Atharori.net a gestyy.com pop-up
Napsal: 16 pro 2020 15:55
Dobrý den,
pokaždé, když zapnu pc, tak se automaticky spustí primární prohlížeč(Chrome) s pop-up reklamou ze stránek Atharori.net a gestyy.com.
Zkoušel jsem ESET, Malwarebytes, bez úspěchu. AdwCleaner a Spyhunter sice nějaké PUP našel, ale přesto, že jsem soubory umístil do karantény a odstranil, tak po dalším restartu problém přetrval.
Proto Vás žádám o pomoc. Přikládám FRST. Děkuji.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2020
Ran by Admin (administrator) on DESKTOP-UB19UAB (16-12-2020 15:39:10)
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin
Platform: Windows 10 Home Version 2004 19041.685 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(A FOUR TECH CO., LTD. -> ) C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express\express.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <14>
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2011.11613.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2012.1003.34.0_x64__8wekyb3d8bbwe\XboxAppServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.47.10001.0_x64__8wekyb3d8bbwe\GamingServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.47.10001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.20092.10311.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
(Razer USA Ltd. -> ) C:\Windows\System32\RZSurroundHelper.exe
(Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(Razer USA Ltd. -> Razer) C:\Program Files (x86)\Razer\RzUpdateEngineService\RzUpdateEngineService.exe
(Razer USA Ltd. -> Razer) C:\Windows\System32\RZSurroundService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(The CefSharp Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9246656 2018-01-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [175504 2020-11-07] (ESET, spol. s r.o. -> ESET)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [RZSurroundHelper] => C:\Windows\system32\RZSurroundHelper.exe [382704 2019-06-07] (Razer USA Ltd. -> )
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [353784 2020-11-24] (Riot Games, Inc. -> Riot Games, Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-62953582-1095930323-3690096623-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3421984 2020-12-07] (Valve -> Valve Corporation)
HKU\S-1-5-21-62953582-1095930323-3690096623-1001\...\Run: [Bloody2] => C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe [16442096 2018-07-20] (A FOUR TECH CO., LTD. -> )
HKU\S-1-5-21-62953582-1095930323-3690096623-1001\...\Run: [Discord] => C:\Users\Admin\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-62953582-1095930323-3690096623-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30860272 2019-06-18] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-62953582-1095930323-3690096623-1001\...\MountPoints2: {aeec876b-8f47-11e8-a512-806e6f6e6963} - "D:\enzin\enzin.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-02] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat [2019-12-29] () [File not signed]
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0A5AA451-5732-472B-965E-46F46DD48874} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [856616 2018-07-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2FDDD9A4-B6B6-4FA1-B9FD-E0E240AEE5E6} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [927272 2018-07-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {31211AF2-5A9E-47EB-94BB-F31A5CB964D9} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {40A0A75F-F620-4B40-9037-AE48861638FF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {430CE4F0-DB6B-4F56-A252-10E080E44A75} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764456 2018-07-19] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {473AE64B-8A0F-4246-B097-846AA792F58F} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [927272 2018-07-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4C2BD391-DFBC-4B9C-9B94-6FE6225B0019} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2018-07-25] (Google Inc -> Google Inc.)
Task: {63325C39-D672-4E70-91DB-8EC5D6E35017} - System32\Tasks\Launcher GIGABYTE AORUS GRAPHICS ENGINE => C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\AORUS.exe [26243528 2018-07-16] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGABYTE Technology Co.,Ltd.)
Task: {74FF3D7B-5860-4E17-95E1-31AE3D0B745E} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764456 2018-07-19] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {862FBE0D-3602-4D2A-8696-C48CE43A43A3} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [856616 2018-07-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9C0369B3-6876-44F1-9D38-EFB8609F5675} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40432 2019-06-18] (Garmin International, Inc. -> )
Task: {A677DE12-9BB6-4D87-A9D2-CB262CB37D7A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [982568 2018-07-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C2A2D268-EFCA-4523-BE4D-870A57F1C216} - System32\Tasks\Agent Activation Runtime\S-1-5-21-62953582-1095930323-3690096623-1001 => C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [13312 2020-12-11] (Microsoft Windows -> )
Task: {C4D67CF2-909D-4A9B-8DF7-9160E68B3E54} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [927272 2018-07-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CE98B83B-1905-4F4A-9C0E-486703A7DBE5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2018-07-25] (Google Inc -> Google Inc.)
Task: {DF107462-4E68-4367-B986-F401475BC4CC} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {E05ECEE0-EDA2-4DEB-8838-2915C23168E6} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3297832 2018-07-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E29582B4-A5E9-4F1D-B5A4-0E296C86F72E} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [927272 2018-07-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F659D872-36DE-4D07-914B-FA0E94CB72B7} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [647720 2018-07-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FF159893-6E44-47FA-8788-0DB34DFDAFF7} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.90.1
Tcpip\..\Interfaces\{c4615b04-d42f-4671-9073-30097683a74b}: [DhcpNameServer] 192.168.90.1
Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-16]
FireFox:
========
FF DefaultProfile: aes6ab02.default
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\aes6ab02.default [2019-09-03]
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rbteltgx.default-release [2020-12-16]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-62953582-1095930323-3690096623-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Admin\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-21] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2020-12-16]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2020-12-16]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-12-15]
CHR Extension: (Plná Peněženka Lištička) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmgkhgjmodembdmiimbacpjgcdimiek [2020-11-01]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-09-30]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-19]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-01-09]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\System Profile [2020-12-16]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2015-05-08] (ASUSTeK Computer Inc. -> )
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] (ASUSTeK Computer Inc. -> ) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8413472 2020-02-26] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [784512 2020-07-25] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2595360 2020-11-07] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2595360 2020-11-07] (ESET, spol. s r.o. -> ESET)
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [12874296 2020-12-16] (EnigmaSoft Limited -> EnigmaSoft Limited)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [791112 2019-03-14] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7172680 2019-03-14] (GOG Sp. z o.o. -> GOG.com)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2475312 2019-12-12] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3352376 2019-12-12] (Electronic Arts, Inc. -> Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2018-08-01] (Even Balance, Inc. -> )
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [253776 2019-07-03] (Razer USA Ltd. -> Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [287472 2019-06-24] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Update Service; C:\Program Files (x86)\Razer\RzUpdateEngineService\RzUpdateEngineService.exe [408912 2020-04-02] (Razer USA Ltd. -> Razer)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [532864 2019-07-11] (Razer USA Ltd. -> Razer Inc.)
R2 RzSndSrv; C:\Windows\system32\RZSurroundService.exe [353520 2019-06-07] (Razer USA Ltd. -> Razer)
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [524856 2020-12-16] (EnigmaSoft Limited -> EnigmaSoft Limited)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10069120 2020-11-24] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\NisSrv.exe [2467088 2020-11-26] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MsMpEng.exe [128376 2020-11-26] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2017-06-01] (ASUSTeK Computer Inc. -> )
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [160992 2020-10-27] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [109360 2020-10-27] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15288 2020-09-15] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [190464 2020-10-27] (ESET, spol. s r.o. -> ESET)
R3 EnigmaFileMonDriver; C:\WINDOWS\System32\drivers\EnigmaFileMonDriver.sys [76744 2020-12-16] (EnigmaSoft Limited -> EnigmaSoft Limited)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [107784 2020-10-27] (ESET, spol. s r.o. -> ESET)
R3 sRZVAD; C:\WINDOWS\System32\drivers\RZSurround.sys [172024 2019-06-06] (Razer USA Ltd. -> Windows (R) Win 7 DDK provider)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [5811160 2020-11-24] (Riot Games, Inc. -> Riot Games, Inc.)
S3 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [69168 2020-01-10] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-11-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429288 2020-11-26] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2020-11-26] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-12-16 15:39 - 2020-12-16 15:39 - 000021780 _____ C:\Users\Admin\Downloads\FRST.txt
2020-12-16 15:38 - 2020-12-16 15:39 - 000000000 ____D C:\FRST
2020-12-16 15:38 - 2020-12-16 15:38 - 002286592 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2020-12-16 15:16 - 2020-12-16 15:16 - 000076744 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys
2020-12-16 15:16 - 2020-12-16 15:16 - 000001055 _____ C:\ProgramData\Plocha\SpyHunter5.lnk
2020-12-16 15:16 - 2020-12-16 15:16 - 000000000 ____D C:\sh5ldr
2020-12-16 15:16 - 2020-12-16 15:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2020-12-16 15:16 - 2020-12-16 15:16 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2020-12-16 15:14 - 2020-12-16 15:14 - 006542392 _____ (EnigmaSoft Limited) C:\Users\Admin\Downloads\SpyHunter-Installer.exe
2020-12-16 15:14 - 2020-12-16 15:14 - 000000000 ____D C:\Program Files\EnigmaSoft
2020-12-16 13:37 - 2020-12-16 13:38 - 000000000 ____D C:\AdwCleaner
2020-12-16 13:36 - 2020-12-16 13:36 - 008447152 _____ (Malwarebytes) C:\Users\Admin\Downloads\adwcleaner_8.0.8.exe
2020-12-16 13:00 - 2020-12-16 13:00 - 000000000 ____D C:\Users\Admin\OneDrive\Dokumenty\TotalAV
2020-12-16 12:57 - 2020-12-16 12:57 - 000000000 ____D C:\Users\Admin\AppData\Local\GUI.Win
2020-12-16 12:23 - 2020-12-16 12:23 - 000000000 ____D C:\Users\Admin\AppData\Local\mbam
2020-12-16 12:23 - 2020-12-16 12:23 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-12-16 12:21 - 2020-12-16 12:21 - 002086424 _____ (Malwarebytes) C:\Users\Admin\Downloads\MBSetup.exe
2020-12-16 12:21 - 2020-12-16 12:21 - 002086424 _____ (Malwarebytes) C:\Users\Admin\Downloads\MBSetup (1).exe
2020-12-15 20:58 - 2020-12-15 20:58 - 000034615 _____ C:\Users\Admin\Downloads\very-naajs.pdf
2020-12-15 19:41 - 2020-12-15 19:41 - 000680734 _____ C:\Users\Admin\Downloads\L10_Hlacik.pdf
2020-12-15 17:00 - 2020-12-15 17:00 - 000202007 _____ C:\Users\Admin\Downloads\HZ3_XHZ3_L10_Test_20201215.pdf
2020-12-15 14:41 - 2020-12-15 14:41 - 000352926 _____ C:\Users\Admin\Downloads\HZ3_XHZ3_ukol_L8_opakovani (1).pdf
2020-12-14 20:50 - 2020-12-14 20:50 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Dying Light Enhanced Edition Čeština
2020-12-14 20:50 - 2020-12-14 20:50 - 000000000 ____D C:\ProgramData\Caphyon
2020-12-14 20:49 - 2020-12-14 20:49 - 000000000 ____D C:\Users\Admin\AppData\Roaming\BonusWeb
2020-12-13 20:04 - 2020-12-13 20:04 - 000221029 _____ C:\Users\Admin\Downloads\HZ3_XHZ3_ukol_L4 (3).pdf
2020-12-13 13:55 - 2020-12-13 13:55 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Steam
2020-12-13 13:32 - 2020-12-13 13:32 - 000000000 ____D C:\Users\Admin\OneDrive\Dokumenty\DyingLight
2020-12-13 13:11 - 2020-12-13 13:11 - 000000000 ___HD C:\WINDOWS\msdownld.tmp
2020-12-13 13:11 - 2020-12-13 13:11 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2020-12-13 12:30 - 2020-12-13 12:30 - 000001573 _____ C:\ProgramData\Plocha\Dying Light - The Following.lnk
2020-12-13 12:30 - 2020-12-13 12:30 - 000000000 ____D C:\Games
2020-12-13 12:24 - 2020-12-13 12:24 - 017901794 _____ C:\Users\Admin\Downloads\DYING LIGHT CRACKERHEAD.rar
2020-12-13 02:17 - 2020-12-13 13:32 - 000000000 ____D C:\Users\Admin\Downloads\Dying Light - The Following EE [FitGirl Repack]
2020-12-12 22:35 - 2020-12-12 22:35 - 000183633 _____ C:\Users\Admin\Downloads\Dying-Light-The-Following-EE-FitGirl-Repack (1).torrent
2020-12-11 13:18 - 2020-12-11 13:18 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-12-11 13:18 - 2020-12-11 13:18 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-12-11 13:18 - 2020-12-11 13:18 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-12-11 13:18 - 2020-12-11 13:18 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-12-11 13:18 - 2020-12-11 13:18 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-12-11 13:18 - 2020-12-11 13:18 - 001333248 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2020-12-11 13:18 - 2020-12-11 13:18 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-11 13:18 - 2020-12-11 13:18 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2020-12-11 13:18 - 2020-12-11 13:18 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-11 13:18 - 2020-12-11 13:18 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2020-12-11 13:18 - 2020-12-11 13:18 - 000165376 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2020-12-11 13:18 - 2020-12-11 13:18 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2020-12-11 13:18 - 2020-12-11 13:18 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2020-12-11 13:18 - 2020-12-11 13:18 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2020-12-11 13:18 - 2020-12-11 13:18 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2020-12-11 13:18 - 2020-12-11 13:18 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2020-12-11 13:18 - 2020-12-11 13:18 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2020-12-11 13:18 - 2020-12-11 13:18 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2020-12-11 13:18 - 2020-12-11 13:18 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2020-12-11 13:18 - 2020-12-11 13:18 - 000010912 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2020-12-11 13:18 - 2020-12-11 13:18 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2020-12-11 13:18 - 2020-12-11 13:18 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2020-12-10 01:15 - 2020-12-10 01:18 - 052005943 _____ C:\Users\Admin\Downloads\XKY2X_2018summer.zip
2020-12-08 21:34 - 2020-12-08 21:34 - 000634840 _____ C:\Users\Admin\Downloads\L9_Hlacik.pdf
2020-12-08 16:54 - 2020-12-08 16:54 - 000202037 _____ C:\Users\Admin\Downloads\HZ3_XHZ3_L9_Test_20201208.pdf
2020-12-07 15:49 - 2020-12-07 15:49 - 000183633 _____ C:\Users\Admin\Downloads\Dying-Light-The-Following-EE-FitGirl-Repack.torrent
2020-12-07 00:27 - 2020-12-07 00:27 - 000263846 _____ C:\Users\Admin\Downloads\HZ3_XHZ3_ukol_L4_2_reseni (2).pdf
2020-12-07 00:27 - 2020-12-07 00:27 - 000221029 _____ C:\Users\Admin\Downloads\HZ3_XHZ3_ukol_L4 (2).pdf
2020-12-07 00:25 - 2020-12-07 00:25 - 000221029 _____ C:\Users\Admin\Downloads\HZ3_XHZ3_ukol_L4 (1).pdf
2020-12-06 15:24 - 2020-12-06 15:24 - 000653077 _____ C:\Users\Admin\Downloads\L8_Hlacik.pdf
2020-12-06 11:45 - 2020-12-06 11:45 - 000000000 ____D C:\Users\Admin\AppData\Local\INetHistory
2020-12-05 15:10 - 2020-12-05 15:10 - 000526064 _____ C:\Users\Admin\Downloads\HZ3_XHZ3_ukol_L9_opakovani.pdf
2020-12-03 16:54 - 2020-12-03 16:54 - 000202731 _____ C:\Users\Admin\Downloads\HZ3_XHZ3_L8_Test_20201203.pdf
2020-12-03 12:42 - 2020-12-03 12:42 - 000653544 _____ C:\Users\Admin\Downloads\L7_Hlacik (1).pdf
2020-12-02 20:19 - 2020-12-02 20:19 - 000673187 _____ C:\Users\Admin\Downloads\L6_Hlacik (2).pdf
2020-12-02 20:18 - 2020-12-02 20:18 - 000673187 _____ C:\Users\Admin\Downloads\L6_Hlacik (1).pdf
2020-12-02 20:14 - 2020-12-02 20:14 - 000653544 _____ C:\Users\Admin\Downloads\L7_Hlacik.pdf
2020-12-02 20:13 - 2020-12-02 20:13 - 000673187 _____ C:\Users\Admin\Downloads\L6_Hlacik.pdf
2020-12-01 21:35 - 2020-12-01 21:35 - 000352926 _____ C:\Users\Admin\Downloads\HZ3_XHZ3_ukol_L8_opakovani.pdf
2020-12-01 00:57 - 2020-12-01 01:02 - 284745440 _____ C:\Users\Admin\Downloads\Textbook_modrá.PDF
2020-11-26 16:55 - 2020-11-26 16:55 - 000203052 _____ C:\Users\Admin\Downloads\HZ3_XHZ3_L7_Test_20201126.pdf
2020-11-26 15:48 - 2020-11-26 15:48 - 009060765 _____ C:\Users\Admin\Downloads\Počátky modernismu a hledání kořenů.pptx
2020-11-19 16:55 - 2020-11-19 16:55 - 000201779 _____ C:\Users\Admin\Downloads\HZ3_XHZ3_L6_Test_20201119.pdf
2020-11-18 12:31 - 2020-11-18 12:31 - 000184988 _____ C:\Users\Admin\Downloads\HZ3_XHZ3_ukol_L6_opakovani.pdf
2020-11-17 13:04 - 2020-11-17 13:04 - 000805632 _____ C:\Users\Admin\Downloads\Kulturní revoluce (1).pptx
2020-11-16 18:43 - 2020-11-16 18:43 - 000574823 _____ C:\Users\Admin\Downloads\BPTX_2010_2_11210_0_288019_0_110142.pdf
2020-11-16 18:39 - 2020-11-16 18:39 - 000805632 _____ C:\Users\Admin\Downloads\Kulturní revoluce.pptx
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-12-16 15:32 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-16 15:12 - 2020-08-18 21:42 - 001693200 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-12-16 15:12 - 2019-12-07 15:41 - 000716602 _____ C:\WINDOWS\system32\perfh005.dat
2020-12-16 15:12 - 2019-12-07 15:41 - 000144780 _____ C:\WINDOWS\system32\perfc005.dat
2020-12-16 15:12 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2020-12-16 15:08 - 2020-04-21 10:16 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat
2020-12-16 15:07 - 2018-07-24 14:50 - 000000000 ____D C:\ProgramData\NVIDIA
2020-12-16 15:06 - 2018-07-25 14:41 - 000000000 ____D C:\Program Files (x86)\Steam
2020-12-16 15:05 - 2020-08-18 21:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-12-16 15:05 - 2020-08-18 21:31 - 000008192 ___SH C:\DumpStack.log.tmp
2020-12-16 15:05 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-12-16 14:16 - 2020-08-18 21:31 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-12-16 12:56 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-12-16 12:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-12-16 00:39 - 2018-11-01 20:49 - 000000000 ____D C:\Users\Admin\AppData\Roaming\discord
2020-12-13 13:25 - 2019-11-24 23:53 - 000000000 ____D C:\Users\Admin\AppData\Roaming\uTorrent
2020-12-11 14:19 - 2020-08-18 21:31 - 000312736 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-12-11 14:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-12-11 14:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2020-12-11 14:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-12-11 14:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-12-11 14:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-12-11 14:19 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2020-12-11 14:19 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-12-11 13:23 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-12-11 13:19 - 2018-08-30 16:37 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-12-11 13:13 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-11 13:12 - 2020-06-05 13:45 - 000002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-11 13:12 - 2020-06-05 13:45 - 000002257 _____ C:\ProgramData\Plocha\Microsoft Edge.lnk
2020-12-11 13:06 - 2020-06-02 12:08 - 000000000 ____D C:\Program Files\Riot Vanguard
2020-12-10 19:53 - 2018-09-19 15:10 - 000000000 ____D C:\ProgramData\Riot Games
2020-12-10 00:35 - 2018-07-25 15:34 - 000000000 ____D C:\Users\Admin\AppData\Local\D3DSCache
2020-12-07 20:58 - 2018-11-01 20:49 - 000000000 ____D C:\Users\Admin\AppData\Local\Discord
2020-12-03 22:16 - 2020-08-18 21:38 - 000003472 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-12-03 22:16 - 2020-08-18 21:38 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-12-02 22:46 - 2018-07-25 15:00 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-12-02 22:46 - 2018-07-25 15:00 - 000002260 _____ C:\ProgramData\Plocha\Google Chrome.lnk
2020-11-28 16:23 - 2018-07-24 15:37 - 000000000 ____D C:\Users\Admin\AppData\Local\NVIDIA Corporation
2020-11-26 21:37 - 2018-07-24 14:28 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-11-26 21:36 - 2018-07-24 15:27 - 000795000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2020-11-25 23:32 - 2018-07-25 16:57 - 000000000 ____D C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2020-11-25 19:09 - 2020-08-18 21:38 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-11-25 11:57 - 2020-08-18 21:38 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-11-25 11:57 - 2020-08-18 21:38 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-11-22 22:26 - 2018-07-24 14:35 - 000000000 ____D C:\ProgramData\Package Cache
2020-11-20 23:07 - 2018-07-24 15:26 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-11-20 23:06 - 2018-07-24 15:26 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-11-20 16:45 - 2020-07-18 18:11 - 001562560 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2020-11-20 16:45 - 2020-07-18 18:11 - 000170424 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2020-11-20 16:45 - 2020-07-18 18:11 - 000158136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2020-11-20 16:45 - 2020-07-18 18:11 - 000154032 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2020-11-20 16:45 - 2020-07-18 18:11 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2020-11-20 16:45 - 2020-07-18 18:11 - 000033728 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe
==================== Files in the root of some directories ========
2019-04-22 21:47 - 2019-04-22 21:47 - 000000410 _____ () C:\Users\Admin\AppData\Local\oobelibMkey.log
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
pokaždé, když zapnu pc, tak se automaticky spustí primární prohlížeč(Chrome) s pop-up reklamou ze stránek Atharori.net a gestyy.com.
Zkoušel jsem ESET, Malwarebytes, bez úspěchu. AdwCleaner a Spyhunter sice nějaké PUP našel, ale přesto, že jsem soubory umístil do karantény a odstranil, tak po dalším restartu problém přetrval.
Proto Vás žádám o pomoc. Přikládám FRST. Děkuji.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2020
Ran by Admin (administrator) on DESKTOP-UB19UAB (16-12-2020 15:39:10)
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin
Platform: Windows 10 Home Version 2004 19041.685 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(A FOUR TECH CO., LTD. -> ) C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express\express.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <14>
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2011.11613.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2012.1003.34.0_x64__8wekyb3d8bbwe\XboxAppServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.47.10001.0_x64__8wekyb3d8bbwe\GamingServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.47.10001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.20092.10311.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
(Razer USA Ltd. -> ) C:\Windows\System32\RZSurroundHelper.exe
(Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(Razer USA Ltd. -> Razer) C:\Program Files (x86)\Razer\RzUpdateEngineService\RzUpdateEngineService.exe
(Razer USA Ltd. -> Razer) C:\Windows\System32\RZSurroundService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(The CefSharp Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9246656 2018-01-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [175504 2020-11-07] (ESET, spol. s r.o. -> ESET)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [RZSurroundHelper] => C:\Windows\system32\RZSurroundHelper.exe [382704 2019-06-07] (Razer USA Ltd. -> )
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [353784 2020-11-24] (Riot Games, Inc. -> Riot Games, Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-62953582-1095930323-3690096623-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3421984 2020-12-07] (Valve -> Valve Corporation)
HKU\S-1-5-21-62953582-1095930323-3690096623-1001\...\Run: [Bloody2] => C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe [16442096 2018-07-20] (A FOUR TECH CO., LTD. -> )
HKU\S-1-5-21-62953582-1095930323-3690096623-1001\...\Run: [Discord] => C:\Users\Admin\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-62953582-1095930323-3690096623-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30860272 2019-06-18] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-62953582-1095930323-3690096623-1001\...\MountPoints2: {aeec876b-8f47-11e8-a512-806e6f6e6963} - "D:\enzin\enzin.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-02] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat [2019-12-29] () [File not signed]
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0A5AA451-5732-472B-965E-46F46DD48874} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [856616 2018-07-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2FDDD9A4-B6B6-4FA1-B9FD-E0E240AEE5E6} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [927272 2018-07-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {31211AF2-5A9E-47EB-94BB-F31A5CB964D9} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {40A0A75F-F620-4B40-9037-AE48861638FF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {430CE4F0-DB6B-4F56-A252-10E080E44A75} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764456 2018-07-19] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {473AE64B-8A0F-4246-B097-846AA792F58F} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [927272 2018-07-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4C2BD391-DFBC-4B9C-9B94-6FE6225B0019} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2018-07-25] (Google Inc -> Google Inc.)
Task: {63325C39-D672-4E70-91DB-8EC5D6E35017} - System32\Tasks\Launcher GIGABYTE AORUS GRAPHICS ENGINE => C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\AORUS.exe [26243528 2018-07-16] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGABYTE Technology Co.,Ltd.)
Task: {74FF3D7B-5860-4E17-95E1-31AE3D0B745E} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764456 2018-07-19] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {862FBE0D-3602-4D2A-8696-C48CE43A43A3} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [856616 2018-07-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9C0369B3-6876-44F1-9D38-EFB8609F5675} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40432 2019-06-18] (Garmin International, Inc. -> )
Task: {A677DE12-9BB6-4D87-A9D2-CB262CB37D7A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [982568 2018-07-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C2A2D268-EFCA-4523-BE4D-870A57F1C216} - System32\Tasks\Agent Activation Runtime\S-1-5-21-62953582-1095930323-3690096623-1001 => C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [13312 2020-12-11] (Microsoft Windows -> )
Task: {C4D67CF2-909D-4A9B-8DF7-9160E68B3E54} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [927272 2018-07-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CE98B83B-1905-4F4A-9C0E-486703A7DBE5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2018-07-25] (Google Inc -> Google Inc.)
Task: {DF107462-4E68-4367-B986-F401475BC4CC} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {E05ECEE0-EDA2-4DEB-8838-2915C23168E6} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3297832 2018-07-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E29582B4-A5E9-4F1D-B5A4-0E296C86F72E} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [927272 2018-07-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F659D872-36DE-4D07-914B-FA0E94CB72B7} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [647720 2018-07-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FF159893-6E44-47FA-8788-0DB34DFDAFF7} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.90.1
Tcpip\..\Interfaces\{c4615b04-d42f-4671-9073-30097683a74b}: [DhcpNameServer] 192.168.90.1
Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-16]
FireFox:
========
FF DefaultProfile: aes6ab02.default
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\aes6ab02.default [2019-09-03]
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rbteltgx.default-release [2020-12-16]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-62953582-1095930323-3690096623-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Admin\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-21] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2020-12-16]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2020-12-16]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-12-15]
CHR Extension: (Plná Peněženka Lištička) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmgkhgjmodembdmiimbacpjgcdimiek [2020-11-01]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-09-30]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-19]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-01-09]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\System Profile [2020-12-16]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2015-05-08] (ASUSTeK Computer Inc. -> )
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] (ASUSTeK Computer Inc. -> ) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8413472 2020-02-26] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [784512 2020-07-25] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2595360 2020-11-07] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2595360 2020-11-07] (ESET, spol. s r.o. -> ESET)
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [12874296 2020-12-16] (EnigmaSoft Limited -> EnigmaSoft Limited)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [791112 2019-03-14] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7172680 2019-03-14] (GOG Sp. z o.o. -> GOG.com)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2475312 2019-12-12] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3352376 2019-12-12] (Electronic Arts, Inc. -> Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2018-08-01] (Even Balance, Inc. -> )
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [253776 2019-07-03] (Razer USA Ltd. -> Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [287472 2019-06-24] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Update Service; C:\Program Files (x86)\Razer\RzUpdateEngineService\RzUpdateEngineService.exe [408912 2020-04-02] (Razer USA Ltd. -> Razer)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [532864 2019-07-11] (Razer USA Ltd. -> Razer Inc.)
R2 RzSndSrv; C:\Windows\system32\RZSurroundService.exe [353520 2019-06-07] (Razer USA Ltd. -> Razer)
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [524856 2020-12-16] (EnigmaSoft Limited -> EnigmaSoft Limited)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10069120 2020-11-24] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\NisSrv.exe [2467088 2020-11-26] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MsMpEng.exe [128376 2020-11-26] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2017-06-01] (ASUSTeK Computer Inc. -> )
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [160992 2020-10-27] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [109360 2020-10-27] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15288 2020-09-15] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [190464 2020-10-27] (ESET, spol. s r.o. -> ESET)
R3 EnigmaFileMonDriver; C:\WINDOWS\System32\drivers\EnigmaFileMonDriver.sys [76744 2020-12-16] (EnigmaSoft Limited -> EnigmaSoft Limited)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [107784 2020-10-27] (ESET, spol. s r.o. -> ESET)
R3 sRZVAD; C:\WINDOWS\System32\drivers\RZSurround.sys [172024 2019-06-06] (Razer USA Ltd. -> Windows (R) Win 7 DDK provider)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [5811160 2020-11-24] (Riot Games, Inc. -> Riot Games, Inc.)
S3 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [69168 2020-01-10] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-11-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429288 2020-11-26] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2020-11-26] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-12-16 15:39 - 2020-12-16 15:39 - 000021780 _____ C:\Users\Admin\Downloads\FRST.txt
2020-12-16 15:38 - 2020-12-16 15:39 - 000000000 ____D C:\FRST
2020-12-16 15:38 - 2020-12-16 15:38 - 002286592 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2020-12-16 15:16 - 2020-12-16 15:16 - 000076744 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys
2020-12-16 15:16 - 2020-12-16 15:16 - 000001055 _____ C:\ProgramData\Plocha\SpyHunter5.lnk
2020-12-16 15:16 - 2020-12-16 15:16 - 000000000 ____D C:\sh5ldr
2020-12-16 15:16 - 2020-12-16 15:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2020-12-16 15:16 - 2020-12-16 15:16 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2020-12-16 15:14 - 2020-12-16 15:14 - 006542392 _____ (EnigmaSoft Limited) C:\Users\Admin\Downloads\SpyHunter-Installer.exe
2020-12-16 15:14 - 2020-12-16 15:14 - 000000000 ____D C:\Program Files\EnigmaSoft
2020-12-16 13:37 - 2020-12-16 13:38 - 000000000 ____D C:\AdwCleaner
2020-12-16 13:36 - 2020-12-16 13:36 - 008447152 _____ (Malwarebytes) C:\Users\Admin\Downloads\adwcleaner_8.0.8.exe
2020-12-16 13:00 - 2020-12-16 13:00 - 000000000 ____D C:\Users\Admin\OneDrive\Dokumenty\TotalAV
2020-12-16 12:57 - 2020-12-16 12:57 - 000000000 ____D C:\Users\Admin\AppData\Local\GUI.Win
2020-12-16 12:23 - 2020-12-16 12:23 - 000000000 ____D C:\Users\Admin\AppData\Local\mbam
2020-12-16 12:23 - 2020-12-16 12:23 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-12-16 12:21 - 2020-12-16 12:21 - 002086424 _____ (Malwarebytes) C:\Users\Admin\Downloads\MBSetup.exe
2020-12-16 12:21 - 2020-12-16 12:21 - 002086424 _____ (Malwarebytes) C:\Users\Admin\Downloads\MBSetup (1).exe
2020-12-15 20:58 - 2020-12-15 20:58 - 000034615 _____ C:\Users\Admin\Downloads\very-naajs.pdf
2020-12-15 19:41 - 2020-12-15 19:41 - 000680734 _____ C:\Users\Admin\Downloads\L10_Hlacik.pdf
2020-12-15 17:00 - 2020-12-15 17:00 - 000202007 _____ C:\Users\Admin\Downloads\HZ3_XHZ3_L10_Test_20201215.pdf
2020-12-15 14:41 - 2020-12-15 14:41 - 000352926 _____ C:\Users\Admin\Downloads\HZ3_XHZ3_ukol_L8_opakovani (1).pdf
2020-12-14 20:50 - 2020-12-14 20:50 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Dying Light Enhanced Edition Čeština
2020-12-14 20:50 - 2020-12-14 20:50 - 000000000 ____D C:\ProgramData\Caphyon
2020-12-14 20:49 - 2020-12-14 20:49 - 000000000 ____D C:\Users\Admin\AppData\Roaming\BonusWeb
2020-12-13 20:04 - 2020-12-13 20:04 - 000221029 _____ C:\Users\Admin\Downloads\HZ3_XHZ3_ukol_L4 (3).pdf
2020-12-13 13:55 - 2020-12-13 13:55 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Steam
2020-12-13 13:32 - 2020-12-13 13:32 - 000000000 ____D C:\Users\Admin\OneDrive\Dokumenty\DyingLight
2020-12-13 13:11 - 2020-12-13 13:11 - 000000000 ___HD C:\WINDOWS\msdownld.tmp
2020-12-13 13:11 - 2020-12-13 13:11 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2020-12-13 12:30 - 2020-12-13 12:30 - 000001573 _____ C:\ProgramData\Plocha\Dying Light - The Following.lnk
2020-12-13 12:30 - 2020-12-13 12:30 - 000000000 ____D C:\Games
2020-12-13 12:24 - 2020-12-13 12:24 - 017901794 _____ C:\Users\Admin\Downloads\DYING LIGHT CRACKERHEAD.rar
2020-12-13 02:17 - 2020-12-13 13:32 - 000000000 ____D C:\Users\Admin\Downloads\Dying Light - The Following EE [FitGirl Repack]
2020-12-12 22:35 - 2020-12-12 22:35 - 000183633 _____ C:\Users\Admin\Downloads\Dying-Light-The-Following-EE-FitGirl-Repack (1).torrent
2020-12-11 13:18 - 2020-12-11 13:18 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-12-11 13:18 - 2020-12-11 13:18 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-12-11 13:18 - 2020-12-11 13:18 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-12-11 13:18 - 2020-12-11 13:18 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-12-11 13:18 - 2020-12-11 13:18 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-12-11 13:18 - 2020-12-11 13:18 - 001333248 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2020-12-11 13:18 - 2020-12-11 13:18 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-11 13:18 - 2020-12-11 13:18 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2020-12-11 13:18 - 2020-12-11 13:18 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-11 13:18 - 2020-12-11 13:18 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2020-12-11 13:18 - 2020-12-11 13:18 - 000165376 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2020-12-11 13:18 - 2020-12-11 13:18 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2020-12-11 13:18 - 2020-12-11 13:18 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2020-12-11 13:18 - 2020-12-11 13:18 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2020-12-11 13:18 - 2020-12-11 13:18 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2020-12-11 13:18 - 2020-12-11 13:18 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2020-12-11 13:18 - 2020-12-11 13:18 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2020-12-11 13:18 - 2020-12-11 13:18 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2020-12-11 13:18 - 2020-12-11 13:18 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2020-12-11 13:18 - 2020-12-11 13:18 - 000010912 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2020-12-11 13:18 - 2020-12-11 13:18 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2020-12-11 13:18 - 2020-12-11 13:18 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2020-12-10 01:15 - 2020-12-10 01:18 - 052005943 _____ C:\Users\Admin\Downloads\XKY2X_2018summer.zip
2020-12-08 21:34 - 2020-12-08 21:34 - 000634840 _____ C:\Users\Admin\Downloads\L9_Hlacik.pdf
2020-12-08 16:54 - 2020-12-08 16:54 - 000202037 _____ C:\Users\Admin\Downloads\HZ3_XHZ3_L9_Test_20201208.pdf
2020-12-07 15:49 - 2020-12-07 15:49 - 000183633 _____ C:\Users\Admin\Downloads\Dying-Light-The-Following-EE-FitGirl-Repack.torrent
2020-12-07 00:27 - 2020-12-07 00:27 - 000263846 _____ C:\Users\Admin\Downloads\HZ3_XHZ3_ukol_L4_2_reseni (2).pdf
2020-12-07 00:27 - 2020-12-07 00:27 - 000221029 _____ C:\Users\Admin\Downloads\HZ3_XHZ3_ukol_L4 (2).pdf
2020-12-07 00:25 - 2020-12-07 00:25 - 000221029 _____ C:\Users\Admin\Downloads\HZ3_XHZ3_ukol_L4 (1).pdf
2020-12-06 15:24 - 2020-12-06 15:24 - 000653077 _____ C:\Users\Admin\Downloads\L8_Hlacik.pdf
2020-12-06 11:45 - 2020-12-06 11:45 - 000000000 ____D C:\Users\Admin\AppData\Local\INetHistory
2020-12-05 15:10 - 2020-12-05 15:10 - 000526064 _____ C:\Users\Admin\Downloads\HZ3_XHZ3_ukol_L9_opakovani.pdf
2020-12-03 16:54 - 2020-12-03 16:54 - 000202731 _____ C:\Users\Admin\Downloads\HZ3_XHZ3_L8_Test_20201203.pdf
2020-12-03 12:42 - 2020-12-03 12:42 - 000653544 _____ C:\Users\Admin\Downloads\L7_Hlacik (1).pdf
2020-12-02 20:19 - 2020-12-02 20:19 - 000673187 _____ C:\Users\Admin\Downloads\L6_Hlacik (2).pdf
2020-12-02 20:18 - 2020-12-02 20:18 - 000673187 _____ C:\Users\Admin\Downloads\L6_Hlacik (1).pdf
2020-12-02 20:14 - 2020-12-02 20:14 - 000653544 _____ C:\Users\Admin\Downloads\L7_Hlacik.pdf
2020-12-02 20:13 - 2020-12-02 20:13 - 000673187 _____ C:\Users\Admin\Downloads\L6_Hlacik.pdf
2020-12-01 21:35 - 2020-12-01 21:35 - 000352926 _____ C:\Users\Admin\Downloads\HZ3_XHZ3_ukol_L8_opakovani.pdf
2020-12-01 00:57 - 2020-12-01 01:02 - 284745440 _____ C:\Users\Admin\Downloads\Textbook_modrá.PDF
2020-11-26 16:55 - 2020-11-26 16:55 - 000203052 _____ C:\Users\Admin\Downloads\HZ3_XHZ3_L7_Test_20201126.pdf
2020-11-26 15:48 - 2020-11-26 15:48 - 009060765 _____ C:\Users\Admin\Downloads\Počátky modernismu a hledání kořenů.pptx
2020-11-19 16:55 - 2020-11-19 16:55 - 000201779 _____ C:\Users\Admin\Downloads\HZ3_XHZ3_L6_Test_20201119.pdf
2020-11-18 12:31 - 2020-11-18 12:31 - 000184988 _____ C:\Users\Admin\Downloads\HZ3_XHZ3_ukol_L6_opakovani.pdf
2020-11-17 13:04 - 2020-11-17 13:04 - 000805632 _____ C:\Users\Admin\Downloads\Kulturní revoluce (1).pptx
2020-11-16 18:43 - 2020-11-16 18:43 - 000574823 _____ C:\Users\Admin\Downloads\BPTX_2010_2_11210_0_288019_0_110142.pdf
2020-11-16 18:39 - 2020-11-16 18:39 - 000805632 _____ C:\Users\Admin\Downloads\Kulturní revoluce.pptx
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-12-16 15:32 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-16 15:12 - 2020-08-18 21:42 - 001693200 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-12-16 15:12 - 2019-12-07 15:41 - 000716602 _____ C:\WINDOWS\system32\perfh005.dat
2020-12-16 15:12 - 2019-12-07 15:41 - 000144780 _____ C:\WINDOWS\system32\perfc005.dat
2020-12-16 15:12 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2020-12-16 15:08 - 2020-04-21 10:16 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat
2020-12-16 15:07 - 2018-07-24 14:50 - 000000000 ____D C:\ProgramData\NVIDIA
2020-12-16 15:06 - 2018-07-25 14:41 - 000000000 ____D C:\Program Files (x86)\Steam
2020-12-16 15:05 - 2020-08-18 21:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-12-16 15:05 - 2020-08-18 21:31 - 000008192 ___SH C:\DumpStack.log.tmp
2020-12-16 15:05 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-12-16 14:16 - 2020-08-18 21:31 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-12-16 12:56 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-12-16 12:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-12-16 00:39 - 2018-11-01 20:49 - 000000000 ____D C:\Users\Admin\AppData\Roaming\discord
2020-12-13 13:25 - 2019-11-24 23:53 - 000000000 ____D C:\Users\Admin\AppData\Roaming\uTorrent
2020-12-11 14:19 - 2020-08-18 21:31 - 000312736 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-12-11 14:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-12-11 14:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2020-12-11 14:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-12-11 14:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-12-11 14:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-12-11 14:19 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2020-12-11 14:19 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-12-11 13:23 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-12-11 13:19 - 2018-08-30 16:37 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-12-11 13:13 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-11 13:12 - 2020-06-05 13:45 - 000002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-11 13:12 - 2020-06-05 13:45 - 000002257 _____ C:\ProgramData\Plocha\Microsoft Edge.lnk
2020-12-11 13:06 - 2020-06-02 12:08 - 000000000 ____D C:\Program Files\Riot Vanguard
2020-12-10 19:53 - 2018-09-19 15:10 - 000000000 ____D C:\ProgramData\Riot Games
2020-12-10 00:35 - 2018-07-25 15:34 - 000000000 ____D C:\Users\Admin\AppData\Local\D3DSCache
2020-12-07 20:58 - 2018-11-01 20:49 - 000000000 ____D C:\Users\Admin\AppData\Local\Discord
2020-12-03 22:16 - 2020-08-18 21:38 - 000003472 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-12-03 22:16 - 2020-08-18 21:38 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-12-02 22:46 - 2018-07-25 15:00 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-12-02 22:46 - 2018-07-25 15:00 - 000002260 _____ C:\ProgramData\Plocha\Google Chrome.lnk
2020-11-28 16:23 - 2018-07-24 15:37 - 000000000 ____D C:\Users\Admin\AppData\Local\NVIDIA Corporation
2020-11-26 21:37 - 2018-07-24 14:28 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-11-26 21:36 - 2018-07-24 15:27 - 000795000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2020-11-25 23:32 - 2018-07-25 16:57 - 000000000 ____D C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2020-11-25 19:09 - 2020-08-18 21:38 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-11-25 11:57 - 2020-08-18 21:38 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-11-25 11:57 - 2020-08-18 21:38 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-11-22 22:26 - 2018-07-24 14:35 - 000000000 ____D C:\ProgramData\Package Cache
2020-11-20 23:07 - 2018-07-24 15:26 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-11-20 23:06 - 2018-07-24 15:26 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-11-20 16:45 - 2020-07-18 18:11 - 001562560 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2020-11-20 16:45 - 2020-07-18 18:11 - 000170424 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2020-11-20 16:45 - 2020-07-18 18:11 - 000158136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2020-11-20 16:45 - 2020-07-18 18:11 - 000154032 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2020-11-20 16:45 - 2020-07-18 18:11 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2020-11-20 16:45 - 2020-07-18 18:11 - 000033728 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe
==================== Files in the root of some directories ========
2019-04-22 21:47 - 2019-04-22 21:47 - 000000410 _____ () C:\Users\Admin\AppData\Local\oobelibMkey.log
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
