Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

GandCrab v5.1

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
candle59
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 23 led 2019 22:47

GandCrab v5.1

#1 Příspěvek od candle59 »

Dobrý den, setkal jsem se s tímto otravným virem, existuje nějaká cesta odvirování? na souborech mi nějak moc nezáleží, ale pokud by byla možnost je zachránit byl bych moc vděčný :-)



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.01.2019
Ran by Doma (23-01-2019 22:53:01)
Running from C:\Users\Doma\Desktop
Windows 10 Home Version 1803 17134.523 (X64) (2019-01-23 20:56:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2577908564-1240238108-2548213143-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2577908564-1240238108-2548213143-503 - Limited - Disabled)
Doma (S-1-5-21-2577908564-1240238108-2548213143-1000 - Administrator - Enabled) => C:\Users\Doma
Guest (S-1-5-21-2577908564-1240238108-2548213143-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2577908564-1240238108-2548213143-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2577908564-1240238108-2548213143-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Microsoft OneDrive (HKU\S-1-5-21-2577908564-1240238108-2548213143-1000\...\OneDriveSetup.exe) (Version: 18.240.1202.0004 - Microsoft Corporation)
Ovládací panel NVIDIA 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 391.35 - NVIDIA Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {29A8AD37-6CEC-43B0-AD15-1C681FA8F4D0} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {B8D4104D-CBA6-4330-B13C-38CF7B2FA248} - System32\Tasks\CCleanerSkipUAC => C:\Windows.old\Program Files\CCleaner\CCleaner.exe [2018-11-06] (Piriform Software Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-12 14:08 - 2018-11-09 03:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-01-09 15:54 - 2019-01-01 07:42 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-12-14 12:07 - 2018-12-12 06:11 - 005237216 _____ () C:\Windows.old\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libglesv2.dll
2018-12-14 12:07 - 2018-12-12 06:11 - 000117216 _____ () C:\Windows.old\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libegl.dll
2019-01-23 22:39 - 2019-01-23 22:40 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-01-23 22:39 - 2019-01-23 22:40 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2019-01-23 22:39 - 2019-01-23 22:49 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2019-01-23 22:39 - 2019-01-23 22:49 - 065903104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2019-01-23 22:39 - 2019-01-23 22:49 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2019-01-23 22:39 - 2019-01-23 22:49 - 000012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2019-01-23 22:39 - 2019-01-23 22:48 - 003715072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2019-01-23 22:39 - 2019-01-23 22:50 - 000036352 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2019-01-23 22:39 - 2019-01-23 22:49 - 002480640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\opencv_imgproc320.dll
2019-01-23 22:39 - 2019-01-23 22:49 - 002280960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\opencv_core320.dll
2019-01-23 22:39 - 2019-01-23 22:49 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2019-01-23 22:39 - 2019-01-23 22:49 - 014186496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2019-01-23 22:39 - 2019-01-23 22:48 - 003569152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2019-01-23 22:39 - 2019-01-23 22:43 - 002871296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2019-01-23 22:39 - 2019-01-23 22:49 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2019-01-23 22:39 - 2019-01-23 22:49 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-01-23 22:51 - 2019-01-23 22:51 - 000972288 _____ () C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.37.11001.0_x64__8wekyb3d8bbwe\GameBarTasks.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\desktop.ini:CachedTiles [478]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-01-23 21:25 - 2019-01-23 21:22 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2577908564-1240238108-2548213143-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Doma\AppData\Local\Microsoft\Windows\Themes\img9.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/23/2019 09:59:40 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Při aktualizaci stavu Windows Defender na SECURITY_PRODUCT_STATE_ON došlo k chybě.

Error: (01/23/2019 09:59:39 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Při aktualizaci stavu Windows Defender na SECURITY_PRODUCT_STATE_ON došlo k chybě.


System errors:
=============
Error: (01/23/2019 10:38:33 PM) (Source: DCOM) (EventID: 10016) (User: Doma-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Doma-PC\Doma (SID: S-1-5-21-2577908564-1240238108-2548213143-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/23/2019 09:51:05 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {A47979D2-C419-11D9-A5B4-001185AD2B89} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/23/2019 09:50:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Zprostředkovatel síťového připojení byla ukončena s následující chybou:
Zařízení připojené k systému nefunguje.

Error: (01/23/2019 09:50:05 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {A47979D2-C419-11D9-A5B4-001185AD2B89} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/23/2019 09:48:05 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {A47979D2-C419-11D9-A5B4-001185AD2B89} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/23/2019 09:45:38 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba Rozšíření a oznámení tiskárny je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (01/23/2019 09:43:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba iphlpsvc byla ukončena s následující chybou:
Zařízení není připraveno.


Windows Defender:
===================================
Date: 2019-01-23 22:12:03.044
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {05F62F20-EC80-48FC-BCA7-4F22404EE85F}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: Doma-PC\Doma

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU 660 @ 3.33GHz
Percentage of memory in use: 33%
Total physical RAM: 8183.05 MB
Available physical RAM: 5407.43 MB
Total Virtual: 10103.05 MB
Available Virtual: 6934.06 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1396.33 GB) (Free:1118.13 GB) NTFS

\\?\Volume{4f6f71d5-fa97-11e0-a812-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{5507158b-0000-0000-0000-301b5d010000}\ () (Fixed) (Total:0.84 GB) (Free:0.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1397.3 GB) (Disk ID: 5507158B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1396.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=859 MB) - (Type=27)

==================== End of Addition.txt ============================




Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.01.2019
Ran by Doma (administrator) on DOMA-PC (23-01-2019 22:51:33)
Running from C:\Users\Doma\Desktop
Loaded Profiles: Doma (Available Profiles: Doma)
Platform: Windows 10 Home Version 1803 17134.523 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-2577908564-1240238108-2548213143-1000\...\Run: [CCleaner Smart Cleaning] => C:\Windows.old\Program Files\CCleaner\CCleaner64.exe [19476424 2018-11-06] (Piriform Software Ltd)
HKU\S-1-5-21-2577908564-1240238108-2548213143-1000\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Doma\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-2577908564-1240238108-2548213143-1000\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Doma\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-2577908564-1240238108-2548213143-1000\...\RunOnce: [Uninstall 17.3.6816.0313\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Doma\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64"
HKU\S-1-5-21-2577908564-1240238108-2548213143-1000\...\RunOnce: [Uninstall 17.3.6816.0313] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Doma\AppData\Local\Microsoft\OneDrive\17.3.6816.0313"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{c11ceb86-e3be-4b41-9689-e8b2e0322ce4}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================

Chrome:
=======
CHR Profile: C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default [2019-01-23]
CHR Extension: (Prezentace) - C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-01-23]
CHR Extension: (Dokumenty) - C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-01-23]
CHR Extension: (Disk Google) - C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-01-23]
CHR Extension: (YouTube) - C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-01-23]
CHR Extension: (Tabulky) - C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-01-23]
CHR Extension: (Dokumenty Google offline) - C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-01-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-01-23]
CHR Extension: (Gmail) - C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-01-23]
CHR Extension: (Chrome Media Router) - C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [41952 2018-06-07] (VIA Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-21] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 dot4; C:\WINDOWS\System32\drivers\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-09-12] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-09-12] (Disc Soft Ltd)
S3 dtultrascsibus; C:\WINDOWS\System32\drivers\dtultrascsibus.sys [30264 2018-09-12] (Disc Soft Ltd)
S3 dtultrausbbus; C:\WINDOWS\System32\drivers\dtultrausbbus.sys [47672 2018-09-12] (Disc Soft Ltd)
R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [32840 2018-06-07] (ELAN Microelectronic Corp.)
R3 MTsensor; C:\WINDOWS\System32\drivers\ASACPI.sys [17280 2013-05-17] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c1a085cc86772d3f\nvlddmkm.sys [17544792 2018-03-25] (NVIDIA Corporation)
S3 NVSWCFilter; C:\WINDOWS\System32\drivers\nvswcfilter.sys [45152 2018-10-04] (NVIDIA Corporation)
S3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [74576 2018-10-01] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1139424 2018-09-15] (Realtek )
S3 rzhnet; C:\WINDOWS\System32\Drivers\rzhnet.sys [29712 2016-10-30] (Razer Inc)
S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU Co., LTD.(http://www.devguru.co.kr))
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64640 2016-09-05] (QUALCOMM Incorporated)
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [70400 2014-01-22] (DEVGURU Co., LTD.)
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-01-22] (DEVGURU Co., LTD.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-23 22:51 - 2019-01-23 22:52 - 000009963 _____ C:\Users\Doma\Desktop\FRST.txt
2019-01-23 22:51 - 2019-01-23 22:51 - 000000000 ____D C:\FRST
2019-01-23 22:49 - 2019-01-23 22:49 - 002428416 _____ (Farbar) C:\Users\Doma\Downloads\FRST64.exe
2019-01-23 22:49 - 2019-01-23 22:49 - 002428416 _____ (Farbar) C:\Users\Doma\Desktop\FRST64.exe
2019-01-23 22:38 - 2019-01-23 22:38 - 000000000 ____D C:\Users\Doma\AppData\Local\Google
2019-01-23 22:15 - 2019-01-23 22:15 - 000000000 ____D C:\Users\Doma\AppData\Local\Comms
2019-01-23 22:14 - 2019-01-23 22:52 - 000000000 ____D C:\ProgramData\Packages
2019-01-23 22:05 - 2019-01-23 22:05 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2577908564-1240238108-2548213143-1000
2019-01-23 22:05 - 2019-01-23 22:05 - 000002894 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-01-23 22:03 - 2019-01-23 22:03 - 000000000 ____D C:\Users\Doma\AppData\Local\D3DSCache
2019-01-23 22:00 - 2019-01-23 22:33 - 000000000 ____D C:\Users\Doma\AppData\Local\PlaceholderTileLogoFolder
2019-01-23 22:00 - 2019-01-23 22:00 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2019-01-23 21:59 - 2019-01-23 21:59 - 001689050 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-01-23 21:58 - 2019-01-23 22:33 - 000000000 ____D C:\Users\Doma\AppData\Local\Publishers
2019-01-23 21:58 - 2019-01-23 21:58 - 000000000 ____D C:\Users\Doma\AppData\Local\MicrosoftEdge
2019-01-23 21:56 - 2019-01-23 22:52 - 000000000 ____D C:\Users\Doma\AppData\Local\Packages
2019-01-23 21:56 - 2019-01-23 21:58 - 000000000 ____D C:\Users\Doma\AppData\Local\ConnectedDevicesPlatform
2019-01-23 21:56 - 2019-01-23 21:56 - 000000020 ___SH C:\Users\Doma\ntuser.ini
2019-01-23 21:56 - 2019-01-23 21:56 - 000000000 _SHDL C:\Users\Default\AppData\Local\Data aplikací
2019-01-23 21:56 - 2019-01-23 21:56 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Data aplikací
2019-01-23 21:56 - 2019-01-23 21:56 - 000000000 _SHDL C:\Users\Default User
2019-01-23 21:56 - 2019-01-23 21:56 - 000000000 _SHDL C:\Users\All Users
2019-01-23 21:56 - 2019-01-23 21:56 - 000000000 _SHDL C:\ProgramData\Šablony
2019-01-23 21:56 - 2019-01-23 21:56 - 000000000 _SHDL C:\ProgramData\Plocha
2019-01-23 21:56 - 2019-01-23 21:56 - 000000000 _SHDL C:\ProgramData\Oblíbené položky
2019-01-23 21:56 - 2019-01-23 21:56 - 000000000 _SHDL C:\ProgramData\Nabídka Start
2019-01-23 21:56 - 2019-01-23 21:56 - 000000000 _SHDL C:\ProgramData\Dokumenty
2019-01-23 21:56 - 2019-01-23 21:56 - 000000000 _SHDL C:\ProgramData\Data aplikací
2019-01-23 21:56 - 2019-01-23 21:56 - 000000000 ____D C:\Users\Doma\AppData\Roaming\Adobe
2019-01-23 21:56 - 2019-01-23 21:56 - 000000000 ____D C:\Users\Doma\AppData\Local\VirtualStore
2019-01-23 21:55 - 2019-01-23 21:55 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-01-23 21:55 - 2019-01-23 21:55 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-01-23 21:54 - 2019-01-23 21:54 - 000018612 _____ C:\Users\Doma\Desktop\Odebrané aplikace.html
2019-01-23 21:50 - 2019-01-23 22:05 - 000002388 _____ C:\Users\Doma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-01-23 21:50 - 2019-01-23 21:57 - 000000000 ____D C:\Users\Doma
2019-01-23 21:50 - 2019-01-23 21:50 - 000000000 _SHDL C:\Users\Doma\Šablony
2019-01-23 21:50 - 2019-01-23 21:50 - 000000000 _SHDL C:\Users\Doma\Soubory cookie
2019-01-23 21:50 - 2019-01-23 21:50 - 000000000 _SHDL C:\Users\Doma\Poslední
2019-01-23 21:50 - 2019-01-23 21:50 - 000000000 _SHDL C:\Users\Doma\Okolní tiskárny
2019-01-23 21:50 - 2019-01-23 21:50 - 000000000 _SHDL C:\Users\Doma\Okolní síť
2019-01-23 21:50 - 2019-01-23 21:50 - 000000000 _SHDL C:\Users\Doma\Nabídka Start
2019-01-23 21:50 - 2019-01-23 21:50 - 000000000 _SHDL C:\Users\Doma\Dokumenty
2019-01-23 21:50 - 2019-01-23 21:50 - 000000000 _SHDL C:\Users\Doma\Documents\Obrázky
2019-01-23 21:50 - 2019-01-23 21:50 - 000000000 _SHDL C:\Users\Doma\Documents\Hudba
2019-01-23 21:50 - 2019-01-23 21:50 - 000000000 _SHDL C:\Users\Doma\Documents\Filmy
2019-01-23 21:50 - 2019-01-23 21:50 - 000000000 _SHDL C:\Users\Doma\Data aplikací
2019-01-23 21:50 - 2019-01-23 21:50 - 000000000 _SHDL C:\Users\Doma\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2019-01-23 21:50 - 2019-01-23 21:50 - 000000000 _SHDL C:\Users\Doma\AppData\Local\Data aplikací
2019-01-23 21:46 - 2019-01-23 21:46 - 000000000 ____D C:\Program Files\VIA
2019-01-23 21:45 - 2019-01-23 21:56 - 000000000 ____D C:\ProgramData\NVIDIA
2019-01-23 21:45 - 2019-01-23 21:45 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2019-01-23 21:45 - 2019-01-23 21:45 - 000000000 ____D C:\ProgramData\USOShared
2019-01-23 21:45 - 2019-01-23 21:45 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-01-23 21:45 - 2019-01-23 21:45 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-01-23 21:45 - 2018-04-12 00:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2019-01-23 21:45 - 2018-03-24 00:50 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2019-01-23 21:45 - 2018-03-24 00:02 - 005952392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2019-01-23 21:45 - 2018-03-24 00:02 - 002596320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2019-01-23 21:45 - 2018-03-24 00:02 - 001767824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2019-01-23 21:45 - 2018-03-24 00:02 - 000633224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2019-01-23 21:45 - 2018-03-24 00:02 - 000451040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2019-01-23 21:45 - 2018-03-24 00:02 - 000123840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2019-01-23 21:45 - 2018-03-24 00:02 - 000083072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2019-01-23 21:45 - 2018-03-21 12:22 - 008114212 _____ C:\WINDOWS\system32\nvcoproc.bin
2019-01-23 21:42 - 2019-01-23 21:52 - 000234984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-01-23 21:42 - 2019-01-23 21:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-01-23 21:40 - 2019-01-23 22:06 - 000000000 ____D C:\WINDOWS\Panther
2019-01-23 21:40 - 2019-01-23 21:40 - 000000000 ____D C:\WINDOWS\InfusedApps
2019-01-23 21:40 - 2019-01-23 21:40 - 000000000 ____D C:\Windows.old
2019-01-23 21:39 - 2019-01-23 21:40 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2019-01-23 21:37 - 2019-01-23 21:37 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2019-01-23 21:37 - 2019-01-23 21:37 - 000000000 ____D C:\WINDOWS\Setup
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\te-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\or-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\km-KH
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\is-IS
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\id-ID
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\be-BY
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\as-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2019-01-23 21:32 - 2019-01-23 21:32 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2019-01-23 21:32 - 2019-01-23 21:32 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2019-01-23 21:32 - 2019-01-23 21:32 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2019-01-23 21:32 - 2019-01-23 21:32 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2019-01-23 21:32 - 2019-01-23 21:32 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2019-01-23 21:32 - 2019-01-23 21:32 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2019-01-23 21:32 - 2019-01-23 21:32 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2019-01-23 21:32 - 2019-01-23 21:32 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2019-01-23 21:32 - 2019-01-23 21:32 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2019-01-23 21:32 - 2019-01-23 21:32 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2019-01-23 21:32 - 2019-01-23 21:32 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2019-01-23 21:32 - 2019-01-23 21:32 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2019-01-23 21:32 - 2019-01-23 21:32 - 000000000 ____D C:\WINDOWS\OCR
2019-01-23 21:32 - 2019-01-23 21:32 - 000000000 ____D C:\Program Files\Reference Assemblies
2019-01-23 21:32 - 2019-01-23 21:32 - 000000000 ____D C:\Program Files\MSBuild
2019-01-23 21:32 - 2019-01-23 21:32 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2019-01-23 21:32 - 2019-01-23 21:32 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-01-23 21:31 - 2019-01-23 21:59 - 000715034 _____ C:\WINDOWS\system32\perfh005.dat
2019-01-23 21:31 - 2019-01-23 21:59 - 000144328 _____ C:\WINDOWS\system32\perfc005.dat
2019-01-23 21:31 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2019-01-23 21:31 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2019-01-23 21:31 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2019-01-23 21:31 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2019-01-23 21:31 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2019-01-23 21:31 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\SysWOW64\cs
2019-01-23 21:31 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2019-01-23 21:31 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\system32\winrm
2019-01-23 21:31 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\system32\WCN
2019-01-23 21:31 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\system32\slmgr
2019-01-23 21:31 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2019-01-23 21:31 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\system32\cs
2019-01-23 21:31 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\system32\0409
2019-01-23 21:31 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\DigitalLocker
2019-01-23 21:31 - 2019-01-23 21:30 - 000296964 _____ C:\WINDOWS\system32\perfi005.dat
2019-01-23 21:31 - 2019-01-23 21:30 - 000038778 _____ C:\WINDOWS\system32\perfd005.dat
2019-01-23 21:28 - 2019-01-02 20:41 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-01-23 21:28 - 2019-01-02 20:41 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-23 21:26 - 2019-01-23 21:22 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2019-01-23 21:26 - 2019-01-23 21:22 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2019-01-23 21:26 - 2019-01-23 21:22 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2019-01-23 21:25 - 2019-01-23 22:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-01-23 21:25 - 2019-01-23 22:51 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-01-23 21:25 - 2019-01-23 22:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-01-23 21:25 - 2019-01-23 21:56 - 000000000 ____D C:\Program Files\windows nt
2019-01-23 21:25 - 2019-01-23 21:55 - 000000000 ____D C:\WINDOWS\system32\spool
2019-01-23 21:25 - 2019-01-23 21:55 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2019-01-23 21:25 - 2019-01-23 21:47 - 000000000 ___RD C:\WINDOWS\PrintDialog
2019-01-23 21:25 - 2019-01-23 21:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2019-01-23 21:25 - 2019-01-23 21:45 - 000000000 ___RD C:\Program Files (x86)
2019-01-23 21:25 - 2019-01-23 21:45 - 000000000 ____D C:\WINDOWS\Help
2019-01-23 21:25 - 2019-01-23 21:40 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2019-01-23 21:25 - 2019-01-23 21:40 - 000000000 __RHD C:\Users\Public\Libraries
2019-01-23 21:25 - 2019-01-23 21:40 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\TextInput
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\ta-in
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\si-lk
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\setup
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\am-et
2019-01-23 21:25 - 2019-01-23 21:35 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-01-23 21:25 - 2019-01-23 21:35 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-01-23 21:25 - 2019-01-23 21:35 - 000000000 ____D C:\WINDOWS\Provisioning
2019-01-23 21:25 - 2019-01-23 21:35 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-01-23 21:25 - 2019-01-23 21:35 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2019-01-23 21:25 - 2019-01-23 21:35 - 000000000 ____D C:\Program Files\Windows Defender
2019-01-23 21:25 - 2019-01-23 21:35 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2019-01-23 21:25 - 2019-01-23 21:35 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2019-01-23 21:25 - 2019-01-23 21:32 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2019-01-23 21:25 - 2019-01-23 21:32 - 000000000 ____D C:\WINDOWS\system32\MUI
2019-01-23 21:25 - 2019-01-23 21:32 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-01-23 21:25 - 2019-01-23 21:31 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2019-01-23 21:25 - 2019-01-23 21:31 - 000000000 ___SD C:\WINDOWS\system32\dsc
2019-01-23 21:25 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\SysWOW64\com
2019-01-23 21:25 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2019-01-23 21:25 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\system32\migwiz
2019-01-23 21:25 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\system32\com
2019-01-23 21:25 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\IME
2019-01-23 21:25 - 2019-01-23 21:31 - 000000000 ____D C:\Program Files\Common Files\system
2019-01-23 21:25 - 2019-01-23 21:31 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-01-23 21:25 - 2019-01-23 21:26 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2019-01-23 21:25 - 2019-01-23 21:26 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2019-01-23 21:25 - 2019-01-23 21:26 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2019-01-23 21:25 - 2019-01-23 21:26 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2019-01-23 21:25 - 2019-01-23 21:26 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2019-01-23 21:25 - 2019-01-23 21:26 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2019-01-23 21:25 - 2019-01-23 21:26 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 __SHD C:\Program Files\Windows Sidebar
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 __RSD C:\WINDOWS\media
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ___SD C:\WINDOWS\system32\Nui
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ___HD C:\WINDOWS\LanguageOverlayCache
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\Web
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\WaaS
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\Vss
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\tracing
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\TAPI
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\SystemResources
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\SystemApps
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\winevt
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\ta-lk
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\ras
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\my-mm
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\IME
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\icsxml
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\ias
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\hydrogen
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\DriverState
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\downlevel
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\DDFs
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\System
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\SKB
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\schemas
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\SchCache
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\ServiceState
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\security
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\Resources
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\rescache
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\Registration
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\PLA
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\Performance
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\ModemLogs
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\L2Schemas
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\InputMethod
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\IdentityCRL
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\Globalization
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\Cursors
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\Branding
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\appcompat
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\addins
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\ProgramData\USOPrivate
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\Program Files\Windows Security
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\Program Files\Windows Portable Devices
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\Program Files\Common Files\Services
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\Program Files (x86)\windows nt
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2019-01-23 21:25 - 2019-01-23 21:22 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2019-01-23 21:25 - 2019-01-23 21:22 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2019-01-23 21:25 - 2019-01-23 21:22 - 000017635 _____ C:\WINDOWS\system32\Drivers\etc\services
2019-01-23 21:25 - 2019-01-23 21:22 - 000017346 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2019-01-23 21:25 - 2019-01-23 21:22 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2019-01-23 21:25 - 2019-01-23 21:22 - 000001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2019-01-23 21:25 - 2019-01-23 21:22 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2019-01-23 21:25 - 2019-01-23 21:22 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2019-01-23 21:25 - 2019-01-23 21:22 - 000000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2019-01-23 21:25 - 2019-01-23 21:22 - 000000219 _____ C:\WINDOWS\system.ini
2019-01-23 21:25 - 2019-01-23 21:22 - 000000092 _____ C:\WINDOWS\win.ini
2019-01-23 21:23 - 2019-01-23 22:06 - 000000000 ____D C:\WINDOWS\INF
2019-01-23 21:16 - 2019-01-23 22:13 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-01-23 21:07 - 2019-01-23 21:59 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-01-23 21:07 - 2019-01-23 21:51 - 071827456 _____ C:\WINDOWS\system32\config\SOFTWARE
2019-01-23 21:07 - 2019-01-23 21:51 - 012845056 _____ C:\WINDOWS\system32\config\SYSTEM
2019-01-23 21:07 - 2019-01-23 21:51 - 000524288 _____ C:\WINDOWS\system32\config\DEFAULT
2019-01-23 21:07 - 2019-01-23 21:51 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2019-01-23 21:07 - 2019-01-23 21:51 - 000061440 _____ C:\WINDOWS\system32\config\SAM
2019-01-23 21:07 - 2019-01-23 21:51 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY
2019-01-23 21:07 - 2019-01-23 21:41 - 000000000 ___HD C:\$SysReset
2019-01-23 21:07 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\servicing
2019-01-23 21:07 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\SMI
2019-01-23 18:42 - 2019-01-23 18:42 - 000008530 _____ C:\Users\Doma\DQEIR-DECRYPT.txt
2019-01-23 18:42 - 2019-01-23 18:42 - 000008530 _____ C:\Users\Default\DQEIR-DECRYPT.txt
2019-01-23 18:42 - 2019-01-23 18:42 - 000008530 _____ C:\Users\Default\Downloads\DQEIR-DECRYPT.txt
2019-01-23 18:42 - 2019-01-23 18:42 - 000008530 _____ C:\Users\Default\Documents\DQEIR-DECRYPT.txt
2019-01-23 18:42 - 2019-01-23 18:42 - 000008530 _____ C:\Users\Default\Desktop\DQEIR-DECRYPT.txt
2019-01-23 18:42 - 2019-01-23 18:42 - 000008530 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\DQEIR-DECRYPT.txt
2019-01-23 18:42 - 2019-01-23 18:42 - 000008530 _____ C:\Users\Default User\Downloads\DQEIR-DECRYPT.txt
2019-01-23 18:42 - 2019-01-23 18:42 - 000008530 _____ C:\Users\Default User\Documents\DQEIR-DECRYPT.txt
2019-01-23 18:42 - 2019-01-23 18:42 - 000008530 _____ C:\Users\Default User\Desktop\DQEIR-DECRYPT.txt
2019-01-23 18:42 - 2019-01-23 18:42 - 000008530 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\DQEIR-DECRYPT.txt
2019-01-23 18:40 - 2019-01-23 18:40 - 000008530 _____ C:\DQEIR-DECRYPT.txt
2019-01-19 18:18 - 2019-01-23 18:45 - 1185015504 _____ C:\Users\Doma\Desktop\Já, Kajínek_Epizoda - Po roce.avi
2019-01-14 16:02 - 2019-01-14 16:02 - 000000000 ____D C:\Users\Doma\Documents\Ashampoo Burning Studio 20
2019-01-14 16:00 - 2019-01-23 21:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2019-01-14 16:00 - 2019-01-14 16:00 - 000001400 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio 20.lnk
2019-01-14 15:59 - 2019-01-23 19:11 - 000000000 ____D C:\Users\Doma\Desktop\Ashampoo Burning Studio 20.0.2.7
2019-01-14 15:55 - 2019-01-23 18:43 - 163188554 _____ C:\Users\Doma\Desktop\Ashampoo Burning Studio 20.0.2.7.rar
2019-01-14 15:55 - 2019-01-14 15:55 - 000013022 _____ C:\Users\Doma\Desktop\[CzT]Ashampoo_Burning_Studio_v_20_0_2_7_CZ_SK_.torrent
2019-01-14 15:53 - 2019-01-14 15:54 - 068953037 _____ C:\Users\Doma\Desktop\Nero Burning ROM 2016 [v17.0.5000].exe
2019-01-14 15:53 - 2019-01-14 15:53 - 000011103 _____ C:\Users\Doma\Desktop\[CzT]Nero_Burning_ROM_Nero_Express_v17_0_5000_Portable_2016_CZ_.torrent
2019-01-10 20:38 - 2019-01-10 21:52 - 000000000 ____D C:\Users\Doma\Downloads\Searching.2018.BDRip.x264.CZ-TreZzoR
2019-01-10 20:16 - 2019-01-10 20:33 - 000000000 ____D C:\Users\Doma\Downloads\Searching.2018.720p.BluRay.DD5.1.x264-DON.CZ-FTU
2019-01-10 20:13 - 2019-01-10 20:13 - 000000000 ____D C:\Users\Doma\Downloads\Searching.2018.1080p.BluRay.DTS.x264-SbR.CZ-FTU
2019-01-09 15:55 - 2019-01-01 08:12 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-01-09 15:55 - 2019-01-01 07:55 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-01-09 15:55 - 2019-01-01 07:50 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-01-09 15:55 - 2019-01-01 07:37 - 006571584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-01-09 15:54 - 2019-01-01 14:50 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-01-09 15:54 - 2019-01-01 14:47 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2019-01-09 15:54 - 2019-01-01 14:46 - 012710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-01-09 15:54 - 2019-01-01 14:45 - 000714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2019-01-09 15:54 - 2019-01-01 14:45 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2019-01-09 15:54 - 2019-01-01 14:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-01-09 15:54 - 2019-01-01 14:20 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-01-09 15:54 - 2019-01-01 14:20 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
2019-01-09 15:54 - 2019-01-01 14:18 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2019-01-09 15:54 - 2019-01-01 14:17 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2019-01-09 15:54 - 2019-01-01 08:14 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-01-09 15:54 - 2019-01-01 08:14 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-01-09 15:54 - 2019-01-01 08:14 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-01-09 15:54 - 2019-01-01 08:14 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-01-09 15:54 - 2019-01-01 08:14 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-01-09 15:54 - 2019-01-01 08:14 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-01-09 15:54 - 2019-01-01 08:13 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-01-09 15:54 - 2019-01-01 08:13 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-01-09 15:54 - 2019-01-01 08:13 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-01-09 15:54 - 2019-01-01 08:13 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-01-09 15:54 - 2019-01-01 08:13 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-01-09 15:54 - 2019-01-01 08:12 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-01-09 15:54 - 2019-01-01 08:12 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-01-09 15:54 - 2019-01-01 08:12 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-01-09 15:54 - 2019-01-01 08:12 - 002421288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-01-09 15:54 - 2019-01-01 08:12 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-01-09 15:54 - 2019-01-01 08:12 - 000268304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-01-09 15:54 - 2019-01-01 08:12 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-01-09 15:54 - 2019-01-01 08:12 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-01-09 15:54 - 2019-01-01 07:50 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-01-09 15:54 - 2019-01-01 07:48 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-01-09 15:54 - 2019-01-01 07:48 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-01-09 15:54 - 2019-01-01 07:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
2019-01-09 15:54 - 2019-01-01 07:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-01-09 15:54 - 2019-01-01 07:47 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-01-09 15:54 - 2019-01-01 07:46 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-01-09 15:54 - 2019-01-01 07:46 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-01-09 15:54 - 2019-01-01 07:46 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-01-09 15:54 - 2019-01-01 07:45 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-01-09 15:54 - 2019-01-01 07:45 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-01-09 15:54 - 2019-01-01 07:45 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-01-09 15:54 - 2019-01-01 07:44 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-01-09 15:54 - 2019-01-01 07:44 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-01-09 15:54 - 2019-01-01 07:44 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-01-09 15:54 - 2019-01-01 07:44 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2019-01-09 15:54 - 2019-01-01 07:44 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-01-09 15:54 - 2019-01-01 07:43 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-01-09 15:54 - 2019-01-01 07:42 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-01-09 15:54 - 2019-01-01 07:42 - 002247680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2019-01-09 15:54 - 2019-01-01 07:42 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-01-09 15:54 - 2019-01-01 07:42 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-01-09 15:54 - 2019-01-01 07:41 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-01-09 15:54 - 2019-01-01 07:41 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-01-09 15:54 - 2019-01-01 07:41 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2019-01-09 15:54 - 2019-01-01 07:41 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-01-09 15:54 - 2019-01-01 07:37 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-01-09 15:54 - 2019-01-01 07:37 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-01-09 15:54 - 2019-01-01 07:37 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-01-09 15:54 - 2019-01-01 07:37 - 000880048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-01-09 15:54 - 2019-01-01 07:37 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-01-09 15:54 - 2019-01-01 07:37 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-01-09 15:54 - 2019-01-01 07:29 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-01-09 15:54 - 2019-01-01 07:22 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-01-09 15:54 - 2019-01-01 07:17 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-01-09 15:54 - 2019-01-01 07:16 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-01-09 15:54 - 2019-01-01 07:16 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-01-09 15:54 - 2019-01-01 07:16 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-01-09 15:54 - 2019-01-01 07:15 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-01-09 15:54 - 2019-01-01 07:15 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-01-09 15:54 - 2019-01-01 07:15 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-01-09 15:54 - 2019-01-01 07:15 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-01-09 15:54 - 2019-01-01 07:14 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-01-09 15:54 - 2019-01-01 07:14 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-01-09 15:54 - 2019-01-01 07:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-01-09 15:54 - 2019-01-01 07:13 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-01-09 15:54 - 2019-01-01 07:13 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-01-09 15:54 - 2019-01-01 07:13 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-01-09 15:54 - 2019-01-01 07:12 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-01-09 15:54 - 2019-01-01 07:12 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2019-01-09 15:54 - 2019-01-01 07:12 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-01-09 15:54 - 2019-01-01 07:12 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2019-01-09 15:54 - 2019-01-01 06:23 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-01-09 15:54 - 2018-12-19 05:49 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-01-08 20:20 - 2019-01-08 20:21 - 000000000 ____D C:\wifidata
2019-01-07 20:25 - 2019-01-23 18:43 - 000090483 _____ C:\Users\Doma\Desktop\Dobropisy.pdf
2019-01-05 12:56 - 2019-01-05 12:56 - 000000000 _____ C:\Users\Doma\Desktop\Nový textový dokument.txt
2019-01-05 00:57 - 2019-01-10 20:12 - 000000000 ____D C:\Users\Doma\Downloads\Zahulíme, uvidíme 1,2,3 (2007-2011) CZ
2019-01-03 14:23 - 2019-01-23 18:45 - 000885484 _____ C:\Users\Doma\Desktop\UM_ML_181207092710.pdf
2019-01-02 22:23 - 2019-01-23 21:54 - 000000000 ____D C:\Users\Doma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2019-01-02 22:23 - 2019-01-02 22:23 - 000000992 _____ C:\Users\Doma\Desktop\µTorrent.lnk
2019-01-02 14:14 - 2019-01-23 18:46 - 2790696460 _____ C:\Users\Doma\Desktop\Zahulíme, uvidíme 1 (2004) 1080p.mkv
2019-01-01 20:49 - 2018-03-24 02:19 - 001683216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvir3dgenco64.dll
2019-01-01 20:49 - 2018-03-24 02:19 - 000468752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvstusb.sys
2019-01-01 20:04 - 2018-10-04 12:26 - 000045152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvswcfilter.sys
2019-01-01 20:04 - 2018-10-01 16:47 - 000074576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2018-12-30 18:37 - 2019-01-23 21:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EXPERTool
2018-12-30 18:37 - 2018-12-30 18:37 - 000001080 _____ C:\Users\Public\Desktop\EXPERTool.lnk
2018-12-30 18:32 - 2019-01-23 19:11 - 000000000 ____D C:\Users\Doma\Desktop\Setup32_EXPERTool_NV_10_22 (1)
2018-12-27 16:28 - 2019-01-23 18:46 - 000000000 ____D C:\Users\Doma\Desktop\vejska

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-23 22:26 - 2018-06-25 14:25 - 000000000 ____D C:\Users\Doma\Desktop\bmw
2019-01-23 22:07 - 2017-11-12 21:50 - 000000000 ____D C:\Users\Doma\Desktop\Kresby
2019-01-23 22:05 - 2016-06-19 21:23 - 000000000 ___RD C:\Users\Doma\OneDrive
2019-01-23 22:04 - 2017-10-24 15:51 - 000000000 ____D C:\Users\Doma\Desktop\secret
2019-01-23 21:59 - 2018-07-28 00:12 - 000001417 _____ C:\Users\Doma\Desktop\Microsoft Edge.lnk
2019-01-23 21:57 - 2018-04-29 14:13 - 000000000 ___RD C:\Users\Doma\3D Objects
2019-01-23 21:57 - 2016-06-19 21:14 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-01-23 21:54 - 2012-07-06 12:28 - 000000000 ____D C:\Users\Doma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameShadow
2019-01-23 21:54 - 2011-11-23 22:07 - 000000000 ____D C:\Users\Doma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hry.cz
2019-01-23 21:54 - 2011-10-23 16:38 - 000000000 ____D C:\Users\Doma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2019-01-23 21:54 - 2011-10-19 23:13 - 000000000 ____D C:\Users\Doma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Marvell
2019-01-23 21:40 - 2018-11-29 12:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-01-23 21:40 - 2018-10-23 23:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2019-01-23 21:40 - 2018-09-30 17:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer Cortex
2019-01-23 21:40 - 2018-09-20 16:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-01-23 21:40 - 2018-09-12 20:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Ultra
2019-01-23 21:40 - 2018-08-23 23:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2019-01-23 21:40 - 2018-06-14 23:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
2019-01-23 21:40 - 2018-06-01 09:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-01-23 21:40 - 2018-05-16 13:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2019-01-23 21:40 - 2017-11-26 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-01-23 21:40 - 2017-11-21 17:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2019-01-23 21:40 - 2014-12-30 19:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2019-01-23 21:40 - 2014-09-04 15:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4
2019-01-23 21:40 - 2014-01-04 03:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4Story_CZ
2019-01-23 21:40 - 2013-12-23 13:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2019-01-23 21:40 - 2012-01-05 14:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2019-01-23 21:40 - 2011-10-26 08:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2019-01-23 21:40 - 2011-10-20 00:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2019-01-23 21:40 - 2011-10-19 23:58 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2019-01-23 21:40 - 2011-10-19 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2019-01-23 21:40 - 2011-10-19 23:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
2019-01-23 21:40 - 2009-07-14 06:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2019-01-23 20:15 - 2018-10-23 23:45 - 000000000 ____D C:\Riot Games
2019-01-23 19:34 - 2018-06-06 21:27 - 000000000 ____D C:\Users\Doma\AppData\RoamingStartup Manager
2019-01-23 19:34 - 2011-10-19 23:30 - 000000000 __RHD C:\MSOCache
2019-01-23 19:11 - 2018-12-19 20:07 - 000000000 ____D C:\Users\Doma\Desktop\Microsoft powerpoint
2019-01-23 19:11 - 2018-11-29 12:06 - 000000000 ____D C:\Users\Doma\Desktop\wrd
2019-01-23 19:11 - 2018-09-11 16:58 - 000000000 ____D C:\Users\Doma\Desktop\Zoo Tycoon 2
2019-01-23 18:53 - 2018-05-15 09:02 - 000000000 ____D C:\AdwCleaner
2019-01-23 18:46 - 2013-05-29 21:09 - 000000000 ____D C:\Users\Doma\Desktop\Vzpomínky
2019-01-23 18:45 - 2018-12-19 21:40 - 000844492 _____ C:\Users\Doma\Desktop\GUAJ - Lučková Sabina.pptx
2019-01-23 18:45 - 2018-10-23 10:25 - 000000000 ____D C:\Users\Doma\Desktop\songs
2019-01-23 18:45 - 2018-05-15 21:33 - 000000000 ____D C:\Users\Doma\Desktop\knizky maturita a dokumenty
2019-01-23 18:45 - 2017-10-24 15:18 - 3391319682 _____ C:\Users\Doma\Desktop\GOPR0040.MP4
2019-01-23 18:45 - 2017-10-24 15:08 - 000000000 ____D C:\Users\Doma\Desktop\Fotky z mobilu
2019-01-23 18:45 - 2015-10-12 20:49 - 000000000 ____D C:\Users\Doma\Desktop\Hudba
2019-01-23 18:45 - 2015-07-23 13:53 - 000005176 _____ C:\Users\Doma\Desktop\LUČKOVÁ SABINA.p12
2019-01-23 18:45 - 2014-11-28 19:56 - 000000000 ____D C:\Users\Doma\Desktop\ssdvs seminárky
2019-01-23 18:45 - 2013-05-29 21:05 - 000000000 ____D C:\Users\Doma\Desktop\Tisk
2019-01-23 18:43 - 2018-08-06 23:35 - 000000000 ____D C:\Users\Doma\Apple
2019-01-23 18:43 - 2018-05-21 10:21 - 000000000 ____D C:\Users\Doma\Desktop\ANGLICKÝ JAZYK MATURITA
2019-01-23 18:43 - 2018-05-20 11:52 - 000407342 _____ C:\Users\Doma\Desktop\ČESKÝ JAZYK MATURITA.zip
2019-01-23 18:43 - 2017-11-11 22:05 - 000000000 ____D C:\Users\Doma\Desktop\Dovolená
2019-01-23 18:43 - 2015-11-16 22:06 - 000000000 ____D C:\Users\Doma\Desktop\Dokumenty ze základky
2019-01-23 18:43 - 2013-06-14 20:03 - 000000000 ____D C:\Users\Doma\Desktop\filmy
2019-01-23 18:42 - 2018-05-15 21:46 - 000000000 ____D C:\Users\Doma\ansel
2019-01-23 18:42 - 2016-11-06 21:45 - 000000000 ____D C:\Users\Doma\.QtWebEngineProcess
2019-01-23 18:42 - 2016-11-06 21:45 - 000000000 ____D C:\Users\Doma\.Origin
2019-01-23 18:42 - 2014-01-13 22:38 - 000000000 ____D C:\Users\Doma\2014-01-13
2019-01-23 18:40 - 2018-05-15 21:30 - 000000000 __SHD C:\82ace7d6-0197-474d-bf4b-a2043e72329b
2019-01-23 18:40 - 2018-04-29 14:06 - 000000591 _____ C:\awhF767.tmp.dqeir
2019-01-23 18:40 - 2018-04-29 12:26 - 000000591 _____ C:\awhDAC3.tmp.dqeir
2019-01-23 18:40 - 2018-02-05 11:29 - 000000591 _____ C:\awh36A7.tmp.dqeir
2019-01-23 18:40 - 2018-02-03 04:54 - 000000591 _____ C:\awhC31F.tmp.dqeir
2019-01-23 18:40 - 2018-01-30 12:27 - 000000591 _____ C:\awh2DBE.tmp.dqeir
2019-01-23 18:40 - 2018-01-29 14:22 - 000000591 _____ C:\awh3502.tmp.dqeir
2019-01-23 18:40 - 2018-01-28 13:50 - 000000591 _____ C:\awhBD7B.tmp.dqeir
2019-01-23 18:40 - 2018-01-17 17:01 - 000000591 _____ C:\awh5A00.tmp.dqeir
2019-01-23 18:40 - 2017-12-09 21:13 - 000000591 _____ C:\awh5E44.tmp.dqeir
2019-01-23 18:40 - 2017-12-05 21:54 - 000000591 _____ C:\awh42DC.tmp.dqeir
2019-01-23 18:40 - 2017-12-02 20:46 - 000000591 _____ C:\awh2783.tmp.dqeir
2019-01-23 18:40 - 2017-11-11 17:21 - 000000591 _____ C:\awh2A8.tmp.dqeir
2019-01-23 18:40 - 2017-10-02 19:13 - 000000591 _____ C:\awh6EDE.tmp.dqeir
2019-01-23 18:40 - 2017-10-02 17:02 - 000000591 _____ C:\awh52F7.tmp.dqeir
2019-01-23 18:40 - 2017-09-29 06:14 - 000000591 _____ C:\awhFD24.tmp.dqeir
2019-01-23 18:40 - 2017-04-09 18:48 - 000000591 _____ C:\awh3B0C.tmp.dqeir
2019-01-23 18:40 - 2017-04-09 17:41 - 000000591 _____ C:\awhF66D.tmp.dqeir
2019-01-23 18:40 - 2017-03-23 20:27 - 000000591 _____ C:\awh5914.tmp.dqeir
2019-01-23 18:40 - 2016-04-04 18:57 - 000001227 _____ C:\awhE2B0.tmp.dqeir
2019-01-23 18:40 - 2016-03-23 06:29 - 000001227 _____ C:\awh48A3.tmp.dqeir
2019-01-23 18:40 - 2016-03-18 15:40 - 000001227 _____ C:\awh622B.tmp.dqeir
2019-01-23 18:40 - 2016-02-17 18:17 - 000001227 _____ C:\awhA073.tmp.dqeir
2019-01-23 18:40 - 2016-02-16 19:03 - 000001227 _____ C:\awhDFE2.tmp.dqeir
2019-01-23 18:40 - 2016-02-15 19:59 - 000001227 _____ C:\awh7ACA.tmp.dqeir
2019-01-23 18:40 - 2016-02-15 17:54 - 000001227 _____ C:\awhBC4C.tmp.dqeir
2019-01-23 18:40 - 2016-02-10 18:37 - 000001227 _____ C:\awhD190.tmp.dqeir
2019-01-23 18:40 - 2016-01-31 19:14 - 000001227 _____ C:\awh2CD9.tmp.dqeir
2019-01-23 18:40 - 2016-01-29 11:41 - 000001227 _____ C:\awh7CAD.tmp.dqeir
2019-01-23 18:40 - 2016-01-25 13:58 - 000001227 _____ C:\awh6CF5.tmp.dqeir
2019-01-23 18:40 - 2016-01-24 20:47 - 000001227 _____ C:\awhC206.tmp.dqeir
2019-01-23 18:40 - 2016-01-24 03:35 - 000001227 _____ C:\awh5724.tmp.dqeir
2019-01-23 18:40 - 2016-01-23 22:44 - 000001227 _____ C:\awh7BF2.tmp.dqeir
2019-01-23 18:40 - 2016-01-13 18:58 - 000001227 _____ C:\awh6805.tmp.dqeir
2019-01-23 18:40 - 2016-01-10 14:37 - 000001227 _____ C:\awh4E3E.tmp.dqeir
2019-01-23 18:40 - 2016-01-06 17:56 - 000001227 _____ C:\awh2A0C.tmp.dqeir
2019-01-23 18:40 - 2015-12-24 18:05 - 000001227 _____ C:\awh45C6.tmp.dqeir
2019-01-23 18:40 - 2015-12-23 23:46 - 000001227 _____ C:\awh814F.tmp.dqeir
2019-01-23 18:40 - 2015-12-23 15:38 - 000001227 _____ C:\awh3F21.tmp.dqeir
2019-01-23 18:40 - 2015-12-22 16:10 - 000001227 _____ C:\awh3E76.tmp.dqeir
2019-01-23 18:40 - 2015-12-21 17:40 - 000001227 _____ C:\awh56D6.tmp.dqeir
2019-01-23 18:40 - 2015-12-21 00:48 - 000001227 _____ C:\awhC491.tmp.dqeir
2019-01-23 18:40 - 2015-12-16 16:46 - 000001227 _____ C:\awh6518.tmp.dqeir
2019-01-23 18:40 - 2015-12-15 17:29 - 000001227 _____ C:\awh67C7.tmp.dqeir
2019-01-23 18:40 - 2015-12-11 13:15 - 000001227 _____ C:\awh1506.tmp.dqeir
2019-01-23 18:40 - 2015-12-10 14:46 - 000001227 _____ C:\awh673A.tmp.dqeir
2019-01-23 18:40 - 2015-12-09 16:01 - 000001227 _____ C:\awh5D99.tmp.dqeir
2019-01-23 18:40 - 2015-11-25 19:47 - 000001227 _____ C:\awh31B9.tmp.dqeir
2019-01-23 18:40 - 2015-11-25 07:23 - 000001227 _____ C:\awh4B90.tmp.dqeir
2019-01-23 18:40 - 2015-11-22 18:14 - 000001227 _____ C:\awh452A.tmp.dqeir
2019-01-23 18:40 - 2015-11-21 11:28 - 000001227 _____ C:\awh3E66.tmp.dqeir
2019-01-23 18:40 - 2015-11-20 18:37 - 000001227 _____ C:\awh4D54.tmp.dqeir
2019-01-23 18:40 - 2015-11-16 20:22 - 000001227 _____ C:\awh6557.tmp.dqeir
2019-01-23 18:40 - 2015-11-16 13:24 - 000001227 _____ C:\awh6392.tmp.dqeir
2019-01-23 18:40 - 2015-11-15 13:47 - 000001227 _____ C:\awh6E5B.tmp.dqeir
2019-01-23 18:40 - 2015-11-14 13:24 - 000001227 _____ C:\awh5D0D.tmp.dqeir
2019-01-23 18:40 - 2015-11-12 15:11 - 000001227 _____ C:\awh9E8F.tmp.dqeir
2019-01-23 18:40 - 2015-10-27 19:04 - 000001227 _____ C:\awh6566.tmp.dqeir
2019-01-23 18:40 - 2015-10-22 05:30 - 000001227 _____ C:\awh624B.tmp.dqeir
2019-01-23 18:40 - 2015-10-12 17:08 - 000001227 _____ C:\awhD7E7.tmp.dqeir
2019-01-23 18:40 - 2015-10-10 10:11 - 000001227 _____ C:\awh1A05.tmp.dqeir
2019-01-23 18:40 - 2015-10-09 20:53 - 000001227 _____ C:\awhDB50.tmp.dqeir
2019-01-23 18:40 - 2015-10-02 19:56 - 000001227 _____ C:\awhB9BD.tmp.dqeir
2019-01-23 18:40 - 2015-09-21 14:55 - 000001227 _____ C:\awh7E72.tmp.dqeir
2019-01-23 18:40 - 2015-09-15 19:22 - 000001227 _____ C:\awh4411.tmp.dqeir
2019-01-23 18:40 - 2015-09-13 11:13 - 000001227 _____ C:\awh8E4A.tmp.dqeir
2019-01-23 18:40 - 2015-09-03 15:48 - 000001227 _____ C:\awh3AAE.tmp.dqeir
2019-01-23 18:40 - 2015-08-22 14:31 - 000001227 _____ C:\awh90BA.tmp.dqeir
2019-01-23 18:40 - 2015-08-13 21:58 - 000001227 _____ C:\awhC1A9.tmp.dqeir
2019-01-23 18:40 - 2015-08-13 21:44 - 000001227 _____ C:\awhFE4B.tmp.dqeir
2019-01-23 18:40 - 2015-08-11 18:47 - 000001227 _____ C:\awh8C95.tmp.dqeir
2019-01-23 18:40 - 2015-08-10 18:28 - 000001227 _____ C:\awh3E95.tmp.dqeir
2019-01-23 18:40 - 2015-08-10 03:05 - 000001227 _____ C:\awh40C8.tmp.dqeir
2019-01-23 18:40 - 2015-08-08 21:48 - 000001227 _____ C:\awh950D.tmp.dqeir
2019-01-23 18:40 - 2015-08-06 18:14 - 000001227 _____ C:\awh5282.tmp.dqeir
2019-01-23 18:40 - 2015-08-05 22:03 - 000001227 _____ C:\awh387D.tmp.dqeir
2019-01-23 18:40 - 2015-08-04 21:20 - 000001227 _____ C:\awh2FE5.tmp.dqeir
2019-01-23 18:40 - 2015-08-03 21:47 - 000001227 _____ C:\awhA321.tmp.dqeir
2019-01-23 18:40 - 2015-08-02 22:46 - 000001227 _____ C:\awh8E2B.tmp.dqeir
2019-01-23 18:40 - 2015-08-02 14:07 - 000001227 _____ C:\awh7158.tmp.dqeir
2019-01-23 18:40 - 2015-08-01 13:41 - 000001227 _____ C:\awh8D9E.tmp.dqeir
2019-01-23 18:40 - 2015-07-31 15:13 - 000001227 _____ C:\awh89C7.tmp.dqeir
2019-01-23 18:40 - 2015-07-30 19:02 - 000001227 _____ C:\awh5244.tmp.dqeir
2019-01-23 18:40 - 2015-07-30 16:31 - 000001227 _____ C:\awhFE0C.tmp.dqeir
2019-01-23 18:40 - 2015-07-27 16:39 - 000001227 _____ C:\awh164D.tmp.dqeir
2019-01-23 18:40 - 2015-07-23 13:48 - 000001227 _____ C:\awh34C5.tmp.dqeir
2019-01-23 18:40 - 2015-07-11 20:29 - 000001227 _____ C:\awh58B9.tmp.dqeir
2019-01-23 18:40 - 2015-06-22 11:26 - 000001227 _____ C:\awh3F6F.tmp.dqeir
2019-01-23 18:40 - 2015-06-21 18:52 - 000001227 _____ C:\awhB1C1.tmp.dqeir
2019-01-23 18:40 - 2015-06-20 08:15 - 000001227 _____ C:\awh3AFC.tmp.dqeir
2019-01-23 18:40 - 2015-06-19 15:22 - 000001227 _____ C:\awh1FEE.tmp.dqeir
2019-01-23 18:40 - 2015-06-17 13:31 - 000001227 _____ C:\awh7A5D.tmp.dqeir
2019-01-23 18:40 - 2015-06-17 05:42 - 000001227 _____ C:\awhA9A6.tmp.dqeir
2019-01-23 18:40 - 2015-06-16 13:42 - 000001227 _____ C:\awhDE6C.tmp.dqeir
2019-01-23 18:40 - 2015-06-13 13:04 - 000001227 _____ C:\awh4308.tmp.dqeir
2019-01-23 18:40 - 2015-06-12 08:06 - 000001227 _____ C:\awh2ECC.tmp.dqeir
2019-01-23 18:40 - 2015-05-21 10:21 - 000001227 _____ C:\awhA025.tmp.dqeir
2019-01-23 18:40 - 2015-05-08 16:47 - 000001227 _____ C:\awhAADE.tmp.dqeir
2019-01-23 18:40 - 2015-05-07 14:31 - 000001227 _____ C:\awh8B0F.tmp.dqeir
2019-01-23 18:40 - 2015-05-06 10:07 - 000001227 _____ C:\awh334F.tmp.dqeir
2019-01-23 18:40 - 2015-05-05 11:34 - 000001227 _____ C:\awh7A9B.tmp.dqeir
2019-01-23 18:40 - 2015-05-05 10:17 - 000001227 _____ C:\awh2C3D.tmp.dqeir
2019-01-23 18:40 - 2015-05-04 15:04 - 000001227 _____ C:\awh625A.tmp.dqeir
2019-01-23 18:40 - 2015-04-29 18:51 - 000001227 _____ C:\awh9B06.tmp.dqeir
2019-01-23 18:40 - 2015-04-19 15:24 - 000001227 _____ C:\awh9AD7.tmp.dqeir
2019-01-23 18:40 - 2015-04-18 13:40 - 000001227 _____ C:\awhD8D1.tmp.dqeir
2019-01-23 18:40 - 2015-04-17 14:05 - 000001227 _____ C:\awh3949.tmp.dqeir
2019-01-23 18:40 - 2015-04-11 15:00 - 000001227 _____ C:\awh508F.tmp.dqeir
2019-01-23 18:40 - 2015-04-10 06:00 - 000001227 _____ C:\awh4E7D.tmp.dqeir
2019-01-23 18:40 - 2015-04-09 17:20 - 000001227 _____ C:\awh36F7.tmp.dqeir
2019-01-23 18:40 - 2015-04-09 16:38 - 000001227 _____ C:\awh9971.tmp.dqeir
2019-01-23 18:40 - 2015-04-09 16:31 - 000001227 _____ C:\awh6DA0.tmp.dqeir
2019-01-23 18:40 - 2015-04-09 05:53 - 000001227 _____ C:\awh9462.tmp.dqeir
2019-01-23 18:40 - 2015-04-05 11:54 - 000001227 _____ C:\awhDBCD.tmp.dqeir
2019-01-23 18:40 - 2015-04-04 15:41 - 000001227 _____ C:\awhAF8F.tmp.dqeir
2019-01-23 18:40 - 2015-03-21 17:16 - 000001227 _____ C:\awhA514.tmp.dqeir
2019-01-23 18:40 - 2015-03-16 03:24 - 000001227 _____ C:\awhD864.tmp.dqeir
2019-01-23 18:40 - 2015-03-12 12:52 - 000001227 _____ C:\awh38DA.tmp.dqeir
2019-01-23 18:40 - 2015-03-12 12:40 - 000001227 _____ C:\awh25D7.tmp.dqeir
2019-01-23 18:40 - 2015-03-08 18:43 - 000001227 _____ C:\awh191B.tmp.dqeir
2019-01-23 18:40 - 2015-03-07 12:05 - 000001227 _____ C:\awh47A9.tmp.dqeir
2019-01-23 18:40 - 2015-03-06 17:52 - 000001227 _____ C:\awh276D.tmp.dqeir
2019-01-23 18:40 - 2015-03-04 06:50 - 000001227 _____ C:\awh1267.tmp.dqeir
2019-01-23 18:40 - 2015-03-02 14:06 - 000001227 _____ C:\awh3ABE.tmp.dqeir
2019-01-23 18:40 - 2015-02-20 06:34 - 000001227 _____ C:\awh2F78.tmp.dqeir
2019-01-23 18:40 - 2015-02-19 03:35 - 000001227 _____ C:\awhF3C0.tmp.dqeir
2019-01-23 18:40 - 2015-02-18 19:42 - 000001227 _____ C:\awh6769.tmp.dqeir
2019-01-23 18:40 - 2015-02-06 21:20 - 000001227 _____ C:\awh47B9.tmp.dqeir
2019-01-23 18:40 - 2015-02-05 17:40 - 000001227 _____ C:\awh3542.tmp.dqeir
2019-01-23 18:40 - 2015-02-03 19:51 - 000001227 _____ C:\awh498D.tmp.dqeir
2019-01-23 18:40 - 2015-01-31 21:56 - 000001227 _____ C:\awh3BF6.tmp.dqeir
2019-01-23 18:40 - 2015-01-22 15:41 - 000001227 _____ C:\awh3320.tmp.dqeir
2019-01-23 18:40 - 2015-01-21 15:58 - 000001227 _____ C:\awh6AA4.tmp.dqeir
2019-01-23 18:40 - 2015-01-20 14:57 - 000001227 _____ C:\awh3699.tmp.dqeir
2019-01-23 18:40 - 2015-01-19 18:50 - 000001227 _____ C:\awh3726.tmp.dqeir
2019-01-23 18:40 - 2015-01-18 14:10 - 000001227 _____ C:\awh2E21.tmp.dqeir
2019-01-23 18:40 - 2015-01-18 13:33 - 000001227 _____ C:\awh3D5D.tmp.dqeir
2019-01-23 18:40 - 2015-01-16 15:49 - 000001227 _____ C:\awh2FB6.tmp.dqeir
2019-01-23 18:40 - 2015-01-15 14:58 - 000001227 _____ C:\awh2B16.tmp.dqeir
2019-01-23 18:40 - 2015-01-14 15:14 - 000001227 _____ C:\awh389C.tmp.dqeir
2019-01-23 18:40 - 2015-01-14 03:26 - 000001227 _____ C:\awh2912.tmp.dqeir
2019-01-23 18:40 - 2015-01-13 21:35 - 000001227 _____ C:\awh671B.tmp.dqeir
2019-01-23 18:40 - 2015-01-12 14:30 - 000001227 _____ C:\awh82C5.tmp.dqeir
2019-01-23 18:40 - 2015-01-11 11:56 - 000001227 _____ C:\awh1EC6.tmp.dqeir
2019-01-23 18:40 - 2015-01-11 10:30 - 000001227 _____ C:\awh3C06.tmp.dqeir
2019-01-23 18:40 - 2015-01-11 09:51 - 000001227 _____ C:\awh2E50.tmp.dqeir
2019-01-23 18:40 - 2015-01-10 21:17 - 000001227 _____ C:\awh40C7.tmp.dqeir
2019-01-23 18:40 - 2015-01-10 01:06 - 000001227 _____ C:\awh13DD.tmp.dqeir
2019-01-23 18:40 - 2015-01-09 15:02 - 000001227 _____ C:\awh162E.tmp.dqeir
2019-01-23 18:40 - 2015-01-08 16:14 - 000001227 _____ C:\awh1515.tmp.dqeir
2019-01-23 18:40 - 2015-01-07 20:30 - 000001227 _____ C:\awh5F8.tmp.dqeir
2019-01-23 18:40 - 2015-01-06 19:44 - 000001227 _____ C:\awh1DAD.tmp.dqeir
2019-01-23 18:40 - 2015-01-05 15:08 - 000001227 _____ C:\awh2866.tmp.dqeir
2019-01-23 18:40 - 2015-01-03 16:53 - 000001227 _____ C:\awh279C.tmp.dqeir
2019-01-23 18:40 - 2015-01-02 16:33 - 000001227 _____ C:\awh3735.tmp.dqeir
2019-01-23 18:40 - 2015-01-01 20:42 - 000001227 _____ C:\awh5714.tmp.dqeir
2019-01-23 18:40 - 2015-01-01 12:55 - 000001227 _____ C:\awh2B15.tmp.dqeir
2019-01-23 18:40 - 2014-12-31 17:57 - 000001227 _____ C:\awh314C.tmp.dqeir
2019-01-23 18:40 - 2014-12-30 15:10 - 000001227 _____ C:\awh4691.tmp.dqeir
2019-01-23 18:40 - 2014-12-29 22:55 - 000001227 _____ C:\awh5F8D.tmp.dqeir
2019-01-23 18:40 - 2014-12-29 07:59 - 000001227 _____ C:\awh6807.tmp.dqeir
2019-01-23 18:40 - 2014-12-23 22:05 - 000001227 _____ C:\awh3DDA.tmp.dqeir
2019-01-23 18:40 - 2014-12-22 18:58 - 000001227 _____ C:\awh2F1A.tmp.dqeir
2019-01-23 18:40 - 2014-12-20 18:01 - 000001227 _____ C:\awh7CF9.tmp.dqeir
2019-01-23 18:40 - 2014-12-18 13:00 - 000001227 _____ C:\awh202D.tmp.dqeir
2019-01-23 18:40 - 2014-12-14 17:10 - 000001227 _____ C:\awh59D2.tmp.dqeir
2019-01-23 18:40 - 2014-12-10 17:35 - 000001227 _____ C:\awh6882.tmp.dqeir
2019-01-23 18:40 - 2014-12-03 16:35 - 000001227 _____ C:\awh2AA8.tmp.dqeir
2019-01-23 18:40 - 2014-11-28 18:55 - 000001227 _____ C:\awh4F67.tmp.dqeir
2019-01-23 18:40 - 2014-11-27 07:16 - 000001227 _____ C:\awhDBBE.tmp.dqeir
2019-01-23 18:40 - 2014-11-11 14:21 - 000001227 _____ C:\awh2A1B.tmp.dqeir
2019-01-23 18:40 - 2014-11-07 21:15 - 000001227 _____ C:\awh721.tmp.dqeir
2019-01-23 18:40 - 2014-11-06 20:21 - 000001227 _____ C:\awh64F9.tmp.dqeir
2019-01-23 18:40 - 2014-10-21 05:32 - 000001227 _____ C:\awhD142.tmp.dqeir
2019-01-23 18:40 - 2014-10-20 22:01 - 000001227 _____ C:\awh4105.tmp.dqeir
2019-01-23 18:40 - 2014-10-01 19:39 - 000001227 _____ C:\awh3EF3.tmp.dqeir
2019-01-23 18:40 - 2014-09-30 19:15 - 000001227 _____ C:\awh3948.tmp.dqeir
2019-01-23 18:40 - 2014-09-27 11:46 - 000001227 _____ C:\awh539B.tmp.dqeir
2019-01-23 18:40 - 2014-09-24 19:21 - 000001227 _____ C:\awh3330.tmp.dqeir
2019-01-23 18:40 - 2014-09-24 14:04 - 000001227 _____ C:\awh6383.tmp.dqeir
2019-01-23 18:40 - 2014-09-23 19:48 - 000001227 _____ C:\awh2F88.tmp.dqeir
2019-01-23 18:40 - 2014-09-22 20:10 - 000001227 _____ C:\awh8249.tmp.dqeir
2019-01-23 18:40 - 2014-09-22 17:57 - 000001227 _____ C:\awh6E9A.tmp.dqeir
2019-01-23 18:40 - 2014-09-20 13:54 - 000001227 _____ C:\awh3BC7.tmp.dqeir
2019-01-23 18:40 - 2014-09-19 17:41 - 000001227 _____ C:\awh3C73.tmp.dqeir
2019-01-23 18:40 - 2014-09-16 05:15 - 000001227 _____ C:\awh4059.tmp.dqeir
2019-01-23 18:40 - 2014-09-14 15:10 - 000001227 _____ C:\awhC3F.tmp.dqeir
2019-01-23 18:40 - 2014-09-13 10:48 - 000001227 _____ C:\awh2922.tmp.dqeir
2019-01-23 18:40 - 2014-09-12 18:07 - 000001227 _____ C:\awh89F6.tmp.dqeir
2019-01-23 18:40 - 2014-09-07 09:36 - 000001227 _____ C:\awh5F4E.tmp.dqeir
2019-01-23 18:40 - 2014-09-06 09:59 - 000001227 _____ C:\awh98F4.tmp.dqeir
2019-01-23 18:40 - 2014-09-06 09:15 - 000001227 _____ C:\awhDB60.tmp.dqeir
2019-01-23 18:40 - 2014-09-04 14:57 - 000001227 _____ C:\awh8748.tmp.dqeir
2019-01-23 18:40 - 2014-08-14 13:53 - 000001227 _____ C:\awh68A1.tmp.dqeir
2019-01-23 18:40 - 2014-08-12 20:12 - 000001227 _____ C:\awh84F7.tmp.dqeir
2019-01-23 18:40 - 2014-08-11 16:06 - 000001227 _____ C:\awh38CB.tmp.dqeir
2019-01-23 18:40 - 2014-07-17 20:31 - 000001227 _____ C:\awh4559.tmp.dqeir
2019-01-23 18:40 - 2014-07-14 18:29 - 000001227 _____ C:\awhCE56.tmp.dqeir
2019-01-23 18:40 - 2014-07-13 20:47 - 000001227 _____ C:\awhA18B.tmp.dqeir
2019-01-23 18:40 - 2013-12-14 13:46 - 000001139 _____ C:\extensions.ini.dqeir
2019-01-23 18:40 - 2011-10-19 23:08 - 000000000 ____D C:\Intel
2019-01-01 20:05 - 2018-06-06 22:18 - 000001447 _____ C:\Users\Public\Desktop\GeForce Experience.lnk

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-01-23 21:42

==================== End of FRST.txt ============================
Nahoru
Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: GandCrab v5.1

#2 Příspěvek od Conder »

Ahoj :)

:arrow: Co sa tyka suborov, mozes skusit niektory zo zasifrovanych suborov nahrat na https://id-ransomware.malwarehunterteam.com/ - tato stranka identifikuje o aky ransomware sa jedna a upozorni, ak je k dispozicii nastroj na desifrovanie. Ak sa naozaj jedna o GandCrab, potom by sa subory mohli dat obnovit nastrojom od Bitdefender: https://labs.bitdefender.com/2018/10/ga ... -for-free/

:arrow: Bol system na tomto PC obnoveny do tovarenskych nastavenii?

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
  • Nechaj zaskrtnute vsetky nalezy
  • Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
  • Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
  • Otvori sa log, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!
Nahoru
candle59
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 23 led 2019 22:47

Re: GandCrab v5.1

#3 Příspěvek od candle59 »

# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2019-01-21.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-23-2019
# Duration: 00:00:03
# OS: Windows 10 Home
# Cleaned: 3
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\LetsSeeI
Deleted C:\Program Files (x86)\LetsSee!

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LetsSee! 2.05

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt.dqeir - [22742 octets] - [15/05/2018 10:03:56]
AdwCleaner[C00].txt.dqeir - [19109 octets] - [15/05/2018 10:06:58]
AdwCleaner[S01].txt.dqeir - [2100 octets] - [15/05/2018 12:47:40]
AdwCleaner[C01].txt.dqeir - [2151 octets] - [15/05/2018 12:48:35]
AdwCleaner[S02].txt.dqeir - [5892 octets] - [10/09/2018 20:36:34]
AdwCleaner[C02].txt.dqeir - [5247 octets] - [10/09/2018 20:36:46]
AdwCleaner[S03].txt.dqeir - [2125 octets] - [06/10/2018 18:34:04]
AdwCleaner[C03].txt.dqeir - [2174 octets] - [06/10/2018 18:34:19]
AdwCleaner[S04].txt.dqeir - [2280 octets] - [13/10/2018 18:14:41]
AdwCleaner[C04].txt.dqeir - [2466 octets] - [13/10/2018 18:15:49]
AdwCleaner[S00].txt - [2101 octets] - [23/01/2019 18:53:42]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########


Počítač sem restartl a naskakovala pořád dokola oprava, která končila chybou, musel jsem dát tovární nastavení s částečnou obnovou souborů.
Nahoru
Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: GandCrab v5.1

#4 Příspěvek od Conder »

Počítač sem restartl a naskakovala pořád dokola oprava, která končila chybou, musel jsem dát tovární nastavení s částečnou obnovou souborů.
:arrow: Toto nastalo teraz po pouziti AdwCleaneru alebo niekedy predtym?

:arrow: Posli nove logy z FRST, pred skenom zaskrtni "90 Days Files".
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!
Nahoru
candle59
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 23 led 2019 22:47

Re: GandCrab v5.1

#5 Příspěvek od candle59 »

Nene, to už se stalo před tím co jsem poslal LOG



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.01.2019
Ran by Doma (administrator) on DOMA-PC (24-01-2019 11:52:05)
Running from C:\Users\Doma\Desktop
Loaded Profiles: Doma (Available Profiles: Doma)
Platform: Windows 10 Home Version 1803 17134.523 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Piriform Software Ltd) C:\Windows.old\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.464_none_eaf315ac1d6e512f\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Temp\99C342A6-1E27-4438-B80E-FF10B4632A6D\DismHost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-2577908564-1240238108-2548213143-1000\...\Run: [CCleaner Smart Cleaning] => C:\Windows.old\Program Files\CCleaner\CCleaner64.exe [19476424 2018-11-06] (Piriform Software Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{c11ceb86-e3be-4b41-9689-e8b2e0322ce4}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================

Chrome:
=======
CHR Profile: C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default [2019-01-24]
CHR Extension: (Prezentace) - C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-01-23]
CHR Extension: (Dokumenty) - C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-01-23]
CHR Extension: (Disk Google) - C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-01-23]
CHR Extension: (YouTube) - C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-01-23]
CHR Extension: (Tabulky) - C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-01-23]
CHR Extension: (Dokumenty Google offline) - C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-01-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-01-23]
CHR Extension: (Gmail) - C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-01-23]
CHR Extension: (Chrome Media Router) - C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [41952 2018-06-07] (VIA Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-21] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 dot4; C:\WINDOWS\System32\drivers\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-09-12] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-09-12] (Disc Soft Ltd)
S3 dtultrascsibus; C:\WINDOWS\System32\drivers\dtultrascsibus.sys [30264 2018-09-12] (Disc Soft Ltd)
S3 dtultrausbbus; C:\WINDOWS\System32\drivers\dtultrausbbus.sys [47672 2018-09-12] (Disc Soft Ltd)
R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [32840 2018-06-07] (ELAN Microelectronic Corp.)
R1 MpKsl933c322a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8B851833-E0F5-4D57-B9DE-9C9125187D08}\MpKsl933c322a.sys [58120 2019-01-24] (Microsoft Corporation)
R3 MTsensor; C:\WINDOWS\System32\drivers\ASACPI.sys [17280 2013-05-17] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c1a085cc86772d3f\nvlddmkm.sys [17544792 2018-03-25] (NVIDIA Corporation)
S3 NVSWCFilter; C:\WINDOWS\System32\drivers\nvswcfilter.sys [45152 2018-10-04] (NVIDIA Corporation)
S3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [74576 2018-10-01] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1139424 2018-09-15] (Realtek )
S3 rzhnet; C:\WINDOWS\System32\Drivers\rzhnet.sys [29712 2016-10-30] (Razer Inc)
S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64640 2016-09-05] (QUALCOMM Incorporated)
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [70400 2014-01-22] (DEVGURU Co., LTD.)
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-01-22] (DEVGURU Co., LTD.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-24 11:52 - 2019-01-24 11:52 - 000008956 _____ C:\Users\Doma\Desktop\FRST.txt
2019-01-23 23:35 - 2019-01-23 23:34 - 007320272 _____ (Malwarebytes) C:\Users\Doma\Desktop\adwcleaner_7.2.6.0.exe
2019-01-23 23:34 - 2019-01-23 23:34 - 007320272 _____ (Malwarebytes) C:\Users\Doma\Downloads\adwcleaner_7.2.6.0.exe
2019-01-23 22:51 - 2019-01-24 11:52 - 000000000 ____D C:\FRST
2019-01-23 22:49 - 2019-01-23 22:49 - 002428416 _____ (Farbar) C:\Users\Doma\Downloads\FRST64.exe
2019-01-23 22:49 - 2019-01-23 22:49 - 002428416 _____ (Farbar) C:\Users\Doma\Desktop\FRST64.exe
2019-01-23 22:38 - 2019-01-23 23:49 - 000000000 ____D C:\Users\Doma\AppData\Local\Google
2019-01-23 22:15 - 2019-01-23 22:15 - 000000000 ____D C:\Users\Doma\AppData\Local\Comms
2019-01-23 22:14 - 2019-01-23 22:52 - 000000000 ____D C:\ProgramData\Packages
2019-01-23 22:05 - 2019-01-23 22:05 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2577908564-1240238108-2548213143-1000
2019-01-23 22:05 - 2019-01-23 22:05 - 000002894 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-01-23 22:03 - 2019-01-23 22:03 - 000000000 ____D C:\Users\Doma\AppData\Local\D3DSCache
2019-01-23 22:00 - 2019-01-24 11:47 - 000000000 ____D C:\Users\Doma\AppData\Local\PlaceholderTileLogoFolder
2019-01-23 22:00 - 2019-01-23 22:00 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2019-01-23 21:59 - 2019-01-23 23:46 - 001689050 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-01-23 21:58 - 2019-01-23 22:33 - 000000000 ____D C:\Users\Doma\AppData\Local\Publishers
2019-01-23 21:58 - 2019-01-23 21:58 - 000000000 ____D C:\Users\Doma\AppData\Local\MicrosoftEdge
2019-01-23 21:56 - 2019-01-24 01:41 - 000000000 ____D C:\Users\Doma\AppData\Local\Packages
2019-01-23 21:56 - 2019-01-23 21:58 - 000000000 ____D C:\Users\Doma\AppData\Local\ConnectedDevicesPlatform
2019-01-23 21:56 - 2019-01-23 21:56 - 000000020 ___SH C:\Users\Doma\ntuser.ini
2019-01-23 21:56 - 2019-01-23 21:56 - 000000000 _SHDL C:\Users\Default\AppData\Local\Data aplikací
2019-01-23 21:56 - 2019-01-23 21:56 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Data aplikací
2019-01-23 21:56 - 2019-01-23 21:56 - 000000000 _SHDL C:\Users\Default User
2019-01-23 21:56 - 2019-01-23 21:56 - 000000000 _SHDL C:\Users\All Users
2019-01-23 21:56 - 2019-01-23 21:56 - 000000000 _SHDL C:\ProgramData\Šablony
2019-01-23 21:56 - 2019-01-23 21:56 - 000000000 _SHDL C:\ProgramData\Plocha
2019-01-23 21:56 - 2019-01-23 21:56 - 000000000 _SHDL C:\ProgramData\Oblíbené položky
2019-01-23 21:56 - 2019-01-23 21:56 - 000000000 _SHDL C:\ProgramData\Nabídka Start
2019-01-23 21:56 - 2019-01-23 21:56 - 000000000 _SHDL C:\ProgramData\Dokumenty
2019-01-23 21:56 - 2019-01-23 21:56 - 000000000 _SHDL C:\ProgramData\Data aplikací
2019-01-23 21:56 - 2019-01-23 21:56 - 000000000 ____D C:\Users\Doma\AppData\Roaming\Adobe
2019-01-23 21:56 - 2019-01-23 21:56 - 000000000 ____D C:\Users\Doma\AppData\Local\VirtualStore
2019-01-23 21:55 - 2019-01-23 23:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-01-23 21:55 - 2019-01-23 21:55 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-01-23 21:54 - 2019-01-23 21:54 - 000018612 _____ C:\Users\Doma\Desktop\Odebrané aplikace.html
2019-01-23 21:50 - 2019-01-23 22:05 - 000002388 _____ C:\Users\Doma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-01-23 21:50 - 2019-01-23 21:57 - 000000000 ____D C:\Users\Doma
2019-01-23 21:50 - 2019-01-23 21:50 - 000000000 _SHDL C:\Users\Doma\Šablony
2019-01-23 21:50 - 2019-01-23 21:50 - 000000000 _SHDL C:\Users\Doma\Soubory cookie
2019-01-23 21:50 - 2019-01-23 21:50 - 000000000 _SHDL C:\Users\Doma\Poslední
2019-01-23 21:50 - 2019-01-23 21:50 - 000000000 _SHDL C:\Users\Doma\Okolní tiskárny
2019-01-23 21:50 - 2019-01-23 21:50 - 000000000 _SHDL C:\Users\Doma\Okolní síť
2019-01-23 21:50 - 2019-01-23 21:50 - 000000000 _SHDL C:\Users\Doma\Nabídka Start
2019-01-23 21:50 - 2019-01-23 21:50 - 000000000 _SHDL C:\Users\Doma\Dokumenty
2019-01-23 21:50 - 2019-01-23 21:50 - 000000000 _SHDL C:\Users\Doma\Documents\Obrázky
2019-01-23 21:50 - 2019-01-23 21:50 - 000000000 _SHDL C:\Users\Doma\Documents\Hudba
2019-01-23 21:50 - 2019-01-23 21:50 - 000000000 _SHDL C:\Users\Doma\Documents\Filmy
2019-01-23 21:50 - 2019-01-23 21:50 - 000000000 _SHDL C:\Users\Doma\Data aplikací
2019-01-23 21:50 - 2019-01-23 21:50 - 000000000 _SHDL C:\Users\Doma\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2019-01-23 21:50 - 2019-01-23 21:50 - 000000000 _SHDL C:\Users\Doma\AppData\Local\Data aplikací
2019-01-23 21:46 - 2019-01-23 21:46 - 000000000 ____D C:\Program Files\VIA
2019-01-23 21:45 - 2019-01-24 02:14 - 000000000 ____D C:\ProgramData\NVIDIA
2019-01-23 21:45 - 2019-01-23 21:45 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2019-01-23 21:45 - 2019-01-23 21:45 - 000000000 ____D C:\ProgramData\USOShared
2019-01-23 21:45 - 2019-01-23 21:45 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-01-23 21:45 - 2019-01-23 21:45 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-01-23 21:45 - 2018-04-12 00:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2019-01-23 21:45 - 2018-03-24 00:50 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2019-01-23 21:45 - 2018-03-24 00:02 - 005952392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2019-01-23 21:45 - 2018-03-24 00:02 - 002596320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2019-01-23 21:45 - 2018-03-24 00:02 - 001767824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2019-01-23 21:45 - 2018-03-24 00:02 - 000633224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2019-01-23 21:45 - 2018-03-24 00:02 - 000451040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2019-01-23 21:45 - 2018-03-24 00:02 - 000123840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2019-01-23 21:45 - 2018-03-24 00:02 - 000083072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2019-01-23 21:45 - 2018-03-21 12:22 - 008114212 _____ C:\WINDOWS\system32\nvcoproc.bin
2019-01-23 21:42 - 2019-01-24 02:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-01-23 21:42 - 2019-01-23 21:52 - 000234984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-01-23 21:40 - 2019-01-23 22:06 - 000000000 ____D C:\WINDOWS\Panther
2019-01-23 21:40 - 2019-01-23 21:40 - 000000000 ____D C:\WINDOWS\InfusedApps
2019-01-23 21:40 - 2019-01-23 21:40 - 000000000 ____D C:\Windows.old
2019-01-23 21:39 - 2019-01-23 21:40 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2019-01-23 21:37 - 2019-01-23 21:37 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2019-01-23 21:37 - 2019-01-23 21:37 - 000000000 ____D C:\WINDOWS\Setup
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\te-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\or-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\km-KH
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\is-IS
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\id-ID
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\be-BY
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\as-IN
2019-01-23 21:32 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2019-01-23 21:32 - 2019-01-23 21:32 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2019-01-23 21:32 - 2019-01-23 21:32 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2019-01-23 21:32 - 2019-01-23 21:32 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2019-01-23 21:32 - 2019-01-23 21:32 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2019-01-23 21:32 - 2019-01-23 21:32 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2019-01-23 21:32 - 2019-01-23 21:32 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2019-01-23 21:32 - 2019-01-23 21:32 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2019-01-23 21:32 - 2019-01-23 21:32 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2019-01-23 21:32 - 2019-01-23 21:32 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2019-01-23 21:32 - 2019-01-23 21:32 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2019-01-23 21:32 - 2019-01-23 21:32 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2019-01-23 21:32 - 2019-01-23 21:32 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2019-01-23 21:32 - 2019-01-23 21:32 - 000000000 ____D C:\WINDOWS\OCR
2019-01-23 21:32 - 2019-01-23 21:32 - 000000000 ____D C:\Program Files\Reference Assemblies
2019-01-23 21:32 - 2019-01-23 21:32 - 000000000 ____D C:\Program Files\MSBuild
2019-01-23 21:32 - 2019-01-23 21:32 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2019-01-23 21:32 - 2019-01-23 21:32 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-01-23 21:31 - 2019-01-23 23:46 - 000715034 _____ C:\WINDOWS\system32\perfh005.dat
2019-01-23 21:31 - 2019-01-23 23:46 - 000144328 _____ C:\WINDOWS\system32\perfc005.dat
2019-01-23 21:31 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2019-01-23 21:31 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2019-01-23 21:31 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2019-01-23 21:31 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2019-01-23 21:31 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2019-01-23 21:31 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\SysWOW64\cs
2019-01-23 21:31 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2019-01-23 21:31 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\system32\winrm
2019-01-23 21:31 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\system32\WCN
2019-01-23 21:31 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\system32\slmgr
2019-01-23 21:31 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2019-01-23 21:31 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\system32\cs
2019-01-23 21:31 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\system32\0409
2019-01-23 21:31 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\DigitalLocker
2019-01-23 21:31 - 2019-01-23 21:30 - 000296964 _____ C:\WINDOWS\system32\perfi005.dat
2019-01-23 21:31 - 2019-01-23 21:30 - 000038778 _____ C:\WINDOWS\system32\perfd005.dat
2019-01-23 21:28 - 2019-01-02 20:41 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-01-23 21:28 - 2019-01-02 20:41 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-23 21:26 - 2019-01-23 21:22 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2019-01-23 21:26 - 2019-01-23 21:22 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2019-01-23 21:26 - 2019-01-23 21:22 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2019-01-23 21:25 - 2019-01-24 11:49 - 000000000 ____D C:\WINDOWS\appcompat
2019-01-23 21:25 - 2019-01-24 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-01-23 21:25 - 2019-01-24 01:50 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-01-23 21:25 - 2019-01-24 01:40 - 000000000 ___HD C:\Program Files\WindowsApps
2019-01-23 21:25 - 2019-01-23 21:56 - 000000000 ____D C:\Program Files\windows nt
2019-01-23 21:25 - 2019-01-23 21:55 - 000000000 ____D C:\WINDOWS\system32\spool
2019-01-23 21:25 - 2019-01-23 21:55 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2019-01-23 21:25 - 2019-01-23 21:47 - 000000000 ___RD C:\WINDOWS\PrintDialog
2019-01-23 21:25 - 2019-01-23 21:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2019-01-23 21:25 - 2019-01-23 21:45 - 000000000 ___RD C:\Program Files (x86)
2019-01-23 21:25 - 2019-01-23 21:45 - 000000000 ____D C:\WINDOWS\Help
2019-01-23 21:25 - 2019-01-23 21:40 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2019-01-23 21:25 - 2019-01-23 21:40 - 000000000 __RHD C:\Users\Public\Libraries
2019-01-23 21:25 - 2019-01-23 21:40 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\TextInput
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\ta-in
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\si-lk
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\setup
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-01-23 21:25 - 2019-01-23 21:36 - 000000000 ____D C:\WINDOWS\system32\am-et
2019-01-23 21:25 - 2019-01-23 21:35 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-01-23 21:25 - 2019-01-23 21:35 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-01-23 21:25 - 2019-01-23 21:35 - 000000000 ____D C:\WINDOWS\Provisioning
2019-01-23 21:25 - 2019-01-23 21:35 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-01-23 21:25 - 2019-01-23 21:35 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2019-01-23 21:25 - 2019-01-23 21:35 - 000000000 ____D C:\Program Files\Windows Defender
2019-01-23 21:25 - 2019-01-23 21:35 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2019-01-23 21:25 - 2019-01-23 21:35 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2019-01-23 21:25 - 2019-01-23 21:32 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2019-01-23 21:25 - 2019-01-23 21:32 - 000000000 ____D C:\WINDOWS\system32\MUI
2019-01-23 21:25 - 2019-01-23 21:32 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-01-23 21:25 - 2019-01-23 21:31 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2019-01-23 21:25 - 2019-01-23 21:31 - 000000000 ___SD C:\WINDOWS\system32\dsc
2019-01-23 21:25 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\SysWOW64\com
2019-01-23 21:25 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2019-01-23 21:25 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\system32\migwiz
2019-01-23 21:25 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\system32\com
2019-01-23 21:25 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\IME
2019-01-23 21:25 - 2019-01-23 21:31 - 000000000 ____D C:\Program Files\Common Files\system
2019-01-23 21:25 - 2019-01-23 21:31 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-01-23 21:25 - 2019-01-23 21:26 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2019-01-23 21:25 - 2019-01-23 21:26 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2019-01-23 21:25 - 2019-01-23 21:26 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2019-01-23 21:25 - 2019-01-23 21:26 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2019-01-23 21:25 - 2019-01-23 21:26 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2019-01-23 21:25 - 2019-01-23 21:26 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2019-01-23 21:25 - 2019-01-23 21:26 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 __SHD C:\Program Files\Windows Sidebar
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 __RSD C:\WINDOWS\media
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ___SD C:\WINDOWS\system32\Nui
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ___HD C:\WINDOWS\LanguageOverlayCache
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\Web
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\WaaS
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\Vss
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\tracing
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\TAPI
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\SystemResources
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\SystemApps
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\winevt
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\ta-lk
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\ras
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\my-mm
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\IME
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\icsxml
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\ias
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\hydrogen
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\DriverState
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\downlevel
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\DDFs
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\System
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\SKB
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\schemas
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\SchCache
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\ServiceState
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\security
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\Resources
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\rescache
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\Registration
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\PLA
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\Performance
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\ModemLogs
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\L2Schemas
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\InputMethod
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\IdentityCRL
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\Globalization
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\Cursors
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\Branding
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\addins
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\ProgramData\USOPrivate
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\Program Files\Windows Security
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\Program Files\Windows Portable Devices
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\Program Files\Common Files\Services
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\Program Files (x86)\windows nt
2019-01-23 21:25 - 2019-01-23 21:25 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2019-01-23 21:25 - 2019-01-23 21:22 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2019-01-23 21:25 - 2019-01-23 21:22 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2019-01-23 21:25 - 2019-01-23 21:22 - 000017635 _____ C:\WINDOWS\system32\Drivers\etc\services
2019-01-23 21:25 - 2019-01-23 21:22 - 000017346 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2019-01-23 21:25 - 2019-01-23 21:22 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2019-01-23 21:25 - 2019-01-23 21:22 - 000001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2019-01-23 21:25 - 2019-01-23 21:22 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2019-01-23 21:25 - 2019-01-23 21:22 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2019-01-23 21:25 - 2019-01-23 21:22 - 000000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2019-01-23 21:25 - 2019-01-23 21:22 - 000000219 _____ C:\WINDOWS\system.ini
2019-01-23 21:25 - 2019-01-23 21:22 - 000000092 _____ C:\WINDOWS\win.ini
2019-01-23 21:23 - 2019-01-24 11:50 - 000000000 ____D C:\WINDOWS\INF
2019-01-23 21:16 - 2019-01-23 22:13 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-01-23 21:07 - 2019-01-23 23:39 - 072089600 _____ C:\WINDOWS\system32\config\SOFTWARE
2019-01-23 21:07 - 2019-01-23 23:39 - 013107200 _____ C:\WINDOWS\system32\config\SYSTEM
2019-01-23 21:07 - 2019-01-23 23:39 - 000524288 _____ C:\WINDOWS\system32\config\DEFAULT
2019-01-23 21:07 - 2019-01-23 23:39 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2019-01-23 21:07 - 2019-01-23 23:39 - 000061440 _____ C:\WINDOWS\system32\config\SAM
2019-01-23 21:07 - 2019-01-23 23:39 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY
2019-01-23 21:07 - 2019-01-23 21:59 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-01-23 21:07 - 2019-01-23 21:41 - 000000000 ___HD C:\$SysReset
2019-01-23 21:07 - 2019-01-23 21:31 - 000000000 ____D C:\WINDOWS\servicing
2019-01-23 21:07 - 2019-01-23 21:25 - 000000000 ____D C:\WINDOWS\system32\SMI
2019-01-23 18:42 - 2019-01-23 18:42 - 000008530 _____ C:\Users\Doma\DQEIR-DECRYPT.txt
2019-01-23 18:42 - 2019-01-23 18:42 - 000008530 _____ C:\Users\Default\DQEIR-DECRYPT.txt
2019-01-23 18:42 - 2019-01-23 18:42 - 000008530 _____ C:\Users\Default\Downloads\DQEIR-DECRYPT.txt
2019-01-23 18:42 - 2019-01-23 18:42 - 000008530 _____ C:\Users\Default\Documents\DQEIR-DECRYPT.txt
2019-01-23 18:42 - 2019-01-23 18:42 - 000008530 _____ C:\Users\Default\Desktop\DQEIR-DECRYPT.txt
2019-01-23 18:42 - 2019-01-23 18:42 - 000008530 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\DQEIR-DECRYPT.txt
2019-01-23 18:42 - 2019-01-23 18:42 - 000008530 _____ C:\Users\Default User\Downloads\DQEIR-DECRYPT.txt
2019-01-23 18:42 - 2019-01-23 18:42 - 000008530 _____ C:\Users\Default User\Documents\DQEIR-DECRYPT.txt
2019-01-23 18:42 - 2019-01-23 18:42 - 000008530 _____ C:\Users\Default User\Desktop\DQEIR-DECRYPT.txt
2019-01-23 18:42 - 2019-01-23 18:42 - 000008530 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\DQEIR-DECRYPT.txt
2019-01-23 18:40 - 2019-01-23 18:40 - 000008530 _____ C:\DQEIR-DECRYPT.txt
2019-01-19 18:18 - 2019-01-23 18:45 - 1185015504 _____ C:\Users\Doma\Desktop\Já, Kajínek_Epizoda - Po roce.avi
2019-01-14 16:02 - 2019-01-14 16:02 - 000000000 ____D C:\Users\Doma\Documents\Ashampoo Burning Studio 20
2019-01-14 16:00 - 2019-01-23 21:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2019-01-14 16:00 - 2019-01-14 16:00 - 000001400 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio 20.lnk
2019-01-14 15:59 - 2019-01-23 19:11 - 000000000 ____D C:\Users\Doma\Desktop\Ashampoo Burning Studio 20.0.2.7
2019-01-14 15:55 - 2019-01-23 18:43 - 163188554 _____ C:\Users\Doma\Desktop\Ashampoo Burning Studio 20.0.2.7.rar
2019-01-14 15:55 - 2019-01-14 15:55 - 000013022 _____ C:\Users\Doma\Desktop\[CzT]Ashampoo_Burning_Studio_v_20_0_2_7_CZ_SK_.torrent
2019-01-14 15:53 - 2019-01-14 15:54 - 068953037 _____ C:\Users\Doma\Desktop\Nero Burning ROM 2016 [v17.0.5000].exe
2019-01-14 15:53 - 2019-01-14 15:53 - 000011103 _____ C:\Users\Doma\Desktop\[CzT]Nero_Burning_ROM_Nero_Express_v17_0_5000_Portable_2016_CZ_.torrent
2019-01-10 20:38 - 2019-01-10 21:52 - 000000000 ____D C:\Users\Doma\Downloads\Searching.2018.BDRip.x264.CZ-TreZzoR
2019-01-10 20:16 - 2019-01-10 20:33 - 000000000 ____D C:\Users\Doma\Downloads\Searching.2018.720p.BluRay.DD5.1.x264-DON.CZ-FTU
2019-01-10 20:13 - 2019-01-10 20:13 - 000000000 ____D C:\Users\Doma\Downloads\Searching.2018.1080p.BluRay.DTS.x264-SbR.CZ-FTU
2019-01-09 15:55 - 2019-01-01 08:12 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-01-09 15:55 - 2019-01-01 07:55 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-01-09 15:55 - 2019-01-01 07:50 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-01-09 15:55 - 2019-01-01 07:37 - 006571584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-01-09 15:54 - 2019-01-01 14:50 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-01-09 15:54 - 2019-01-01 14:47 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2019-01-09 15:54 - 2019-01-01 14:46 - 012710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-01-09 15:54 - 2019-01-01 14:45 - 000714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2019-01-09 15:54 - 2019-01-01 14:45 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2019-01-09 15:54 - 2019-01-01 14:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-01-09 15:54 - 2019-01-01 14:20 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-01-09 15:54 - 2019-01-01 14:20 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
2019-01-09 15:54 - 2019-01-01 14:18 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2019-01-09 15:54 - 2019-01-01 14:17 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2019-01-09 15:54 - 2019-01-01 08:14 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-01-09 15:54 - 2019-01-01 08:14 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-01-09 15:54 - 2019-01-01 08:14 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-01-09 15:54 - 2019-01-01 08:14 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-01-09 15:54 - 2019-01-01 08:14 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-01-09 15:54 - 2019-01-01 08:14 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-01-09 15:54 - 2019-01-01 08:13 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-01-09 15:54 - 2019-01-01 08:13 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-01-09 15:54 - 2019-01-01 08:13 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-01-09 15:54 - 2019-01-01 08:13 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-01-09 15:54 - 2019-01-01 08:13 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-01-09 15:54 - 2019-01-01 08:12 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-01-09 15:54 - 2019-01-01 08:12 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-01-09 15:54 - 2019-01-01 08:12 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-01-09 15:54 - 2019-01-01 08:12 - 002421288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-01-09 15:54 - 2019-01-01 08:12 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-01-09 15:54 - 2019-01-01 08:12 - 000268304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-01-09 15:54 - 2019-01-01 08:12 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-01-09 15:54 - 2019-01-01 08:12 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-01-09 15:54 - 2019-01-01 07:50 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-01-09 15:54 - 2019-01-01 07:48 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-01-09 15:54 - 2019-01-01 07:48 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-01-09 15:54 - 2019-01-01 07:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
2019-01-09 15:54 - 2019-01-01 07:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-01-09 15:54 - 2019-01-01 07:47 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-01-09 15:54 - 2019-01-01 07:46 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-01-09 15:54 - 2019-01-01 07:46 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-01-09 15:54 - 2019-01-01 07:46 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-01-09 15:54 - 2019-01-01 07:45 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-01-09 15:54 - 2019-01-01 07:45 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-01-09 15:54 - 2019-01-01 07:45 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-01-09 15:54 - 2019-01-01 07:44 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-01-09 15:54 - 2019-01-01 07:44 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-01-09 15:54 - 2019-01-01 07:44 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-01-09 15:54 - 2019-01-01 07:44 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2019-01-09 15:54 - 2019-01-01 07:44 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-01-09 15:54 - 2019-01-01 07:43 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-01-09 15:54 - 2019-01-01 07:42 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-01-09 15:54 - 2019-01-01 07:42 - 002247680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2019-01-09 15:54 - 2019-01-01 07:42 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-01-09 15:54 - 2019-01-01 07:42 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-01-09 15:54 - 2019-01-01 07:41 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-01-09 15:54 - 2019-01-01 07:41 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-01-09 15:54 - 2019-01-01 07:41 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2019-01-09 15:54 - 2019-01-01 07:41 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-01-09 15:54 - 2019-01-01 07:37 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-01-09 15:54 - 2019-01-01 07:37 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-01-09 15:54 - 2019-01-01 07:37 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-01-09 15:54 - 2019-01-01 07:37 - 000880048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-01-09 15:54 - 2019-01-01 07:37 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-01-09 15:54 - 2019-01-01 07:37 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-01-09 15:54 - 2019-01-01 07:29 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-01-09 15:54 - 2019-01-01 07:22 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-01-09 15:54 - 2019-01-01 07:17 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-01-09 15:54 - 2019-01-01 07:16 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-01-09 15:54 - 2019-01-01 07:16 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-01-09 15:54 - 2019-01-01 07:16 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-01-09 15:54 - 2019-01-01 07:15 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-01-09 15:54 - 2019-01-01 07:15 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-01-09 15:54 - 2019-01-01 07:15 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-01-09 15:54 - 2019-01-01 07:15 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-01-09 15:54 - 2019-01-01 07:14 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-01-09 15:54 - 2019-01-01 07:14 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-01-09 15:54 - 2019-01-01 07:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-01-09 15:54 - 2019-01-01 07:13 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-01-09 15:54 - 2019-01-01 07:13 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-01-09 15:54 - 2019-01-01 07:13 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-01-09 15:54 - 2019-01-01 07:12 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-01-09 15:54 - 2019-01-01 07:12 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2019-01-09 15:54 - 2019-01-01 07:12 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-01-09 15:54 - 2019-01-01 07:12 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2019-01-09 15:54 - 2019-01-01 06:23 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-01-09 15:54 - 2018-12-19 05:49 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-01-08 20:20 - 2019-01-08 20:21 - 000000000 ____D C:\wifidata
2019-01-07 20:25 - 2019-01-23 18:43 - 000090483 _____ C:\Users\Doma\Desktop\Dobropisy.pdf
2019-01-05 12:56 - 2019-01-05 12:56 - 000000000 _____ C:\Users\Doma\Desktop\Nový textový dokument.txt
2019-01-05 00:57 - 2019-01-10 20:12 - 000000000 ____D C:\Users\Doma\Downloads\Zahulíme, uvidíme 1,2,3 (2007-2011) CZ
2019-01-03 14:23 - 2019-01-23 18:45 - 000885484 _____ C:\Users\Doma\Desktop\UM_ML_181207092710.pdf
2019-01-02 22:23 - 2019-01-23 21:54 - 000000000 ____D C:\Users\Doma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2019-01-02 22:23 - 2019-01-02 22:23 - 000000992 _____ C:\Users\Doma\Desktop\µTorrent.lnk
2019-01-02 14:14 - 2019-01-23 18:46 - 2790696460 _____ C:\Users\Doma\Desktop\Zahulíme, uvidíme 1 (2004) 1080p.mkv
2019-01-01 20:49 - 2018-03-24 02:19 - 001683216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvir3dgenco64.dll
2019-01-01 20:49 - 2018-03-24 02:19 - 000468752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvstusb.sys
2019-01-01 20:04 - 2018-10-04 12:26 - 000045152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvswcfilter.sys
2019-01-01 20:04 - 2018-10-01 16:47 - 000074576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2018-12-30 18:37 - 2019-01-23 21:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EXPERTool
2018-12-30 18:37 - 2018-12-30 18:37 - 000001080 _____ C:\Users\Public\Desktop\EXPERTool.lnk
2018-12-30 18:32 - 2019-01-23 19:11 - 000000000 ____D C:\Users\Doma\Desktop\Setup32_EXPERTool_NV_10_22 (1)
2018-12-27 16:28 - 2019-01-23 18:46 - 000000000 ____D C:\Users\Doma\Desktop\vejska

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-23 22:26 - 2018-06-25 14:25 - 000000000 ____D C:\Users\Doma\Desktop\bmw
2019-01-23 22:07 - 2017-11-12 21:50 - 000000000 ____D C:\Users\Doma\Desktop\Kresby
2019-01-23 22:05 - 2016-06-19 21:23 - 000000000 ___RD C:\Users\Doma\OneDrive
2019-01-23 22:04 - 2017-10-24 15:51 - 000000000 ____D C:\Users\Doma\Desktop\secret
2019-01-23 21:59 - 2018-07-28 00:12 - 000001417 _____ C:\Users\Doma\Desktop\Microsoft Edge.lnk
2019-01-23 21:57 - 2018-04-29 14:13 - 000000000 ___RD C:\Users\Doma\3D Objects
2019-01-23 21:57 - 2016-06-19 21:14 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-01-23 21:54 - 2012-07-06 12:28 - 000000000 ____D C:\Users\Doma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameShadow
2019-01-23 21:54 - 2011-11-23 22:07 - 000000000 ____D C:\Users\Doma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hry.cz
2019-01-23 21:54 - 2011-10-23 16:38 - 000000000 ____D C:\Users\Doma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2019-01-23 21:54 - 2011-10-19 23:13 - 000000000 ____D C:\Users\Doma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Marvell
2019-01-23 21:40 - 2018-11-29 12:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-01-23 21:40 - 2018-10-23 23:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2019-01-23 21:40 - 2018-09-30 17:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer Cortex
2019-01-23 21:40 - 2018-09-20 16:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-01-23 21:40 - 2018-09-12 20:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Ultra
2019-01-23 21:40 - 2018-08-23 23:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2019-01-23 21:40 - 2018-06-14 23:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
2019-01-23 21:40 - 2018-06-01 09:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-01-23 21:40 - 2018-05-16 13:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2019-01-23 21:40 - 2017-11-26 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-01-23 21:40 - 2017-11-21 17:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2019-01-23 21:40 - 2014-12-30 19:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2019-01-23 21:40 - 2014-09-04 15:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4
2019-01-23 21:40 - 2014-01-04 03:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4Story_CZ
2019-01-23 21:40 - 2013-12-23 13:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2019-01-23 21:40 - 2012-01-05 14:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2019-01-23 21:40 - 2011-10-26 08:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2019-01-23 21:40 - 2011-10-20 00:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2019-01-23 21:40 - 2011-10-19 23:58 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2019-01-23 21:40 - 2011-10-19 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2019-01-23 21:40 - 2011-10-19 23:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
2019-01-23 21:40 - 2009-07-14 06:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2019-01-23 20:15 - 2018-10-23 23:45 - 000000000 ____D C:\Riot Games
2019-01-23 19:34 - 2018-06-06 21:27 - 000000000 ____D C:\Users\Doma\AppData\RoamingStartup Manager
2019-01-23 19:34 - 2011-10-19 23:30 - 000000000 __RHD C:\MSOCache
2019-01-23 19:11 - 2018-12-19 20:07 - 000000000 ____D C:\Users\Doma\Desktop\Microsoft powerpoint
2019-01-23 19:11 - 2018-11-29 12:06 - 000000000 ____D C:\Users\Doma\Desktop\wrd
2019-01-23 19:11 - 2018-09-11 16:58 - 000000000 ____D C:\Users\Doma\Desktop\Zoo Tycoon 2
2019-01-23 18:53 - 2018-05-15 09:02 - 000000000 ____D C:\AdwCleaner
2019-01-23 18:46 - 2013-05-29 21:09 - 000000000 ____D C:\Users\Doma\Desktop\Vzpomínky
2019-01-23 18:45 - 2018-12-19 21:40 - 000844492 _____ C:\Users\Doma\Desktop\GUAJ - Lučková Sabina.pptx
2019-01-23 18:45 - 2018-10-23 10:25 - 000000000 ____D C:\Users\Doma\Desktop\songs
2019-01-23 18:45 - 2018-05-15 21:33 - 000000000 ____D C:\Users\Doma\Desktop\knizky maturita a dokumenty
2019-01-23 18:45 - 2017-10-24 15:18 - 3391319682 _____ C:\Users\Doma\Desktop\GOPR0040.MP4
2019-01-23 18:45 - 2017-10-24 15:08 - 000000000 ____D C:\Users\Doma\Desktop\Fotky z mobilu
2019-01-23 18:45 - 2015-10-12 20:49 - 000000000 ____D C:\Users\Doma\Desktop\Hudba
2019-01-23 18:45 - 2015-07-23 13:53 - 000005176 _____ C:\Users\Doma\Desktop\LUČKOVÁ SABINA.p12
2019-01-23 18:45 - 2014-11-28 19:56 - 000000000 ____D C:\Users\Doma\Desktop\ssdvs seminárky
2019-01-23 18:45 - 2013-05-29 21:05 - 000000000 ____D C:\Users\Doma\Desktop\Tisk
2019-01-23 18:43 - 2018-08-06 23:35 - 000000000 ____D C:\Users\Doma\Apple
2019-01-23 18:43 - 2018-05-21 10:21 - 000000000 ____D C:\Users\Doma\Desktop\ANGLICKÝ JAZYK MATURITA
2019-01-23 18:43 - 2018-05-20 11:52 - 000407342 _____ C:\Users\Doma\Desktop\ČESKÝ JAZYK MATURITA.zip
2019-01-23 18:43 - 2017-11-11 22:05 - 000000000 ____D C:\Users\Doma\Desktop\Dovolená
2019-01-23 18:43 - 2015-11-16 22:06 - 000000000 ____D C:\Users\Doma\Desktop\Dokumenty ze základky
2019-01-23 18:43 - 2013-06-14 20:03 - 000000000 ____D C:\Users\Doma\Desktop\filmy
2019-01-23 18:42 - 2018-05-15 21:46 - 000000000 ____D C:\Users\Doma\ansel
2019-01-23 18:42 - 2016-11-06 21:45 - 000000000 ____D C:\Users\Doma\.QtWebEngineProcess
2019-01-23 18:42 - 2016-11-06 21:45 - 000000000 ____D C:\Users\Doma\.Origin
2019-01-23 18:42 - 2014-01-13 22:38 - 000000000 ____D C:\Users\Doma\2014-01-13
2019-01-23 18:40 - 2018-05-15 21:30 - 000000000 __SHD C:\82ace7d6-0197-474d-bf4b-a2043e72329b
2019-01-23 18:40 - 2018-04-29 14:06 - 000000591 _____ C:\awhF767.tmp.dqeir
2019-01-23 18:40 - 2018-04-29 12:26 - 000000591 _____ C:\awhDAC3.tmp.dqeir
2019-01-23 18:40 - 2018-02-05 11:29 - 000000591 _____ C:\awh36A7.tmp.dqeir
2019-01-23 18:40 - 2018-02-03 04:54 - 000000591 _____ C:\awhC31F.tmp.dqeir
2019-01-23 18:40 - 2018-01-30 12:27 - 000000591 _____ C:\awh2DBE.tmp.dqeir
2019-01-23 18:40 - 2018-01-29 14:22 - 000000591 _____ C:\awh3502.tmp.dqeir
2019-01-23 18:40 - 2018-01-28 13:50 - 000000591 _____ C:\awhBD7B.tmp.dqeir
2019-01-23 18:40 - 2018-01-17 17:01 - 000000591 _____ C:\awh5A00.tmp.dqeir
2019-01-23 18:40 - 2017-12-09 21:13 - 000000591 _____ C:\awh5E44.tmp.dqeir
2019-01-23 18:40 - 2017-12-05 21:54 - 000000591 _____ C:\awh42DC.tmp.dqeir
2019-01-23 18:40 - 2017-12-02 20:46 - 000000591 _____ C:\awh2783.tmp.dqeir
2019-01-23 18:40 - 2017-11-11 17:21 - 000000591 _____ C:\awh2A8.tmp.dqeir
2019-01-23 18:40 - 2017-10-02 19:13 - 000000591 _____ C:\awh6EDE.tmp.dqeir
2019-01-23 18:40 - 2017-10-02 17:02 - 000000591 _____ C:\awh52F7.tmp.dqeir
2019-01-23 18:40 - 2017-09-29 06:14 - 000000591 _____ C:\awhFD24.tmp.dqeir
2019-01-23 18:40 - 2017-04-09 18:48 - 000000591 _____ C:\awh3B0C.tmp.dqeir
2019-01-23 18:40 - 2017-04-09 17:41 - 000000591 _____ C:\awhF66D.tmp.dqeir
2019-01-23 18:40 - 2017-03-23 20:27 - 000000591 _____ C:\awh5914.tmp.dqeir
2019-01-23 18:40 - 2016-04-04 18:57 - 000001227 _____ C:\awhE2B0.tmp.dqeir
2019-01-23 18:40 - 2016-03-23 06:29 - 000001227 _____ C:\awh48A3.tmp.dqeir
2019-01-23 18:40 - 2016-03-18 15:40 - 000001227 _____ C:\awh622B.tmp.dqeir
2019-01-23 18:40 - 2016-02-17 18:17 - 000001227 _____ C:\awhA073.tmp.dqeir
2019-01-23 18:40 - 2016-02-16 19:03 - 000001227 _____ C:\awhDFE2.tmp.dqeir
2019-01-23 18:40 - 2016-02-15 19:59 - 000001227 _____ C:\awh7ACA.tmp.dqeir
2019-01-23 18:40 - 2016-02-15 17:54 - 000001227 _____ C:\awhBC4C.tmp.dqeir
2019-01-23 18:40 - 2016-02-10 18:37 - 000001227 _____ C:\awhD190.tmp.dqeir
2019-01-23 18:40 - 2016-01-31 19:14 - 000001227 _____ C:\awh2CD9.tmp.dqeir
2019-01-23 18:40 - 2016-01-29 11:41 - 000001227 _____ C:\awh7CAD.tmp.dqeir
2019-01-23 18:40 - 2016-01-25 13:58 - 000001227 _____ C:\awh6CF5.tmp.dqeir
2019-01-23 18:40 - 2016-01-24 20:47 - 000001227 _____ C:\awhC206.tmp.dqeir
2019-01-23 18:40 - 2016-01-24 03:35 - 000001227 _____ C:\awh5724.tmp.dqeir
2019-01-23 18:40 - 2016-01-23 22:44 - 000001227 _____ C:\awh7BF2.tmp.dqeir
2019-01-23 18:40 - 2016-01-13 18:58 - 000001227 _____ C:\awh6805.tmp.dqeir
2019-01-23 18:40 - 2016-01-10 14:37 - 000001227 _____ C:\awh4E3E.tmp.dqeir
2019-01-23 18:40 - 2016-01-06 17:56 - 000001227 _____ C:\awh2A0C.tmp.dqeir
2019-01-23 18:40 - 2015-12-24 18:05 - 000001227 _____ C:\awh45C6.tmp.dqeir
2019-01-23 18:40 - 2015-12-23 23:46 - 000001227 _____ C:\awh814F.tmp.dqeir
2019-01-23 18:40 - 2015-12-23 15:38 - 000001227 _____ C:\awh3F21.tmp.dqeir
2019-01-23 18:40 - 2015-12-22 16:10 - 000001227 _____ C:\awh3E76.tmp.dqeir
2019-01-23 18:40 - 2015-12-21 17:40 - 000001227 _____ C:\awh56D6.tmp.dqeir
2019-01-23 18:40 - 2015-12-21 00:48 - 000001227 _____ C:\awhC491.tmp.dqeir
2019-01-23 18:40 - 2015-12-16 16:46 - 000001227 _____ C:\awh6518.tmp.dqeir
2019-01-23 18:40 - 2015-12-15 17:29 - 000001227 _____ C:\awh67C7.tmp.dqeir
2019-01-23 18:40 - 2015-12-11 13:15 - 000001227 _____ C:\awh1506.tmp.dqeir
2019-01-23 18:40 - 2015-12-10 14:46 - 000001227 _____ C:\awh673A.tmp.dqeir
2019-01-23 18:40 - 2015-12-09 16:01 - 000001227 _____ C:\awh5D99.tmp.dqeir
2019-01-23 18:40 - 2015-11-25 19:47 - 000001227 _____ C:\awh31B9.tmp.dqeir
2019-01-23 18:40 - 2015-11-25 07:23 - 000001227 _____ C:\awh4B90.tmp.dqeir
2019-01-23 18:40 - 2015-11-22 18:14 - 000001227 _____ C:\awh452A.tmp.dqeir
2019-01-23 18:40 - 2015-11-21 11:28 - 000001227 _____ C:\awh3E66.tmp.dqeir
2019-01-23 18:40 - 2015-11-20 18:37 - 000001227 _____ C:\awh4D54.tmp.dqeir
2019-01-23 18:40 - 2015-11-16 20:22 - 000001227 _____ C:\awh6557.tmp.dqeir
2019-01-23 18:40 - 2015-11-16 13:24 - 000001227 _____ C:\awh6392.tmp.dqeir
2019-01-23 18:40 - 2015-11-15 13:47 - 000001227 _____ C:\awh6E5B.tmp.dqeir
2019-01-23 18:40 - 2015-11-14 13:24 - 000001227 _____ C:\awh5D0D.tmp.dqeir
2019-01-23 18:40 - 2015-11-12 15:11 - 000001227 _____ C:\awh9E8F.tmp.dqeir
2019-01-23 18:40 - 2015-10-27 19:04 - 000001227 _____ C:\awh6566.tmp.dqeir
2019-01-23 18:40 - 2015-10-22 05:30 - 000001227 _____ C:\awh624B.tmp.dqeir
2019-01-23 18:40 - 2015-10-12 17:08 - 000001227 _____ C:\awhD7E7.tmp.dqeir
2019-01-23 18:40 - 2015-10-10 10:11 - 000001227 _____ C:\awh1A05.tmp.dqeir
2019-01-23 18:40 - 2015-10-09 20:53 - 000001227 _____ C:\awhDB50.tmp.dqeir
2019-01-23 18:40 - 2015-10-02 19:56 - 000001227 _____ C:\awhB9BD.tmp.dqeir
2019-01-23 18:40 - 2015-09-21 14:55 - 000001227 _____ C:\awh7E72.tmp.dqeir
2019-01-23 18:40 - 2015-09-15 19:22 - 000001227 _____ C:\awh4411.tmp.dqeir
2019-01-23 18:40 - 2015-09-13 11:13 - 000001227 _____ C:\awh8E4A.tmp.dqeir
2019-01-23 18:40 - 2015-09-03 15:48 - 000001227 _____ C:\awh3AAE.tmp.dqeir
2019-01-23 18:40 - 2015-08-22 14:31 - 000001227 _____ C:\awh90BA.tmp.dqeir
2019-01-23 18:40 - 2015-08-13 21:58 - 000001227 _____ C:\awhC1A9.tmp.dqeir
2019-01-23 18:40 - 2015-08-13 21:44 - 000001227 _____ C:\awhFE4B.tmp.dqeir
2019-01-23 18:40 - 2015-08-11 18:47 - 000001227 _____ C:\awh8C95.tmp.dqeir
2019-01-23 18:40 - 2015-08-10 18:28 - 000001227 _____ C:\awh3E95.tmp.dqeir
2019-01-23 18:40 - 2015-08-10 03:05 - 000001227 _____ C:\awh40C8.tmp.dqeir
2019-01-23 18:40 - 2015-08-08 21:48 - 000001227 _____ C:\awh950D.tmp.dqeir
2019-01-23 18:40 - 2015-08-06 18:14 - 000001227 _____ C:\awh5282.tmp.dqeir
2019-01-23 18:40 - 2015-08-05 22:03 - 000001227 _____ C:\awh387D.tmp.dqeir
2019-01-23 18:40 - 2015-08-04 21:20 - 000001227 _____ C:\awh2FE5.tmp.dqeir
2019-01-23 18:40 - 2015-08-03 21:47 - 000001227 _____ C:\awhA321.tmp.dqeir
2019-01-23 18:40 - 2015-08-02 22:46 - 000001227 _____ C:\awh8E2B.tmp.dqeir
2019-01-23 18:40 - 2015-08-02 14:07 - 000001227 _____ C:\awh7158.tmp.dqeir
2019-01-23 18:40 - 2015-08-01 13:41 - 000001227 _____ C:\awh8D9E.tmp.dqeir
2019-01-23 18:40 - 2015-07-31 15:13 - 000001227 _____ C:\awh89C7.tmp.dqeir
2019-01-23 18:40 - 2015-07-30 19:02 - 000001227 _____ C:\awh5244.tmp.dqeir
2019-01-23 18:40 - 2015-07-30 16:31 - 000001227 _____ C:\awhFE0C.tmp.dqeir
2019-01-23 18:40 - 2015-07-27 16:39 - 000001227 _____ C:\awh164D.tmp.dqeir
2019-01-23 18:40 - 2015-07-23 13:48 - 000001227 _____ C:\awh34C5.tmp.dqeir
2019-01-23 18:40 - 2015-07-11 20:29 - 000001227 _____ C:\awh58B9.tmp.dqeir
2019-01-23 18:40 - 2015-06-22 11:26 - 000001227 _____ C:\awh3F6F.tmp.dqeir
2019-01-23 18:40 - 2015-06-21 18:52 - 000001227 _____ C:\awhB1C1.tmp.dqeir
2019-01-23 18:40 - 2015-06-20 08:15 - 000001227 _____ C:\awh3AFC.tmp.dqeir
2019-01-23 18:40 - 2015-06-19 15:22 - 000001227 _____ C:\awh1FEE.tmp.dqeir
2019-01-23 18:40 - 2015-06-17 13:31 - 000001227 _____ C:\awh7A5D.tmp.dqeir
2019-01-23 18:40 - 2015-06-17 05:42 - 000001227 _____ C:\awhA9A6.tmp.dqeir
2019-01-23 18:40 - 2015-06-16 13:42 - 000001227 _____ C:\awhDE6C.tmp.dqeir
2019-01-23 18:40 - 2015-06-13 13:04 - 000001227 _____ C:\awh4308.tmp.dqeir
2019-01-23 18:40 - 2015-06-12 08:06 - 000001227 _____ C:\awh2ECC.tmp.dqeir
2019-01-23 18:40 - 2015-05-21 10:21 - 000001227 _____ C:\awhA025.tmp.dqeir
2019-01-23 18:40 - 2015-05-08 16:47 - 000001227 _____ C:\awhAADE.tmp.dqeir
2019-01-23 18:40 - 2015-05-07 14:31 - 000001227 _____ C:\awh8B0F.tmp.dqeir
2019-01-23 18:40 - 2015-05-06 10:07 - 000001227 _____ C:\awh334F.tmp.dqeir
2019-01-23 18:40 - 2015-05-05 11:34 - 000001227 _____ C:\awh7A9B.tmp.dqeir
2019-01-23 18:40 - 2015-05-05 10:17 - 000001227 _____ C:\awh2C3D.tmp.dqeir
2019-01-23 18:40 - 2015-05-04 15:04 - 000001227 _____ C:\awh625A.tmp.dqeir
2019-01-23 18:40 - 2015-04-29 18:51 - 000001227 _____ C:\awh9B06.tmp.dqeir
2019-01-23 18:40 - 2015-04-19 15:24 - 000001227 _____ C:\awh9AD7.tmp.dqeir
2019-01-23 18:40 - 2015-04-18 13:40 - 000001227 _____ C:\awhD8D1.tmp.dqeir
2019-01-23 18:40 - 2015-04-17 14:05 - 000001227 _____ C:\awh3949.tmp.dqeir
2019-01-23 18:40 - 2015-04-11 15:00 - 000001227 _____ C:\awh508F.tmp.dqeir
2019-01-23 18:40 - 2015-04-10 06:00 - 000001227 _____ C:\awh4E7D.tmp.dqeir
2019-01-23 18:40 - 2015-04-09 17:20 - 000001227 _____ C:\awh36F7.tmp.dqeir
2019-01-23 18:40 - 2015-04-09 16:38 - 000001227 _____ C:\awh9971.tmp.dqeir
2019-01-23 18:40 - 2015-04-09 16:31 - 000001227 _____ C:\awh6DA0.tmp.dqeir
2019-01-23 18:40 - 2015-04-09 05:53 - 000001227 _____ C:\awh9462.tmp.dqeir
2019-01-23 18:40 - 2015-04-05 11:54 - 000001227 _____ C:\awhDBCD.tmp.dqeir
2019-01-23 18:40 - 2015-04-04 15:41 - 000001227 _____ C:\awhAF8F.tmp.dqeir
2019-01-23 18:40 - 2015-03-21 17:16 - 000001227 _____ C:\awhA514.tmp.dqeir
2019-01-23 18:40 - 2015-03-16 03:24 - 000001227 _____ C:\awhD864.tmp.dqeir
2019-01-23 18:40 - 2015-03-12 12:52 - 000001227 _____ C:\awh38DA.tmp.dqeir
2019-01-23 18:40 - 2015-03-12 12:40 - 000001227 _____ C:\awh25D7.tmp.dqeir
2019-01-23 18:40 - 2015-03-08 18:43 - 000001227 _____ C:\awh191B.tmp.dqeir
2019-01-23 18:40 - 2015-03-07 12:05 - 000001227 _____ C:\awh47A9.tmp.dqeir
2019-01-23 18:40 - 2015-03-06 17:52 - 000001227 _____ C:\awh276D.tmp.dqeir
2019-01-23 18:40 - 2015-03-04 06:50 - 000001227 _____ C:\awh1267.tmp.dqeir
2019-01-23 18:40 - 2015-03-02 14:06 - 000001227 _____ C:\awh3ABE.tmp.dqeir
2019-01-23 18:40 - 2015-02-20 06:34 - 000001227 _____ C:\awh2F78.tmp.dqeir
2019-01-23 18:40 - 2015-02-19 03:35 - 000001227 _____ C:\awhF3C0.tmp.dqeir
2019-01-23 18:40 - 2015-02-18 19:42 - 000001227 _____ C:\awh6769.tmp.dqeir
2019-01-23 18:40 - 2015-02-06 21:20 - 000001227 _____ C:\awh47B9.tmp.dqeir
2019-01-23 18:40 - 2015-02-05 17:40 - 000001227 _____ C:\awh3542.tmp.dqeir
2019-01-23 18:40 - 2015-02-03 19:51 - 000001227 _____ C:\awh498D.tmp.dqeir
2019-01-23 18:40 - 2015-01-31 21:56 - 000001227 _____ C:\awh3BF6.tmp.dqeir
2019-01-23 18:40 - 2015-01-22 15:41 - 000001227 _____ C:\awh3320.tmp.dqeir
2019-01-23 18:40 - 2015-01-21 15:58 - 000001227 _____ C:\awh6AA4.tmp.dqeir
2019-01-23 18:40 - 2015-01-20 14:57 - 000001227 _____ C:\awh3699.tmp.dqeir
2019-01-23 18:40 - 2015-01-19 18:50 - 000001227 _____ C:\awh3726.tmp.dqeir
2019-01-23 18:40 - 2015-01-18 14:10 - 000001227 _____ C:\awh2E21.tmp.dqeir
2019-01-23 18:40 - 2015-01-18 13:33 - 000001227 _____ C:\awh3D5D.tmp.dqeir
2019-01-23 18:40 - 2015-01-16 15:49 - 000001227 _____ C:\awh2FB6.tmp.dqeir
2019-01-23 18:40 - 2015-01-15 14:58 - 000001227 _____ C:\awh2B16.tmp.dqeir
2019-01-23 18:40 - 2015-01-14 15:14 - 000001227 _____ C:\awh389C.tmp.dqeir
2019-01-23 18:40 - 2015-01-14 03:26 - 000001227 _____ C:\awh2912.tmp.dqeir
2019-01-23 18:40 - 2015-01-13 21:35 - 000001227 _____ C:\awh671B.tmp.dqeir
2019-01-23 18:40 - 2015-01-12 14:30 - 000001227 _____ C:\awh82C5.tmp.dqeir
2019-01-23 18:40 - 2015-01-11 11:56 - 000001227 _____ C:\awh1EC6.tmp.dqeir
2019-01-23 18:40 - 2015-01-11 10:30 - 000001227 _____ C:\awh3C06.tmp.dqeir
2019-01-23 18:40 - 2015-01-11 09:51 - 000001227 _____ C:\awh2E50.tmp.dqeir
2019-01-23 18:40 - 2015-01-10 21:17 - 000001227 _____ C:\awh40C7.tmp.dqeir
2019-01-23 18:40 - 2015-01-10 01:06 - 000001227 _____ C:\awh13DD.tmp.dqeir
2019-01-23 18:40 - 2015-01-09 15:02 - 000001227 _____ C:\awh162E.tmp.dqeir
2019-01-23 18:40 - 2015-01-08 16:14 - 000001227 _____ C:\awh1515.tmp.dqeir
2019-01-23 18:40 - 2015-01-07 20:30 - 000001227 _____ C:\awh5F8.tmp.dqeir
2019-01-23 18:40 - 2015-01-06 19:44 - 000001227 _____ C:\awh1DAD.tmp.dqeir
2019-01-23 18:40 - 2015-01-05 15:08 - 000001227 _____ C:\awh2866.tmp.dqeir
2019-01-23 18:40 - 2015-01-03 16:53 - 000001227 _____ C:\awh279C.tmp.dqeir
2019-01-23 18:40 - 2015-01-02 16:33 - 000001227 _____ C:\awh3735.tmp.dqeir
2019-01-23 18:40 - 2015-01-01 20:42 - 000001227 _____ C:\awh5714.tmp.dqeir
2019-01-23 18:40 - 2015-01-01 12:55 - 000001227 _____ C:\awh2B15.tmp.dqeir
2019-01-23 18:40 - 2014-12-31 17:57 - 000001227 _____ C:\awh314C.tmp.dqeir
2019-01-23 18:40 - 2014-12-30 15:10 - 000001227 _____ C:\awh4691.tmp.dqeir
2019-01-23 18:40 - 2014-12-29 22:55 - 000001227 _____ C:\awh5F8D.tmp.dqeir
2019-01-23 18:40 - 2014-12-29 07:59 - 000001227 _____ C:\awh6807.tmp.dqeir
2019-01-23 18:40 - 2014-12-23 22:05 - 000001227 _____ C:\awh3DDA.tmp.dqeir
2019-01-23 18:40 - 2014-12-22 18:58 - 000001227 _____ C:\awh2F1A.tmp.dqeir
2019-01-23 18:40 - 2014-12-20 18:01 - 000001227 _____ C:\awh7CF9.tmp.dqeir
2019-01-23 18:40 - 2014-12-18 13:00 - 000001227 _____ C:\awh202D.tmp.dqeir
2019-01-23 18:40 - 2014-12-14 17:10 - 000001227 _____ C:\awh59D2.tmp.dqeir
2019-01-23 18:40 - 2014-12-10 17:35 - 000001227 _____ C:\awh6882.tmp.dqeir
2019-01-23 18:40 - 2014-12-03 16:35 - 000001227 _____ C:\awh2AA8.tmp.dqeir
2019-01-23 18:40 - 2014-11-28 18:55 - 000001227 _____ C:\awh4F67.tmp.dqeir
2019-01-23 18:40 - 2014-11-27 07:16 - 000001227 _____ C:\awhDBBE.tmp.dqeir
2019-01-23 18:40 - 2014-11-11 14:21 - 000001227 _____ C:\awh2A1B.tmp.dqeir
2019-01-23 18:40 - 2014-11-07 21:15 - 000001227 _____ C:\awh721.tmp.dqeir
2019-01-23 18:40 - 2014-11-06 20:21 - 000001227 _____ C:\awh64F9.tmp.dqeir
2019-01-23 18:40 - 2014-10-21 05:32 - 000001227 _____ C:\awhD142.tmp.dqeir
2019-01-23 18:40 - 2014-10-20 22:01 - 000001227 _____ C:\awh4105.tmp.dqeir
2019-01-23 18:40 - 2014-10-01 19:39 - 000001227 _____ C:\awh3EF3.tmp.dqeir
2019-01-23 18:40 - 2014-09-30 19:15 - 000001227 _____ C:\awh3948.tmp.dqeir
2019-01-23 18:40 - 2014-09-27 11:46 - 000001227 _____ C:\awh539B.tmp.dqeir
2019-01-23 18:40 - 2014-09-24 19:21 - 000001227 _____ C:\awh3330.tmp.dqeir
2019-01-23 18:40 - 2014-09-24 14:04 - 000001227 _____ C:\awh6383.tmp.dqeir
2019-01-23 18:40 - 2014-09-23 19:48 - 000001227 _____ C:\awh2F88.tmp.dqeir
2019-01-23 18:40 - 2014-09-22 20:10 - 000001227 _____ C:\awh8249.tmp.dqeir
2019-01-23 18:40 - 2014-09-22 17:57 - 000001227 _____ C:\awh6E9A.tmp.dqeir
2019-01-23 18:40 - 2014-09-20 13:54 - 000001227 _____ C:\awh3BC7.tmp.dqeir
2019-01-23 18:40 - 2014-09-19 17:41 - 000001227 _____ C:\awh3C73.tmp.dqeir
2019-01-23 18:40 - 2014-09-16 05:15 - 000001227 _____ C:\awh4059.tmp.dqeir
2019-01-23 18:40 - 2014-09-14 15:10 - 000001227 _____ C:\awhC3F.tmp.dqeir
2019-01-23 18:40 - 2014-09-13 10:48 - 000001227 _____ C:\awh2922.tmp.dqeir
2019-01-23 18:40 - 2014-09-12 18:07 - 000001227 _____ C:\awh89F6.tmp.dqeir
2019-01-23 18:40 - 2014-09-07 09:36 - 000001227 _____ C:\awh5F4E.tmp.dqeir
2019-01-23 18:40 - 2014-09-06 09:59 - 000001227 _____ C:\awh98F4.tmp.dqeir
2019-01-23 18:40 - 2014-09-06 09:15 - 000001227 _____ C:\awhDB60.tmp.dqeir
2019-01-23 18:40 - 2014-09-04 14:57 - 000001227 _____ C:\awh8748.tmp.dqeir
2019-01-23 18:40 - 2014-08-14 13:53 - 000001227 _____ C:\awh68A1.tmp.dqeir
2019-01-23 18:40 - 2014-08-12 20:12 - 000001227 _____ C:\awh84F7.tmp.dqeir
2019-01-23 18:40 - 2014-08-11 16:06 - 000001227 _____ C:\awh38CB.tmp.dqeir
2019-01-23 18:40 - 2014-07-17 20:31 - 000001227 _____ C:\awh4559.tmp.dqeir
2019-01-23 18:40 - 2014-07-14 18:29 - 000001227 _____ C:\awhCE56.tmp.dqeir
2019-01-23 18:40 - 2014-07-13 20:47 - 000001227 _____ C:\awhA18B.tmp.dqeir
2019-01-23 18:40 - 2013-12-14 13:46 - 000001139 _____ C:\extensions.ini.dqeir
2019-01-23 18:40 - 2011-10-19 23:08 - 000000000 ____D C:\Intel
2019-01-01 20:05 - 2018-06-06 22:18 - 000001447 _____ C:\Users\Public\Desktop\GeForce Experience.lnk

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-01-23 21:42

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.01.2019
Ran by Doma (24-01-2019 11:54:02)
Running from C:\Users\Doma\Desktop
Windows 10 Home Version 1803 17134.523 (X64) (2019-01-23 20:56:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2577908564-1240238108-2548213143-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2577908564-1240238108-2548213143-503 - Limited - Disabled)
Doma (S-1-5-21-2577908564-1240238108-2548213143-1000 - Administrator - Enabled) => C:\Users\Doma
Guest (S-1-5-21-2577908564-1240238108-2548213143-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2577908564-1240238108-2548213143-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2577908564-1240238108-2548213143-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Microsoft OneDrive (HKU\S-1-5-21-2577908564-1240238108-2548213143-1000\...\OneDriveSetup.exe) (Version: 18.240.1202.0004 - Microsoft Corporation)
Ovládací panel NVIDIA 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 391.35 - NVIDIA Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {29A8AD37-6CEC-43B0-AD15-1C681FA8F4D0} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {B8D4104D-CBA6-4330-B13C-38CF7B2FA248} - System32\Tasks\CCleanerSkipUAC => C:\Windows.old\Program Files\CCleaner\CCleaner.exe [2018-11-06] (Piriform Software Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-12 14:08 - 2018-11-09 03:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-01-09 15:54 - 2019-01-01 07:42 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2019-01-23 22:39 - 2019-01-23 22:42 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2019-01-23 22:39 - 2019-01-23 22:40 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-01-23 22:39 - 2019-01-23 22:40 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2018-07-28 00:34 - 2018-07-28 00:34 - 001308672 _____ () c:\windows\system32\FaceProcessor.dll
2018-07-28 00:34 - 2018-07-28 00:34 - 000542888 _____ () c:\windows\system32\FaceProcessorCore.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 001348664 _____ () c:\windows\system32\FaceTrackerInternal.dll
2018-12-14 12:07 - 2018-12-12 06:11 - 005237216 _____ () C:\Windows.old\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libglesv2.dll
2018-12-14 12:07 - 2018-12-12 06:11 - 000117216 _____ () C:\Windows.old\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\desktop.ini:CachedTiles [478]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-01-23 21:25 - 2019-01-23 21:22 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2577908564-1240238108-2548213143-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Doma\AppData\Local\Microsoft\Windows\Themes\img9.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/23/2019 09:59:40 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Při aktualizaci stavu Windows Defender na SECURITY_PRODUCT_STATE_ON došlo k chybě.

Error: (01/23/2019 09:59:39 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Při aktualizaci stavu Windows Defender na SECURITY_PRODUCT_STATE_ON došlo k chybě.


System errors:
=============
Error: (01/24/2019 11:50:54 AM) (Source: DCOM) (EventID: 10016) (User: Doma-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Doma-PC\Doma (SID: S-1-5-21-2577908564-1240238108-2548213143-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/23/2019 11:43:23 PM) (Source: DCOM) (EventID: 10016) (User: Doma-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Doma-PC\Doma (SID: S-1-5-21-2577908564-1240238108-2548213143-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/23/2019 11:42:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscDataProtection
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/23/2019 11:42:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscBrokerManager
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/23/2019 11:39:00 PM) (Source: DCOM) (EventID: 10010) (User: Doma-PC)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/23/2019 11:39:00 PM) (Source: DCOM) (EventID: 10010) (User: Doma-PC)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/23/2019 11:39:00 PM) (Source: DCOM) (EventID: 10010) (User: Doma-PC)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/23/2019 11:39:00 PM) (Source: DCOM) (EventID: 10010) (User: Doma-PC)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.


Windows Defender:
===================================
Date: 2019-01-23 22:12:03.044
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {05F62F20-EC80-48FC-BCA7-4F22404EE85F}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: Doma-PC\Doma

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU 660 @ 3.33GHz
Percentage of memory in use: 28%
Total physical RAM: 8183.05 MB
Available physical RAM: 5870.17 MB
Total Virtual: 10103.05 MB
Available Virtual: 7527.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1396.33 GB) (Free:1119.15 GB) NTFS

\\?\Volume{4f6f71d5-fa97-11e0-a812-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{5507158b-0000-0000-0000-301b5d010000}\ () (Fixed) (Total:0.84 GB) (Free:0.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1397.3 GB) (Disk ID: 5507158B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1396.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=859 MB) - (Type=27)

==================== End of Addition.txt ============================
Nahoru
candle59
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 23 led 2019 22:47

Re: GandCrab v5.1

#6 Příspěvek od candle59 »

Tak nakonec mě to po všech návodech typů a triků dohnalo k továrnímu nastavení PC, naštěstí jsem neměl nic důležitého v PC, všem s podobným problémem držím palce ať se najde řešení, které nebude mít fatální následky, děkuji Vám za snahu a pomoc :)
Nahoru
Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: GandCrab v5.1

#7 Příspěvek od Conder »

OK, nie je zaco :) Predpokladam, ze s PC je teda uz vsetko v poriadku?

Kazdopadne, ked uz si urobil aj factory reset a v PC nemas ulozene nic dolezite, tak odporucam zvazit aj kompletnu preinstalaciu Windowsu, ak to zvladnes. Instalacny USB kluc je mozne vytvorit cez Microsoft nastroj: https://www.microsoft.com/software-download/windows10
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!
Nahoru
whit3r4ven
Návštěvník
Návštěvník
Příspěvky: 3
Registrován: 14 úno 2019 09:06

Re: GandCrab v5.1

#8 Příspěvek od whit3r4ven »

Dobrý deň,
GandCrab mi zašifroval súbory a potom som preinštaloval systém. Je nejaká šanca odšifrovať tie súbory, alebo na dešifráciu potrebuje údaje z toho systému, ktorý tam bol predtým a tým pádom sú nenávratne zašifrované? Takže ani neviem zistiť verziu vírusu, ostali mi iba zašifrované súbory a txt dokument s postupom ako mám zaplatiť. Skúšal som aj program na dešifrovanie od Esetu, aj od bitdefenderu, ale neúspešne.
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7262
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: GandCrab v5.1

#9 Příspěvek od altrok »

Dobrý den,

jste-li infikován verzí GandCrab 5.1, dešifrování (alespoň zatím) není možné. Doporučuje se uschovat zašifrované soubory pro případ uvolnění dešifrovacího nástroje - to si můžete sám jednou za čas zkontrolovat na https://id-ransomware.malwarehunterteam ... lang=cs_CZ

Unfortunately, it is not possible to decrypt files encrypted by GandCrab 5.1
zdroj: https://www.bleepingcomputer.com/news/s ... ansomware/
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
whit3r4ven
Návštěvník
Návštěvník
Příspěvky: 3
Registrován: 14 úno 2019 09:06

Re: GandCrab v5.1

#10 Příspěvek od whit3r4ven »

ďakujem, oskenoval som aj súbor, aj výzvu k zaplateniu a napísalo mi:
GandCrab v4.0 / v5.0
Soubory zašifrované tímto ransomware mohou být za určitých okolností dešifrovány.

Pro více informací si prosím přečtěte příslušný návod.
Identifikováno

sample_bytes: [0x944A7 - 0x944AF] 0x1829899381820300
Klikněte zde pro více informací o GandCrab v4.0 / v5.0
A keď kliknem, tak ma hodí na dešifrovací nástroj od Bitdefenderu, ale keď ho spustím, zadám cestu a dám Scan, tak mi vyhodí "Initialization FAILED!"

Tu je výpis z logu:
Decryptor Started

Looking for ransom note ... [E:\Digi\VSTBUNRU-DECRYPT.txt]
Looking for VERSION ... [V5]
Looking for EXT ... [.vstbunru]
Looking for ID ... [OK]
Looking for decryption KEY ... [FAIL:KEY]
[ERR:Init]
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7262
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: GandCrab v5.1

#11 Příspěvek od altrok »

@candle59 - soubory zašifrované GandCrabem 5.1 lze dešifrovat - https://www.viry.cz/ransomware-gandcrab ... lopatkach/


@whit3r4ven - nemám k dispozici ani binárku GandCrabu ani vzorek zašifrovaných souborů, proto doporučím kontaktovat přímo BitDefender, jelikož se jedná o autory dešifrovací utility
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
whit3r4ven
Návštěvník
Návštěvník
Příspěvky: 3
Registrován: 14 úno 2019 09:06

Re: GandCrab v5.1

#12 Příspěvek od whit3r4ven »

Nova verzia od Bitdefender mi odšifrovala súbory, ďakujem za pomoc :)
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7262
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: GandCrab v5.1

#13 Příspěvek od altrok »

Výborně, budiž to pro vás lekce :)
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“