VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Trojan.Multi.Brosubsc.gen

https://forum.viry.cz:443/viewtopic.php?t=157889

Stránka 1 z 2

Trojan.Multi.Brosubsc.gen

Napsal: 21 úno 2021 10:18
od bigmuff
Ahoj začala na mě vyskakovat tyto okna
Obrázek Obrázek

když dám v Kaspersky cure-continue....proběhne, dám sken znovu a je to tam stále...

a teď při restartu hláška o chybě--proběhla oprava spuštění

win.defender nenašel nic

můžu poprosit o radu

Re: Trojan.Multi.Brosubsc.gen

Napsal: 21 úno 2021 11:02
od Rudy
Zdravím!
Dejte logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=154679 .

Re: Trojan.Multi.Brosubsc.gen

Napsal: 21 úno 2021 11:17
od bigmuff
ok tady......

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-02-2021 01
Ran by rossu (administrator) on DESKTOP-D47UQCR (Acer Aspire ES1-731G) (21-02-2021 11:08:05)
Running from C:\Users\rossu\Desktop
Loaded Profiles: rossu
Platform: Windows 10 Home Version 20H2 19042.804 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(FOXIT SOFTWARE INC. -> Foxit Software Inc.) D:\program\Foxit Reader\FoxitReaderUpdateService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <14>
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\rossu\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.BingWeather_4.46.23383.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\NisSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-1139899892-52648791-3838483249-1001\...\Run: [qBittorrent] => D:\program\qBittorrent\qbittorrent.exe [26116096 2021-01-19] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\88.0.4324.182\Installer\chrmstp.exe [2021-02-17] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0CB44164-65ED-4C0A-90E0-87ED4B27EF92} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-07] (Google LLC -> Google LLC)
Task: {49B67F8C-7876-47E2-AC94-7BD1DD440129} - System32\Tasks\2BrightSparks\SyncBackFree\DESKTOP-D47UQCR-rossu\SyncBackFree foto => D:\program\SyncBackFree\SyncBackFree.exe [74639856 2021-01-18] (2BrightSparks Pte. Ltd. -> 2BrightSparks Pte. Ltd.)
Task: {56C7FD79-D210-4F76-8C23-6828225DA527} - System32\Tasks\2BrightSparks\SyncBackFree\DESKTOP-D47UQCR-rossu\SyncBackFree dokument => D:\program\SyncBackFree\SyncBackFree.exe [74639856 2021-01-18] (2BrightSparks Pte. Ltd. -> 2BrightSparks Pte. Ltd.)
Task: {C1A70DED-722F-4032-99D2-3005A3E4B395} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CFE8F9CF-FD72-449C-999A-17C7CD539103} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {d189c7f6-7931-40b2-a757-1176d46d84cb} - no filepath
Task: {DB99098A-0A0C-44BB-9604-FDF58BE8E2FF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-07] (Google LLC -> Google LLC)
Task: {DFEB708C-FE54-4DAA-AEBA-EB1190653A54} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E9C1DAD2-043B-40E2-B6BC-67BACEC3DAF8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{dfb078ce-395a-4416-87a0-d2f936c96fe4}: [DhcpNameServer] 192.168.0.1 0.0.0.0

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\rossu\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-11]
Edge Extension: (Outlook) - C:\Users\rossu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2021-02-07]
Edge Extension: (Word) - C:\Users\rossu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2021-02-07]
Edge Extension: (Excel) - C:\Users\rossu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2021-02-07]
Edge Extension: (PowerPoint) - C:\Users\rossu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2021-02-07]

FireFox:
========
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> D:\program\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> D:\program\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> D:\program\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> D:\program\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> D:\program\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default [2021-02-21]
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://playfmrussia.ru; hxxps://www.facebook.com
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxps://www.seznam.cz/"
CHR Extension: (Překladač Google) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-02-07]
CHR Extension: (Prezentace) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-02-07]
CHR Extension: (Dokumenty) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-02-07]
CHR Extension: (Disk Google) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-07]
CHR Extension: (Seznam doplněk - Email) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2021-02-07]
CHR Extension: (YouTube) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-02-07]
CHR Extension: (Tabulky) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-02-07]
CHR Extension: (AddToAny: Share Anywhere) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffpgijchhhkhnokafdeklpllijgnbche [2021-02-07]
CHR Extension: (Dokumenty Google offline) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-02-07]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-02-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-07]
CHR Extension: (Gmail) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-07]
CHR Extension: (Chrome Media Router) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-07]
CHR Profile: C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-02-07]
CHR Profile: C:\Users\rossu\AppData\Local\Google\Chrome\User Data\System Profile [2021-02-07]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 FoxitReaderUpdateService; D:\program\Foxit Reader\FoxitReaderUpdateService.exe [2357936 2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\NisSrv.exe [2462960 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MsMpEng.exe [128376 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49552 2021-02-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [419040 2021-02-11] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [71912 2021-02-11] (Microsoft Windows -> Microsoft Corporation)
S3 MpKsla930670c; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0AECC556-09B9-4BC6-BC99-816AC95F226C}\MpKslDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-21 11:08 - 2021-02-21 11:09 - 000012181 _____ C:\Users\rossu\Desktop\FRST.txt
2021-02-21 11:07 - 2021-02-21 11:08 - 000000000 ____D C:\FRST
2021-02-21 11:05 - 2021-02-21 11:05 - 002301440 _____ (Farbar) C:\Users\rossu\Desktop\FRST64.exe
2021-02-21 10:46 - 2021-02-21 10:46 - 000000778 _____ C:\Users\rossu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-02-21 10:46 - 2021-02-21 10:46 - 000000000 ____D C:\Users\rossu\AppData\Local\ESET
2021-02-20 19:15 - 2021-02-20 19:27 - 000000000 ____D C:\ProgramData\SP_FT_Logs
2021-02-20 18:49 - 2021-02-20 18:49 - 000000000 ____D C:\Users\rossu\.android
2021-02-20 18:01 - 2021-02-20 18:01 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2021-02-20 17:02 - 2021-02-20 17:02 - 000000000 ____D C:\adbtk
2021-02-20 16:58 - 2021-02-20 16:58 - 000000000 ____D C:\Users\rossu\Desktop\adb-toolkit
2021-02-20 15:43 - 2021-02-20 15:43 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-02-20 07:49 - 2021-02-21 09:39 - 000000000 ____D C:\KVRT_Data
2021-02-20 07:45 - 2021-02-20 07:48 - 192969872 _____ (AO Kaspersky Lab) C:\Users\rossu\Desktop\KVRT.exe
2021-02-20 07:45 - 2021-02-20 07:45 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2021-02-17 17:52 - 2021-02-17 17:52 - 000000000 ____D C:\Users\rossu\AppData\Local\ElevatedDiagnostics
2021-02-14 17:18 - 2021-02-14 17:18 - 000000000 ____D C:\Users\rossu\Desktop\xcx
2021-02-14 16:12 - 2021-02-14 16:12 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2021-02-11 18:19 - 2021-02-11 18:19 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2021-02-11 18:18 - 2021-02-11 18:18 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2021-02-11 18:18 - 2021-02-11 18:18 - 001314112 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-02-11 18:18 - 2021-02-11 18:18 - 000231232 _____ C:\Windows\system32\containerdevicemanagement.dll
2021-02-11 18:18 - 2021-02-11 18:18 - 000010892 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-02-11 17:02 - 2021-02-11 17:02 - 000000000 ____D C:\Users\rossu\AppData\Roaming\WinRAR
2021-02-11 17:02 - 2021-02-11 17:02 - 000000000 ____D C:\Users\rossu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-02-11 17:02 - 2021-02-11 17:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-02-09 20:55 - 2021-02-21 10:41 - 000000000 ____D C:\Users\rossu\AppData\Roaming\MyPhoneExplorer
2021-02-09 20:55 - 2021-02-09 20:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2021-02-09 17:03 - 2021-02-09 17:04 - 000001409 _____ C:\Users\rossu\Desktop\Reboot.lnk
2021-02-09 17:01 - 2021-02-09 17:04 - 000001409 _____ C:\Users\rossu\Desktop\Vypnut.lnk
2021-02-08 18:52 - 2021-02-08 18:52 - 000000841 _____ C:\Users\rossu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SyncBackFree.lnk
2021-02-08 18:40 - 2021-02-08 18:40 - 000000000 ____D C:\Windows\system32\Tasks\2BrightSparks
2021-02-08 18:37 - 2021-02-08 18:37 - 000000000 ____D C:\Users\rossu\AppData\Roaming\2BrightSparks
2021-02-08 18:37 - 2021-02-08 18:37 - 000000000 ____D C:\Users\rossu\AppData\Local\2BrightSparks
2021-02-08 18:36 - 2021-02-08 18:36 - 000000839 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SyncBackFree.lnk
2021-02-08 18:22 - 2021-02-08 18:22 - 000000000 ____D C:\Users\rossu\AppData\Local\AdvertisingPopup
2021-02-08 18:22 - 2021-02-08 18:22 - 000000000 ____D C:\Users\rossu\.QtWebEngineProcess
2021-02-08 18:22 - 2021-02-08 18:22 - 000000000 ____D C:\Users\rossu\.AdvertisingPopup
2021-02-08 18:21 - 2021-02-08 18:21 - 000000048 _____ C:\Windows\SysWOW64\EUTB.TODL
2021-02-08 18:21 - 2021-02-08 18:21 - 000000000 ____D C:\ProgramData\SystemAcCrux
2021-02-08 18:21 - 2021-02-08 18:21 - 000000000 ____D C:\ProgramData\EaseUS
2021-02-08 18:21 - 2021-01-12 10:16 - 000341760 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\EuFdDisk.sys
2021-02-08 18:21 - 2021-01-12 10:16 - 000074296 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eubakup.sys
2021-02-08 18:21 - 2021-01-12 10:16 - 000053304 _____ C:\Windows\system32\Drivers\EUBKMON.sys
2021-02-08 18:21 - 2021-01-12 10:16 - 000022784 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eudskacs.sys
2021-02-08 18:18 - 2021-02-08 18:18 - 000000000 ____D C:\Users\rossu\AppData\Roaming\NVIDIA
2021-02-08 18:18 - 2021-02-08 18:18 - 000000000 ____D C:\Users\rossu\AppData\Roaming\LibreOffice
2021-02-08 18:17 - 2021-02-08 18:17 - 000000519 _____ C:\Users\rossu\Desktop\Dokument.lnk
2021-02-08 18:12 - 2021-02-08 18:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 7.1
2021-02-08 17:15 - 2021-02-08 17:15 - 000001732 _____ C:\Users\rossu\Documents\Kde jsou moje soubory.lnk
2021-02-07 08:56 - 2021-02-07 08:56 - 000000000 ____D C:\Users\rossu\AppData\LocalLow\Foxit
2021-02-07 08:30 - 2021-02-07 08:30 - 000000000 ____D C:\ProgramData\Foxit Software
2021-02-07 08:29 - 2021-02-20 19:27 - 000000000 ____D C:\Users\rossu\AppData\Local\CrashDumps
2021-02-07 08:29 - 2021-02-07 08:57 - 000000000 ____D C:\Users\rossu\AppData\Roaming\Foxit Software
2021-02-07 08:29 - 2021-02-07 08:29 - 000000000 ____D C:\Users\rossu\AppData\Roaming\Foxit AgentInformation
2021-02-07 08:29 - 2021-02-07 08:29 - 000000000 ____D C:\ProgramData\Foxit ContentPlatform
2021-02-07 08:23 - 2021-02-07 08:23 - 000002916 _____ C:\Users\rossu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2021-02-07 08:23 - 2021-02-07 08:23 - 000002906 _____ C:\Users\rossu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2021-02-07 08:23 - 2021-02-07 08:23 - 000002904 _____ C:\Users\rossu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk
2021-02-07 08:19 - 2021-02-07 08:19 - 000000000 ____D C:\Users\rossu\AppData\Local\VS Revo Group
2021-02-07 08:18 - 2021-02-07 08:18 - 000000000 ____D C:\ProgramData\VS Revo Group
2021-02-07 07:19 - 2021-02-07 07:19 - 000000000 ____D C:\Users\rossu\AppData\Local\OneDrive
2021-02-07 06:48 - 2021-02-07 06:48 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2021-02-07 06:47 - 2021-02-10 21:46 - 000000000 ____D C:\Windows\system32\MRT
2021-02-07 06:31 - 2021-02-07 06:31 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2021-02-07 06:31 - 2021-02-07 06:31 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2021-02-07 06:31 - 2021-02-07 06:31 - 000234496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2021-02-07 06:31 - 2021-02-07 06:31 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VBICodec.ax
2021-02-07 06:31 - 2021-02-07 06:31 - 000095744 _____ C:\Windows\system32\VirtualMonitorManager.dll
2021-02-07 06:31 - 2021-02-07 06:31 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
2021-02-07 06:30 - 2021-02-07 06:30 - 000729600 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2021-02-07 06:30 - 2021-02-07 06:30 - 000595968 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2021-02-07 06:30 - 2021-02-07 06:30 - 000575488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2021-02-07 06:30 - 2021-02-07 06:30 - 000469504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
2021-02-07 06:30 - 2021-02-07 06:30 - 000304128 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2021-02-07 06:30 - 2021-02-07 06:30 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\VBICodec.ax
2021-02-07 06:30 - 2021-02-07 06:30 - 000100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncpa.cpl
2021-02-07 06:30 - 2021-02-07 06:30 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2021-02-07 06:30 - 2021-02-07 06:30 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2021-02-07 06:30 - 2021-02-07 06:30 - 000072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2021-02-07 06:30 - 2021-02-07 06:30 - 000067072 _____ C:\Windows\system32\BWContextHandler.dll
2021-02-07 06:30 - 2021-02-07 06:30 - 000053760 _____ C:\Windows\SysWOW64\BWContextHandler.dll
2021-02-07 06:29 - 2021-02-07 06:29 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-02-07 06:29 - 2021-02-07 06:29 - 001162240 _____ C:\Windows\system32\MBR2GPT.EXE
2021-02-07 06:29 - 2021-02-07 06:29 - 000455680 _____ C:\Windows\SysWOW64\WindowManagementAPI.dll
2021-02-07 06:29 - 2021-02-07 06:29 - 000446976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
2021-02-07 06:29 - 2021-02-07 06:29 - 000422912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2021-02-07 06:29 - 2021-02-07 06:29 - 000330752 _____ C:\Windows\SysWOW64\ssdm.dll
2021-02-07 06:29 - 2021-02-07 06:29 - 000266240 _____ C:\Windows\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-02-07 06:29 - 2021-02-07 06:29 - 000240640 _____ C:\Windows\SysWOW64\CoreMas.dll
2021-02-07 06:29 - 2021-02-07 06:29 - 000235520 _____ C:\Windows\SysWOW64\HeatCore.dll
2021-02-07 06:29 - 2021-02-07 06:29 - 000182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2021-02-07 06:29 - 2021-02-07 06:29 - 000178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2021-02-07 06:29 - 2021-02-07 06:29 - 000039936 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2021-02-07 06:29 - 2021-02-07 06:29 - 000010752 _____ C:\Windows\SysWOW64\agentactivationruntimestarter.exe
2021-02-07 06:28 - 2021-02-07 06:28 - 002254336 _____ C:\Windows\system32\dwmscene.dll
2021-02-07 06:28 - 2021-02-07 06:28 - 001822272 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-02-07 06:28 - 2021-02-07 06:28 - 001393496 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-02-07 06:28 - 2021-02-07 06:28 - 000643072 _____ C:\Windows\system32\WindowManagementAPI.dll
2021-02-07 06:28 - 2021-02-07 06:28 - 000544768 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
2021-02-07 06:28 - 2021-02-07 06:28 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2021-02-07 06:28 - 2021-02-07 06:28 - 000190976 _____ C:\Windows\system32\BthpanContextHandler.dll
2021-02-07 06:28 - 2021-02-07 06:28 - 000152064 _____ C:\Windows\system32\EoAExperiences.exe
2021-02-07 06:28 - 2021-02-07 06:28 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\ncpa.cpl
2021-02-07 06:28 - 2021-02-07 06:28 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2021-02-07 06:28 - 2021-02-07 06:28 - 000048640 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2021-02-07 06:28 - 2021-02-07 06:28 - 000001370 _____ C:\Windows\system32\ThirdPartyNoticesBySHS.txt
2021-02-07 06:27 - 2021-02-07 06:27 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-02-07 06:27 - 2021-02-07 06:27 - 000562688 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2021-02-07 06:27 - 2021-02-07 06:27 - 000455168 _____ C:\Windows\system32\ssdm.dll
2021-02-07 06:27 - 2021-02-07 06:27 - 000363520 _____ C:\Windows\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-02-07 06:27 - 2021-02-07 06:27 - 000306688 _____ C:\Windows\system32\HeatCore.dll
2021-02-07 06:27 - 2021-02-07 06:27 - 000287232 _____ C:\Windows\system32\CoreMas.dll
2021-02-07 06:27 - 2021-02-07 06:27 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2021-02-07 06:27 - 2021-02-07 06:27 - 000165888 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-02-07 06:27 - 2021-02-07 06:27 - 000089088 _____ C:\Windows\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-02-07 06:27 - 2021-02-07 06:27 - 000074240 _____ C:\Windows\system32\rdsxvmaudio.dll
2021-02-07 06:27 - 2021-02-07 06:27 - 000073216 _____ C:\Windows\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-02-07 06:27 - 2021-02-07 06:27 - 000013312 _____ C:\Windows\system32\agentactivationruntimestarter.exe
2021-02-07 06:04 - 2021-02-21 11:07 - 000000000 ____D C:\Users\rossu\AppData\Roaming\qBittorrent
2021-02-07 06:04 - 2021-02-07 06:04 - 000000000 ____D C:\Users\rossu\AppData\Local\qBittorrent
2021-02-07 05:59 - 2021-02-07 05:59 - 000000000 ___HD C:\$WinREAgent
2021-02-07 05:53 - 2021-02-07 10:39 - 000000000 ____D C:\Users\rossu\AppData\Local\Comms
2021-02-07 05:50 - 2021-02-07 05:50 - 000000000 ____D C:\Users\rossu\AppData\Local\PackageStaging
2021-02-07 02:22 - 2021-02-17 17:05 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-07 02:22 - 2021-02-07 02:22 - 000000000 ____D C:\Program Files\Google
2021-02-07 02:21 - 2021-02-21 10:42 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-02-07 02:21 - 2021-02-21 10:42 - 000000000 __SHD C:\Users\rossu\IntelGraphicsProfiles
2021-02-07 02:21 - 2021-02-08 16:01 - 000000000 ____D C:\Users\rossu\AppData\Local\PlaceholderTileLogoFolder
2021-02-07 02:21 - 2021-02-07 02:21 - 000003472 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-07 02:21 - 2021-02-07 02:21 - 000003348 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-02-07 02:21 - 2021-02-07 02:21 - 000000200 _____ C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2021-02-07 02:21 - 2021-02-07 02:21 - 000000000 ____D C:\Program Files\Intel
2021-02-07 02:21 - 2021-02-07 02:21 - 000000000 ____D C:\Program Files (x86)\Intel
2021-02-07 02:21 - 2021-02-07 02:21 - 000000000 ____D C:\Program Files (x86)\Google
2021-02-07 02:21 - 2021-02-07 02:21 - 000000000 ____D C:\Intel
2021-02-07 02:20 - 2021-02-07 06:05 - 000000000 ____D C:\Users\rossu\AppData\Local\Google
2021-02-07 02:20 - 2015-09-30 20:42 - 037340296 _____ (Intel Corporation) C:\Windows\system32\igdumdim64.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 036408552 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 030945752 _____ (Intel Corporation) C:\Windows\system32\igd11dxva64.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 030139968 _____ (Intel Corporation) C:\Windows\SysWOW64\igd11dxva32.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 013124632 _____ (Intel Corporation) C:\Windows\system32\igc64.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 011491400 _____ (Intel Corporation) C:\Windows\system32\igd10iumd64.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 010728440 _____ (Intel Corporation) C:\Windows\SysWOW64\igc32.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 009932984 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10iumd32.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 006372408 _____ (Intel Corporation) C:\Windows\system32\igdusc64.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 005226872 _____ (Intel Corporation) C:\Windows\system32\igd12umd64.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 005205912 _____ (Intel Corporation) C:\Windows\SysWOW64\igd12umd32.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 004903056 _____ (Intel Corporation) C:\Windows\SysWOW64\igdusc32.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 001910472 _____ (Intel Corporation) C:\Windows\system32\igdmd64.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 001816720 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 001814072 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 001499664 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmd32.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 000306576 _____ (Intel Corporation) C:\Windows\system32\igd10idpp64.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 000291952 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10idpp32.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 000243688 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 000221712 _____ (Intel Corporation) C:\Windows\system32\igdde64.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 000205368 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 000184504 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 000183472 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 000180728 _____ (Intel Corporation) C:\Windows\SysWOW64\igdde32.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 000162824 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 000161800 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 000055248 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 020488720 _____ (Intel Corporation) C:\Windows\system32\common_clang64.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 015263240 _____ (Intel Corporation) C:\Windows\SysWOW64\common_clang32.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 013020168 _____ (Intel Corporation) C:\Windows\system32\ig8icd64.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 010038264 _____ (Intel Corporation) C:\Windows\SysWOW64\ig8icd32.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 005759240 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64lp.sys
2021-02-07 02:20 - 2015-09-30 20:39 - 005485064 _____ (Intel Corporation) C:\Windows\system32\igdmcl64.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 005264376 _____ (Intel Corporation) C:\Windows\system32\GfxResources.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 004461584 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 003889680 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 003818504 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmcl32.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 002046976 _____ (Intel Corporation) C:\Windows\system32\igfxLHM.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 001584632 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 001234944 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 001174032 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 001025448 _____ C:\Windows\system32\igfxSDK.exe
2021-02-07 02:20 - 2015-09-30 20:39 - 000989696 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000945048 _____ (Intel Corporation) C:\Windows\system32\Gfxv4_0.exe
2021-02-07 02:20 - 2015-09-30 20:39 - 000941976 _____ (Intel Corporation) C:\Windows\system32\Gfxv2_0.exe
2021-02-07 02:20 - 2015-09-30 20:39 - 000740880 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000641544 _____ (Intel Corporation) C:\Windows\system32\MetroIntelGenericUIFramework.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000608664 _____ C:\Windows\system32\IntelCpHDCPSvc.exe
2021-02-07 02:20 - 2015-09-30 20:39 - 000538512 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiUMS64.exe
2021-02-07 02:20 - 2015-09-30 20:39 - 000467864 _____ (Intel Corporation) C:\Windows\system32\GfxUIEx.exe
2021-02-07 02:20 - 2015-09-30 20:39 - 000444416 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000416760 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000415128 _____ C:\Windows\system32\igfxTray.exe
2021-02-07 02:20 - 2015-09-30 20:39 - 000403472 _____ (Intel Corporation) C:\Windows\system32\igfxOSP.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000392192 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000370176 _____ (Intel Corporation) C:\Windows\system32\igfxDI.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000368552 _____ (Intel Corporation) C:\Windows\system32\igfxCUIService.exe
2021-02-07 02:20 - 2015-09-30 20:39 - 000350728 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiMCComp64.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000346520 _____ (Intel Corporation) C:\Windows\system32\igfxEM.exe
2021-02-07 02:20 - 2015-09-30 20:39 - 000332800 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiUtils64.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000318968 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000300456 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2021-02-07 02:20 - 2015-09-30 20:39 - 000273424 _____ C:\Windows\system32\igfxCPL.cpl
2021-02-07 02:20 - 2015-09-30 20:39 - 000268184 _____ (Intel Corporation) C:\Windows\system32\igfxHK.exe
2021-02-07 02:20 - 2015-09-30 20:39 - 000260104 _____ (Intel Corporation) C:\Windows\system32\igfxDTCM.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000236456 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2021-02-07 02:20 - 2015-09-30 20:39 - 000233360 _____ (Intel Corporation) C:\Windows\system32\DPTopologyApp.exe
2021-02-07 02:20 - 2015-09-30 20:39 - 000232856 _____ (Intel Corporation) C:\Windows\system32\DPTopologyAppv2_0.exe
2021-02-07 02:20 - 2015-09-30 20:39 - 000202232 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v4248.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000189456 _____ (Intel Corporation) C:\Windows\system32\igdail64.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000176024 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2021-02-07 02:20 - 2015-09-30 20:39 - 000172544 _____ (Intel Corporation) C:\Windows\SysWOW64\igdail32.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000161296 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiLogServer64.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000107528 _____ ( ) C:\Windows\system32\igfxSDKLibv2_0.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000105472 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000103432 _____ C:\Windows\system32\igfxCUIServicePS.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000101376 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD64.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000100360 _____ ( ) C:\Windows\system32\igfxSDKLib.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000092664 _____ ( ) C:\Windows\system32\igfxDHLibv2_0.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000081928 _____ ( ) C:\Windows\system32\igfxDHLib.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000052752 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000029192 _____ ( ) C:\Windows\system32\igfxDILib.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000028688 _____ ( ) C:\Windows\system32\igfxDILibv2_0.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000027656 _____ ( ) C:\Windows\system32\igfxEMLibv2_0.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000027656 _____ ( ) C:\Windows\system32\igfxEMLib.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000024056 _____ ( ) C:\Windows\system32\igfxLHMLibv2_0.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000024056 _____ ( ) C:\Windows\system32\igfxLHMLib.dll
2021-02-07 02:20 - 2015-08-20 02:36 - 002813952 _____ C:\Windows\system32\iglhxa64.cpa
2021-02-07 02:20 - 2015-08-20 02:36 - 000403671 _____ C:\Windows\system32\ImageStabilization.wmv
2021-02-07 02:20 - 2015-08-20 02:36 - 000044025 _____ C:\Windows\system32\iglhxo64.vp
2021-02-07 02:20 - 2015-08-20 02:36 - 000043816 _____ C:\Windows\system32\iglhxc64_dev.vp
2021-02-07 02:20 - 2015-08-20 02:36 - 000043494 _____ C:\Windows\system32\iglhxc64.vp
2021-02-07 02:20 - 2015-08-20 02:36 - 000043298 _____ C:\Windows\system32\iglhxg64_dev.vp
2021-02-07 02:20 - 2015-08-20 02:36 - 000043256 _____ C:\Windows\system32\iglhxg64.vp
2021-02-07 02:20 - 2015-08-20 02:36 - 000042079 _____ C:\Windows\system32\iglhxo64_dev.vp
2021-02-07 02:20 - 2015-08-20 02:36 - 000005150 _____ C:\Windows\system32\iglhxs64lp.vp
2021-02-07 02:20 - 2015-08-20 02:36 - 000001125 _____ C:\Windows\system32\iglhxa64.vp
2021-02-07 02:20 - 2015-08-20 02:35 - 006741482 _____ C:\Windows\system32\igdclbif.bin
2021-02-07 02:20 - 2015-08-20 02:34 - 000641530 _____ C:\Windows\system32\FilmModeDetection.wmv
2021-02-07 02:20 - 2015-08-20 02:34 - 000511260 _____ C:\Windows\system32\cp_resources.bin
2021-02-07 02:20 - 2015-08-20 02:34 - 000375173 _____ C:\Windows\system32\ColorImageEnhancement.wmv
2021-02-07 02:20 - 2015-08-20 02:34 - 000000935 _____ C:\Windows\system32\Gfxv4_0.exe.config
2021-02-07 02:20 - 2015-08-20 02:34 - 000000935 _____ C:\Windows\system32\DPTopologyApp.exe.config
2021-02-07 02:20 - 2015-08-20 02:34 - 000000895 _____ C:\Windows\system32\Gfxv2_0.exe.config
2021-02-07 02:20 - 2015-08-20 02:34 - 000000895 _____ C:\Windows\system32\DPTopologyAppv2_0.exe.config
2021-02-07 02:17 - 2021-02-07 02:17 - 000000000 ___HD C:\OneDriveTemp
2021-02-07 02:17 - 2021-02-07 02:17 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2021-02-07 02:17 - 2016-12-29 14:16 - 006384576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2021-02-07 02:17 - 2016-12-29 14:16 - 002475968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2021-02-07 02:17 - 2016-12-29 14:16 - 001762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2021-02-07 02:17 - 2016-12-29 14:16 - 000546752 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2021-02-07 02:17 - 2016-12-29 14:16 - 000392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2021-02-07 02:17 - 2016-12-29 14:16 - 000083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2021-02-07 02:17 - 2016-12-29 14:16 - 000069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2021-02-07 02:17 - 2016-12-22 00:59 - 007651057 _____ C:\Windows\system32\nvcoproc.bin
2021-02-07 02:17 - 2016-09-09 19:25 - 000269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2021-02-07 02:17 - 2016-09-09 19:25 - 000261920 _____ C:\Windows\system32\vulkan-1.dll
2021-02-07 02:17 - 2016-09-09 19:25 - 000110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2021-02-07 02:17 - 2016-09-09 19:24 - 000125216 _____ C:\Windows\system32\vulkaninfo.exe
2021-02-07 02:16 - 2021-02-21 10:43 - 000000000 ___RD C:\Users\rossu\OneDrive
2021-02-07 02:16 - 2021-02-21 10:42 - 000000000 ____D C:\ProgramData\NVIDIA
2021-02-07 02:16 - 2021-02-17 16:22 - 000003376 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1139899892-52648791-3838483249-1001
2021-02-07 02:16 - 2021-02-07 02:16 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-02-07 02:16 - 2016-12-29 14:10 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2021-02-07 02:16 - 2015-09-30 20:39 - 000105472 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2021-02-07 02:16 - 2015-09-30 20:39 - 000101376 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2021-02-07 02:15 - 2021-02-21 10:47 - 001605602 _____ C:\Windows\system32\PerfStringBackup.INI
2021-02-07 02:15 - 2021-02-07 02:15 - 000000000 ____D C:\Users\rossu\AppData\Local\Publishers
2021-02-07 02:14 - 2021-02-08 18:30 - 000000000 ____D C:\Users\rossu\AppData\Local\Packages
2021-02-07 02:14 - 2021-02-07 05:48 - 000000000 ____D C:\Users\rossu\AppData\Local\ConnectedDevicesPlatform
2021-02-07 02:14 - 2021-02-07 02:17 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-02-07 02:14 - 2021-02-07 02:14 - 000000000 ___RD C:\Users\rossu\3D Objects
2021-02-07 02:14 - 2021-02-07 02:14 - 000000000 ____D C:\Users\rossu\AppData\Roaming\Adobe
2021-02-07 02:14 - 2021-02-07 02:14 - 000000000 ____D C:\Users\rossu\AppData\Local\VirtualStore
2021-02-07 02:14 - 2021-02-07 02:14 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-02-07 02:13 - 2017-01-17 05:56 - 034717624 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2021-02-07 02:13 - 2017-01-17 05:56 - 028209080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2021-02-07 02:13 - 2017-01-17 05:56 - 000951224 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2021-02-07 02:13 - 2017-01-17 05:56 - 000904760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2021-02-07 02:13 - 2017-01-17 05:56 - 000448568 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2021-02-07 02:13 - 2017-01-17 05:56 - 000397240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2021-02-07 02:13 - 2017-01-17 05:55 - 002961336 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2021-02-07 02:13 - 2017-01-17 05:55 - 002594744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2021-02-07 02:13 - 2017-01-17 05:55 - 001964600 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437654.dll
2021-02-07 02:13 - 2017-01-17 05:55 - 001598392 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437654.dll
2021-02-07 02:13 - 2017-01-17 05:55 - 001047096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2021-02-07 02:13 - 2017-01-17 05:55 - 000985144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2021-02-07 02:13 - 2017-01-17 05:54 - 040134200 _____ C:\Windows\system32\nvcompiler.dll
2021-02-07 02:13 - 2017-01-17 05:54 - 035233336 _____ C:\Windows\SysWOW64\nvcompiler.dll
2021-02-07 02:13 - 2017-01-17 05:53 - 011017016 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2021-02-07 02:13 - 2017-01-17 05:52 - 010907368 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2021-02-07 02:13 - 2017-01-17 05:52 - 010453152 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2021-02-07 02:13 - 2017-01-17 05:52 - 009246832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2021-02-07 02:13 - 2017-01-17 05:52 - 009000336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2021-02-07 02:13 - 2017-01-17 05:52 - 008847016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2021-02-07 02:13 - 2017-01-17 05:52 - 003972960 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2021-02-07 02:13 - 2017-01-17 05:52 - 003509152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2021-02-07 02:13 - 2017-01-17 05:52 - 000818688 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2021-02-07 02:13 - 2017-01-17 05:52 - 000698544 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2021-02-07 02:13 - 2017-01-17 05:52 - 000658592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2021-02-07 02:13 - 2017-01-17 05:52 - 000586784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2021-02-07 02:13 - 2017-01-17 05:52 - 000407240 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2021-02-07 02:13 - 2017-01-17 05:52 - 000339152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2021-02-07 02:13 - 2017-01-17 00:59 - 000042296 _____ C:\Windows\system32\nvinfo.pb
2021-02-07 02:13 - 2017-01-17 00:59 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2021-02-07 02:13 - 2017-01-17 00:59 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2021-02-07 02:11 - 2021-02-21 10:42 - 000000000 ____D C:\Users\rossu
2021-02-07 02:11 - 2021-02-17 16:22 - 000002361 _____ C:\Users\rossu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-07 02:11 - 2021-02-07 02:11 - 000000020 ___SH C:\Users\rossu\ntuser.ini
2021-02-07 02:11 - 2021-02-07 02:11 - 000000000 _SHDL C:\Users\rossu\Šablony
2021-02-07 02:11 - 2021-02-07 02:11 - 000000000 _SHDL C:\Users\rossu\Soubory cookie
2021-02-07 02:11 - 2021-02-07 02:11 - 000000000 _SHDL C:\Users\rossu\Poslední
2021-02-07 02:11 - 2021-02-07 02:11 - 000000000 _SHDL C:\Users\rossu\Okolní tiskárny
2021-02-07 02:11 - 2021-02-07 02:11 - 000000000 _SHDL C:\Users\rossu\Okolní síť
2021-02-07 02:11 - 2021-02-07 02:11 - 000000000 _SHDL C:\Users\rossu\Nabídka Start
2021-02-07 02:11 - 2021-02-07 02:11 - 000000000 _SHDL C:\Users\rossu\Dokumenty
2021-02-07 02:11 - 2021-02-07 02:11 - 000000000 _SHDL C:\Users\rossu\Documents\Obrázky
2021-02-07 02:11 - 2021-02-07 02:11 - 000000000 _SHDL C:\Users\rossu\Documents\Hudba
2021-02-07 02:11 - 2021-02-07 02:11 - 000000000 _SHDL C:\Users\rossu\Documents\Filmy
2021-02-07 02:11 - 2021-02-07 02:11 - 000000000 _SHDL C:\Users\rossu\Data aplikací
2021-02-07 02:11 - 2021-02-07 02:11 - 000000000 _SHDL C:\Users\rossu\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-02-07 02:11 - 2021-02-07 02:11 - 000000000 _SHDL C:\Users\rossu\AppData\Local\Data aplikací
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\Users\Default\Šablony
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\Users\Default\Soubory cookie
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\Users\Default\Poslední
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\Users\Default\Okolní tiskárny
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\Users\Default\Okolní síť
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\Users\Default\Nabídka Start
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\Users\Default\Dokumenty
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\Users\Default\Documents\Obrázky
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\Users\Default\Documents\Hudba
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\Users\Default\Documents\Filmy
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\Users\Default\Data aplikací
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\Users\Default\AppData\Local\Data aplikací
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\ProgramData\Šablony
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\ProgramData\Plocha
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\ProgramData\Nabídka Start
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programy
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\ProgramData\Dokumenty
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\ProgramData\Data aplikací
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\Documents and Settings
2021-02-07 02:03 - 2021-02-07 02:03 - 000002850 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1139899892-52648791-3838483249-500
2021-02-07 02:02 - 2021-02-21 10:42 - 000008192 ___SH C:\DumpStack.log.tmp
2021-02-07 02:02 - 2021-02-07 02:02 - 000000000 _____ C:\Recovery.txt
2021-02-07 01:57 - 2021-02-09 14:36 - 000000000 ____D C:\Windows\Panther

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-21 11:12 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-21 10:47 - 2019-12-07 15:41 - 000683426 _____ C:\Windows\system32\perfh005.dat
2021-02-21 10:47 - 2019-12-07 15:41 - 000137206 _____ C:\Windows\system32\perfc005.dat
2021-02-21 10:47 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2021-02-21 10:42 - 2020-11-19 00:30 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-02-21 10:41 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-21 10:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\appcompat
2021-02-21 10:40 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\registration
2021-02-21 09:23 - 2019-12-07 10:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2021-02-20 20:26 - 2020-11-18 23:29 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-02-20 12:39 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-02-20 07:55 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2021-02-20 07:43 - 2020-11-19 00:32 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-17 18:00 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\NDF
2021-02-17 16:38 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2021-02-11 23:33 - 2020-11-19 00:30 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-02-11 19:09 - 2020-11-18 23:29 - 000458488 _____ C:\Windows\system32\FNTCACHE.DAT
2021-02-11 19:07 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-02-11 19:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Keywords
2021-02-11 19:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2021-02-11 19:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2021-02-11 19:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Keywords
2021-02-11 19:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\es-MX
2021-02-11 19:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-02-11 19:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2021-02-11 19:07 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-11 19:07 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\servicing
2021-02-07 17:25 - 2020-11-19 00:32 - 000003584 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-07 17:25 - 2020-11-19 00:32 - 000003460 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-02-07 10:18 - 2020-11-19 00:33 - 000000000 ____D C:\ProgramData\Packages
2021-02-07 06:41 - 2019-12-07 15:44 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-02-07 06:41 - 2019-12-07 15:44 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\F12
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\UNP
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\F12
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\PrintDialog
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Com
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Sysprep
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\migwiz
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Dism
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Com
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellComponents
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Provisioning
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\IME
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-02-07 06:27 - 2020-11-19 00:32 - 002877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2021-02-07 02:17 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Help
2021-02-07 02:10 - 2019-12-07 15:42 - 000000000 ____D C:\Windows\system32\FxsTmp
2021-02-07 02:08 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ServiceState
2021-02-07 02:07 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows NT
2021-02-07 02:06 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-02-07 01:57 - 2019-12-07 10:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Re: Trojan.Multi.Brosubsc.gen

Napsal: 21 úno 2021 11:18
od bigmuff
a

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-02-2021 01
Ran by rossu (21-02-2021 11:13:48)
Running from C:\Users\rossu\Desktop
Windows 10 Home Version 20H2 19042.804 (X64) (2021-02-07 01:08:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1139899892-52648791-3838483249-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1139899892-52648791-3838483249-503 - Limited - Disabled)
Guest (S-1-5-21-1139899892-52648791-3838483249-501 - Limited - Disabled)
rossu (S-1-5-21-1139899892-52648791-3838483249-1001 - Administrator - Enabled) => C:\Users\rossu
WDAGUtilityAccount (S-1-5-21-1139899892-52648791-3838483249-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Excel (HKU\S-1-5-21-1139899892-52648791-3838483249-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 10.1.1.37576 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.182 - Google LLC)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4248 - Intel Corporation)
LibreOffice 7.1.0.3 (HKLM\...\{FF0BB16C-BD95-497C-BCE6-4B567668AF1B}) (Version: 7.1.0.3 - The Document Foundation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.74 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.59 - )
Microsoft OneDrive (HKU\S-1-5-21-1139899892-52648791-3838483249-1001\...\OneDriveSetup.exe) (Version: 21.016.0124.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.15 - F.J. Wechselberger)
NVIDIA Ovladače grafiky 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
Ovládací panel NVIDIA 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 376.54 - NVIDIA Corporation) Hidden
PowerPoint (HKU\S-1-5-21-1139899892-52648791-3838483249-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
qBittorrent 4.3.3 (HKLM-x32\...\qBittorrent) (Version: 4.3.3 - The qBittorrent project)
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 9.4.14.0 - 2BrightSparks)
VS Revo Group (HKU\S-1-5-21-1139899892-52648791-3838483249-1001\...\{1F44C2C3-CECF-B184-84E9-449538C5D6E9}) (Version: v.4.3.3 - libbi)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
Word (HKU\S-1-5-21-1139899892-52648791-3838483249-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)

Packages:
=========
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-21] (Microsoft Studios) [MS Ad]
Outlook -> C:\Program Files\WindowsApps\outlook.com-78C9D47_1.0.0.0_neutral__3t89ybq5n4y7r [2021-02-21] (outlook.com)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0 [2021-02-21] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => D:\program\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\program\winrar\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\program\winrar\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-09-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\program\winrar\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\program\winrar\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\rossu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm
ShortcutWithArgument: C:\Users\rossu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf
ShortcutWithArgument: C:\Users\rossu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1139899892-52648791-3838483249-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\rossu\Downloads\microsoft-reveals-the-official-windows-10-wallpaper-485311-2.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3C24FF4D-0783-4AE5-99FA-C60DF2F47292}] => (Allow) D:\program\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{0CC2E611-49E5-46E2-BF9D-D2EE32A393F2}] => (Allow) D:\program\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [TCP Query User{7C1CCB0B-9C2F-458E-8FE6-02C61C3F74F5}D:\program\myphoneexplorer\myphoneexplorer.exe] => (Allow) D:\program\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [UDP Query User{A752ADBB-50BB-44F4-91E2-504EE3185E1F}D:\program\myphoneexplorer\myphoneexplorer.exe] => (Allow) D:\program\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [TCP Query User{2BB7A460-AD13-4E8C-8F41-AF4306DF5EFF}D:\program\qbittorrent\qbittorrent.exe] => (Allow) D:\program\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [UDP Query User{E6F97944-A316-4EDC-9848-8D991B7E3697}D:\program\qbittorrent\qbittorrent.exe] => (Allow) D:\program\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{5C1C8C15-B1D4-49F6-B644-91B653A02FBA}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{055D89F4-208F-49DC-A0BB-601A9A9C00DE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B3D6FDA3-82F4-4603-B592-0647982B2C09}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7CBF611C-2747-43EC-ACF5-902ECE9A8538}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{94A5BF06-8F17-4A58-BCE8-0AF34625BFBD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B8C4C335-4C96-4C21-92A9-702C2058BA79}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0DAEB4CA-52F9-4F2D-A11F-C7149F02BA4D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{966DEC45-95D2-4599-A3E3-316FFA8255E1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B93DAFBA-21A2-4726-B50F-BF4ABC67CD31}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

10-02-2021 19:36:45 Naplánovaný kontrolní bod
14-02-2021 16:05:33 huawei
17-02-2021 16:38:25 Instalační služba modulů systému Windows
20-02-2021 20:32:41 ovladače huawei

==================== Faulty Device Manager Devices ============

Name: Android ADB Interface
Description: Android ADB Interface
Class Guid: {3f966bd9-fa04-4ec5-991c-d326973b5128}
Manufacturer: Google, Inc.
Service: WinUSB
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Řadič PCI pro šifrování a dešifrování
Description: Řadič PCI pro šifrování a dešifrování
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Řadič sběrnice SM
Description: Řadič sběrnice SM
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (02/21/2021 09:37:03 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3592,R,98) SRUJet: Při otevírání souboru protokolu C:\Windows\system32\SRU\SRU0056F.log došlo k chybě -1811 (0xfffff8ed).

Error: (02/20/2021 07:27:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: flash_tool.exe, verze: 0.0.0.0, časové razítko: 0x60090a9c
Název chybujícího modulu: MSVCR90.dll, verze: 9.0.30729.9625, časové razítko: 0x5db2747f
Kód výjimky: 0x40000015
Posun chyby: 0x0005beae
ID chybujícího procesu: 0x7a8
Čas spuštění chybující aplikace: 0x01d707b604c82a71
Cesta k chybující aplikaci: C:\Users\rossu\Downloads\SP_Flash_Tool_v5.2104_Win\SP_Flash_Tool_v5.2104_Win\flash_tool.exe
Cesta k chybujícímu modulu: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9625_none_508ef7e4bcbbe589\MSVCR90.dll
ID zprávy: bc77427e-8329-474a-8a0d-f1ba4e05bc1f
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/20/2021 07:26:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: flash_tool.exe, verze: 0.0.0.0, časové razítko: 0x60090a9c
Název chybujícího modulu: MSVCR90.dll, verze: 9.0.30729.9625, časové razítko: 0x5db2747f
Kód výjimky: 0x40000015
Posun chyby: 0x0005beae
ID chybujícího procesu: 0x182c
Čas spuštění chybující aplikace: 0x01d707b46b6235c6
Cesta k chybující aplikaci: C:\Users\rossu\Downloads\SP_Flash_Tool_v5.2104_Win\SP_Flash_Tool_v5.2104_Win\flash_tool.exe
Cesta k chybujícímu modulu: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9625_none_508ef7e4bcbbe589\MSVCR90.dll
ID zprávy: b9bb8872-c54a-43a3-a12e-b33e34f2e9ba
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/20/2021 08:04:39 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Verbatim HDD (F:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (02/20/2021 08:04:25 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na dokument (E:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (02/20/2021 08:04:21 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na program (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (02/20/2021 07:58:17 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na dokument (E:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (02/20/2021 07:57:23 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na program (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)


System errors:
=============
Error: (02/21/2021 11:02:14 AM) (Source: disk) (EventID: 7) (User: )
Description: Zařízení \Device\Harddisk2\DR2 má chybný blok.

Error: (02/21/2021 10:48:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba eapihdrv neuspěla při spuštění v důsledku následující chyby:
Načtení tohoto ovladače je blokováno.

Error: (02/21/2021 10:48:44 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\rossu\AppData\Local\Temp\ehdrv.sys

Error: (02/21/2021 10:48:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba eapihdrv neuspěla při spuštění v důsledku následující chyby:
Načtení tohoto ovladače je blokováno.

Error: (02/21/2021 10:48:43 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\rossu\AppData\Local\Temp\ehdrv.sys

Error: (02/21/2021 10:48:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba eapihdrv neuspěla při spuštění v důsledku následující chyby:
Načtení tohoto ovladače je blokováno.

Error: (02/21/2021 10:48:43 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\rossu\AppData\Local\Temp\ehdrv.sys

Error: (02/21/2021 10:48:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba eapihdrv neuspěla při spuštění v důsledku následující chyby:
Načtení tohoto ovladače je blokováno.


Windows Defender:
================
Date: 2021-02-20 07:58:17
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {2AF9289E-2F26-4B7A-B6F7-F031A22A384A}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-02-14 17:17:22
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {A4BEC6AC-D3F2-4142-9F5E-B51A8E995616}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-02-14 16:36:35
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Script/Oneeva.A!ml
ID: 2147729349
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\rossu\Downloads\kingo-root-4-80.apk; webfile:_C:\Users\rossu\Downloads\kingo-root-4-80.apk|https://dw79.uptodown.com/dwn/1O2satNw9 ... 5917060224
Původ detekce: Internet
Typ detekce: FastPath
Zdroj detekce: Soubory ke stažení a přílohy
Uživatel: DESKTOP-D47UQCR\rossu
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.331.980.0, AS: 1.331.980.0, NIS: 1.331.980.0
Verze modulu: AM: 1.1.17800.5, NIS: 1.1.17800.5

Date: 2021-02-14 16:35:47
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Sehyioa.A!cl
ID: 2147726426
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\rossu\Downloads\kingroot-5-4-0.apk; webfile:_C:\Users\rossu\Downloads\kingroot-5-4-0.apk|https://dw38.uptodown.com/dwn/1O2satNw9 ... 5419529880
Původ detekce: Internet
Typ detekce: FastPath
Zdroj detekce: Soubory ke stažení a přílohy
Uživatel: DESKTOP-D47UQCR\rossu
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.331.980.0, AS: 1.331.980.0, NIS: 1.331.980.0
Verze modulu: AM: 1.1.17800.5, NIS: 1.1.17800.5

Date: 2021-02-14 10:53:38
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {BBED56DB-0429-49B6-9394-A0CF20D76B9A}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Event[0]:

Date: 2021-02-21 10:42:42
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o načtení bezpečnostních informací a pokusí se o obnovení poslední známé funkční verze.
Bezpečnostní informace, které se měly načíst: Aktuální
Kód chyby: 0x80070003
Popis chyby: Systém nemůže nalézt uvedenou cestu.
Verze bezpečnostních informací: 0.0.0.0;0.0.0.0
Verze modulu: 0.0.0.0

Date: 2021-02-21 09:37:02
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o načtení bezpečnostních informací a pokusí se o obnovení poslední známé funkční verze.
Bezpečnostní informace, které se měly načíst: Aktuální
Kód chyby: 0x80070003
Popis chyby: Systém nemůže nalézt uvedenou cestu.
Verze bezpečnostních informací: 0.0.0.0;0.0.0.0
Verze modulu: 0.0.0.0

Date: 2021-02-10 19:35:20
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Microsoft Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x80004005
Popis chyby: Nespecifikovaná chyba
Důvod: Ovladač filtru přeskočil prohledávání položek a je v režimu průchodu. Příčinou může být nízký stav prostředků.

==================== Memory info ===========================

BIOS: Insyde Corp. V1.03 04/20/2015
Motherboard: Acer Tashigi_BA
Processor: Intel(R) Pentium(R) CPU N3700 @ 1.60GHz
Percentage of memory in use: 80%
Total physical RAM: 4009.76 MB
Available physical RAM: 777.22 MB
Total Virtual: 5161.76 MB
Available Virtual: 1568.12 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:446.53 GB) (Free:408.56 GB) NTFS
Drive d: (program) (Fixed) (Total:400.39 GB) (Free:399.04 GB) NTFS
Drive e: (dokument) (Fixed) (Total:531.11 GB) (Free:462.04 GB) NTFS
Drive f: (Verbatim HDD) (Fixed) (Total:465.76 GB) (Free:371.87 GB) NTFS

\\?\Volume{eba8f856-50ef-4bc8-a1b4-8efcd302be5a}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{8bc4c0ff-343f-46a5-aad8-220d13b1d08d}\ () (Fixed) (Total:0 GB) (Free:0 GB)
\\?\Volume{b3c1e243-3ac3-46b9-ab5a-ddb9284e602a}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 447.1 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: CCEAC4BE)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Re: Trojan.Multi.Brosubsc.gen

Napsal: 21 úno 2021 11:19
od bigmuff
děkuju budu tady asi navečer

Re: Trojan.Multi.Brosubsc.gen

Napsal: 21 úno 2021 12:24
od Rudy
OK. Až tu budete, spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Re: Trojan.Multi.Brosubsc.gen

Napsal: 21 úno 2021 20:28
od bigmuff
dobry večer jsem zde a tady log


# -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build: 02-15-2021
# Database: 2021-01-11.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-21-2021
# Duration: 00:00:01
# OS: Windows 10 Home
# Cleaned: 1
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

Deleted Seznam doplněk - Email - bgjpfhpjcgdppjbgnpnjllokbmcdllig

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1458 octets] - [21/02/2021 20:25:50]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Re: Trojan.Multi.Brosubsc.gen

Napsal: 21 úno 2021 20:56
od Rudy
OK. Dejte nové logy FRST+Addition.

Re: Trojan.Multi.Brosubsc.gen

Napsal: 21 úno 2021 21:16
od bigmuff
tady

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-02-2021
Ran by rossu (administrator) on DESKTOP-D47UQCR (Acer Aspire ES1-731G) (21-02-2021 21:08:01)
Running from C:\Users\rossu\Desktop
Loaded Profiles: rossu
Platform: Windows 10 Home Version 20H2 19042.804 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] D:\program\qBittorrent\qbittorrent.exe
(FOXIT SOFTWARE INC. -> Foxit Software Inc.) D:\program\Foxit Reader\FoxitReaderUpdateService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <11>
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\rossu\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.740_none_e752aa59261f271f\TiWorker.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\NisSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-1139899892-52648791-3838483249-1001\...\Run: [qBittorrent] => D:\program\qBittorrent\qbittorrent.exe [26116096 2021-01-19] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\88.0.4324.182\Installer\chrmstp.exe [2021-02-17] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0CB44164-65ED-4C0A-90E0-87ED4B27EF92} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-07] (Google LLC -> Google LLC)
Task: {49B67F8C-7876-47E2-AC94-7BD1DD440129} - System32\Tasks\2BrightSparks\SyncBackFree\DESKTOP-D47UQCR-rossu\SyncBackFree foto => D:\program\SyncBackFree\SyncBackFree.exe [74639856 2021-01-18] (2BrightSparks Pte. Ltd. -> 2BrightSparks Pte. Ltd.)
Task: {56C7FD79-D210-4F76-8C23-6828225DA527} - System32\Tasks\2BrightSparks\SyncBackFree\DESKTOP-D47UQCR-rossu\SyncBackFree dokument => D:\program\SyncBackFree\SyncBackFree.exe [74639856 2021-01-18] (2BrightSparks Pte. Ltd. -> 2BrightSparks Pte. Ltd.)
Task: {C1A70DED-722F-4032-99D2-3005A3E4B395} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CFE8F9CF-FD72-449C-999A-17C7CD539103} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {d189c7f6-7931-40b2-a757-1176d46d84cb} - no filepath
Task: {DB99098A-0A0C-44BB-9604-FDF58BE8E2FF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-07] (Google LLC -> Google LLC)
Task: {DFEB708C-FE54-4DAA-AEBA-EB1190653A54} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E9C1DAD2-043B-40E2-B6BC-67BACEC3DAF8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{dfb078ce-395a-4416-87a0-d2f936c96fe4}: [DhcpNameServer] 192.168.0.1 0.0.0.0

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\rossu\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-11]
Edge Extension: (Outlook) - C:\Users\rossu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2021-02-07]
Edge Extension: (Word) - C:\Users\rossu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2021-02-07]
Edge Extension: (Excel) - C:\Users\rossu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2021-02-07]
Edge Extension: (PowerPoint) - C:\Users\rossu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2021-02-07]

FireFox:
========
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> D:\program\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> D:\program\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> D:\program\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> D:\program\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> D:\program\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default [2021-02-21]
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://playfmrussia.ru; hxxps://www.facebook.com
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxps://www.seznam.cz/"
CHR Extension: (Překladač Google) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-02-07]
CHR Extension: (Prezentace) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-02-07]
CHR Extension: (Dokumenty) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-02-07]
CHR Extension: (Disk Google) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-07]
CHR Extension: (Seznam doplněk - Email) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2021-02-21]
CHR Extension: (YouTube) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-02-07]
CHR Extension: (Tabulky) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-02-07]
CHR Extension: (AddToAny: Share Anywhere) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffpgijchhhkhnokafdeklpllijgnbche [2021-02-07]
CHR Extension: (Dokumenty Google offline) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-02-07]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-02-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-07]
CHR Extension: (Gmail) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-07]
CHR Extension: (Chrome Media Router) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-07]
CHR Profile: C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-02-07]
CHR Profile: C:\Users\rossu\AppData\Local\Google\Chrome\User Data\System Profile [2021-02-07]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 FoxitReaderUpdateService; D:\program\Foxit Reader\FoxitReaderUpdateService.exe [2357936 2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\NisSrv.exe [2462960 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MsMpEng.exe [128376 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49552 2021-02-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [419040 2021-02-11] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [71912 2021-02-11] (Microsoft Windows -> Microsoft Corporation)
S3 MpKsla930670c; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0AECC556-09B9-4BC6-BC99-816AC95F226C}\MpKslDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-21 21:08 - 2021-02-21 21:09 - 000011795 _____ C:\Users\rossu\Desktop\FRST.txt
2021-02-21 21:07 - 2021-02-21 21:07 - 000000000 ____D C:\Users\rossu\Desktop\FRST-OlderVersion
2021-02-21 20:25 - 2021-02-21 20:26 - 000000000 ____D C:\AdwCleaner
2021-02-21 20:23 - 2021-02-21 20:23 - 008463216 _____ (Malwarebytes) C:\Users\rossu\Desktop\adwcleaner_8.1.exe
2021-02-21 11:07 - 2021-02-21 21:08 - 000000000 ____D C:\FRST
2021-02-21 11:05 - 2021-02-21 21:07 - 002301440 _____ (Farbar) C:\Users\rossu\Desktop\FRST64.exe
2021-02-21 10:46 - 2021-02-21 10:46 - 000000778 _____ C:\Users\rossu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-02-21 10:46 - 2021-02-21 10:46 - 000000000 ____D C:\Users\rossu\AppData\Local\ESET
2021-02-20 19:15 - 2021-02-20 19:27 - 000000000 ____D C:\ProgramData\SP_FT_Logs
2021-02-20 18:49 - 2021-02-20 18:49 - 000000000 ____D C:\Users\rossu\.android
2021-02-20 18:01 - 2021-02-20 18:01 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2021-02-20 17:02 - 2021-02-20 17:02 - 000000000 ____D C:\adbtk
2021-02-20 16:58 - 2021-02-20 16:58 - 000000000 ____D C:\Users\rossu\Desktop\adb-toolkit
2021-02-20 15:43 - 2021-02-20 15:43 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-02-20 07:49 - 2021-02-21 09:39 - 000000000 ____D C:\KVRT_Data
2021-02-20 07:45 - 2021-02-20 07:48 - 192969872 _____ (AO Kaspersky Lab) C:\Users\rossu\Desktop\KVRT.exe
2021-02-20 07:45 - 2021-02-20 07:45 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2021-02-17 17:52 - 2021-02-17 17:52 - 000000000 ____D C:\Users\rossu\AppData\Local\ElevatedDiagnostics
2021-02-14 17:18 - 2021-02-14 17:18 - 000000000 ____D C:\Users\rossu\Desktop\xcx
2021-02-14 16:12 - 2021-02-14 16:12 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2021-02-11 18:19 - 2021-02-11 18:19 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2021-02-11 18:18 - 2021-02-11 18:18 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2021-02-11 18:18 - 2021-02-11 18:18 - 001314112 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-02-11 18:18 - 2021-02-11 18:18 - 000231232 _____ C:\Windows\system32\containerdevicemanagement.dll
2021-02-11 18:18 - 2021-02-11 18:18 - 000010892 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-02-11 17:02 - 2021-02-11 17:02 - 000000000 ____D C:\Users\rossu\AppData\Roaming\WinRAR
2021-02-11 17:02 - 2021-02-11 17:02 - 000000000 ____D C:\Users\rossu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-02-11 17:02 - 2021-02-11 17:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-02-09 20:55 - 2021-02-21 10:41 - 000000000 ____D C:\Users\rossu\AppData\Roaming\MyPhoneExplorer
2021-02-09 20:55 - 2021-02-09 20:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2021-02-09 17:03 - 2021-02-09 17:04 - 000001409 _____ C:\Users\rossu\Desktop\Reboot.lnk
2021-02-09 17:01 - 2021-02-09 17:04 - 000001409 _____ C:\Users\rossu\Desktop\Vypnut.lnk
2021-02-08 18:52 - 2021-02-08 18:52 - 000000841 _____ C:\Users\rossu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SyncBackFree.lnk
2021-02-08 18:40 - 2021-02-08 18:40 - 000000000 ____D C:\Windows\system32\Tasks\2BrightSparks
2021-02-08 18:37 - 2021-02-08 18:37 - 000000000 ____D C:\Users\rossu\AppData\Roaming\2BrightSparks
2021-02-08 18:37 - 2021-02-08 18:37 - 000000000 ____D C:\Users\rossu\AppData\Local\2BrightSparks
2021-02-08 18:36 - 2021-02-08 18:36 - 000000839 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SyncBackFree.lnk
2021-02-08 18:22 - 2021-02-08 18:22 - 000000000 ____D C:\Users\rossu\AppData\Local\AdvertisingPopup
2021-02-08 18:22 - 2021-02-08 18:22 - 000000000 ____D C:\Users\rossu\.QtWebEngineProcess
2021-02-08 18:22 - 2021-02-08 18:22 - 000000000 ____D C:\Users\rossu\.AdvertisingPopup
2021-02-08 18:21 - 2021-02-08 18:21 - 000000048 _____ C:\Windows\SysWOW64\EUTB.TODL
2021-02-08 18:21 - 2021-02-08 18:21 - 000000000 ____D C:\ProgramData\SystemAcCrux
2021-02-08 18:21 - 2021-02-08 18:21 - 000000000 ____D C:\ProgramData\EaseUS
2021-02-08 18:21 - 2021-01-12 10:16 - 000341760 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\EuFdDisk.sys
2021-02-08 18:21 - 2021-01-12 10:16 - 000074296 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eubakup.sys
2021-02-08 18:21 - 2021-01-12 10:16 - 000053304 _____ C:\Windows\system32\Drivers\EUBKMON.sys
2021-02-08 18:21 - 2021-01-12 10:16 - 000022784 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eudskacs.sys
2021-02-08 18:18 - 2021-02-08 18:18 - 000000000 ____D C:\Users\rossu\AppData\Roaming\NVIDIA
2021-02-08 18:18 - 2021-02-08 18:18 - 000000000 ____D C:\Users\rossu\AppData\Roaming\LibreOffice
2021-02-08 18:17 - 2021-02-08 18:17 - 000000519 _____ C:\Users\rossu\Desktop\Dokument.lnk
2021-02-08 18:12 - 2021-02-08 18:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 7.1
2021-02-08 17:15 - 2021-02-08 17:15 - 000001732 _____ C:\Users\rossu\Documents\Kde jsou moje soubory.lnk
2021-02-07 08:56 - 2021-02-07 08:56 - 000000000 ____D C:\Users\rossu\AppData\LocalLow\Foxit
2021-02-07 08:30 - 2021-02-07 08:30 - 000000000 ____D C:\ProgramData\Foxit Software
2021-02-07 08:29 - 2021-02-20 19:27 - 000000000 ____D C:\Users\rossu\AppData\Local\CrashDumps
2021-02-07 08:29 - 2021-02-07 08:57 - 000000000 ____D C:\Users\rossu\AppData\Roaming\Foxit Software
2021-02-07 08:29 - 2021-02-07 08:29 - 000000000 ____D C:\Users\rossu\AppData\Roaming\Foxit AgentInformation
2021-02-07 08:29 - 2021-02-07 08:29 - 000000000 ____D C:\ProgramData\Foxit ContentPlatform
2021-02-07 08:23 - 2021-02-07 08:23 - 000002916 _____ C:\Users\rossu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2021-02-07 08:23 - 2021-02-07 08:23 - 000002906 _____ C:\Users\rossu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2021-02-07 08:23 - 2021-02-07 08:23 - 000002904 _____ C:\Users\rossu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk
2021-02-07 08:19 - 2021-02-07 08:19 - 000000000 ____D C:\Users\rossu\AppData\Local\VS Revo Group
2021-02-07 08:18 - 2021-02-07 08:18 - 000000000 ____D C:\ProgramData\VS Revo Group
2021-02-07 07:19 - 2021-02-07 07:19 - 000000000 ____D C:\Users\rossu\AppData\Local\OneDrive
2021-02-07 06:48 - 2021-02-07 06:48 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2021-02-07 06:47 - 2021-02-10 21:46 - 000000000 ____D C:\Windows\system32\MRT
2021-02-07 06:31 - 2021-02-07 06:31 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2021-02-07 06:31 - 2021-02-07 06:31 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2021-02-07 06:31 - 2021-02-07 06:31 - 000234496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2021-02-07 06:31 - 2021-02-07 06:31 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VBICodec.ax
2021-02-07 06:31 - 2021-02-07 06:31 - 000095744 _____ C:\Windows\system32\VirtualMonitorManager.dll
2021-02-07 06:31 - 2021-02-07 06:31 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
2021-02-07 06:30 - 2021-02-07 06:30 - 000729600 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2021-02-07 06:30 - 2021-02-07 06:30 - 000595968 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2021-02-07 06:30 - 2021-02-07 06:30 - 000575488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2021-02-07 06:30 - 2021-02-07 06:30 - 000469504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
2021-02-07 06:30 - 2021-02-07 06:30 - 000304128 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2021-02-07 06:30 - 2021-02-07 06:30 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\VBICodec.ax
2021-02-07 06:30 - 2021-02-07 06:30 - 000100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncpa.cpl
2021-02-07 06:30 - 2021-02-07 06:30 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2021-02-07 06:30 - 2021-02-07 06:30 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2021-02-07 06:30 - 2021-02-07 06:30 - 000072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2021-02-07 06:30 - 2021-02-07 06:30 - 000067072 _____ C:\Windows\system32\BWContextHandler.dll
2021-02-07 06:30 - 2021-02-07 06:30 - 000053760 _____ C:\Windows\SysWOW64\BWContextHandler.dll
2021-02-07 06:29 - 2021-02-07 06:29 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-02-07 06:29 - 2021-02-07 06:29 - 001162240 _____ C:\Windows\system32\MBR2GPT.EXE
2021-02-07 06:29 - 2021-02-07 06:29 - 000455680 _____ C:\Windows\SysWOW64\WindowManagementAPI.dll
2021-02-07 06:29 - 2021-02-07 06:29 - 000446976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
2021-02-07 06:29 - 2021-02-07 06:29 - 000422912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2021-02-07 06:29 - 2021-02-07 06:29 - 000330752 _____ C:\Windows\SysWOW64\ssdm.dll
2021-02-07 06:29 - 2021-02-07 06:29 - 000266240 _____ C:\Windows\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-02-07 06:29 - 2021-02-07 06:29 - 000240640 _____ C:\Windows\SysWOW64\CoreMas.dll
2021-02-07 06:29 - 2021-02-07 06:29 - 000235520 _____ C:\Windows\SysWOW64\HeatCore.dll
2021-02-07 06:29 - 2021-02-07 06:29 - 000182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2021-02-07 06:29 - 2021-02-07 06:29 - 000178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2021-02-07 06:29 - 2021-02-07 06:29 - 000039936 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2021-02-07 06:29 - 2021-02-07 06:29 - 000010752 _____ C:\Windows\SysWOW64\agentactivationruntimestarter.exe
2021-02-07 06:28 - 2021-02-07 06:28 - 002254336 _____ C:\Windows\system32\dwmscene.dll
2021-02-07 06:28 - 2021-02-07 06:28 - 001822272 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-02-07 06:28 - 2021-02-07 06:28 - 001393496 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-02-07 06:28 - 2021-02-07 06:28 - 000643072 _____ C:\Windows\system32\WindowManagementAPI.dll
2021-02-07 06:28 - 2021-02-07 06:28 - 000544768 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
2021-02-07 06:28 - 2021-02-07 06:28 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2021-02-07 06:28 - 2021-02-07 06:28 - 000190976 _____ C:\Windows\system32\BthpanContextHandler.dll
2021-02-07 06:28 - 2021-02-07 06:28 - 000152064 _____ C:\Windows\system32\EoAExperiences.exe
2021-02-07 06:28 - 2021-02-07 06:28 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\ncpa.cpl
2021-02-07 06:28 - 2021-02-07 06:28 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2021-02-07 06:28 - 2021-02-07 06:28 - 000048640 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2021-02-07 06:28 - 2021-02-07 06:28 - 000001370 _____ C:\Windows\system32\ThirdPartyNoticesBySHS.txt
2021-02-07 06:27 - 2021-02-07 06:27 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-02-07 06:27 - 2021-02-07 06:27 - 000562688 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2021-02-07 06:27 - 2021-02-07 06:27 - 000455168 _____ C:\Windows\system32\ssdm.dll
2021-02-07 06:27 - 2021-02-07 06:27 - 000363520 _____ C:\Windows\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-02-07 06:27 - 2021-02-07 06:27 - 000306688 _____ C:\Windows\system32\HeatCore.dll
2021-02-07 06:27 - 2021-02-07 06:27 - 000287232 _____ C:\Windows\system32\CoreMas.dll
2021-02-07 06:27 - 2021-02-07 06:27 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2021-02-07 06:27 - 2021-02-07 06:27 - 000165888 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-02-07 06:27 - 2021-02-07 06:27 - 000089088 _____ C:\Windows\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-02-07 06:27 - 2021-02-07 06:27 - 000074240 _____ C:\Windows\system32\rdsxvmaudio.dll
2021-02-07 06:27 - 2021-02-07 06:27 - 000073216 _____ C:\Windows\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-02-07 06:27 - 2021-02-07 06:27 - 000013312 _____ C:\Windows\system32\agentactivationruntimestarter.exe
2021-02-07 06:04 - 2021-02-21 21:07 - 000000000 ____D C:\Users\rossu\AppData\Roaming\qBittorrent
2021-02-07 06:04 - 2021-02-07 06:04 - 000000000 ____D C:\Users\rossu\AppData\Local\qBittorrent
2021-02-07 05:59 - 2021-02-07 05:59 - 000000000 ___HD C:\$WinREAgent
2021-02-07 05:53 - 2021-02-07 10:39 - 000000000 ____D C:\Users\rossu\AppData\Local\Comms
2021-02-07 05:50 - 2021-02-07 05:50 - 000000000 ____D C:\Users\rossu\AppData\Local\PackageStaging
2021-02-07 02:22 - 2021-02-17 17:05 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-07 02:22 - 2021-02-07 02:22 - 000000000 ____D C:\Program Files\Google
2021-02-07 02:21 - 2021-02-21 21:05 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-02-07 02:21 - 2021-02-21 21:05 - 000000000 __SHD C:\Users\rossu\IntelGraphicsProfiles
2021-02-07 02:21 - 2021-02-08 16:01 - 000000000 ____D C:\Users\rossu\AppData\Local\PlaceholderTileLogoFolder
2021-02-07 02:21 - 2021-02-07 02:21 - 000003472 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-07 02:21 - 2021-02-07 02:21 - 000003348 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-02-07 02:21 - 2021-02-07 02:21 - 000000200 _____ C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2021-02-07 02:21 - 2021-02-07 02:21 - 000000000 ____D C:\Program Files\Intel
2021-02-07 02:21 - 2021-02-07 02:21 - 000000000 ____D C:\Program Files (x86)\Intel
2021-02-07 02:21 - 2021-02-07 02:21 - 000000000 ____D C:\Program Files (x86)\Google
2021-02-07 02:21 - 2021-02-07 02:21 - 000000000 ____D C:\Intel
2021-02-07 02:20 - 2021-02-07 06:05 - 000000000 ____D C:\Users\rossu\AppData\Local\Google
2021-02-07 02:20 - 2015-09-30 20:42 - 037340296 _____ (Intel Corporation) C:\Windows\system32\igdumdim64.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 036408552 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 030945752 _____ (Intel Corporation) C:\Windows\system32\igd11dxva64.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 030139968 _____ (Intel Corporation) C:\Windows\SysWOW64\igd11dxva32.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 013124632 _____ (Intel Corporation) C:\Windows\system32\igc64.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 011491400 _____ (Intel Corporation) C:\Windows\system32\igd10iumd64.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 010728440 _____ (Intel Corporation) C:\Windows\SysWOW64\igc32.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 009932984 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10iumd32.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 006372408 _____ (Intel Corporation) C:\Windows\system32\igdusc64.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 005226872 _____ (Intel Corporation) C:\Windows\system32\igd12umd64.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 005205912 _____ (Intel Corporation) C:\Windows\SysWOW64\igd12umd32.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 004903056 _____ (Intel Corporation) C:\Windows\SysWOW64\igdusc32.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 001910472 _____ (Intel Corporation) C:\Windows\system32\igdmd64.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 001816720 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 001814072 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 001499664 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmd32.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 000306576 _____ (Intel Corporation) C:\Windows\system32\igd10idpp64.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 000291952 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10idpp32.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 000243688 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 000221712 _____ (Intel Corporation) C:\Windows\system32\igdde64.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 000205368 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 000184504 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 000183472 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 000180728 _____ (Intel Corporation) C:\Windows\SysWOW64\igdde32.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 000162824 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 000161800 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2021-02-07 02:20 - 2015-09-30 20:42 - 000055248 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 020488720 _____ (Intel Corporation) C:\Windows\system32\common_clang64.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 015263240 _____ (Intel Corporation) C:\Windows\SysWOW64\common_clang32.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 013020168 _____ (Intel Corporation) C:\Windows\system32\ig8icd64.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 010038264 _____ (Intel Corporation) C:\Windows\SysWOW64\ig8icd32.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 005759240 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64lp.sys
2021-02-07 02:20 - 2015-09-30 20:39 - 005485064 _____ (Intel Corporation) C:\Windows\system32\igdmcl64.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 005264376 _____ (Intel Corporation) C:\Windows\system32\GfxResources.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 004461584 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 003889680 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 003818504 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmcl32.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 002046976 _____ (Intel Corporation) C:\Windows\system32\igfxLHM.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 001584632 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 001234944 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 001174032 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 001025448 _____ C:\Windows\system32\igfxSDK.exe
2021-02-07 02:20 - 2015-09-30 20:39 - 000989696 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000945048 _____ (Intel Corporation) C:\Windows\system32\Gfxv4_0.exe
2021-02-07 02:20 - 2015-09-30 20:39 - 000941976 _____ (Intel Corporation) C:\Windows\system32\Gfxv2_0.exe
2021-02-07 02:20 - 2015-09-30 20:39 - 000740880 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000641544 _____ (Intel Corporation) C:\Windows\system32\MetroIntelGenericUIFramework.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000608664 _____ C:\Windows\system32\IntelCpHDCPSvc.exe
2021-02-07 02:20 - 2015-09-30 20:39 - 000538512 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiUMS64.exe
2021-02-07 02:20 - 2015-09-30 20:39 - 000467864 _____ (Intel Corporation) C:\Windows\system32\GfxUIEx.exe
2021-02-07 02:20 - 2015-09-30 20:39 - 000444416 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000416760 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000415128 _____ C:\Windows\system32\igfxTray.exe
2021-02-07 02:20 - 2015-09-30 20:39 - 000403472 _____ (Intel Corporation) C:\Windows\system32\igfxOSP.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000392192 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000370176 _____ (Intel Corporation) C:\Windows\system32\igfxDI.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000368552 _____ (Intel Corporation) C:\Windows\system32\igfxCUIService.exe
2021-02-07 02:20 - 2015-09-30 20:39 - 000350728 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiMCComp64.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000346520 _____ (Intel Corporation) C:\Windows\system32\igfxEM.exe
2021-02-07 02:20 - 2015-09-30 20:39 - 000332800 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiUtils64.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000318968 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000300456 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2021-02-07 02:20 - 2015-09-30 20:39 - 000273424 _____ C:\Windows\system32\igfxCPL.cpl
2021-02-07 02:20 - 2015-09-30 20:39 - 000268184 _____ (Intel Corporation) C:\Windows\system32\igfxHK.exe
2021-02-07 02:20 - 2015-09-30 20:39 - 000260104 _____ (Intel Corporation) C:\Windows\system32\igfxDTCM.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000236456 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2021-02-07 02:20 - 2015-09-30 20:39 - 000233360 _____ (Intel Corporation) C:\Windows\system32\DPTopologyApp.exe
2021-02-07 02:20 - 2015-09-30 20:39 - 000232856 _____ (Intel Corporation) C:\Windows\system32\DPTopologyAppv2_0.exe
2021-02-07 02:20 - 2015-09-30 20:39 - 000202232 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v4248.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000189456 _____ (Intel Corporation) C:\Windows\system32\igdail64.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000176024 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2021-02-07 02:20 - 2015-09-30 20:39 - 000172544 _____ (Intel Corporation) C:\Windows\SysWOW64\igdail32.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000161296 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiLogServer64.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000107528 _____ ( ) C:\Windows\system32\igfxSDKLibv2_0.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000105472 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000103432 _____ C:\Windows\system32\igfxCUIServicePS.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000101376 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD64.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000100360 _____ ( ) C:\Windows\system32\igfxSDKLib.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000092664 _____ ( ) C:\Windows\system32\igfxDHLibv2_0.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000081928 _____ ( ) C:\Windows\system32\igfxDHLib.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000052752 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000029192 _____ ( ) C:\Windows\system32\igfxDILib.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000028688 _____ ( ) C:\Windows\system32\igfxDILibv2_0.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000027656 _____ ( ) C:\Windows\system32\igfxEMLibv2_0.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000027656 _____ ( ) C:\Windows\system32\igfxEMLib.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000024056 _____ ( ) C:\Windows\system32\igfxLHMLibv2_0.dll
2021-02-07 02:20 - 2015-09-30 20:39 - 000024056 _____ ( ) C:\Windows\system32\igfxLHMLib.dll
2021-02-07 02:20 - 2015-08-20 02:36 - 002813952 _____ C:\Windows\system32\iglhxa64.cpa
2021-02-07 02:20 - 2015-08-20 02:36 - 000403671 _____ C:\Windows\system32\ImageStabilization.wmv
2021-02-07 02:20 - 2015-08-20 02:36 - 000044025 _____ C:\Windows\system32\iglhxo64.vp
2021-02-07 02:20 - 2015-08-20 02:36 - 000043816 _____ C:\Windows\system32\iglhxc64_dev.vp
2021-02-07 02:20 - 2015-08-20 02:36 - 000043494 _____ C:\Windows\system32\iglhxc64.vp
2021-02-07 02:20 - 2015-08-20 02:36 - 000043298 _____ C:\Windows\system32\iglhxg64_dev.vp
2021-02-07 02:20 - 2015-08-20 02:36 - 000043256 _____ C:\Windows\system32\iglhxg64.vp
2021-02-07 02:20 - 2015-08-20 02:36 - 000042079 _____ C:\Windows\system32\iglhxo64_dev.vp
2021-02-07 02:20 - 2015-08-20 02:36 - 000005150 _____ C:\Windows\system32\iglhxs64lp.vp
2021-02-07 02:20 - 2015-08-20 02:36 - 000001125 _____ C:\Windows\system32\iglhxa64.vp
2021-02-07 02:20 - 2015-08-20 02:35 - 006741482 _____ C:\Windows\system32\igdclbif.bin
2021-02-07 02:20 - 2015-08-20 02:34 - 000641530 _____ C:\Windows\system32\FilmModeDetection.wmv
2021-02-07 02:20 - 2015-08-20 02:34 - 000511260 _____ C:\Windows\system32\cp_resources.bin
2021-02-07 02:20 - 2015-08-20 02:34 - 000375173 _____ C:\Windows\system32\ColorImageEnhancement.wmv
2021-02-07 02:20 - 2015-08-20 02:34 - 000000935 _____ C:\Windows\system32\Gfxv4_0.exe.config
2021-02-07 02:20 - 2015-08-20 02:34 - 000000935 _____ C:\Windows\system32\DPTopologyApp.exe.config
2021-02-07 02:20 - 2015-08-20 02:34 - 000000895 _____ C:\Windows\system32\Gfxv2_0.exe.config
2021-02-07 02:20 - 2015-08-20 02:34 - 000000895 _____ C:\Windows\system32\DPTopologyAppv2_0.exe.config
2021-02-07 02:17 - 2021-02-07 02:17 - 000000000 ___HD C:\OneDriveTemp
2021-02-07 02:17 - 2021-02-07 02:17 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2021-02-07 02:17 - 2016-12-29 14:16 - 006384576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2021-02-07 02:17 - 2016-12-29 14:16 - 002475968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2021-02-07 02:17 - 2016-12-29 14:16 - 001762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2021-02-07 02:17 - 2016-12-29 14:16 - 000546752 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2021-02-07 02:17 - 2016-12-29 14:16 - 000392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2021-02-07 02:17 - 2016-12-29 14:16 - 000083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2021-02-07 02:17 - 2016-12-29 14:16 - 000069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2021-02-07 02:17 - 2016-12-22 00:59 - 007651057 _____ C:\Windows\system32\nvcoproc.bin
2021-02-07 02:17 - 2016-09-09 19:25 - 000269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2021-02-07 02:17 - 2016-09-09 19:25 - 000261920 _____ C:\Windows\system32\vulkan-1.dll
2021-02-07 02:17 - 2016-09-09 19:25 - 000110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2021-02-07 02:17 - 2016-09-09 19:24 - 000125216 _____ C:\Windows\system32\vulkaninfo.exe
2021-02-07 02:16 - 2021-02-21 21:06 - 000000000 ___RD C:\Users\rossu\OneDrive
2021-02-07 02:16 - 2021-02-21 21:05 - 000000000 ____D C:\ProgramData\NVIDIA
2021-02-07 02:16 - 2021-02-17 16:22 - 000003376 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1139899892-52648791-3838483249-1001
2021-02-07 02:16 - 2021-02-07 02:16 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-02-07 02:16 - 2016-12-29 14:10 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2021-02-07 02:16 - 2015-09-30 20:39 - 000105472 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2021-02-07 02:16 - 2015-09-30 20:39 - 000101376 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2021-02-07 02:15 - 2021-02-21 20:25 - 001605602 _____ C:\Windows\system32\PerfStringBackup.INI
2021-02-07 02:15 - 2021-02-07 02:15 - 000000000 ____D C:\Users\rossu\AppData\Local\Publishers
2021-02-07 02:14 - 2021-02-08 18:30 - 000000000 ____D C:\Users\rossu\AppData\Local\Packages
2021-02-07 02:14 - 2021-02-07 05:48 - 000000000 ____D C:\Users\rossu\AppData\Local\ConnectedDevicesPlatform
2021-02-07 02:14 - 2021-02-07 02:17 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-02-07 02:14 - 2021-02-07 02:14 - 000000000 ___RD C:\Users\rossu\3D Objects
2021-02-07 02:14 - 2021-02-07 02:14 - 000000000 ____D C:\Users\rossu\AppData\Roaming\Adobe
2021-02-07 02:14 - 2021-02-07 02:14 - 000000000 ____D C:\Users\rossu\AppData\Local\VirtualStore
2021-02-07 02:14 - 2021-02-07 02:14 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-02-07 02:13 - 2017-01-17 05:56 - 034717624 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2021-02-07 02:13 - 2017-01-17 05:56 - 028209080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2021-02-07 02:13 - 2017-01-17 05:56 - 000951224 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2021-02-07 02:13 - 2017-01-17 05:56 - 000904760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2021-02-07 02:13 - 2017-01-17 05:56 - 000448568 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2021-02-07 02:13 - 2017-01-17 05:56 - 000397240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2021-02-07 02:13 - 2017-01-17 05:55 - 002961336 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2021-02-07 02:13 - 2017-01-17 05:55 - 002594744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2021-02-07 02:13 - 2017-01-17 05:55 - 001964600 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437654.dll
2021-02-07 02:13 - 2017-01-17 05:55 - 001598392 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437654.dll
2021-02-07 02:13 - 2017-01-17 05:55 - 001047096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2021-02-07 02:13 - 2017-01-17 05:55 - 000985144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2021-02-07 02:13 - 2017-01-17 05:54 - 040134200 _____ C:\Windows\system32\nvcompiler.dll
2021-02-07 02:13 - 2017-01-17 05:54 - 035233336 _____ C:\Windows\SysWOW64\nvcompiler.dll
2021-02-07 02:13 - 2017-01-17 05:53 - 011017016 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2021-02-07 02:13 - 2017-01-17 05:52 - 010907368 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2021-02-07 02:13 - 2017-01-17 05:52 - 010453152 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2021-02-07 02:13 - 2017-01-17 05:52 - 009246832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2021-02-07 02:13 - 2017-01-17 05:52 - 009000336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2021-02-07 02:13 - 2017-01-17 05:52 - 008847016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2021-02-07 02:13 - 2017-01-17 05:52 - 003972960 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2021-02-07 02:13 - 2017-01-17 05:52 - 003509152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2021-02-07 02:13 - 2017-01-17 05:52 - 000818688 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2021-02-07 02:13 - 2017-01-17 05:52 - 000698544 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2021-02-07 02:13 - 2017-01-17 05:52 - 000658592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2021-02-07 02:13 - 2017-01-17 05:52 - 000586784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2021-02-07 02:13 - 2017-01-17 05:52 - 000407240 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2021-02-07 02:13 - 2017-01-17 05:52 - 000339152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2021-02-07 02:13 - 2017-01-17 00:59 - 000042296 _____ C:\Windows\system32\nvinfo.pb
2021-02-07 02:13 - 2017-01-17 00:59 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2021-02-07 02:13 - 2017-01-17 00:59 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2021-02-07 02:11 - 2021-02-21 10:42 - 000000000 ____D C:\Users\rossu
2021-02-07 02:11 - 2021-02-17 16:22 - 000002361 _____ C:\Users\rossu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-07 02:11 - 2021-02-07 02:11 - 000000020 ___SH C:\Users\rossu\ntuser.ini
2021-02-07 02:11 - 2021-02-07 02:11 - 000000000 _SHDL C:\Users\rossu\Šablony
2021-02-07 02:11 - 2021-02-07 02:11 - 000000000 _SHDL C:\Users\rossu\Soubory cookie
2021-02-07 02:11 - 2021-02-07 02:11 - 000000000 _SHDL C:\Users\rossu\Poslední
2021-02-07 02:11 - 2021-02-07 02:11 - 000000000 _SHDL C:\Users\rossu\Okolní tiskárny
2021-02-07 02:11 - 2021-02-07 02:11 - 000000000 _SHDL C:\Users\rossu\Okolní síť
2021-02-07 02:11 - 2021-02-07 02:11 - 000000000 _SHDL C:\Users\rossu\Nabídka Start
2021-02-07 02:11 - 2021-02-07 02:11 - 000000000 _SHDL C:\Users\rossu\Dokumenty
2021-02-07 02:11 - 2021-02-07 02:11 - 000000000 _SHDL C:\Users\rossu\Documents\Obrázky
2021-02-07 02:11 - 2021-02-07 02:11 - 000000000 _SHDL C:\Users\rossu\Documents\Hudba
2021-02-07 02:11 - 2021-02-07 02:11 - 000000000 _SHDL C:\Users\rossu\Documents\Filmy
2021-02-07 02:11 - 2021-02-07 02:11 - 000000000 _SHDL C:\Users\rossu\Data aplikací
2021-02-07 02:11 - 2021-02-07 02:11 - 000000000 _SHDL C:\Users\rossu\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-02-07 02:11 - 2021-02-07 02:11 - 000000000 _SHDL C:\Users\rossu\AppData\Local\Data aplikací
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\Users\Default\Šablony
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\Users\Default\Soubory cookie
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\Users\Default\Poslední
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\Users\Default\Okolní tiskárny
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\Users\Default\Okolní síť
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\Users\Default\Nabídka Start
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\Users\Default\Dokumenty
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\Users\Default\Documents\Obrázky
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\Users\Default\Documents\Hudba
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\Users\Default\Documents\Filmy
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\Users\Default\Data aplikací
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\Users\Default\AppData\Local\Data aplikací
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\ProgramData\Šablony
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\ProgramData\Plocha
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\ProgramData\Nabídka Start
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programy
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\ProgramData\Dokumenty
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\ProgramData\Data aplikací
2021-02-07 02:07 - 2021-02-07 02:07 - 000000000 _SHDL C:\Documents and Settings
2021-02-07 02:03 - 2021-02-07 02:03 - 000002850 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1139899892-52648791-3838483249-500
2021-02-07 02:02 - 2021-02-21 21:05 - 000008192 ___SH C:\DumpStack.log.tmp
2021-02-07 02:02 - 2021-02-07 02:02 - 000000000 _____ C:\Recovery.txt
2021-02-07 01:57 - 2021-02-09 14:36 - 000000000 ____D C:\Windows\Panther

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-21 21:07 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-21 21:05 - 2020-11-19 00:30 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-02-21 20:37 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-02-21 20:25 - 2019-12-07 15:41 - 000683426 _____ C:\Windows\system32\perfh005.dat
2021-02-21 20:25 - 2019-12-07 15:41 - 000137206 _____ C:\Windows\system32\perfc005.dat
2021-02-21 20:25 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2021-02-21 10:41 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-21 10:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\appcompat
2021-02-21 10:40 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\registration
2021-02-21 09:23 - 2019-12-07 10:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2021-02-20 20:26 - 2020-11-18 23:29 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-02-20 07:55 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2021-02-20 07:43 - 2020-11-19 00:32 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-17 18:00 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\NDF
2021-02-17 16:38 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2021-02-11 23:33 - 2020-11-19 00:30 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-02-11 19:09 - 2020-11-18 23:29 - 000458488 _____ C:\Windows\system32\FNTCACHE.DAT
2021-02-11 19:07 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-02-11 19:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Keywords
2021-02-11 19:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2021-02-11 19:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2021-02-11 19:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Keywords
2021-02-11 19:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\es-MX
2021-02-11 19:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-02-11 19:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2021-02-11 19:07 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-11 19:07 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\servicing
2021-02-07 17:25 - 2020-11-19 00:32 - 000003584 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-07 17:25 - 2020-11-19 00:32 - 000003460 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-02-07 10:18 - 2020-11-19 00:33 - 000000000 ____D C:\ProgramData\Packages
2021-02-07 06:41 - 2019-12-07 15:44 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-02-07 06:41 - 2019-12-07 15:44 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\F12
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\UNP
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\F12
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\PrintDialog
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Com
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Sysprep
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\migwiz
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Dism
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Com
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellComponents
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Provisioning
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\IME
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-02-07 06:41 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-02-07 06:27 - 2020-11-19 00:32 - 002877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2021-02-07 02:17 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Help
2021-02-07 02:10 - 2019-12-07 15:42 - 000000000 ____D C:\Windows\system32\FxsTmp
2021-02-07 02:08 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ServiceState
2021-02-07 02:07 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows NT
2021-02-07 02:06 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-02-07 01:57 - 2019-12-07 10:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Re: Trojan.Multi.Brosubsc.gen

Napsal: 21 úno 2021 21:17
od bigmuff
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-02-2021
Ran by rossu (21-02-2021 21:13:25)
Running from C:\Users\rossu\Desktop
Windows 10 Home Version 20H2 19042.804 (X64) (2021-02-07 01:08:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1139899892-52648791-3838483249-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1139899892-52648791-3838483249-503 - Limited - Disabled)
Guest (S-1-5-21-1139899892-52648791-3838483249-501 - Limited - Disabled)
rossu (S-1-5-21-1139899892-52648791-3838483249-1001 - Administrator - Enabled) => C:\Users\rossu
WDAGUtilityAccount (S-1-5-21-1139899892-52648791-3838483249-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Excel (HKU\S-1-5-21-1139899892-52648791-3838483249-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 10.1.1.37576 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.182 - Google LLC)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4248 - Intel Corporation)
LibreOffice 7.1.0.3 (HKLM\...\{FF0BB16C-BD95-497C-BCE6-4B567668AF1B}) (Version: 7.1.0.3 - The Document Foundation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.74 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.59 - )
Microsoft OneDrive (HKU\S-1-5-21-1139899892-52648791-3838483249-1001\...\OneDriveSetup.exe) (Version: 21.016.0124.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.15 - F.J. Wechselberger)
NVIDIA Ovladače grafiky 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
Ovládací panel NVIDIA 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 376.54 - NVIDIA Corporation) Hidden
PowerPoint (HKU\S-1-5-21-1139899892-52648791-3838483249-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
qBittorrent 4.3.3 (HKLM-x32\...\qBittorrent) (Version: 4.3.3 - The qBittorrent project)
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 9.4.14.0 - 2BrightSparks)
VS Revo Group (HKU\S-1-5-21-1139899892-52648791-3838483249-1001\...\{1F44C2C3-CECF-B184-84E9-449538C5D6E9}) (Version: v.4.3.3 - libbi)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
Word (HKU\S-1-5-21-1139899892-52648791-3838483249-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)

Packages:
=========
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-21] (Microsoft Studios) [MS Ad]
Outlook -> C:\Program Files\WindowsApps\outlook.com-78C9D47_1.0.0.0_neutral__3t89ybq5n4y7r [2021-02-21] (outlook.com)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0 [2021-02-21] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => D:\program\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\program\winrar\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\program\winrar\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-09-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\program\winrar\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\program\winrar\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\rossu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm
ShortcutWithArgument: C:\Users\rossu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf
ShortcutWithArgument: C:\Users\rossu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1139899892-52648791-3838483249-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\rossu\Downloads\microsoft-reveals-the-official-windows-10-wallpaper-485311-2.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3C24FF4D-0783-4AE5-99FA-C60DF2F47292}] => (Allow) D:\program\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{0CC2E611-49E5-46E2-BF9D-D2EE32A393F2}] => (Allow) D:\program\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [TCP Query User{7C1CCB0B-9C2F-458E-8FE6-02C61C3F74F5}D:\program\myphoneexplorer\myphoneexplorer.exe] => (Allow) D:\program\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [UDP Query User{A752ADBB-50BB-44F4-91E2-504EE3185E1F}D:\program\myphoneexplorer\myphoneexplorer.exe] => (Allow) D:\program\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [TCP Query User{2BB7A460-AD13-4E8C-8F41-AF4306DF5EFF}D:\program\qbittorrent\qbittorrent.exe] => (Allow) D:\program\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [UDP Query User{E6F97944-A316-4EDC-9848-8D991B7E3697}D:\program\qbittorrent\qbittorrent.exe] => (Allow) D:\program\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{5C1C8C15-B1D4-49F6-B644-91B653A02FBA}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{055D89F4-208F-49DC-A0BB-601A9A9C00DE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B3D6FDA3-82F4-4603-B592-0647982B2C09}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7CBF611C-2747-43EC-ACF5-902ECE9A8538}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{94A5BF06-8F17-4A58-BCE8-0AF34625BFBD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B8C4C335-4C96-4C21-92A9-702C2058BA79}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0DAEB4CA-52F9-4F2D-A11F-C7149F02BA4D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{966DEC45-95D2-4599-A3E3-316FFA8255E1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B93DAFBA-21A2-4726-B50F-BF4ABC67CD31}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

10-02-2021 19:36:45 Naplánovaný kontrolní bod
14-02-2021 16:05:33 huawei
17-02-2021 16:38:25 Instalační služba modulů systému Windows
20-02-2021 20:32:41 ovladače huawei

==================== Faulty Device Manager Devices ============

Name: Android ADB Interface
Description: Android ADB Interface
Class Guid: {3f966bd9-fa04-4ec5-991c-d326973b5128}
Manufacturer: Google, Inc.
Service: WinUSB
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Řadič PCI pro šifrování a dešifrování
Description: Řadič PCI pro šifrování a dešifrování
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Řadič sběrnice SM
Description: Řadič sběrnice SM
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (02/21/2021 09:37:03 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3592,R,98) SRUJet: Při otevírání souboru protokolu C:\Windows\system32\SRU\SRU0056F.log došlo k chybě -1811 (0xfffff8ed).

Error: (02/20/2021 07:27:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: flash_tool.exe, verze: 0.0.0.0, časové razítko: 0x60090a9c
Název chybujícího modulu: MSVCR90.dll, verze: 9.0.30729.9625, časové razítko: 0x5db2747f
Kód výjimky: 0x40000015
Posun chyby: 0x0005beae
ID chybujícího procesu: 0x7a8
Čas spuštění chybující aplikace: 0x01d707b604c82a71
Cesta k chybující aplikaci: C:\Users\rossu\Downloads\SP_Flash_Tool_v5.2104_Win\SP_Flash_Tool_v5.2104_Win\flash_tool.exe
Cesta k chybujícímu modulu: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9625_none_508ef7e4bcbbe589\MSVCR90.dll
ID zprávy: bc77427e-8329-474a-8a0d-f1ba4e05bc1f
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/20/2021 07:26:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: flash_tool.exe, verze: 0.0.0.0, časové razítko: 0x60090a9c
Název chybujícího modulu: MSVCR90.dll, verze: 9.0.30729.9625, časové razítko: 0x5db2747f
Kód výjimky: 0x40000015
Posun chyby: 0x0005beae
ID chybujícího procesu: 0x182c
Čas spuštění chybující aplikace: 0x01d707b46b6235c6
Cesta k chybující aplikaci: C:\Users\rossu\Downloads\SP_Flash_Tool_v5.2104_Win\SP_Flash_Tool_v5.2104_Win\flash_tool.exe
Cesta k chybujícímu modulu: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9625_none_508ef7e4bcbbe589\MSVCR90.dll
ID zprávy: b9bb8872-c54a-43a3-a12e-b33e34f2e9ba
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/20/2021 08:04:39 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Verbatim HDD (F:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (02/20/2021 08:04:25 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na dokument (E:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (02/20/2021 08:04:21 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na program (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (02/20/2021 07:58:17 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na dokument (E:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (02/20/2021 07:57:23 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na program (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)


System errors:
=============
Error: (02/21/2021 09:06:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba SysMain byla ukončena s následující chybou:
Parametr není správný.

Error: (02/21/2021 08:37:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-D47UQCR)
Description: Server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} se v daném časovém limitu neregistroval u služby DCOM.

Error: (02/21/2021 08:37:30 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-D47UQCR)
Description: Server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} se v daném časovém limitu neregistroval u služby DCOM.

Error: (02/21/2021 08:37:30 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-D47UQCR)
Description: Server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} se v daném časovém limitu neregistroval u služby DCOM.

Error: (02/21/2021 08:26:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Foxit Reader Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/21/2021 08:26:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA Display Container LS byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 1000 milisekund: Restartovat službu.

Error: (02/21/2021 08:26:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) HD Graphics Control Panel Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/21/2021 11:02:14 AM) (Source: disk) (EventID: 7) (User: )
Description: Zařízení \Device\Harddisk2\DR2 má chybný blok.


Windows Defender:
================
Date: 2021-02-20 07:58:17
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {2AF9289E-2F26-4B7A-B6F7-F031A22A384A}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-02-14 17:17:22
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {A4BEC6AC-D3F2-4142-9F5E-B51A8E995616}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-02-14 16:36:35
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Script/Oneeva.A!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\rossu\Downloads\kingo-root-4-80.apk; webfile:_C:\Users\rossu\Downloads\kingo-root-4-80.apk|https://dw79.uptodown.com/dwn/1O2satNw9 ... 5917060224
Původ detekce: Internet
Typ detekce: FastPath
Zdroj detekce: Soubory ke stažení a přílohy
Uživatel: DESKTOP-D47UQCR\rossu
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.331.980.0, AS: 1.331.980.0, NIS: 1.331.980.0
Verze modulu: AM: 1.1.17800.5, NIS: 1.1.17800.5

Date: 2021-02-14 16:35:47
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Sehyioa.A!cl
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\rossu\Downloads\kingroot-5-4-0.apk; webfile:_C:\Users\rossu\Downloads\kingroot-5-4-0.apk|https://dw38.uptodown.com/dwn/1O2satNw9 ... 5419529880
Původ detekce: Internet
Typ detekce: FastPath
Zdroj detekce: Soubory ke stažení a přílohy
Uživatel: DESKTOP-D47UQCR\rossu
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.331.980.0, AS: 1.331.980.0, NIS: 1.331.980.0
Verze modulu: AM: 1.1.17800.5, NIS: 1.1.17800.5

Date: 2021-02-14 10:53:38
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {BBED56DB-0429-49B6-9394-A0CF20D76B9A}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-02-21 10:42:42
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o načtení bezpečnostních informací a pokusí se o obnovení poslední známé funkční verze.
Bezpečnostní informace, které se měly načíst: Aktuální
Kód chyby: 0x80070003
Popis chyby: Systém nemůže nalézt uvedenou cestu.
Verze bezpečnostních informací: 0.0.0.0;0.0.0.0
Verze modulu: 0.0.0.0

Date: 2021-02-21 09:37:02
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o načtení bezpečnostních informací a pokusí se o obnovení poslední známé funkční verze.
Bezpečnostní informace, které se měly načíst: Aktuální
Kód chyby: 0x80070003
Popis chyby: Systém nemůže nalézt uvedenou cestu.
Verze bezpečnostních informací: 0.0.0.0;0.0.0.0
Verze modulu: 0.0.0.0

Date: 2021-02-10 19:35:20
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Microsoft Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x80004005
Popis chyby: Nespecifikovaná chyba
Důvod: Ovladač filtru přeskočil prohledávání položek a je v režimu průchodu. Příčinou může být nízký stav prostředků.

==================== Memory info ===========================

BIOS: Insyde Corp. V1.03 04/20/2015
Motherboard: Acer Tashigi_BA
Processor: Intel(R) Pentium(R) CPU N3700 @ 1.60GHz
Percentage of memory in use: 78%
Total physical RAM: 4009.76 MB
Available physical RAM: 864.46 MB
Total Virtual: 5161.76 MB
Available Virtual: 2136.57 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:446.53 GB) (Free:408.3 GB) NTFS
Drive d: (program) (Fixed) (Total:400.39 GB) (Free:399.04 GB) NTFS
Drive e: (dokument) (Fixed) (Total:531.11 GB) (Free:462.04 GB) NTFS

\\?\Volume{eba8f856-50ef-4bc8-a1b4-8efcd302be5a}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{8bc4c0ff-343f-46a5-aad8-220d13b1d08d}\ () (Fixed) (Total:0 GB) (Free:0 GB)
\\?\Volume{b3c1e243-3ac3-46b9-ab5a-ddb9284e602a}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 447.1 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

Re: Trojan.Multi.Brosubsc.gen

Napsal: 21 úno 2021 21:55
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
C:\Users\rossu\Downloads\kingo-root-4-80.apk
C:\Users\rossu\Downloads\kingo-root-4-80.apk|https://dw79.uptodown.com/dwn/1O2satNw9 ... 5917060224
C:\Users\rossu\Downloads\kingroot-5-4-0.apk|https://dw38.uptodown.com/dwn/1O2satNw9 ... 5419529880
Task: {d189c7f6-7931-40b2-a757-1176d46d84cb} - no filepath
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Trojan.Multi.Brosubsc.gen

Napsal: 22 úno 2021 13:48
od bigmuff
ano tady
Fix result of Farbar Recovery Scan Tool (x64) Version: 21-02-2021
Ran by rossu (22-02-2021 13:42:14) Run:1
Running from C:\Users\rossu\Desktop
Loaded Profiles: rossu
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
C:\Users\rossu\Downloads\kingo-root-4-80.apk
C:\Users\rossu\Downloads\kingo-root-4-80.apk|https://dw79.uptodown.com/dwn/1O2satNw9 ... 5917060224
C:\Users\rossu\Downloads\kingroot-5-4-0.apk|https://dw38.uptodown.com/dwn/1O2satNw9 ... 5419529880
Task: {d189c7f6-7931-40b2-a757-1176d46d84cb} - no filepath
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"C:\Users\rossu\Downloads\kingo-root-4-80.apk" => not found
"C:\Users\rossu\Downloads\kingo-root-4-80.apk|https:\\dw79.uptodown.com\dwn\1O2satNw9 ... 5917060224" => not found
"C:\Users\rossu\Downloads\kingroot-5-4-0.apk|https:\\dw38.uptodown.com\dwn\1O2satNw9 ... 5419529880" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{d189c7f6-7931-40b2-a757-1176d46d84cb}" => removed successfully
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 122637907 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1841015 B
Edge => 0 B
Chrome => 677294387 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 88578 B
rossu => 70399392 B

RecycleBin => 76567 B
EmptyTemp: => 839.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:45:11 ====

Re: Trojan.Multi.Brosubsc.gen

Napsal: 22 úno 2021 14:33
od bigmuff
ten Kaspersky virus removal tool to zase hlásí

můžu ho dát pryč

Re: Trojan.Multi.Brosubsc.gen

Napsal: 22 úno 2021 14:48
od Rudy
Jistě.

Re: Trojan.Multi.Brosubsc.gen

Napsal: 22 úno 2021 14:55
od bigmuff
Děkuju moc
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz