Re: Preventivní kontrola PC a čištění před tvorbou zálohy.
Napsal: 09 úno 2019 08:10
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 8.02.2019
Ran by Roman (administrator) on DESKTOP-O6D3TT1 (09-02-2019 08:07:15)
Running from C:\Users\Roman\Desktop
Loaded Profiles: Roman (Available Profiles: Roman)
Platform: Windows 10 Pro Version 1803 17134.523 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.31\aaHMSvc.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
() C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
() D:\Programy\Everythink\Everything\Everything.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Valve Corporation) D:\Programy\Steam\Steam.exe
(Gaijin Entertainment) C:\Users\Roman\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe
(Ashampoo GmbH & Co. KG) C:\Program Files (x86)\Ashampoo\Ashampoo Snap 10\ashsnap.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIRPE.EXE
(Valve Corporation) D:\Programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Wargaming.net) C:\Games\World_of_Tanks\WargamingGameUpdater.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) D:\Programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Valve Corporation) D:\Programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
() C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Valve Corporation) D:\Programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Valve Corporation) D:\Programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
() C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [585296 2017-12-22] (Acronis International GmbH -> )
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [177928 2018-11-29] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1092304 2016-03-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [425864 2017-12-22] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4620736 2017-12-22] (Acronis International GmbH -> )
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\Run: [Steam] => D:\Programy\Steam\steam.exe [3141920 2019-02-02] (Valve -> Valve Corporation)
HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\Run: [Gaijin.Net Agent] => C:\Users\Roman\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2125384 2018-09-25] (Gaijin Network LTD -> Gaijin Entertainment)
HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\Run: [AshSnap] => C:\Program Files (x86)\Ashampoo\Ashampoo Snap 10\ashsnap.exe [6223760 2018-05-31] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH & Co. KG)
HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30796352 2018-10-24] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIRPE.EXE [417776 2014-11-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\Run: [World of Tanks (1)] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net Limited -> Wargaming.net)
HKU\S-1-5-18\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30796352 2018-10-24] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-15] (Google Inc -> Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acuity Update Tool.lnk [2017-11-25]
ShortcutTarget: Acuity Update Tool.lnk -> C:\Users\Roman\AppData\Roaming\MetaQuotes\Terminal\76AE827A66F7801B9D79B1FD1D2103FD\MQL4\Experts\AcuityUpdateTool\AcuityUpdateTool.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6fbb34ec-5959-43f9-8070-f89720ac0664}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-917377831-1171802105-78364817-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-917377831-1171802105-78364817-1001 -> {0B95B3F4-0A26-41F9-AA9C-5B11C159ECF9} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13014
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2017-11-26] [Legacy] [not signed]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2019-01-30] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2019-01-30] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.centrum.cz/
CHR Profile: C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default [2019-02-09]
CHR Extension: (Prezentace) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-07]
CHR Extension: (Dokumenty) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-07]
CHR Extension: (Disk Google) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-07]
CHR Extension: (IBM Security Rapport) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2019-02-07]
CHR Extension: (YouTube) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-07]
CHR Extension: (Tabulky) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-07]
CHR Extension: (Dokumenty Google offline) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-07]
CHR Extension: (Gmail) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-02-07]
CHR Extension: (Chrome Media Router) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-07]
CHR HKU\S-1-5-21-917377831-1171802105-78364817-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [2723872 2017-12-22] (Acronis International GmbH -> Acronis International GmbH)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-03] (ASUSTeK Computer Inc. -> )
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.31\aaHMSvc.exe [975832 2017-01-25] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [779392 2018-05-22] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2302160 2018-11-29] (ESET, spol. s r.o. -> ESET)
S3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2302160 2018-11-29] (ESET, spol. s r.o. -> ESET)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [145224 2017-02-27] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 Everything; D:\Programy\Everythink\Everything\Everything.exe [2199656 2018-02-09] (David Carpenter -> )
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes Corporation -> Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes Corporation -> Malwarebytes)
R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4808088 2017-12-22] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [3004128 2017-12-22] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1742464 2017-12-22] (Acronis International GmbH -> )
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [787440 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [787440 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [5264888 2018-12-26] (IBM -> IBM Corp.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-19] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-19] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AnviFPFltd; C:\WINDOWS\System32\DRIVERS\AnviFPFltd.sys [28568 2015-01-29] (Anvei Technology Co., LTD -> AnviSoft.com)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-03] (ASUSTeK Computer Inc. -> )
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [143448 2018-11-29] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15872 2018-10-17] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [188832 2018-10-17] (ESET, spol. s r.o. -> ESET)
S4 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50144 2018-10-17] (ESET, spol. s r.o. -> ESET)
S4 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [82304 2018-10-17] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [109864 2018-10-17] (ESET, spol. s r.o. -> ESET)
R2 file_protector; C:\WINDOWS\System32\DRIVERS\file_protector.sys [569392 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [379664 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 GenericMount; C:\WINDOWS\System32\drivers\GenericMount.sys [54320 2009-09-21] (Symantec Corporation -> Symantec Corporation)
S3 GPUIO; C:\Program Files (x86)\Common Files\InstallShield\Driver\9\Intel 32\690b33e1-0462-4e84-9bea-c7552b45432a.sys [27120 2017-11-24] (ASUSTeK Computer Inc. -> )
S3 iaLPSSi_GPIO; C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [38128 2018-04-12] (Intel Corporation - Client Components Group -> Intel Corporation)
S3 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [34064 2017-05-08] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation -> Malwarebytes Corporation)
R3 MEIx64; C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys [202032 2016-01-19] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_4aa19ae78d94d8a3\nvlddmkm.sys [20706184 2019-02-01] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2018-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [74576 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [501256 2018-12-26] (IBM -> IBM Corp.)
R1 RapportCerberus_1930247; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1930247.sys [1657968 2019-02-05] (IBM -> IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [725192 2018-12-26] (IBM -> IBM Corp.)
R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [461768 2018-12-26] (IBM -> IBM Corp.)
R0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [608840 2018-12-26] (IBM -> IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [758168 2018-12-26] (IBM -> IBM Corp.)
S3 RtlWlanu_OldIC; C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys [3814400 2018-04-12] (Microsoft Windows -> Realtek Semiconductor Corporation )
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1310552 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [213336 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [690520 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 trufos; C:\WINDOWS\System32\drivers\trufos.sys [439576 2018-12-30] (Bitdefender SRL -> BitDefender S.R.L.)
S3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [331976 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 volume_tracker; C:\WINDOWS\System32\DRIVERS\volume_tracker.sys [243472 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46680 2018-12-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [330936 2018-12-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-19] (Microsoft Windows -> Microsoft Corporation)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [270608 2017-11-26] (Beijing Duodian Online Science and Technology Co.,Ltd -> BigNox Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-02-11] (Zemana Ltd. -> Zemana Ltd.)
S0 edevmon; system32\DRIVERS\edevmon.sys [X]
S3 RtlWlanu; \SystemRoot\System32\drivers\rtwlanu.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\Roman\Documents\BitcoinZ\BitcoinZ.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-09 08:07 - 2019-02-09 08:08 - 000023284 _____ C:\Users\Roman\Desktop\FRST.txt
2019-02-09 08:06 - 2019-02-09 08:07 - 000000000 ____D C:\FRST
2019-02-09 08:02 - 2019-02-09 08:02 - 002434048 _____ (Farbar) C:\Users\Roman\Desktop\FRST64.exe
2019-02-08 22:07 - 2019-02-08 22:07 - 002038755 _____ C:\Users\Roman\Desktop\zoek.exe
2019-02-08 20:37 - 2019-02-08 20:37 - 000000000 ____D C:\Users\Roman\AppData\Local\PeerDistRepub
2019-02-08 20:31 - 2019-02-08 20:31 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Google
2019-02-07 22:05 - 2019-02-07 22:05 - 006624296 _____ (Zemana Ltd. ) C:\Users\Roman\Desktop\Zemana.AntiMalware.Setup.exe
2019-02-07 22:05 - 2019-02-07 22:05 - 000008859 _____ C:\Users\Roman\Desktop\zoek-results.txt
2019-02-07 22:01 - 2019-02-07 22:01 - 000000000 ____D C:\Users\Roman\AppData\Local\VirtualStore
2019-02-07 22:01 - 2019-02-07 22:01 - 000000000 ____D C:\Users\Roman\AppData\Local\CrashRpt
2019-02-07 21:57 - 2014-02-13 23:59 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2019-02-07 21:26 - 2019-02-07 21:51 - 000000000 ____D C:\zoek_backup
2019-02-07 21:23 - 2019-02-07 21:23 - 000001722 _____ C:\Users\Roman\Desktop\scan.txt
2019-02-06 22:46 - 2019-02-06 22:46 - 000002786 _____ C:\Users\Roman\Desktop\RogueKiller..txt
2019-02-06 22:42 - 2019-02-06 22:42 - 000002788 _____ C:\Users\Roman\Desktop\as_C8FC.tmp.txt
2019-02-06 21:20 - 2019-02-06 21:20 - 000000000 ____D C:\ProgramData\RogueKiller
2019-02-06 19:59 - 2019-02-06 19:59 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2019-02-06 19:59 - 2019-02-06 19:59 - 000000000 ____D C:\ProgramData\Sophos
2019-02-06 19:59 - 2019-02-06 19:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2019-02-06 19:59 - 2019-02-06 19:59 - 000000000 ____D C:\Program Files (x86)\Sophos
2019-02-06 19:56 - 2019-02-06 19:56 - 033492536 _____ C:\Users\Roman\Desktop\RogueKiller_portable64.exe
2019-02-06 19:53 - 2019-02-06 19:58 - 206758184 _____ (Sophos Limited) C:\Users\Roman\Desktop\Sophos Virus Removal Tool.exe
2019-02-06 19:52 - 2019-02-06 19:52 - 000000553 _____ C:\Users\Roman\Desktop\JRT.txt
2019-02-06 19:48 - 2019-02-06 19:48 - 001790024 _____ (Malwarebytes) C:\Users\Roman\Desktop\JRT.exe
2019-02-06 19:04 - 2019-02-06 19:04 - 000000000 ____D C:\Users\Roman\AppData\Roaming\EasyAntiCheat
2019-02-06 18:06 - 2019-02-06 18:06 - 000001729 _____ C:\Users\Roman\Desktop\AdwCleaner[S02].txt
2019-02-06 18:03 - 2019-02-06 18:03 - 007316688 _____ (Malwarebytes) C:\Users\Roman\Desktop\AdwCleaner.exe
2019-02-06 18:00 - 2019-02-06 18:00 - 000448512 _____ (OldTimer Tools) C:\Users\Roman\Desktop\TFC.exe
2019-02-06 16:23 - 2019-02-06 16:23 - 000388608 _____ (Trend Micro Inc.) C:\Users\Roman\Desktop\HijackThis.exe
2019-02-06 13:20 - 2019-02-06 13:20 - 000000000 ____D C:\Users\Roman\AppData\LocalLow\rondomedia GmbH
2019-02-06 12:52 - 2019-02-06 12:52 - 000000803 _____ C:\Users\Roman\Desktop\RESCUE 2013.lnk
2019-02-06 12:52 - 2019-02-06 12:52 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RESCUE 2013 – MESTO V OHROŽENÍ
2019-02-06 11:44 - 2019-02-06 11:48 - 1153706619 _____ C:\Users\Roman\Desktop\Dok.rar
2019-02-06 11:40 - 2019-02-06 11:40 - 941644390 _____ C:\Users\Roman\Desktop\registry po opravě CCcleanerem.rar
2019-02-06 11:34 - 2019-02-06 11:35 - 000000000 ____D C:\Program Files\WinRAR
2019-02-06 11:34 - 2019-02-06 11:34 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-02-06 11:34 - 2019-02-06 11:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-02-06 09:49 - 2019-02-06 09:49 - 000000955 _____ C:\Users\Public\Desktop\Anvi Folder Locker.lnk
2019-02-06 09:49 - 2019-02-06 09:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2019-02-06 09:49 - 2019-02-06 09:49 - 000000000 ____D C:\ProgramData\Anvisoft
2019-02-06 09:47 - 2019-02-06 09:47 - 014558584 _____ (Anvisoft) C:\Users\Roman\Downloads\aflsetup.exe
2019-02-06 09:08 - 2019-02-09 07:52 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2019-02-06 09:07 - 2019-02-06 09:13 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2019-02-06 09:07 - 2019-02-06 09:07 - 000001167 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2019-02-06 09:07 - 2019-02-06 09:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2019-02-06 09:07 - 2019-02-06 09:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-02-06 09:07 - 2015-10-05 09:50 - 000109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2019-02-06 09:07 - 2015-10-05 09:50 - 000064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2019-02-06 09:07 - 2015-10-05 09:50 - 000025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-02-06 07:49 - 2019-02-06 07:51 - 183502792 _____ C:\Users\Roman\Desktop\hgm83s8z.exe
2019-02-06 07:45 - 2019-01-30 21:07 - 000133512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2019-02-06 07:42 - 2019-02-01 22:36 - 000047592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 001005984 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 001005984 _____ C:\WINDOWS\system32\vulkan-1.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 000869792 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 000869792 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 000551680 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 000456640 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 000269752 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2019-02-06 07:42 - 2019-02-01 02:40 - 000269752 _____ C:\WINDOWS\system32\vulkaninfo.exe
2019-02-06 07:42 - 2019-02-01 02:40 - 000244128 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-02-06 07:42 - 2019-02-01 02:40 - 000244128 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2019-02-06 07:42 - 2019-02-01 02:38 - 010894304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 009254696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 005273048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 004624184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 002031896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 001734560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6441881.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 001534912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 001467864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6441881.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 001464008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 001129352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 000752440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 000668640 _____ C:\WINDOWS\system32\nvofapi64.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 000631688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 000611744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 000534544 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 000522120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 040235120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 035140696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 020101600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 017428328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 001471816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 001462232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 001169152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 001152200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 001145720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 000915120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 000822784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 000794656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 000638200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2019-02-06 07:42 - 2019-02-01 02:36 - 004296808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2019-02-06 07:30 - 2019-02-06 07:30 - 019341880 _____ (Piriform Software Ltd) C:\Users\Roman\Downloads\ccsetup552.exe
2019-02-06 07:26 - 2019-02-06 07:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Securely File Shredder
2019-02-06 07:26 - 2019-02-06 07:26 - 000000000 ____D C:\Program Files\Securely File Shredder
2019-02-06 07:24 - 2019-02-06 07:24 - 000472936 _____ (Reason Company Software Inc.) C:\Users\Roman\Downloads\SecurelyFileShredder_Setup.exe
2019-02-05 22:04 - 2019-02-05 22:04 - 000000000 ____D C:\Users\Roman\AppData\Local\Eraser 6
2019-02-05 21:01 - 2019-02-05 21:01 - 000000000 ____D C:\Users\Roman\AppData\Roaming\BitcoinZ
2019-02-05 21:01 - 2019-02-05 21:01 - 000000000 ____D C:\Users\Roman\AppData\Local\BitcoinZWallet
2019-02-05 20:43 - 2019-02-05 20:43 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Mozilla
2019-02-05 20:43 - 2019-02-05 20:43 - 000000000 ____D C:\Users\Roman\AppData\Local\Trusteer
2019-02-05 20:43 - 2019-02-05 20:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ochrana koncového bodu Trusteer
2019-02-05 20:43 - 2019-02-05 20:43 - 000000000 ____D C:\Program Files (x86)\Trusteer
2019-02-05 20:43 - 2018-12-26 21:05 - 000608840 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2019-02-05 20:43 - 2018-12-26 21:05 - 000461768 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2019-02-05 20:42 - 2019-02-05 20:42 - 000488952 _____ (IBM Corp.) C:\Users\Roman\Downloads\RapportSetup.exe
2019-02-05 20:42 - 2019-02-05 20:42 - 000000000 ____D C:\ProgramData\Trusteer
2019-02-05 20:33 - 2019-01-01 08:12 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-05 20:32 - 2019-01-01 14:50 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-02-05 20:32 - 2019-01-01 14:47 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2019-02-05 20:32 - 2019-01-01 14:46 - 012710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-02-05 20:32 - 2019-01-01 14:45 - 000714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2019-02-05 20:32 - 2019-01-01 14:45 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2019-02-05 20:32 - 2019-01-01 14:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-05 20:32 - 2019-01-01 14:20 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-02-05 20:32 - 2019-01-01 14:20 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
2019-02-05 20:32 - 2019-01-01 14:18 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2019-02-05 20:32 - 2019-01-01 14:17 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2019-02-05 20:32 - 2019-01-01 08:14 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-02-05 20:32 - 2019-01-01 08:14 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-05 20:32 - 2019-01-01 08:14 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-02-05 20:32 - 2019-01-01 08:14 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-02-05 20:32 - 2019-01-01 08:14 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-02-05 20:32 - 2019-01-01 08:14 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-02-05 20:32 - 2019-01-01 08:13 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-02-05 20:32 - 2019-01-01 08:13 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-02-05 20:32 - 2019-01-01 08:13 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-02-05 20:32 - 2019-01-01 08:13 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-02-05 20:32 - 2019-01-01 08:13 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-02-05 20:32 - 2019-01-01 08:12 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-05 20:32 - 2019-01-01 08:12 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-05 20:32 - 2019-01-01 08:12 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-05 20:32 - 2019-01-01 08:12 - 002421288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-05 20:32 - 2019-01-01 08:12 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-05 20:32 - 2019-01-01 08:12 - 000268304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-05 20:32 - 2019-01-01 08:12 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-02-05 20:32 - 2019-01-01 08:12 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-05 20:32 - 2019-01-01 07:55 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-02-05 20:32 - 2019-01-01 07:50 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-05 20:32 - 2019-01-01 07:50 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-02-05 20:32 - 2019-01-01 07:48 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-02-05 20:32 - 2019-01-01 07:48 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-02-05 20:32 - 2019-01-01 07:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
2019-02-05 20:32 - 2019-01-01 07:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-02-05 20:32 - 2019-01-01 07:47 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-02-05 20:32 - 2019-01-01 07:46 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-02-05 20:32 - 2019-01-01 07:46 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-02-05 20:32 - 2019-01-01 07:46 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-02-05 20:32 - 2019-01-01 07:45 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-05 20:32 - 2019-01-01 07:45 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-05 20:32 - 2019-01-01 07:45 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-02-05 20:32 - 2019-01-01 07:44 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-02-05 20:32 - 2019-01-01 07:44 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-02-05 20:32 - 2019-01-01 07:44 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-05 20:32 - 2019-01-01 07:44 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2019-02-05 20:32 - 2019-01-01 07:44 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-02-05 20:32 - 2019-01-01 07:43 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-02-05 20:32 - 2019-01-01 07:42 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-05 20:32 - 2019-01-01 07:42 - 002247680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2019-02-05 20:32 - 2019-01-01 07:42 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-02-05 20:32 - 2019-01-01 07:42 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-02-05 20:32 - 2019-01-01 07:41 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-02-05 20:32 - 2019-01-01 07:41 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-02-05 20:32 - 2019-01-01 07:41 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2019-02-05 20:32 - 2019-01-01 07:41 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-02-05 20:32 - 2019-01-01 07:37 - 006571584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-05 20:32 - 2019-01-01 07:37 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-02-05 20:32 - 2019-01-01 07:37 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-05 20:32 - 2019-01-01 07:37 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-05 20:32 - 2019-01-01 07:37 - 000880048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-02-05 20:32 - 2019-01-01 07:37 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-02-05 20:32 - 2019-01-01 07:37 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-02-05 20:32 - 2019-01-01 07:29 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-02-05 20:32 - 2019-01-01 07:22 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-05 20:32 - 2019-01-01 07:17 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-02-05 20:32 - 2019-01-01 07:16 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-05 20:32 - 2019-01-01 07:16 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-02-05 20:32 - 2019-01-01 07:16 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-02-05 20:32 - 2019-01-01 07:15 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-02-05 20:32 - 2019-01-01 07:15 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-02-05 20:32 - 2019-01-01 07:15 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-02-05 20:32 - 2019-01-01 07:15 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-02-05 20:32 - 2019-01-01 07:14 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-05 20:32 - 2019-01-01 07:14 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-02-05 20:32 - 2019-01-01 07:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-02-05 20:32 - 2019-01-01 07:13 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-02-05 20:32 - 2019-01-01 07:13 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-02-05 20:32 - 2019-01-01 07:13 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-02-05 20:32 - 2019-01-01 07:12 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-02-05 20:32 - 2019-01-01 07:12 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2019-02-05 20:32 - 2019-01-01 07:12 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-02-05 20:32 - 2019-01-01 07:12 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2019-02-05 20:32 - 2019-01-01 06:23 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-02-05 20:32 - 2018-12-19 05:49 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-05 20:21 - 2019-02-05 20:21 - 000000000 ____D C:\WINDOWS\CSC
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-09 08:08 - 2018-02-11 14:39 - 000060171 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2019-02-09 08:03 - 2018-02-14 19:31 - 000000000 ____D C:\Users\Roman\AppData\Local\Everything
2019-02-09 08:03 - 2018-02-14 17:02 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Everything
2019-02-09 08:01 - 2017-11-29 10:15 - 000000000 ___HD C:\Users\Roman\Desktop\_SNAPDOC
2019-02-09 07:58 - 2018-05-22 10:46 - 001689050 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-02-09 07:58 - 2018-04-12 16:51 - 000715034 _____ C:\WINDOWS\system32\perfh005.dat
2019-02-09 07:58 - 2018-04-12 16:51 - 000144328 _____ C:\WINDOWS\system32\perfc005.dat
2019-02-09 07:58 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-02-09 07:54 - 2017-11-24 20:21 - 000000000 ____D C:\ProgramData\NVIDIA
2019-02-09 07:52 - 2018-05-22 10:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-09 07:52 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-09 07:52 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-08 22:32 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-02-08 22:19 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-08 21:06 - 2018-05-22 10:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-02-07 22:16 - 2018-07-11 12:12 - 000000000 ____D C:\ProgramData\Packages
2019-02-07 21:51 - 2018-05-22 10:38 - 000000000 ____D C:\Users\Roman
2019-02-07 21:28 - 2017-11-29 10:29 - 000000000 ____D C:\Users\Roman\AppData\Local\CrashDumps
2019-02-06 15:32 - 2017-11-28 15:38 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-02-06 09:21 - 2018-07-20 20:06 - 000000000 ____D C:\Users\Roman\AppData\Roaming\system32
2019-02-06 07:52 - 2018-12-30 21:33 - 000000000 ____D C:\Users\Roman\Doctor Web
2019-02-06 07:46 - 2017-11-24 20:21 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-02-06 07:46 - 2017-11-24 17:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2019-02-06 07:45 - 2017-11-24 20:21 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-02-06 07:31 - 2018-05-22 10:42 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-02-06 07:31 - 2017-11-28 15:28 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-02-06 07:16 - 2017-11-28 15:28 - 000000000 ____D C:\Program Files\CCleaner
2019-02-05 22:06 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-02-05 22:06 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-02-05 20:34 - 2018-05-22 10:42 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-917377831-1171802105-78364817-1001
2019-02-05 20:34 - 2018-05-22 10:38 - 000002383 _____ C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-05 20:34 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-05 20:34 - 2017-11-24 17:00 - 000000000 ___RD C:\Users\Roman\OneDrive
2019-02-05 20:32 - 2017-11-24 19:40 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-02-05 20:31 - 2017-11-24 19:40 - 132790320 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-02-05 20:26 - 2017-11-24 19:43 - 000000000 ____D C:\Program Files\rempl
2019-02-05 20:25 - 2017-11-25 20:07 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-05 20:21 - 2018-12-30 05:49 - 000003376 _____ C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn
2019-02-05 20:21 - 2018-12-30 05:49 - 000003370 _____ C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime
2019-02-01 22:36 - 2017-11-09 04:38 - 001682392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2019-02-01 22:36 - 2017-11-09 04:38 - 000228768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2019-02-01 02:37 - 2017-11-25 22:34 - 005036824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2019-01-31 07:09 - 2017-11-25 22:34 - 000049634 _____ C:\WINDOWS\system32\nvinfo.pb
2019-01-31 07:09 - 2017-11-25 22:10 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2019-01-30 21:09 - 2017-11-24 20:21 - 005364776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2019-01-30 21:09 - 2017-11-24 20:21 - 002624824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2019-01-30 21:09 - 2017-11-24 20:21 - 001767920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2019-01-30 21:09 - 2017-11-24 20:21 - 000651248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2019-01-30 21:09 - 2017-11-24 20:21 - 000450600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2019-01-30 21:09 - 2017-11-24 20:21 - 000124968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2019-01-30 21:09 - 2017-11-24 20:21 - 000082800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2019-01-30 14:15 - 2017-11-24 20:21 - 008488852 _____ C:\WINDOWS\system32\nvcoproc.bin
2019-01-26 15:03 - 2017-11-24 20:21 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
==================== Files in the root of some directories =======
2018-03-19 08:45 - 2005-09-09 19:55 - 037766164 _____ () C:\Program Files (x86)\Data1.cab
2018-03-19 08:45 - 2005-09-09 19:55 - 007155864 _____ () C:\Program Files (x86)\NGhost10.msi
2018-03-19 08:45 - 2005-09-09 19:55 - 000000035 _____ () C:\Program Files (x86)\SCSSDist.ini
2018-03-19 08:45 - 2005-09-09 19:55 - 004588454 _____ (Symantec ) C:\Program Files (x86)\setup.exe
2018-02-01 13:03 - 2018-02-01 13:03 - 000000615 _____ () C:\Users\Roman\AppData\Roaming\jd-gui.cfg
2018-03-18 22:47 - 2018-03-18 22:47 - 000000001 _____ () C:\Users\Roman\AppData\Local\RawCopy.1.01.agreement
2018-03-18 22:48 - 2018-03-18 22:48 - 000000001 _____ () C:\Users\Roman\AppData\Local\RawCopy.sourcedisk.index
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-05-22 10:36
==================== End of FRST.txt ============================
Ran by Roman (administrator) on DESKTOP-O6D3TT1 (09-02-2019 08:07:15)
Running from C:\Users\Roman\Desktop
Loaded Profiles: Roman (Available Profiles: Roman)
Platform: Windows 10 Pro Version 1803 17134.523 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.31\aaHMSvc.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
() C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
() D:\Programy\Everythink\Everything\Everything.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Valve Corporation) D:\Programy\Steam\Steam.exe
(Gaijin Entertainment) C:\Users\Roman\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe
(Ashampoo GmbH & Co. KG) C:\Program Files (x86)\Ashampoo\Ashampoo Snap 10\ashsnap.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIRPE.EXE
(Valve Corporation) D:\Programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Wargaming.net) C:\Games\World_of_Tanks\WargamingGameUpdater.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) D:\Programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Valve Corporation) D:\Programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
() C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Valve Corporation) D:\Programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Valve Corporation) D:\Programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
() C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [585296 2017-12-22] (Acronis International GmbH -> )
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [177928 2018-11-29] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1092304 2016-03-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [425864 2017-12-22] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4620736 2017-12-22] (Acronis International GmbH -> )
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\Run: [Steam] => D:\Programy\Steam\steam.exe [3141920 2019-02-02] (Valve -> Valve Corporation)
HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\Run: [Gaijin.Net Agent] => C:\Users\Roman\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2125384 2018-09-25] (Gaijin Network LTD -> Gaijin Entertainment)
HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\Run: [AshSnap] => C:\Program Files (x86)\Ashampoo\Ashampoo Snap 10\ashsnap.exe [6223760 2018-05-31] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH & Co. KG)
HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30796352 2018-10-24] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIRPE.EXE [417776 2014-11-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\Run: [World of Tanks (1)] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net Limited -> Wargaming.net)
HKU\S-1-5-18\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30796352 2018-10-24] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-15] (Google Inc -> Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acuity Update Tool.lnk [2017-11-25]
ShortcutTarget: Acuity Update Tool.lnk -> C:\Users\Roman\AppData\Roaming\MetaQuotes\Terminal\76AE827A66F7801B9D79B1FD1D2103FD\MQL4\Experts\AcuityUpdateTool\AcuityUpdateTool.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6fbb34ec-5959-43f9-8070-f89720ac0664}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-917377831-1171802105-78364817-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-917377831-1171802105-78364817-1001 -> {0B95B3F4-0A26-41F9-AA9C-5B11C159ECF9} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13014
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2017-11-26] [Legacy] [not signed]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2019-01-30] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2019-01-30] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.centrum.cz/
CHR Profile: C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default [2019-02-09]
CHR Extension: (Prezentace) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-07]
CHR Extension: (Dokumenty) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-07]
CHR Extension: (Disk Google) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-07]
CHR Extension: (IBM Security Rapport) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2019-02-07]
CHR Extension: (YouTube) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-07]
CHR Extension: (Tabulky) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-07]
CHR Extension: (Dokumenty Google offline) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-07]
CHR Extension: (Gmail) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-02-07]
CHR Extension: (Chrome Media Router) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-07]
CHR HKU\S-1-5-21-917377831-1171802105-78364817-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [2723872 2017-12-22] (Acronis International GmbH -> Acronis International GmbH)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-03] (ASUSTeK Computer Inc. -> )
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.31\aaHMSvc.exe [975832 2017-01-25] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [779392 2018-05-22] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2302160 2018-11-29] (ESET, spol. s r.o. -> ESET)
S3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2302160 2018-11-29] (ESET, spol. s r.o. -> ESET)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [145224 2017-02-27] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 Everything; D:\Programy\Everythink\Everything\Everything.exe [2199656 2018-02-09] (David Carpenter -> )
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes Corporation -> Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes Corporation -> Malwarebytes)
R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4808088 2017-12-22] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [3004128 2017-12-22] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1742464 2017-12-22] (Acronis International GmbH -> )
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [787440 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [787440 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [5264888 2018-12-26] (IBM -> IBM Corp.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-19] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-19] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AnviFPFltd; C:\WINDOWS\System32\DRIVERS\AnviFPFltd.sys [28568 2015-01-29] (Anvei Technology Co., LTD -> AnviSoft.com)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-03] (ASUSTeK Computer Inc. -> )
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [143448 2018-11-29] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15872 2018-10-17] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [188832 2018-10-17] (ESET, spol. s r.o. -> ESET)
S4 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50144 2018-10-17] (ESET, spol. s r.o. -> ESET)
S4 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [82304 2018-10-17] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [109864 2018-10-17] (ESET, spol. s r.o. -> ESET)
R2 file_protector; C:\WINDOWS\System32\DRIVERS\file_protector.sys [569392 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [379664 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 GenericMount; C:\WINDOWS\System32\drivers\GenericMount.sys [54320 2009-09-21] (Symantec Corporation -> Symantec Corporation)
S3 GPUIO; C:\Program Files (x86)\Common Files\InstallShield\Driver\9\Intel 32\690b33e1-0462-4e84-9bea-c7552b45432a.sys [27120 2017-11-24] (ASUSTeK Computer Inc. -> )
S3 iaLPSSi_GPIO; C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [38128 2018-04-12] (Intel Corporation - Client Components Group -> Intel Corporation)
S3 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [34064 2017-05-08] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation -> Malwarebytes Corporation)
R3 MEIx64; C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys [202032 2016-01-19] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_4aa19ae78d94d8a3\nvlddmkm.sys [20706184 2019-02-01] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2018-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [74576 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [501256 2018-12-26] (IBM -> IBM Corp.)
R1 RapportCerberus_1930247; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1930247.sys [1657968 2019-02-05] (IBM -> IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [725192 2018-12-26] (IBM -> IBM Corp.)
R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [461768 2018-12-26] (IBM -> IBM Corp.)
R0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [608840 2018-12-26] (IBM -> IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [758168 2018-12-26] (IBM -> IBM Corp.)
S3 RtlWlanu_OldIC; C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys [3814400 2018-04-12] (Microsoft Windows -> Realtek Semiconductor Corporation )
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1310552 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [213336 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [690520 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 trufos; C:\WINDOWS\System32\drivers\trufos.sys [439576 2018-12-30] (Bitdefender SRL -> BitDefender S.R.L.)
S3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [331976 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 volume_tracker; C:\WINDOWS\System32\DRIVERS\volume_tracker.sys [243472 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46680 2018-12-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [330936 2018-12-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-19] (Microsoft Windows -> Microsoft Corporation)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [270608 2017-11-26] (Beijing Duodian Online Science and Technology Co.,Ltd -> BigNox Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-02-11] (Zemana Ltd. -> Zemana Ltd.)
S0 edevmon; system32\DRIVERS\edevmon.sys [X]
S3 RtlWlanu; \SystemRoot\System32\drivers\rtwlanu.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\Roman\Documents\BitcoinZ\BitcoinZ.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-09 08:07 - 2019-02-09 08:08 - 000023284 _____ C:\Users\Roman\Desktop\FRST.txt
2019-02-09 08:06 - 2019-02-09 08:07 - 000000000 ____D C:\FRST
2019-02-09 08:02 - 2019-02-09 08:02 - 002434048 _____ (Farbar) C:\Users\Roman\Desktop\FRST64.exe
2019-02-08 22:07 - 2019-02-08 22:07 - 002038755 _____ C:\Users\Roman\Desktop\zoek.exe
2019-02-08 20:37 - 2019-02-08 20:37 - 000000000 ____D C:\Users\Roman\AppData\Local\PeerDistRepub
2019-02-08 20:31 - 2019-02-08 20:31 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Google
2019-02-07 22:05 - 2019-02-07 22:05 - 006624296 _____ (Zemana Ltd. ) C:\Users\Roman\Desktop\Zemana.AntiMalware.Setup.exe
2019-02-07 22:05 - 2019-02-07 22:05 - 000008859 _____ C:\Users\Roman\Desktop\zoek-results.txt
2019-02-07 22:01 - 2019-02-07 22:01 - 000000000 ____D C:\Users\Roman\AppData\Local\VirtualStore
2019-02-07 22:01 - 2019-02-07 22:01 - 000000000 ____D C:\Users\Roman\AppData\Local\CrashRpt
2019-02-07 21:57 - 2014-02-13 23:59 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2019-02-07 21:26 - 2019-02-07 21:51 - 000000000 ____D C:\zoek_backup
2019-02-07 21:23 - 2019-02-07 21:23 - 000001722 _____ C:\Users\Roman\Desktop\scan.txt
2019-02-06 22:46 - 2019-02-06 22:46 - 000002786 _____ C:\Users\Roman\Desktop\RogueKiller..txt
2019-02-06 22:42 - 2019-02-06 22:42 - 000002788 _____ C:\Users\Roman\Desktop\as_C8FC.tmp.txt
2019-02-06 21:20 - 2019-02-06 21:20 - 000000000 ____D C:\ProgramData\RogueKiller
2019-02-06 19:59 - 2019-02-06 19:59 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2019-02-06 19:59 - 2019-02-06 19:59 - 000000000 ____D C:\ProgramData\Sophos
2019-02-06 19:59 - 2019-02-06 19:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2019-02-06 19:59 - 2019-02-06 19:59 - 000000000 ____D C:\Program Files (x86)\Sophos
2019-02-06 19:56 - 2019-02-06 19:56 - 033492536 _____ C:\Users\Roman\Desktop\RogueKiller_portable64.exe
2019-02-06 19:53 - 2019-02-06 19:58 - 206758184 _____ (Sophos Limited) C:\Users\Roman\Desktop\Sophos Virus Removal Tool.exe
2019-02-06 19:52 - 2019-02-06 19:52 - 000000553 _____ C:\Users\Roman\Desktop\JRT.txt
2019-02-06 19:48 - 2019-02-06 19:48 - 001790024 _____ (Malwarebytes) C:\Users\Roman\Desktop\JRT.exe
2019-02-06 19:04 - 2019-02-06 19:04 - 000000000 ____D C:\Users\Roman\AppData\Roaming\EasyAntiCheat
2019-02-06 18:06 - 2019-02-06 18:06 - 000001729 _____ C:\Users\Roman\Desktop\AdwCleaner[S02].txt
2019-02-06 18:03 - 2019-02-06 18:03 - 007316688 _____ (Malwarebytes) C:\Users\Roman\Desktop\AdwCleaner.exe
2019-02-06 18:00 - 2019-02-06 18:00 - 000448512 _____ (OldTimer Tools) C:\Users\Roman\Desktop\TFC.exe
2019-02-06 16:23 - 2019-02-06 16:23 - 000388608 _____ (Trend Micro Inc.) C:\Users\Roman\Desktop\HijackThis.exe
2019-02-06 13:20 - 2019-02-06 13:20 - 000000000 ____D C:\Users\Roman\AppData\LocalLow\rondomedia GmbH
2019-02-06 12:52 - 2019-02-06 12:52 - 000000803 _____ C:\Users\Roman\Desktop\RESCUE 2013.lnk
2019-02-06 12:52 - 2019-02-06 12:52 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RESCUE 2013 – MESTO V OHROŽENÍ
2019-02-06 11:44 - 2019-02-06 11:48 - 1153706619 _____ C:\Users\Roman\Desktop\Dok.rar
2019-02-06 11:40 - 2019-02-06 11:40 - 941644390 _____ C:\Users\Roman\Desktop\registry po opravě CCcleanerem.rar
2019-02-06 11:34 - 2019-02-06 11:35 - 000000000 ____D C:\Program Files\WinRAR
2019-02-06 11:34 - 2019-02-06 11:34 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-02-06 11:34 - 2019-02-06 11:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-02-06 09:49 - 2019-02-06 09:49 - 000000955 _____ C:\Users\Public\Desktop\Anvi Folder Locker.lnk
2019-02-06 09:49 - 2019-02-06 09:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2019-02-06 09:49 - 2019-02-06 09:49 - 000000000 ____D C:\ProgramData\Anvisoft
2019-02-06 09:47 - 2019-02-06 09:47 - 014558584 _____ (Anvisoft) C:\Users\Roman\Downloads\aflsetup.exe
2019-02-06 09:08 - 2019-02-09 07:52 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2019-02-06 09:07 - 2019-02-06 09:13 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2019-02-06 09:07 - 2019-02-06 09:07 - 000001167 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2019-02-06 09:07 - 2019-02-06 09:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2019-02-06 09:07 - 2019-02-06 09:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-02-06 09:07 - 2015-10-05 09:50 - 000109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2019-02-06 09:07 - 2015-10-05 09:50 - 000064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2019-02-06 09:07 - 2015-10-05 09:50 - 000025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-02-06 07:49 - 2019-02-06 07:51 - 183502792 _____ C:\Users\Roman\Desktop\hgm83s8z.exe
2019-02-06 07:45 - 2019-01-30 21:07 - 000133512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2019-02-06 07:42 - 2019-02-01 22:36 - 000047592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 001005984 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 001005984 _____ C:\WINDOWS\system32\vulkan-1.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 000869792 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 000869792 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 000551680 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 000456640 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 000269752 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2019-02-06 07:42 - 2019-02-01 02:40 - 000269752 _____ C:\WINDOWS\system32\vulkaninfo.exe
2019-02-06 07:42 - 2019-02-01 02:40 - 000244128 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-02-06 07:42 - 2019-02-01 02:40 - 000244128 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2019-02-06 07:42 - 2019-02-01 02:38 - 010894304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 009254696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 005273048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 004624184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 002031896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 001734560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6441881.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 001534912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 001467864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6441881.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 001464008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 001129352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 000752440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 000668640 _____ C:\WINDOWS\system32\nvofapi64.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 000631688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 000611744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 000534544 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 000522120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 040235120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 035140696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 020101600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 017428328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 001471816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 001462232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 001169152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 001152200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 001145720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 000915120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 000822784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 000794656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 000638200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2019-02-06 07:42 - 2019-02-01 02:36 - 004296808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2019-02-06 07:30 - 2019-02-06 07:30 - 019341880 _____ (Piriform Software Ltd) C:\Users\Roman\Downloads\ccsetup552.exe
2019-02-06 07:26 - 2019-02-06 07:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Securely File Shredder
2019-02-06 07:26 - 2019-02-06 07:26 - 000000000 ____D C:\Program Files\Securely File Shredder
2019-02-06 07:24 - 2019-02-06 07:24 - 000472936 _____ (Reason Company Software Inc.) C:\Users\Roman\Downloads\SecurelyFileShredder_Setup.exe
2019-02-05 22:04 - 2019-02-05 22:04 - 000000000 ____D C:\Users\Roman\AppData\Local\Eraser 6
2019-02-05 21:01 - 2019-02-05 21:01 - 000000000 ____D C:\Users\Roman\AppData\Roaming\BitcoinZ
2019-02-05 21:01 - 2019-02-05 21:01 - 000000000 ____D C:\Users\Roman\AppData\Local\BitcoinZWallet
2019-02-05 20:43 - 2019-02-05 20:43 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Mozilla
2019-02-05 20:43 - 2019-02-05 20:43 - 000000000 ____D C:\Users\Roman\AppData\Local\Trusteer
2019-02-05 20:43 - 2019-02-05 20:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ochrana koncového bodu Trusteer
2019-02-05 20:43 - 2019-02-05 20:43 - 000000000 ____D C:\Program Files (x86)\Trusteer
2019-02-05 20:43 - 2018-12-26 21:05 - 000608840 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2019-02-05 20:43 - 2018-12-26 21:05 - 000461768 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2019-02-05 20:42 - 2019-02-05 20:42 - 000488952 _____ (IBM Corp.) C:\Users\Roman\Downloads\RapportSetup.exe
2019-02-05 20:42 - 2019-02-05 20:42 - 000000000 ____D C:\ProgramData\Trusteer
2019-02-05 20:33 - 2019-01-01 08:12 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-05 20:32 - 2019-01-01 14:50 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-02-05 20:32 - 2019-01-01 14:47 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2019-02-05 20:32 - 2019-01-01 14:46 - 012710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-02-05 20:32 - 2019-01-01 14:45 - 000714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2019-02-05 20:32 - 2019-01-01 14:45 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2019-02-05 20:32 - 2019-01-01 14:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-05 20:32 - 2019-01-01 14:20 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-02-05 20:32 - 2019-01-01 14:20 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
2019-02-05 20:32 - 2019-01-01 14:18 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2019-02-05 20:32 - 2019-01-01 14:17 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2019-02-05 20:32 - 2019-01-01 08:14 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-02-05 20:32 - 2019-01-01 08:14 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-05 20:32 - 2019-01-01 08:14 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-02-05 20:32 - 2019-01-01 08:14 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-02-05 20:32 - 2019-01-01 08:14 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-02-05 20:32 - 2019-01-01 08:14 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-02-05 20:32 - 2019-01-01 08:13 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-02-05 20:32 - 2019-01-01 08:13 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-02-05 20:32 - 2019-01-01 08:13 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-02-05 20:32 - 2019-01-01 08:13 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-02-05 20:32 - 2019-01-01 08:13 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-02-05 20:32 - 2019-01-01 08:12 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-05 20:32 - 2019-01-01 08:12 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-05 20:32 - 2019-01-01 08:12 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-05 20:32 - 2019-01-01 08:12 - 002421288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-05 20:32 - 2019-01-01 08:12 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-05 20:32 - 2019-01-01 08:12 - 000268304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-05 20:32 - 2019-01-01 08:12 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-02-05 20:32 - 2019-01-01 08:12 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-05 20:32 - 2019-01-01 07:55 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-02-05 20:32 - 2019-01-01 07:50 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-05 20:32 - 2019-01-01 07:50 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-02-05 20:32 - 2019-01-01 07:48 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-02-05 20:32 - 2019-01-01 07:48 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-02-05 20:32 - 2019-01-01 07:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
2019-02-05 20:32 - 2019-01-01 07:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-02-05 20:32 - 2019-01-01 07:47 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-02-05 20:32 - 2019-01-01 07:46 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-02-05 20:32 - 2019-01-01 07:46 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-02-05 20:32 - 2019-01-01 07:46 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-02-05 20:32 - 2019-01-01 07:45 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-05 20:32 - 2019-01-01 07:45 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-05 20:32 - 2019-01-01 07:45 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-02-05 20:32 - 2019-01-01 07:44 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-02-05 20:32 - 2019-01-01 07:44 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-02-05 20:32 - 2019-01-01 07:44 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-05 20:32 - 2019-01-01 07:44 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2019-02-05 20:32 - 2019-01-01 07:44 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-02-05 20:32 - 2019-01-01 07:43 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-02-05 20:32 - 2019-01-01 07:42 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-05 20:32 - 2019-01-01 07:42 - 002247680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2019-02-05 20:32 - 2019-01-01 07:42 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-02-05 20:32 - 2019-01-01 07:42 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-02-05 20:32 - 2019-01-01 07:41 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-02-05 20:32 - 2019-01-01 07:41 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-02-05 20:32 - 2019-01-01 07:41 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2019-02-05 20:32 - 2019-01-01 07:41 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-02-05 20:32 - 2019-01-01 07:37 - 006571584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-05 20:32 - 2019-01-01 07:37 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-02-05 20:32 - 2019-01-01 07:37 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-05 20:32 - 2019-01-01 07:37 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-05 20:32 - 2019-01-01 07:37 - 000880048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-02-05 20:32 - 2019-01-01 07:37 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-02-05 20:32 - 2019-01-01 07:37 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-02-05 20:32 - 2019-01-01 07:29 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-02-05 20:32 - 2019-01-01 07:22 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-05 20:32 - 2019-01-01 07:17 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-02-05 20:32 - 2019-01-01 07:16 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-05 20:32 - 2019-01-01 07:16 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-02-05 20:32 - 2019-01-01 07:16 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-02-05 20:32 - 2019-01-01 07:15 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-02-05 20:32 - 2019-01-01 07:15 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-02-05 20:32 - 2019-01-01 07:15 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-02-05 20:32 - 2019-01-01 07:15 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-02-05 20:32 - 2019-01-01 07:14 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-05 20:32 - 2019-01-01 07:14 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-02-05 20:32 - 2019-01-01 07:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-02-05 20:32 - 2019-01-01 07:13 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-02-05 20:32 - 2019-01-01 07:13 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-02-05 20:32 - 2019-01-01 07:13 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-02-05 20:32 - 2019-01-01 07:12 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-02-05 20:32 - 2019-01-01 07:12 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2019-02-05 20:32 - 2019-01-01 07:12 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-02-05 20:32 - 2019-01-01 07:12 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2019-02-05 20:32 - 2019-01-01 06:23 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-02-05 20:32 - 2018-12-19 05:49 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-05 20:21 - 2019-02-05 20:21 - 000000000 ____D C:\WINDOWS\CSC
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-09 08:08 - 2018-02-11 14:39 - 000060171 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2019-02-09 08:03 - 2018-02-14 19:31 - 000000000 ____D C:\Users\Roman\AppData\Local\Everything
2019-02-09 08:03 - 2018-02-14 17:02 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Everything
2019-02-09 08:01 - 2017-11-29 10:15 - 000000000 ___HD C:\Users\Roman\Desktop\_SNAPDOC
2019-02-09 07:58 - 2018-05-22 10:46 - 001689050 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-02-09 07:58 - 2018-04-12 16:51 - 000715034 _____ C:\WINDOWS\system32\perfh005.dat
2019-02-09 07:58 - 2018-04-12 16:51 - 000144328 _____ C:\WINDOWS\system32\perfc005.dat
2019-02-09 07:58 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-02-09 07:54 - 2017-11-24 20:21 - 000000000 ____D C:\ProgramData\NVIDIA
2019-02-09 07:52 - 2018-05-22 10:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-09 07:52 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-09 07:52 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-08 22:32 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-02-08 22:19 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-08 21:06 - 2018-05-22 10:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-02-07 22:16 - 2018-07-11 12:12 - 000000000 ____D C:\ProgramData\Packages
2019-02-07 21:51 - 2018-05-22 10:38 - 000000000 ____D C:\Users\Roman
2019-02-07 21:28 - 2017-11-29 10:29 - 000000000 ____D C:\Users\Roman\AppData\Local\CrashDumps
2019-02-06 15:32 - 2017-11-28 15:38 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-02-06 09:21 - 2018-07-20 20:06 - 000000000 ____D C:\Users\Roman\AppData\Roaming\system32
2019-02-06 07:52 - 2018-12-30 21:33 - 000000000 ____D C:\Users\Roman\Doctor Web
2019-02-06 07:46 - 2017-11-24 20:21 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-02-06 07:46 - 2017-11-24 17:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2019-02-06 07:45 - 2017-11-24 20:21 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-02-06 07:31 - 2018-05-22 10:42 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-02-06 07:31 - 2017-11-28 15:28 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-02-06 07:16 - 2017-11-28 15:28 - 000000000 ____D C:\Program Files\CCleaner
2019-02-05 22:06 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-02-05 22:06 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-02-05 20:34 - 2018-05-22 10:42 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-917377831-1171802105-78364817-1001
2019-02-05 20:34 - 2018-05-22 10:38 - 000002383 _____ C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-05 20:34 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-05 20:34 - 2017-11-24 17:00 - 000000000 ___RD C:\Users\Roman\OneDrive
2019-02-05 20:32 - 2017-11-24 19:40 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-02-05 20:31 - 2017-11-24 19:40 - 132790320 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-02-05 20:26 - 2017-11-24 19:43 - 000000000 ____D C:\Program Files\rempl
2019-02-05 20:25 - 2017-11-25 20:07 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-05 20:21 - 2018-12-30 05:49 - 000003376 _____ C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn
2019-02-05 20:21 - 2018-12-30 05:49 - 000003370 _____ C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime
2019-02-01 22:36 - 2017-11-09 04:38 - 001682392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2019-02-01 22:36 - 2017-11-09 04:38 - 000228768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2019-02-01 02:37 - 2017-11-25 22:34 - 005036824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2019-01-31 07:09 - 2017-11-25 22:34 - 000049634 _____ C:\WINDOWS\system32\nvinfo.pb
2019-01-31 07:09 - 2017-11-25 22:10 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2019-01-30 21:09 - 2017-11-24 20:21 - 005364776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2019-01-30 21:09 - 2017-11-24 20:21 - 002624824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2019-01-30 21:09 - 2017-11-24 20:21 - 001767920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2019-01-30 21:09 - 2017-11-24 20:21 - 000651248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2019-01-30 21:09 - 2017-11-24 20:21 - 000450600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2019-01-30 21:09 - 2017-11-24 20:21 - 000124968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2019-01-30 21:09 - 2017-11-24 20:21 - 000082800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2019-01-30 14:15 - 2017-11-24 20:21 - 008488852 _____ C:\WINDOWS\system32\nvcoproc.bin
2019-01-26 15:03 - 2017-11-24 20:21 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
==================== Files in the root of some directories =======
2018-03-19 08:45 - 2005-09-09 19:55 - 037766164 _____ () C:\Program Files (x86)\Data1.cab
2018-03-19 08:45 - 2005-09-09 19:55 - 007155864 _____ () C:\Program Files (x86)\NGhost10.msi
2018-03-19 08:45 - 2005-09-09 19:55 - 000000035 _____ () C:\Program Files (x86)\SCSSDist.ini
2018-03-19 08:45 - 2005-09-09 19:55 - 004588454 _____ (Symantec ) C:\Program Files (x86)\setup.exe
2018-02-01 13:03 - 2018-02-01 13:03 - 000000615 _____ () C:\Users\Roman\AppData\Roaming\jd-gui.cfg
2018-03-18 22:47 - 2018-03-18 22:47 - 000000001 _____ () C:\Users\Roman\AppData\Local\RawCopy.1.01.agreement
2018-03-18 22:48 - 2018-03-18 22:48 - 000000001 _____ () C:\Users\Roman\AppData\Local\RawCopy.sourcedisk.index
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-05-22 10:36
==================== End of FRST.txt ============================