VIRY.CZ

Zdravím, natahal jsem si do PC nějakou havěť, MSE je v jednom kole, tak bych to rád prošel důkladněji. Aktuálně se to projevuje vyskakujícími záložkami v prohlížeči na nějaké kasino. Datum nainstalované havěti by mělo být dnešní. Díky.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-11-2019 01
Ran by Tomáš (administrator) on TOMÁŠ-PC (Gigabyte Technology Co., Ltd. P67X-UD3-B3) (27-11-2019 07:50:32)
Running from C:\Users\Tomáš\Downloads
Loaded Profiles: Tomáš (Available Profiles: Tomáš)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Users\TOM~1\AppData\Local\Temp\7669842675.exe
() [File not signed] C:\Users\TOM~1\AppData\Local\Temp\is-420ED.tmp\axdciqkfxmj.tmp
(Access Denied) [File not signed] C:\Users\Tomáš\AppData\Roaming\gx2zgx0xfzd\axdciqkfxmj.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Canon Inc. -> CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\Tomáš\AppData\Roaming\Dashlane\Dashlane.exe
(Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\Tomáš\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Discord Inc. -> Discord Inc.) C:\Users\Tomáš\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Tomáš\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Tomáš\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Tomáš\AppData\Local\Discord\app-0.0.305\Discord.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11776104 2011-02-11] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (Canon Inc. -> CANON INC.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4926664 2016-02-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5890504 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => C:\Users\Tomáš\AppData\Local\Microsoft\Teams\Update.exe [1789552 2019-08-21] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1564068326-3056932736-4007049450-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3288016 2019-11-20] (Valve -> Valve Corporation)
HKU\S-1-5-21-1564068326-3056932736-4007049450-1000\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [36054928 2019-11-26] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1564068326-3056932736-4007049450-1000\...\Run: [Dashlane] => C:\Users\Tomáš\AppData\Roaming\Dashlane\Dashlane.exe [390144 2019-11-12] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-1564068326-3056932736-4007049450-1000\...\Run: [DashlanePlugin] => C:\Users\Tomáš\AppData\Roaming\Dashlane\DashlanePlugin.exe [412160 2019-11-12] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-1564068326-3056932736-4007049450-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [735336 2019-02-20] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-1564068326-3056932736-4007049450-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-1564068326-3056932736-4007049450-1000\...\Run: [Discord] => C:\Users\Tomáš\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-1564068326-3056932736-4007049450-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1564068326-3056932736-4007049450-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [83524968 2019-11-12] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-1564068326-3056932736-4007049450-1000\...\Run: [322807] => C:\Users\TOM~1\AppData\Local\Temp\is-H43MQ.tmp\MoocBook.exe [4761857 2019-11-26] (Access Denied) [File not signed] <==== ATTENTION
HKU\S-1-5-21-1564068326-3056932736-4007049450-1000\...\Run: [nvsetting] => C:\Users\TOM~1\AppData\Local\Temp\7669842675.exe [512512 2019-11-27] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-1564068326-3056932736-4007049450-1000\...\Run: [2915708] => C:\Users\Tomáš\AppData\Roaming\gx2zgx0xfzd\axdciqkfxmj.exe [4761857 2019-11-27] (Access Denied) [File not signed]
HKU\S-1-5-21-1564068326-3056932736-4007049450-1000\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Tomáš\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-1564068326-3056932736-4007049450-1000\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Tomáš\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-1564068326-3056932736-4007049450-1000\...\RunOnce: [Uninstall 19.174.0902.0013\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš\AppData\Local\Microsoft\OneDrive\19.174.0902.0013\amd64"
HKU\S-1-5-21-1564068326-3056932736-4007049450-1000\...\RunOnce: [Uninstall 19.174.0902.0013] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš\AppData\Local\Microsoft\OneDrive\19.174.0902.0013"
HKU\S-1-5-21-1564068326-3056932736-4007049450-1000\...\MountPoints2: {f73e253e-4e30-11e9-8377-50e54931da7d} - G:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.108\Installer\chrmstp.exe [2019-11-22] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F9197D6-21AA-49AA-A0DE-53B7456857EF} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [156200 2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {13ABF6E7-D7F0-4FA1-A4C3-9217AE558242} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2378032 2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {24FEC834-0BB2-41BC-8064-04EF7C4B9458} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {3D0180F4-3065-491C-8CB7-DE1858917E12} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6260640 2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {400B8522-8475-4C27-979D-492F80F2E78E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [638976 2019-11-27] (Access Denied) [File not signed] (Access Denied) <==== ATTENTION
Task: {4318C57C-86FC-4545-8E83-AD934544C129} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [10219208 2016-02-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {6DC58EB2-3274-4C7C-B3EA-B9A2EB438087} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
Task: {73F42CEE-CA6A-462E-A705-0FCB8798DA3A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2170168 2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {969514B3-F225-4A74-B54A-4D2A8242C5C7} - System32\Tasks\{F678378B-5BB6-400E-98C0-B8B4EF152F07} => C:\Windows\system32\pcalua.exe -a "C:\Games\Knights Of Honor\KoH.exe" -d "C:\Games\Knights Of Honor\"
Task: {A2797CDF-107F-47A9-AB0B-B1B48266B2DD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27366472 2019-11-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {B3C9EC78-EE82-4185-8814-9551B4397181} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27366472 2019-11-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {C43A0102-D2B6-417F-83C7-ACEFD376DFC8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6260640 2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {C50460AF-6697-4BB3-A81D-DDF177CAA6D1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [638976 2019-11-27] (Access Denied) [File not signed] (Access Denied) <==== ATTENTION
Task: {CFE6938E-F1EA-43C3-833E-C6D0DF00B7F8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-15] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {E509DD7F-44DE-4209-9A4D-12BDC8C44872} - System32\Tasks\mwTLuksuBTRA => C:\Windows\system32\rundll32.exe "C:\Program Files (x86)\mwTLuksuBTRA\mwTLuksuBTRA.dll",mwTLuksuBTRA <==== ATTENTION
Task: {F3F3C121-C553-4631-9CA1-4F72C66E6B6C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2170168 2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {F57FC5BE-9B94-49AF-AD23-3C5CF649FA1D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [156200 2019-12-07] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{D75AC7FC-F1C4-42CB-83C8-71F09D42EDAC}: [DhcpNameServer] 213.46.172.37 213.46.172.36

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1564068326-3056932736-4007049450-1000 -> {1C97CE63-7012-4159-B919-799BEECCCA7C} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
SearchScopes: HKU\S-1-5-21-1564068326-3056932736-4007049450-1000 -> {596ED836-A012-4eef-B071-52CA4946BE13} URL = hxxp://www.google.com/custom?client=pub-379428 ... earchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-07-02] (Microsoft Corporation -> Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-04-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Tomáš\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2019-11-12] (Dashlane USA, Inc. -> Dashlane, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Tomáš\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2019-11-12] (Dashlane USA, Inc. -> Dashlane, Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-11-04] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: rmexdf8j.default
FF ProfilePath: C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\rmexdf8j.default [2019-09-14]
FF ProfilePath: C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\bme2j14t.default-release-1573616899805 [2019-11-27]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-07-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS -> Unity Technologies ApS)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.) [File not signed]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-04-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-04] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-04] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-10-11] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.cz/
CHR Notifications: Default -> hxxps://agar.io; hxxps://aukro.cz; hxxps://secrethitler.io
CHR Profile: C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default [2019-11-27]
CHR Extension: (Prezentace) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-13]
CHR Extension: (Dokumenty) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-13]
CHR Extension: (Disk Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-06-13]
CHR Extension: (YouTube) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-13]
CHR Extension: (Adobe Acrobat) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-09-26]
CHR Extension: (Dashlane - Password Manager) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2019-11-05]
CHR Extension: (Tabulky) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-13]
CHR Extension: (Dokumenty Google offline) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Gmail) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-16]
CHR Extension: (Chrome Media Router) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-06]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [249344 2016-02-26] (Advanced Micro Devices, Inc. -> AMD)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] (Giga-Byte Technology -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11652168 2019-11-21] (Microsoft Corporation -> Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4132456 2019-02-20] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3361736 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2348336 2019-09-25] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3228464 2019-09-25] (Electronic Arts, Inc. -> Electronic Arts)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [23981568 2016-02-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [674816 2016-02-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] (Giga-Byte Technology -> )
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [104976 2016-04-01] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S1 dpwqhbpx; C:\Windows\system32\drivers\dpwqhbpx.sys [72816 2019-11-27] (Microsoft Corporation -> Microsoft Corporation)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [42256 2019-02-20] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [59360 2019-02-20] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [40832 2011-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [65280 2011-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S1 yvnokupc; C:\Windows\system32\drivers\yvnokupc.sys [72816 2019-11-27] (Microsoft Corporation -> Microsoft Corporation)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-12-07 09:35 - 2019-12-07 09:35 - 000000000 ____D C:\Users\Tomáš\AppData\Local\SKIDROW
2019-12-07 09:35 - 2019-11-26 13:30 - 000000000 ____D C:\Users\Public\Documents\Jagged Alliance - Back in Action
2019-12-07 09:35 - 2019-11-26 13:30 - 000000000 ____D C:\ProgramData\Documents\Jagged Alliance - Back in Action
2019-11-27 07:51 - 2019-11-27 07:51 - 000072816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\yvnokupc.sys
2019-11-27 07:51 - 2019-11-27 07:51 - 000072816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dpwqhbpx.sys
2019-11-27 07:50 - 2019-11-27 07:51 - 000028112 _____ C:\Users\Tomáš\Downloads\FRST.txt
2019-11-27 07:49 - 2019-11-27 07:51 - 000000000 ____D C:\FRST
2019-11-27 07:49 - 2019-11-27 07:49 - 002262016 _____ (Farbar) C:\Users\Tomáš\Downloads\FRST64.exe
2019-11-27 07:40 - 2019-11-27 07:40 - 000016724 _____ C:\Windows\system32\Tasks\mwTLuksuBTRA
2019-11-27 07:40 - 2019-11-27 07:40 - 000000270 __RSH C:\ProgramData\ntuser.pol
2019-11-27 07:40 - 2019-11-27 07:40 - 000000000 ____D C:\Users\Tomáš\AppData\Roaming\ScreenToGif
2019-11-27 07:40 - 2019-11-27 07:40 - 000000000 ____D C:\Users\Tomáš\AppData\Roaming\InstallPack
2019-11-27 07:40 - 2019-11-27 07:40 - 000000000 ____D C:\Users\Tomáš\AppData\Roaming\gx2zgx0xfzd
2019-11-27 07:40 - 2018-11-13 06:35 - 000000000 ____D C:\Program Files (x86)\mwTLuksuBTRA
2019-11-27 07:39 - 2019-11-27 07:40 - 000000000 ____D C:\Program Files (x86)\eCertification
2019-11-27 07:39 - 2019-11-27 07:39 - 000000000 ____D C:\Program Files (x86)\MachinerData
2019-11-27 06:23 - 2019-11-27 07:03 - 736252301 _____ C:\Users\Tomáš\Downloads\Jagged Alliance - Back in Action CZ.zip.002
2019-11-27 05:23 - 2019-11-27 06:20 - 1047527424 _____ C:\Users\Tomáš\Downloads\Jagged Alliance - Back in Action CZ.zip.001
2019-11-26 09:07 - 2019-11-26 09:08 - 074157419 _____ C:\Users\Tomáš\Desktop\Mutant Chronicles - The Brotherhood Sourcebook.pdf
2019-11-23 07:44 - 2019-11-23 07:44 - 000000742 _____ C:\Users\Tomáš\Desktop\Thief Simulator.lnk
2019-11-23 07:44 - 2019-11-23 07:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thief Simulator
2019-11-23 06:20 - 2019-11-23 07:28 - 1254372703 _____ (Tomi2k9 ) C:\Users\Tomáš\Downloads\Jagged Alliance - Back in Action.exe
2019-11-23 06:16 - 2019-11-23 07:02 - 3421037191 _____ C:\Users\Tomáš\Downloads\codex-thief.simulator.v1.2.rar
2019-11-23 05:52 - 2019-11-23 06:01 - 1173821319 _____ C:\Users\Tomáš\Downloads\Thief.Simulator.Update.v1.2.6-CODEX.rar
2019-11-23 05:07 - 2019-11-23 05:14 - 1056210622 _____ C:\Users\Tomáš\Downloads\Thief.Simulator.Update.v1.3-CODEX.rar
2019-11-22 19:53 - 2019-11-22 19:53 - 000000261 _____ C:\Users\Tomáš\Desktop\Subnautica.url
2019-11-22 08:39 - 2019-11-22 08:39 - 000000000 ____D C:\Users\Tomáš\AppData\LocalLow\Plausible Concept
2019-11-19 21:12 - 2019-11-19 21:12 - 000000000 ____D C:\Users\Tomáš\AppData\Local\DOSBox
2019-11-19 21:11 - 2019-11-19 21:11 - 001493703 _____ (DOSBox Team) C:\Users\Tomáš\Downloads\DOSBox0.74-3-win32-installer.exe
2019-11-19 21:11 - 2019-11-19 21:11 - 000001615 _____ C:\Users\Public\Desktop\DOSBox 0.74-3.lnk
2019-11-19 21:11 - 2019-11-19 21:11 - 000001615 _____ C:\ProgramData\Desktop\DOSBox 0.74-3.lnk
2019-11-19 21:11 - 2019-11-19 21:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74-3
2019-11-18 22:07 - 2019-11-18 22:07 - 000412538 _____ C:\Users\Tomáš\Desktop\Fišer se přiznává.dib
2019-11-13 22:33 - 2019-11-13 22:33 - 000000000 ____D C:\Users\Tomáš\AppData\LocalLow\Noble Muffins
2019-11-13 04:48 - 2019-11-13 04:57 - 000000000 ____D C:\Program Files\Unity
2019-11-13 04:47 - 2019-11-15 03:40 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-11-13 04:47 - 2019-11-13 04:48 - 000000000 ____D C:\Users\Tomáš\Desktop\Původní data aplikace Firefox
2019-11-13 04:46 - 2019-11-13 04:53 - 000000000 ____D C:\Users\Tomáš\AppData\LocalLow\Unity
2019-11-13 04:46 - 2019-11-13 04:53 - 000000000 ____D C:\Users\Tomáš\AppData\Local\Unity
2019-11-06 16:49 - 2019-11-06 16:49 - 000638938 _____ C:\Users\Tomáš\Downloads\omluva z jednání 2.pages
2019-11-05 21:33 - 2019-11-05 21:33 - 000305304 _____ C:\Windows\Minidump\110519-8595-01.dmp
2019-11-05 12:40 - 2019-11-05 12:40 - 000305240 _____ C:\Windows\Minidump\110519-8767-01.dmp
2019-11-04 19:46 - 2019-11-06 13:22 - 000344030 _____ C:\Users\Tomáš\Desktop\Švec přihláška pohledávky.pdf
2019-11-04 19:46 - 2019-11-04 19:46 - 000129816 _____ C:\Users\Tomáš\Desktop\Švec příloha příkaz exe.pdf
2019-11-04 19:45 - 2019-11-04 19:45 - 000520256 _____ C:\Users\Tomáš\Desktop\Švec příloha rozsudek.pdf
2019-11-04 18:53 - 2019-11-04 19:45 - 000342819 _____ C:\Users\Tomáš\Desktop\Prihlaska_pohledavky Švec.pdf
2019-11-04 15:00 - 2019-11-04 15:00 - 000120086 _____ C:\Users\Tomáš\Downloads\mandatni-smlouva-pdf.pdf
2019-11-04 14:28 - 2019-11-04 14:28 - 000204001 _____ C:\Users\Tomáš\Downloads\Prihlaska_pohledavky_pokyny.pdf
2019-11-04 12:46 - 2019-11-04 12:46 - 000327464 _____ C:\Users\Tomáš\Downloads\Prihlaska_pohledavky.pdf
2019-11-04 12:46 - 2019-11-04 12:46 - 000327464 _____ C:\Users\Tomáš\Downloads\Prihlaska_pohledavky (1).pdf
2019-11-02 18:59 - 2019-11-02 18:59 - 000129015 _____ C:\Users\Tomáš\Downloads\obhajoba-pred-soudem-i--stupne-vcetne-dokazovani---judr--tomas-durdik.pptx
2019-10-29 15:46 - 2019-10-29 15:47 - 000000000 ____D C:\Users\Tomáš\Desktop\7 Cm 133 2016 (cee direct)
2019-10-29 15:46 - 2019-10-29 15:46 - 000000000 ____D C:\Users\Tomáš\Desktop\7 Cm 178 2014 (Koutný I)
2019-10-29 15:45 - 2019-10-29 15:45 - 000000000 ____D C:\Users\Tomáš\Desktop\53 Cm 211 2017 (Felcmanová)
2019-10-29 15:39 - 2019-10-29 17:16 - 000000000 ____D C:\Users\Tomáš\Desktop\7 Cm 17 2017 (Koutný II)
2019-10-29 14:24 - 2019-10-29 14:24 - 000447217 _____ C:\Users\Tomáš\Downloads\DPTX_2010_1__0_39118_0_79690.pdf
2019-10-29 09:46 - 2019-10-29 09:46 - 000304976 _____ C:\Windows\Minidump\102919-9594-01.dmp
2019-10-29 09:40 - 2019-10-29 09:40 - 000305304 _____ C:\Windows\Minidump\102919-9094-01.dmp

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-12-07 09:03 - 2018-10-08 19:48 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-12-07 09:03 - 2009-07-14 04:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2019-12-07 09:02 - 2018-10-08 19:45 - 000000000 ____D C:\Program Files\Microsoft Office
2019-11-27 07:40 - 2009-07-14 04:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2019-11-27 07:22 - 2018-07-02 12:20 - 000000000 ____D C:\Games
2019-11-27 03:51 - 2019-05-04 10:21 - 000000000 ____D C:\Users\Tomáš\AppData\Roaming\Doomtrooper
2019-11-27 03:48 - 2009-07-14 05:45 - 000015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-11-27 03:48 - 2009-07-14 05:45 - 000015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-11-26 09:36 - 2019-03-17 03:08 - 000005335 _____ C:\Users\Tomáš\Desktop\MCh-krystalové nebe.txt
2019-11-26 04:55 - 2018-10-09 17:26 - 000003174 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1564068326-3056932736-4007049450-1000
2019-11-26 04:55 - 2018-10-08 19:50 - 000002120 _____ C:\Users\Tomáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2019-11-26 04:55 - 2018-10-08 19:50 - 000000000 ___RD C:\Users\Tomáš\OneDrive
2019-11-24 08:43 - 2019-10-25 17:59 - 000002337 _____ C:\Users\Tomáš\Desktop\Doomtrooper.lnk
2019-11-23 10:34 - 2009-07-14 16:18 - 000668542 _____ C:\Windows\system32\perfh005.dat
2019-11-23 10:34 - 2009-07-14 16:18 - 000141202 _____ C:\Windows\system32\perfc005.dat
2019-11-23 10:34 - 2009-07-14 06:13 - 001583226 _____ C:\Windows\system32\PerfStringBackup.INI
2019-11-23 10:34 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2019-11-23 10:29 - 2019-05-27 18:50 - 000000000 ____D C:\Users\Tomáš\AppData\Roaming\Discord
2019-11-23 10:29 - 2018-07-25 21:07 - 000000000 ____D C:\Users\Tomáš\AppData\Local\LogMeIn Hamachi
2019-11-23 10:29 - 2018-06-13 12:17 - 000000000 ____D C:\Program Files (x86)\Steam
2019-11-23 10:28 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-11-22 19:40 - 2018-12-18 15:27 - 000000000 ____D C:\Program Files\Epic Games
2019-11-22 08:32 - 2018-06-13 11:54 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-11-22 08:22 - 2019-02-01 20:38 - 000001879 _____ C:\Users\Tomáš\Desktop\Dashlane.lnk
2019-11-22 08:22 - 2019-02-01 20:37 - 000000000 ____D C:\Users\Tomáš\AppData\Roaming\Dashlane
2019-11-21 05:00 - 2019-09-23 08:56 - 000000000 ____D C:\Users\Tomáš\Desktop\42 C 328 2019 (Bočková)
2019-11-15 03:44 - 2018-06-15 05:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-11-13 21:56 - 2019-02-20 03:06 - 000000000 ____D C:\Users\Tomáš\AppData\Roaming\DAEMON Tools Lite
2019-11-13 20:25 - 2018-10-08 20:46 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-11-13 04:54 - 2019-09-14 17:51 - 000000000 ____D C:\Users\Tomáš\AppData\LocalLow\Mozilla
2019-11-13 04:52 - 2018-06-13 11:53 - 000000000 ____D C:\Users\Tomáš\AppData\Local\Deployment
2019-11-12 22:03 - 2018-06-13 13:51 - 000748816 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2019-11-05 21:33 - 2019-10-27 11:06 - 670099608 _____ C:\Windows\MEMORY.DMP
2019-11-05 21:33 - 2019-03-24 13:33 - 000000000 ____D C:\Windows\Minidump
2019-11-04 23:56 - 2018-06-13 11:53 - 000000000 ____D C:\Program Files (x86)\Google
2019-11-03 19:29 - 2018-07-18 06:26 - 000000000 ____D C:\ProgramData\Package Cache
2019-11-01 22:55 - 2019-08-01 07:56 - 000000000 ____D C:\Users\Tomáš\Desktop\Nguyen

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-11-19 04:44
==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-11-2019 01
Ran by Tomáš (27-11-2019 07:52:25)
Running from C:\Users\Tomáš\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2018-06-13 10:32:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1564068326-3056932736-4007049450-500 - Administrator - Disabled)
Guest (S-1-5-21-1564068326-3056932736-4007049450-501 - Limited - Disabled)
Tomáš (S-1-5-21-1564068326-3056932736-4007049450-1000 - Administrator - Enabled) => C:\Users\Tomáš

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7 Mages (HKLM\...\N21hZ2Vz_is1) (Version: 1 - )
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.021.20056 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Battle for Wesnoth 1.14.7 (HKLM-x32\...\Battle for Wesnoth 1.14.7) (Version: 1.14.7 - )
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - Canon Inc.)
Canon MG5300 series On-screen Manual (HKLM-x32\...\Canon MG5300 series On-screen Manual) (Version: - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
Catalyst Control Center Next Localization BR (HKLM\...\{0AAE5E7A-2F6D-72D9-D0DF-80F194BD7A5A}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{ECFBE513-0699-58BF-E02C-9FF4F5E7EF89}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{F2691442-6098-2100-B54E-FA8B834E8437}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{8E8075B9-F175-9406-5CB6-D4E0DC559715}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{17DE6391-FC9A-FBC9-D7F6-733B5DC4610F}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{6FF45160-0439-645E-8450-DD06558CED11}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{F3441830-D747-C1FA-1D64-5115FA200754}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{89434C70-A75C-8D5B-3E62-180F144E327E}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{B76DE8AB-9E9B-019B-4155-3426BD56DF3B}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{0500A3FF-F5A1-3313-58CD-7DBC0126BDB0}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{2E866797-6A86-D485-08EE-7EDF2FF58758}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{6611961A-B0E7-8CC0-B37D-B8427E4465CA}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{88FA6A6D-6441-A1E1-A318-7C78BFD42129}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{064C9A53-41BD-48A7-E6D6-B8B602DAD865}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{D8EEF488-861F-4A2D-6DF7-E5DD10409B75}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{8CE00A89-56EF-E816-E6BB-47AE6F88E395}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{D5A61AA0-63BB-CD18-03FC-603334B7E961}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{BA45B0B3-E1D3-E7A1-964C-D8F56A6451F2}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{07F21799-880A-FFE0-7832-04B6E57877B3}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{AFE15987-06A8-175A-B04B-B883440C96CC}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{6304B126-A90A-AF9F-B474-7D964C38FA75}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.59 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.10.0.0770 - Disc Soft Ltd)
Dashlane (HKU\S-1-5-21-1564068326-3056932736-4007049450-1000\...\Dashlane) (Version: 6.1946.0.26096 - Dashlane, Inc.)
Discord (HKU\S-1-5-21-1564068326-3056932736-4007049450-1000\...\Discord) (Version: 0.0.305 - Discord Inc.)
Doomtrooper 0.7.0 (HKU\S-1-5-21-1564068326-3056932736-4007049450-1000\...\d329b7f5-94e3-5f19-886a-ced48ff497fa) (Version: 0.7.0 - Secret Cow Level)
Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.98 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.98 - Etron Technology)
Evil Genius (HKLM-x32\...\Evil Genius_is1) (Version: - Elixir Studios Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.108 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Jagged Alliance - Back in Action by Tomi2k9 1.30 (HKLM-x32\...\Jagged Alliance - Back in Action by Tomi2k9 1.30) (Version: - )
Knights Of Honor (HKLM-x32\...\{7911C404-9AFA-4BB2-B9B7-E47423D87528}) (Version: 1.00 - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\{ECC0FA07-863E-44BC-8B1D-DA22F96E5FB7}) (Version: 2.2.0.633 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.633 - LogMeIn, Inc.)
Microsoft .NET Framework 4.8 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Office 365 ProPlus - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.12130.20410 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1564068326-3056932736-4007049450-1000\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{E154B2C8-2F3E-4763-B3D5-E7D34AE39C6B}) (Version: 1.0.0.0 - Mojang)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12130.20410 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12130.20410 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.12130.20410 - Microsoft Corporation) Hidden
ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.48.31055 - Electronic Arts, Inc.)
Original War (HKLM-x32\...\Original War) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6307 - Realtek Semiconductor Corp.)
Registrace uživatele zařízení Canon MG5300 series (HKLM-x32\...\Registrace uživatele zařízení Canon MG5300 series) (Version: - )
Seven Kingdoms AA (HKLM-x32\...\7kaa) (Version: - )
Skype verze 8.54 (HKLM-x32\...\Skype_is1) (Version: 8.54 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.53.115.1020 - Electronic Arts Inc.)
Thief Simulator (HKLM-x32\...\Thief Simulator_is1) (Version: - )
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 85.1 - Ubisoft)
WinRAR 5.60 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-02-20] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-02-20] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-02-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2018-12-18 15:25 - 2018-12-18 15:25 - 098275328 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
2018-12-18 15:25 - 2018-12-18 15:25 - 000092672 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll
2018-12-18 15:25 - 2018-12-18 15:25 - 003922432 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll
2018-06-15 05:21 - 2019-11-12 18:26 - 001901568 _____ () [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2018-06-15 05:21 - 2019-11-12 18:26 - 000115712 _____ () [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2018-06-15 05:21 - 2019-11-12 18:26 - 004636672 _____ () [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2015-06-25 15:53 - 2015-06-25 15:53 - 000011776 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 15:51 - 2015-06-25 15:51 - 002013696 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2015-06-25 16:34 - 2015-06-25 16:34 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 16:37 - 2015-06-25 16:37 - 000739840 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 16:38 - 2015-06-25 16:38 - 000071168 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 16:35 - 2015-06-25 16:35 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2019-11-27 07:40 - 2019-11-27 07:40 - 001086976 _____ () [File not signed] C:\Users\TOM~1\AppData\Local\Temp\is-420ED.tmp\axdciqkfxmj.tmp
2019-11-27 07:40 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\TOM~1\AppData\Local\Temp\is-486EH.tmp\itdownload.dll
2018-07-03 12:55 - 2011-04-07 18:09 - 000067584 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\MyPrinter\BJMyRes.dll
2018-07-03 12:55 - 2011-03-14 18:09 - 000136704 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\MyPrinter\cnmpu.dll
2018-07-03 12:53 - 2012-06-14 09:18 - 000359936 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMN6PPM.DLL
2019-11-22 08:32 - 2019-11-27 07:39 - 064562672 _____ (Google LLC -> Google LLC) [File not signed] C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.108\chrome.dll
2019-11-27 07:40 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\TOM~1\AppData\Local\Temp\is-486EH.tmp\idp.dll
2018-12-18 15:25 - 2018-12-18 15:25 - 000547840 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\chrome_elf.dll
2019-05-28 03:49 - 2019-06-11 07:21 - 001277440 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2019-05-28 03:49 - 2019-06-11 07:22 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2019-02-01 20:38 - 2019-11-12 15:30 - 001240064 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\Tomáš\AppData\Roaming\Dashlane\libeay32.dll
2019-02-01 20:38 - 2019-11-12 15:30 - 000281600 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\Tomáš\AppData\Roaming\Dashlane\ssleay32.dll
2019-05-28 03:49 - 2019-07-12 08:23 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2019-05-28 03:49 - 2019-07-12 08:23 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2019-05-28 03:49 - 2019-07-12 08:23 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2019-05-28 03:49 - 2019-07-12 08:23 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2019-05-28 03:49 - 2019-07-12 08:23 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2019-05-28 03:49 - 2019-07-12 08:23 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
2015-06-25 16:20 - 2015-06-25 16:20 - 000049664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qdds.dll
2015-06-25 16:15 - 2015-06-25 16:15 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2015-06-25 16:20 - 2015-06-25 16:20 - 000037376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2015-06-25 16:15 - 2015-06-25 16:15 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2015-06-25 16:20 - 2015-06-25 16:20 - 000459776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjp2.dll
2015-06-25 16:15 - 2015-06-25 16:15 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2015-06-25 16:20 - 2015-06-25 16:20 - 000275456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qmng.dll
2015-06-25 16:17 - 2015-06-25 16:17 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2015-06-25 16:20 - 2015-06-25 16:20 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2015-06-25 16:20 - 2015-06-25 16:20 - 000351744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtiff.dll
2015-06-25 16:20 - 2015-06-25 16:20 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2015-06-25 16:21 - 2015-06-25 16:21 - 000374784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2015-06-25 16:14 - 2015-06-25 16:14 - 001212416 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2015-07-02 11:58 - 2015-07-02 11:58 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2015-06-25 16:03 - 2015-06-25 16:03 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2015-06-25 16:00 - 2015-06-25 16:00 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2015-06-25 16:23 - 2015-06-25 16:23 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2015-06-25 16:28 - 2015-06-25 16:28 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2015-06-25 16:16 - 2015-06-25 16:16 - 000310784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2015-06-25 16:08 - 2015-06-25 16:08 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2015-06-25 16:58 - 2015-06-25 16:58 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2015-06-25 15:59 - 2015-06-25 15:59 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2019-11-22 08:21 - 2019-11-12 15:30 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Tomáš\AppData\Roaming\Dashlane\6.1946.0.26096\bin\Qt\imageformats\qgif.dll
2019-11-22 08:21 - 2019-11-12 15:30 - 000034816 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Tomáš\AppData\Roaming\Dashlane\6.1946.0.26096\bin\Qt\imageformats\qicns.dll
2019-11-22 08:21 - 2019-11-12 15:30 - 000025600 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Tomáš\AppData\Roaming\Dashlane\6.1946.0.26096\bin\Qt\imageformats\qico.dll
2019-11-22 08:21 - 2019-11-12 15:30 - 000298496 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Tomáš\AppData\Roaming\Dashlane\6.1946.0.26096\bin\Qt\imageformats\qjpeg.dll
2019-11-22 08:21 - 2019-11-12 15:30 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Tomáš\AppData\Roaming\Dashlane\6.1946.0.26096\bin\Qt\imageformats\qsvg.dll
2019-11-22 08:21 - 2019-11-12 15:30 - 000019968 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Tomáš\AppData\Roaming\Dashlane\6.1946.0.26096\bin\Qt\imageformats\qtga.dll
2019-11-22 08:21 - 2019-11-12 15:30 - 000332288 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Tomáš\AppData\Roaming\Dashlane\6.1946.0.26096\bin\Qt\imageformats\qtiff.dll
2019-11-22 08:21 - 2019-11-12 15:30 - 000019456 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Tomáš\AppData\Roaming\Dashlane\6.1946.0.26096\bin\Qt\imageformats\qwbmp.dll
2019-11-22 08:21 - 2019-11-12 15:30 - 000414720 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Tomáš\AppData\Roaming\Dashlane\6.1946.0.26096\bin\Qt\imageformats\qwebp.dll
2019-11-22 08:21 - 2019-11-12 15:30 - 001126400 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Tomáš\AppData\Roaming\Dashlane\6.1946.0.26096\bin\Qt\platforms\qwindows.dll
2019-11-22 08:21 - 2019-11-12 15:30 - 004994048 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Tomáš\AppData\Roaming\Dashlane\6.1946.0.26096\bin\Qt\Qt5Core.dll
2019-11-22 08:21 - 2019-11-12 15:30 - 003637248 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Tomáš\AppData\Roaming\Dashlane\6.1946.0.26096\bin\Qt\Qt5Gui.dll
2019-11-22 08:21 - 2019-11-12 15:30 - 001088512 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Tomáš\AppData\Roaming\Dashlane\6.1946.0.26096\bin\Qt\Qt5Network.dll
2019-11-22 08:21 - 2019-11-12 15:30 - 000280576 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Tomáš\AppData\Roaming\Dashlane\6.1946.0.26096\bin\Qt\Qt5Positioning.dll
2019-11-22 08:21 - 2019-11-12 15:30 - 000278016 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Tomáš\AppData\Roaming\Dashlane\6.1946.0.26096\bin\Qt\Qt5PrintSupport.dll
2019-11-22 08:21 - 2019-11-12 15:30 - 002966016 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Tomáš\AppData\Roaming\Dashlane\6.1946.0.26096\bin\Qt\Qt5Qml.dll
2019-11-22 08:21 - 2019-11-12 15:30 - 002796032 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Tomáš\AppData\Roaming\Dashlane\6.1946.0.26096\bin\Qt\Qt5Quick.dll
2019-11-22 08:21 - 2019-11-12 15:30 - 000048640 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Tomáš\AppData\Roaming\Dashlane\6.1946.0.26096\bin\Qt\Qt5QuickWidgets.dll
2019-11-22 08:21 - 2019-11-12 15:30 - 000163840 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Tomáš\AppData\Roaming\Dashlane\6.1946.0.26096\bin\Qt\Qt5Sql.dll
2019-11-22 08:21 - 2019-11-12 15:30 - 000268288 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Tomáš\AppData\Roaming\Dashlane\6.1946.0.26096\bin\Qt\Qt5Svg.dll
2019-11-22 08:21 - 2019-11-12 15:30 - 055062528 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Tomáš\AppData\Roaming\Dashlane\6.1946.0.26096\bin\Qt\Qt5WebEngineCore.dll
2019-11-22 08:21 - 2019-11-12 15:30 - 000190976 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Tomáš\AppData\Roaming\Dashlane\6.1946.0.26096\bin\Qt\Qt5WebEngineWidgets.dll
2019-11-22 08:21 - 2019-11-12 15:30 - 000092160 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Tomáš\AppData\Roaming\Dashlane\6.1946.0.26096\bin\Qt\Qt5WebChannel.dll
2019-11-22 08:21 - 2019-11-12 15:30 - 004590592 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Tomáš\AppData\Roaming\Dashlane\6.1946.0.26096\bin\Qt\Qt5Widgets.dll
2019-11-22 08:21 - 2019-11-12 15:30 - 000122368 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Tomáš\AppData\Roaming\Dashlane\6.1946.0.26096\bin\Qt\styles\qwindowsvistastyle.dll
2019-11-27 07:40 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\TOM~1\AppData\Local\Temp\is-486EH.tmp\psvince.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\Drivers\dpwqhbpx.sys:changelist [1946]
AlternateDataStreams: C:\Windows\system32\Drivers\yvnokupc.sys:changelist [344]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1564068326-3056932736-4007049450-1000\...\sharepoint.com -> hxxps://ucnmuni-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\AMD\ATI.ACE\Core-Static
HKU\S-1-5-21-1564068326-3056932736-4007049450-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tomáš\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 213.46.172.37 - 213.46.172.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{ECE231ED-6677-4157-B332-53AD744B337F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{7ED8042C-C8E4-44E5-9CD7-FD7661C28D1C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{E5BCE17D-68F3-4500-976E-A37945CE7E63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warhammer 40,000 Space Wolf\Spacewolf.exe () [File not signed]
FirewallRules: [{D0EA2045-B7DD-4381-971D-5DBD5A72C7F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warhammer 40,000 Space Wolf\Spacewolf.exe () [File not signed]
FirewallRules: [{A45ACADE-41A2-4E5D-B4A6-208040C1021B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe () [File not signed]
FirewallRules: [{E8712648-8B3F-4778-8B36-C8CDB789A787}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe () [File not signed]
FirewallRules: [{41806199-5E6C-4D9B-8D98-49EFE8042F9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForestVR.exe () [File not signed]
FirewallRules: [{756FF52E-CA16-4BAB-9AD6-56B954504196}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForestVR.exe () [File not signed]
FirewallRules: [{79F7C870-FF2D-41A1-96A4-2BE08CF9B27A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{E16DF35E-5C07-4FD1-8262-DD93006A405B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{2048120E-D11C-4C61-9942-EFA5D8A40F4D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{68B33635-F09D-486B-871B-AC161B0ABFDD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CEBBFAC9-FB8A-4F76-B34E-996A5A69EFD4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings II\CK2game.exe (Paradox Interactive Ab (Publ) -> Paradox Interactive)
FirewallRules: [{296C8FC0-145F-48BC-ACA8-F5B40C680E3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings II\CK2game.exe (Paradox Interactive Ab (Publ) -> Paradox Interactive)
FirewallRules: [{913B729F-32E2-4F23-B0EC-0C842D1CC824}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Northgard\Northgard.exe () [File not signed]
FirewallRules: [{1DE1C1FE-8B19-4A35-A164-6046932FD564}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Northgard\Northgard.exe () [File not signed]
FirewallRules: [TCP Query User{A502DEE8-89A8-4B36-847D-439CE58D3B76}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{1427B6BC-1BBA-44D7-B7C3-D5FFB793BA67}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{AF9D9BE5-31ED-4A10-B1F0-54BA08265FF7}] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{32A4DD89-16E4-4773-BE1E-E70080CF4D32}] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{FB3976B7-AFAE-48EC-BE92-A9A6DF81FE9E}C:\program files\epic games\subnautica\subnautica.exe] => (Allow) C:\program files\epic games\subnautica\subnautica.exe No File
FirewallRules: [UDP Query User{B253BC34-D164-4E23-AAFF-92B4A4116435}C:\program files\epic games\subnautica\subnautica.exe] => (Allow) C:\program files\epic games\subnautica\subnautica.exe No File
FirewallRules: [{C90D8210-76F1-4875-8577-0585E4F5AC14}] => (Block) C:\program files\epic games\subnautica\subnautica.exe No File
FirewallRules: [{FC0D1E2B-1AA2-4CB1-BD5D-A4FA3EDB3AEA}] => (Block) C:\program files\epic games\subnautica\subnautica.exe No File
FirewallRules: [{C556B337-3323-4CE7-8B94-DB560CDCC641}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zombidle\Zombidle.exe () [File not signed]
FirewallRules: [{BDFF71A5-2989-4F9A-81CE-B9B52675EB78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zombidle\Zombidle.exe () [File not signed]
FirewallRules: [TCP Query User{5BAF1B90-C300-44E7-99FE-B0E52416D9BC}C:\games\aground\aground.exe] => (Block) C:\games\aground\aground.exe () [File not signed]
FirewallRules: [UDP Query User{068DF9C2-B94B-40CA-9403-6D195343D703}C:\games\aground\aground.exe] => (Block) C:\games\aground\aground.exe () [File not signed]
FirewallRules: [{75BE5F2F-BF86-41A2-978F-D4C4B03883FD}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{0A86C7B4-0EB9-4C81-B94D-61A9616FE9B6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9CD728C9-DA6C-41EB-A764-84D5DBA42937}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E8808DFB-D7A8-4C8E-8ECC-E1697F200196}] => (Allow) %SystemDrive%\Games\Minecraft\MinecraftLauncher.exe (Mojang AB -> Mojang)
FirewallRules: [{8C288984-1F64-47B7-8B38-A4E70EEFCADA}] => (Allow) %ProgramFiles% (x86)\LogMeIn Hamachi\hamachi-2-ui.exe No File
FirewallRules: [{E8A7B8E6-FB43-47FC-8836-A9AF4ED1B2E0}] => (Allow) C:\Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{691781A9-E0D5-4C03-9EA6-25180E0BB72D}] => (Allow) C:\Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{62AF8FD7-6640-46C2-90DE-86E6E30BFEAD}] => (Allow) C:\Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{E30F53F0-CF80-4D74-A516-24BF8DED2362}] => (Allow) C:\Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{BA9D963F-E4B8-4AE2-808C-7FD6B61E9042}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wesnoth\wesnoth.exe (The Battle for Wesnoth Project) [File not signed]
FirewallRules: [{8205EF88-05FE-4387-88FF-3D96732607E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wesnoth\wesnoth.exe (The Battle for Wesnoth Project) [File not signed]
FirewallRules: [{608B7735-FC50-4E33-8A35-779421DF4EBB}] => (Allow) C:\Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{771A6B5F-842C-45E6-85BA-6C934A15D277}] => (Allow) C:\Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{B78FD5FE-1C0B-4366-A6E3-ECA3DCD1DA5E}] => (Allow) C:\Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{DD1508EF-A4CB-46BB-B814-787A6CA14BC3}] => (Allow) C:\Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [TCP Query User{4E09BD43-48C8-46FF-B4B4-63FE89B62B94}C:\games\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\games\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{97E468FA-259E-47D4-822E-C8821A00FCAC}C:\games\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\games\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [{E13F7C26-8F0B-4AE9-8CC2-2776C0A8F504}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{343696D6-2121-48A0-A8BC-3B7DA98AA209}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{862D236F-0F19-4DC8-860F-29B6275CB598}C:\games\the escapists 2\theescapists2.exe] => (Allow) C:\games\the escapists 2\theescapists2.exe () [File not signed]
FirewallRules: [UDP Query User{C0C7C530-0AB6-423C-B276-87E1234D8361}C:\games\the escapists 2\theescapists2.exe] => (Allow) C:\games\the escapists 2\theescapists2.exe () [File not signed]
FirewallRules: [{BD007D19-D564-4203-A880-82879D624A13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Northgard\hl32\hl.exe () [File not signed]
FirewallRules: [{D4A4BA76-3E66-4E4A-A7A4-A4DF3FEE6CC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Northgard\hl32\hl.exe () [File not signed]
FirewallRules: [{878ECF44-FF82-448F-ADD7-9CFF5628C48C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1221F8AB-124B-48D2-B554-12CA85038BBB}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{638D2712-46B6-408B-BCAD-25C87CF6BF5E}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{74226F26-83CD-40A7-A563-52CE002C73E0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{92F5771B-5382-4B8F-A112-FD0E6ED451B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Northgard\ng32\Northgard.exe () [File not signed]
FirewallRules: [{E9DCB2EC-825E-4595-9599-B00CB2253C6F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Northgard\ng32\Northgard.exe () [File not signed]
FirewallRules: [{04FA2D3A-93D0-4181-B24F-EC5C6053E7C8}] => (Allow) C:\Windows\system32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D90F6E9C-6FD0-4030-A233-653DEB3D00F1}] => (Allow) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{45F0ECB2-EE26-4C7A-9049-38016D5DE31F}] => (Allow) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)

==================== Restore Points =========================

23-11-2019 10:15:02 Windows Update
07-12-2019 09:00:55 Windows Update

==================== Faulty Device Manager Devices ============

Name: Hamachi Network Interface
Description: Hamachi Network Interface
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (11/27/2019 07:40:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program MoocBook.tmp verze 51.52.0.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 2530

Čas spuštění: 01d5a4ed77e99def

Čas ukončení: 4

Cesta k aplikaci: C:\Users\TOM~1\AppData\Local\Temp\is-2G0RD.tmp\MoocBook.tmp

ID hlášení:

Error: (11/26/2019 04:51:29 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Problém zabránil odeslání dat programu Zlepšování softwaru a služeb na základě zkušeností uživatelů společnosti Microsoft, (chyba 80004005).

Error: (11/26/2019 05:46:22 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Problém zabránil odeslání dat programu Zlepšování softwaru a služeb na základě zkušeností uživatelů společnosti Microsoft, (chyba 80004005).

Error: (11/25/2019 03:34:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Game.exe, verze: 0.0.0.0, časové razítko: 0x4f32bc57
Název chybujícího modulu: Game.exe, verze: 0.0.0.0, časové razítko: 0x4f32bc57
Kód výjimky: 0xc0000005
Posun chyby: 0x001f07ca
ID chybujícího procesu: 0x2260
Čas spuštění chybující aplikace: 0x01d5a381552d7c92
Cesta k chybující aplikaci: C:\Games\Jagged Alliance - Back in Action\Game.exe
Cesta k chybujícímu modulu: C:\Games\Jagged Alliance - Back in Action\Game.exe
ID zprávy: b7d5b496-0f90-11ea-87fa-50e54931da7d

Error: (11/25/2019 12:11:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Game.exe, verze: 0.0.0.0, časové razítko: 0x4f32bc57
Název chybujícího modulu: Game.exe, verze: 0.0.0.0, časové razítko: 0x4f32bc57
Kód výjimky: 0xc0000005
Posun chyby: 0x00137205
ID chybujícího procesu: 0x15a8
Čas spuštění chybující aplikace: 0x01d5a2f241216beb
Cesta k chybující aplikaci: C:\Games\Jagged Alliance - Back in Action\Game.exe
Cesta k chybujícímu modulu: C:\Games\Jagged Alliance - Back in Action\Game.exe
ID zprávy: 5e6918f8-0f74-11ea-87fa-50e54931da7d

Error: (11/25/2019 02:37:51 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Problém zabránil odeslání dat programu Zlepšování softwaru a služeb na základě zkušeností uživatelů společnosti Microsoft, (chyba 80004005).

Error: (11/24/2019 08:54:38 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Problém zabránil odeslání dat programu Zlepšování softwaru a služeb na základě zkušeností uživatelů společnosti Microsoft, (chyba 80004005).

Error: (11/23/2019 12:20:12 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Problém zabránil odeslání dat programu Zlepšování softwaru a služeb na základě zkušeností uživatelů společnosti Microsoft, (chyba 80004005).


System errors:
=============
Error: (11/23/2019 10:28:58 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (10:24:05, ‎23.‎11.‎2019) bylo neočekávané.

Error: (11/23/2019 10:18:10 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (10:17:25, ‎23.‎11.‎2019) bylo neočekávané.

Error: (12/07/2019 08:49:55 AM) (Source: Microsoft-Windows-Time-Service) (EventID: 34) (User: NT AUTHORITY)
Description: Služba Systémový čas zjistila, že je nutné změnit systémový čas o -1209592 s. Služba Systémový čas nemění systémový čas o více než 54000 s. Ověřte správnost času a časového pásma a zda zdroj času time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->20.43.94.199:123) pracuje správně.

Error: (11/22/2019 08:20:31 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (8:18:54, ‎22.‎11.‎2019) bylo neočekávané.

Error: (11/22/2019 08:17:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Steam Client Service neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (11/22/2019 08:17:29 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Steam Client Service bylo dosaženo časového limitu (30000 ms).

Error: (11/19/2019 02:34:28 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (14:33:19, ‎19.‎11.‎2019) bylo neočekávané.

Error: (11/18/2019 03:24:53 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (15:23:28, ‎18.‎11.‎2019) bylo neočekávané.


==================== Memory info ===========================

BIOS: Award Software International, Inc. F2 03/25/2011
Motherboard: Gigabyte Technology Co., Ltd. P67X-UD3-B3
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 62%
Total physical RAM: 8175.12 MB
Available physical RAM: 3072.82 MB
Total Virtual: 16348.38 MB
Available Virtual: 9511.31 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:63.28 GB) NTFS

\\?\Volume{3df0d1d9-6ef4-11e8-921c-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 9783AFF5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Logfile of random's system information tool 1.10 (written by random/random)
Run by Tomáš at 2019-11-27 08:00:56
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 65 GB (27%) free of 238 GB
Total RAM: 8175 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:00:56, on 27.11.2019
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19463)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Tomáš\AppData\Roaming\Dashlane\Dashlane.exe
C:\Users\Tomáš\AppData\Roaming\Dashlane\DashlanePlugin.exe
C:\Users\Tomáš\AppData\Local\Discord\app-0.0.305\Discord.exe
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
C:\Users\Tomáš\AppData\Local\Discord\app-0.0.305\Discord.exe
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
C:\Users\Tomáš\AppData\Local\Discord\app-0.0.305\Discord.exe
C:\Users\Tomáš\AppData\Local\Discord\app-0.0.305\Discord.exe
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
C:\Users\TOM~1\AppData\Local\Temp\7669842675.exe
C:\Users\TOM~1\AppData\Local\Temp\is-420ED.tmp\axdciqkfxmj.tmp
C:\Program Files\trend micro\Tomáš.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkI ... id=UE12DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Dashlane BHO - {42D79B50-CC4A-4A8E-860F-BE674AF053A2} - C:\Users\Tomáš\AppData\Roaming\Dashlane\ie\Dashlanei.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Tomáš\AppData\Roaming\Dashlane\ie\KWIEBar.dll
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [TeamsMachineUninstallerLocalAppData] %LOCALAPPDATA%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [EpicGamesLauncher] "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent
O4 - HKCU\..\Run: [Dashlane] "C:\Users\Tomáš\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
O4 - HKCU\..\Run: [DashlanePlugin] "C:\Users\Tomáš\AppData\Roaming\Dashlane\DashlanePlugin.exe" ws
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Discord] C:\Users\Tomáš\AppData\Local\Discord\app-0.0.305\Discord.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Skype for Desktop] C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
O4 - HKCU\..\Run: [nvsetting] C:\Users\TOM~1\AppData\Local\Temp\7669842675.exe
O4 - HKCU\..\RunOnce: [Delete Cached Update Binary] C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Tomáš\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
O4 - HKCU\..\RunOnce: [Delete Cached Standalone Update Binary] C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Tomáš\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
O4 - HKCU\..\RunOnce: [Uninstall 19.174.0902.0013\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš\AppData\Local\Microsoft\OneDrive\19.174.0902.0013\amd64"
O4 - HKCU\..\RunOnce: [Uninstall 19.174.0902.0013] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš\AppData\Local\Microsoft\OneDrive\19.174.0902.0013"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.108\elevation_service.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12214 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe"
"C:\Program Files (x86)\Origin\OriginWebHelperService.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe" -s
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE" /logon
"C:\Program Files\AMD\CNext\CNext\cnext.exe" atlogon
"C:\Program Files (x86)\Steam\Steam.exe" -silent
"C:\Users\Tomáš\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
"C:\Users\Tomáš\AppData\Roaming\Dashlane\DashlanePlugin.exe" ws
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
"C:\Users\Tomáš\AppData\Local\Discord\app-0.0.305\Discord.exe"
"C:\Windows\System32\StikyNot.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe"
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Users\Tomáš\AppData\Local\Discord\app-0.0.305\Discord.exe" --type=gpu-process --enable-features=SharedArrayBuffer --no-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=7066440863534503211 --mojo-platform-channel-handle=1104 /prefetch:2
"C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe"
"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --reporter-url=https://rink.hockeyapp.net/api/2/apps/a ... hes/upload --application-name=skype-preview "--crashes-directory=C:\Users\TOM~1\AppData\Local\Temp\skype-preview Crashes" --v=1
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --ms-disable-indexeddb-transaction-timeout --disable-features=SpareRendererForSitePerProcess --service-pipe-token=5974204944955610713 --lang=cs --app-user-model-id=Microsoft.Skype.SkypeDesktop --app-path="C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar" --webview-tag --no-sandbox --no-zygote --native-window-open --preload="C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar\Preload.js" --background-color=#fff --node-integration-in-subframes --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5974204944955610713 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1964 /prefetch:1 --skype-process-type=Main
C:\Users\Tomáš\AppData\Local\Discord\app-0.0.305\Discord.exe --reporter-url=https://sentry.io/api/146342/minidump/? ... be03b2b35a --application-name=Discord "--crashes-directory=C:\Users\TOM~1\AppData\Local\Temp\Discord Crashes" --v=1
"C:\Users\Tomáš\AppData\Local\Discord\app-0.0.305\Discord.exe" --type=renderer --no-sandbox --autoplay-policy=no-user-gesture-required --force-color-profile=srgb --enable-features=SharedArrayBuffer --service-pipe-token=3187140962829679137 --lang=cs --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Tomáš\AppData\Local\Discord\app-0.0.305\resources\app.asar" --node-integration=false --webview-tag=false --no-sandbox --native-window-open --preload="C:\Users\Tomáš\AppData\Roaming\discord\0.0.305\modules\discord_desktop_core\core.asar\app\mainScreenPreload.js" --background-color=#202225 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3187140962829679137 --renderer-client-id=6 --mojo-platform-channel-handle=1896 /prefetch:1
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=cs_CZ" "-cachedir=C:\Users\Tomáš\AppData\Local\Steam\htmlcache" "-steampid=2888" "-buildid=1574216296" "-steamid=0" "-steamuniverse=Public" "-clientui=C:\Program Files (x86)\Steam\clientui" --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --enable-media-stream --enable-smooth-scrolling --disable-accelerated-video-decode --enable-direct-write --disablehighdpi --force-device-scale-factor=1 --device-scale-factor=1 "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt"
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Tomáš\AppData\Local\CEF\User Data" --url=http://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1574216296 --initial-client-data=0x198,0x19c,0x1a0,0x194,0x1a4,0x7feefd9da70,0x7feefd9da80,0x7feefd9da90
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --field-trial-handle=1132,16807107620686450804,3983425799720004134,131072 --disable-features=OutOfBlinkCors --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=cs-CZ --force-device-scale-factor=1 --disablehighdpi --buildid=1574216296 --steamid=0 --gpu-preferences=KAAAAAAAAADhAAAgAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --service-request-channel-token=14674360048851924969 --mojo-platform-channel-handle=1168 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --field-trial-handle=1132,16807107620686450804,3983425799720004134,131072 --disable-features=OutOfBlinkCors --lang=cs --service-sandbox-type=network --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=cs-CZ --force-device-scale-factor=1 --disablehighdpi --buildid=1574216296 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --service-request-channel-token=3861387047832486740 --mojo-platform-channel-handle=1600 /prefetch:8
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --disable-accelerated-video-decode --force-device-scale-factor=1 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1132,16807107620686450804,3983425799720004134,131072 --disable-features=OutOfBlinkCors --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --lang=cs --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --force-device-scale-factor=1 --disablehighdpi --buildid=1574216296 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7321359022794710255 --renderer-client-id=6 --mojo-platform-channel-handle=2104 /prefetch:1
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --disable-accelerated-video-decode --force-device-scale-factor=1 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1132,16807107620686450804,3983425799720004134,131072 --disable-features=OutOfBlinkCors --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --lang=cs --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --force-device-scale-factor=1 --disablehighdpi --buildid=1574216296 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14722020495602577810 --renderer-client-id=7 --mojo-platform-channel-handle=2332 /prefetch:1
"C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe"
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=gpu-process --disable-features=SpareRendererForSitePerProcess --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=15836833668728495654 --mojo-platform-channel-handle=1624 --ignored=" --type=renderer " /prefetch:2
"taskhost.exe"
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --disable-accelerated-video-decode --force-device-scale-factor=1 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1132,16807107620686450804,3983425799720004134,131072 --disable-features=OutOfBlinkCors --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --lang=cs --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --force-device-scale-factor=1 --disablehighdpi --buildid=1574216296 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=18308562541767648164 --renderer-client-id=10 --mojo-platform-channel-handle=1040 /prefetch:1
"C:/Program Files (x86)/Epic Games/Launcher/Portal/Binaries/Win64/EpicGamesLauncher.exe" -silent -SaveToUserDir -Messaging -enablehighdpi -ForcedRestart
"C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/Win64/UnrealCEFSubProcess.exe" --type=gpu-process --no-sandbox --lang=en --locales-dir-path="C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/ThirdParty/CEF3/Win64/Resources/locales" --log-file=C:/Users/Tomáš/AppData/Local/EpicGamesLauncher/Saved/Logs/cef3.log --log-severity=warning --product-version="EpicGamesLauncher/10.10.3-10419014+++Portal+Release-Live UnrealEngine/4.21.0-10419014+++Portal+Release-Live Chrome/59.0.3071.15" --resources-dir-path="C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/ThirdParty/CEF3/Win64/Resources" --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=7,10,18,19,20,23,26,41,74 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --gpu-vendor-id=0x1002 --gpu-device-id=0x6719 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=15.301.1901.0 --gpu-driver-date=2-26-2016 --lang=en --locales-dir-path="C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/ThirdParty/CEF3/Win64/Resources/locales" --log-file=C:/Users/Tomáš/AppData/Local/EpicGamesLauncher/Saved/Logs/cef3.log --log-severity=warning --product-version="EpicGamesLauncher/10.10.3-10419014+++Portal+Release-Live UnrealEngine/4.21.0-10419014+++Portal+Release-Live Chrome/59.0.3071.15" --resources-dir-path="C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/ThirdParty/CEF3/Win64/Resources" --service-request-channel-token=50A5F5119D9CF9D2434C24DAB113DD52 --mojo-platform-channel-handle=1656 /prefetch:2

"C:\Users\TOM~1\AppData\Local\Temp\7669842675.exe"
"C:\Users\TOM~1\AppData\Local\Temp\is-420ED.tmp\axdciqkfxmj.tmp" /SL5="$3107C,4444209,425984,C:\Users\Tomáš\AppData\Roaming\gx2zgx0xfzd\axdciqkfxmj.exe" /VERYSILENT /p=testparams
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=78.0.3904.108 --initial-client-data=0x3c,0x40,0x44,0x38,0x48,0x7fef22fed58,0x7fef22fed68,0x7fef22fed78
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=9688 --on-initialized-event-handle=12 --parent-handle=168 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=960,12963865044055992967,638835408519679391,131072 --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=15912339507515101932 --mojo-platform-channel-handle=956 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=960,12963865044055992967,638835408519679391,131072 --lang=cs --service-sandbox-type=network --service-request-channel-token=8246190890604447302 --mojo-platform-channel-handle=1288 /prefetch:8
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,12963865044055992967,638835408519679391,131072 --lang=cs --extension-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2482565672571680592 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2236 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,12963865044055992967,638835408519679391,131072 --lang=cs --extension-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5372094466125043066 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2520 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,12963865044055992967,638835408519679391,131072 --lang=cs --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13420095797569613309 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2904 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=960,12963865044055992967,638835408519679391,131072 --lang=cs --service-sandbox-type=audio --service-request-channel-token=6449209841966890294 --mojo-platform-channel-handle=3280 /prefetch:8
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,12963865044055992967,638835408519679391,131072 --lang=cs --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14626300372246919687 --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2892 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,12963865044055992967,638835408519679391,131072 --lang=cs --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5040256123297277015 --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,12963865044055992967,638835408519679391,131072 --lang=cs --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1904300392640353907 --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,12963865044055992967,638835408519679391,131072 --lang=cs --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10175784848671840212 --renderer-client-id=131 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9236 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,12963865044055992967,638835408519679391,131072 --lang=cs --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3578012804089386551 --renderer-client-id=133 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,12963865044055992967,638835408519679391,131072 --lang=cs --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4106318235313433457 --renderer-client-id=134 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7328 /prefetch:1
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,12963865044055992967,638835408519679391,131072 --lang=cs --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15893074310973713754 --renderer-client-id=188 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2216 /prefetch:1
taskeng.exe {A903B680-2CE3-45E2-85F4-49CCB8DFD9E7}
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,12963865044055992967,638835408519679391,131072 --lang=cs --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=11852620348781993354 --renderer-client-id=195 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe461_ Global\UsGthrCtrlFltPipeMssGthrPipe461 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 532 536 544 65536 540
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Tomáš\Downloads\RSITx64 (1).exe"

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-07-02 221664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23 217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2019-11-04 962136]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-04-07 166360]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23 184488]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}]
Dashlane BHO - C:\Users\Tomáš\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2019-11-12 935424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2019-11-04 676656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23 6149288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23 4452504]
{669695BC-A811-4A9D-8CDF-BA8C795F261C} - Dashlane Toolbar - C:\Users\Tomáš\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2019-11-12 193024]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-02-11 11776104]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2016-11-14 1353680]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2011-03-14 2779024]
"StartCN"=C:\Program Files\AMD\CNext\CNext\cnext.exe [2016-02-26 4926664]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2019-11-20 3288016]
"EpicGamesLauncher"=C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [2019-11-26 36054928]
"Dashlane"=C:\Users\Tomáš\AppData\Roaming\Dashlane\Dashlane.exe [2019-11-12 390144]
"DashlanePlugin"=C:\Users\Tomáš\AppData\Roaming\Dashlane\DashlanePlugin.exe [2019-11-12 412160]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2019-02-20 735336]
"CCleaner Smart Cleaning"=C:\Program Files\CCleaner\CCleaner64.exe [2019-10-15 24552064]
"Discord"=C:\Users\Tomáš\AppData\Local\Discord\app-0.0.305\Discord.exe [2019-03-07 81780056]
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 427520]
"Skype for Desktop"=C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [2019-11-12 83524968]
"nvsetting"=C:\Users\TOM~1\AppData\Local\Temp\7669842675.exe [2019-11-27 512512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Delete Cached Update Binary"=C:\Windows\system32\cmd.exe [2010-11-20 345088]
"Delete Cached Standalone Update Binary"=C:\Windows\system32\cmd.exe [2010-11-20 345088]
"Uninstall 19.174.0902.0013\amd64"=C:\Windows\system32\cmd.exe [2010-11-20 345088]
"Uninstall 19.174.0902.0013"=C:\Windows\system32\cmd.exe [2010-11-20 345088]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenuEx"=C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [2011-08-04 1612920]
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2019-04-02 5890504]
"TeamsMachineUninstallerLocalAppData"=C:\Users\Tomáš\AppData\Local\Microsoft\Teams\Update.exe [2019-08-21 1789552]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2019-11-27 07:56:23 ----D---- C:\rsit
2019-11-27 07:56:23 ----D---- C:\Program Files\trend micro
2019-11-27 07:51:21 ----A---- C:\Windows\system32\drivers\yvnokupc.sys
2019-11-27 07:51:02 ----A---- C:\Windows\system32\drivers\dpwqhbpx.sys
2019-11-27 07:49:56 ----D---- C:\FRST
2019-11-27 07:40:27 ----D---- C:\Program Files (x86)\mwTLuksuBTRA
2019-11-27 07:40:12 ----D---- C:\Users\Tomáš\AppData\Roaming\ScreenToGif
2019-11-27 07:40:08 ----D---- C:\Users\Tomáš\AppData\Roaming\InstallPack
2019-11-27 07:40:02 ----D---- C:\Users\Tomáš\AppData\Roaming\gx2zgx0xfzd
2019-11-27 07:39:56 ----D---- C:\Program Files (x86)\MachinerData
2019-11-27 07:39:48 ----D---- C:\Program Files (x86)\eCertification
2019-11-13 04:48:44 ----D---- C:\Program Files\Unity
2019-11-13 04:47:20 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2019-12-07 09:03:38 ----SHD---- C:\Windows\Installer
2019-12-07 09:03:33 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2019-12-07 09:03:10 ----D---- C:\Program Files\Common Files\Microsoft Shared
2019-12-07 09:02:00 ----D---- C:\Program Files\Microsoft Office
2019-11-27 08:00:43 ----D---- C:\Windows\Temp
2019-11-27 08:00:00 ----HD---- C:\ProgramData
2019-11-27 07:56:23 ----RD---- C:\Program Files
2019-11-27 07:51:21 ----D---- C:\Windows\system32\drivers
2019-11-27 07:51:15 ----D---- C:\Windows\system32\Tasks
2019-11-27 07:51:04 ----SHD---- C:\System Volume Information
2019-11-27 07:41:29 ----RD---- C:\Program Files (x86)
2019-11-27 07:40:28 ----HD---- C:\Windows\system32\GroupPolicy
2019-11-27 07:22:45 ----D---- C:\Games
2019-11-27 04:00:27 ----D---- C:\Windows\system32\config
2019-11-27 03:51:51 ----D---- C:\Users\Tomáš\AppData\Roaming\Doomtrooper
2019-11-23 23:28:33 ----D---- C:\Windows\Microsoft.NET
2019-11-23 10:34:15 ----D---- C:\Windows\System32
2019-11-23 10:34:15 ----D---- C:\Windows\inf
2019-11-23 10:34:15 ----A---- C:\Windows\system32\PerfStringBackup.INI
2019-11-23 10:29:33 ----D---- C:\Program Files (x86)\Steam
2019-11-23 10:29:17 ----D---- C:\Users\Tomáš\AppData\Roaming\Discord
2019-11-22 19:40:40 ----D---- C:\Program Files\Epic Games
2019-11-22 08:22:29 ----D---- C:\Users\Tomáš\AppData\Roaming\Dashlane
2019-11-13 21:56:24 ----D---- C:\Users\Tomáš\AppData\Roaming\DAEMON Tools Lite
2019-11-13 20:25:38 ----D---- C:\Windows\SysWOW64
2019-11-12 22:03:31 ----N---- C:\Windows\system32\MpSigStub.exe
2019-11-05 21:33:31 ----D---- C:\Windows\Minidump
2019-11-05 21:33:29 ----D---- C:\Windows
2019-11-04 23:56:26 ----D---- C:\Program Files (x86)\Google
2019-11-03 19:29:03 ----D---- C:\ProgramData\Package Cache
2019-11-02 18:59:33 ----SD---- C:\Users\Tomáš\AppData\Roaming\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2016-08-25 295000]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 213736]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2016-02-26 23981568]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2016-02-26 674816]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2016-04-01 104976]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2019-02-20 42256]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus; C:\Windows\system32\DRIVERS\dtliteusbbus.sys [2019-02-20 59360]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys [2011-03-07 40832]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys [2011-03-07 65280]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-02-11 2739176]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2016-08-25 135928]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
S1 dpwqhbpx;dpwqhbpx; \??\C:\Windows\system32\drivers\dpwqhbpx.sys [2019-11-27 72816]
S1 yvnokupc;yvnokupc; \??\C:\Windows\system32\drivers\yvnokupc.sys [2019-11-27 72816]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2018-05-30 35648]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2019-09-10 88136]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2016-02-26 249344]
R2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2019-11-21 11652168]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2019-04-02 3361736]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [2016-05-27 419248]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2016-11-14 119864]
R2 Origin Web Helper Service;Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2019-09-25 3228464]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2019-02-20 4132456]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 361816]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2019-11-20 1720272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2019-03-28 132792]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2019-03-28 158912]
S3 AppleChargerSrv;AppleChargerSrv; C:\Windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.108\elevation_service.exe [2019-11-16 1110512]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2019-08-27 116224]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2019-09-25 2348336]
S3 ose64;Office 64 Source Engine; c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2002-02-01 264504]
S3 osppsvc;Office Software Protection Platform; c:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2018-08-27 5132888]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2018-06-15 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2019-03-28 54912]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2019-03-28 136256]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2019-03-28 136256]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2019-03-28 136256]

-----------------EOF-----------------

ahoj,
uz davno som nevidel takto klasicky zasvineny pocitac
1. citat:
Tvorba fixlistu pro FRST
•Spustte poznamkovy blok (Start-spustit-notepad)
•Zkopirujte skript >> •Ulozte vytvoreny TXT jako fixlist.txt
•Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe
•Kliknete na Fix
•Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

2. vycisti PC s AVPTool

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-11-2019 01
Ran by Tomáš (27-11-2019 08:48:35) Run:1
Running from C:\Users\Tomáš\Desktop
Loaded Profiles: Tomáš (Available Profiles: Tomáš)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
() [File not signed] C:\Users\TOM~1\AppData\Local\Temp\7669842675.exe
() [File not signed] C:\Users\TOM~1\AppData\Local\Temp\is-420ED.tmp\axdciqkfxmj.tmp
(Access Denied) [File not signed] C:\Users\Tom�\AppData\Roaming\gx2zgx0xfzd\axdciqkfxmj.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-1564068326-3056932736-4007049450-1000\...\Run: [322807] => C:\Users\TOM~1\AppData\Local\Temp\is-H43MQ.tmp\MoocBook.exe [4761857 2019-11-26] (Access Denied) [File not signed] <==== ATTENTION
HKU\S-1-5-21-1564068326-3056932736-4007049450-1000\...\Run: [nvsetting] => C:\Users\TOM~1\AppData\Local\Temp\7669842675.exe [512512 2019-11-27] () [File not signed] <==== ATTENTION
Task: {400B8522-8475-4C27-979D-492F80F2E78E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [638976 2019-11-27] (Access Denied) [File not signed] (Access Denied) <==== ATTENTION
Task: {E509DD7F-44DE-4209-9A4D-12BDC8C44872} - System32\Tasks\mwTLuksuBTRA => C:\Windows\system32\rundll32.exe "C:\Program Files (x86)\mwTLuksuBTRA\mwTLuksuBTRA.dll",mwTLuksuBTRA <==== ATTENTION
2019-11-27 07:40 - 2019-11-27 07:40 - 001086976 _____ () [File not signed] C:\Users\TOM~1\AppData\Local\Temp\is-420ED.tmp\axdciqkfxmj.tmp
2019-11-27 07:40 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\TOM~1\AppData\Local\Temp\is-486EH.tmp\itdownload.dll
AlternateDataStreams: C:\Windows\system32\Drivers\dpwqhbpx.sys:changelist [1946]
AlternateDataStreams: C:\Windows\system32\Drivers\yvnokupc.sys:changelist [344]

EmptyTemp:
Reboot:
End
*****************

C:\Users\TOM~1\AppData\Local\Temp\7669842675.exe => No running process found
C:\Users\TOM~1\AppData\Local\Temp\is-420ED.tmp\axdciqkfxmj.tmp => No running process found
C:\Users\Tom�\AppData\Roaming\gx2zgx0xfzd\axdciqkfxmj.exe => No running process found
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKU\S-1-5-21-1564068326-3056932736-4007049450-1000\Software\Microsoft\Windows\CurrentVersion\Run\\322807" => not found
"HKU\S-1-5-21-1564068326-3056932736-4007049450-1000\Software\Microsoft\Windows\CurrentVersion\Run\\nvsetting" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{400B8522-8475-4C27-979D-492F80F2E78E}" => not found
"C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E509DD7F-44DE-4209-9A4D-12BDC8C44872}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E509DD7F-44DE-4209-9A4D-12BDC8C44872}" => removed successfully
C:\Windows\System32\Tasks\mwTLuksuBTRA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\mwTLuksuBTRA" => removed successfully
C:\Users\TOM~1\AppData\Local\Temp\is-420ED.tmp\axdciqkfxmj.tmp => moved successfully
C:\Users\TOM~1\AppData\Local\Temp\is-486EH.tmp\itdownload.dll => moved successfully
"C:\Windows\system32\Drivers\dpwqhbpx.sys" => ":changelist" ADS not found.
"C:\Windows\system32\Drivers\yvnokupc.sys" => ":changelist" ADS not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8334931 B
Java, Flash, Steam htmlcache => 69156840 B
Windows/system/drivers => 14848545 B
Edge => 0 B
Chrome => 17958469 B
Firefox => 22298424 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 66228 B
ProgramData => 66228 B
systemprofile => 58624506 B
systemprofile32 => 58697820 B
LocalService => 58764048 B
NetworkService => 63044054 B
Tomáš => 162230222 B

RecycleBin => 0 B
EmptyTemp: => 517.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:49:08 ====

AVPTool skončil s výsledken "No threats found". Jen nescanoval "Tento počítač" jak je uvedeno v návodu k zaškrtnutí, protože současná verze už tu položku v nabídce nemá.

Mezitím jsem ještě odinstaloval a znovu nainstaloval Chrome a vyčistil počítač CCleanerem. Zatím nic nevyskakuje.

doporucujem vymenit MSE za nejaky iny AV napr. Avast, Avira a i. a prescanovat PC

Na já nevím, zrovna Avast s těma jeho otravnýma aktualizacema a komerčníma nabídkama... MSE je alespoň tiše v koutku a nekecá

Takže máme asi hotovo, že? Díky za pomoc.

doporucene https://forum.viry.cz/viewtopic.php?f=29&t=152926
+
ak by nieco, prid na preventivku
rado sa stalo