C:\WINDOWS\SYSWOW64\fontdrvhost.exe
2019-07-30 09:36:51 ----A---- C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2019-07-30 09:36:51 ----A---- C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-07-30 09:36:51 ----A---- C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2019-07-30 09:36:51 ----A---- C:\WINDOWS\system32\Unistore.dll
2019-07-30 09:36:51 ----A---- C:\WINDOWS\system32\TDLMigration.dll
2019-07-30 09:36:51 ----A---- C:\WINDOWS\system32\tcblaunch.exe
2019-07-30 09:36:51 ----A---- C:\WINDOWS\system32\securekernel.exe
2019-07-30 09:36:51 ----A---- C:\WINDOWS\system32\rmclient.dll
2019-07-30 09:36:51 ----A---- C:\WINDOWS\system32\rdpcore.dll
2019-07-30 09:36:51 ----A---- C:\WINDOWS\system32\pcasvc.dll
2019-07-30 09:36:51 ----A---- C:\WINDOWS\system32\MusNotificationUx.exe
2019-07-30 09:36:51 ----A---- C:\WINDOWS\system32\LicensingWinRT.dll
2019-07-30 09:36:51 ----A---- C:\WINDOWS\system32\efscore.dll
2019-07-30 09:36:51 ----A---- C:\WINDOWS\system32\dmenrollengine.dll
2019-07-30 09:36:51 ----A---- C:\WINDOWS\system32\DeviceEnroller.exe
2019-07-30 09:36:51 ----A---- C:\WINDOWS\system32\CXHProvisioningServer.dll
2019-07-30 09:36:51 ----A---- C:\WINDOWS\system32\AppVPublishing.dll
2019-07-30 09:36:51 ----A---- C:\WINDOWS\system32\AppVOrchestration.dll
2019-07-30 09:36:51 ----A---- C:\WINDOWS\system32\AppVEntStreamingManager.dll
2019-07-30 09:36:51 ----A---- C:\WINDOWS\system32\AppVCatalog.dll
2019-07-30 09:36:50 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Playback.MediaPlayer.dll
2019-07-30 09:36:50 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-07-30 09:36:50 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.BackgroundMediaPlayback.dll
2019-07-30 09:36:50 ----A---- C:\WINDOWS\SYSWOW64\wermgr.exe
2019-07-30 09:36:50 ----A---- C:\WINDOWS\SYSWOW64\Unistore.dll
2019-07-30 09:36:50 ----A---- C:\WINDOWS\SYSWOW64\rmclient.dll
2019-07-30 09:36:50 ----A---- C:\WINDOWS\SYSWOW64\rdpcore.dll
2019-07-30 09:36:50 ----A---- C:\WINDOWS\SYSWOW64\nshwfp.dll
2019-07-30 09:36:50 ----A---- C:\WINDOWS\SYSWOW64\ncryptprov.dll
2019-07-30 09:36:50 ----A---- C:\WINDOWS\SYSWOW64\MSVideoDSP.dll
2019-07-30 09:36:50 ----A---- C:\WINDOWS\SYSWOW64\LicensingWinRT.dll
2019-07-30 09:36:50 ----A---- C:\WINDOWS\SYSWOW64\EditionUpgradeManagerObj.dll
2019-07-30 09:36:50 ----A---- C:\WINDOWS\SYSWOW64\edgeIso.dll
2019-07-30 09:36:50 ----A---- C:\WINDOWS\SYSWOW64\dmenrollengine.dll
2019-07-30 09:36:50 ----A---- C:\WINDOWS\system32\wermgr.exe
2019-07-30 09:36:50 ----A---- C:\WINDOWS\system32\wc_storage.dll
2019-07-30 09:36:50 ----A---- C:\WINDOWS\system32\TransportDSA.dll
2019-07-30 09:36:50 ----A---- C:\WINDOWS\system32\skci.dll
2019-07-30 09:36:50 ----A---- C:\WINDOWS\system32\rdpclip.exe
2019-07-30 09:36:50 ----A---- C:\WINDOWS\system32\rastls.dll
2019-07-30 09:36:50 ----A---- C:\WINDOWS\system32\nshwfp.dll
2019-07-30 09:36:50 ----A---- C:\WINDOWS\system32\NotificationControllerPS.dll
2019-07-30 09:36:50 ----A---- C:\WINDOWS\system32\nltest.exe
2019-07-30 09:36:50 ----A---- C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-07-30 09:36:50 ----A---- C:\WINDOWS\system32\MSVideoDSP.dll
2019-07-30 09:36:50 ----A---- C:\WINDOWS\system32\hvloader.dll
2019-07-30 09:36:50 ----A---- C:\WINDOWS\system32\dssvc.dll
2019-07-30 09:36:50 ----A---- C:\WINDOWS\system32\drivers\mssecflt.sys
2019-07-30 09:36:50 ----A---- C:\WINDOWS\system32\drivers\msiscsi.sys
2019-07-30 09:36:50 ----A---- C:\WINDOWS\system32\DeviceCensus.exe
2019-07-30 09:36:49 ----A---- C:\WINDOWS\SYSWOW64\wlanapi.dll
2019-07-30 09:36:49 ----A---- C:\WINDOWS\SYSWOW64\webplatstorageserver.dll
2019-07-30 09:36:49 ----A---- C:\WINDOWS\SYSWOW64\TokenBrokerUI.dll
2019-07-30 09:36:49 ----A---- C:\WINDOWS\SYSWOW64\rastls.dll
2019-07-30 09:36:49 ----A---- C:\WINDOWS\SYSWOW64\profext.dll
2019-07-30 09:36:49 ----A---- C:\WINDOWS\SYSWOW64\offreg.dll
2019-07-30 09:36:49 ----A---- C:\WINDOWS\SYSWOW64\bcrypt.dll
2019-07-30 09:36:49 ----A---- C:\WINDOWS\SYSWOW64\AppxAllUserStore.dll
2019-07-30 09:36:49 ----A---- C:\WINDOWS\system32\wlanapi.dll
2019-07-30 09:36:49 ----A---- C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2019-07-30 09:36:49 ----A---- C:\WINDOWS\system32\vdsbas.dll
2019-07-30 09:36:49 ----A---- C:\WINDOWS\system32\TokenBrokerUI.dll
2019-07-30 09:36:49 ----A---- C:\WINDOWS\system32\rdpudd.dll
2019-07-30 09:36:49 ----A---- C:\WINDOWS\system32\profext.dll
2019-07-30 09:36:49 ----A---- C:\WINDOWS\system32\offreg.dll
2019-07-30 09:36:49 ----A---- C:\WINDOWS\system32\ncryptprov.dll
2019-07-30 09:36:49 ----A---- C:\WINDOWS\system32\LicensingUI.exe
2019-07-30 09:36:49 ----A---- C:\WINDOWS\system32\KdsCli.dll
2019-07-30 09:36:49 ----A---- C:\WINDOWS\system32\kdnet.dll
2019-07-30 09:36:49 ----A---- C:\WINDOWS\system32\InputSwitch.dll
2019-07-30 09:36:49 ----A---- C:\WINDOWS\system32\changepk.exe
2019-07-30 09:36:49 ----A---- C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2019-07-30 09:36:49 ----A---- C:\WINDOWS\system32\drivers\dumpfve.sys
2019-07-30 09:36:49 ----A---- C:\WINDOWS\system32\drivers\appid.sys
2019-07-30 09:36:49 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2019-07-30 09:36:49 ----A---- C:\WINDOWS\system32\bcrypt.dll
2019-07-30 09:36:49 ----A---- C:\WINDOWS\system32\bcdedit.exe
2019-07-30 09:36:49 ----A---- C:\WINDOWS\system32\AppxSysprep.dll
2019-07-30 09:36:49 ----A---- C:\WINDOWS\system32\AppxAllUserStore.dll
2019-07-30 09:36:48 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Core.TextInput.dll
2019-07-30 09:36:48 ----A---- C:\WINDOWS\SYSWOW64\werdiagcontroller.dll
2019-07-30 09:36:48 ----A---- C:\WINDOWS\SYSWOW64\olepro32.dll
2019-07-30 09:36:48 ----A---- C:\WINDOWS\SYSWOW64\msIso.dll
2019-07-30 09:36:48 ----A---- C:\WINDOWS\SYSWOW64\InputSwitch.dll
2019-07-30 09:36:48 ----A---- C:\WINDOWS\SYSWOW64\enrollmentapi.dll
2019-07-30 09:36:48 ----A---- C:\WINDOWS\SYSWOW64\dmvdsitf.dll
2019-07-30 09:36:48 ----A---- C:\WINDOWS\system32\WSReset.exe
2019-07-30 09:36:48 ----A---- C:\WINDOWS\system32\wlanmsm.dll
2019-07-30 09:36:48 ----A---- C:\WINDOWS\system32\wkssvc.dll
2019-07-30 09:36:48 ----A---- C:\WINDOWS\system32\UpgradeResultsUI.exe
2019-07-30 09:36:48 ----A---- C:\WINDOWS\system32\TpmTasks.dll
2019-07-30 09:36:48 ----A---- C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-07-30 09:36:48 ----A---- C:\WINDOWS\system32\RjvMDMConfig.dll
2019-07-30 09:36:48 ----A---- C:\WINDOWS\system32\mdmmigrator.dll
2019-07-30 09:36:48 ----A---- C:\WINDOWS\system32\MDMAgent.exe
2019-07-30 09:36:48 ----A---- C:\WINDOWS\system32\iphlpsvc.dll
2019-07-30 09:36:48 ----A---- C:\WINDOWS\system32\InputLocaleManager.dll
2019-07-30 09:36:48 ----A---- C:\WINDOWS\system32\HeadTrackerStorage.dll
2019-07-30 09:36:48 ----A---- C:\WINDOWS\system32\enrollmentapi.dll
2019-07-30 09:36:48 ----A---- C:\WINDOWS\system32\EditionUpgradeHelper.dll
2019-07-30 09:36:48 ----A---- C:\WINDOWS\system32\drivers\usbaudio2.sys
2019-07-30 09:36:48 ----A---- C:\WINDOWS\system32\drivers\PEAuth.sys
2019-07-30 09:36:48 ----A---- C:\WINDOWS\system32\dmvdsitf.dll
2019-07-30 09:36:48 ----A---- C:\WINDOWS\system32\DesktopSwitcherDataModel.dll
2019-07-30 09:36:48 ----A---- C:\WINDOWS\splwow64.exe
2019-07-04 20:08:02 ----A---- C:\WINDOWS\system32\drivers\MbamElam.sys
2019-07-04 20:07:58 ----A---- C:\WINDOWS\system32\drivers\mbae64.sys

======List of files/folders modified in the last 1 month======

2019-07-31 17:26:22 ----D---- C:\WINDOWS\Temp
2019-07-31 17:25:40 ----D---- C:\WINDOWS\System32
2019-07-31 17:25:40 ----D---- C:\WINDOWS\INF
2019-07-31 17:25:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2019-07-31 17:24:11 ----D---- C:\WINDOWS\Prefetch
2019-07-31 17:24:04 ----RD---- C:\Program Files
2019-07-31 17:21:00 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2019-07-31 17:20:50 ----D---- C:\WINDOWS\system32\drivers
2019-07-31 17:20:47 ----D---- C:\WINDOWS\system32\sru
2019-07-31 17:20:43 ----D---- C:\WINDOWS\system32\SleepStudy
2019-07-31 00:10:25 ----D---- C:\Users\zastupitel\AppData\Roaming\vlc
2019-07-30 23:33:55 ----D---- C:\WINDOWS\system32\config
2019-07-30 23:29:20 ----D---- C:\WINDOWS\SoftwareDistribution
2019-07-30 23:29:20 ----D---- C:\Windows
2019-07-30 23:22:53 ----D---- C:\WINDOWS\LiveKernelReports
2019-07-30 23:22:53 ----D---- C:\WINDOWS\debug
2019-07-30 22:30:59 ----D---- C:\WINDOWS\system32\catroot2
2019-07-30 22:27:25 ----RD---- C:\WINDOWS\Microsoft.NET
2019-07-30 22:26:01 ----D---- C:\WINDOWS\AppReadiness
2019-07-30 22:25:50 ----D---- C:\WINDOWS\WinSxS
2019-07-30 22:25:41 ----D---- C:\WINDOWS\system32\DriverStore
2019-07-30 21:45:57 ----D---- C:\WINDOWS\TextInput
2019-07-30 21:45:57 ----D---- C:\WINDOWS\SYSWOW64\zu-ZA
2019-07-30 21:45:57 ----D---- C:\WINDOWS\SYSWOW64\yo-NG
2019-07-30 21:45:57 ----D---- C:\WINDOWS\SYSWOW64\xh-ZA
2019-07-30 21:45:57 ----D---- C:\WINDOWS\SYSWOW64\wo-SN
2019-07-30 21:45:57 ----D---- C:\WINDOWS\SYSWOW64\uz-Latn-UZ
2019-07-30 21:45:57 ----D---- C:\WINDOWS\SYSWOW64\tn-ZA
2019-07-30 21:45:57 ----D---- C:\WINDOWS\SYSWOW64\ti-ET
2019-07-30 21:45:57 ----D---- C:\WINDOWS\SYSWOW64\tg-Cyrl-TJ
2019-07-30 21:45:57 ----D---- C:\WINDOWS\SYSWOW64\sr-Cyrl-RS
2019-07-30 21:45:57 ----D---- C:\WINDOWS\SYSWOW64\sr-Cyrl-BA
2019-07-30 21:45:57 ----D---- C:\WINDOWS\SYSWOW64\sd-Arab-PK
2019-07-30 21:45:57 ----D---- C:\WINDOWS\SYSWOW64\rw-RW
2019-07-30 21:45:57 ----D---- C:\WINDOWS\SYSWOW64\quc-Latn-GT
2019-07-30 21:45:57 ----D---- C:\WINDOWS\SYSWOW64\pa-Arab-PK
2019-07-30 21:45:57 ----D---- C:\WINDOWS\SYSWOW64\oobe
2019-07-30 21:45:57 ----D---- C:\WINDOWS\SYSWOW64\nso-ZA
2019-07-30 21:45:57 ----D---- C:\WINDOWS\SYSWOW64\ku-Arab-IQ
2019-07-30 21:45:57 ----D---- C:\WINDOWS\SYSWOW64\ig-NG
2019-07-30 21:45:57 ----D---- C:\WINDOWS\SYSWOW64\chr-CHER-US
2019-07-30 21:45:57 ----D---- C:\WINDOWS\SYSWOW64\ha-Latn-NG
2019-07-30 21:45:57 ----D---- C:\WINDOWS\SYSWOW64\Dism
2019-07-30 21:45:57 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2019-07-30 21:45:57 ----D---- C:\WINDOWS\SYSWOW64\ca-ES-valencia
2019-07-30 21:45:57 ----D---- C:\WINDOWS\SYSWOW64\bs-Latn-BA
2019-07-30 21:45:57 ----D---- C:\WINDOWS\SYSWOW64\az-Latn-AZ
2019-07-30 21:45:57 ----D---- C:\WINDOWS\SysWOW64
2019-07-30 21:45:57 ----D---- C:\WINDOWS\system32\zu-ZA
2019-07-30 21:45:57 ----D---- C:\WINDOWS\system32\yo-NG
2019-07-30 21:45:57 ----D---- C:\WINDOWS\system32\xh-ZA
2019-07-30 21:45:57 ----D---- C:\WINDOWS\system32\wo-SN
2019-07-30 21:45:57 ----D---- C:\WINDOWS\system32\uz-Latn-UZ
2019-07-30 21:45:57 ----D---- C:\WINDOWS\system32\tn-ZA
2019-07-30 21:45:57 ----D---- C:\WINDOWS\system32\ti-ET
2019-07-30 21:45:57 ----D---- C:\WINDOWS\system32\tg-Cyrl-TJ
2019-07-30 21:45:57 ----D---- C:\WINDOWS\system32\sr-Cyrl-RS
2019-07-30 21:45:57 ----D---- C:\WINDOWS\system32\sr-Cyrl-BA
2019-07-30 21:45:57 ----D---- C:\WINDOWS\system32\sd-Arab-PK
2019-07-30 21:45:57 ----D---- C:\WINDOWS\system32\rw-RW
2019-07-30 21:45:57 ----D---- C:\WINDOWS\system32\quc-Latn-GT
2019-07-30 21:45:57 ----D---- C:\WINDOWS\system32\pa-Arab-PK
2019-07-30 21:45:57 ----D---- C:\WINDOWS\system32\oobe
2019-07-30 21:45:57 ----D---- C:\WINDOWS\system32\nso-ZA
2019-07-30 21:45:57 ----D---- C:\WINDOWS\system32\migration
2019-07-30 21:45:57 ----D---- C:\WINDOWS\system32\ku-Arab-IQ
2019-07-30 21:45:57 ----D---- C:\WINDOWS\system32\ig-NG
2019-07-30 21:45:57 ----D---- C:\WINDOWS\system32\chr-CHER-US
2019-07-30 21:45:57 ----D---- C:\WINDOWS\system32\ha-Latn-NG
2019-07-30 21:45:57 ----D---- C:\WINDOWS\system32\Dism
2019-07-30 21:45:57 ----D---- C:\WINDOWS\system32\cs-CZ
2019-07-30 21:45:57 ----D---- C:\WINDOWS\system32\ca-ES-valencia
2019-07-30 21:45:57 ----D---- C:\WINDOWS\system32\bs-Latn-BA
2019-07-30 21:45:57 ----D---- C:\WINDOWS\system32\Boot
2019-07-30 21:45:57 ----D---- C:\WINDOWS\system32\az-Latn-AZ
2019-07-30 21:45:57 ----D---- C:\WINDOWS\system32\appraiser
2019-07-30 21:45:56 ----D---- C:\WINDOWS\ShellComponents
2019-07-30 21:45:56 ----D---- C:\WINDOWS\Provisioning
2019-07-30 21:45:55 ----D---- C:\WINDOWS\bcastdvr
2019-07-30 21:45:55 ----D---- C:\WINDOWS\apppatch
2019-07-30 21:45:55 ----D---- C:\Program Files\Windows Defender Advanced Threat Protection
2019-07-30 12:17:06 ----D---- C:\WINDOWS\system32\LogFiles
2019-07-30 10:56:59 ----D---- C:\Users\zastupitel\AppData\Roaming\KeePass
2019-07-30 09:41:22 ----D---- C:\WINDOWS\CbsTemp
2019-07-30 09:36:29 ----SHD---- C:\System Volume Information
2019-07-30 09:36:05 ----D---- C:\WINDOWS\Logs
2019-07-30 09:31:50 ----D---- C:\Users\zastupitel\AppData\Roaming\BitComet
2019-07-29 09:15:35 ----D---- C:\Downloads
2019-07-27 20:21:52 ----HD---- C:\Program Files\WindowsApps
2019-07-19 21:15:43 ----D---- C:\WINDOWS\system32\MRT
2019-07-19 21:13:51 ----AC---- C:\WINDOWS\system32\MRT.exe
2019-07-19 21:13:47 ----SHD---- C:\WINDOWS\Installer
2019-07-19 21:13:47 ----SHD---- C:\Config.Msi
2019-07-19 21:13:24 ----D---- C:\ProgramData\Microsoft Help
2019-07-19 21:13:24 ----A---- C:\WINDOWS\win.ini
2019-07-19 21:13:00 ----RD---- C:\WINDOWS\assembly
2019-07-17 16:01:15 ----AD---- C:\Program Files (x86)\Microsoft Office
2019-07-16 22:24:57 ----D---- C:\WINDOWS\Minidump
2019-07-11 09:44:42 ----D---- C:\WINDOWS\system32\Tasks
2019-07-04 20:08:02 ----HD---- C:\WINDOWS\ELAMBKUP
2019-07-04 20:07:48 ----D---- C:\ProgramData\Malwarebytes

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 FPWinIo;FPWinIo; C:\WINDOWS\System32\drivers\FPWinIo.sys [2014-10-07 23536]
R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2015-11-12 1467912]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2018-12-08 58168]
R0 MsSecFlt;@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001; C:\WINDOWS\system32\drivers\mssecflt.sys [2019-07-04 304144]
R0 SgrmAgent;@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001; C:\WINDOWS\system32\drivers\SgrmAgent.sys [2018-04-12 63896]
R1 afunix;afunix; C:\WINDOWS\system32\drivers\afunix.sys [2018-04-12 39424]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2018-04-12 60320]
R1 eamonm;eamonm; C:\WINDOWS\system32\DRIVERS\eamonm.sys [2016-05-23 264864]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2016-05-23 196768]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2018-04-12 55808]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2018-04-12 8192]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2019-03-14 414720]
R2 epfwwfpr;epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [2016-05-23 180384]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2018-12-08 43008]
R3 BthA2DP;@wdma_bt.inf,%BthA2DP.SvcDesc%;Bluetooth Stereo; C:\WINDOWS\system32\drivers\BthA2DP.sys [2018-11-09 200704]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2018-12-08 106496]
R3 BthHFAud;@wdma_bt.inf,%DISPLAY_NAME%;Bluetooth Hands-Free; C:\WINDOWS\System32\drivers\BthHfAud.sys [2018-04-12 48640]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2018-04-12 86528]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2018-04-12 129536]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\drivers\BTHUSB.sys [2018-04-12 85504]
R3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2018-04-12 60320]
R3 e1dexpress;@oem32.inf,%e1dExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver D; C:\WINDOWS\System32\drivers\e1d65x64.sys [2018-04-16 560728]
R3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2018-04-12 79360]
R3 ibtusb;@oem33.inf,%ibtusb.SVCDESC_IBT%;Intel(R) Wireless Bluetooth(R); C:\WINDOWS\system32\DRIVERS\ibtusb.sys [2018-04-19 136216]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2017-01-05 11039720]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2015-11-26 4686592]
R3 IntcDAud;@oem1.inf,%IntcAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2016-10-07 822248]
R3 LECs6022;@oem21.inf,%LECs6022.SvcDesc%;LECs6022 Low Filter Driver; C:\WINDOWS\System32\drivers\LECs6022.sys [2016-08-17 20208]
R3 LEMo6022;@oem21.inf,%LEMo6022.SvcDesc%;LEMo6022 Mouse Suite Driver; C:\WINDOWS\System32\drivers\LEMo6022.sys [2016-08-17 27912]
R3 LEub6022;@oem21.inf,%LEub6022.SvcDesc%;LEub6022 Low Filter Driver; C:\WINDOWS\System32\drivers\LEub6022.sys [2016-08-17 20720]
R3 MBAMSwissArmy;MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [2019-07-31 275232]
R3 MEIx64;@oem17.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys [2015-12-30 194104]
R3 Microsoft_Bluetooth_AvrcpTransport;@microsoft_bluetooth_avrcptransport.inf,%Microsoft_Bluetooth_AvrcpTransport.ServiceDescription%;Ovladač přenosů Avrcp protokolu Microsoft Bluetooth; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [2018-04-12 46592]
R3 Netwtw04;@oem31.inf,%NIC_Service_DispName_WINT_64%;Ovladač adaptéru Intel(R) Wireless pro systém Windows 10 64 Bit; C:\WINDOWS\System32\drivers\Netwtw04.sys [2018-04-04 8623128]
R3 pelmouse;@oem18.inf,%PELMOUSE.SvcDesc%;Mouse Suite Driver; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2016-07-11 26880]
R3 pelusblf;@oem18.inf,%PELUSBLF.SvcDesc%;USB Mouse Low Filter Driver; C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2016-07-11 33048]
R3 pelvendr;@oem18.inf,%PELVENDR.SvcDesc%;Mouse Suite I/O Driver; C:\WINDOWS\system32\DRIVERS\pelvendr.sys [2016-07-11 15032]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2018-04-12 193536]
R3 RSP2STOR;@oem27.inf,%Rts5229%;Realtek PCIE CardReader Driver - P2; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [2016-10-24 302808]
R3 SmbDrvI;SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [2015-06-04 42696]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys [2018-04-12 38304]
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2018-04-12 321432]
S0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\WINDOWS\System32\drivers\iaStorAVC.sys [2018-04-12 885144]
S0 ItSas35i;ItSas35i; C:\WINDOWS\System32\drivers\ItSas35i.sys [2018-04-12 145816]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2018-04-12 124312]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2018-04-12 128408]
S0 MbamElam;MbamElam; C:\WINDOWS\system32\DRIVERS\MbamElam.sys [2019-06-26 20936]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2018-04-12 75160]
S0 megasas35i;megasas35i; C:\WINDOWS\System32\drivers\megasas35i.sys [2018-04-12 82328]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2018-04-12 58776]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2018-04-12 61848]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2018-04-12 39840]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2018-08-03 128920]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2018-04-12 20480]
S3 AppleLowerFilter;@oem34.inf,%AppleLowerFilterDisplayName%;Apple Lower Filter Driver; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [2018-05-10 35560]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2018-04-12 18432]
S3 AppvStrm;@%systemroot%\system32\drivers\AppvStrm.sys,-101; C:\WINDOWS\system32\drivers\AppvStrm.sys [2018-04-12 127384]
S3 AppvVemgr;@%systemroot%\system32\drivers\AppvVemgr.sys,-101; C:\WINDOWS\system32\drivers\AppvVemgr.sys [2019-03-14 164664]
S3 AppvVfs;@%systemroot%\system32\drivers\AppvVfs.sys,-101; C:\WINDOWS\system32\drivers\AppvVfs.sys [2018-04-12 143768]
S3 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\WINDOWS\system32\drivers\bindflt.sys [2019-01-09 92704]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\drivers\BTHport.sys [2019-06-07 1102336]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2018-04-12 39936]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2018-04-12 123392]
S3 dlcdcncm;dlcdcncm; C:\WINDOWS\System32\drivers\dlcdcncm62_x64.sys [2017-05-29 92400]
S3 dlusbaudio;dlusbaudio; C:\WINDOWS\system32\DRIVERS\dlusbaudio_x64.sys [2017-05-29 238320]
S3 e1iexpress;@net1ic64.inf,%e1iExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver I; C:\WINDOWS\System32\drivers\e1i63x64.sys [2018-04-12 524800]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2018-04-12 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2018-04-12 50592]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2019-06-07 76304]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2018-04-12 27136]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2018-04-12 1836952]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2018-04-12 36864]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2018-04-12 91648]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2018-04-12 88576]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2018-04-12 171520]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2018-04-12 174592]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2018-04-12 526232]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2018-04-12 38912]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2018-04-12 32256]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2018-04-12 119808]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2018-04-12 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2018-04-12 56736]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2018-04-12 842648]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2018-04-12 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2018-04-12 175104]
S3 nvdimm;@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver; C:\WINDOWS\System32\drivers\nvdimm.sys [2018-04-12 104448]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2018-04-12 105984]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2018-04-12 16896]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2019-03-06 945464]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2018-04-12 104448]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2018-04-12 33176]
S3 semav6msr64;semav6msr64; \??\C:\Windows\system32\drivers\semav6msr64.sys [2015-06-04 21984]
S4 hvcrash;hvcrash; C:\WINDOWS\System32\drivers\hvcrash.sys [2018-04-12 33184]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]
R2 AESMService;Intel® SGX AESM; C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_10d045798a3d667e\aesm_service.exe [2018-11-28 3367272]
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 CDPUserSvc_5f7a1;Uživatelská služba platformy připojených zařízení_5f7a1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2019-06-26 11413600]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [2016-05-24 1648224]
R2 EraAgentSvc;ESET Remote Administrator Agent; C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe [2016-07-01 1708192]
R2 eshasrv;ESET SHA Service; C:\Program Files\ESET\ESET Endpoint Antivirus\eshasrv.exe [2016-05-24 193696]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2015-11-04 19440]
R2 ibtsiva;@oem33.inf,%SERVICE_NAME%;Intel Bluetooth Service; C:\WINDOWS\system32\ibtsiva []
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2017-01-05 341992]
R2 IntelSSTSvc;Intel SST Parameter Service; C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe [2015-11-05 25928]
R2 MBAMService;Malwarebytes Service; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2019-06-26 6744288]
R2 OneSyncSvc_5f7a1;Hostitel synchronizace_5f7a1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 PDF Architect 4 Creator;PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [2016-08-05 851168]
R2 PDF Architect 4 Manager;PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [2016-05-18 972056]
R2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2015-11-26 307456]
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2018-07-14 760888]
R2 sedsvc;Windows Remediation Service; C:\Program Files\rempl\sedsvc.exe [2019-06-11 363016]
R2 SgrmBroker;@%SystemRoot%\System32\SgrmBroker.exe,-100; C:\WINDOWS\system32\SgrmBroker.exe [2018-04-12 163336]
R3 BcastDVRUserService_5f7a1;Uživatelská služba pro GameDVR a vysílání her_5f7a1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 PimIndexMaintenanceSvc_5f7a1;Data kontaktů_5f7a1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S2 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-21 153752]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S2 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S2 MessagingService_5f7a1;Služba zasílání zpráv_5f7a1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 AssignedAccessManagerSvc;@%SystemRoot%\system32\assignedaccessmanagersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BluetoothUserService_5f7a1;Služba pro podporu uživatelů Bluetooth_5f7a1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 CaptureService;@%SystemRoot%\system32\CaptureService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 CaptureService_5f7a1;CaptureService_5f7a1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2017-01-05 301544]
S3 cplspcon;Intel(R) Content Protection HDCP Service; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [2017-01-05 480232]
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevicePickerUserSvc_5f7a1;DevicePicker_5f7a1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevicesFlowUserSvc_5f7a1;Tok zařízení_5f7a1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2019-05-03 90112]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 EHttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Endpoint Antivirus\ehttpsrv.exe [2016-05-24 51872]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 ESRV_SVC_WILLAMETTE;Energy Server Service WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [2016-06-08 416408]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\elevation_service.exe [2019-07-13 1098224]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-21 153752]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2002-02-01 223240]
S3 PDF Architect 4 CrashHandler;PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [2016-08-05 1038048]
S3 PDF Architect 4;PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2016-08-05 2438880]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PrintWorkflowUserSvc_5f7a1;PrintWorkflow_5f7a1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 Sense;@%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2019-07-04 5073792]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2018-04-12 1273344]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S4 AppVClient;@%systemroot%\system32\AppVClient.exe,-102; C:\WINDOWS\system32\AppVClient.exe [2019-03-14 827704]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119418
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Podezření na havěť

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Time2Groove
2. Stupeň Varování
Příspěvky: 147
Registrován: 23 říj 2005 18:22

Re: Podezření na havěť

#3 Příspěvek od Time2Groove »

# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build: 07-23-2019
# Database: 2019-07-22.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 07-31-2019
# Duration: 00:00:00
# OS: Windows 10 Pro
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1325 octets] - [31/07/2019 17:57:40]
AdwCleaner[S01].txt - [1386 octets] - [31/07/2019 17:59:27]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt #########
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119418
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Podezření na havěť

#4 Příspěvek od Rudy »

Toto je OK. Teď dejte logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=154679 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Time2Groove
2. Stupeň Varování
Příspěvky: 147
Registrován: 23 říj 2005 18:22

Re: Podezření na havěť

#5 Příspěvek od Time2Groove »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2019
Ran by zastupitel (31-07-2019 19:03:58)
Running from C:\Users\zastupitel\Downloads
Windows 10 Pro Version 1803 17134.885 (X64) (2018-06-06 16:02:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1233148325-3066817778-516866998-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1233148325-3066817778-516866998-503 - Limited - Disabled)
Guest (S-1-5-21-1233148325-3066817778-516866998-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1233148325-3066817778-516866998-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-1233148325-3066817778-516866998-504 - Limited - Disabled)
zastupitel (S-1-5-21-1233148325-3066817778-516866998-1001 - Administrator - Enabled) => C:\Users\zastupitel

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Endpoint Antivirus 6.4.2014.2 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Endpoint Antivirus 6.4.2014.2 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . . (HKLM\...\{DB52A2D0-CAA1-4ED1-B122-29E7EDDE187F}) (Version: 2.1.28.3 - Intel) Hidden
. . . (HKLM-x32\...\{06DA421D-EE23-487D-878F-F0AF97EF69AD}) (Version: 2.6.1.4 - Intel) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Reader XI MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Avidemux 2.7 - 64 bits (HKLM-x32\...\Avidemux 2.7 - 64 bits (64-bit)) (Version: 2.7.1.180604 - )
BitComet 1.44 (HKLM-x32\...\BitComet_x64) (Version: 1.44 - CometNetwork)
CCleaner (HKLM\...\CCleaner) (Version: 5.57 - Piriform)
EgisTec Fingerprint Driver (HKLM-x32\...\InstallShield_{E8C889B8-0A8B-46BA-B433-F7D6968A6543}) (Version: 3.5.1.0 - Egis Technology Inc.)
ESET Endpoint Antivirus (HKLM\...\{4D3A2DB5-5D72-4653-9838-B09B71F2F1B2}) (Version: 6.4.2014.2 - ESET, spol. s r.o.)
ESET Remote Administrator Agent (HKLM\...\{D7359C35-3D3A-4D78-A678-0325E23614E4}) (Version: 6.4.283.0 - ESET, spol. s r.o.)
FastStone Photo Resizer 3.8 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.8 - FastStone Soft.)
Fingerprint Driver (HKLM-x32\...\{E8C889B8-0A8B-46BA-B433-F7D6968A6543}) (Version: 3.5.1.0 - Egis Technology Inc.) Hidden
Foxit Advanced PDF Editor 3 (HKLM-x32\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.0.5.0 - Foxit Corporation)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.142 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
HD Tune Pro 5.60 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{8866711B-6150-4BF3-81E7-E3F38E52717F}) (Version: 18.1.1546.2762 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
Intel® Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel(R) Corporation) Hidden
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
KeePass Password Safe 2.42.1 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.42.1 - Dominik Reichl)
Malwarebytes verze 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Manager (HKLM-x32\...\{38251B9A-C44B-42D9-9A6A-0697986E334A}) (Version: 4.1.4.27792 - 2015 pdfforge GmbH. All rights reserved) Hidden
Microsoft Office Standard 2013 (HKLM-x32\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1233148325-3066817778-516866998-1001\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mindjet 14 (HKLM-x32\...\{5C1060A2-462B-4883-A26A-065EEF6E35DF}) (Version: 14.0.334 - Mindjet)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM-x32\...\{90150000-001F-0405-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM-x32\...\{90150000-001F-041B-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11727.20244 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11727.20244 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11727.20244 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.11727.20244 - Microsoft Corporation) Hidden
PDF Architect 4 Create Module (HKLM\...\{72B9DF2C-76FA-40B5-A469-16EAB159CE72}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (HKLM\...\{BDF7326B-7ED4-4034-B867-F4E88D4E628B}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (HKLM\...\{03E04B47-9270-4613-8D7E-DA4AD2B259A0}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.4.1 - pdfforge GmbH)
PDF-XChange 2012 (HKLM\...\{504022CD-6A58-42D5-ACC9-966F695AAD93}_is1) (Version: 5.0.266.0 - Tracker Software Products Ltd)
Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version: - Photodex Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.255 - Google, Inc.)
Prezi Classic (HKLM-x32\...\{8C72EB9C-DFC8-4193-BF9C-70873A91FCFB}) (Version: 6.19.2.0 - Prezi) Hidden
Prezi Classic (HKLM-x32\...\{d072be21-af87-4716-b308-8c4a35343bca}) (Version: 6.19.2.0 - Prezi)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10240.29090 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7673 - Realtek Semiconductor Corp.)
Skype pro firmy Basic 2016 - cs-cz (HKLM\...\SkypeforBusinessEntryRetail - cs-cz) (Version: 16.0.11727.20244 - Microsoft Corporation)
Skype verze 8.50 (HKLM-x32\...\Skype_is1) (Version: 8.50 - Skype Technologies S.A.)
Software602 Form Filler (HKLM-x32\...\{04703FE3-1A8B-4467-88E6-3D6A1A0FA65A}) (Version: 4.70 - Software602 a.s.)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.06.0067 - ST Microelectronics)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.1.3.9 - Synaptics Incorporated)
Total Commander 64-bit (Remove or Repair) (HKLM-x32\...\Totalcmd64) (Version: 8.52a - Ghisler Software GmbH)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)

Packages:
=========
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-09-23] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_100.1.581.0_x64__v10z8vjag6ke6 [2019-07-22] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-07] (Microsoft Corporation) [MS Ad]
Microsoft Telefon -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2018-09-08] (Microsoft Corporation)
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-22] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-22] (Microsoft Corporation) [MS Ad]
Pošta a Kalendář -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2019-07-22] (Microsoft Corporation) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)
Vodafone Mobile Broadband -> C:\Program Files\WindowsApps\VodafoneGroupServices.VodafoneMobileBroadband_2.9.45.0_x64__cx08jceyq9bcp [2019-06-25] (Vodafone Group Services)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2016-05-24] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers1: [PDFArchitect4_ManagerExt] -> {3AECFCB3-8472-48E9-BC7B-5A3CD945C886} => C:\Program Files\PDF Architect 4\creator-context-menu.dll [2016-08-05] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:/Program Files/PDFCreator/PDFCreatorShell.DLL [2016-11-18] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2016-05-24] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-01-05] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2016-05-24] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)
Nahoru
Time2Groove
2. Stupeň Varování
Příspěvky: 147
Registrován: 23 říj 2005 18:22

Re: Podezření na havěť

#6 Příspěvek od Time2Groove »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2019
Ran by zastupitel (administrator) on Z-RYCHTARIK-N (Acer TravelMate P648-M) (31-07-2019 19:02:37)
Running from C:\Users\zastupitel\Downloads
Loaded Profiles: zastupitel (Available Profiles: zastupitel)
Platform: Windows 10 Pro Version 1803 17134.885 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19051.16210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\eshasrv.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe
(Ghisler Software GmbH -> Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - Client Components Group -> Intel Corporation) C:\Windows\System32\IntelSSTAPO\ParameterService\ParameterService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Software Development Products -> ) C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Intel(R) Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_10d045798a3d667e\aesm_service.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mindjet -> Mindjet) C:\Program Files (x86)\Mindjet\MindManager 14\MmReminderService.exe
(pdfforge GmbH -> © pdfforge GmbH.) C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
(pdfforge GmbH -> pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Software602 a.s. -> Software602 a.s.) C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16409496 2015-11-26] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [323056 2015-11-04] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Acer MotionProtect Tray Application] => C:\Program Files (x86)\ST Microelectronics\ST_ACCEL\FFP_Token.exe [213168 2014-10-24] (STMicroelectronics -> STMicroelectronics)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare software CO., LIMITED -> Wondershare)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 14\MMReminderService.exe [42312 2013-09-06] (Mindjet -> Mindjet)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3312208 2019-05-04] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1233148325-3066817778-516866998-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22588760 2019-05-16] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1233148325-3066817778-516866998-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [53646904 2019-07-18] (Skype Software Sarl -> Skype Technologies S.A.)
HKLM\...\Drivers32: [msacm.ac3filter] => C:\WINDOWS\system32\ac3filter64.acm [2231296 2013-04-05] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3filter] => C:\Windows\SysWOW64\ac3filter.acm [1679360 2013-04-05] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-16] (Google LLC -> Google LLC)
Startup: C:\Users\zastupitel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Odeslat do OneNote.lnk [2018-04-26]
ShortcutTarget: Odeslat do OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2EF48170-093D-4A16-8809-F61BF8B08B78} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1448512 2019-07-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {3340E602-FEC9-4FA7-8BA4-3F59CB4D3F67} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {34E8A7EF-DE1D-4E9A-B68B-242E5871B1AC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16571320 2019-05-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {38818397-0DCA-4488-BBBD-8812CF580AAE} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {42F132B3-005B-4B33-9F7F-8E7164E30D64} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1448512 2019-07-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {48AC9C4B-E270-438C-B05B-9A85F4BE03E7} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {53E7D439-B8AB-4859-A5B6-462DECB5CA70} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [113616 2019-07-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {64B2930E-8798-452F-8C16-F4A455519159} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [113616 2019-07-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {64C73DF7-7CFB-4D3A-A2F6-E46CDF251537} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_131_pepper.exe [1280000 2017-06-25] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {6A10A13A-6F5D-4FEC-8DE6-70AA0EE4F5AF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26804232 2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {7065D11B-DC33-4A88-A79F-33C2570893E2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {74F905D6-606E-4D10-B305-0110AD1A87D0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-21] (Google Inc -> Google Inc.)
Task: {81BDECEE-F45E-4680-AEB1-9047E420B5CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-21] (Google Inc -> Google Inc.)
Task: {96F60645-3886-47F4-A0BD-EAE00AA9DEC7} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [1741576 2016-03-17] (Intel(R) Software -> Intel Corporation)
Task: {CDD5DB07-37E5-4D44-A482-2CFAF6C9B435} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26804232 2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {DFF01833-7811-4AB2-970C-9E8BA117BA03} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {ED144D7C-D12D-45F0-A400-40F40D8B1BFA} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-05-16] (Piriform Software Ltd -> Piriform Software Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{2b83f63b-695d-4723-a7ad-5d245449af6f}: [DhcpNameServer] 217.75.208.162 93.91.144.70
Tcpip\..\Interfaces\{adb1b915-a618-4bb4-bdbe-160317fcbcfa}: [DhcpNameServer] 192.168.33.2
Tcpip\..\Interfaces\{df0bb128-19c7-4137-82c3-f419da4d7ca2}: [NameServer] 217.77.165.81,217.77.165.211

Internet Explorer:
==================
HKU\S-1-5-21-1233148325-3066817778-516866998-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.cz/
SearchScopes: HKU\S-1-5-21-1233148325-3066817778-516866998-1001 -> {989C12CB-FFA3-45B2-B4C6-9C859B6B3248} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-07-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-05-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-08-05] (pdfforge GmbH -> pdfforge GmbH)
BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 14\Mm8InternetExplorer.dll [2013-09-06] (Mindjet -> Mindjet)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-04-06] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-06] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-08-05] (pdfforge GmbH -> pdfforge GmbH)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-17] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-11-24] [Legacy] [not signed]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-09] (Google Inc -> Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-05-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-05-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2017-07-03] ( ) [File not signed]
FF Plugin-x32: @software602.cz/602XML Filler -> C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s. -> Software602 a.s.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 4 -> C:\Program Files (x86)\PDF Architect 4\np-previewer.dll [2016-08-05] (pdfforge GmbH -> pdfforge GmbH)

Chrome:
=======
CHR HomePage: Default -> hxxp://go.eu.bbelements.com/please/redirect/23470/1/1/2/!uwi=1280,uhe=720,uce=0,ibbid=BBID-01-01838805580355786,impressionId=230f097a-0071-4823-b324-40bdac1db3ec,ibb_device_id=0,ip_co=1,ip_reg=30,b_w=998,b_h=200,param=843807/792908_1_?
CHR Profile: C:\Users\zastupitel\AppData\Local\Google\Chrome\User Data\Default [2019-07-31]
CHR Extension: (Disk Google) - C:\Users\zastupitel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-19]
CHR Extension: (YouTube) - C:\Users\zastupitel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-21]
CHR Extension: (AdBlock) - C:\Users\zastupitel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-07-31]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\zastupitel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\zastupitel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\zastupitel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-22]
CHR HKU\S-1-5-21-1233148325-3066817778-516866998-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s. -> Software602 a.s.)
R2 AESMService; C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_10d045798a3d667e\aesm_service.exe [3367272 2018-11-28] (Intel(R) Software Development Products -> Intel Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11413600 2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [480232 2017-01-05] (Intel(R) pGFX -> Intel Corporation)
S3 EHttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\ehttpsrv.exe [51872 2016-05-24] (ESET, spol. s r.o. -> ESET)
R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [1648224 2016-05-24] (ESET, spol. s r.o. -> ESET)
R2 EraAgentSvc; C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe [1708192 2016-07-01] (ESET, spol. s r.o. -> ESET)
R2 eshasrv; C:\Program Files\ESET\ESET Endpoint Antivirus\eshasrv.exe [193696 2016-05-24] (ESET, spol. s r.o. -> ESET)
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] (Intel(R) Software Development Products -> )
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [541896 2018-04-19] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [341992 2017-01-05] (Intel(R) pGFX -> Intel Corporation)
R2 IntelSSTSvc; C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe [25928 2015-11-05] (Intel Corporation - Client Components Group -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2438880 2016-08-05] (pdfforge GmbH -> pdfforge GmbH)
S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-08-05] (pdfforge GmbH -> pdfforge GmbH)
R2 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-08-05] (pdfforge GmbH -> pdfforge GmbH)
R2 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [972056 2016-05-18] (pdfforge GmbH -> © pdfforge GmbH.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2015-11-26] (Realtek Semiconductor Corp -> Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5073792 2019-07-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [260664 2018-01-25] (Synaptics Incorporated -> Synaptics Incorporated)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] (Intel(R) Software Development Products -> )
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] (Intel(R) Software Development Products -> )
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4413440 2019-03-14] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107160 2019-02-16] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 dlcdcncm; C:\WINDOWS\System32\drivers\dlcdcncm62_x64.sys [92400 2017-05-29] (DISPLAYLINK -> DisplayLink Corp.)
S3 dlusbaudio; C:\WINDOWS\system32\DRIVERS\dlusbaudio_x64.sys [238320 2017-05-29] (DISPLAYLINK -> DisplayLink Corp.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [264864 2016-05-23] (ESET, spol. s r.o. -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [196768 2016-05-23] (ESET, spol. s r.o. -> ESET)
R2 epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [180384 2016-05-23] (ESET, spol. s r.o. -> ESET)
R0 FPWinIo; C:\WINDOWS\System32\drivers\FPWinIo.sys [23536 2014-10-07] (EGIS TECHNOLOGY INC. -> Egis Technology Inc.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136216 2018-04-19] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 LECs6022; C:\WINDOWS\System32\drivers\LECs6022.sys [20208 2016-08-17] (WDKTestCert primax,131147703563436555 -> Primax Electronics Ltd.)
R3 LEMo6022; C:\WINDOWS\System32\drivers\LEMo6022.sys [27912 2016-08-17] (WDKTestCert primax,131147703563436555 -> Primax Electronics Ltd.)
R3 LEub6022; C:\WINDOWS\System32\drivers\LEub6022.sys [20720 2016-08-17] (WDKTestCert primax,131147703563436555 -> Primax Electronics Ltd.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-07-31] (Malwarebytes Corporation -> Malwarebytes)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [8623128 2018-04-04] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 pelmouse; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [26880 2016-07-11] (WDKTestCert idd,131110062695071623 -> TPMX Electronics Ltd.)
R3 pelusblf; C:\WINDOWS\system32\DRIVERS\pelusblf.sys [33048 2016-07-11] (WDKTestCert idd,131110062695071623 -> )
R3 pelvendr; C:\WINDOWS\system32\DRIVERS\pelvendr.sys [15032 2016-07-11] (WDKTestCert idd,131110062695071623 -> TPMX Electronics Ltd.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [302808 2016-10-24] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] (Intel(R) Code Signing External -> )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-04] (Synaptics Incorporated -> Synaptics Incorporated)
R0 stdcfltn; C:\WINDOWS\System32\DRIVERS\stdcfltn.sys [23216 2015-01-09] (STMicroelectronics -> ST Microelectronics)
R3 ST_Accel; C:\WINDOWS\system32\DRIVERS\ST_Accel.sys [143592 2015-06-10] (STMicroelectronics -> STMicroelectronics)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R3 wmbclass; C:\WINDOWS\System32\drivers\wmbclass.sys [335872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-31 19:02 - 2019-07-31 19:03 - 000029147 _____ C:\Users\zastupitel\Downloads\FRST.txt
2019-07-31 19:02 - 2019-07-31 19:02 - 002096128 _____ (Farbar) C:\Users\zastupitel\Downloads\FRST64.exe
2019-07-31 19:02 - 2019-07-31 19:02 - 000000000 ____D C:\FRST
2019-07-31 19:00 - 2019-07-31 18:59 - 000522240 _____ (OldTimer Tools) C:\Users\zastupitel\Desktop\OTM.exe
2019-07-31 18:00 - 2019-07-31 18:00 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-07-31 17:53 - 2019-07-31 17:54 - 064333800 _____ (Malwarebytes ) C:\Users\zastupitel\Desktop\mb3-setup-43841.43841-3.8.3.2965-1.0.613-1.0.11270.exe
2019-07-31 17:53 - 2019-07-31 17:53 - 007623880 _____ (Malwarebytes) C:\Users\zastupitel\Desktop\adwcleaner_7.4.exe
2019-07-31 17:33 - 2019-07-31 17:33 - 000000817 _____ C:\Users\zastupitel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2019-07-31 17:33 - 2019-07-31 17:33 - 000000718 _____ C:\Users\zastupitel\Desktop\ESET Online Scanner.lnk
2019-07-31 17:24 - 2019-07-31 17:28 - 000000000 ____D C:\Program Files\trend micro
2019-07-31 17:24 - 2019-07-31 17:24 - 000000000 ____D C:\rsit
2019-07-30 09:37 - 2019-07-04 11:40 - 021390504 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-07-30 09:37 - 2019-07-04 11:40 - 001616840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-07-30 09:37 - 2019-07-04 11:18 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-07-30 09:37 - 2019-07-04 10:51 - 020384128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-07-30 09:37 - 2019-07-04 10:37 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-07-30 09:37 - 2019-07-04 07:00 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-07-30 09:37 - 2019-07-04 06:57 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-07-30 09:37 - 2019-07-04 06:56 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-07-30 09:37 - 2019-07-04 06:56 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-07-30 09:37 - 2019-07-04 06:56 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-07-30 09:37 - 2019-07-04 06:56 - 002810680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-07-30 09:37 - 2019-07-04 06:42 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-07-30 09:37 - 2019-07-04 06:42 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-07-30 09:37 - 2019-07-04 06:42 - 002479176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-07-30 09:37 - 2019-07-04 06:37 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-07-30 09:37 - 2019-07-04 06:33 - 022017536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-07-30 09:37 - 2019-07-04 06:29 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-07-30 09:37 - 2019-07-04 06:26 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-07-30 09:37 - 2019-07-04 06:25 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-07-30 09:37 - 2019-07-04 06:25 - 007589888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-07-30 09:37 - 2019-07-04 06:25 - 004861440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-07-30 09:37 - 2019-07-04 06:25 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-07-30 09:37 - 2019-07-04 06:22 - 003707904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-07-30 09:37 - 2019-07-04 06:21 - 005784064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-07-30 09:37 - 2019-06-13 14:12 - 002871848 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-07-30 09:37 - 2019-06-13 14:05 - 000810296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-07-30 09:37 - 2019-06-13 14:04 - 001721144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-07-30 09:37 - 2019-06-13 13:59 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-07-30 09:37 - 2019-06-13 13:42 - 004038688 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-07-30 09:37 - 2019-06-13 13:18 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-07-30 09:37 - 2019-06-13 13:18 - 004847104 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-07-30 09:37 - 2019-06-13 13:17 - 012756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-07-30 09:37 - 2019-06-13 13:15 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-07-30 09:37 - 2019-06-13 13:13 - 002920448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-07-30 09:37 - 2019-06-13 12:11 - 001539896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2019-07-30 09:37 - 2019-06-13 12:05 - 003700160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-07-30 09:37 - 2019-06-13 11:55 - 005657088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-07-30 09:37 - 2019-06-13 11:54 - 011942912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-07-30 09:37 - 2019-06-13 09:01 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-07-30 09:37 - 2019-06-13 08:47 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-07-30 09:37 - 2019-06-13 08:44 - 002769688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-07-30 09:37 - 2019-06-13 08:13 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2019-07-30 09:36 - 2019-07-04 11:45 - 001786680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-07-30 09:36 - 2019-07-04 11:43 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-07-30 09:36 - 2019-07-04 11:41 - 000304144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-07-30 09:36 - 2019-07-04 11:40 - 001631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-07-30 09:36 - 2019-07-04 11:40 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-07-30 09:36 - 2019-07-04 11:22 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2019-07-30 09:36 - 2019-07-04 11:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-07-30 09:36 - 2019-07-04 11:21 - 008627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-07-30 09:36 - 2019-07-04 11:20 - 001609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-07-30 09:36 - 2019-07-04 11:19 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2019-07-30 09:36 - 2019-07-04 11:18 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-07-30 09:36 - 2019-07-04 10:56 - 001453416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-07-30 09:36 - 2019-07-04 10:54 - 000662352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-07-30 09:36 - 2019-07-04 10:41 - 007990784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-07-30 09:36 - 2019-07-04 10:36 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-07-30 09:36 - 2019-07-04 06:58 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-07-30 09:36 - 2019-07-04 06:58 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-07-30 09:36 - 2019-07-04 06:58 - 000416312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2019-07-30 09:36 - 2019-07-04 06:58 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-07-30 09:36 - 2019-07-04 06:57 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-07-30 09:36 - 2019-07-04 06:57 - 000986128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-07-30 09:36 - 2019-07-04 06:57 - 000776784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-07-30 09:36 - 2019-07-04 06:57 - 000723728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-07-30 09:36 - 2019-07-04 06:57 - 000708696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-07-30 09:36 - 2019-07-04 06:57 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-07-30 09:36 - 2019-07-04 06:57 - 000362264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2019-07-30 09:36 - 2019-07-04 06:57 - 000209424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-07-30 09:36 - 2019-07-04 06:57 - 000194360 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-07-30 09:36 - 2019-07-04 06:57 - 000137656 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2019-07-30 09:36 - 2019-07-04 06:57 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-07-30 09:36 - 2019-07-04 06:57 - 000091776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-07-30 09:36 - 2019-07-04 06:56 - 002571640 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-07-30 09:36 - 2019-07-04 06:56 - 001566520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-07-30 09:36 - 2019-07-04 06:56 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-07-30 09:36 - 2019-07-04 06:56 - 001260776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-07-30 09:36 - 2019-07-04 06:56 - 001141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-07-30 09:36 - 2019-07-04 06:56 - 000983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-07-30 09:36 - 2019-07-04 06:56 - 000767536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-07-30 09:36 - 2019-07-04 06:56 - 000734952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-07-30 09:36 - 2019-07-04 06:56 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-07-30 09:36 - 2019-07-04 06:56 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-07-30 09:36 - 2019-07-04 06:56 - 000493752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-07-30 09:36 - 2019-07-04 06:56 - 000115512 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-07-30 09:36 - 2019-07-04 06:43 - 000832016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-07-30 09:36 - 2019-07-04 06:43 - 000665440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-07-30 09:36 - 2019-07-04 06:43 - 000328696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2019-07-30 09:36 - 2019-07-04 06:43 - 000287376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2019-07-30 09:36 - 2019-07-04 06:43 - 000191800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-07-30 09:36 - 2019-07-04 06:42 - 001980984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-07-30 09:36 - 2019-07-04 06:42 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-07-30 09:36 - 2019-07-04 06:42 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-07-30 09:36 - 2019-07-04 06:42 - 000356312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-07-30 09:36 - 2019-07-04 06:42 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2019-07-30 09:36 - 2019-07-04 06:41 - 000559328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-07-30 09:36 - 2019-07-04 06:26 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-07-30 09:36 - 2019-07-04 06:26 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-07-30 09:36 - 2019-07-04 06:25 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2019-07-30 09:36 - 2019-07-04 06:25 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-07-30 09:36 - 2019-07-04 06:24 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-07-30 09:36 - 2019-07-04 06:24 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-07-30 09:36 - 2019-07-04 06:24 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-07-30 09:36 - 2019-07-04 06:24 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-07-30 09:36 - 2019-07-04 06:23 - 001765888 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-07-30 09:36 - 2019-07-04 06:23 - 001217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-07-30 09:36 - 2019-07-04 06:23 - 000786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-07-30 09:36 - 2019-07-04 06:22 - 002587648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-07-30 09:36 - 2019-07-04 06:22 - 002176000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-07-30 09:36 - 2019-07-04 06:22 - 001561088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-07-30 09:36 - 2019-07-04 06:22 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-07-30 09:36 - 2019-07-04 06:22 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-07-30 09:36 - 2019-07-04 06:22 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-07-30 09:36 - 2019-07-04 06:22 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2019-07-30 09:36 - 2019-07-04 06:22 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-07-30 09:36 - 2019-07-04 06:21 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-07-30 09:36 - 2019-07-04 06:21 - 003202560 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-07-30 09:36 - 2019-07-04 06:21 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-07-30 09:36 - 2019-07-04 06:21 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-07-30 09:36 - 2019-07-04 06:21 - 001220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-07-30 09:36 - 2019-07-04 06:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-07-30 09:36 - 2019-07-04 06:21 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2019-07-30 09:36 - 2019-07-04 06:21 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-07-30 09:36 - 2019-07-04 06:20 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-07-30 09:36 - 2019-07-04 06:20 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-07-30 09:36 - 2019-07-04 06:20 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-07-30 09:36 - 2019-07-04 06:20 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-07-30 09:36 - 2019-07-04 06:19 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-07-30 09:36 - 2019-07-04 06:19 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-07-30 09:36 - 2019-07-04 06:18 - 002602496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-07-30 09:36 - 2019-07-04 06:18 - 001076224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-07-30 09:36 - 2019-07-04 06:18 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-07-30 09:36 - 2019-07-04 06:18 - 000953344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-07-30 09:36 - 2019-07-04 06:18 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-07-30 09:36 - 2019-07-04 06:17 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-07-30 09:36 - 2019-07-04 05:01 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2019-07-30 09:36 - 2019-06-21 10:50 - 000280584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-07-30 09:36 - 2019-06-13 14:15 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-07-30 09:36 - 2019-06-13 14:00 - 000464696 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-07-30 09:36 - 2019-06-13 13:58 - 000637752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-07-30 09:36 - 2019-06-13 13:58 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-07-30 09:36 - 2019-06-13 13:56 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-07-30 09:36 - 2019-06-13 13:43 - 001427984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-07-30 09:36 - 2019-06-13 13:43 - 001048480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-07-30 09:36 - 2019-06-13 13:42 - 002266936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2019-07-30 09:36 - 2019-06-13 13:42 - 000652088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2019-07-30 09:36 - 2019-06-13 13:42 - 000566536 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2019-07-30 09:36 - 2019-06-13 13:41 - 001626936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2019-07-30 09:36 - 2019-06-13 13:41 - 000830264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2019-07-30 09:36 - 2019-06-13 13:41 - 000825144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2019-07-30 09:36 - 2019-06-13 13:41 - 000670008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2019-07-30 09:36 - 2019-06-13 13:40 - 000749880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2019-07-30 09:36 - 2019-06-13 13:40 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-07-30 09:36 - 2019-06-13 13:40 - 000495416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2019-07-30 09:36 - 2019-06-13 13:38 - 000766264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2019-07-30 09:36 - 2019-06-13 13:37 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2019-07-30 09:36 - 2019-06-13 13:36 - 000251000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2019-07-30 09:36 - 2019-06-13 13:36 - 000236520 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2019-07-30 09:36 - 2019-06-13 13:35 - 001376688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-07-30 09:36 - 2019-06-13 13:34 - 000146888 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2019-07-30 09:36 - 2019-06-13 13:17 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2019-07-30 09:36 - 2019-06-13 13:17 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2019-07-30 09:36 - 2019-06-13 13:17 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2019-07-30 09:36 - 2019-06-13 13:17 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2019-07-30 09:36 - 2019-06-13 13:16 - 000767488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2019-07-30 09:36 - 2019-06-13 13:15 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2019-07-30 09:36 - 2019-06-13 13:14 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2019-07-30 09:36 - 2019-06-13 13:14 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2019-07-30 09:36 - 2019-06-13 13:14 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-07-30 09:36 - 2019-06-13 13:14 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll
2019-07-30 09:36 - 2019-06-13 13:13 - 001339392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2019-07-30 09:36 - 2019-06-13 13:13 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-07-30 09:36 - 2019-06-13 13:13 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2019-07-30 09:36 - 2019-06-13 13:13 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2019-07-30 09:36 - 2019-06-13 13:12 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2019-07-30 09:36 - 2019-06-13 13:10 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2019-07-30 09:36 - 2019-06-13 12:07 - 001027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-07-30 09:36 - 2019-06-13 12:07 - 000660496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2019-07-30 09:36 - 2019-06-13 12:07 - 000221232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2019-07-30 09:36 - 2019-06-13 11:54 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2019-07-30 09:36 - 2019-06-13 11:53 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-07-30 09:36 - 2019-06-13 11:51 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2019-07-30 09:36 - 2019-06-13 11:50 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2019-07-30 09:36 - 2019-06-13 11:49 - 002406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-07-30 09:36 - 2019-06-13 11:49 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2019-07-30 09:36 - 2019-06-13 09:48 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2019-07-30 09:36 - 2019-06-13 09:46 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2019-07-30 09:36 - 2019-06-13 09:01 - 000511288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-07-30 09:36 - 2019-06-13 09:01 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-07-30 09:36 - 2019-06-13 08:59 - 000785264 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2019-07-30 09:36 - 2019-06-13 08:47 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-07-30 09:36 - 2019-06-13 08:46 - 001076536 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2019-07-30 09:36 - 2019-06-13 08:46 - 000510296 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-07-30 09:36 - 2019-06-13 08:46 - 000093984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-07-30 09:36 - 2019-06-13 08:45 - 002421560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-07-30 09:36 - 2019-06-13 08:44 - 002546704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-07-30 09:36 - 2019-06-13 08:44 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-07-30 09:36 - 2019-06-13 08:44 - 001033696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2019-07-30 09:36 - 2019-06-13 08:44 - 000607112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2019-07-30 09:36 - 2019-06-13 08:44 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-07-30 09:36 - 2019-06-13 08:44 - 000130624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-07-30 09:36 - 2019-06-13 08:17 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-07-30 09:36 - 2019-06-13 08:16 - 001626112 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2019-07-30 09:36 - 2019-06-13 08:16 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-07-30 09:36 - 2019-06-13 08:15 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-07-30 09:36 - 2019-06-13 08:15 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-07-30 09:36 - 2019-06-13 08:15 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2019-07-30 09:36 - 2019-06-13 08:15 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2019-07-30 09:36 - 2019-06-13 08:15 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\KdsCli.dll
2019-07-30 09:36 - 2019-06-13 08:14 - 003318784 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2019-07-30 09:36 - 2019-06-13 08:14 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2019-07-30 09:36 - 2019-06-13 08:14 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-07-30 09:36 - 2019-06-13 08:14 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll
2019-07-30 09:36 - 2019-06-13 08:13 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-07-30 09:36 - 2019-06-13 08:13 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2019-07-30 09:36 - 2019-06-13 08:13 - 000322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-07-30 09:36 - 2019-06-13 08:13 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-07-30 09:36 - 2019-06-13 08:12 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-07-30 09:36 - 2019-06-13 08:12 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-07-30 09:36 - 2019-06-13 08:12 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-07-30 09:36 - 2019-06-13 08:12 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-07-30 09:36 - 2019-06-13 08:12 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-07-30 09:36 - 2019-06-13 08:12 - 000501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2019-07-30 09:36 - 2019-06-13 08:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbaudio2.sys
2019-07-30 09:36 - 2019-06-13 08:11 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-07-30 09:36 - 2019-06-13 08:11 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2019-07-30 09:36 - 2019-06-13 08:11 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2019-07-30 09:36 - 2019-06-13 08:10 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-07-30 09:36 - 2019-06-13 08:10 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-07-30 09:36 - 2019-06-13 08:10 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-07-30 09:36 - 2019-06-13 08:10 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2019-07-30 09:36 - 2019-06-13 08:10 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-07-30 09:36 - 2019-06-13 08:10 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2019-07-30 09:36 - 2019-06-13 08:10 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-07-30 09:36 - 2019-06-13 08:09 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-07-30 09:36 - 2019-06-13 08:09 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-07-30 09:36 - 2019-06-13 08:09 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2019-07-30 09:36 - 2019-06-13 08:08 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-07-30 09:36 - 2019-06-13 07:14 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-07-30 09:36 - 2019-06-13 07:08 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-07-30 09:36 - 2019-06-13 07:07 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-07-30 09:36 - 2019-06-13 07:07 - 000080744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-07-30 09:36 - 2019-06-13 07:06 - 002256768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-07-30 09:36 - 2019-06-13 07:06 - 001130776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-07-30 09:36 - 2019-06-13 07:06 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-07-30 09:36 - 2019-06-13 06:49 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2019-07-30 09:36 - 2019-06-13 06:47 - 003554304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2019-07-30 09:36 - 2019-06-13 06:47 - 002899456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2019-07-30 09:36 - 2019-06-13 06:47 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2019-07-30 09:36 - 2019-06-13 06:46 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-07-30 09:36 - 2019-06-13 06:46 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-07-30 09:36 - 2019-06-13 06:46 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2019-07-30 09:36 - 2019-06-13 06:45 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2019-07-30 09:36 - 2019-06-13 06:45 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-07-30 09:36 - 2019-06-13 06:44 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-07-30 09:36 - 2019-06-13 06:44 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2019-07-30 09:36 - 2019-06-13 06:44 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2019-07-30 09:36 - 2019-06-13 06:44 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2019-07-30 09:36 - 2019-06-13 06:44 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-07-30 09:36 - 2019-06-13 06:43 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-07-30 09:36 - 2019-06-13 06:43 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-07-30 09:36 - 2019-06-13 06:43 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-07-30 09:12 - 2019-07-30 09:12 - 000053464 _____ C:\Users\zastupitel\Downloads\Nabídka NAB-19-016 5m palety.pdf
2019-07-26 13:18 - 2019-07-26 17:19 - 000012096 _____ C:\Users\zastupitel\Desktop\Rozpočet Německo.xlsx
2019-07-23 12:43 - 2019-07-23 12:43 - 000011424 _____ C:\Users\zastupitel\Desktop\financni model.xlsx
2019-07-23 12:41 - 2019-07-23 12:41 - 000137632 _____ C:\Users\zastupitel\Desktop\KNAUF_PALETY_VÝKRES vypocet finance.xlsx
2019-07-23 11:44 - 2019-07-23 11:44 - 000000000 ____D C:\Users\zastupitel\Documents\My Maps
2019-07-23 10:30 - 2019-07-23 10:30 - 000259107 _____ C:\Users\zastupitel\Desktop\FSC_WP_English.pdf
2019-07-22 11:00 - 2019-07-22 11:00 - 000416340 _____ C:\Users\zastupitel\Desktop\certificate-pefc-coc-en.PDF
2019-07-17 16:01 - 2019-07-17 16:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office
2019-07-12 13:01 - 2019-07-15 09:48 - 003138756 _____ C:\Users\zastupitel\Desktop\COMPANY PRESENTATION LOGPACK 2019.pptx
2019-07-08 11:55 - 2019-07-08 11:55 - 000629379 _____ C:\Users\zastupitel\Desktop\Cenová nabídka pro Cargomind .pdf
2019-07-08 10:09 - 2019-07-08 10:09 - 000540529 _____ C:\Users\zastupitel\Desktop\Cenová nabídka pro Sea Sky Logistics.pdf
2019-07-08 10:00 - 2019-07-08 10:00 - 000565646 _____ C:\Users\zastupitel\Desktop\Cenová nabídka pro Sea Sky Logistics s.r.o..pdf
2019-07-08 09:42 - 2019-07-08 09:42 - 000253437 _____ C:\Users\zastupitel\Desktop\5FCBC53E.tmp
2019-07-08 09:42 - 2019-07-08 09:42 - 000252276 _____ C:\Users\zastupitel\Desktop\SeaSky kalkulace balení tovaru.pdf
2019-07-08 09:39 - 2019-07-08 09:38 - 000045541 _____ C:\Users\zastupitel\Desktop\Nabídka NAB-19-027 Sea Sky balení zboží.pdf
2019-07-04 20:08 - 2019-07-04 20:08 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-07-04 20:08 - 2019-07-04 20:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-07-04 20:08 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-07-04 20:07 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-31 18:56 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-07-31 18:04 - 2018-06-06 18:00 - 001604938 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-07-31 18:04 - 2018-04-12 17:51 - 000682896 _____ C:\WINDOWS\system32\perfh005.dat
2019-07-31 18:04 - 2018-04-12 17:51 - 000137290 _____ C:\WINDOWS\system32\perfc005.dat
2019-07-31 18:04 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2019-07-31 18:00 - 2018-06-06 18:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-07-31 18:00 - 2018-06-06 17:56 - 000000000 ____D C:\Users\zastupitel
2019-07-31 18:00 - 2018-04-11 23:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-07-31 18:00 - 2016-10-24 12:29 - 000000000 __SHD C:\Users\zastupitel\IntelGraphicsProfiles
2019-07-31 17:57 - 2018-02-25 15:11 - 000000000 ____D C:\AdwCleaner
2019-07-31 17:33 - 2016-11-24 17:25 - 000000000 ____D C:\Users\zastupitel\AppData\Local\ESET
2019-07-31 17:20 - 2018-06-06 17:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-07-31 17:18 - 2017-04-29 15:18 - 000000000 ____D C:\Users\zastupitel\Documents\Soubory aplikace Outlook
2019-07-31 00:10 - 2016-11-23 11:22 - 000000000 ____D C:\Users\zastupitel\AppData\Roaming\vlc
2019-07-30 23:22 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-07-30 22:26 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-07-30 22:25 - 2018-06-06 17:53 - 000418000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-07-30 22:25 - 2017-12-24 14:58 - 000000000 ___RD C:\Users\zastupitel\3D Objects
2019-07-30 22:25 - 2016-04-27 09:00 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-07-30 21:45 - 2018-04-12 17:53 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-07-30 21:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-07-30 21:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-07-30 21:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-07-30 21:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-07-30 21:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-07-30 21:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-07-30 21:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Provisioning
2019-07-30 21:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-07-30 21:45 - 2018-04-11 23:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-07-30 10:56 - 2017-05-14 15:44 - 000000000 ____D C:\Users\zastupitel\AppData\Roaming\KeePass
2019-07-30 09:41 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-07-30 09:31 - 2016-12-03 22:45 - 000000000 ____D C:\Users\zastupitel\AppData\Roaming\BitComet
2019-07-30 08:12 - 2017-12-24 12:20 - 000000000 ____D C:\Users\zastupitel\AppData\Local\Packages
2019-07-27 20:21 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-07-24 16:32 - 2018-09-05 20:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-07-19 21:15 - 2016-10-24 12:31 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-07-19 21:13 - 2016-10-24 14:14 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-07-19 21:13 - 2016-10-24 12:31 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-07-19 21:13 - 2015-10-30 09:24 - 000000167 _____ C:\WINDOWS\win.ini
2019-07-17 16:01 - 2019-05-28 08:48 - 000002518 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype pro firmy.lnk
2019-07-17 16:01 - 2016-10-24 14:13 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-07-16 22:24 - 2018-06-12 07:09 - 000000000 ____D C:\WINDOWS\Minidump
2019-07-16 08:37 - 2016-11-21 11:34 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-07-16 08:37 - 2016-11-21 11:34 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-07-14 19:06 - 2016-11-28 17:20 - 000000000 ____D C:\Users\zastupitel\AppData\Local\ElevatedDiagnostics
2019-07-11 22:16 - 2019-05-27 13:34 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-07-11 09:44 - 2018-06-06 18:02 - 000003384 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1233148325-3066817778-516866998-1001
2019-07-11 09:44 - 2018-06-06 17:56 - 000002419 _____ C:\Users\zastupitel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-07-11 09:44 - 2016-10-24 16:48 - 000000000 ___RD C:\Users\zastupitel\OneDrive
2019-07-04 20:08 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-07-04 20:07 - 2018-04-25 22:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-07-04 15:25 - 2017-05-02 10:18 - 000000000 ____D C:\Users\zastupitel\Documents\ANO
2019-07-04 15:24 - 2019-05-06 07:53 - 000000000 ____D C:\Users\zastupitel\Documents\Logpack
2019-07-02 18:32 - 2016-12-18 20:41 - 000000000 ____D C:\Users\zastupitel\Documents\Personal

==================== Files in the root of some directories ================

2017-07-03 12:16 - 2017-07-03 20:37 - 000006144 _____ () C:\Users\zastupitel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119418
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Podezření na havěť

#7 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle America, Inc. -> Oracle Corporation)
Task: {48AC9C4B-E270-438C-B05B-9A85F4BE03E7} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {74F905D6-606E-4D10-B305-0110AD1A87D0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-21] (Google Inc -> Google Inc.)
Task: {81BDECEE-F45E-4680-AEB1-9047E420B5CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-21] (Google Inc -> Google Inc.)
C:\Users\zastupitel\Desktop\5FCBC53E.tmp
C:\Users\zastupitel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File

EmptyTemp:
End
Uložte do C:\Users\zastupitel\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Time2Groove
2. Stupeň Varování
Příspěvky: 147
Registrován: 23 říj 2005 18:22

Re: Podezření na havěť

#8 Příspěvek od Time2Groove »

Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Nemám pustit nejdříve scan a pak fix?
Nahoru
Time2Groove
2. Stupeň Varování
Příspěvky: 147
Registrován: 23 říj 2005 18:22

Re: Podezření na havěť

#9 Příspěvek od Time2Groove »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2019
Ran by zastupitel (31-07-2019 19:47:36)
Running from C:\Users\zastupitel\Downloads
Windows 10 Pro Version 1803 17134.885 (X64) (2018-06-06 16:02:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1233148325-3066817778-516866998-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1233148325-3066817778-516866998-503 - Limited - Disabled)
Guest (S-1-5-21-1233148325-3066817778-516866998-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1233148325-3066817778-516866998-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-1233148325-3066817778-516866998-504 - Limited - Disabled)
zastupitel (S-1-5-21-1233148325-3066817778-516866998-1001 - Administrator - Enabled) => C:\Users\zastupitel

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Endpoint Antivirus 6.4.2014.2 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Endpoint Antivirus 6.4.2014.2 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . . (HKLM\...\{DB52A2D0-CAA1-4ED1-B122-29E7EDDE187F}) (Version: 2.1.28.3 - Intel) Hidden
. . . (HKLM-x32\...\{06DA421D-EE23-487D-878F-F0AF97EF69AD}) (Version: 2.6.1.4 - Intel) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Reader XI MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Avidemux 2.7 - 64 bits (HKLM-x32\...\Avidemux 2.7 - 64 bits (64-bit)) (Version: 2.7.1.180604 - )
BitComet 1.44 (HKLM-x32\...\BitComet_x64) (Version: 1.44 - CometNetwork)
CCleaner (HKLM\...\CCleaner) (Version: 5.57 - Piriform)
EgisTec Fingerprint Driver (HKLM-x32\...\InstallShield_{E8C889B8-0A8B-46BA-B433-F7D6968A6543}) (Version: 3.5.1.0 - Egis Technology Inc.)
ESET Endpoint Antivirus (HKLM\...\{4D3A2DB5-5D72-4653-9838-B09B71F2F1B2}) (Version: 6.4.2014.2 - ESET, spol. s r.o.)
ESET Remote Administrator Agent (HKLM\...\{D7359C35-3D3A-4D78-A678-0325E23614E4}) (Version: 6.4.283.0 - ESET, spol. s r.o.)
FastStone Photo Resizer 3.8 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.8 - FastStone Soft.)
Fingerprint Driver (HKLM-x32\...\{E8C889B8-0A8B-46BA-B433-F7D6968A6543}) (Version: 3.5.1.0 - Egis Technology Inc.) Hidden
Foxit Advanced PDF Editor 3 (HKLM-x32\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.0.5.0 - Foxit Corporation)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.142 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
HD Tune Pro 5.60 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{8866711B-6150-4BF3-81E7-E3F38E52717F}) (Version: 18.1.1546.2762 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
Intel® Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel(R) Corporation) Hidden
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
KeePass Password Safe 2.42.1 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.42.1 - Dominik Reichl)
Malwarebytes verze 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Manager (HKLM-x32\...\{38251B9A-C44B-42D9-9A6A-0697986E334A}) (Version: 4.1.4.27792 - 2015 pdfforge GmbH. All rights reserved) Hidden
Microsoft Office Standard 2013 (HKLM-x32\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1233148325-3066817778-516866998-1001\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mindjet 14 (HKLM-x32\...\{5C1060A2-462B-4883-A26A-065EEF6E35DF}) (Version: 14.0.334 - Mindjet)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM-x32\...\{90150000-001F-0405-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM-x32\...\{90150000-001F-041B-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11727.20244 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11727.20244 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11727.20244 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.11727.20244 - Microsoft Corporation) Hidden
PDF Architect 4 Create Module (HKLM\...\{72B9DF2C-76FA-40B5-A469-16EAB159CE72}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (HKLM\...\{BDF7326B-7ED4-4034-B867-F4E88D4E628B}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (HKLM\...\{03E04B47-9270-4613-8D7E-DA4AD2B259A0}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.4.1 - pdfforge GmbH)
PDF-XChange 2012 (HKLM\...\{504022CD-6A58-42D5-ACC9-966F695AAD93}_is1) (Version: 5.0.266.0 - Tracker Software Products Ltd)
Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version: - Photodex Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.255 - Google, Inc.)
Prezi Classic (HKLM-x32\...\{8C72EB9C-DFC8-4193-BF9C-70873A91FCFB}) (Version: 6.19.2.0 - Prezi) Hidden
Prezi Classic (HKLM-x32\...\{d072be21-af87-4716-b308-8c4a35343bca}) (Version: 6.19.2.0 - Prezi)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10240.29090 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7673 - Realtek Semiconductor Corp.)
Skype pro firmy Basic 2016 - cs-cz (HKLM\...\SkypeforBusinessEntryRetail - cs-cz) (Version: 16.0.11727.20244 - Microsoft Corporation)
Skype verze 8.50 (HKLM-x32\...\Skype_is1) (Version: 8.50 - Skype Technologies S.A.)
Software602 Form Filler (HKLM-x32\...\{04703FE3-1A8B-4467-88E6-3D6A1A0FA65A}) (Version: 4.70 - Software602 a.s.)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.06.0067 - ST Microelectronics)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.1.3.9 - Synaptics Incorporated)
Total Commander 64-bit (Remove or Repair) (HKLM-x32\...\Totalcmd64) (Version: 8.52a - Ghisler Software GmbH)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)

Packages:
=========
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-09-23] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_100.1.581.0_x64__v10z8vjag6ke6 [2019-07-22] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-07] (Microsoft Corporation) [MS Ad]
Microsoft Telefon -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2018-09-08] (Microsoft Corporation)
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-22] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-22] (Microsoft Corporation) [MS Ad]
Pošta a Kalendář -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2019-07-22] (Microsoft Corporation) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)
Vodafone Mobile Broadband -> C:\Program Files\WindowsApps\VodafoneGroupServices.VodafoneMobileBroadband_2.9.45.0_x64__cx08jceyq9bcp [2019-06-25] (Vodafone Group Services)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2016-05-24] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers1: [PDFArchitect4_ManagerExt] -> {3AECFCB3-8472-48E9-BC7B-5A3CD945C886} => C:\Program Files\PDF Architect 4\creator-context-menu.dll [2016-08-05] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:/Program Files/PDFCreator/PDFCreatorShell.DLL [2016-11-18] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2016-05-24] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-01-05] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2016-05-24] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-10-24 14:04 - 2016-10-04 16:51 - 000076800 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2015-11-05 23:58 - 2015-11-05 23:58 - 000138240 _____ (Intel Corporation) [File not signed] C:\WINDOWS\system32\IntelSSTAPO\ParameterService\AudioDspComm.dll
2015-11-05 23:50 - 2015-11-05 23:50 - 000150016 _____ (Intel Corporation) [File not signed] C:\WINDOWS\system32\IntelSSTAPO\ParameterService\PfwXml.dll
2015-11-05 23:50 - 2015-11-05 23:50 - 000170496 _____ (Intel Corporation) [File not signed] C:\WINDOWS\system32\IntelSSTAPO\ParameterService\PfwXmlWrapper.dll
2016-11-24 17:25 - 2016-11-24 17:25 - 000115200 _____ (pdfforge GmbH) [File not signed] C:\WINDOWS\System32\pdfcmon.dll
2016-11-16 13:21 - 2015-07-14 14:27 - 000036864 _____ (Windows (R) Win 7 DDK provider) [File not signed] C:\WINDOWS\System32\602localmon.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 09:24 - 2015-10-30 09:21 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


2016-10-26 15:47 - 2017-10-03 17:13 - 000000587 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

9 33 127

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1233148325-3066817778-516866998-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\zastupitel\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\4k-wallpaper-15.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "Acer MotionProtect Tray Application"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad"
HKU\S-1-5-21-1233148325-3066817778-516866998-1001\...\StartupApproved\StartupFolder: => "Odeslat do OneNote.lnk"
HKU\S-1-5-21-1233148325-3066817778-516866998-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1233148325-3066817778-516866998-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1233148325-3066817778-516866998-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1233148325-3066817778-516866998-1001\...\StartupApproved\Run: => "Skype for Desktop"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{671EF1D5-1454-43A0-9349-097EA7B2ECEA}C:\program files\bitcomet\bitcomet.exe] => (Allow) C:\program files\bitcomet\bitcomet.exe (Xing Wang -> www.BitComet.com)
FirewallRules: [TCP Query User{8430E9C0-223E-483E-90FE-183BE64463A5}C:\program files\bitcomet\bitcomet.exe] => (Allow) C:\program files\bitcomet\bitcomet.exe (Xing Wang -> www.BitComet.com)
FirewallRules: [UDP Query User{D322E1B0-48D4-49A5-B3F5-9D59A4148C25}C:\program files\bitcomet\bitcomet.exe] => (Allow) C:\program files\bitcomet\bitcomet.exe (Xing Wang -> www.BitComet.com)
FirewallRules: [TCP Query User{80214248-ECB7-4778-9E8E-654C245E7EF3}C:\program files\bitcomet\bitcomet.exe] => (Allow) C:\program files\bitcomet\bitcomet.exe (Xing Wang -> www.BitComet.com)
FirewallRules: [{443D0419-0B02-455F-989E-832CD4ED57E6}] => (Allow) C:\Program Files (x86)\Common Files\soft602\langserv.exe (Software602 a.s. -> ) [File not signed]
FirewallRules: [{03FB7C2A-8793-4BBC-8523-191744DCFAF0}] => (Allow) C:\Program Files (x86)\Common Files\soft602\langserv.exe (Software602 a.s. -> ) [File not signed]
FirewallRules: [{82CDA00C-C568-4670-9A0A-233213048F81}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{182BB77C-838F-4D6F-846D-8BD7427B20AD}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{69EC9C98-2EFD-463B-8016-D276BD9C74EF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{334EB2AB-518A-4DA0-92E3-BE261C669C02}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EF632BD5-7DC9-4F27-ACAE-500FBCD23BE2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BC3D7783-3824-478B-8F05-55C99A3AE3AC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{259912A2-299A-41CC-8F57-93E5D872C3D4}] => (Allow) LPort=9422
FirewallRules: [{F3430365-1771-45D6-B3FA-2B9994EE89A3}] => (Allow) LPort=9245
FirewallRules: [{1EDA3154-754F-487C-9B3C-7A288B99BC18}] => (Allow) LPort=9246
FirewallRules: [{3F81595A-DFFE-40BC-938E-004777131F51}] => (Allow) LPort=9247
FirewallRules: [{44E23ABF-A1A2-4CCA-B9FA-38A15CDD159B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{3C135FD0-60E3-49C1-B225-02B686ADD8B0}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{015FA011-22A5-45B3-9CE7-565A1B974C9D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

08-07-2019 10:43:11 Naplánovaný kontrolní bod
18-07-2019 22:07:49 Naplánovaný kontrolní bod
30-07-2019 09:36:16 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/31/2019 05:21:05 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest se nezdařilo. Chyba v souboru manifestu nebo zásady C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL na řádku 1.
Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz je UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definice je UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (07/30/2019 10:26:09 AM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: Z-RYCHTARIK-N)
Description: httphttp-2147467263

Error: (07/23/2019 10:22:53 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest se nezdařilo. Chyba v souboru manifestu nebo zásady C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL na řádku 1.
Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz je UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definice je UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (07/15/2019 09:53:56 AM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: Z-RYCHTARIK-N)
Description: httphttp-2147467263

Error: (07/11/2019 10:30:16 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest se nezdařilo. Chyba v souboru manifestu nebo zásady C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL na řádku 1.
Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz je UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definice je UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (07/11/2019 01:23:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: spoolsv.exe, verze: 10.0.17134.1, časové razítko: 0xd0ec7596
Název chybujícího modulu: wlanapi.dll_unloaded, verze: 10.0.17134.1, časové razítko: 0x0cda03bf
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000003c7be
ID chybujícího procesu: 0x1984
Čas spuštění chybující aplikace: 0x01d5355b72f92799
Cesta k chybující aplikaci: C:\WINDOWS\System32\spoolsv.exe
Cesta k chybujícímu modulu: wlanapi.dll
ID zprávy: 886e1d7a-7c4f-4f47-a90e-dba69611f2a2
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (07/08/2019 08:50:35 AM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: Z-RYCHTARIK-N)
Description: httphttp-2147467263

Error: (07/04/2019 07:54:56 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest se nezdařilo. Chyba v souboru manifestu nebo zásady C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL na řádku 1.
Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz je UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definice je UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.


System errors:
=============
Error: (07/31/2019 07:37:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba ESET Remote Administrator Agent byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (07/31/2019 07:36:02 PM) (Source: DCOM) (EventID: 10016) (User: Z-RYCHTARIK-N)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
a APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
uživateli Z-RYCHTARIK-N\zastupitel (SID: S-1-5-21-1233148325-3066817778-516866998-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/31/2019 07:35:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscBrokerManager
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/31/2019 07:33:20 PM) (Source: DCOM) (EventID: 10016) (User: Z-RYCHTARIK-N)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Z-RYCHTARIK-N\zastupitel (SID: S-1-5-21-1233148325-3066817778-516866998-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/31/2019 07:33:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\NETWORK SERVICE (SID: S-1-5-20) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/31/2019 07:32:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/31/2019 07:32:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/31/2019 07:32:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba MessagingService_2af6a byla ukončena s následující chybou:
Služba nebyla spuštěna.


==================== Memory info ===========================

BIOS: Insyde Corp. V1.13 07/22/2016
Motherboard: Acer BAD40_SL
Processor: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz
Percentage of memory in use: 41%
Total physical RAM: 8023.41 MB
Available physical RAM: 4721.34 MB
Total Virtual: 9431.41 MB
Available Virtual: 6245.14 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.1 GB) (Free:109.84 GB) NTFS

\\?\Volume{6640d5fb-d0f9-4490-86e4-1205682cca35}\ (Obnovení) (Fixed) (Total:0.44 GB) (Free:0.43 GB) NTFS
\\?\Volume{fcdc73c9-ea51-4198-a015-6c9904f4db00}\ () (Fixed) (Total:0.82 GB) (Free:0.34 GB) NTFS
\\?\Volume{c83a38dc-72cb-42d4-9964-375e62277b9b}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 87043CAE)

Partition: GPT.

==================== End of Addition.txt ============================
Nahoru
Time2Groove
2. Stupeň Varování
Příspěvky: 147
Registrován: 23 říj 2005 18:22

Re: Podezření na havěť

#10 Příspěvek od Time2Groove »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2019
Ran by zastupitel (administrator) on Z-RYCHTARIK-N (Acer TravelMate P648-M) (31-07-2019 19:46:15)
Running from C:\Users\zastupitel\Downloads
Loaded Profiles: zastupitel (Available Profiles: zastupitel)
Platform: Windows 10 Pro Version 1803 17134.885 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\eshasrv.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe
(Ghisler Software GmbH -> Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - Client Components Group -> Intel Corporation) C:\Windows\System32\IntelSSTAPO\ParameterService\ParameterService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Software Development Products -> ) C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Intel(R) Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_10d045798a3d667e\aesm_service.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mindjet -> Mindjet) C:\Program Files (x86)\Mindjet\MindManager 14\MmReminderService.exe
(pdfforge GmbH -> © pdfforge GmbH.) C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
(pdfforge GmbH -> pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Software602 a.s. -> Software602 a.s.) C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16409496 2015-11-26] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [323056 2015-11-04] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Acer MotionProtect Tray Application] => C:\Program Files (x86)\ST Microelectronics\ST_ACCEL\FFP_Token.exe [213168 2014-10-24] (STMicroelectronics -> STMicroelectronics)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare software CO., LIMITED -> Wondershare)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 14\MMReminderService.exe [42312 2013-09-06] (Mindjet -> Mindjet)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3312208 2019-05-04] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1233148325-3066817778-516866998-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22588760 2019-05-16] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1233148325-3066817778-516866998-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [53646904 2019-07-18] (Skype Software Sarl -> Skype Technologies S.A.)
HKLM\...\Drivers32: [msacm.ac3filter] => C:\WINDOWS\system32\ac3filter64.acm [2231296 2013-04-05] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3filter] => C:\Windows\SysWOW64\ac3filter.acm [1679360 2013-04-05] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-16] (Google LLC -> Google LLC)
Startup: C:\Users\zastupitel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Odeslat do OneNote.lnk [2018-04-26]
ShortcutTarget: Odeslat do OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2EF48170-093D-4A16-8809-F61BF8B08B78} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1448512 2019-07-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {3340E602-FEC9-4FA7-8BA4-3F59CB4D3F67} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {34E8A7EF-DE1D-4E9A-B68B-242E5871B1AC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16571320 2019-05-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {38818397-0DCA-4488-BBBD-8812CF580AAE} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {42F132B3-005B-4B33-9F7F-8E7164E30D64} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1448512 2019-07-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {48AC9C4B-E270-438C-B05B-9A85F4BE03E7} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {53E7D439-B8AB-4859-A5B6-462DECB5CA70} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [113616 2019-07-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {64B2930E-8798-452F-8C16-F4A455519159} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [113616 2019-07-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {64C73DF7-7CFB-4D3A-A2F6-E46CDF251537} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_131_pepper.exe [1280000 2017-06-25] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {6A10A13A-6F5D-4FEC-8DE6-70AA0EE4F5AF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26804232 2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {7065D11B-DC33-4A88-A79F-33C2570893E2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {74F905D6-606E-4D10-B305-0110AD1A87D0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-21] (Google Inc -> Google Inc.)
Task: {81BDECEE-F45E-4680-AEB1-9047E420B5CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-21] (Google Inc -> Google Inc.)
Task: {96F60645-3886-47F4-A0BD-EAE00AA9DEC7} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [1741576 2016-03-17] (Intel(R) Software -> Intel Corporation)
Task: {CDD5DB07-37E5-4D44-A482-2CFAF6C9B435} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26804232 2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {DFF01833-7811-4AB2-970C-9E8BA117BA03} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {ED144D7C-D12D-45F0-A400-40F40D8B1BFA} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-05-16] (Piriform Software Ltd -> Piriform Software Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{2b83f63b-695d-4723-a7ad-5d245449af6f}: [DhcpNameServer] 217.75.208.162 93.91.144.70
Tcpip\..\Interfaces\{adb1b915-a618-4bb4-bdbe-160317fcbcfa}: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{df0bb128-19c7-4137-82c3-f419da4d7ca2}: [NameServer] 217.77.165.81,217.77.165.211

Internet Explorer:
==================
HKU\S-1-5-21-1233148325-3066817778-516866998-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.cz/
SearchScopes: HKU\S-1-5-21-1233148325-3066817778-516866998-1001 -> {989C12CB-FFA3-45B2-B4C6-9C859B6B3248} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-07-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-05-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-08-05] (pdfforge GmbH -> pdfforge GmbH)
BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 14\Mm8InternetExplorer.dll [2013-09-06] (Mindjet -> Mindjet)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-04-06] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-06] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-08-05] (pdfforge GmbH -> pdfforge GmbH)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-17] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-11-24] [Legacy] [not signed]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-09] (Google Inc -> Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-05-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-05-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2017-07-03] ( ) [File not signed]
FF Plugin-x32: @software602.cz/602XML Filler -> C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s. -> Software602 a.s.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 4 -> C:\Program Files (x86)\PDF Architect 4\np-previewer.dll [2016-08-05] (pdfforge GmbH -> pdfforge GmbH)

Chrome:
=======
CHR HomePage: Default -> hxxp://go.eu.bbelements.com/please/redirect/23470/1/1/2/!uwi=1280,uhe=720,uce=0,ibbid=BBID-01-01838805580355786,impressionId=230f097a-0071-4823-b324-40bdac1db3ec,ibb_device_id=0,ip_co=1,ip_reg=30,b_w=998,b_h=200,param=843807/792908_1_?
CHR Profile: C:\Users\zastupitel\AppData\Local\Google\Chrome\User Data\Default [2019-07-31]
CHR Extension: (Disk Google) - C:\Users\zastupitel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-19]
CHR Extension: (YouTube) - C:\Users\zastupitel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-21]
CHR Extension: (AdBlock) - C:\Users\zastupitel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-07-31]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\zastupitel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\zastupitel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\zastupitel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-22]
CHR HKU\S-1-5-21-1233148325-3066817778-516866998-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s. -> Software602 a.s.)
R2 AESMService; C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_10d045798a3d667e\aesm_service.exe [3367272 2018-11-28] (Intel(R) Software Development Products -> Intel Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11413600 2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [480232 2017-01-05] (Intel(R) pGFX -> Intel Corporation)
S3 EHttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\ehttpsrv.exe [51872 2016-05-24] (ESET, spol. s r.o. -> ESET)
R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [1648224 2016-05-24] (ESET, spol. s r.o. -> ESET)
R2 EraAgentSvc; C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe [1708192 2016-07-01] (ESET, spol. s r.o. -> ESET)
R2 eshasrv; C:\Program Files\ESET\ESET Endpoint Antivirus\eshasrv.exe [193696 2016-05-24] (ESET, spol. s r.o. -> ESET)
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] (Intel(R) Software Development Products -> )
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [541896 2018-04-19] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [341992 2017-01-05] (Intel(R) pGFX -> Intel Corporation)
R2 IntelSSTSvc; C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe [25928 2015-11-05] (Intel Corporation - Client Components Group -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2438880 2016-08-05] (pdfforge GmbH -> pdfforge GmbH)
S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-08-05] (pdfforge GmbH -> pdfforge GmbH)
R2 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-08-05] (pdfforge GmbH -> pdfforge GmbH)
R2 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [972056 2016-05-18] (pdfforge GmbH -> © pdfforge GmbH.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2015-11-26] (Realtek Semiconductor Corp -> Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5073792 2019-07-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [260664 2018-01-25] (Synaptics Incorporated -> Synaptics Incorporated)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] (Intel(R) Software Development Products -> )
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] (Intel(R) Software Development Products -> )
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4413440 2019-03-14] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107160 2019-02-16] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 dlcdcncm; C:\WINDOWS\System32\drivers\dlcdcncm62_x64.sys [92400 2017-05-29] (DISPLAYLINK -> DisplayLink Corp.)
S3 dlusbaudio; C:\WINDOWS\system32\DRIVERS\dlusbaudio_x64.sys [238320 2017-05-29] (DISPLAYLINK -> DisplayLink Corp.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [264864 2016-05-23] (ESET, spol. s r.o. -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [196768 2016-05-23] (ESET, spol. s r.o. -> ESET)
R2 epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [180384 2016-05-23] (ESET, spol. s r.o. -> ESET)
R0 FPWinIo; C:\WINDOWS\System32\drivers\FPWinIo.sys [23536 2014-10-07] (EGIS TECHNOLOGY INC. -> Egis Technology Inc.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136216 2018-04-19] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 LECs6022; C:\WINDOWS\System32\drivers\LECs6022.sys [20208 2016-08-17] (WDKTestCert primax,131147703563436555 -> Primax Electronics Ltd.)
R3 LEMo6022; C:\WINDOWS\System32\drivers\LEMo6022.sys [27912 2016-08-17] (WDKTestCert primax,131147703563436555 -> Primax Electronics Ltd.)
R3 LEub6022; C:\WINDOWS\System32\drivers\LEub6022.sys [20720 2016-08-17] (WDKTestCert primax,131147703563436555 -> Primax Electronics Ltd.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-07-31] (Malwarebytes Corporation -> Malwarebytes)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [8623128 2018-04-04] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 pelmouse; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [26880 2016-07-11] (WDKTestCert idd,131110062695071623 -> TPMX Electronics Ltd.)
R3 pelusblf; C:\WINDOWS\system32\DRIVERS\pelusblf.sys [33048 2016-07-11] (WDKTestCert idd,131110062695071623 -> )
R3 pelvendr; C:\WINDOWS\system32\DRIVERS\pelvendr.sys [15032 2016-07-11] (WDKTestCert idd,131110062695071623 -> TPMX Electronics Ltd.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [302808 2016-10-24] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] (Intel(R) Code Signing External -> )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-04] (Synaptics Incorporated -> Synaptics Incorporated)
R0 stdcfltn; C:\WINDOWS\System32\DRIVERS\stdcfltn.sys [23216 2015-01-09] (STMicroelectronics -> ST Microelectronics)
R3 ST_Accel; C:\WINDOWS\system32\DRIVERS\ST_Accel.sys [143592 2015-06-10] (STMicroelectronics -> STMicroelectronics)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R3 wmbclass; C:\WINDOWS\System32\drivers\wmbclass.sys [335872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-31 19:33 - 2019-07-31 19:33 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-07-31 19:21 - 2019-07-31 19:43 - 000068512 _____ C:\Users\zastupitel\Downloads\fixlist.txt
2019-07-31 19:21 - 2019-07-31 19:21 - 000068472 _____ C:\Users\zastupitel\Desktop\fixlist.txt
2019-07-31 19:03 - 2019-07-31 19:27 - 000030885 _____ C:\Users\zastupitel\Downloads\Addition.txt
2019-07-31 19:02 - 2019-07-31 19:47 - 000027687 _____ C:\Users\zastupitel\Downloads\FRST.txt
2019-07-31 19:02 - 2019-07-31 19:46 - 000000000 ____D C:\FRST
2019-07-31 19:02 - 2019-07-31 19:02 - 002096128 _____ (Farbar) C:\Users\zastupitel\Downloads\FRST64.exe
2019-07-31 19:00 - 2019-07-31 18:59 - 000522240 _____ (OldTimer Tools) C:\Users\zastupitel\Desktop\OTM.exe
2019-07-31 17:53 - 2019-07-31 17:54 - 064333800 _____ (Malwarebytes ) C:\Users\zastupitel\Desktop\mb3-setup-43841.43841-3.8.3.2965-1.0.613-1.0.11270.exe
2019-07-31 17:53 - 2019-07-31 17:53 - 007623880 _____ (Malwarebytes) C:\Users\zastupitel\Desktop\adwcleaner_7.4.exe
2019-07-31 17:33 - 2019-07-31 17:33 - 000000817 _____ C:\Users\zastupitel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2019-07-31 17:33 - 2019-07-31 17:33 - 000000718 _____ C:\Users\zastupitel\Desktop\ESET Online Scanner.lnk
2019-07-31 17:24 - 2019-07-31 17:28 - 000000000 ____D C:\Program Files\trend micro
2019-07-31 17:24 - 2019-07-31 17:24 - 000000000 ____D C:\rsit
2019-07-30 09:37 - 2019-07-04 11:40 - 021390504 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-07-30 09:37 - 2019-07-04 11:40 - 001616840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-07-30 09:37 - 2019-07-04 11:18 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-07-30 09:37 - 2019-07-04 10:51 - 020384128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-07-30 09:37 - 2019-07-04 10:37 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-07-30 09:37 - 2019-07-04 07:00 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-07-30 09:37 - 2019-07-04 06:57 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-07-30 09:37 - 2019-07-04 06:56 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-07-30 09:37 - 2019-07-04 06:56 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-07-30 09:37 - 2019-07-04 06:56 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-07-30 09:37 - 2019-07-04 06:56 - 002810680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-07-30 09:37 - 2019-07-04 06:42 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-07-30 09:37 - 2019-07-04 06:42 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-07-30 09:37 - 2019-07-04 06:42 - 002479176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-07-30 09:37 - 2019-07-04 06:37 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-07-30 09:37 - 2019-07-04 06:33 - 022017536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-07-30 09:37 - 2019-07-04 06:29 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-07-30 09:37 - 2019-07-04 06:26 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-07-30 09:37 - 2019-07-04 06:25 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-07-30 09:37 - 2019-07-04 06:25 - 007589888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-07-30 09:37 - 2019-07-04 06:25 - 004861440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-07-30 09:37 - 2019-07-04 06:25 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-07-30 09:37 - 2019-07-04 06:22 - 003707904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-07-30 09:37 - 2019-07-04 06:21 - 005784064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-07-30 09:37 - 2019-06-13 14:12 - 002871848 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-07-30 09:37 - 2019-06-13 14:05 - 000810296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-07-30 09:37 - 2019-06-13 14:04 - 001721144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-07-30 09:37 - 2019-06-13 13:59 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-07-30 09:37 - 2019-06-13 13:42 - 004038688 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-07-30 09:37 - 2019-06-13 13:18 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-07-30 09:37 - 2019-06-13 13:18 - 004847104 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-07-30 09:37 - 2019-06-13 13:17 - 012756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-07-30 09:37 - 2019-06-13 13:15 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-07-30 09:37 - 2019-06-13 13:13 - 002920448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-07-30 09:37 - 2019-06-13 12:11 - 001539896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2019-07-30 09:37 - 2019-06-13 12:05 - 003700160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-07-30 09:37 - 2019-06-13 11:55 - 005657088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-07-30 09:37 - 2019-06-13 11:54 - 011942912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-07-30 09:37 - 2019-06-13 09:01 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-07-30 09:37 - 2019-06-13 08:47 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-07-30 09:37 - 2019-06-13 08:44 - 002769688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-07-30 09:37 - 2019-06-13 08:13 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2019-07-30 09:36 - 2019-07-04 11:45 - 001786680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-07-30 09:36 - 2019-07-04 11:43 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-07-30 09:36 - 2019-07-04 11:41 - 000304144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-07-30 09:36 - 2019-07-04 11:40 - 001631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-07-30 09:36 - 2019-07-04 11:40 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-07-30 09:36 - 2019-07-04 11:22 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2019-07-30 09:36 - 2019-07-04 11:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-07-30 09:36 - 2019-07-04 11:21 - 008627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-07-30 09:36 - 2019-07-04 11:20 - 001609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-07-30 09:36 - 2019-07-04 11:19 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2019-07-30 09:36 - 2019-07-04 11:18 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-07-30 09:36 - 2019-07-04 10:56 - 001453416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-07-30 09:36 - 2019-07-04 10:54 - 000662352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-07-30 09:36 - 2019-07-04 10:41 - 007990784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-07-30 09:36 - 2019-07-04 10:36 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-07-30 09:36 - 2019-07-04 06:58 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-07-30 09:36 - 2019-07-04 06:58 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-07-30 09:36 - 2019-07-04 06:58 - 000416312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2019-07-30 09:36 - 2019-07-04 06:58 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-07-30 09:36 - 2019-07-04 06:57 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-07-30 09:36 - 2019-07-04 06:57 - 000986128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-07-30 09:36 - 2019-07-04 06:57 - 000776784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-07-30 09:36 - 2019-07-04 06:57 - 000723728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-07-30 09:36 - 2019-07-04 06:57 - 000708696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-07-30 09:36 - 2019-07-04 06:57 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-07-30 09:36 - 2019-07-04 06:57 - 000362264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2019-07-30 09:36 - 2019-07-04 06:57 - 000209424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-07-30 09:36 - 2019-07-04 06:57 - 000194360 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-07-30 09:36 - 2019-07-04 06:57 - 000137656 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2019-07-30 09:36 - 2019-07-04 06:57 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-07-30 09:36 - 2019-07-04 06:57 - 000091776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-07-30 09:36 - 2019-07-04 06:56 - 002571640 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-07-30 09:36 - 2019-07-04 06:56 - 001566520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-07-30 09:36 - 2019-07-04 06:56 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-07-30 09:36 - 2019-07-04 06:56 - 001260776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-07-30 09:36 - 2019-07-04 06:56 - 001141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-07-30 09:36 - 2019-07-04 06:56 - 000983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-07-30 09:36 - 2019-07-04 06:56 - 000767536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-07-30 09:36 - 2019-07-04 06:56 - 000734952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-07-30 09:36 - 2019-07-04 06:56 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-07-30 09:36 - 2019-07-04 06:56 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-07-30 09:36 - 2019-07-04 06:56 - 000493752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-07-30 09:36 - 2019-07-04 06:56 - 000115512 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-07-30 09:36 - 2019-07-04 06:43 - 000832016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-07-30 09:36 - 2019-07-04 06:43 - 000665440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-07-30 09:36 - 2019-07-04 06:43 - 000328696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2019-07-30 09:36 - 2019-07-04 06:43 - 000287376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2019-07-30 09:36 - 2019-07-04 06:43 - 000191800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-07-30 09:36 - 2019-07-04 06:42 - 001980984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-07-30 09:36 - 2019-07-04 06:42 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-07-30 09:36 - 2019-07-04 06:42 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-07-30 09:36 - 2019-07-04 06:42 - 000356312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-07-30 09:36 - 2019-07-04 06:42 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2019-07-30 09:36 - 2019-07-04 06:41 - 000559328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-07-30 09:36 - 2019-07-04 06:26 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-07-30 09:36 - 2019-07-04 06:26 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-07-30 09:36 - 2019-07-04 06:25 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2019-07-30 09:36 - 2019-07-04 06:25 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-07-30 09:36 - 2019-07-04 06:24 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-07-30 09:36 - 2019-07-04 06:24 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-07-30 09:36 - 2019-07-04 06:24 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-07-30 09:36 - 2019-07-04 06:24 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-07-30 09:36 - 2019-07-04 06:23 - 001765888 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-07-30 09:36 - 2019-07-04 06:23 - 001217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-07-30 09:36 - 2019-07-04 06:23 - 000786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-07-30 09:36 - 2019-07-04 06:22 - 002587648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-07-30 09:36 - 2019-07-04 06:22 - 002176000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-07-30 09:36 - 2019-07-04 06:22 - 001561088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-07-30 09:36 - 2019-07-04 06:22 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-07-30 09:36 - 2019-07-04 06:22 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-07-30 09:36 - 2019-07-04 06:22 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-07-30 09:36 - 2019-07-04 06:22 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2019-07-30 09:36 - 2019-07-04 06:22 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-07-30 09:36 - 2019-07-04 06:21 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-07-30 09:36 - 2019-07-04 06:21 - 003202560 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-07-30 09:36 - 2019-07-04 06:21 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-07-30 09:36 - 2019-07-04 06:21 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-07-30 09:36 - 2019-07-04 06:21 - 001220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-07-30 09:36 - 2019-07-04 06:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-07-30 09:36 - 2019-07-04 06:21 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2019-07-30 09:36 - 2019-07-04 06:21 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-07-30 09:36 - 2019-07-04 06:20 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-07-30 09:36 - 2019-07-04 06:20 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-07-30 09:36 - 2019-07-04 06:20 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-07-30 09:36 - 2019-07-04 06:20 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-07-30 09:36 - 2019-07-04 06:19 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-07-30 09:36 - 2019-07-04 06:19 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-07-30 09:36 - 2019-07-04 06:18 - 002602496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-07-30 09:36 - 2019-07-04 06:18 - 001076224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-07-30 09:36 - 2019-07-04 06:18 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-07-30 09:36 - 2019-07-04 06:18 - 000953344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-07-30 09:36 - 2019-07-04 06:18 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-07-30 09:36 - 2019-07-04 06:17 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-07-30 09:36 - 2019-07-04 05:01 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2019-07-30 09:36 - 2019-06-21 10:50 - 000280584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-07-30 09:36 - 2019-06-13 14:15 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-07-30 09:36 - 2019-06-13 14:00 - 000464696 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-07-30 09:36 - 2019-06-13 13:58 - 000637752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-07-30 09:36 - 2019-06-13 13:58 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-07-30 09:36 - 2019-06-13 13:56 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-07-30 09:36 - 2019-06-13 13:43 - 001427984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-07-30 09:36 - 2019-06-13 13:43 - 001048480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-07-30 09:36 - 2019-06-13 13:42 - 002266936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2019-07-30 09:36 - 2019-06-13 13:42 - 000652088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2019-07-30 09:36 - 2019-06-13 13:42 - 000566536 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2019-07-30 09:36 - 2019-06-13 13:41 - 001626936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2019-07-30 09:36 - 2019-06-13 13:41 - 000830264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2019-07-30 09:36 - 2019-06-13 13:41 - 000825144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2019-07-30 09:36 - 2019-06-13 13:41 - 000670008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2019-07-30 09:36 - 2019-06-13 13:40 - 000749880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2019-07-30 09:36 - 2019-06-13 13:40 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-07-30 09:36 - 2019-06-13 13:40 - 000495416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2019-07-30 09:36 - 2019-06-13 13:38 - 000766264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2019-07-30 09:36 - 2019-06-13 13:37 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2019-07-30 09:36 - 2019-06-13 13:36 - 000251000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2019-07-30 09:36 - 2019-06-13 13:36 - 000236520 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2019-07-30 09:36 - 2019-06-13 13:35 - 001376688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-07-30 09:36 - 2019-06-13 13:34 - 000146888 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2019-07-30 09:36 - 2019-06-13 13:17 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2019-07-30 09:36 - 2019-06-13 13:17 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2019-07-30 09:36 - 2019-06-13 13:17 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2019-07-30 09:36 - 2019-06-13 13:17 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2019-07-30 09:36 - 2019-06-13 13:16 - 000767488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2019-07-30 09:36 - 2019-06-13 13:15 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2019-07-30 09:36 - 2019-06-13 13:14 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2019-07-30 09:36 - 2019-06-13 13:14 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2019-07-30 09:36 - 2019-06-13 13:14 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-07-30 09:36 - 2019-06-13 13:14 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll
2019-07-30 09:36 - 2019-06-13 13:13 - 001339392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2019-07-30 09:36 - 2019-06-13 13:13 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-07-30 09:36 - 2019-06-13 13:13 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2019-07-30 09:36 - 2019-06-13 13:13 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2019-07-30 09:36 - 2019-06-13 13:12 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2019-07-30 09:36 - 2019-06-13 13:10 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2019-07-30 09:36 - 2019-06-13 12:07 - 001027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-07-30 09:36 - 2019-06-13 12:07 - 000660496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2019-07-30 09:36 - 2019-06-13 12:07 - 000221232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2019-07-30 09:36 - 2019-06-13 11:54 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2019-07-30 09:36 - 2019-06-13 11:53 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-07-30 09:36 - 2019-06-13 11:51 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2019-07-30 09:36 - 2019-06-13 11:50 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2019-07-30 09:36 - 2019-06-13 11:49 - 002406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-07-30 09:36 - 2019-06-13 11:49 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2019-07-30 09:36 - 2019-06-13 09:48 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2019-07-30 09:36 - 2019-06-13 09:46 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2019-07-30 09:36 - 2019-06-13 09:01 - 000511288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-07-30 09:36 - 2019-06-13 09:01 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-07-30 09:36 - 2019-06-13 08:59 - 000785264 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2019-07-30 09:36 - 2019-06-13 08:47 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-07-30 09:36 - 2019-06-13 08:46 - 001076536 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2019-07-30 09:36 - 2019-06-13 08:46 - 000510296 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-07-30 09:36 - 2019-06-13 08:46 - 000093984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-07-30 09:36 - 2019-06-13 08:45 - 002421560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-07-30 09:36 - 2019-06-13 08:44 - 002546704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-07-30 09:36 - 2019-06-13 08:44 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-07-30 09:36 - 2019-06-13 08:44 - 001033696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2019-07-30 09:36 - 2019-06-13 08:44 - 000607112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2019-07-30 09:36 - 2019-06-13 08:44 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-07-30 09:36 - 2019-06-13 08:44 - 000130624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-07-30 09:36 - 2019-06-13 08:17 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-07-30 09:36 - 2019-06-13 08:16 - 001626112 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2019-07-30 09:36 - 2019-06-13 08:16 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-07-30 09:36 - 2019-06-13 08:15 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-07-30 09:36 - 2019-06-13 08:15 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-07-30 09:36 - 2019-06-13 08:15 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2019-07-30 09:36 - 2019-06-13 08:15 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2019-07-30 09:36 - 2019-06-13 08:15 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\KdsCli.dll
2019-07-30 09:36 - 2019-06-13 08:14 - 003318784 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2019-07-30 09:36 - 2019-06-13 08:14 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2019-07-30 09:36 - 2019-06-13 08:14 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-07-30 09:36 - 2019-06-13 08:14 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll
2019-07-30 09:36 - 2019-06-13 08:13 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-07-30 09:36 - 2019-06-13 08:13 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2019-07-30 09:36 - 2019-06-13 08:13 - 000322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-07-30 09:36 - 2019-06-13 08:13 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-07-30 09:36 - 2019-06-13 08:12 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-07-30 09:36 - 2019-06-13 08:12 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-07-30 09:36 - 2019-06-13 08:12 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-07-30 09:36 - 2019-06-13 08:12 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-07-30 09:36 - 2019-06-13 08:12 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-07-30 09:36 - 2019-06-13 08:12 - 000501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2019-07-30 09:36 - 2019-06-13 08:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbaudio2.sys
2019-07-30 09:36 - 2019-06-13 08:11 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-07-30 09:36 - 2019-06-13 08:11 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2019-07-30 09:36 - 2019-06-13 08:11 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2019-07-30 09:36 - 2019-06-13 08:10 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-07-30 09:36 - 2019-06-13 08:10 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-07-30 09:36 - 2019-06-13 08:10 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-07-30 09:36 - 2019-06-13 08:10 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2019-07-30 09:36 - 2019-06-13 08:10 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-07-30 09:36 - 2019-06-13 08:10 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2019-07-30 09:36 - 2019-06-13 08:10 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-07-30 09:36 - 2019-06-13 08:09 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-07-30 09:36 - 2019-06-13 08:09 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-07-30 09:36 - 2019-06-13 08:09 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2019-07-30 09:36 - 2019-06-13 08:08 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-07-30 09:36 - 2019-06-13 07:14 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-07-30 09:36 - 2019-06-13 07:08 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-07-30 09:36 - 2019-06-13 07:07 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-07-30 09:36 - 2019-06-13 07:07 - 000080744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-07-30 09:36 - 2019-06-13 07:06 - 002256768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-07-30 09:36 - 2019-06-13 07:06 - 001130776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-07-30 09:36 - 2019-06-13 07:06 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-07-30 09:36 - 2019-06-13 06:49 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2019-07-30 09:36 - 2019-06-13 06:47 - 003554304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2019-07-30 09:36 - 2019-06-13 06:47 - 002899456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2019-07-30 09:36 - 2019-06-13 06:47 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2019-07-30 09:36 - 2019-06-13 06:46 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-07-30 09:36 - 2019-06-13 06:46 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-07-30 09:36 - 2019-06-13 06:46 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2019-07-30 09:36 - 2019-06-13 06:45 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2019-07-30 09:36 - 2019-06-13 06:45 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-07-30 09:36 - 2019-06-13 06:44 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-07-30 09:36 - 2019-06-13 06:44 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2019-07-30 09:36 - 2019-06-13 06:44 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2019-07-30 09:36 - 2019-06-13 06:44 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2019-07-30 09:36 - 2019-06-13 06:44 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-07-30 09:36 - 2019-06-13 06:43 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-07-30 09:36 - 2019-06-13 06:43 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-07-30 09:36 - 2019-06-13 06:43 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-07-30 09:12 - 2019-07-30 09:12 - 000053464 _____ C:\Users\zastupitel\Downloads\Nabídka NAB-19-016 5m palety.pdf
2019-07-26 13:18 - 2019-07-26 17:19 - 000012096 _____ C:\Users\zastupitel\Desktop\Rozpočet Německo.xlsx
2019-07-23 12:43 - 2019-07-23 12:43 - 000011424 _____ C:\Users\zastupitel\Desktop\financni model.xlsx
2019-07-23 12:41 - 2019-07-23 12:41 - 000137632 _____ C:\Users\zastupitel\Desktop\KNAUF_PALETY_VÝKRES vypocet finance.xlsx
2019-07-23 11:44 - 2019-07-23 11:44 - 000000000 ____D C:\Users\zastupitel\Documents\My Maps
2019-07-23 10:30 - 2019-07-23 10:30 - 000259107 _____ C:\Users\zastupitel\Desktop\FSC_WP_English.pdf
2019-07-22 11:00 - 2019-07-22 11:00 - 000416340 _____ C:\Users\zastupitel\Desktop\certificate-pefc-coc-en.PDF
2019-07-17 16:01 - 2019-07-17 16:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office
2019-07-12 13:01 - 2019-07-15 09:48 - 003138756 _____ C:\Users\zastupitel\Desktop\COMPANY PRESENTATION LOGPACK 2019.pptx
2019-07-08 11:55 - 2019-07-08 11:55 - 000629379 _____ C:\Users\zastupitel\Desktop\Cenová nabídka pro Cargomind .pdf
2019-07-08 10:09 - 2019-07-08 10:09 - 000540529 _____ C:\Users\zastupitel\Desktop\Cenová nabídka pro Sea Sky Logistics.pdf
2019-07-08 10:00 - 2019-07-08 10:00 - 000565646 _____ C:\Users\zastupitel\Desktop\Cenová nabídka pro Sea Sky Logistics s.r.o..pdf
2019-07-08 09:42 - 2019-07-08 09:42 - 000253437 _____ C:\Users\zastupitel\Desktop\5FCBC53E.tmp
2019-07-08 09:42 - 2019-07-08 09:42 - 000252276 _____ C:\Users\zastupitel\Desktop\SeaSky kalkulace balení tovaru.pdf
2019-07-08 09:39 - 2019-07-08 09:38 - 000045541 _____ C:\Users\zastupitel\Desktop\Nabídka NAB-19-027 Sea Sky balení zboží.pdf
2019-07-04 20:08 - 2019-07-04 20:08 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-07-04 20:08 - 2019-07-04 20:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-07-04 20:08 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-07-04 20:07 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-31 19:43 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-07-31 19:38 - 2018-06-06 18:00 - 001604938 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-07-31 19:38 - 2018-04-12 17:51 - 000682896 _____ C:\WINDOWS\system32\perfh005.dat
2019-07-31 19:38 - 2018-04-12 17:51 - 000137290 _____ C:\WINDOWS\system32\perfc005.dat
2019-07-31 19:38 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2019-07-31 19:35 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-07-31 19:32 - 2018-06-06 18:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-07-31 19:32 - 2018-04-11 23:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-07-31 19:32 - 2016-10-24 12:29 - 000000000 __SHD C:\Users\zastupitel\IntelGraphicsProfiles
2019-07-31 18:00 - 2018-06-06 17:56 - 000000000 ____D C:\Users\zastupitel
2019-07-31 17:57 - 2018-02-25 15:11 - 000000000 ____D C:\AdwCleaner
2019-07-31 17:33 - 2016-11-24 17:25 - 000000000 ____D C:\Users\zastupitel\AppData\Local\ESET
2019-07-31 17:20 - 2018-06-06 17:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-07-31 17:18 - 2017-04-29 15:18 - 000000000 ____D C:\Users\zastupitel\Documents\Soubory aplikace Outlook
2019-07-31 00:10 - 2016-11-23 11:22 - 000000000 ____D C:\Users\zastupitel\AppData\Roaming\vlc
2019-07-30 23:22 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-07-30 22:26 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-07-30 22:25 - 2018-06-06 17:53 - 000418000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-07-30 22:25 - 2017-12-24 14:58 - 000000000 ___RD C:\Users\zastupitel\3D Objects
2019-07-30 22:25 - 2016-04-27 09:00 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-07-30 21:45 - 2018-04-12 17:53 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-07-30 21:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-07-30 21:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-07-30 21:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-07-30 21:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-07-30 21:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-07-30 21:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-07-30 21:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Provisioning
2019-07-30 21:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-07-30 21:45 - 2018-04-11 23:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-07-30 10:56 - 2017-05-14 15:44 - 000000000 ____D C:\Users\zastupitel\AppData\Roaming\KeePass
2019-07-30 09:41 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-07-30 09:31 - 2016-12-03 22:45 - 000000000 ____D C:\Users\zastupitel\AppData\Roaming\BitComet
2019-07-30 08:12 - 2017-12-24 12:20 - 000000000 ____D C:\Users\zastupitel\AppData\Local\Packages
2019-07-27 20:21 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-07-24 16:32 - 2018-09-05 20:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-07-19 21:15 - 2016-10-24 12:31 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-07-19 21:13 - 2016-10-24 14:14 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-07-19 21:13 - 2016-10-24 12:31 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-07-19 21:13 - 2015-10-30 09:24 - 000000167 _____ C:\WINDOWS\win.ini
2019-07-17 16:01 - 2019-05-28 08:48 - 000002518 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype pro firmy.lnk
2019-07-17 16:01 - 2016-10-24 14:13 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-07-16 22:24 - 2018-06-12 07:09 - 000000000 ____D C:\WINDOWS\Minidump
2019-07-16 08:37 - 2016-11-21 11:34 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-07-16 08:37 - 2016-11-21 11:34 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-07-14 19:06 - 2016-11-28 17:20 - 000000000 ____D C:\Users\zastupitel\AppData\Local\ElevatedDiagnostics
2019-07-11 22:16 - 2019-05-27 13:34 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-07-11 09:44 - 2018-06-06 18:02 - 000003384 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1233148325-3066817778-516866998-1001
2019-07-11 09:44 - 2018-06-06 17:56 - 000002419 _____ C:\Users\zastupitel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-07-11 09:44 - 2016-10-24 16:48 - 000000000 ___RD C:\Users\zastupitel\OneDrive
2019-07-04 20:08 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-07-04 20:07 - 2018-04-25 22:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-07-04 15:25 - 2017-05-02 10:18 - 000000000 ____D C:\Users\zastupitel\Documents\ANO
2019-07-04 15:24 - 2019-05-06 07:53 - 000000000 ____D C:\Users\zastupitel\Documents\Logpack
2019-07-02 18:32 - 2016-12-18 20:41 - 000000000 ____D C:\Users\zastupitel\Documents\Personal

==================== Files in the root of some directories ================

2017-07-03 12:16 - 2017-07-03 20:37 - 000006144 _____ () C:\Users\zastupitel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119418
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Podezření na havěť

#11 Příspěvek od Rudy »

Chtěl jsem vidět obsah souboru fixlog.txt. Měl by být v C:\Users\zastupitel\Downloads.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Time2Groove
2. Stupeň Varování
Příspěvky: 147
Registrován: 23 říj 2005 18:22

Re: Podezření na havěť

#12 Příspěvek od Time2Groove »

co mám prosím nyní tedy udělat?
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119418
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Podezření na havěť

#13 Příspěvek od Rudy »

Otevřít ten soubor a jeho obsah zkopírovat sem. Je to stejné, jako v případě frst a addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Time2Groove
2. Stupeň Varování
Příspěvky: 147
Registrován: 23 říj 2005 18:22

Re: Podezření na havěť

#14 Příspěvek od Time2Groove »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2019
Ran by zastupitel (administrator) on Z-RYCHTARIK-N (Acer TravelMate P648-M) (31-07-2019 19:02:37)
Running from C:\Users\zastupitel\Downloads
Loaded Profiles: zastupitel (Available Profiles: zastupitel)
Platform: Windows 10 Pro Version 1803 17134.885 (X64) Language: �e�tina (�esko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19051.16210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\eshasrv.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe
(Ghisler Software GmbH -> Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - Client Components Group -> Intel Corporation) C:\Windows\System32\IntelSSTAPO\ParameterService\ParameterService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Software Development Products -> ) C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Intel(R) Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_10d045798a3d667e\aesm_service.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mindjet -> Mindjet) C:\Program Files (x86)\Mindjet\MindManager 14\MmReminderService.exe
(pdfforge GmbH -> © pdfforge GmbH.) C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
(pdfforge GmbH -> pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Software602 a.s. -> Software602 a.s.) C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16409496 2015-11-26] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [323056 2015-11-04] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Acer MotionProtect Tray Application] => C:\Program Files (x86)\ST Microelectronics\ST_ACCEL\FFP_Token.exe [213168 2014-10-24] (STMicroelectronics -> STMicroelectronics)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare software CO., LIMITED -> Wondershare)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 14\MMReminderService.exe [42312 2013-09-06] (Mindjet -> Mindjet)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3312208 2019-05-04] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1233148325-3066817778-516866998-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22588760 2019-05-16] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1233148325-3066817778-516866998-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [53646904 2019-07-18] (Skype Software Sarl -> Skype Technologies S.A.)
HKLM\...\Drivers32: [msacm.ac3filter] => C:\WINDOWS\system32\ac3filter64.acm [2231296 2013-04-05] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3filter] => C:\Windows\SysWOW64\ac3filter.acm [1679360 2013-04-05] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-16] (Google LLC -> Google LLC)
Startup: C:\Users\zastupitel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Odeslat do OneNote.lnk [2018-04-26]
ShortcutTarget: Odeslat do OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2EF48170-093D-4A16-8809-F61BF8B08B78} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1448512 2019-07-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {3340E602-FEC9-4FA7-8BA4-3F59CB4D3F67} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {34E8A7EF-DE1D-4E9A-B68B-242E5871B1AC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16571320 2019-05-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {38818397-0DCA-4488-BBBD-8812CF580AAE} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {42F132B3-005B-4B33-9F7F-8E7164E30D64} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1448512 2019-07-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {48AC9C4B-E270-438C-B05B-9A85F4BE03E7} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {53E7D439-B8AB-4859-A5B6-462DECB5CA70} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [113616 2019-07-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {64B2930E-8798-452F-8C16-F4A455519159} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [113616 2019-07-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {64C73DF7-7CFB-4D3A-A2F6-E46CDF251537} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_131_pepper.exe [1280000 2017-06-25] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {6A10A13A-6F5D-4FEC-8DE6-70AA0EE4F5AF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26804232 2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {7065D11B-DC33-4A88-A79F-33C2570893E2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {74F905D6-606E-4D10-B305-0110AD1A87D0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-21] (Google Inc -> Google Inc.)
Task: {81BDECEE-F45E-4680-AEB1-9047E420B5CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-21] (Google Inc -> Google Inc.)
Task: {96F60645-3886-47F4-A0BD-EAE00AA9DEC7} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [1741576 2016-03-17] (Intel(R) Software -> Intel Corporation)
Task: {CDD5DB07-37E5-4D44-A482-2CFAF6C9B435} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26804232 2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {DFF01833-7811-4AB2-970C-9E8BA117BA03} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {ED144D7C-D12D-45F0-A400-40F40D8B1BFA} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-05-16] (Piriform Software Ltd -> Piriform Software Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{2b83f63b-695d-4723-a7ad-5d245449af6f}: [DhcpNameServer] 217.75.208.162 93.91.144.70
Tcpip\..\Interfaces\{adb1b915-a618-4bb4-bdbe-160317fcbcfa}: [DhcpNameServer] 192.168.33.2
Tcpip\..\Interfaces\{df0bb128-19c7-4137-82c3-f419da4d7ca2}: [NameServer] 217.77.165.81,217.77.165.211

Internet Explorer:
==================
HKU\S-1-5-21-1233148325-3066817778-516866998-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.cz/
SearchScopes: HKU\S-1-5-21-1233148325-3066817778-516866998-1001 -> {989C12CB-FFA3-45B2-B4C6-9C859B6B3248} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-07-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-05-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-08-05] (pdfforge GmbH -> pdfforge GmbH)
BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 14\Mm8InternetExplorer.dll [2013-09-06] (Mindjet -> Mindjet)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-04-06] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-06] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-08-05] (pdfforge GmbH -> pdfforge GmbH)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-17] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-11-24] [Legacy] [not signed]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-09] (Google Inc -> Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-05-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-05-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2017-07-03] ( ) [File not signed]
FF Plugin-x32: @software602.cz/602XML Filler -> C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s. -> Software602 a.s.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 4 -> C:\Program Files (x86)\PDF Architect 4\np-previewer.dll [2016-08-05] (pdfforge GmbH -> pdfforge GmbH)

Chrome:
=======
CHR HomePage: Default -> hxxp://go.eu.bbelements.com/please/redirect/23470/1/1/2/!uwi=1280,uhe=720,uce=0,ibbid=BBID-01-01838805580355786,impressionId=230f097a-0071-4823-b324-40bdac1db3ec,ibb_device_id=0,ip_co=1,ip_reg=30,b_w=998,b_h=200,param=843807/792908_1_?
CHR Profile: C:\Users\zastupitel\AppData\Local\Google\Chrome\User Data\Default [2019-07-31]
CHR Extension: (Disk Google) - C:\Users\zastupitel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-19]
CHR Extension: (YouTube) - C:\Users\zastupitel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-21]
CHR Extension: (AdBlock) - C:\Users\zastupitel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-07-31]
CHR Extension: (Platby Internetov�ho obchodu Chrome) - C:\Users\zastupitel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\zastupitel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\zastupitel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-22]
CHR HKU\S-1-5-21-1233148325-3066817778-516866998-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s. -> Software602 a.s.)
R2 AESMService; C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_10d045798a3d667e\aesm_service.exe [3367272 2018-11-28] (Intel(R) Software Development Products -> Intel Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11413600 2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [480232 2017-01-05] (Intel(R) pGFX -> Intel Corporation)
S3 EHttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\ehttpsrv.exe [51872 2016-05-24] (ESET, spol. s r.o. -> ESET)
R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [1648224 2016-05-24] (ESET, spol. s r.o. -> ESET)
R2 EraAgentSvc; C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe [1708192 2016-07-01] (ESET, spol. s r.o. -> ESET)
R2 eshasrv; C:\Program Files\ESET\ESET Endpoint Antivirus\eshasrv.exe [193696 2016-05-24] (ESET, spol. s r.o. -> ESET)
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] (Intel(R) Software Development Products -> )
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [541896 2018-04-19] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [341992 2017-01-05] (Intel(R) pGFX -> Intel Corporation)
R2 IntelSSTSvc; C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe [25928 2015-11-05] (Intel Corporation - Client Components Group -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2438880 2016-08-05] (pdfforge GmbH -> pdfforge GmbH)
S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-08-05] (pdfforge GmbH -> pdfforge GmbH)
R2 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-08-05] (pdfforge GmbH -> pdfforge GmbH)
R2 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [972056 2016-05-18] (pdfforge GmbH -> © pdfforge GmbH.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2015-11-26] (Realtek Semiconductor Corp -> Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5073792 2019-07-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [260664 2018-01-25] (Synaptics Incorporated -> Synaptics Incorporated)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] (Intel(R) Software Development Products -> )
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] (Intel(R) Software Development Products -> )
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4413440 2019-03-14] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107160 2019-02-16] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 dlcdcncm; C:\WINDOWS\System32\drivers\dlcdcncm62_x64.sys [92400 2017-05-29] (DISPLAYLINK -> DisplayLink Corp.)
S3 dlusbaudio; C:\WINDOWS\system32\DRIVERS\dlusbaudio_x64.sys [238320 2017-05-29] (DISPLAYLINK -> DisplayLink Corp.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [264864 2016-05-23] (ESET, spol. s r.o. -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [196768 2016-05-23] (ESET, spol. s r.o. -> ESET)
R2 epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [180384 2016-05-23] (ESET, spol. s r.o. -> ESET)
R0 FPWinIo; C:\WINDOWS\System32\drivers\FPWinIo.sys [23536 2014-10-07] (EGIS TECHNOLOGY INC. -> Egis Technology Inc.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136216 2018-04-19] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 LECs6022; C:\WINDOWS\System32\drivers\LECs6022.sys [20208 2016-08-17] (WDKTestCert primax,131147703563436555 -> Primax Electronics Ltd.)
R3 LEMo6022; C:\WINDOWS\System32\drivers\LEMo6022.sys [27912 2016-08-17] (WDKTestCert primax,131147703563436555 -> Primax Electronics Ltd.)
R3 LEub6022; C:\WINDOWS\System32\drivers\LEub6022.sys [20720 2016-08-17] (WDKTestCert primax,131147703563436555 -> Primax Electronics Ltd.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-07-31] (Malwarebytes Corporation -> Malwarebytes)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [8623128 2018-04-04] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 pelmouse; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [26880 2016-07-11] (WDKTestCert idd,131110062695071623 -> TPMX Electronics Ltd.)
R3 pelusblf; C:\WINDOWS\system32\DRIVERS\pelusblf.sys [33048 2016-07-11] (WDKTestCert idd,131110062695071623 -> )
R3 pelvendr; C:\WINDOWS\system32\DRIVERS\pelvendr.sys [15032 2016-07-11] (WDKTestCert idd,131110062695071623 -> TPMX Electronics Ltd.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [302808 2016-10-24] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] (Intel(R) Code Signing External -> )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-04] (Synaptics Incorporated -> Synaptics Incorporated)
R0 stdcfltn; C:\WINDOWS\System32\DRIVERS\stdcfltn.sys [23216 2015-01-09] (STMicroelectronics -> ST Microelectronics)
R3 ST_Accel; C:\WINDOWS\system32\DRIVERS\ST_Accel.sys [143592 2015-06-10] (STMicroelectronics -> STMicroelectronics)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R3 wmbclass; C:\WINDOWS\System32\drivers\wmbclass.sys [335872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-31 19:02 - 2019-07-31 19:03 - 000029147 _____ C:\Users\zastupitel\Downloads\FRST.txt
2019-07-31 19:02 - 2019-07-31 19:02 - 002096128 _____ (Farbar) C:\Users\zastupitel\Downloads\FRST64.exe
2019-07-31 19:02 - 2019-07-31 19:02 - 000000000 ____D C:\FRST
2019-07-31 19:00 - 2019-07-31 18:59 - 000522240 _____ (OldTimer Tools) C:\Users\zastupitel\Desktop\OTM.exe
2019-07-31 18:00 - 2019-07-31 18:00 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-07-31 17:53 - 2019-07-31 17:54 - 064333800 _____ (Malwarebytes ) C:\Users\zastupitel\Desktop\mb3-setup-43841.43841-3.8.3.2965-1.0.613-1.0.11270.exe
2019-07-31 17:53 - 2019-07-31 17:53 - 007623880 _____ (Malwarebytes) C:\Users\zastupitel\Desktop\adwcleaner_7.4.exe
2019-07-31 17:33 - 2019-07-31 17:33 - 000000817 _____ C:\Users\zastupitel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2019-07-31 17:33 - 2019-07-31 17:33 - 000000718 _____ C:\Users\zastupitel\Desktop\ESET Online Scanner.lnk
2019-07-31 17:24 - 2019-07-31 17:28 - 000000000 ____D C:\Program Files\trend micro
2019-07-31 17:24 - 2019-07-31 17:24 - 000000000 ____D C:\rsit
2019-07-30 09:37 - 2019-07-04 11:40 - 021390504 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-07-30 09:37 - 2019-07-04 11:40 - 001616840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-07-30 09:37 - 2019-07-04 11:18 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-07-30 09:37 - 2019-07-04 10:51 - 020384128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-07-30 09:37 - 2019-07-04 10:37 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-07-30 09:37 - 2019-07-04 07:00 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-07-30 09:37 - 2019-07-04 06:57 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-07-30 09:37 - 2019-07-04 06:56 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-07-30 09:37 - 2019-07-04 06:56 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-07-30 09:37 - 2019-07-04 06:56 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-07-30 09:37 - 2019-07-04 06:56 - 002810680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-07-30 09:37 - 2019-07-04 06:42 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-07-30 09:37 - 2019-07-04 06:42 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-07-30 09:37 - 2019-07-04 06:42 - 002479176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-07-30 09:37 - 2019-07-04 06:37 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-07-30 09:37 - 2019-07-04 06:33 - 022017536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-07-30 09:37 - 2019-07-04 06:29 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-07-30 09:37 - 2019-07-04 06:26 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-07-30 09:37 - 2019-07-04 06:25 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-07-30 09:37 - 2019-07-04 06:25 - 007589888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-07-30 09:37 - 2019-07-04 06:25 - 004861440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-07-30 09:37 - 2019-07-04 06:25 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-07-30 09:37 - 2019-07-04 06:22 - 003707904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-07-30 09:37 - 2019-07-04 06:21 - 005784064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-07-30 09:37 - 2019-06-13 14:12 - 002871848 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-07-30 09:37 - 2019-06-13 14:05 - 000810296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-07-30 09:37 - 2019-06-13 14:04 - 001721144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-07-30 09:37 - 2019-06-13 13:59 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-07-30 09:37 - 2019-06-13 13:42 - 004038688 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-07-30 09:37 - 2019-06-13 13:18 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-07-30 09:37 - 2019-06-13 13:18 - 004847104 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-07-30 09:37 - 2019-06-13 13:17 - 012756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-07-30 09:37 - 2019-06-13 13:15 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-07-30 09:37 - 2019-06-13 13:13 - 002920448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-07-30 09:37 - 2019-06-13 12:11 - 001539896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2019-07-30 09:37 - 2019-06-13 12:05 - 003700160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-07-30 09:37 - 2019-06-13 11:55 - 005657088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-07-30 09:37 - 2019-06-13 11:54 - 011942912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-07-30 09:37 - 2019-06-13 09:01 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-07-30 09:37 - 2019-06-13 08:47 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-07-30 09:37 - 2019-06-13 08:44 - 002769688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-07-30 09:37 - 2019-06-13 08:13 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2019-07-30 09:36 - 2019-07-04 11:45 - 001786680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-07-30 09:36 - 2019-07-04 11:43 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-07-30 09:36 - 2019-07-04 11:41 - 000304144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-07-30 09:36 - 2019-07-04 11:40 - 001631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-07-30 09:36 - 2019-07-04 11:40 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-07-30 09:36 - 2019-07-04 11:22 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2019-07-30 09:36 - 2019-07-04 11:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-07-30 09:36 - 2019-07-04 11:21 - 008627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-07-30 09:36 - 2019-07-04 11:20 - 001609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-07-30 09:36 - 2019-07-04 11:19 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2019-07-30 09:36 - 2019-07-04 11:18 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-07-30 09:36 - 2019-07-04 10:56 - 001453416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-07-30 09:36 - 2019-07-04 10:54 - 000662352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-07-30 09:36 - 2019-07-04 10:41 - 007990784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-07-30 09:36 - 2019-07-04 10:36 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-07-30 09:36 - 2019-07-04 06:58 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-07-30 09:36 - 2019-07-04 06:58 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-07-30 09:36 - 2019-07-04 06:58 - 000416312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2019-07-30 09:36 - 2019-07-04 06:58 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-07-30 09:36 - 2019-07-04 06:57 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-07-30 09:36 - 2019-07-04 06:57 - 000986128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-07-30 09:36 - 2019-07-04 06:57 - 000776784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-07-30 09:36 - 2019-07-04 06:57 - 000723728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-07-30 09:36 - 2019-07-04 06:57 - 000708696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-07-30 09:36 - 2019-07-04 06:57 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-07-30 09:36 - 2019-07-04 06:57 - 000362264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2019-07-30 09:36 - 2019-07-04 06:57 - 000209424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-07-30 09:36 - 2019-07-04 06:57 - 000194360 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-07-30 09:36 - 2019-07-04 06:57 - 000137656 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2019-07-30 09:36 - 2019-07-04 06:57 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-07-30 09:36 - 2019-07-04 06:57 - 000091776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-07-30 09:36 - 2019-07-04 06:56 - 002571640 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-07-30 09:36 - 2019-07-04 06:56 - 001566520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-07-30 09:36 - 2019-07-04 06:56 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-07-30 09:36 - 2019-07-04 06:56 - 001260776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-07-30 09:36 - 2019-07-04 06:56 - 001141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-07-30 09:36 - 2019-07-04 06:56 - 000983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-07-30 09:36 - 2019-07-04 06:56 - 000767536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-07-30 09:36 - 2019-07-04 06:56 - 000734952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-07-30 09:36 - 2019-07-04 06:56 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-07-30 09:36 - 2019-07-04 06:56 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-07-30 09:36 - 2019-07-04 06:56 - 000493752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-07-30 09:36 - 2019-07-04 06:56 - 000115512 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-07-30 09:36 - 2019-07-04 06:43 - 000832016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-07-30 09:36 - 2019-07-04 06:43 - 000665440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-07-30 09:36 - 2019-07-04 06:43 - 000328696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2019-07-30 09:36 - 2019-07-04 06:43 - 000287376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2019-07-30 09:36 - 2019-07-04 06:43 - 000191800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-07-30 09:36 - 2019-07-04 06:42 - 001980984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-07-30 09:36 - 2019-07-04 06:42 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-07-30 09:36 - 2019-07-04 06:42 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-07-30 09:36 - 2019-07-04 06:42 - 000356312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-07-30 09:36 - 2019-07-04 06:42 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2019-07-30 09:36 - 2019-07-04 06:41 - 000559328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-07-30 09:36 - 2019-07-04 06:26 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-07-30 09:36 - 2019-07-04 06:26 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-07-30 09:36 - 2019-07-04 06:25 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2019-07-30 09:36 - 2019-07-04 06:25 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-07-30 09:36 - 2019-07-04 06:24 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-07-30 09:36 - 2019-07-04 06:24 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-07-30 09:36 - 2019-07-04 06:24 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-07-30 09:36 - 2019-07-04 06:24 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-07-30 09:36 - 2019-07-04 06:23 - 001765888 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-07-30 09:36 - 2019-07-04 06:23 - 001217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-07-30 09:36 - 2019-07-04 06:23 - 000786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-07-30 09:36 - 2019-07-04 06:22 - 002587648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-07-30 09:36 - 2019-07-04 06:22 - 002176000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-07-30 09:36 - 2019-07-04 06:22 - 001561088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-07-30 09:36 - 2019-07-04 06:22 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-07-30 09:36 - 2019-07-04 06:22 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-07-30 09:36 - 2019-07-04 06:22 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-07-30 09:36 - 2019-07-04 06:22 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2019-07-30 09:36 - 2019-07-04 06:22 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-07-30 09:36 - 2019-07-04 06:21 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-07-30 09:36 - 2019-07-04 06:21 - 003202560 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-07-30 09:36 - 2019-07-04 06:21 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-07-30 09:36 - 2019-07-04 06:21 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-07-30 09:36 - 2019-07-04 06:21 - 001220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-07-30 09:36 - 2019-07-04 06:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-07-30 09:36 - 2019-07-04 06:21 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2019-07-30 09:36 - 2019-07-04 06:21 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-07-30 09:36 - 2019-07-04 06:20 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-07-30 09:36 - 2019-07-04 06:20 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-07-30 09:36 - 2019-07-04 06:20 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-07-30 09:36 - 2019-07-04 06:20 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-07-30 09:36 - 2019-07-04 06:19 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-07-30 09:36 - 2019-07-04 06:19 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-07-30 09:36 - 2019-07-04 06:18 - 002602496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-07-30 09:36 - 2019-07-04 06:18 - 001076224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-07-30 09:36 - 2019-07-04 06:18 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-07-30 09:36 - 2019-07-04 06:18 - 000953344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-07-30 09:36 - 2019-07-04 06:18 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-07-30 09:36 - 2019-07-04 06:17 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-07-30 09:36 - 2019-07-04 05:01 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2019-07-30 09:36 - 2019-06-21 10:50 - 000280584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-07-30 09:36 - 2019-06-13 14:15 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-07-30 09:36 - 2019-06-13 14:00 - 000464696 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-07-30 09:36 - 2019-06-13 13:58 - 000637752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-07-30 09:36 - 2019-06-13 13:58 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-07-30 09:36 - 2019-06-13 13:56 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-07-30 09:36 - 2019-06-13 13:43 - 001427984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-07-30 09:36 - 2019-06-13 13:43 - 001048480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-07-30 09:36 - 2019-06-13 13:42 - 002266936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2019-07-30 09:36 - 2019-06-13 13:42 - 000652088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2019-07-30 09:36 - 2019-06-13 13:42 - 000566536 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2019-07-30 09:36 - 2019-06-13 13:41 - 001626936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2019-07-30 09:36 - 2019-06-13 13:41 - 000830264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2019-07-30 09:36 - 2019-06-13 13:41 - 000825144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2019-07-30 09:36 - 2019-06-13 13:41 - 000670008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2019-07-30 09:36 - 2019-06-13 13:40 - 000749880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2019-07-30 09:36 - 2019-06-13 13:40 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-07-30 09:36 - 2019-06-13 13:40 - 000495416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2019-07-30 09:36 - 2019-06-13 13:38 - 000766264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2019-07-30 09:36 - 2019-06-13 13:37 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2019-07-30 09:36 - 2019-06-13 13:36 - 000251000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2019-07-30 09:36 - 2019-06-13 13:36 - 000236520 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2019-07-30 09:36 - 2019-06-13 13:35 - 001376688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-07-30 09:36 - 2019-06-13 13:34 - 000146888 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2019-07-30 09:36 - 2019-06-13 13:17 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2019-07-30 09:36 - 2019-06-13 13:17 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2019-07-30 09:36 - 2019-06-13 13:17 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2019-07-30 09:36 - 2019-06-13 13:17 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2019-07-30 09:36 - 2019-06-13 13:16 - 000767488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2019-07-30 09:36 - 2019-06-13 13:15 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2019-07-30 09:36 - 2019-06-13 13:14 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2019-07-30 09:36 - 2019-06-13 13:14 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2019-07-30 09:36 - 2019-06-13 13:14 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-07-30 09:36 - 2019-06-13 13:14 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll
2019-07-30 09:36 - 2019-06-13 13:13 - 001339392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2019-07-30 09:36 - 2019-06-13 13:13 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-07-30 09:36 - 2019-06-13 13:13 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2019-07-30 09:36 - 2019-06-13 13:13 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2019-07-30 09:36 - 2019-06-13 13:12 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2019-07-30 09:36 - 2019-06-13 13:10 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2019-07-30 09:36 - 2019-06-13 12:07 - 001027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-07-30 09:36 - 2019-06-13 12:07 - 000660496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2019-07-30 09:36 - 2019-06-13 12:07 - 000221232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2019-07-30 09:36 - 2019-06-13 11:54 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2019-07-30 09:36 - 2019-06-13 11:53 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-07-30 09:36 - 2019-06-13 11:51 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2019-07-30 09:36 - 2019-06-13 11:50 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2019-07-30 09:36 - 2019-06-13 11:49 - 002406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-07-30 09:36 - 2019-06-13 11:49 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2019-07-30 09:36 - 2019-06-13 09:48 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2019-07-30 09:36 - 2019-06-13 09:46 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2019-07-30 09:36 - 2019-06-13 09:01 - 000511288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-07-30 09:36 - 2019-06-13 09:01 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-07-30 09:36 - 2019-06-13 08:59 - 000785264 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2019-07-30 09:36 - 2019-06-13 08:47 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-07-30 09:36 - 2019-06-13 08:46 - 001076536 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2019-07-30 09:36 - 2019-06-13 08:46 - 000510296 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-07-30 09:36 - 2019-06-13 08:46 - 000093984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-07-30 09:36 - 2019-06-13 08:45 - 002421560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-07-30 09:36 - 2019-06-13 08:44 - 002546704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-07-30 09:36 - 2019-06-13 08:44 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-07-30 09:36 - 2019-06-13 08:44 - 001033696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2019-07-30 09:36 - 2019-06-13 08:44 - 000607112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2019-07-30 09:36 - 2019-06-13 08:44 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-07-30 09:36 - 2019-06-13 08:44 - 000130624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-07-30 09:36 - 2019-06-13 08:17 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-07-30 09:36 - 2019-06-13 08:16 - 001626112 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2019-07-30 09:36 - 2019-06-13 08:16 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-07-30 09:36 - 2019-06-13 08:15 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-07-30 09:36 - 2019-06-13 08:15 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-07-30 09:36 - 2019-06-13 08:15 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2019-07-30 09:36 - 2019-06-13 08:15 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2019-07-30 09:36 - 2019-06-13 08:15 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\KdsCli.dll
2019-07-30 09:36 - 2019-06-13 08:14 - 003318784 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2019-07-30 09:36 - 2019-06-13 08:14 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2019-07-30 09:36 - 2019-06-13 08:14 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-07-30 09:36 - 2019-06-13 08:14 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll
2019-07-30 09:36 - 2019-06-13 08:13 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-07-30 09:36 - 2019-06-13 08:13 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2019-07-30 09:36 - 2019-06-13 08:13 - 000322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-07-30 09:36 - 2019-06-13 08:13 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-07-30 09:36 - 2019-06-13 08:12 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-07-30 09:36 - 2019-06-13 08:12 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-07-30 09:36 - 2019-06-13 08:12 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-07-30 09:36 - 2019-06-13 08:12 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-07-30 09:36 - 2019-06-13 08:12 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-07-30 09:36 - 2019-06-13 08:12 - 000501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2019-07-30 09:36 - 2019-06-13 08:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbaudio2.sys
2019-07-30 09:36 - 2019-06-13 08:11 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-07-30 09:36 - 2019-06-13 08:11 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2019-07-30 09:36 - 2019-06-13 08:11 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2019-07-30 09:36 - 2019-06-13 08:10 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-07-30 09:36 - 2019-06-13 08:10 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-07-30 09:36 - 2019-06-13 08:10 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-07-30 09:36 - 2019-06-13 08:10 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2019-07-30 09:36 - 2019-06-13 08:10 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-07-30 09:36 - 2019-06-13 08:10 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2019-07-30 09:36 - 2019-06-13 08:10 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-07-30 09:36 - 2019-06-13 08:09 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-07-30 09:36 - 2019-06-13 08:09 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-07-30 09:36 - 2019-06-13 08:09 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2019-07-30 09:36 - 2019-06-13 08:08 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-07-30 09:36 - 2019-06-13 07:14 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-07-30 09:36 - 2019-06-13 07:08 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-07-30 09:36 - 2019-06-13 07:07 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-07-30 09:36 - 2019-06-13 07:07 - 000080744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-07-30 09:36 - 2019-06-13 07:06 - 002256768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-07-30 09:36 - 2019-06-13 07:06 - 001130776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-07-30 09:36 - 2019-06-13 07:06 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-07-30 09:36 - 2019-06-13 06:49 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2019-07-30 09:36 - 2019-06-13 06:47 - 003554304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2019-07-30 09:36 - 2019-06-13 06:47 - 002899456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2019-07-30 09:36 - 2019-06-13 06:47 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2019-07-30 09:36 - 2019-06-13 06:46 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-07-30 09:36 - 2019-06-13 06:46 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-07-30 09:36 - 2019-06-13 06:46 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2019-07-30 09:36 - 2019-06-13 06:45 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2019-07-30 09:36 - 2019-06-13 06:45 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-07-30 09:36 - 2019-06-13 06:44 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-07-30 09:36 - 2019-06-13 06:44 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2019-07-30 09:36 - 2019-06-13 06:44 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2019-07-30 09:36 - 2019-06-13 06:44 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2019-07-30 09:36 - 2019-06-13 06:44 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-07-30 09:36 - 2019-06-13 06:43 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-07-30 09:36 - 2019-06-13 06:43 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-07-30 09:36 - 2019-06-13 06:43 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-07-30 09:12 - 2019-07-30 09:12 - 000053464 _____ C:\Users\zastupitel\Downloads\Nab�dka NAB-19-016 5m palety.pdf
2019-07-26 13:18 - 2019-07-26 17:19 - 000012096 _____ C:\Users\zastupitel\Desktop\Rozpo�et N�mecko.xlsx
2019-07-23 12:43 - 2019-07-23 12:43 - 000011424 _____ C:\Users\zastupitel\Desktop\financni model.xlsx
2019-07-23 12:41 - 2019-07-23 12:41 - 000137632 _____ C:\Users\zastupitel\Desktop\KNAUF_PALETY_V�KRES vypocet finance.xlsx
2019-07-23 11:44 - 2019-07-23 11:44 - 000000000 ____D C:\Users\zastupitel\Documents\My Maps
2019-07-23 10:30 - 2019-07-23 10:30 - 000259107 _____ C:\Users\zastupitel\Desktop\FSC_WP_English.pdf
2019-07-22 11:00 - 2019-07-22 11:00 - 000416340 _____ C:\Users\zastupitel\Desktop\certificate-pefc-coc-en.PDF
2019-07-17 16:01 - 2019-07-17 16:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\N�stroje Microsoft Office
2019-07-12 13:01 - 2019-07-15 09:48 - 003138756 _____ C:\Users\zastupitel\Desktop\COMPANY PRESENTATION LOGPACK 2019.pptx
2019-07-08 11:55 - 2019-07-08 11:55 - 000629379 _____ C:\Users\zastupitel\Desktop\Cenov� nab�dka pro Cargomind .pdf
2019-07-08 10:09 - 2019-07-08 10:09 - 000540529 _____ C:\Users\zastupitel\Desktop\Cenov� nab�dka pro Sea Sky Logistics.pdf
2019-07-08 10:00 - 2019-07-08 10:00 - 000565646 _____ C:\Users\zastupitel\Desktop\Cenov� nab�dka pro Sea Sky Logistics s.r.o..pdf
2019-07-08 09:42 - 2019-07-08 09:42 - 000253437 _____ C:\Users\zastupitel\Desktop\5FCBC53E.tmp
2019-07-08 09:42 - 2019-07-08 09:42 - 000252276 _____ C:\Users\zastupitel\Desktop\SeaSky kalkulace balen� tovaru.pdf
2019-07-08 09:39 - 2019-07-08 09:38 - 000045541 _____ C:\Users\zastupitel\Desktop\Nab�dka NAB-19-027 Sea Sky balen� zbo��.pdf
2019-07-04 20:08 - 2019-07-04 20:08 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-07-04 20:08 - 2019-07-04 20:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-07-04 20:08 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-07-04 20:07 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-31 18:56 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-07-31 18:04 - 2018-06-06 18:00 - 001604938 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-07-31 18:04 - 2018-04-12 17:51 - 000682896 _____ C:\WINDOWS\system32\perfh005.dat
2019-07-31 18:04 - 2018-04-12 17:51 - 000137290 _____ C:\WINDOWS\system32\perfc005.dat
2019-07-31 18:04 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2019-07-31 18:00 - 2018-06-06 18:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-07-31 18:00 - 2018-06-06 17:56 - 000000000 ____D C:\Users\zastupitel
2019-07-31 18:00 - 2018-04-11 23:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-07-31 18:00 - 2016-10-24 12:29 - 000000000 __SHD C:\Users\zastupitel\IntelGraphicsProfiles
2019-07-31 17:57 - 2018-02-25 15:11 - 000000000 ____D C:\AdwCleaner
2019-07-31 17:33 - 2016-11-24 17:25 - 000000000 ____D C:\Users\zastupitel\AppData\Local\ESET
2019-07-31 17:20 - 2018-06-06 17:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-07-31 17:18 - 2017-04-29 15:18 - 000000000 ____D C:\Users\zastupitel\Documents\Soubory aplikace Outlook
2019-07-31 00:10 - 2016-11-23 11:22 - 000000000 ____D C:\Users\zastupitel\AppData\Roaming\vlc
2019-07-30 23:22 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-07-30 22:26 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-07-30 22:25 - 2018-06-06 17:53 - 000418000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-07-30 22:25 - 2017-12-24 14:58 - 000000000 ___RD C:\Users\zastupitel\3D Objects
2019-07-30 22:25 - 2016-04-27 09:00 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-07-30 21:45 - 2018-04-12 17:53 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-07-30 21:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-07-30 21:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-07-30 21:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-07-30 21:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-07-30 21:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-07-30 21:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-07-30 21:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Provisioning
2019-07-30 21:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-07-30 21:45 - 2018-04-11 23:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-07-30 10:56 - 2017-05-14 15:44 - 000000000 ____D C:\Users\zastupitel\AppData\Roaming\KeePass
2019-07-30 09:41 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-07-30 09:31 - 2016-12-03 22:45 - 000000000 ____D C:\Users\zastupitel\AppData\Roaming\BitComet
2019-07-30 08:12 - 2017-12-24 12:20 - 000000000 ____D C:\Users\zastupitel\AppData\Local\Packages
2019-07-27 20:21 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-07-24 16:32 - 2018-09-05 20:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-07-19 21:15 - 2016-10-24 12:31 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-07-19 21:13 - 2016-10-24 14:14 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-07-19 21:13 - 2016-10-24 12:31 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-07-19 21:13 - 2015-10-30 09:24 - 000000167 _____ C:\WINDOWS\win.ini
2019-07-17 16:01 - 2019-05-28 08:48 - 000002518 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype pro firmy.lnk
2019-07-17 16:01 - 2016-10-24 14:13 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-07-16 22:24 - 2018-06-12 07:09 - 000000000 ____D C:\WINDOWS\Minidump
2019-07-16 08:37 - 2016-11-21 11:34 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-07-16 08:37 - 2016-11-21 11:34 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-07-14 19:06 - 2016-11-28 17:20 - 000000000 ____D C:\Users\zastupitel\AppData\Local\ElevatedDiagnostics
2019-07-11 22:16 - 2019-05-27 13:34 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-07-11 09:44 - 2018-06-06 18:02 - 000003384 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1233148325-3066817778-516866998-1001
2019-07-11 09:44 - 2018-06-06 17:56 - 000002419 _____ C:\Users\zastupitel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-07-11 09:44 - 2016-10-24 16:48 - 000000000 ___RD C:\Users\zastupitel\OneDrive
2019-07-04 20:08 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-07-04 20:07 - 2018-04-25 22:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-07-04 15:25 - 2017-05-02 10:18 - 000000000 ____D C:\Users\zastupitel\Documents\ANO
2019-07-04 15:24 - 2019-05-06 07:53 - 000000000 ____D C:\Users\zastupitel\Documents\Logpack
2019-07-02 18:32 - 2016-12-18 20:41 - 000000000 ____D C:\Users\zastupitel\Documents\Personal

==================== Files in the root of some directories ================

2017-07-03 12:16 - 2017-07-03 20:37 - 000006144 _____ () C:\Users\zastupitel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119418
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Podezření na havěť

#15 Příspěvek od Rudy »

Toto je obsah souboru frst.txt. Potřebuji obsah souboru fixlog.txt.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“