Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Windows installer popup

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Xumas
Návštěvník
Návštěvník
Příspěvky: 7
Registrován: 20 čer 2018 14:32

Windows installer popup

#1 Příspěvek od Xumas »

Dobrý den,
začalo mi na obrazovce vyskakovat okno, které požaduje výběr aplikace, ve které se má spustit "windows installer". Okno vyskakuju v náhodných časových intervalech. Zkoušel jsem scan pc pomocí několika programů (malwarebytes, windows utilita msert, bitdefender), ale ty žádný škodlivý software nedetekovaly. Posílám log z RSIT.

Logfile of random's system information tool 1.10 (written by random/random)
Run by tomas at 2018-06-20 16:05:26
Microsoft Windows 10 Home
System drive C: has 722 GB (76%) free of 953 GB
Total RAM: 8077 MB (64% free)

HijackThis download failed

======Listing Processes======








C:\WINDOWS\system32\lsass.exe
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
"fontdrvhost.exe"
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
"C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe"
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservice -p -s nsi
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem

c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
c:\windows\system32\svchost.exe -k appmodel -p -s camsvc
C:\WINDOWS\system32\svchost.exe -k LocalService -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe"
C:\WINDOWS\system32\WLANExt.exe 1179004763280
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
"C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DCNTranProc.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe"
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
"C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe"
"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
c:\windows\system32\svchost.exe -k netsvcs -s CertPropSvc
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
"C:\Program Files\CyberLink\Shared files\RichVideo64.exe"

C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHDCPSvc.exe
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
C:\WINDOWS\system32\ibtsiva
"C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHeciSvc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe" /c
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
"C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
c:\windows\system32\svchost.exe -k netsvcs -p
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files\Common Files\McAfee\CSP\2.6.319.0\\McCSPServiceHost.exe"

c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
"C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe"
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe"
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
c:\windows\system32\svchost.exe -k netsvcs -p -s seclogon


C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost

C:\WINDOWS\System32\WinLogon.exe -SpecialSession
"fontdrvhost.exe"
"dwm.exe"

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe" -f "C:\ProgramData\NVIDIA\NvContainerUser%dSPUser.log" -d "C:\Program Files (x86)\NVIDIA Corporation\NvContainer\plugins\SPUser" -r -l 3 -p 30000 -c
"C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe" -f "C:\ProgramData\NVIDIA\NvContainerUser%d.log" -d "C:\Program Files (x86)\NVIDIA Corporation\NvContainer\plugins\User" -r -l 3 -p 30000 -st "C:\Program Files (x86)\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" -c
sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
"C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe"
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
"C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingKey.exe" /RunByTaskScheduler
"C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"
C:\WINDOWS\Explorer.EXE
"C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxEM.exe"
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
"ctfmon.exe"
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /AECBYLISTENTOSTATUS
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe -Embedding
"C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe" --type=crashpad-handler --no-rate-limit --database=C:\Users\tomas\AppData\Local\Crashpad --annotation=channel= --annotation=plat=Win32 --annotation=prod= --annotation=ver=7.5.24.0-devel --handshake-handle=0x218
"C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe" index.js
\??\C:\WINDOWS\system32\conhost.exe 0x4
c:\windows\system32\svchost.exe -k unistacksvcgroup
"C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe" --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,DocumentWriteEvaluator<DocumentWriteEvaluator,RenderingPipelineThrottling<RenderingPipelineThrottling,V8_Serialize_Age_Code<V8SerializeOptions,V8_Serialize_Eager<V8SerializeOptions,WebRTC-H264WithOpenH264FFmpeg<WebRTC-H264WithOpenH264FFmpeg,token-binding<TokenBinding,use-new-media-cache<use-new-media-cache --force-fieldtrials=AutofillClassifier/Enabled/AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled_Once_10-gen2/BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Enabled/ChromotingQUIC/Enabled/DefaultBrowserInfobar/SettingsText/DocumentWriteEvaluator/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/ExtensionActionRedesign/Enabled/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/LocalNTPSuggestionsService/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/NewProfileManagement/Enabled/OfferUploadCreditCards/Enabled/PageRevisitInstrumentation/Enabled/PasswordBranding/SmartLockBrandingSavePromptOnly/PasswordGeneration/Disabled/PreRead/NoPrefetchArgument/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/RenderingPipelineThrottling/Enabled/ReportCertificateErrors/ShowAndPossiblySend/ResourcePriorities/AllExceptAsyncScripts_11011_1_1_10/SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/UpdateTime15m/SchedulerExpensiveTaskBlocking/Enabled/SdchPersistence/Enabled/SettingsEnforcement/enforce_always_with_extensions_and_dse/StrictSecureCookies/Enabled/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/*TokenBinding/TokenBinding/TriggeredResetFieldTrial/On/V8SerializeOptions/SerializeEagerAndAgeCode/VarationsServiceControl/Interval_30min/WebFontsIntervention/Enabled/WebRTC-H264WithOpenH264FFmpeg/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/use-new-media-cache/Enabled/ --type=gpu-process --channel="8792.0.98132499\374623018" --no-sandbox --user-data-dir="C:\Users\tomas\AppData\Local\ASUS GIFTBOX\User Data" --supports-dual-gpus=false --gpu-driver-bug-workarounds=4,13,25,46,54 --gpu-vendor-id=0x8086 --gpu-device-id=0x591b --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=21.20.16.4550 --user-data-dir="C:\Users\tomas\AppData\Local\ASUS GIFTBOX\User Data" --mojo-platform-channel-handle=1292
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe" --type=renderer --disable-raf-throttling --no-sandbox --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,DocumentWriteEvaluator<DocumentWriteEvaluator,RenderingPipelineThrottling<RenderingPipelineThrottling,V8_Serialize_Age_Code<V8SerializeOptions,V8_Serialize_Eager<V8SerializeOptions,WebRTC-H264WithOpenH264FFmpeg<WebRTC-H264WithOpenH264FFmpeg,token-binding<TokenBinding,use-new-media-cache<use-new-media-cache --force-fieldtrials=AutofillClassifier/Enabled/AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Enabled/ChromotingQUIC/Enabled/DefaultBrowserInfobar/SettingsText/DocumentWriteEvaluator/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/*ExtensionActionRedesign/Enabled/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/*LocalNTPSuggestionsService/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/OfferUploadCreditCards/Enabled/*PageRevisitInstrumentation/Enabled/PasswordBranding/SmartLockBrandingSavePromptOnly/PasswordGeneration/Disabled/PreRead/NoPrefetchArgument/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/RenderingPipelineThrottling/Enabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/AllExceptAsyncScripts_11011_1_1_10/SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/UpdateTime15m/SchedulerExpensiveTaskBlocking/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/StrictSecureCookies/Enabled/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/*TokenBinding/TokenBinding/*TriggeredResetFieldTrial/On/V8SerializeOptions/SerializeEagerAndAgeCode/VarationsServiceControl/Interval_30min/WebFontsIntervention/Enabled/WebRTC-H264WithOpenH264FFmpeg/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/use-new-media-cache/Enabled/ --primordial-pipe-token=3FA805C6DB6C756B5FCFDDDCA463B536 --lang=cs --user-data-dir="C:\Users\tomas\AppData\Local\ASUS GIFTBOX\User Data" --nwjs --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="8792.1.1912529701\1315135547" --mojo-platform-channel-handle=2184
"C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe" -critical
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
C:\WINDOWS\System32\svchost.exe -k netsvcs -p
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto -scheduled -critical
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
C:\WINDOWS\system32\DllHost.exe /Processid:{7E55A26D-EF95-4A45-9F55-21E52ADF9887}
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
C:\WINDOWS\system32\DbxSvc.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s BITS
C:\WINDOWS\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /firstrunupdate 0
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" -type:crashpad-handler --capture-python --no-upload-gzip --no-rate-limit --database=C:\Users\tomas\AppData\Local\Dropbox\Crashpad --metrics-dir=0 --url=https://d.dropbox.com/report_crashpad_minidump --https-pin=0x23,0xf2,0xed,0xff,0x3e,0xde,0x90,0x25,0x9a,0x9e,0x30,0xf4,0xa,0xf8,0xf9,0x12,0xa5,0xe5,0xb3,0x69,0x4e,0x69,0x38,0x44,0x3,0x41,0xf6,0x6,0xe,0x1,0x4f,0xfa --https-pin=0xaf,0xf9,0x88,0x90,0x6d,0xde,0x12,0x95,0x5d,0x9b,0xeb,0xbf,0x92,0x8f,0xdc,0xc3,0x1c,0xce,0x32,0x8d,0x5b,0x93,0x84,0xf2,0x1c,0x89,0x41,0xca,0x26,0xe2,0x3,0x91 --https-pin=0x5a,0x88,0x96,0x47,0x22,0xe,0x54,0xd6,0xbd,0x8a,0x16,0x81,0x72,0x24,0x52,0xb,0xb5,0xc7,0x8e,0x58,0x98,0x4b,0xd5,0x70,0x50,0x63,0x88,0xb9,0xde,0xf,0x7,0x5f --https-pin=0xfe,0xa2,0xb7,0xd6,0x45,0xfb,0xa7,0x3d,0x75,0x3c,0x1e,0xc9,0xa7,0x87,0xc,0x40,0xe1,0xf7,0xb0,0xc5,0x61,0xe9,0x27,0xb9,0x85,0xbf,0x71,0x18,0x66,0xe3,0x6f,0x22 --https-pin=0x76,0xee,0x85,0x90,0x37,0x4c,0x71,0x54,0x37,0xbb,0xca,0x6b,0xba,0x60,0x28,0xea,0xdd,0xe2,0xdc,0x6d,0xbb,0xb8,0xc3,0xf6,0x10,0xe8,0x51,0xf1,0x1d,0x1a,0xb7,0xf5 --https-pin=0x6d,0xbf,0xae,0x0,0xd3,0x7b,0x9c,0xd7,0x3f,0x8f,0xb4,0x7d,0xe6,0x59,0x17,0xaf,0x0,0xe0,0xdd,0xdf,0x42,0xdb,0xce,0xac,0x20,0xc1,0x7c,0x2,0x75,0xee,0x20,0x95 --https-pin=0x1e,0xa3,0xc5,0xe4,0x3e,0xd6,0x6c,0x2d,0xa2,0x98,0x3a,0x42,0xa4,0xa7,0x9b,0x1e,0x90,0x67,0x86,0xce,0x9f,0x1b,0x58,0x62,0x14,0x19,0xa0,0x4,0x63,0xa8,0x7d,0x38 --https-pin=0x87,0xaf,0x34,0xd6,0x6f,0xb3,0xf2,0xfd,0xf3,0x6e,0x9,0x11,0x1e,0x9a,0xba,0x2f,0x6f,0x44,0xb2,0x7,0xf3,0x86,0x3f,0x3d,0xb,0x54,0xb2,0x50,0x23,0x90,0x9a,0xa5 --https-pin=0xbc,0xfb,0x44,0xaa,0xb9,0xad,0x2,0x10,0x15,0x70,0x6b,0x41,0x21,0xea,0x76,0x1c,0x81,0xc9,0xe8,0x89,0x67,0x59,0xf,0x6f,0x94,0xae,0x74,0x4d,0xc8,0x8b,0x78,0xfb --https-pin=0xab,0x98,0x49,0x52,0x76,0xad,0xf1,0xec,0xaf,0xf2,0x8f,0x35,0xc5,0x30,0x48,0x78,0x1e,0x5c,0x17,0x18,0xda,0xb9,0xc8,0xe6,0x7a,0x50,0x4f,0x4f,0x6a,0x51,0x32,0x8f --https-pin=0x49,0x5,0x46,0x66,0x23,0xab,0x41,0x78,0xbe,0x92,0xac,0x5c,0xbd,0x65,0x84,0xf7,0xa1,0xe1,0x7f,0x27,0x65,0x2d,0x5a,0x85,0xaf,0x89,0x50,0x4e,0xa2,0x39,0xaa,0xaa --https-pin=0x56,0x32,0xd9,0x7b,0xfa,0x77,0x5b,0xf3,0xc9,0x9d,0xde,0xa5,0x2f,0xc2,0x55,0x34,0x10,0x86,0x40,0x16,0x72,0x9c,0x52,0xdd,0x65,0x24,0xc8,0xa9,0xc3,0xb4,0x48,0x9f --https-pin=0x2a,0x8f,0x2d,0x8a,0xf0,0xeb,0x12,0x38,0x98,0xf7,0x4c,0x86,0x6a,0xc3,0xfa,0x66,0x90,0x54,0xe2,0x3c,0x17,0xbc,0x7a,0x95,0xbd,0x2,0x34,0x19,0x2d,0xc6,0x35,0xd0 --https-pin=0x32,0xb6,0x4b,0x66,0x72,0x7a,0x20,0x63,0xe4,0x6,0x6f,0x3b,0x95,0x8c,0xb0,0xaa,0xee,0x57,0x6a,0x5e,0xce,0xfd,0x95,0x33,0x99,0xbb,0x88,0x74,0x73,0x1d,0x95,0x87 --https-pin=0xf5,0x3c,0x22,0x5,0x98,0x17,0xdd,0x96,0xf4,0x0,0x65,0x16,0x39,0xd2,0xf8,0x57,0xe2,0x10,0x70,0xa5,0x9a,0xbe,0xd9,0x7,0x94,0x0,0xd9,0xf6,0x95,0x50,0x69,0x0 --https-pin=0x67,0xdc,0x4f,0x32,0xfa,0x10,0xe7,0xd0,0x1a,0x79,0xa0,0x73,0xaa,0xc,0x9e,0x2,0x12,0xec,0x2f,0xfc,0x3d,0x77,0x9e,0xa,0xa7,0xf9,0xc0,0xf0,0xe1,0xc2,0xc8,0x93 --https-pin=0x19,0x6,0xc6,0x12,0x4d,0xbb,0x43,0x85,0x78,0xd0,0xe,0x6,0x6d,0x50,0x54,0xc6,0xc3,0x7f,0xf,0xa6,0x2,0x8c,0x5,0x54,0x5e,0x9,0x94,0xed,0xda,0xec,0x86,0x29 --https-pin=0x1d,0x75,0xd0,0x83,0x1b,0x9e,0x8,0x85,0x39,0x4d,0x32,0xc7,0xa1,0xbf,0xdb,0x3d,0xbc,0x1c,0x28,0xe2,0xb0,0xe8,0x39,0x1f,0xb1,0x35,0x98,0x1d,0xbc,0x5b,0xa9,0x36 --annotation=buildno=Dropbox-win-52.4.58 --annotation=client_session_id=e81de5a3-1ce8-4e75-82f0-e64d443a7c87 --annotation=host_int_account1_boot=35502703936 --annotation=machine_id=a5a3dd0a-c90e-44e8-88fe-75464df767d9 --annotation=platform=win "--annotation=platform_version=10 1803" --initial-client-data=0x230,0x23c,0x240,0x22c,0x244,0x6e848db8,0x6e848dc8,0x6e848dd8
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" -type:exit-monitor -session-token:e81de5a3-1ce8-4e75-82f0-e64d443a7c87 -target-handle:556 -target-shutdown-event:580 "-target-command-line:\"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe\" /firstrunupdate 0" -python-version:2.7.11 -method:collectupload -handler-pipe:\\.\pipe\crashpad_12896_QNEVYVFYKKZRSWAX
"C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\PeopleExperienceHost.exe" -ServerName:App.AppX4qs51dybty2brt57cnxbh1cyc25fernm.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wlidsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s gpsvc
C:\Windows\System32\smartscreen.exe -Embedding
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
"C:\WINDOWS\System32\Taskmgr.exe" /2
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\AUDIODG.EXE 0x5ec
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
"C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe" /ua /installsource core
"C:\Users\tomas\Desktop\RSITx64(1).exe"

======Scheduled tasks folder======

C:\WINDOWS\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
C:\WINDOWS\tasks\DropboxUpdateTaskMachineUA.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\WpsExternal_20161114022915.job - C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe /wpscloudlaunch /wpsexternal /from=task
C:\WINDOWS\tasks\WpsKtpcntrQingTask_Administrator.job - C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\ktpcntr.exe qing 10.1.0.5644 xxx server_url="http://kdl1.cache.wps.com/ksodl/wpscfg/ ... ubble.html" ic_server_url="http://info.kingsoftstore.com/wpsv6internet/infos.ads"

=========Mozilla firefox=========

ProfilePath - C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\vn3e3t3r.default

prefs.js - "browser.startup.homepage" - "google.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 30.0.0.113 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_113.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 30.0.0.113 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_113.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.161.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.161.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-03-09 573504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-09 236608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-04-27 149168]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2018-04-12 638872]
"WindowsDefender"=C:\Program Files\Windows Defender\MSASCuiL.exe [2018-04-12 638872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\tomas\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2018-05-03 1624224]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2018-04-03 3199776]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2018-05-24 18364648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart #0"=C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe [2017-07-03 1049608]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-12-19 587800]
"Dropbox"=C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [2018-06-18 3752768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2018-06-20 16:03:58 ----D---- C:\rsit
2018-06-20 16:03:58 ----D---- C:\Program Files\trend micro
2018-06-18 12:23:28 ----A---- C:\WINDOWS\system32\drivers\dbx-stable.sys
2018-06-18 12:23:28 ----A---- C:\WINDOWS\system32\drivers\dbx-dev.sys
2018-06-18 12:23:28 ----A---- C:\WINDOWS\system32\drivers\dbx-canary.sys
2018-06-18 12:23:28 ----A---- C:\WINDOWS\system32\DbxSvc.exe
2018-06-18 02:08:19 ----D---- C:\ProgramData\Bitdefender
2018-06-18 02:05:53 ----D---- C:\Users\tomas\AppData\Roaming\QuickScan
2018-06-18 02:04:24 ----D---- C:\Program Files\Bitdefender Antivirus Free
2018-06-18 02:00:57 ----D---- C:\ProgramData\Bitdefender Agent
2018-06-18 02:00:57 ----D---- C:\Program Files\Bitdefender Agent
2018-06-18 01:59:50 ----D---- C:\Program Files\Common Files\DESIGNER
2018-06-18 01:37:44 ----D---- C:\ProgramData\HitmanPro
2018-06-17 23:52:24 ----HD---- C:\ProgramData\Common Files
2018-06-17 23:51:49 ----D---- C:\Program Files\Common Files\AVG
2018-06-17 23:49:49 ----D---- C:\ProgramData\AVG
2018-06-16 14:59:05 ----D---- C:\Program Files\Common Files\AVAST Software
2018-06-16 14:55:58 ----D---- C:\ProgramData\AVAST Software
2018-06-16 13:28:05 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2018-06-15 11:58:15 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2018-06-15 11:58:15 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-06-15 11:58:13 ----A---- C:\WINDOWS\system32\edgehtml.dll
2018-06-15 11:58:12 ----A---- C:\WINDOWS\system32\mshtml.dll
2018-06-15 11:58:12 ----A---- C:\WINDOWS\system32\Hydrogen.dll
2018-06-15 11:58:10 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-06-15 11:58:07 ----A---- C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-06-15 11:58:07 ----A---- C:\WINDOWS\system32\sppsvc.exe
2018-06-15 11:58:06 ----A---- C:\WINDOWS\system32\windows.storage.dll
2018-06-15 11:58:06 ----A---- C:\WINDOWS\system32\shell32.dll
2018-06-15 11:58:05 ----A---- C:\WINDOWS\SYSWOW64\Windows.Data.Pdf.dll
2018-06-15 11:58:05 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2018-06-15 11:58:03 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2018-06-15 11:58:03 ----A---- C:\WINDOWS\system32\tquery.dll
2018-06-15 11:58:02 ----A---- C:\WINDOWS\system32\Chakra.dll
2018-06-15 11:58:02 ----A---- C:\WINDOWS\system32\d3d10warp.dll
2018-06-15 11:58:02 ----A---- C:\WINDOWS\system32\cdp.dll
2018-06-15 11:58:01 ----A---- C:\WINDOWS\SYSWOW64\msmpeg2vdec.dll
2018-06-15 11:58:01 ----A---- C:\WINDOWS\system32\WebRuntimeManager.dll
2018-06-15 11:58:01 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2018-06-15 11:58:01 ----A---- C:\WINDOWS\system32\msmpeg2vdec.dll
2018-06-15 11:58:01 ----A---- C:\WINDOWS\system32\msmpeg2adec.dll
2018-06-15 11:58:01 ----A---- C:\WINDOWS\system32\ieframe.dll
2018-06-15 11:58:01 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-06-15 11:58:00 ----A---- C:\WINDOWS\SYSWOW64\msmpeg2adec.dll
2018-06-15 11:58:00 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2018-06-15 11:58:00 ----A---- C:\WINDOWS\system32\Windows.UI.Logon.dll
2018-06-15 11:58:00 ----A---- C:\WINDOWS\system32\EdgeContent.dll
2018-06-15 11:57:59 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Xaml.dll
2018-06-15 11:57:59 ----A---- C:\WINDOWS\system32\jscript9.dll
2018-06-15 11:57:58 ----A---- C:\WINDOWS\SYSWOW64\Windows.ApplicationModel.Store.dll
2018-06-15 11:57:58 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2018-06-15 11:57:58 ----A---- C:\WINDOWS\SYSWOW64\mfasfsrcsnk.dll
2018-06-15 11:57:58 ----A---- C:\WINDOWS\system32\mfnetsrc.dll
2018-06-15 11:57:57 ----A---- C:\WINDOWS\system32\Windows.Mirage.dll
2018-06-15 11:57:57 ----A---- C:\WINDOWS\system32\Windows.Media.dll
2018-06-15 11:57:57 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-06-15 11:57:57 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-06-15 11:57:56 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2018-06-15 11:57:56 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2018-06-15 11:57:56 ----A---- C:\WINDOWS\system32\win32kfull.sys
2018-06-15 11:57:56 ----A---- C:\WINDOWS\system32\combase.dll
2018-06-15 11:57:55 ----A---- C:\WINDOWS\system32\OpcServices.dll
2018-06-15 11:57:55 ----A---- C:\WINDOWS\system32\mfcore.dll
2018-06-15 11:57:55 ----A---- C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-06-15 11:57:55 ----A---- C:\WINDOWS\system32\CoreUIComponents.dll
2018-06-15 11:57:54 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.dll
2018-06-15 11:57:54 ----A---- C:\WINDOWS\system32\wlidsvc.dll
2018-06-15 11:57:54 ----A---- C:\WINDOWS\system32\mfreadwrite.dll
2018-06-15 11:57:53 ----A---- C:\WINDOWS\SYSWOW64\windows.storage.dll
2018-06-15 11:57:53 ----A---- C:\WINDOWS\SYSWOW64\mfnetsrc.dll
2018-06-15 11:57:53 ----A---- C:\WINDOWS\system32\wpnapps.dll
2018-06-15 11:57:52 ----A---- C:\WINDOWS\system32\CoreShell.dll
2018-06-15 11:57:52 ----A---- C:\WINDOWS\system32\comsvcs.dll
2018-06-15 11:57:52 ----A---- C:\WINDOWS\system32\bisrv.dll
2018-06-15 11:57:51 ----A---- C:\WINDOWS\SYSWOW64\wpnapps.dll
2018-06-15 11:57:51 ----A---- C:\WINDOWS\system32\WMVCORE.DLL
2018-06-15 11:57:51 ----A---- C:\WINDOWS\system32\wininet.dll
2018-06-15 11:57:51 ----A---- C:\WINDOWS\system32\Windows.StateRepository.dll
2018-06-15 11:57:51 ----A---- C:\WINDOWS\system32\twinapi.appcore.dll
2018-06-15 11:57:51 ----A---- C:\WINDOWS\system32\d3d11.dll
2018-06-15 11:57:50 ----A---- C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2018-06-15 11:57:50 ----A---- C:\WINDOWS\system32\uDWM.dll
2018-06-15 11:57:50 ----A---- C:\WINDOWS\system32\dwmcore.dll
2018-06-15 11:57:50 ----A---- C:\WINDOWS\system32\d2d1.dll
2018-06-15 11:57:49 ----A---- C:\WINDOWS\system32\KernelBase.dll
2018-06-15 11:57:49 ----A---- C:\WINDOWS\system32\HoloSI.PCShell.dll
2018-06-15 11:57:49 ----A---- C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-06-15 11:57:48 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepository.dll
2018-06-15 11:57:48 ----A---- C:\WINDOWS\SYSWOW64\tquery.dll
2018-06-15 11:57:48 ----A---- C:\WINDOWS\SYSWOW64\mfmpeg2srcsnk.dll
2018-06-15 11:57:48 ----A---- C:\WINDOWS\SYSWOW64\d3d11.dll
2018-06-15 11:57:48 ----A---- C:\WINDOWS\SYSWOW64\combase.dll
2018-06-15 11:57:48 ----A---- C:\WINDOWS\system32\msxml6.dll
2018-06-15 11:57:48 ----A---- C:\WINDOWS\system32\iertutil.dll
2018-06-15 11:57:48 ----A---- C:\WINDOWS\system32\d3d9.dll
2018-06-15 11:57:48 ----A---- C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-06-15 11:57:47 ----A---- C:\WINDOWS\SYSWOW64\Windows.Mirage.dll
2018-06-15 11:57:47 ----A---- C:\WINDOWS\SYSWOW64\dwmcore.dll
2018-06-15 11:57:47 ----A---- C:\WINDOWS\system32\MFMediaEngine.dll
2018-06-15 11:57:47 ----A---- C:\WINDOWS\system32\audiosrv.dll
2018-06-15 11:57:46 ----A---- C:\WINDOWS\SYSWOW64\MSAudDecMFT.dll
2018-06-15 11:57:46 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2018-06-15 11:57:46 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2018-06-15 11:57:46 ----A---- C:\WINDOWS\system32\SndVolSSO.dll
2018-06-15 11:57:46 ----A---- C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-06-15 11:57:45 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2018-06-15 11:57:45 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2018-06-15 11:57:45 ----A---- C:\WINDOWS\SYSWOW64\d3d10warp.dll
2018-06-15 11:57:45 ----A---- C:\WINDOWS\SYSWOW64\d2d1.dll
2018-06-15 11:57:45 ----A---- C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-06-15 11:57:45 ----A---- C:\WINDOWS\system32\urlmon.dll
2018-06-15 11:57:44 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2018-06-15 11:57:44 ----A---- C:\WINDOWS\system32\wevtsvc.dll
2018-06-15 11:57:43 ----A---- C:\WINDOWS\SYSWOW64\msxml6.dll
2018-06-15 11:57:43 ----A---- C:\WINDOWS\system32\MSAudDecMFT.dll
2018-06-15 11:57:42 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2018-06-15 11:57:42 ----A---- C:\WINDOWS\SYSWOW64\twinapi.appcore.dll
2018-06-15 11:57:42 ----A---- C:\WINDOWS\system32\usocore.dll
2018-06-15 11:57:42 ----A---- C:\WINDOWS\system32\UpdateAgent.dll
2018-06-15 11:57:42 ----A---- C:\WINDOWS\system32\UIRibbon.dll
2018-06-15 11:57:42 ----A---- C:\WINDOWS\system32\UIAutomationCore.dll
2018-06-15 11:57:42 ----A---- C:\WINDOWS\system32\TokenBroker.dll
2018-06-15 11:57:42 ----A---- C:\WINDOWS\system32\rasapi32.dll
2018-06-15 11:57:42 ----A---- C:\WINDOWS\system32\D3D12.dll
2018-06-15 11:57:42 ----A---- C:\WINDOWS\system32\bcastdvruserservice.dll
2018-06-15 11:57:42 ----A---- C:\WINDOWS\system32\AudioSes.dll
2018-06-15 11:57:41 ----A---- C:\WINDOWS\SYSWOW64\UIRibbon.dll
2018-06-15 11:57:41 ----A---- C:\WINDOWS\SYSWOW64\MSVPXENC.dll
2018-06-15 11:57:41 ----A---- C:\WINDOWS\SYSWOW64\CoreUIComponents.dll
2018-06-15 11:57:41 ----A---- C:\WINDOWS\system32\webplatstorageserver.dll
2018-06-15 11:57:41 ----A---- C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-06-15 11:57:41 ----A---- C:\WINDOWS\system32\mf.dll
2018-06-15 11:57:41 ----A---- C:\WINDOWS\system32\InstallService.dll
2018-06-15 11:57:41 ----A---- C:\WINDOWS\system32\DolbyDecMFT.dll
2018-06-15 11:57:40 ----A---- C:\WINDOWS\SYSWOW64\mfmp4srcsnk.dll
2018-06-15 11:57:40 ----A---- C:\WINDOWS\SYSWOW64\MFMediaEngine.dll
2018-06-15 11:57:40 ----A---- C:\WINDOWS\system32\ntdll.dll
2018-06-15 11:57:40 ----A---- C:\WINDOWS\system32\msftedit.dll
2018-06-15 11:57:40 ----A---- C:\WINDOWS\system32\EdgeManager.dll
2018-06-15 11:57:40 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2018-06-15 11:57:40 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-06-15 11:57:39 ----A---- C:\WINDOWS\SYSWOW64\propsys.dll
2018-06-15 11:57:39 ----A---- C:\WINDOWS\system32\jscript.dll
2018-06-15 11:57:39 ----A---- C:\WINDOWS\system32\ISM.dll
2018-06-15 11:57:39 ----A---- C:\WINDOWS\system32\dxgi.dll
2018-06-15 11:57:39 ----A---- C:\WINDOWS\system32\DolbyHrtfEnc.dll
2018-06-15 11:57:39 ----A---- C:\WINDOWS\system32\daxexec.dll
2018-06-15 11:57:39 ----A---- C:\WINDOWS\system32\AppReadiness.dll
2018-06-15 11:57:38 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2018-06-15 11:57:38 ----A---- C:\WINDOWS\SYSWOW64\SndVolSSO.dll
2018-06-15 11:57:38 ----A---- C:\WINDOWS\SYSWOW64\msftedit.dll
2018-06-15 11:57:38 ----A---- C:\WINDOWS\SYSWOW64\d3d9.dll
2018-06-15 11:57:38 ----A---- C:\WINDOWS\SYSWOW64\D3D12.dll
2018-06-15 11:57:38 ----A---- C:\WINDOWS\SYSWOW64\cdp.dll
2018-06-15 11:57:38 ----A---- C:\WINDOWS\system32\mfsvr.dll
2018-06-15 11:57:38 ----A---- C:\WINDOWS\system32\MbaeApiPublic.dll
2018-06-15 11:57:38 ----A---- C:\WINDOWS\system32\AudioEng.dll
2018-06-15 11:57:37 ----A---- C:\WINDOWS\SYSWOW64\mfreadwrite.dll
2018-06-15 11:57:37 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2018-06-15 11:57:37 ----A---- C:\WINDOWS\SYSWOW64\AudioSes.dll
2018-06-15 11:57:37 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2018-06-15 11:57:37 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-06-15 11:57:37 ----A---- C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-06-15 11:57:37 ----A---- C:\WINDOWS\system32\win32kbase.sys
2018-06-15 11:57:37 ----A---- C:\WINDOWS\system32\SettingSyncCore.dll
2018-06-15 11:57:37 ----A---- C:\WINDOWS\system32\rpcss.dll
2018-06-15 11:57:37 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2018-06-15 11:57:37 ----A---- C:\WINDOWS\system32\propsys.dll
2018-06-15 11:57:37 ----A---- C:\WINDOWS\system32\gdi32full.dll
2018-06-15 11:57:36 ----A---- C:\WINDOWS\SYSWOW64\WMVCORE.DLL
2018-06-15 11:57:36 ----A---- C:\WINDOWS\SYSWOW64\AudioEng.dll
2018-06-15 11:57:36 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-06-15 11:57:36 ----A---- C:\WINDOWS\system32\audiodg.exe
2018-06-15 11:57:35 ----A---- C:\WINDOWS\SYSWOW64\mf.dll
2018-06-15 11:57:35 ----A---- C:\WINDOWS\system32\wuaueng.dll
2018-06-15 11:57:35 ----A---- C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-06-15 11:57:35 ----A---- C:\WINDOWS\system32\StorSvc.dll
2018-06-15 11:57:35 ----A---- C:\WINDOWS\system32\Spectrum.exe
2018-06-15 11:57:35 ----A---- C:\WINDOWS\system32\dui70.dll
2018-06-15 11:57:34 ----A---- C:\WINDOWS\SYSWOW64\SettingSyncCore.dll
2018-06-15 11:57:34 ----A---- C:\WINDOWS\SYSWOW64\AcGenral.dll
2018-06-15 11:57:34 ----A---- C:\WINDOWS\system32\XpsPrint.dll
2018-06-15 11:57:34 ----A---- C:\WINDOWS\system32\wintrust.dll
2018-06-15 11:57:34 ----A---- C:\WINDOWS\system32\mfds.dll
2018-06-15 11:57:34 ----A---- C:\WINDOWS\system32\esent.dll
2018-06-15 11:57:34 ----A---- C:\WINDOWS\system32\edgeIso.dll
2018-06-15 11:57:34 ----A---- C:\WINDOWS\system32\drivers\srvnet.sys
2018-06-15 11:57:34 ----A---- C:\WINDOWS\system32\DolbyMATEnc.dll
2018-06-15 11:57:34 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-06-15 11:57:34 ----A---- C:\WINDOWS\system32\AcGenral.dll
2018-06-15 11:57:33 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Xaml.Maps.dll
2018-06-15 11:57:33 ----A---- C:\WINDOWS\SYSWOW64\UIAutomationCore.dll
2018-06-15 11:57:33 ----A---- C:\WINDOWS\system32\WinTypes.dll
2018-06-15 11:57:33 ----A---- C:\WINDOWS\system32\winload.exe
2018-06-15 11:57:33 ----A---- C:\WINDOWS\system32\webservices.dll
2018-06-15 11:57:33 ----A---- C:\WINDOWS\system32\MSVPXENC.dll
2018-06-15 11:57:33 ----A---- C:\WINDOWS\system32\MSVP9DEC.dll
2018-06-15 11:57:33 ----A---- C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-06-15 11:57:33 ----A---- C:\WINDOWS\system32\ActivationManager.dll
2018-06-15 11:57:32 ----A---- C:\WINDOWS\SYSWOW64\WMVDECOD.DLL
2018-06-15 11:57:32 ----A---- C:\WINDOWS\SYSWOW64\rpcrt4.dll
2018-06-15 11:57:32 ----A---- C:\WINDOWS\SYSWOW64\mfsvr.dll
2018-06-15 11:57:32 ----A---- C:\WINDOWS\SYSWOW64\mfds.dll
2018-06-15 11:57:32 ----A---- C:\WINDOWS\SYSWOW64\DolbyDecMFT.dll
2018-06-15 11:57:32 ----A---- C:\WINDOWS\SYSWOW64\AppXDeploymentClient.dll
2018-06-15 11:57:32 ----A---- C:\WINDOWS\system32\WpcWebFilter.dll
2018-06-15 11:57:32 ----A---- C:\WINDOWS\system32\SHCore.dll
2018-06-15 11:57:32 ----A---- C:\WINDOWS\system32\msvproc.dll
2018-06-15 11:57:32 ----A---- C:\WINDOWS\system32\MSMPEG2ENC.DLL
2018-06-15 11:57:32 ----A---- C:\WINDOWS\system32\drivers\ntfs.sys
2018-06-15 11:57:32 ----A---- C:\WINDOWS\system32\ci.dll
2018-06-15 11:57:31 ----A---- C:\WINDOWS\system32\winresume.exe
2018-06-15 11:57:30 ----A---- C:\WINDOWS\SYSWOW64\webservices.dll
2018-06-15 11:57:30 ----A---- C:\WINDOWS\SYSWOW64\TokenBroker.dll
2018-06-15 11:57:30 ----A---- C:\WINDOWS\SYSWOW64\SHCore.dll
2018-06-15 11:57:30 ----A---- C:\WINDOWS\system32\ReAgent.dll
2018-06-15 11:57:30 ----A---- C:\WINDOWS\system32\LicensingWinRT.dll
2018-06-15 11:57:30 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2018-06-15 11:57:30 ----A---- C:\WINDOWS\system32\hvix64.exe
2018-06-15 11:57:30 ----A---- C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-06-15 11:57:30 ----A---- C:\WINDOWS\system32\CPFilters.dll
2018-06-15 11:57:30 ----A---- C:\WINDOWS\system32\AppHostRegistrationVerifier.exe
2018-06-15 11:57:29 ----A---- C:\WINDOWS\SYSWOW64\WinTypes.dll
2018-06-15 11:57:29 ----A---- C:\WINDOWS\SYSWOW64\wintrust.dll
2018-06-15 11:57:29 ----A---- C:\WINDOWS\SYSWOW64\gdi32full.dll
2018-06-15 11:57:29 ----A---- C:\WINDOWS\SYSWOW64\dxgi.dll
2018-06-15 11:57:29 ----A---- C:\WINDOWS\SYSWOW64\dui70.dll
2018-06-15 11:57:29 ----A---- C:\WINDOWS\SYSWOW64\daxexec.dll
2018-06-15 11:57:29 ----A---- C:\WINDOWS\SYSWOW64\CPFilters.dll
2018-06-15 11:57:29 ----A---- C:\WINDOWS\system32\wevtutil.exe
2018-06-15 11:57:29 ----A---- C:\WINDOWS\system32\TSWorkspace.dll
2018-06-15 11:57:29 ----A---- C:\WINDOWS\system32\TelephonyInteractiveUser.dll
2018-06-15 11:57:29 ----A---- C:\WINDOWS\system32\tcblaunch.exe
2018-06-15 11:57:29 ----A---- C:\WINDOWS\system32\systemreset.exe
2018-06-15 11:57:29 ----A---- C:\WINDOWS\system32\RTMediaFrame.dll
2018-06-15 11:57:29 ----A---- C:\WINDOWS\system32\msdtctm.dll
2018-06-15 11:57:29 ----A---- C:\WINDOWS\system32\modernexecserver.dll
2018-06-15 11:57:29 ----A---- C:\WINDOWS\system32\hvax64.exe
2018-06-15 11:57:29 ----A---- C:\WINDOWS\system32\drivers\crashdmp.sys
2018-06-15 11:57:29 ----A---- C:\WINDOWS\system32\dafWfdProvider.dll
2018-06-15 11:57:29 ----A---- C:\WINDOWS\system32\credprovs.dll
2018-06-15 11:57:29 ----A---- C:\WINDOWS\system32\browserbroker.dll
2018-06-15 11:57:29 ----A---- C:\WINDOWS\system32\acmigration.dll
2018-06-15 11:57:28 ----RSH---- C:\WINDOWS\fonts\StaticCache.dat
2018-06-15 11:57:28 ----A---- C:\WINDOWS\SYSWOW64\ReAgent.dll
2018-06-15 11:57:28 ----A---- C:\WINDOWS\SYSWOW64\rasapi32.dll
2018-06-15 11:57:28 ----A---- C:\WINDOWS\SYSWOW64\MSVP9DEC.dll
2018-06-15 11:57:28 ----A---- C:\WINDOWS\SYSWOW64\InstallService.dll
2018-06-15 11:57:28 ----A---- C:\WINDOWS\SYSWOW64\bcryptprimitives.dll
2018-06-15 11:57:28 ----A---- C:\WINDOWS\system32\SppExtComObj.Exe
2018-06-15 11:57:28 ----A---- C:\WINDOWS\system32\LanguageOverlayUtil.dll
2018-06-15 11:57:28 ----A---- C:\WINDOWS\system32\FlightSettings.dll
2018-06-15 11:57:28 ----A---- C:\WINDOWS\system32\DXP.dll
2018-06-15 11:57:28 ----A---- C:\WINDOWS\system32\drivers\stornvme.sys
2018-06-15 11:57:27 ----A---- C:\WINDOWS\SYSWOW64\UserDataTimeUtil.dll
2018-06-15 11:57:27 ----A---- C:\WINDOWS\SYSWOW64\credprovs.dll
2018-06-15 11:57:27 ----A---- C:\WINDOWS\system32\rasplap.dll
2018-06-15 11:57:27 ----A---- C:\WINDOWS\system32\FrameServer.dll
2018-06-15 11:57:27 ----A---- C:\WINDOWS\system32\drivers\USBHUB3.SYS
2018-06-15 11:57:27 ----A---- C:\WINDOWS\system32\drivers\http.sys
2018-06-15 11:57:26 ----A---- C:\WINDOWS\SYSWOW64\Windows.Networking.Vpn.dll
2018-06-15 11:57:25 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Streaming.dll
2018-06-15 11:57:24 ----A---- C:\WINDOWS\SYSWOW64\WpcWebFilter.dll
2018-06-15 11:57:24 ----A---- C:\WINDOWS\SYSWOW64\Windows.Web.dll
2018-06-15 11:57:24 ----A---- C:\WINDOWS\SYSWOW64\msvproc.dll
2018-06-15 11:57:24 ----A---- C:\WINDOWS\SYSWOW64\LanguageOverlayUtil.dll
2018-06-15 11:57:24 ----A---- C:\WINDOWS\system32\skci.dll
2018-06-15 11:57:24 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2018-06-15 11:57:24 ----A---- C:\WINDOWS\system32\MSPhotography.dll
2018-06-15 11:57:24 ----A---- C:\WINDOWS\system32\mfsensorgroup.dll
2018-06-15 11:57:24 ----A---- C:\WINDOWS\system32\drivers\msrpc.sys
2018-06-15 11:57:23 ----A---- C:\WINDOWS\SYSWOW64\Windows.Mirage.Internal.dll
2018-06-15 11:57:23 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-06-15 11:57:23 ----A---- C:\WINDOWS\SYSWOW64\wimgapi.dll
2018-06-15 11:57:23 ----A---- C:\WINDOWS\SYSWOW64\webplatstorageserver.dll
2018-06-15 11:57:23 ----A---- C:\WINDOWS\SYSWOW64\kernel.appcore.dll
2018-06-15 11:57:23 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2018-06-15 11:57:23 ----A---- C:\WINDOWS\SYSWOW64\EdgeManager.dll
2018-06-15 11:57:23 ----A---- C:\WINDOWS\SYSWOW64\edgeIso.dll
2018-06-15 11:57:23 ----A---- C:\WINDOWS\SYSWOW64\CoreMessaging.dll
2018-06-15 11:57:23 ----A---- C:\WINDOWS\system32\WMVDECOD.DLL
2018-06-15 11:57:23 ----A---- C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-06-15 11:57:23 ----A---- C:\WINDOWS\system32\wimserv.exe
2018-06-15 11:57:23 ----A---- C:\WINDOWS\system32\wimgapi.dll
2018-06-15 11:57:23 ----A---- C:\WINDOWS\system32\vertdll.dll
2018-06-15 11:57:23 ----A---- C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-06-15 11:57:23 ----A---- C:\WINDOWS\system32\reseteng.dll
2018-06-15 11:57:23 ----A---- C:\WINDOWS\system32\msfeeds.dll
2018-06-15 11:57:23 ----A---- C:\WINDOWS\system32\mfps.dll
2018-06-15 11:57:23 ----A---- C:\WINDOWS\system32\mfplat.dll
2018-06-15 11:57:23 ----A---- C:\WINDOWS\system32\mfmkvsrcsnk.dll
2018-06-15 11:57:23 ----A---- C:\WINDOWS\system32\kernel.appcore.dll
2018-06-15 11:57:23 ----A---- C:\WINDOWS\system32\HoloShellRuntime.dll
2018-06-15 11:57:23 ----A---- C:\WINDOWS\system32\GenValObj.exe
2018-06-15 11:57:23 ----A---- C:\WINDOWS\system32\drivers\wfplwfs.sys
2018-06-15 11:57:23 ----A---- C:\WINDOWS\system32\drivers\vhdmp.sys
2018-06-15 11:57:23 ----A---- C:\WINDOWS\system32\drivers\hvsocket.sys
2018-06-15 11:57:22 ----A---- C:\WINDOWS\SYSWOW64\XpsPrint.dll
2018-06-15 11:57:22 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepositoryPS.dll
2018-06-15 11:57:22 ----A---- C:\WINDOWS\SYSWOW64\RTMediaFrame.dll
2018-06-15 11:57:22 ----A---- C:\WINDOWS\SYSWOW64\rmclient.dll
2018-06-15 11:57:22 ----A---- C:\WINDOWS\SYSWOW64\mstsc.exe
2018-06-15 11:57:22 ----A---- C:\WINDOWS\SYSWOW64\mfplat.dll
2018-06-15 11:57:22 ----A---- C:\WINDOWS\SYSWOW64\mfmkvsrcsnk.dll
2018-06-15 11:57:22 ----A---- C:\WINDOWS\SYSWOW64\LicensingWinRT.dll
2018-06-15 11:57:22 ----A---- C:\WINDOWS\SYSWOW64\bcrypt.dll
2018-06-15 11:57:22 ----A---- C:\WINDOWS\SYSWOW64\ActivationManager.dll
2018-06-15 11:57:22 ----A---- C:\WINDOWS\system32\Windows.Web.dll
2018-06-15 11:57:22 ----A---- C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-06-15 11:57:22 ----A---- C:\WINDOWS\system32\StateRepository.Core.dll
2018-06-15 11:57:22 ----A---- C:\WINDOWS\system32\SgrmEnclave.dll
2018-06-15 11:57:22 ----A---- C:\WINDOWS\system32\rmclient.dll
2018-06-15 11:57:22 ----A---- C:\WINDOWS\system32\rdpudd.dll
2018-06-15 11:57:22 ----A---- C:\WINDOWS\system32\Phoneutil.dll
2018-06-15 11:57:22 ----A---- C:\WINDOWS\system32\mstsc.exe
2018-06-15 11:57:22 ----A---- C:\WINDOWS\system32\hvloader.dll
2018-06-15 11:57:22 ----A---- C:\WINDOWS\system32\drivers\uefi.sys
2018-06-15 11:57:22 ----A---- C:\WINDOWS\system32\drivers\refsv1.sys
2018-06-15 11:57:22 ----A---- C:\WINDOWS\system32\drivers\refs.sys
2018-06-15 11:57:22 ----A---- C:\WINDOWS\system32\drivers\ksecpkg.sys
2018-06-15 11:57:22 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2018-06-15 11:57:22 ----A---- C:\WINDOWS\system32\CoreMessaging.dll
2018-06-15 11:57:22 ----A---- C:\WINDOWS\system32\CompPkgSup.dll
2018-06-15 11:57:22 ----A---- C:\WINDOWS\system32\ClipUp.exe
2018-06-15 11:57:22 ----A---- C:\WINDOWS\system32\AUDIOKSE.dll
2018-06-15 11:57:21 ----A---- C:\WINDOWS\SYSWOW64\wlidcredprov.dll
2018-06-15 11:57:21 ----A---- C:\WINDOWS\SYSWOW64\Windows.Security.Authentication.Web.Core.dll
2018-06-15 11:57:21 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Playback.MediaPlayer.dll
2018-06-15 11:57:21 ----A---- C:\WINDOWS\SYSWOW64\TSWorkspace.dll
2018-06-15 11:57:21 ----A---- C:\WINDOWS\SYSWOW64\rasdlg.dll
2018-06-15 11:57:21 ----A---- C:\WINDOWS\SYSWOW64\Phoneutil.dll
2018-06-15 11:57:21 ----A---- C:\WINDOWS\SYSWOW64\MSMPEG2ENC.DLL
2018-06-15 11:57:21 ----A---- C:\WINDOWS\SYSWOW64\FSClient.dll
2018-06-15 11:57:21 ----A---- C:\WINDOWS\SYSWOW64\FlightSettings.dll
2018-06-15 11:57:21 ----A---- C:\WINDOWS\SYSWOW64\CompPkgSup.dll
2018-06-15 11:57:21 ----A---- C:\WINDOWS\system32\wuuhosdeployment.dll
2018-06-15 11:57:21 ----A---- C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-06-15 11:57:21 ----A---- C:\WINDOWS\system32\Windows.CloudStore.dll
2018-06-15 11:57:21 ----A---- C:\WINDOWS\system32\wbiosrvc.dll
2018-06-15 11:57:21 ----A---- C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-06-15 11:57:21 ----A---- C:\WINDOWS\system32\rasmans.dll
2018-06-15 11:57:21 ----A---- C:\WINDOWS\system32\rasdlg.dll
2018-06-15 11:57:21 ----A---- C:\WINDOWS\system32\MSVideoDSP.dll
2018-06-15 11:57:21 ----A---- C:\WINDOWS\system32\MBR2GPT.EXE
2018-06-15 11:57:21 ----A---- C:\WINDOWS\system32\FSClient.dll
2018-06-15 11:57:21 ----A---- C:\WINDOWS\system32\drivers\Ucx01000.sys
2018-06-15 11:57:21 ----A---- C:\WINDOWS\system32\drivers\mskssrv.sys
2018-06-15 11:57:21 ----A---- C:\WINDOWS\system32\drivers\ks.sys
2018-06-15 11:57:21 ----A---- C:\WINDOWS\system32\drivers\hidparse.sys
2018-06-15 11:57:21 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2018-06-15 11:57:21 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2018-06-15 11:57:21 ----A---- C:\WINDOWS\system32\browserexport.exe
2018-06-15 11:57:21 ----A---- C:\WINDOWS\system32\BootMenuUX.dll
2018-06-15 11:57:21 ----A---- C:\WINDOWS\system32\bcrypt.dll
2018-06-15 11:57:20 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepositoryUpgrade.dll
2018-06-15 11:57:20 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.MixedRealityCapture.dll
2018-06-15 11:57:20 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.BackgroundMediaPlayback.dll
2018-06-15 11:57:20 ----A---- C:\WINDOWS\SYSWOW64\wevtutil.exe
2018-06-15 11:57:20 ----A---- C:\WINDOWS\SYSWOW64\srms-apr.dat
2018-06-15 11:57:20 ----A---- C:\WINDOWS\SYSWOW64\rasplap.dll
2018-06-15 11:57:20 ----A---- C:\WINDOWS\SYSWOW64\MSPhotography.dll
2018-06-15 11:57:20 ----A---- C:\WINDOWS\SYSWOW64\msIso.dll
2018-06-15 11:57:20 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2018-06-15 11:57:20 ----A---- C:\WINDOWS\SYSWOW64\msexcl40.dll
2018-06-15 11:57:20 ----A---- C:\WINDOWS\SYSWOW64\msdt.exe
2018-06-15 11:57:20 ----A---- C:\WINDOWS\SYSWOW64\MSAC3ENC.DLL
2018-06-15 11:57:20 ----A---- C:\WINDOWS\SYSWOW64\InstallServiceTasks.dll
2018-06-15 11:57:20 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2018-06-15 11:57:20 ----A---- C:\WINDOWS\SYSWOW64\dbgeng.dll
2018-06-15 11:57:20 ----A---- C:\WINDOWS\system32\wuuhext.dll
2018-06-15 11:57:20 ----A---- C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-06-15 11:57:20 ----A---- C:\WINDOWS\system32\Windows.Globalization.PhoneNumberFormatting.dll
2018-06-15 11:57:20 ----A---- C:\WINDOWS\system32\TDLMigration.dll
2018-06-15 11:57:20 ----A---- C:\WINDOWS\system32\srms-apr.dat
2018-06-15 11:57:20 ----A---- C:\WINDOWS\system32\sppcext.dll
2018-06-15 11:57:20 ----A---- C:\WINDOWS\system32\MDEServer.exe
2018-06-15 11:57:20 ----A---- C:\WINDOWS\system32\InstallServiceTasks.dll
2018-06-15 11:57:20 ----A---- C:\WINDOWS\system32\easwrt.dll
2018-06-15 11:57:20 ----A---- C:\WINDOWS\system32\drivers\WdiWiFi.sys
2018-06-15 11:57:20 ----A---- C:\WINDOWS\system32\drivers\mrxdav.sys
2018-06-15 11:57:20 ----A---- C:\WINDOWS\system32\dbgeng.dll
2018-06-15 11:57:20 ----A---- C:\WINDOWS\system32\BitLockerCsp.dll
2018-06-15 11:57:20 ----A---- C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-06-15 11:57:19 ----A---- C:\WINDOWS\SYSWOW64\wincorlib.dll
2018-06-15 11:57:19 ----A---- C:\WINDOWS\SYSWOW64\TokenBrokerCookies.exe
2018-06-15 11:57:19 ----A---- C:\WINDOWS\SYSWOW64\tbauth.dll
2018-06-15 11:57:19 ----A---- C:\WINDOWS\SYSWOW64\OpcServices.dll
2018-06-15 11:57:19 ----A---- C:\WINDOWS\SYSWOW64\MSHEIF.dll
2018-06-15 11:57:19 ----A---- C:\WINDOWS\SYSWOW64\ApiSetHost.AppExecutionAlias.dll
2018-06-15 11:57:19 ----A---- C:\WINDOWS\SYSWOW64\aadtb.dll
2018-06-15 11:57:19 ----A---- C:\WINDOWS\system32\wlidcredprov.dll
2018-06-15 11:57:19 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-06-15 11:57:19 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryCore.dll
2018-06-15 11:57:19 ----A---- C:\WINDOWS\system32\usoapi.dll
2018-06-15 11:57:19 ----A---- C:\WINDOWS\system32\UIRibbonRes.dll
2018-06-15 11:57:19 ----A---- C:\WINDOWS\system32\TokenBrokerCookies.exe
2018-06-15 11:57:19 ----A---- C:\WINDOWS\system32\tbauth.dll
2018-06-15 11:57:19 ----A---- C:\WINDOWS\system32\SIHClient.exe
2018-06-15 11:57:19 ----A---- C:\WINDOWS\system32\ResetEngine.dll
2018-06-15 11:57:19 ----A---- C:\WINDOWS\system32\rascustom.dll
2018-06-15 11:57:19 ----A---- C:\WINDOWS\system32\PhoneService.dll
2018-06-15 11:57:19 ----A---- C:\WINDOWS\system32\msi.dll
2018-06-15 11:57:19 ----A---- C:\WINDOWS\system32\MSHEIF.dll
2018-06-15 11:57:19 ----A---- C:\WINDOWS\system32\msdt.exe
2018-06-15 11:57:19 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2018-06-15 11:57:19 ----A---- C:\WINDOWS\system32\iemigplugin.dll
2018-06-15 11:57:19 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2018-06-15 11:57:19 ----A---- C:\WINDOWS\system32\Chakradiag.dll
2018-06-15 11:57:19 ----A---- C:\WINDOWS\system32\GamePanel.exe
2018-06-15 11:57:19 ----A---- C:\WINDOWS\system32\edpnotify.exe
2018-06-15 11:57:19 ----A---- C:\WINDOWS\system32\dssvc.dll
2018-06-15 11:57:19 ----A---- C:\WINDOWS\system32\drivers\mpsdrv.sys
2018-06-15 11:57:19 ----A---- C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2018-06-15 11:57:19 ----A---- C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-06-15 11:57:19 ----A---- C:\WINDOWS\system32\BFE.DLL
2018-06-15 11:57:19 ----A---- C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll
2018-06-15 11:57:19 ----A---- C:\WINDOWS\system32\aadtb.dll
2018-06-15 11:57:18 ----A---- C:\WINDOWS\SYSWOW64\tzres.dll
2018-06-15 11:57:18 ----A---- C:\WINDOWS\SYSWOW64\HoloShellRuntime.dll
2018-06-15 11:57:18 ----A---- C:\WINDOWS\system32\tzres.dll
2018-06-15 11:57:18 ----A---- C:\WINDOWS\system32\RasMediaManager.dll
2018-06-15 11:57:18 ----A---- C:\WINDOWS\system32\DHolographicDisplay.dll
2018-06-09 07:27:34 ----A---- C:\WINDOWS\SYSWOW64\DeleteFiles.cmd
2018-06-07 20:20:09 ----D---- C:\Program Files (x86)\Wizards of the Coast
2018-05-25 13:41:45 ----D---- C:\ProgramData\Microsoft OneDrive
2018-05-25 12:24:32 ----AS---- C:\WINDOWS\bootstat.dat
2018-05-25 12:23:51 ----D---- C:\WINDOWS\system32\Microsoft
2018-05-25 12:23:51 ----D---- C:\WINDOWS\ServiceProfiles
2018-05-25 12:21:53 ----A---- C:\WINDOWS\SYSWOW64\wmp.dll
2018-05-25 12:21:53 ----A---- C:\WINDOWS\SYSWOW64\VsGraphicsDesktopEngine.exe
2018-05-25 12:21:53 ----A---- C:\WINDOWS\system32\wmp.dll
2018-05-25 12:21:53 ----A---- C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2018-05-25 12:21:41 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2018-05-25 12:21:41 ----A---- C:\WINDOWS\SYSWOW64\mstscax.dll
2018-05-25 12:21:41 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2018-05-25 12:21:41 ----A---- C:\WINDOWS\SYSWOW64\itss.dll
2018-05-25 12:21:41 ----A---- C:\WINDOWS\SYSWOW64\comsvcs.dll
2018-05-25 12:21:41 ----A---- C:\WINDOWS\system32\Windows.Cortana.Analog.dll
2018-05-25 12:21:41 ----A---- C:\WINDOWS\system32\MixedReality.Broker.dll
2018-05-25 12:21:41 ----A---- C:\WINDOWS\system32\HologramCompositor.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\SYSWOW64\wuapi.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\SYSWOW64\WerFault.exe
2018-05-25 12:21:36 ----A---- C:\WINDOWS\SYSWOW64\wer.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\SYSWOW64\TSpkg.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\SYSWOW64\rdpbase.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\SYSWOW64\oleaut32.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\SYSWOW64\msxml3.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\SYSWOW64\credssp.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\SYSWOW64\AppxPackaging.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\system32\wuapi.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win8rtm.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win81.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs4.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs3.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs2.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs1.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\system32\WerFault.exe
2018-05-25 12:21:36 ----A---- C:\WINDOWS\system32\wer.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\system32\wcimage.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\system32\vbscript.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\system32\updatehandlers.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\system32\TSpkg.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\system32\SharedPCCSP.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\system32\securekernel.exe
2018-05-25 12:21:36 ----A---- C:\WINDOWS\system32\rdpnano.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\system32\rdpbase.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\system32\oleaut32.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\system32\msxml3.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\system32\mstscax.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\system32\mssprxy.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\system32\lsasrv.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\system32\itss.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2018-05-25 12:21:36 ----A---- C:\WINDOWS\system32\drivers\clfs.sys
2018-05-25 12:21:36 ----A---- C:\WINDOWS\system32\diagtrack.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\system32\dcntel.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\system32\credssp.dll
2018-05-25 12:21:36 ----A---- C:\WINDOWS\system32\AppxPackaging.dll
2018-05-25 12:18:32 ----A---- C:\WINDOWS\SYSWOW64\xpsrchvw.exe
2018-05-25 12:18:32 ----A---- C:\WINDOWS\SYSWOW64\XpsFilt.dll
2018-05-25 12:18:31 ----A---- C:\WINDOWS\SYSWOW64\XPSSHHDR.dll
2018-05-25 12:18:31 ----A---- C:\WINDOWS\system32\XPSSHHDR.dll
2018-05-25 12:18:31 ----A---- C:\WINDOWS\system32\xpsrchvw.exe
2018-05-25 12:18:31 ----A---- C:\WINDOWS\system32\XpsFilt.dll
2018-05-25 12:18:17 ----A---- C:\WINDOWS\SYSWOW64\VsGraphicsRemoteEngine.exe
2018-05-25 12:18:17 ----A---- C:\WINDOWS\SYSWOW64\VsGraphicsExperiment.dll
2018-05-25 12:18:17 ----A---- C:\WINDOWS\SYSWOW64\VsGraphicsCapture.dll
2018-05-25 12:18:17 ----A---- C:\WINDOWS\SYSWOW64\DXToolsReporting.dll
2018-05-25 12:18:17 ----A---- C:\WINDOWS\SYSWOW64\DXToolsOfflineAnalysis.dll
2018-05-25 12:18:17 ----A---- C:\WINDOWS\SYSWOW64\DXToolsMonitor.dll
2018-05-25 12:18:17 ----A---- C:\WINDOWS\SYSWOW64\DXCaptureReplay.dll
2018-05-25 12:18:17 ----A---- C:\WINDOWS\SYSWOW64\DXCap.exe
2018-05-25 12:18:16 ----A---- C:\WINDOWS\SYSWOW64\VsGraphicsProxyStub.dll
2018-05-25 12:18:16 ----A---- C:\WINDOWS\SYSWOW64\VSD3DWARPDebug.dll
2018-05-25 12:18:16 ----A---- C:\WINDOWS\SYSWOW64\perf_gputiming.dll
2018-05-25 12:18:16 ----A---- C:\WINDOWS\SYSWOW64\DxToolsReportGenerator.dll
2018-05-25 12:18:16 ----A---- C:\WINDOWS\SYSWOW64\DXGIDebug.dll
2018-05-25 12:18:16 ----A---- C:\WINDOWS\SYSWOW64\DXCpl.exe
2018-05-25 12:18:16 ----A---- C:\WINDOWS\SYSWOW64\d3d12SDKLayers.dll
2018-05-25 12:18:16 ----A---- C:\WINDOWS\SYSWOW64\d3d11_3SDKLayers.dll
2018-05-25 12:18:16 ----A---- C:\WINDOWS\SYSWOW64\d2d1debug3.dll
2018-05-25 12:18:16 ----A---- C:\WINDOWS\system32\VsGraphicsRemoteEngine.exe
2018-05-25 12:18:16 ----A---- C:\WINDOWS\system32\VsGraphicsProxyStub.dll
2018-05-25 12:18:16 ----A---- C:\WINDOWS\system32\VsGraphicsExperiment.dll
2018-05-25 12:18:16 ----A---- C:\WINDOWS\system32\VsGraphicsCapture.dll
2018-05-25 12:18:16 ----A---- C:\WINDOWS\system32\VSD3DWARPDebug.dll
2018-05-25 12:18:16 ----A---- C:\WINDOWS\system32\perf_gputiming.dll
2018-05-25 12:18:16 ----A---- C:\WINDOWS\system32\DXToolsReporting.dll
2018-05-25 12:18:16 ----A---- C:\WINDOWS\system32\DxToolsReportGenerator.dll
2018-05-25 12:18:16 ----A---- C:\WINDOWS\system32\DXToolsOfflineAnalysis.dll
2018-05-25 12:18:16 ----A---- C:\WINDOWS\system32\DXToolsMonitor.dll
2018-05-25 12:18:16 ----A---- C:\WINDOWS\system32\DXGIDebug.dll
2018-05-25 12:18:16 ----A---- C:\WINDOWS\system32\DXCpl.exe
2018-05-25 12:18:16 ----A---- C:\WINDOWS\system32\DXCaptureReplay.dll
2018-05-25 12:18:16 ----A---- C:\WINDOWS\system32\DXCap.exe
2018-05-25 12:18:16 ----A---- C:\WINDOWS\system32\d3d12SDKLayers.dll
2018-05-25 12:18:16 ----A---- C:\WINDOWS\system32\d3d11_3SDKLayers.dll
2018-05-25 12:18:16 ----A---- C:\WINDOWS\system32\d2d1debug3.dll
2018-05-25 12:18:04 ----D---- C:\WINDOWS\SYSWOW64\XPSViewer
2018-05-25 12:18:04 ----D---- C:\Program Files\Reference Assemblies
2018-05-25 12:18:04 ----D---- C:\Program Files\MSBuild
2018-05-25 12:18:04 ----D---- C:\Program Files (x86)\Reference Assemblies
2018-05-25 12:18:04 ----D---- C:\Program Files (x86)\MSBuild
2018-05-25 12:17:49 ----A---- C:\WINDOWS\SYSWOW64\TsWpfWrp.exe
2018-05-25 12:17:49 ----A---- C:\WINDOWS\SYSWOW64\PresentationNative_v0300.dll
2018-05-25 12:17:48 ----A---- C:\WINDOWS\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-05-25 12:17:48 ----A---- C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-05-25 12:17:47 ----A---- C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-05-25 12:17:46 ----A---- C:\WINDOWS\system32\TsWpfWrp.exe
2018-05-25 11:50:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-25 11:42:34 ----ASH---- C:\hiberfil.sys
2018-05-25 11:38:29 ----SD---- C:\Users\tomas\AppData\Roaming\Microsoft
2018-05-25 11:36:22 ----A---- C:\WINDOWS\SYSWOW64\nvStreaming.exe
2018-05-25 11:35:00 ----D---- C:\ProgramData\USOShared
2018-05-25 11:34:45 ----A---- C:\WINDOWS\SYSWOW64\PrintConfig.dll
2018-05-25 11:34:38 ----A---- C:\WINDOWS\SYSWOW64\OpenCL.DLL
2018-05-25 11:34:38 ----A---- C:\WINDOWS\system32\OpenCL.DLL
2018-05-25 11:32:38 ----D---- C:\WINDOWS\Prefetch
2018-05-25 11:31:33 ----D---- C:\WINDOWS\system32\SleepStudy
2018-05-25 11:31:28 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
2018-05-22 23:18:38 ----DC---- C:\WINDOWS\Panther

======List of files/folders modified in the last 1 month======

2018-06-20 16:03:58 ----RD---- C:\Program Files
2018-06-20 15:53:42 ----D---- C:\WINDOWS\Temp
2018-06-20 15:49:26 ----D---- C:\Program Files (x86)\Dropbox
2018-06-20 15:48:06 ----D---- C:\WINDOWS\system32\drivers
2018-06-20 15:48:06 ----D---- C:\WINDOWS\System32
2018-06-20 15:46:21 ----D---- C:\WINDOWS\AppReadiness
2018-06-20 15:44:32 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2018-06-20 15:42:43 ----D---- C:\WINDOWS\system32\Tasks
2018-06-20 15:42:37 ----D---- C:\ProgramData\NVIDIA
2018-06-20 15:39:52 ----D---- C:\WINDOWS\system32\sru
2018-06-18 13:25:50 ----HD---- C:\ProgramData
2018-06-18 02:10:05 ----SHD---- C:\System Volume Information
2018-06-18 02:00:08 ----SHDC---- C:\WINDOWS\Installer
2018-06-18 01:59:56 ----RD---- C:\WINDOWS\Microsoft.NET
2018-06-18 01:59:50 ----D---- C:\Program Files\Common Files\microsoft shared
2018-06-18 01:59:50 ----D---- C:\Program Files\Common Files
2018-06-18 01:58:56 ----D---- C:\WINDOWS\INF
2018-06-18 01:58:32 ----AD---- C:\Program Files\Microsoft Office
2018-06-17 23:54:04 ----D---- C:\WINDOWS\system32\config
2018-06-17 23:51:57 ----D---- C:\WINDOWS\WinSxS
2018-06-17 13:10:23 ----D---- C:\WINDOWS\system32\WDI
2018-06-17 13:07:48 ----D---- C:\Windows
2018-06-17 13:06:41 ----D---- C:\WINDOWS\system32\catroot2
2018-06-16 18:00:07 ----D---- C:\WINDOWS\system32\LogFiles
2018-06-16 17:54:51 ----D---- C:\WINDOWS\debug
2018-06-16 16:45:17 ----D---- C:\WINDOWS\Logs
2018-06-16 15:14:53 ----D---- C:\WINDOWS\system32\Macromed
2018-06-16 15:14:51 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2018-06-16 15:10:34 ----D---- C:\WINDOWS\SoftwareDistribution
2018-06-16 14:55:53 ----AD---- C:\Program Files\CCleaner
2018-06-16 14:51:58 ----D---- C:\Users\tomas\AppData\Roaming\TS3Client
2018-06-16 14:51:58 ----D---- C:\Program Files (x86)\Steam
2018-06-16 14:51:39 ----D---- C:\WINDOWS\LiveKernelReports
2018-06-16 14:41:44 ----D---- C:\WINDOWS\Tasks
2018-06-16 14:36:46 ----RD---- C:\WINDOWS\assembly
2018-06-16 13:04:51 ----D---- C:\WINDOWS\system32\DriverStore
2018-06-16 13:03:40 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2018-06-16 13:03:40 ----AD---- C:\Program Files\Mozilla Firefox
2018-06-16 02:54:21 ----D---- C:\WINDOWS\TextInput
2018-06-16 02:54:21 ----D---- C:\WINDOWS\SYSWOW64\zu-ZA
2018-06-16 02:54:21 ----D---- C:\WINDOWS\SYSWOW64\yo-NG
2018-06-16 02:54:21 ----D---- C:\WINDOWS\SYSWOW64\xh-ZA
2018-06-16 02:54:21 ----D---- C:\WINDOWS\SYSWOW64\wo-SN
2018-06-16 02:54:21 ----D---- C:\WINDOWS\SYSWOW64\uz-Latn-UZ
2018-06-16 02:54:21 ----D---- C:\WINDOWS\SYSWOW64\tn-ZA
2018-06-16 02:54:21 ----D---- C:\WINDOWS\SYSWOW64\ti-ET
2018-06-16 02:54:21 ----D---- C:\WINDOWS\SYSWOW64\tg-Cyrl-TJ
2018-06-16 02:54:21 ----D---- C:\WINDOWS\SYSWOW64\sr-Cyrl-RS
2018-06-16 02:54:21 ----D---- C:\WINDOWS\SYSWOW64\sr-Cyrl-BA
2018-06-16 02:54:21 ----D---- C:\WINDOWS\SYSWOW64\setup
2018-06-16 02:54:21 ----D---- C:\WINDOWS\SYSWOW64\sd-Arab-PK
2018-06-16 02:54:21 ----D---- C:\WINDOWS\SYSWOW64\rw-RW
2018-06-16 02:54:21 ----D---- C:\WINDOWS\SYSWOW64\quc-Latn-GT
2018-06-16 02:54:21 ----D---- C:\WINDOWS\SYSWOW64\pa-Arab-PK
2018-06-16 02:54:21 ----D---- C:\WINDOWS\SYSWOW64\oobe
2018-06-16 02:54:21 ----D---- C:\WINDOWS\SYSWOW64\nso-ZA
2018-06-16 02:54:21 ----D---- C:\WINDOWS\SYSWOW64\ku-Arab-IQ
2018-06-16 02:54:21 ----D---- C:\WINDOWS\SYSWOW64\ig-NG
2018-06-16 02:54:21 ----D---- C:\WINDOWS\SYSWOW64\chr-CHER-US
2018-06-16 02:54:21 ----D---- C:\WINDOWS\SYSWOW64\ha-Latn-NG
2018-06-16 02:54:21 ----D---- C:\WINDOWS\SYSWOW64\Dism
2018-06-16 02:54:21 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2018-06-16 02:54:21 ----D---- C:\WINDOWS\SYSWOW64\ca-ES-valencia
2018-06-16 02:54:21 ----D---- C:\WINDOWS\SYSWOW64\bs-Latn-BA
2018-06-16 02:54:21 ----D---- C:\WINDOWS\SYSWOW64\az-Latn-AZ
2018-06-16 02:54:21 ----D---- C:\WINDOWS\SysWOW64
2018-06-16 02:54:12 ----D---- C:\WINDOWS\system32\zu-ZA
2018-06-16 02:54:12 ----D---- C:\WINDOWS\system32\yo-NG
2018-06-16 02:54:12 ----D---- C:\WINDOWS\system32\xh-ZA
2018-06-16 02:54:12 ----D---- C:\WINDOWS\system32\wo-SN
2018-06-16 02:54:12 ----D---- C:\WINDOWS\system32\WinBioPlugIns
2018-06-16 02:54:12 ----D---- C:\WINDOWS\system32\uz-Latn-UZ
2018-06-16 02:54:12 ----D---- C:\WINDOWS\system32\tn-ZA
2018-06-16 02:54:12 ----D---- C:\WINDOWS\system32\ti-ET
2018-06-16 02:54:12 ----D---- C:\WINDOWS\system32\tg-Cyrl-TJ
2018-06-16 02:54:12 ----D---- C:\WINDOWS\system32\SystemResetPlatform
2018-06-16 02:54:12 ----D---- C:\WINDOWS\system32\sr-Cyrl-RS
2018-06-16 02:54:12 ----D---- C:\WINDOWS\system32\sr-Cyrl-BA
2018-06-16 02:54:11 ----D---- C:\WINDOWS\system32\setup
2018-06-16 02:54:11 ----D---- C:\WINDOWS\system32\sd-Arab-PK
2018-06-16 02:54:11 ----D---- C:\WINDOWS\system32\rw-RW
2018-06-16 02:54:11 ----D---- C:\WINDOWS\system32\quc-Latn-GT
2018-06-16 02:54:11 ----D---- C:\WINDOWS\system32\pa-Arab-PK
2018-06-16 02:54:11 ----D---- C:\WINDOWS\system32\oobe
2018-06-16 02:54:11 ----D---- C:\WINDOWS\system32\nso-ZA
2018-06-16 02:54:11 ----D---- C:\WINDOWS\system32\ku-Arab-IQ
2018-06-16 02:54:11 ----D---- C:\WINDOWS\system32\ig-NG
2018-06-16 02:54:11 ----D---- C:\WINDOWS\system32\chr-CHER-US
2018-06-16 02:54:11 ----D---- C:\WINDOWS\system32\ha-Latn-NG
2018-06-16 02:54:11 ----D---- C:\WINDOWS\system32\en-US
2018-06-16 02:54:11 ----D---- C:\WINDOWS\system32\Dism
2018-06-16 02:54:11 ----D---- C:\WINDOWS\system32\cs-CZ
2018-06-16 02:54:11 ----D---- C:\WINDOWS\system32\ca-ES-valencia
2018-06-16 02:54:11 ----D---- C:\WINDOWS\system32\bs-Latn-BA
2018-06-16 02:54:11 ----D---- C:\WINDOWS\system32\Boot
2018-06-16 02:54:11 ----D---- C:\WINDOWS\system32\az-Latn-AZ
2018-06-16 02:54:11 ----D---- C:\WINDOWS\system32\appraiser
2018-06-16 02:54:08 ----D---- C:\WINDOWS\ShellExperiences
2018-06-16 02:54:07 ----RSD---- C:\WINDOWS\Fonts
2018-06-16 02:54:07 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2018-06-16 02:54:07 ----D---- C:\WINDOWS\bcastdvr
2018-06-16 02:54:07 ----D---- C:\WINDOWS\apppatch
2018-06-16 02:54:07 ----D---- C:\Program Files\Windows Photo Viewer
2018-06-16 02:54:07 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2018-06-15 12:09:21 ----D---- C:\WINDOWS\system32\MRT
2018-06-15 12:07:01 ----AC---- C:\WINDOWS\system32\MRT-KB890830.exe
2018-06-15 12:06:54 ----AC---- C:\WINDOWS\system32\MRT.exe
2018-06-15 12:06:46 ----D---- C:\WINDOWS\CbsTemp
2018-06-15 11:56:25 ----HD---- C:\Program Files\WindowsApps
2018-06-12 18:30:31 ----AD---- C:\Program Files (x86)\Heroes of the Storm
2018-06-12 15:54:10 ----AD---- C:\Program Files (x86)\Blizzard App
2018-06-07 20:20:09 ----RD---- C:\Program Files (x86)
2018-06-06 01:29:25 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2018-06-03 13:50:15 ----D---- C:\WINDOWS\system32\drivers\UMDF
2018-06-02 10:41:44 ----D---- C:\WINDOWS\appcompat
2018-05-31 11:11:00 ----D---- C:\WINDOWS\system32\drivers\wd
2018-05-25 14:04:46 ----D---- C:\WINDOWS\system32\restore
2018-05-25 13:58:42 ----SD---- C:\ProgramData\Microsoft
2018-05-25 12:30:40 ----D---- C:\WINDOWS\SYSWOW64\drivers
2018-05-25 12:30:40 ----D---- C:\WINDOWS\SYSWOW64\3082
2018-05-25 12:30:40 ----D---- C:\WINDOWS\SYSWOW64\1055
2018-05-25 12:30:40 ----D---- C:\WINDOWS\SYSWOW64\1049
2018-05-25 12:30:40 ----D---- C:\WINDOWS\SYSWOW64\1046
2018-05-25 12:30:40 ----D---- C:\WINDOWS\SYSWOW64\1045
2018-05-25 12:30:40 ----D---- C:\WINDOWS\SYSWOW64\1040
2018-05-25 12:30:40 ----D---- C:\WINDOWS\SYSWOW64\1036
2018-05-25 12:30:40 ----D---- C:\WINDOWS\SYSWOW64\1033
2018-05-25 12:30:40 ----D---- C:\WINDOWS\SYSWOW64\1029
2018-05-25 12:30:40 ----D---- C:\WINDOWS\system32\WinBioDatabase
2018-05-25 12:30:40 ----D---- C:\WINDOWS\system32\Tasks_Migrated
2018-05-25 12:30:40 ----D---- C:\WINDOWS\system32\drivers\etc
2018-05-25 12:30:39 ----HD---- C:\WINDOWS\system32\WLANProfiles
2018-05-25 12:30:39 ----HD---- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2018-05-25 12:30:39 ----DC---- C:\WINDOWS\system32\DRVSTORE
2018-05-25 12:30:39 ----D---- C:\WINDOWS\system32\zh-HK
2018-05-25 12:30:39 ----D---- C:\WINDOWS\system32\spool
2018-05-25 12:30:39 ----D---- C:\WINDOWS\system32\NDF
2018-05-25 12:30:39 ----D---- C:\WINDOWS\system32\3082
2018-05-25 12:30:39 ----D---- C:\WINDOWS\system32\1055
2018-05-25 12:30:39 ----D---- C:\WINDOWS\system32\1049
2018-05-25 12:30:39 ----D---- C:\WINDOWS\system32\1046
2018-05-25 12:30:39 ----D---- C:\WINDOWS\system32\1045
2018-05-25 12:30:39 ----D---- C:\WINDOWS\system32\1040
2018-05-25 12:30:39 ----D---- C:\WINDOWS\system32\1036
2018-05-25 12:30:39 ----D---- C:\WINDOWS\system32\1033
2018-05-25 12:30:39 ----D---- C:\WINDOWS\system32\1029
2018-05-25 12:30:39 ----D---- C:\WINDOWS\Help
2018-05-25 12:30:38 ----D---- C:\WINDOWS\system32\Recovery
2018-05-25 12:30:38 ----D---- C:\Program Files\Intel
2018-05-25 12:30:38 ----D---- C:\Program Files (x86)\Microsoft.NET
2018-05-25 12:30:38 ----D---- C:\Program Files (x86)\Intel
2018-05-25 12:30:38 ----D---- C:\Program Files (x86)\Common Files
2018-05-25 12:30:35 ----D---- C:\WINDOWS\Setup
2018-05-25 12:26:17 ----D---- C:\WINDOWS\twain_32
2018-05-25 12:26:14 ----D---- C:\WINDOWS\SYSWOW64\drivers\UMDF
2018-05-25 12:25:25 ----D---- C:\WINDOWS\OCR
2018-05-25 12:25:11 ----D---- C:\Program Files (x86)\Windows Mail
2018-05-25 12:25:09 ----D---- C:\Program Files\Windows Mail
2018-05-25 12:25:09 ----D---- C:\Program Files\Realtek
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\vi-VN
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\ur-PK
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\ug-CN
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\tt-RU
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\tk-TM
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\te-IN
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\ta-IN
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\sw-KE
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\sq-AL
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\si-LK
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\quz-PE
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\prs-AF
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\pa-IN
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\or-IN
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\nn-NO
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\ne-NP
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\mt-MT
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\ms-MY
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\mr-IN
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\mn-MN
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\ml-IN
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\mk-MK
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\mi-NZ
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\lo-LA
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\lb-LU
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\ky-KG
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\kok-IN
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\kn-IN
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\km-KH
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\kk-KZ
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\ka-GE
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\is-IS
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\id-ID
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\hy-AM
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\gu-IN
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\gd-GB
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\ga-IE
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\fil-PH
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\fa-IR
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\cy-GB
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\bn-IN
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\bn-BD
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\be-BY
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\as-IN
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\am-ET
2018-05-25 12:22:24 ----D---- C:\WINDOWS\SYSWOW64\af-ZA
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\vi-VN
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\ur-PK
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\ug-CN
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\tt-RU
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\tk-TM
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\te-IN
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\ta-in
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\sw-KE
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\sq-AL
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\si-lk
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\quz-PE
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\prs-AF
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\pa-IN
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\or-IN
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\nn-NO
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\ne-NP
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\mt-MT
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\ms-MY
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\mr-IN
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\mn-MN
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\ml-IN
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\mk-MK
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\mi-NZ
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\lo-LA
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\lb-LU
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\ky-KG
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\kok-IN
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\kn-IN
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\km-KH
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\kk-KZ
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\ka-GE
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\is-IS
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\id-ID
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\hy-AM
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\gu-IN
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\gd-GB
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\ga-IE
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\fil-PH
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\fa-IR
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\cy-GB
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\bn-IN
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\bn-BD
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\be-BY
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\as-IN
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\am-et
2018-05-25 12:22:24 ----D---- C:\WINDOWS\system32\af-ZA
2018-05-25 12:22:24 ----D---- C:\WINDOWS\Provisioning
2018-05-25 12:18:43 ----D---- C:\WINDOWS\system32\drivers\en-US
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\zh-TW
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\zh-CN
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\uk-UA
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\tr-TR
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\th-TH
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\sv-SE
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\sr-Latn-RS
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\sl-SI
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\sk-SK
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\ru-RU
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\ro-RO
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\pt-PT
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\pt-BR
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\pl-PL
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\nl-NL
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\nb-NO
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\lv-LV
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\lt-LT
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\ko-KR
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\ja-JP
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\it-IT
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\hu-HU
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\hr-HR
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\he-IL
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\fr-FR
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\fr-CA
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\fi-FI
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\et-EE
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\es-MX
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\es-ES
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\en-US
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\en-GB
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\el-GR
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\de-DE
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\da-DK
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\bg-BG
2018-05-25 12:18:36 ----D---- C:\WINDOWS\SYSWOW64\ar-SA
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\zh-TW
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\zh-CN
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\uk-UA
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\tr-TR
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\th-TH
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\sv-SE
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\sr-Latn-RS
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\sl-SI
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\sk-SK
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\ru-RU
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\ro-RO
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\pt-PT
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\pt-BR
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\pl-PL
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\nl-NL
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\nb-NO
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\lv-LV
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\lt-LT
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\ko-KR
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\ja-jp
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\it-IT
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\hu-HU
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\hr-HR
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\he-IL
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\fr-FR
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\fr-CA
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\fi-FI
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\et-EE
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\es-MX
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\es-ES
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\en-GB
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\el-GR
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\de-DE
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\da-DK
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\bg-BG
2018-05-25 12:18:36 ----D---- C:\WINDOWS\system32\ar-SA
2018-05-25 12:18:04 ----D---- C:\WINDOWS\SYSWOW64\MUI
2018-05-25 12:18:04 ----D---- C:\WINDOWS\system32\MUI
2018-05-25 11:55:36 ----D---- C:\Program Files\windows nt
2018-05-25 11:55:03 ----RD---- C:\Program Files\Windows Defender
2018-05-25 11:54:30 ----D---- C:\WINDOWS\Registration
2018-05-25 11:53:21 ----D---- C:\WINDOWS\system32\CodeIntegrity
2018-05-25 11:47:47 ----D---- C:\WINDOWS\SYSWOW64\wbem
2018-05-25 11:47:47 ----D---- C:\WINDOWS\system32\wbem
2018-05-25 11:47:40 ----RSD---- C:\WINDOWS\media
2018-05-25 11:42:54 ----D---- C:\WINDOWS\SYSWOW64\sda
2018-05-25 11:38:29 ----RD---- C:\Users
2018-05-25 11:37:08 ----D---- C:\WINDOWS\system32\DAX2
2018-05-25 11:36:57 ----D---- C:\WINDOWS\SYSWOW64\RTCOM
2018-05-25 11:36:21 ----D---- C:\Program Files (x86)\VulkanRT
2018-05-25 11:35:11 ----D---- C:\ProgramData\NVIDIA Corporation
2018-05-25 11:35:00 ----D---- C:\ProgramData\USOPrivate
2018-05-25 11:34:54 ----D---- C:\Program Files\NVIDIA Corporation
2018-05-25 11:32:17 ----SHD---- C:\Recovery
2018-05-24 22:50:07 ----AD---- C:\Program Files (x86)\Hearthstone

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2016-09-19 795640]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2018-04-12 58272]
R0 SgrmAgent;@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001; C:\WINDOWS\system32\drivers\SgrmAgent.sys [2018-04-12 63896]
R1 afunix;afunix; C:\WINDOWS\system32\drivers\afunix.sys [2018-04-12 39424]
R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2015-05-08 20096]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2018-04-12 60320]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2018-04-12 55808]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2018-04-12 8192]
R1 netfilter2;netfilter2; C:\WINDOWS\system32\drivers\netfilter2.sys [2016-09-18 79504]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2018-04-12 414208]
R2 iocbios2;iocbios2; \??\C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [2016-08-24 37064]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2018-04-12 43520]
R3 AiCharger;ASUS Charger Driver; C:\WINDOWS\system32\DRIVERS\AiCharger.sys [2016-08-24 29312]
R3 AsusHFilter;@oem17.inf,%AsusFilter.SvcDesc%;ASUS Patch; C:\WINDOWS\System32\drivers\AsusHFilter.sys [2016-12-22 30200]
R3 AsusPTPDrv;@oem0.inf,%AsusPTP.SvcDesc%;ASUS Touch Service; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [2016-10-11 99320]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\system32\DRIVERS\BTHUSB.sys [2018-04-12 85504]
R3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2018-04-12 60320]
R3 HIDSwitch;@oem10.inf,%ASSW.DisplayName%;ASUS Wireless Radio Control; C:\WINDOWS\System32\drivers\AsRadioControl.sys [2016-12-19 31120]
R3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2018-04-12 171520]
R3 ibtusb;@oem44.inf,%ibtusb.SVCDESC_IBT%;Intel(R) Wireless Bluetooth(R); C:\WINDOWS\system32\DRIVERS\ibtusb.sys [2017-11-17 136200]
R3 ICCWDT;@oem14.inf,%ICCWDT.SVCDESC%;Intel(R) Watchdog Timer Driver (Intel(R) WDT); C:\WINDOWS\System32\drivers\ICCWDT.sys [2016-11-02 38680]
R3 igfx;igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igdkmd64.sys [2016-11-30 11039712]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2016-09-02 5303304]
R3 IntcDAud;@oem7.inf,%IntcAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2016-10-07 822248]
R3 MEIx64;@oem29.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys [2016-09-23 204896]
R3 Netwtw04;___ Intel(R) Wireless Adapter Driver for Windows 10 - 64 Bit; C:\WINDOWS\System32\drivers\Netwtw04.sys [2018-04-12 7689728]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_e81efc139459a03d\nvlddmkm.sys [2017-01-17 14190520]
R3 nvvad_WaveExtensible;@oem5.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\WINDOWS\system32\drivers\nvvad64v.sys [2017-10-11 50624]
R3 nvvhci;@oem19.inf,%ServiceDesc%;NVVHCI Enumerator Service; C:\WINDOWS\System32\drivers\nvvhci.sys [2017-10-11 57792]
R3 RSP2STOR;@oem18.inf,%Rts5229%;Realtek PCIE CardReader Driver - P2; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [2016-08-15 329184]
R3 rt640x64;@oem21.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2016-10-18 943112]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys [2018-04-12 38304]
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2018-04-12 321432]
S0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\WINDOWS\System32\drivers\iaStorAVC.sys [2018-04-12 885144]
S0 ItSas35i;ItSas35i; C:\WINDOWS\System32\drivers\ItSas35i.sys [2018-04-12 145816]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2018-04-12 124312]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2018-04-12 128408]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2018-04-12 75160]
S0 megasas35i;megasas35i; C:\WINDOWS\System32\drivers\megasas35i.sys [2018-04-12 82328]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2018-04-12 58776]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2018-04-12 61848]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2018-04-12 39840]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2018-04-12 128416]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2018-04-12 20480]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2018-04-12 18432]
S3 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\WINDOWS\system32\drivers\bindflt.sys [2018-04-12 92056]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2018-04-12 106496]
S3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2018-04-12 86528]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2018-04-12 129536]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\system32\DRIVERS\BTHport.sys [2018-04-12 1069056]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2018-04-12 39936]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2018-04-12 123392]
S3 farmntio;farmntio; \??\C:\Windows\system32\drivers\farmntio.sys [2014-03-25 25144]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2018-04-12 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2018-04-12 50592]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2018-04-12 73632]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2018-04-12 27136]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2018-04-12 1836952]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2018-04-12 36864]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2018-04-12 91648]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2018-04-12 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2018-04-12 88576]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2018-04-12 174592]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2018-04-12 526232]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2018-04-12 38912]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2018-04-12 32256]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2018-04-12 119808]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2018-04-12 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2018-04-12 56736]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2018-04-12 842648]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2018-04-12 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2018-04-12 175104]
S3 nvdimm;@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver; C:\WINDOWS\System32\drivers\nvdimm.sys [2018-04-12 104448]
S3 NvStreamKms;NVIDIA KMS; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2017-10-11 30144]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2018-04-12 105984]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2018-04-12 16896]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2018-06-08 945568]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2018-04-12 193536]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2018-04-12 104448]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2018-04-12 33176]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2018-04-12 57752]
S4 hvcrash;hvcrash; C:\WINDOWS\System32\drivers\hvcrash.sys [2018-04-12 33184]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-02-09 83984]
R2 AsHidService;ASUS HID Access Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [2016-06-16 126648]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [2016-07-28 130744]
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 CDPUserSvc_1b23221;Uživatelská služba platformy připojených zařízení_1b23221; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 ClickToRunSvc;Microsoft Office Click-to-Run Service; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2018-06-12 8654504]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 cplspcon;Intel(R) Content Protection HDCP Service; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHDCPSvc.exe [2016-11-30 480224]
R2 DbxSvc;DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [2018-06-18 51024]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2016-10-06 640928]
R2 FBAgent;FBAgent; C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe [2014-08-13 73032]
R2 ibtsiva;@oem44.inf,%SERVICE_NAME%;Intel Bluetooth Service; C:\WINDOWS\system32\ibtsiva []
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe [2016-11-30 341984]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2016-10-05 177440]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2016-10-05 419616]
R2 mccspsvc;McAfee CSP Service; C:\Program Files\Common Files\McAfee\CSP\2.6.319.0\\McCSPServiceHost.exe [2017-09-27 2145496]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-11 518080]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2016-12-29 458176]
R2 NvTelemetryContainer;NVIDIA Telemetry Container; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [2017-10-11 460736]
R2 OneSyncSvc_1b23221;Hostitel synchronizace_1b23221; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 PEFService;Intel Security PEF Service; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [2017-09-24 1046456]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2016-10-06 157600]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2014-04-14 389896]
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2018-04-12 761440]
R2 SgrmBroker;@%SystemRoot%\System32\SgrmBroker.exe,-100; C:\WINDOWS\system32\SgrmBroker.exe [2018-04-12 163336]
R3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHeciSvc.exe [2016-11-30 301536]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2018-05-25 43648]
R3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 PimIndexMaintenanceSvc_1b23221;Data kontaktů_1b23221; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S2 ASUS Rog Aura Core;ASUS Rog Aura Core Service; C:\Program Files (x86)\ASUS\ROG Aura Core\AuraCoreSrv.exe [2016-10-14 552600]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S2 dbupdate;Dropbox Update Service (dbupdate); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-03-10 143144]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-31 153168]
S2 IpOverUsbSvc;Windows Phone IP over USB Transport (IpOverUsbSvc); C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [2017-09-28 21304]
S2 Kingsoft_WPS_UpdateService;WPS Office Update Service; C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\wtoolex\wpsupdatesvr.exe [2016-11-14 133376]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-16 335872]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BcastDVRUserService_1b23221;Uživatelská služba pro GameDVR a vysílání her_1b23221; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BluetoothUserService_1b23221;Služba pro podporu uživatelů Bluetooth_1b23221; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 dbupdatem;Dropbox Update Service (dbupdatem); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-03-10 143144]
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevicePickerUserSvc_1b23221;DevicePicker_1b23221; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevicesFlowUserSvc_1b23221;Tok zařízení_1b23221; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2018-04-12 90624]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-31 153168]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2016-07-26 987432]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 MessagingService_1b23221;Služba zasílání zpráv_1b23221; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-06-07 194512]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2016-10-06 268704]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 NvContainerNetworkService;NVIDIA NetworkService Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-11 518080]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2018-06-12 263344]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PrintWorkflowUserSvc_1b23221;PrintWorkflow_1b23221; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 ROGGamingCenterService;ROG Gaming Center Service; C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingCenterService.exe [2016-11-24 42680]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2018-04-12 1273344]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\WINDOWS\system32\spectrum.exe [2018-06-08 976384]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]

-----------------EOF-----------------

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Windows installer popup

#2 Příspěvek od Conder »

Ahoj :)

:arrow: Vedel by si poslat screenshot toho vyskakovacieho okna?

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
  • Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
  • Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
  • Otvori sa log, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Xumas
Návštěvník
Návštěvník
Příspěvky: 7
Registrován: 20 čer 2018 14:32

Re: Windows installer popup

#3 Příspěvek od Xumas »

Vyskakovací okno se delší dobu neobjevilo, pokud se znova zobrazí, tak se pokusím udělat screenshot. Posílám log z AdwCleaneru.


# -------------------------------
# Malwarebytes AdwCleaner 7.2.0.0
# -------------------------------
# Build: 06-05-2018
# Database: 2018-04-24.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-20-2018
# Duration: 00:00:01
# OS: Windows 10 Home
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1242 octets] - [20/06/2018 17:09:52]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Windows installer popup

#4 Příspěvek od Conder »

:arrow: Poprosim o obidva logy z FRST podla tohto navodu (FRST.txt a Addition.txt): https://forum.viry.cz/viewtopic.php?f=13&t=152707

:arrow: V pripade, ze sa FRSTLauncher nebude dat stiahnut alebo spustit, pouzi iba samotny FRST.

:arrow: Ak sa logy nezmestia do jedneho prispevku, zabal ich do archivu RAR alebo ZIP a posli ako prilohu.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Xumas
Návštěvník
Návštěvník
Příspěvky: 7
Registrován: 20 čer 2018 14:32

Re: Windows installer popup

#5 Příspěvek od Xumas »

FRSTLauncher se mi nepodařilo spustit (windows defender hlásil že detekoval virus), posílám logy ze scanu pouze pomocí FRST. Zdá se, že vyskakovací okno se už neobjevuje, ale přestalo mi fungovat připojení k internetu přes wifi, takže jsem připojil ethernet kabel. Po testu adwcleanerem wifi opět začala fungovat, ale nyní opět nefunguje.
FRSTLogs.zip
(36.08 KiB) Staženo 58 x

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Windows installer popup

#6 Příspěvek od Conder »

:arrow: Odkedy nefunguje wifi pripojenie? Neda sa pripojit iba k niektorej wifi sieti alebo nefunguje cely adapter (nenajde ziadne wifi siete)? Funguje wifi siet na ostatnych PC alebo inych zariadeniach?

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    VirusTotal: C:\farstone_pe.letter
    File: C:\farstone_pe.letter
    File: C:\Windows\system32\drivers\farmntio.sys
    File: C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe
    File: C:\WINDOWS\SysWOW64\DeleteFiles.cmd
    CMD: type "C:\WINDOWS\SysWOW64\DeleteFiles.cmd"
    
    HKU\S-1-5-21-138620625-3610902877-2132895110-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus17win10.msn.com/?pc=ASTE
    HKU\S-1-5-21-138620625-3610902877-2132895110-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
    SearchScopes: HKU\S-1-5-21-138620625-3610902877-2132895110-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-138620625-3610902877-2132895110-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    2018-06-20 16:03 - 2018-06-20 17:18 - 000000000 ____D C:\Program Files\trend micro
    2018-06-20 16:03 - 2018-06-20 16:04 - 000000000 ____D C:\rsit
    C:\Users\tomas\Desktop\RSIT*.exe
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
    
    Hosts:
    EmptyTemp:
    End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Xumas
Návštěvník
Návštěvník
Příspěvky: 7
Registrován: 20 čer 2018 14:32

Re: Windows installer popup

#7 Příspěvek od Xumas »

Wifi nefunguje tím způsobem, že se k ní sice připojím, ale nejde načíst žádná stránka v prohlížeči. Na ostatních zařízeních se ke stejné wifi síti připojím bez problému. A problémy s wifi se objevily když jsem stahoval RSIT a FRST, ještě před scanem (ale nemyslím si že to s jejich stažením má něco společného). Také se mi povedlo udělat screenshot toho okna. Okno se vždy objeví několikrát za sebou a pak se objeví až zase za nějakou delší dobu.

Fix result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by tomas (22-06-2018 02:41:35) Run:1
Running from C:\Users\tomas\Desktop
Loaded Profiles: tomas (Available Profiles: tomas)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

VirusTotal: C:\farstone_pe.letter
File: C:\farstone_pe.letter
File: C:\Windows\system32\drivers\farmntio.sys
File: C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe
File: C:\WINDOWS\SysWOW64\DeleteFiles.cmd
CMD: type "C:\WINDOWS\SysWOW64\DeleteFiles.cmd"

HKU\S-1-5-21-138620625-3610902877-2132895110-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus17win10.msn.com/?pc=ASTE
HKU\S-1-5-21-138620625-3610902877-2132895110-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-138620625-3610902877-2132895110-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-138620625-3610902877-2132895110-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2018-06-20 16:03 - 2018-06-20 17:18 - 000000000 ____D C:\Program Files\trend micro
2018-06-20 16:03 - 2018-06-20 16:04 - 000000000 ____D C:\rsit
C:\Users\tomas\Desktop\RSIT*.exe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.
VirusTotal: C:\farstone_pe.letter => https://www.virustotal.com/file/4503c0a ... 529628167/

========================= File: C:\farstone_pe.letter ========================

C:\farstone_pe.letter
File not signed
MD5: BF052EFA30D7683A23394BA790673288
Creation and modification date: 2018-06-20 17:05 - 2018-06-20 18:25
Size: 000004608
Attributes: ---RH
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


========================= File: C:\Windows\system32\drivers\farmntio.sys ========================

C:\Windows\system32\drivers\farmntio.sys
File not signed
MD5: 0EE1D766D9B671AB101978723FE3558B
Creation and modification date: 2014-03-25 11:14 - 2014-03-25 11:14
Size: 000025144
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


========================= File: C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe ========================

C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe
File not signed
MD5: 7D87A129A6F4FA468244F0D812B1D0A5
Creation and modification date: 2017-09-28 17:17 - 2017-09-28 17:17
Size: 000187904
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: Wex.Services.Downlevel-External
Original Name: Wex.Services.exe
Product: Test Authoring and Execution Framework
Description: Wex.Services [v10.13k]
File Version: 10.13.1707.10002
Product Version: 10.13.170710002-rs3
Copyright: ©Microsoft Corporation. All rights reserved.
VirusTotal: 0

====== End of File: ======


========================= File: C:\WINDOWS\SysWOW64\DeleteFiles.cmd ========================

C:\WINDOWS\SysWOW64\DeleteFiles.cmd
File not signed
MD5: 858B16A66EF66F1171E773454F048B91
Creation and modification date: 2018-06-09 07:27 - 2018-06-09 07:27
Size: 000000069
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/file/2a8ad1b ... 525900762/

====== End of File: ======


========= type "C:\WINDOWS\SysWOW64\DeleteFiles.cmd" =========

powershell.exe -ExecutionPolicy Bypass -file DeleteFileList.ps1 ""

========= End of CMD: =========

HKU\S-1-5-21-138620625-3610902877-2132895110-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-138620625-3610902877-2132895110-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKU\S-1-5-21-138620625-3610902877-2132895110-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-138620625-3610902877-2132895110-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
C:\Program Files\trend micro => moved successfully
C:\rsit => moved successfully

=========== "C:\Users\tomas\Desktop\RSIT*.exe" ==========

C:\Users\tomas\Desktop\RSITx64(1).exe => moved successfully

========= End -> "C:\Users\tomas\Desktop\RSIT*.exe" ========

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17942944 B
Java, Flash, Steam htmlcache => 147756478 B
Windows/system/drivers => 114707467 B
Edge => 1522940 B
Chrome => 3808035 B
Firefox => 173452638 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 4534 B
LocalService => 0 B
NetworkService => 11812 B
NetworkService => 0 B
tomas => 274979893 B

RecycleBin => 160039754 B
EmptyTemp: => 859.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 02:45:06 ====
Přílohy
vyskakovaci okno.png
vyskakovaci okno.png (23.74 KiB) Zobrazeno 1711 x

Xumas
Návštěvník
Návštěvník
Příspěvky: 7
Registrován: 20 čer 2018 14:32

Re: Windows installer popup

#8 Příspěvek od Xumas »

Ještě bych doplnil, že připojení přes wifi není nefunkční po celou dobu, včera třeba po zapnutí notebooku připojení fungovalo a po restartu už ne, ale dnes ráno opět fungovalo. Také jsem si všiml (už od té doby co se začalo objevovat vyskakovací okno), že občas na malou chvíli není pohyb kurzoru plynulý.

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Windows installer popup

#9 Příspěvek od Conder »

:arrow: Ak teda spravne chapem, aj v momente, ked wifi siet nefunguje na tomto NTB, zaroven na inych zariadeniach funguje?

:arrow: Poprosim o nove logy z FRST.

:arrow: Urob v MBAM uplny sken
  • Stiahni a nainstaluj Malwarebytes (MBAM): https://www.malwarebytes.com/mwb-download/thankyou/
  • Ignoruj skusobnu trial verziu
  • Otvor MBAM a vlavo klikni na "Skenovat"
  • Klikni na "Vlastne skenovanie" a potom na "Nakonfigurovat skenovanie" (Nastavit sken)
  • Vpravo oznac vsetky disky v PC a vlavo oznac moznost "Vyhladavat rootkity"
  • Klikni na Skenovat teraz a pockaj na dokoncenie
  • Po dokonceni klikni na Exportovat zhrnutie -> Textovy subor, zadaj nejaky nazov suboru a uloz na plochu
  • Obsah tohto suboru sem skopiruj
  • Obrazkovy navod (bohuzial pre starsiu verziu): https://forum.viry.cz/viewtopic.php?f=29&t=144868
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Xumas
Návštěvník
Návštěvník
Příspěvky: 7
Registrován: 20 čer 2018 14:32

Re: Windows installer popup

#10 Příspěvek od Xumas »

1) Ano ve stejnem momentě funguje wifi na jiných zařízeních, ale nefunguje na ntb (ntb se k wifi připojí, ale když chcu načíst stránku v prohlížeči tak se dlouho snaží stránku načíst, ale nic se nenačte).

2) Přikládám logy z FRST v příloze.
FRSTLogs2.zip
(35.99 KiB) Staženo 57 x
3) log z MBAM:

Malwarebytes
http://www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 24.06.18
Čas skenování: 12:47
Logovací soubor: edc92a8a-779b-11e8-9fad-88d7f62e71d6.json
Správce: Ano

-Informace o softwaru-
Verze: 3.5.1.2522
Verze komponentů: 1.0.374
Aktualizovat verzi balíku komponent: 1.0.5609
Licence: Bezplatný

-Systémová informace-
OS: Windows 10 (Build 17134.112)
CPU: x64
Systém souborů: NTFS
Uživatel: DESKTOP-F5UD7ML\tomas

-Shrnutí skenování-
Typ skenování: Vlastní skenování
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 528231
Zjištěné hrozby: 0
(Nebyly zjištěny žádné škodlivé položky)
Hrozby umístěné do karantény: 0
(Nebyly zjištěny žádné škodlivé položky)
Uplynulý čas: 4 hod, 0 min, 25 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Windows installer popup

#11 Příspěvek od Conder »

:arrow: PC vyzera cisty co sa tyka malware, log naznacuje problem s wifi ovladacom (driver).

:arrow: Odstran bordel po McAfee cez tento nastroj a restartuj PC: http://us.mcafee.com/apps/supporttools/mcpr/mcpr.asp

:arrow: Spusti kontrolu integrity systemovych suborov:
  • Otvor Start, napis "cmd" (bez uvodzoviek), klikni pravym tlacitkom mysi na Prikazovy riadok a klikni na Spustit ako spravca
  • Skopiruj a spusti prikaz:

    Kód: Vybrat vše

    DISM.exe /Online /Cleanup-image /Restorehealth
  • Po dokonceni skopiruj a spusti druhy prikaz:

    Kód: Vybrat vše

    sfc /scannow
  • Po dokonceni obidvoch prikazov skopiruj a spusti tento prikaz:

    Kód: Vybrat vše

    findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >> "%userprofile%\desktop\sfcdetails.txt" && copy %windir%\logs\dism\dism.log %userprofile%\desktop\dism.txt
  • Na ploche sa vytvoria subory sfcdetails.txt a dism.txt, tieto subory zabal ho do archivu RAR alebo ZIP a posli ako prilohu k dalsiemu prispevku
  • Restartuj PC
:arrow: Vytvor bod obnovy
  • Stlac Win+R, napis "sysdm.cpl", stlac enter
  • Klikni na kartu Ochrana systemu a potom na tlacitko Vytvorit
  • Zadaj nejaky nazov, napr. "rp" a potvrd kliknutim na Vytvorit
  • Otvorene okna mozes zavret
:arrow: Ak sa bod obnovy nepodari vytvorit, preistotu nepokracuj dalej a napis sem.

:arrow: Nainstaluj aktualnu verzie ovladacov pre Intel wifi/bt adapter (Intel® Dual Band Wireless-AC 7265); nainstaluj obidva drivery a stahuj 64-bit verziu:
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Xumas
Návštěvník
Návštěvník
Příspěvky: 7
Registrován: 20 čer 2018 14:32

Re: Windows installer popup

#12 Příspěvek od Xumas »

1) Vyskakovaci okno se pořád zobrazuje.
2) Provedl jsem vycisteni zbytku McAfee.
3) Provedl jsem kontrolu integrity systemovych souboru - nebyly nalezeny žádné problémy, logy posílám v příloze.
Logy.zip
(8.48 KiB) Staženo 49 x
4) Vytvořil jsem bod obnovy, ale wifi zatím není nutné řešit. Aktuální ovladače případně nainstaluji později.

Vzhledem k tomu, že problémy přetrvávají a nic pravděpodobně nebylo nalezeno, bych navrhoval pokus o vrácení se do bodu obnovy před výskytem problémů.

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Windows installer popup

#13 Příspěvek od Conder »

:arrow: Osobne by som skusil najprv aktualizovat tie wifi ovladace, ale mozes kludne vyskusat aj tu obnovu systemu. Najstarsi bod obnovy podla FRST logov je 15-06-2018 11:56:34 Windows Update.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Odpovědět