Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Malware

Návody, recenze, diskuze, řešení problémů

Moderátor: Moderátoři

Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Zpráva
Autor
Boris
Návštěvník
Návštěvník
Příspěvky: 94
Registrován: 18 úno 2015 17:26

Malware

#1 Příspěvek od Boris »

Zdravím, môžete mi pomôcť s malwerom, resp. ma odporučiť niekde, poradiť.....
Keď zapnem notebook a hneď po tom mozilu vybehne mi stránka: https://adf.ly/ len to má trošku inakší odkaz na presmerovanie.

Malwarebytes mi hlási niekolko malwerov ale neviem ako ich odstrániť. On mi ich síce hodí do karantény ale neodstráni. Windows defender mi nič nehlási.
http://prntscr.com/mocodu
http://prntscr.com/mocoo2
http://prntscr.com/mocow5

Hlavne tie prve dve sa opakujú najviac. Zrejme som to chytil pri tých reklamách pri pozeraní filmov. Poradíte mi nejaký nástroj na odstránenie?

Ďakujem za pomoc. :)

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118152
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Malware

#2 Příspěvek od Rudy »

Zdravím!
Spusťte postupně tyto utility:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;





Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: https://www.stahuj.cz/utility_a_ostatni ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Boris
Návštěvník
Návštěvník
Příspěvky: 94
Registrován: 18 úno 2015 17:26

Re: Malware

#3 Příspěvek od Boris »

Prikladám Zoek !!! :) ten druhý dodám dodatočne.


Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by ASUS on çt 21. 02. 2019 at 23:39:41,04.
Microsoft Windows 10 Home 10.0.17763 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\ASUS\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

21. 2. 2019 23:42:58 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\mcafee deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\ASUS\AppData\Local\DBG deleted successfully
C:\Users\ASUS\AppData\Local\PackageStaging deleted successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Packages deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2630770035-1559974836-2095674083-1001\Software\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\10tpobol.default\prefs.js:

Added to C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\10tpobol.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\10tpobol.default

user.js not found
---- Lines searchengine removed from prefs.js ----
user_pref("browser.pageActions.persistedActions", "{\"version\":1,\"ids\":[\"bookmark\",\"bookmarkSeparator\",\"copyURL\",\"emailLink\",\"addSearchEng
---- FireFox user.js and prefs.js backups ----

prefs_201922.02._0016_.backup

==== Deleting Files \ Folders ======================

C:\Users\ASUS\AppData\Roaming\Discord deleted
C:\PROGRA~2\Skillbrains deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\ASUS\AppData\Local\updater.log deleted
C:\windows\SysNative\tasks\update-S-1-5-21-2630770035-1559974836-2095674083-1001 deleted
C:\windows\SysNative\tasks\update-sys deleted
C:\Windows\tasks\update-S-1-5-21-2630770035-1559974836-2095674083-1001.job deleted
C:\Windows\tasks\update-sys.job deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\10tpobol.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\10tpobol.default
- theme: images: headerURL: BlackBrushedMetal-Kopfteil.jpg colors: accentcolor: rgba2292302321 textcolor: 000 version: 1.0 Black - Brushed - Metal manifest_version: 2 - %ProfilePath%\extensions\{2fbc813c-b821-4242-918b-7b5799e06eea}.xpi
- Black-gray gradient - %ProfilePath%\extensions\{57b60e61-e238-4976-b42c-00c393e28ef4}.xpi
- theme: images: headerURL: head.png colors: accentcolor: 969696 textcolor: ffffff version: 1.0 Black and grey wood manifest_version: 2 description: Dark wood. - %ProfilePath%\extensions\{61255482-4ade-421e-87fd-85315cc8d6a4}.xpi
- theme: images: headerURL: MozillaFirefoxpersonas.jpg colors: accentcolor: 241f19 textcolor: ffffff version: 1.0 dark black and brown wood manifest_version: 2 description: wood thats dark :D - %ProfilePath%\extensions\{6b1bc377-7a80-4d63-9e3e-4391632bf47c}.xpi
- theme: images: headerURL: header.png colors: accentcolor: 3d3b3b textcolor: c2c2c2 version: 1.0 Black Feathers manifest_version: 2 description: A modern clean and luxurious dark theme of jet black bird feathers rich and sophisticated with an unobtrusive matte texture. - %ProfilePath%\extensions\{855e3765-b569-4345-9f0c-60342b0cb5a0}.xpi
- theme: images: headerURL: header.png colors: accentcolor: ffffff textcolor: fafafa version: 1.0 Brushed Black Metal manifest_version: 2 - %ProfilePath%\extensions\{860aef89-cc58-40cd-99d2-436a2e68d975}.xpi
- theme: images: headerURL: moz1.jpg colors: accentcolor: 706767 textcolor: dce0d7 version: 1.0 Black wgreen manifest_version: 2 description: black green swirls - %ProfilePath%\extensions\{f653e2e0-8a54-45f4-a038-ff90698f0444}.xpi

==== Firefox Plugins ======================


==== Chromium Look ======================

Google Chrome Version: 72.0.3626.109

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - No path found[]

Avast Online Security - ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Chrome Media Router - ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://securedsearch.lavasoft.com/?pr=v ... 20__190219"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... TR&pc=ASTE
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... TR&pc=ASTE
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IE8SRC

==== Reset Google Chrome ======================

C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Web Data copy was reset successfully
C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\ASUS\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\ASUS\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\ASUS\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\ASUS\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\ASUS\AppData\Local\Mozilla\Firefox\Profiles\10tpobol.default\cache2 emptied successfully

==== Empty Edge Cache ======================

Edge Cache is not empty, a reboot is needed

==== Empty Chrome Cache ======================

C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=810 folders=225 252214172 bytes)

==== Empty Temp Folders ======================

C:\Users\ASUS\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\ASUS\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\ASUS\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge" not found
"C:\Users\ASUS\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp" not found

==== EOF on pi 22. 02. 2019 at 0:32:49,56 ======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118152
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Malware

#4 Příspěvek od Rudy »

OK. Zoek něco smazal.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Boris
Návštěvník
Návštěvník
Příspěvky: 94
Registrován: 18 úno 2015 17:26

Re: Malware

#5 Příspěvek od Boris »

Posielam druhú časť a nezmizlo mi to po reštarte.

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by ASUS (Administrator) on pi 22. 02. 2019 at 12:28:35,19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} (Task)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on pi 22. 02. 2019 at 12:38:55,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118152
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Malware

#6 Příspěvek od Rudy »

OK. Teď dejte logy FRST+Addition: http://forum.viry.cz/viewtopic.php?f=24&t=132509 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Boris
Návštěvník
Návštěvník
Příspěvky: 94
Registrován: 18 úno 2015 17:26

Re: Malware

#7 Příspěvek od Boris »

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.02.2019 02
Ran by ASUS (administrator) on LAPTOP-6SHUAF6D (22-02-2019 16:07:57)
Running from C:\Users\ASUS\Desktop
Loaded Profiles: ASUS (Available Profiles: ASUS)
Platform: Windows 10 Home Version 1809 17763.168 (X64) Language: Slovenčina (Slovensko)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_284fc0001ef3d612\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_284fc0001ef3d612\IntelCpHDCPSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS GiftBox Service\GiftBoxService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_284fc0001ef3d612\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\NisSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUSTek COMPUTER INC\ROG Gaming Center\ROGGamingKey.exe
() C:\Program Files (x86)\ASUS\ASUS Hello\ASUSHelloBG.exe
(ASUSTeK COMPUTER INC.) C:\Program Files (x86)\ASUSTek COMPUTER INC\ROG Gaming Center\ROGGamingCenterService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_284fc0001ef3d612\igfxEM.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20388.0_x64__8wekyb3d8bbwe\YourPhone.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(ASUS) C:\Program Files\WindowsApps\B9ECED6F.ROGAuraCore_2.1.30.0_x86__qmba6cd70vzyy\AuraListen.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [SecurityHealth] => C:\Windows\system32\SecurityHealthSystray.exe [83968 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
HKU\S-1-5-21-2630770035-1559974836-2095674083-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [735336 2019-02-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-2630770035-1559974836-2095674083-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [10097840 2018-09-07] (Windscribe Limited -> Windscribe Limited)
HKU\S-1-5-21-2630770035-1559974836-2095674083-1001\...\Run: [Discord] => C:\Users\ASUS\AppData\Local\Discord\app-0.0.304\Discord.exe [81747288 2019-01-15] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-2630770035-1559974836-2095674083-1001\...\MountPoints2: {ea204584-2f1c-11e9-8ecf-8878732e08af} - "E:\setup.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\Installer\chrmstp.exe [2019-02-22] (Google LLC -> Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\updateSteam.bat [2018-02-03] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 147.175.130.10 147.175.137.20 147.175.1.11
Tcpip\..\Interfaces\{0a28b5ae-26ce-428a-bd83-873bd8529b64}: [DhcpNameServer] 147.175.130.10 147.175.137.20 147.175.1.11
Tcpip\..\Interfaces\{3e58615b-8090-4847-bf0d-d163c8ef737f}: [DhcpNameServer] 147.175.130.10 147.175.137.20 147.175.1.11

Internet Explorer:
==================
HKU\S-1-5-21-2630770035-1559974836-2095674083-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-2630770035-1559974836-2095674083-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2630770035-1559974836-2095674083-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}

FireFox:
========
FF DefaultProfile: 10tpobol.default
FF ProfilePath: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\10tpobol.default [2019-02-22]
FF NewTab: Mozilla\Firefox\Profiles\10tpobol.default -> about:newtab
FF Extension: (Black - Brushed - Metal) - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\10tpobol.default\Extensions\{2fbc813c-b821-4242-918b-7b5799e06eea}.xpi [2019-02-21]
FF Extension: (Black-gray gradient) - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\10tpobol.default\Extensions\{57b60e61-e238-4976-b42c-00c393e28ef4}.xpi [2019-02-21]
FF Extension: (Black and grey wood) - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\10tpobol.default\Extensions\{61255482-4ade-421e-87fd-85315cc8d6a4}.xpi [2019-02-21]
FF Extension: (dark black and brown wood) - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\10tpobol.default\Extensions\{6b1bc377-7a80-4d63-9e3e-4391632bf47c}.xpi [2019-02-21]
FF Extension: (Black Feathers) - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\10tpobol.default\Extensions\{855e3765-b569-4345-9f0c-60342b0cb5a0}.xpi [2019-02-21]
FF Extension: (Brushed Black Metal) - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\10tpobol.default\Extensions\{860aef89-cc58-40cd-99d2-436a2e68d975}.xpi [2019-02-21]
FF Extension: (Black wgreen) - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\10tpobol.default\Extensions\{f653e2e0-8a54-45f4-a038-ff90698f0444}.xpi [2019-02-21]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2019-02-06] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2019-02-06] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-02-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-02-19] (Google Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AsHidService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [127864 2017-07-28] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
S3 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [326032 2018-06-05] (ASUSTeK Computer Inc. -> )
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4132456 2019-02-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 GiftBox.Service; C:\Program Files (x86)\ASUS\ASUS GiftBox Service\GiftBoxService.exe [273880 2017-10-21] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [542392 2017-11-18] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-09-21] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-09-21] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [197264 2017-09-25] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268968 2017-10-24] (Intel(R) Wireless Connectivity Solutions -> )
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
R3 ROGGamingCenterService; C:\Program Files (x86)\ASUSTeK COMPUTER INC\ROG Gaming Center\ROGGamingCenterService.exe [31744 2017-09-12] (ASUSTeK COMPUTER INC.) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-02-19] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-02-19] (Microsoft Corporation -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [493232 2018-09-07] (Windscribe Limited -> Windscribe Limited)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18264 2017-05-12] (Intel(R) Extreme Tuning Utility -> Intel(R) Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3758760 2017-10-24] (Intel(R) Wireless Connectivity Solutions -> Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AsusPTPDrv; C:\Windows\System32\drivers\AsusPTPFilter.sys [100752 2017-08-16] (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
S3 bsitf; C:\Windows\system32\DRIVERS\bsitf.sys [37208 2019-02-13] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [42256 2019-02-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [59360 2019-02-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R3 HIDSwitch; C:\Windows\System32\drivers\AsRadioControl.sys [31112 2017-05-02] (ASUSTeK Computer Inc. -> ASUS)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [136200 2017-11-18] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 IntcDAud; C:\Windows\system32\DRIVERS\IntcDAud.sys [808944 2017-11-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel(R) Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37912 2017-04-18] (Intel Corporation -> Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198512 2019-02-20] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [127136 2019-02-22] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [72864 2019-02-22] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-02-22] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [114040 2019-02-22] (Malwarebytes Corporation -> Malwarebytes)
R1 netfilter2; C:\Windows\System32\drivers\netfilter2.sys [79504 2016-09-18] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7638536 2017-10-30] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
S3 Netwtw06; C:\Windows\System32\drivers\Netwtw06.sys [8723968 2018-09-15] (Microsoft Windows -> Intel Corporation)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_892f6532cdcad6cc\nvlddmkm.sys [20707744 2019-02-08] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-01-16] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [66792 2018-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
R3 RSP2STOR; C:\Windows\System32\drivers\RtsP2Stor.sys [329664 2017-10-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [1010648 2017-10-20] (Realtek Semiconductor Corp. -> Realtek )
R3 tapwindscribe0901; C:\Windows\System32\drivers\tapwindscribe0901.sys [54896 2018-07-13] (Windscribe Limited -> The OpenVPN Project)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46472 2019-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [333792 2019-02-19] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [62432 2019-02-19] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-22 16:07 - 2019-02-22 16:09 - 000018100 _____ C:\Users\ASUS\Desktop\FRST.txt
2019-02-22 16:07 - 2019-02-22 16:07 - 000000000 ____D C:\FRST
2019-02-22 16:06 - 2019-02-22 16:06 - 002435072 _____ (Farbar) C:\Users\ASUS\Desktop\FRST64.exe
2019-02-22 15:01 - 2019-02-22 15:01 - 000000000 ____D C:\Users\ASUS\AppData\Local\DBG
2019-02-22 14:59 - 2019-02-22 15:06 - 003963388 _____ C:\Windows\Minidump\022219-30343-01.dmp
2019-02-22 14:59 - 2019-02-22 14:59 - 783691997 _____ C:\Windows\MEMORY.DMP
2019-02-22 14:59 - 2019-02-22 14:59 - 000000000 ____D C:\Windows\Minidump
2019-02-22 12:57 - 2019-02-22 15:00 - 000072864 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-02-22 12:57 - 2019-02-22 12:57 - 000114040 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-02-22 12:57 - 2019-02-22 12:57 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\CPY_SAVES
2019-02-22 12:50 - 2019-02-22 12:50 - 000000688 _____ C:\Users\Public\Desktop\Metro Exodus.lnk
2019-02-22 12:50 - 2019-02-22 12:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metro Exodus
2019-02-22 00:31 - 2019-02-22 15:00 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-02-22 00:31 - 2019-02-22 00:31 - 000127136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-02-22 00:29 - 2014-02-13 23:59 - 000024064 _____ C:\Windows\zoek-delete.exe
2019-02-21 23:43 - 2019-02-22 15:01 - 000000000 ____D C:\Users\ASUS\AppData\Local\CrashDumps
2019-02-21 23:39 - 2019-02-22 00:17 - 000000000 ____D C:\zoek_backup
2019-02-21 23:39 - 2019-02-21 23:39 - 002038755 _____ C:\Users\ASUS\Downloads\zoek.exe
2019-02-21 21:52 - 2019-02-21 21:52 - 000000425 _____ C:\Users\ASUS\AppData\Local\UserProducts.xml
2019-02-21 21:51 - 2019-02-21 21:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2019-02-21 21:41 - 2019-02-21 21:41 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-02-21 21:41 - 2019-02-21 21:41 - 000000995 _____ C:\Users\Public\Desktop\Firefox.lnk
2019-02-21 21:41 - 2019-02-21 21:41 - 000000000 ____D C:\Users\ASUS\AppData\Local\Mozilla
2019-02-21 21:41 - 2019-02-21 21:41 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-02-21 21:41 - 2019-02-21 21:41 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-02-21 13:00 - 2019-02-21 13:00 - 000067557 _____ C:\Users\ASUS\Downloads\sg2242-MEEX-CO.rar
2019-02-21 12:57 - 2019-02-21 12:57 - 000023242 _____ C:\Users\ASUS\Downloads\Crack.rar
2019-02-20 16:56 - 2019-02-20 16:56 - 000198512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-02-19 23:28 - 2019-02-19 23:28 - 000000000 ____D C:\Users\ASUS\Desktop\Škola
2019-02-19 23:27 - 2019-02-06 20:26 - 000133328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2019-02-19 23:26 - 2019-02-19 23:26 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2019-02-19 23:23 - 2019-02-08 15:41 - 001005776 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2019-02-19 23:23 - 2019-02-08 15:41 - 001005776 _____ C:\Windows\system32\vulkan-1.dll
2019-02-19 23:23 - 2019-02-08 15:41 - 000869584 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2019-02-19 23:23 - 2019-02-08 15:41 - 000869584 _____ C:\Windows\SysWOW64\vulkan-1.dll
2019-02-19 23:23 - 2019-02-08 15:41 - 000551680 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2019-02-19 23:23 - 2019-02-08 15:41 - 000456992 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2019-02-19 23:23 - 2019-02-08 15:41 - 000269520 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2019-02-19 23:23 - 2019-02-08 15:41 - 000269520 _____ C:\Windows\system32\vulkaninfo.exe
2019-02-19 23:23 - 2019-02-08 15:41 - 000243920 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-02-19 23:23 - 2019-02-08 15:41 - 000243920 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2019-02-19 23:23 - 2019-02-08 15:39 - 001464224 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2019-02-19 23:23 - 2019-02-08 15:39 - 001129104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2019-02-19 23:23 - 2019-02-08 15:39 - 000668848 _____ C:\Windows\system32\nvofapi64.dll
2019-02-19 23:23 - 2019-02-08 15:39 - 000631896 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2019-02-19 23:23 - 2019-02-08 15:39 - 000534752 _____ C:\Windows\SysWOW64\nvofapi.dll
2019-02-19 23:23 - 2019-02-08 15:39 - 000521872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2019-02-19 23:23 - 2019-02-08 15:38 - 040234432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2019-02-19 23:23 - 2019-02-08 15:38 - 035139840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2019-02-19 23:23 - 2019-02-08 15:38 - 005272832 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2019-02-19 23:23 - 2019-02-08 15:38 - 004623968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2019-02-19 23:23 - 2019-02-08 15:38 - 002032104 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2019-02-19 23:23 - 2019-02-08 15:38 - 001734104 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6441891.dll
2019-02-19 23:23 - 2019-02-08 15:38 - 001535120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2019-02-19 23:23 - 2019-02-08 15:38 - 001468048 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6441891.dll
2019-02-19 23:23 - 2019-02-08 15:37 - 020102000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2019-02-19 23:23 - 2019-02-08 15:37 - 010894304 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2019-02-19 23:23 - 2019-02-08 15:37 - 009254488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2019-02-19 23:23 - 2019-02-08 15:37 - 001471624 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2019-02-19 23:23 - 2019-02-08 15:37 - 001462424 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2019-02-19 23:23 - 2019-02-08 15:37 - 001169152 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2019-02-19 23:23 - 2019-02-08 15:37 - 001152016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2019-02-19 23:23 - 2019-02-08 15:37 - 001145928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2019-02-19 23:23 - 2019-02-08 15:37 - 000915144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2019-02-19 23:23 - 2019-02-08 15:37 - 000794656 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2019-02-19 23:23 - 2019-02-08 15:37 - 000638392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2019-02-19 23:23 - 2019-02-08 15:36 - 017428536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2019-02-19 23:23 - 2019-02-08 15:36 - 004297208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2019-02-19 22:30 - 2019-02-19 22:31 - 000000407 _____ C:\Users\ASUS\Desktop\File Explorer.lnk
2019-02-19 22:28 - 2019-02-22 15:45 - 000000000 ____D C:\Users\ASUS\AppData\LocalLow\Mozilla
2019-02-19 22:28 - 2019-02-21 21:41 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\Mozilla
2019-02-19 22:28 - 2019-02-19 22:28 - 000000000 ____D C:\ProgramData\Mozilla
2019-02-19 22:26 - 2019-02-19 22:26 - 000000000 ____D C:\Users\ASUS\AppData\Local\OneDrive
2019-02-19 22:26 - 2019-02-19 22:26 - 000000000 ____D C:\Users\ASUS\AppData\Local\ASUS
2019-02-19 22:24 - 2019-02-22 12:51 - 000000000 ____D C:\Program Files (x86)\Steam
2019-02-19 22:24 - 2019-02-19 22:24 - 000001038 _____ C:\Users\Public\Desktop\Steam.lnk
2019-02-19 22:24 - 2019-02-19 22:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2019-02-19 22:23 - 2019-02-19 23:43 - 000000000 ____D C:\Users\ASUS\AppData\Local\PlaceholderTileLogoFolder
2019-02-19 22:12 - 2019-02-19 22:12 - 000000000 ___HD C:\Users\ASUS\MicrosoftEdgeBackups
2019-02-19 21:10 - 2019-02-22 12:58 - 000000000 ____D C:\Users\ASUS\ansel
2019-02-19 21:10 - 2019-02-19 21:10 - 000000000 ____D C:\Users\ASUS\AppData\Local\NVIDIA
2019-02-19 21:09 - 2019-02-19 21:09 - 000002143 _____ C:\Users\Public\Desktop\Frozen Throne.lnk
2019-02-19 21:09 - 2019-02-19 21:09 - 000000000 ____D C:\ProgramData\Caphyon
2019-02-19 21:08 - 2019-02-21 22:06 - 000000000 ____D C:\Program Files (x86)\Warcraft III - The Frozen Throne
2019-02-19 21:06 - 2019-02-19 21:06 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\Blizzard
2019-02-19 18:43 - 2019-02-19 18:43 - 000000000 ____D C:\Users\ASUS\AppData\Local\mbam
2019-02-19 18:42 - 2019-02-19 18:42 - 000000000 ____D C:\Users\ASUS\AppData\Local\mbamtray
2019-02-19 18:41 - 2019-02-19 18:41 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-02-19 18:41 - 2019-02-19 18:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-02-19 18:41 - 2019-02-19 18:41 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-02-19 18:41 - 2019-02-19 18:41 - 000000000 ____D C:\Program Files\Malwarebytes
2019-02-19 18:41 - 2019-02-01 11:20 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2019-02-19 18:41 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-02-19 18:35 - 2019-02-19 18:35 - 000002234 _____ C:\Users\ASUS\Desktop\Discord.lnk
2019-02-19 18:35 - 2019-02-19 18:35 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2019-02-19 18:35 - 2019-02-19 18:35 - 000000000 ____D C:\Users\ASUS\AppData\Local\SquirrelTemp
2019-02-19 18:35 - 2019-02-19 18:35 - 000000000 ____D C:\Users\ASUS\AppData\Local\Discord
2019-02-19 18:25 - 2019-02-19 18:25 - 000000000 ____D C:\Users\ASUS\AppData\LocalLow\uTorrent
2019-02-19 18:05 - 2019-02-19 18:05 - 000592616 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2019-02-19 17:15 - 2019-02-19 17:15 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\WinRAR
2019-02-19 17:14 - 2019-02-19 17:14 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2019-02-19 17:13 - 2019-02-19 17:13 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2019-02-19 17:12 - 2019-02-19 17:16 - 000000000 ____D C:\Program Files\WinRAR
2019-02-19 17:12 - 2019-02-19 17:12 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-02-19 17:12 - 2019-02-19 17:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-02-19 17:11 - 2019-02-19 18:07 - 000000000 ____D C:\ProgramData\AVAST Software
2019-02-19 17:10 - 2019-02-19 18:25 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\uTorrent
2019-02-19 17:10 - 2019-02-19 17:10 - 000000897 _____ C:\Users\ASUS\Desktop\µTorrent.lnk
2019-02-19 17:04 - 2019-02-19 17:04 - 000000307 _____ C:\Users\ASUS\Downloads\Metro Exodus CPY SKIDROW RELOADED.zip
2019-02-19 14:43 - 2019-02-19 14:43 - 000000219 _____ C:\Users\ASUS\Desktop\Dota 2.url
2019-02-19 14:28 - 2019-02-19 14:28 - 000000000 ____D C:\Users\ASUS\AppData\Local\Disc_Soft_Ltd
2019-02-19 14:24 - 2019-02-21 17:31 - 000000000 ____D C:\Windows\OCR
2019-02-19 14:24 - 2019-02-19 14:24 - 000001449 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2019-02-19 14:15 - 2019-02-19 14:15 - 000003976 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-02-19 14:15 - 2019-02-19 14:15 - 000003940 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-02-19 14:15 - 2019-02-19 14:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2019-02-19 14:15 - 2019-01-30 21:13 - 002741640 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2019-02-19 14:15 - 2019-01-30 21:13 - 002124680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2019-02-19 14:15 - 2019-01-30 21:13 - 001323400 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2019-02-19 14:14 - 2019-02-19 14:15 - 000004106 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-02-19 14:14 - 2019-02-19 14:14 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-02-19 14:14 - 2019-02-19 14:14 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-02-19 14:14 - 2019-02-19 14:14 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-02-19 14:14 - 2019-02-19 14:14 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-02-19 14:14 - 2019-02-19 14:14 - 000003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-02-19 14:14 - 2019-02-19 14:14 - 000003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-02-19 14:14 - 2019-02-19 14:14 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-02-19 14:14 - 2019-02-03 11:49 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2019-02-19 14:14 - 2018-12-19 11:03 - 000203576 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2019-02-19 14:14 - 2018-12-19 11:03 - 000179512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2019-02-19 14:13 - 2018-10-03 20:28 - 000066792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2019-02-19 14:13 - 2018-10-01 19:47 - 000070024 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2019-02-19 14:12 - 2019-02-19 14:12 - 000000000 ____D C:\Users\ASUS\AppData\Local\Windscribe
2019-02-19 14:11 - 2019-02-19 14:25 - 000000000 ____D C:\Program Files (x86)\Windscribe
2019-02-19 14:11 - 2019-02-19 14:11 - 000001146 _____ C:\Users\Public\Desktop\Windscribe.lnk
2019-02-19 14:11 - 2019-02-19 14:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windscribe
2019-02-19 14:11 - 2018-07-13 17:12 - 000054896 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tapwindscribe0901.sys
2019-02-19 14:09 - 2019-02-19 14:09 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\Macromedia
2019-02-19 14:06 - 2019-02-19 14:08 - 000000000 ____D C:\Windows\system32\MRT
2019-02-19 14:06 - 2019-02-19 14:06 - 129330784 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-02-19 13:57 - 2019-02-19 13:57 - 000001081 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2019-02-19 13:57 - 2019-02-19 13:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2019-02-19 13:57 - 2019-02-19 13:57 - 000000000 ____D C:\Program Files\VS Revo Group
2019-02-19 13:53 - 2019-02-22 07:38 - 000004210 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-02-19 13:53 - 2019-02-19 14:25 - 000000000 ____D C:\Program Files\CCleaner
2019-02-19 13:53 - 2019-02-19 13:53 - 000002886 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-02-19 13:53 - 2019-02-19 13:53 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-02-19 13:53 - 2019-02-19 13:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-02-19 13:52 - 2019-02-19 14:28 - 000001862 _____ C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Web.lnk
2019-02-19 13:51 - 2019-02-19 13:56 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\DAEMON Tools Lite
2019-02-19 13:51 - 2019-02-19 13:51 - 000059360 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2019-02-19 13:51 - 2019-02-19 13:51 - 000042256 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2019-02-19 13:51 - 2019-02-19 13:51 - 000000858 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2019-02-19 13:51 - 2019-02-19 13:51 - 000000000 ____D C:\Users\Public\Documents\Catch!
2019-02-19 13:51 - 2019-02-19 13:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\DAEMON Tools Lite
2019-02-19 13:51 - 2019-02-19 13:51 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
2019-02-19 13:51 - 2019-02-19 13:51 - 000000000 ____D C:\Program Files\DAEMON Tools Lite
2019-02-19 13:49 - 2019-02-19 13:49 - 000000000 ____D C:\Users\ASUS\AppData\Local\CEF
2019-02-19 13:48 - 2019-02-22 07:44 - 000002315 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-19 13:48 - 2019-02-22 07:44 - 000002274 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-02-19 13:48 - 2019-02-19 13:49 - 000000000 ____D C:\Users\ASUS\AppData\Local\Steam
2019-02-19 13:39 - 2019-02-19 13:57 - 000000335 _____ C:\Users\ASUS\Desktop\computer.lnk
2019-02-19 13:38 - 2019-02-19 13:48 - 000000000 ____D C:\Users\ASUS\AppData\Local\Google
2019-02-19 13:38 - 2019-02-19 13:47 - 000000000 ____D C:\Program Files (x86)\Google
2019-02-19 13:38 - 2019-02-19 13:38 - 000003456 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-02-19 13:38 - 2019-02-19 13:38 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-02-13 00:25 - 2019-02-22 12:58 - 000000000 ____D C:\Users\ASUS\AppData\Local\D3DSCache
2019-02-13 00:17 - 2019-02-13 00:17 - 000037208 _____ (ASUSTek Computer Inc.) C:\Windows\system32\Drivers\bsitf.sys
2019-02-13 00:17 - 2019-02-13 00:17 - 000000000 ____D C:\ProgramData\APRP
2019-02-13 00:16 - 2019-02-13 00:16 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2019-02-13 00:16 - 2019-02-13 00:16 - 000000000 ____D C:\Users\ASUS\AppData\Local\Comms
2019-02-13 00:14 - 2019-02-19 22:50 - 000000000 ____D C:\Users\ASUS\AppData\Local\Publishers
2019-02-13 00:02 - 2019-02-19 14:59 - 000000000 ____D C:\ProgramData\Packages
2019-02-13 00:01 - 2019-02-22 15:45 - 000000200 _____ C:\Users\ASUS\AppData\Roaming\sp_data.sys
2019-02-13 00:01 - 2019-02-19 22:24 - 000003376 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2630770035-1559974836-2095674083-1001
2019-02-13 00:01 - 2019-02-19 14:28 - 000000000 ___RD C:\Users\ASUS\OneDrive
2019-02-12 23:59 - 2019-02-22 12:58 - 000000000 ____D C:\Users\ASUS\AppData\Local\NVIDIA Corporation
2019-02-12 23:59 - 2019-02-19 22:19 - 000000000 ____D C:\Users\ASUS\AppData\Local\MicrosoftEdge
2019-02-12 23:57 - 2019-02-22 15:00 - 000000000 __SHD C:\Users\ASUS\IntelGraphicsProfiles
2019-02-12 23:57 - 2019-02-19 22:52 - 000000000 ____D C:\Users\ASUS\AppData\Local\Packages
2019-02-12 23:57 - 2019-02-19 14:26 - 000000000 ____D C:\Users\ASUS\AppData\Local\ConnectedDevicesPlatform
2019-02-12 23:57 - 2019-02-12 23:59 - 000000000 ____D C:\Users\ASUS\AppData\Local\VirtualStore
2019-02-12 23:57 - 2019-02-12 23:57 - 000000000 ___RD C:\Users\ASUS\3D Objects
2019-02-12 23:57 - 2019-02-12 23:57 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\Intel
2019-02-12 23:57 - 2019-02-12 23:57 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\Adobe
2019-02-12 23:56 - 2019-02-22 12:54 - 000000000 ____D C:\Users\ASUS
2019-02-12 23:56 - 2019-02-19 22:24 - 000002370 _____ C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-12 23:56 - 2019-02-12 23:56 - 000000020 ___SH C:\Users\ASUS\ntuser.ini
2019-02-12 23:46 - 2019-02-12 23:46 - 000000000 _SHDL C:\Documents and Settings
2019-02-12 23:42 - 2019-02-12 23:29 - 000012735 ____H C:\devlist.txt
2019-02-12 23:31 - 2019-02-12 23:41 - 000022863 _____ C:\Windows\diagwrn.xml
2019-02-12 23:31 - 2019-02-12 23:41 - 000022863 _____ C:\Windows\diagerr.xml
2019-02-12 23:23 - 2019-02-12 23:46 - 000002338 _____ C:\Windows\System32\Tasks\ASUS Hello
2019-02-12 23:16 - 2019-02-19 17:27 - 000000000 ____D C:\ProgramData\ASUS
2019-02-12 23:16 - 2019-02-12 23:46 - 000002552 _____ C:\Windows\System32\Tasks\ROG Gaming Center
2019-02-12 23:16 - 2019-02-12 23:16 - 000000000 ____D C:\Program Files\ASUS
2019-02-12 23:15 - 2019-02-12 23:15 - 000000000 ____D C:\Program Files\Microsoft Synchronization Services
2019-02-12 23:15 - 2019-02-12 23:15 - 000000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2019-02-12 23:15 - 2019-02-12 23:15 - 000000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2019-02-12 23:15 - 2019-02-12 23:15 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2019-02-12 23:13 - 2019-02-19 17:25 - 003327634 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-12 23:09 - 2019-02-19 14:42 - 000000000 ____D C:\Windows\System32\Tasks\McAfee
2019-02-12 23:06 - 2019-02-12 23:06 - 000000000 ____D C:\ProgramData\SplitMediaLabs
2019-02-12 23:06 - 2019-02-12 23:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
2019-02-12 23:06 - 2019-02-12 23:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICEpower
2019-02-12 23:06 - 2019-02-12 23:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameFirst IV
2019-02-12 23:06 - 2019-02-12 23:06 - 000000000 ____D C:\Program Files (x86)\SplitmediaLabs
2019-02-12 23:06 - 2019-02-12 23:06 - 000000000 ____D C:\Program Files (x86)\ICEpower
2019-02-12 23:06 - 2016-09-18 18:10 - 000079504 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\netfilter2.sys
2019-02-12 23:04 - 2019-02-19 16:51 - 000003980 _____ C:\Windows\System32\Tasks\Update Checker
2019-02-12 23:04 - 2019-02-19 16:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2019-02-12 23:04 - 2019-02-12 23:46 - 000001984 _____ C:\Windows\System32\Tasks\ASUS Splendid ACMON
2019-02-12 23:03 - 2019-02-19 16:51 - 000000000 ____D C:\Program Files (x86)\ASUS
2019-02-12 23:03 - 2019-02-12 23:47 - 000002924 _____ C:\Windows\System32\Tasks\ATK Package 36D18D69AFC3
2019-02-12 23:03 - 2019-02-12 23:47 - 000002214 _____ C:\Windows\System32\Tasks\ATK Package A22126881260
2019-02-12 23:02 - 2019-02-12 23:16 - 000000000 ____D C:\Program Files (x86)\ASUSTek COMPUTER INC
2019-02-12 23:02 - 2019-02-12 23:02 - 000000000 ____D C:\Program Files\DIFX
2019-02-12 23:02 - 2017-10-26 10:54 - 000329664 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsP2Stor.sys
2019-02-12 23:02 - 2016-07-14 02:40 - 009891328 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll
2019-02-12 23:01 - 2019-02-12 23:46 - 000002346 _____ C:\Windows\System32\Tasks\RtHDVBg_ListenToDevice
2019-02-12 23:01 - 2019-02-12 23:46 - 000002282 _____ C:\Windows\System32\Tasks\RTKCPL
2019-02-12 23:01 - 2019-02-12 23:01 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2019-02-12 23:01 - 2019-02-12 23:01 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2019-02-12 23:01 - 2019-02-12 23:01 - 000000000 ____D C:\Windows\system32\DAX3
2019-02-12 23:01 - 2019-02-12 23:01 - 000000000 ____D C:\Windows\system32\DAX2
2019-02-12 23:01 - 2019-02-12 23:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2019-02-12 23:01 - 2019-02-12 23:01 - 000000000 ____D C:\Program Files\Realtek
2019-02-12 23:01 - 2017-11-15 18:45 - 000258856 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2019-02-12 23:01 - 2017-11-15 18:44 - 003299816 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
2019-02-12 23:01 - 2017-11-15 18:44 - 002190976 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2019-02-12 23:01 - 2017-11-15 18:44 - 001382232 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2019-02-12 23:01 - 2017-11-15 18:44 - 001337632 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaeapo64.dll
2019-02-12 23:01 - 2017-11-15 18:44 - 000852128 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tosasfapo64.dll
2019-02-12 23:01 - 2017-11-15 18:44 - 000604792 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaemaxapo64.dll
2019-02-12 23:01 - 2017-11-15 18:44 - 000447176 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\toseaeapo64.dll
2019-02-12 23:01 - 2017-11-15 18:43 - 003121112 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2019-02-12 23:01 - 2017-11-15 18:43 - 001435136 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2019-02-12 23:01 - 2017-11-15 18:43 - 000873456 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2019-02-12 23:01 - 2017-11-15 18:43 - 000532376 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2019-02-12 23:01 - 2017-11-15 18:43 - 000467152 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2019-02-12 23:01 - 2017-11-15 18:43 - 000381400 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2019-02-12 23:01 - 2017-11-15 18:43 - 000341144 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2019-02-12 23:01 - 2017-11-15 18:43 - 000341144 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2019-02-12 23:01 - 2017-11-15 18:43 - 000221960 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2019-02-12 23:01 - 2017-11-15 18:43 - 000209528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2019-02-12 23:01 - 2017-11-15 18:43 - 000166200 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2019-02-12 23:01 - 2017-11-15 18:43 - 000158688 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2019-02-12 23:01 - 2017-11-15 18:43 - 000075536 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2019-02-12 23:01 - 2017-11-15 18:42 - 003410320 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll
2019-02-12 23:01 - 2017-11-15 18:42 - 000986992 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2019-02-12 23:01 - 2017-11-15 18:42 - 000965016 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2019-02-12 23:01 - 2017-11-15 18:42 - 000231912 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2019-02-12 23:01 - 2017-11-15 18:41 - 001016928 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDHF64.dll
2019-02-12 23:01 - 2017-11-15 18:41 - 000877424 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDHF32.dll
2019-02-12 23:01 - 2017-11-15 18:41 - 000868176 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2019-02-12 23:01 - 2017-11-15 18:41 - 000866632 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2019-02-12 23:01 - 2017-11-15 18:41 - 000737960 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.dll
2019-02-12 23:01 - 2017-11-15 18:41 - 000526280 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2019-02-12 23:01 - 2017-11-15 18:41 - 000090912 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2019-02-12 23:01 - 2017-11-15 18:41 - 000088312 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2019-02-12 23:01 - 2017-11-15 18:41 - 000083616 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2019-02-12 23:01 - 2017-10-20 04:32 - 001010648 _____ (Realtek ) C:\Windows\system32\Drivers\rt640x64.sys
2019-02-12 23:00 - 2019-02-12 23:02 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-02-12 23:00 - 2019-02-12 23:02 - 000000000 ____D C:\Program Files (x86)\Realtek
2019-02-12 23:00 - 2019-02-12 23:01 - 000000000 ___HD C:\Program Files (x86)\Temp
2019-02-12 23:00 - 2017-11-15 18:45 - 072520704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2019-02-12 23:00 - 2017-11-15 18:45 - 006038440 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2019-02-12 23:00 - 2017-11-15 18:45 - 003677152 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2019-02-12 23:00 - 2017-11-15 18:45 - 003205600 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2019-02-12 23:00 - 2017-11-15 18:45 - 002922976 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2019-02-12 23:00 - 2017-11-15 18:45 - 000023688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2019-02-12 23:00 - 2017-11-15 18:44 - 007172904 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2019-02-12 23:00 - 2017-11-15 18:44 - 007096184 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2019-02-12 23:00 - 2017-11-15 18:44 - 006264632 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2019-02-12 23:00 - 2017-11-15 18:44 - 001159176 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2019-02-12 23:00 - 2017-11-15 18:44 - 000416504 _____ (Harman) C:\Windows\system32\HMUI.dll
2019-02-12 23:00 - 2017-11-15 18:44 - 000378376 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2019-02-12 23:00 - 2017-11-15 18:44 - 000154360 _____ (Harman) C:\Windows\system32\HarmanAudioInterface.dll
2019-02-12 23:00 - 2017-11-15 18:43 - 000122312 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2019-02-12 23:00 - 2017-11-15 18:43 - 000118584 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2019-02-12 23:00 - 2017-11-15 18:43 - 000105304 _____ C:\Windows\system32\audioLibVc.dll
2019-02-12 23:00 - 2017-11-15 18:41 - 003509192 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2019-02-12 23:00 - 2017-11-15 18:41 - 000343704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2019-02-12 23:00 - 2017-11-15 18:41 - 000192976 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2019-02-12 23:00 - 2017-11-15 18:40 - 003562432 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2019-02-12 23:00 - 2017-11-15 18:40 - 003135776 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2019-02-12 23:00 - 2017-11-15 18:40 - 001351232 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2019-02-12 23:00 - 2017-11-15 18:40 - 000691672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2019-02-12 23:00 - 2017-11-15 18:40 - 000387304 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2019-02-12 23:00 - 2017-11-15 18:40 - 000321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2019-02-12 23:00 - 2017-11-15 18:40 - 000321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2019-02-12 23:00 - 2017-11-15 18:40 - 000214824 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2019-02-12 23:00 - 2017-11-15 18:40 - 000151784 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2019-02-12 23:00 - 2017-11-15 18:40 - 000110976 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2019-02-12 23:00 - 2017-11-15 18:40 - 000088344 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2019-02-12 23:00 - 2017-11-15 18:40 - 000084608 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2019-02-12 23:00 - 2017-11-15 18:39 - 001780608 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2019-02-12 23:00 - 2017-11-15 18:39 - 001591056 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2019-02-12 23:00 - 2017-11-15 18:39 - 000727432 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2019-02-12 23:00 - 2017-11-15 18:39 - 000708304 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2019-02-12 23:00 - 2017-11-15 18:39 - 000680544 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2019-02-12 23:00 - 2017-11-15 18:39 - 000447712 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2019-02-12 23:00 - 2017-11-15 18:39 - 000406448 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2APIPCLL.dll
2019-02-12 23:00 - 2017-11-15 18:39 - 000366112 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\HMAPO.dll
2019-02-12 23:00 - 2017-11-15 18:39 - 000360336 _____ (Harman) C:\Windows\system32\HMClariFi.dll
2019-02-12 23:00 - 2017-11-15 18:39 - 000203832 _____ (Harman) C:\Windows\system32\HMHVS.dll
2019-02-12 23:00 - 2017-11-15 18:39 - 000190928 _____ (Harman) C:\Windows\system32\HMEQ_Voice.dll
2019-02-12 23:00 - 2017-11-15 18:39 - 000190928 _____ (Harman) C:\Windows\system32\HMEQ.dll
2019-02-12 23:00 - 2017-11-15 18:39 - 000179592 _____ (Harman) C:\Windows\system32\HMLimiter.dll
2019-02-12 23:00 - 2017-11-15 18:39 - 000134192 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 005346984 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 002444680 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 001965808 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 001959592 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 001508928 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 001372384 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOv251.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 001259720 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOvlldp.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 000743960 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 000504296 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 000445392 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 000441264 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 000362048 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 000327448 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 000310416 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 000272712 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 000253896 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 000253856 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 000252872 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2019-02-12 23:00 - 2017-11-15 18:37 - 001544248 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOProp.dll
2019-02-12 23:00 - 2017-11-15 18:09 - 014964257 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2019-02-12 23:00 - 2017-11-15 18:09 - 005804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2019-02-12 23:00 - 2017-07-21 10:17 - 002839488 ____N (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2019-02-12 22:59 - 2019-02-12 23:47 - 000003118 _____ C:\Windows\System32\Tasks\Intel PTT EK Recertification
2019-02-12 22:54 - 2019-02-07 00:37 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2019-02-12 22:54 - 2010-05-26 20:41 - 002401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2019-02-12 22:54 - 2010-05-26 20:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2019-02-12 22:54 - 2010-05-26 20:41 - 000511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2019-02-12 22:54 - 2010-05-26 20:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2019-02-12 22:54 - 2010-05-26 20:41 - 000276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2019-02-12 22:54 - 2010-05-26 20:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2019-02-12 22:53 - 2019-02-22 15:04 - 000000000 ____D C:\ProgramData\NVIDIA
2019-02-12 22:53 - 2019-02-19 23:27 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-02-12 22:53 - 2019-02-06 20:22 - 005364776 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2019-02-12 22:53 - 2019-02-06 20:22 - 002624824 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2019-02-12 22:53 - 2019-02-06 20:22 - 001767280 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2019-02-12 22:53 - 2019-02-06 20:22 - 000651248 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2019-02-12 22:53 - 2019-02-06 20:22 - 000450768 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2019-02-12 22:53 - 2019-02-06 20:22 - 000125136 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2019-02-12 22:53 - 2019-02-06 20:22 - 000082800 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2019-02-12 22:53 - 2019-02-06 13:37 - 008491402 _____ C:\Windows\system32\nvcoproc.bin
2019-02-12 22:52 - 2019-02-19 23:28 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-02-12 22:52 - 2019-02-19 23:27 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-02-12 22:52 - 2019-02-12 22:52 - 000019428 _____ C:\Windows\system32\results.xml
2019-02-12 22:52 - 2019-02-08 15:36 - 005037936 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2019-02-12 22:52 - 2019-02-07 00:37 - 000049634 _____ C:\Windows\system32\nvinfo.pb
2019-02-12 22:52 - 2017-09-25 15:16 - 001988032 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438573.dll
2019-02-12 22:52 - 2017-09-25 15:16 - 001673664 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438573.dll
2019-02-12 22:50 - 2019-02-19 23:26 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2019-02-12 22:50 - 2019-02-12 22:50 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
2019-02-12 22:49 - 2019-02-12 22:50 - 000000000 ___HD C:\Intel
2019-02-12 22:45 - 2019-02-12 22:45 - 000000000 ___HD C:\Windows\system32\WLANProfiles
2019-02-12 22:44 - 2019-02-12 23:16 - 000000000 ____D C:\ProgramData\Intel
2019-02-12 22:44 - 2019-02-12 23:16 - 000000000 ____D C:\Program Files (x86)\Intel
2019-02-12 22:44 - 2019-02-12 22:59 - 000000000 ____D C:\Program Files\Intel
2019-02-12 22:44 - 2019-02-12 22:44 - 000000000 ____D C:\Program Files\Common Files\Intel
2019-02-12 22:42 - 2019-02-12 23:47 - 000002856 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2630770035-1559974836-2095674083-500
2019-02-12 22:38 - 2019-02-12 22:38 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2019-02-12 22:36 - 2019-02-19 17:22 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-02-12 22:24 - 2019-02-12 22:02 - 000000097 _____ C:\Windows\AsPEToolVer.txt
2019-02-12 22:24 - 2018-05-16 04:54 - 000000055 _____ C:\Windows\AsToolCDVer.txt
2019-02-12 22:23 - 2018-06-06 02:35 - 000000057 _____ C:\Windows\AsKitVer.txt
2019-02-12 22:23 - 2018-05-16 04:51 - 000000063 _____ C:\Windows\AsProcKitVer.txt

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-22 16:09 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-22 15:06 - 2018-09-15 08:31 - 000000000 ____D C:\Windows\INF
2019-02-22 14:59 - 2018-12-22 06:02 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-22 14:59 - 2018-12-22 06:02 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-02-22 14:58 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\LiveKernelReports
2019-02-22 00:30 - 2018-09-15 07:09 - 000524288 _____ C:\Windows\system32\config\BBI
2019-02-21 17:42 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\AppReadiness
2019-02-21 10:22 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-21 10:18 - 2018-09-15 08:23 - 000000000 ____D C:\Windows\CbsTemp
2019-02-20 09:22 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\appcompat
2019-02-19 22:17 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2019-02-19 18:41 - 2018-09-15 08:33 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-02-19 18:22 - 2018-12-22 06:02 - 000000000 ____D C:\Windows\system32\Drivers\wd
2019-02-19 18:10 - 2018-09-15 08:33 - 000000000 ___RD C:\Program Files\Windows Defender
2019-02-19 17:52 - 2018-09-15 10:08 - 000000000 ____D C:\Windows\SysWOW64\winrm
2019-02-19 17:52 - 2018-09-15 10:08 - 000000000 ____D C:\Windows\SysWOW64\WCN
2019-02-19 17:52 - 2018-09-15 10:08 - 000000000 ____D C:\Windows\SysWOW64\slmgr
2019-02-19 17:52 - 2018-09-15 10:08 - 000000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2019-02-19 17:52 - 2018-09-15 10:08 - 000000000 ____D C:\Windows\system32\winrm
2019-02-19 17:52 - 2018-09-15 10:08 - 000000000 ____D C:\Windows\system32\WCN
2019-02-19 17:52 - 2018-09-15 10:08 - 000000000 ____D C:\Windows\system32\slmgr
2019-02-19 17:52 - 2018-09-15 10:08 - 000000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2019-02-19 17:52 - 2018-09-15 08:33 - 000000000 ___SD C:\Windows\SysWOW64\F12
2019-02-19 17:52 - 2018-09-15 08:33 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2019-02-19 17:52 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\SysWOW64\oobe
2019-02-19 17:52 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\SysWOW64\Dism
2019-02-19 17:52 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\SysWOW64\com
2019-02-19 17:52 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2019-02-19 17:52 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2019-02-19 17:52 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2019-02-19 17:52 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\oobe
2019-02-19 17:52 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\migwiz
2019-02-19 17:52 - 2018-09-15 07:09 - 000000000 ____D C:\Windows\system32\Sysprep
2019-02-19 17:51 - 2018-09-15 10:11 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2019-02-19 17:51 - 2018-09-15 10:11 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2019-02-19 17:51 - 2018-09-15 08:33 - 000000000 ___SD C:\Windows\system32\F12
2019-02-19 17:51 - 2018-09-15 08:33 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2019-02-19 17:51 - 2018-09-15 08:33 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2019-02-19 17:51 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\com
2019-02-19 17:51 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\PolicyDefinitions
2019-02-19 17:51 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\IME
2019-02-19 17:51 - 2018-09-15 08:33 - 000000000 ____D C:\Program Files\Common Files\system
2019-02-19 17:51 - 2018-09-15 08:33 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2019-02-19 17:51 - 2018-09-15 07:09 - 000000000 ____D C:\Windows\system32\Dism
2019-02-19 17:51 - 2018-09-15 07:09 - 000000000 ____D C:\Windows\servicing
2019-02-13 00:16 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\ServiceState
2019-02-12 23:57 - 2018-12-22 05:27 - 000000000 ____D C:\Windows\Log
2019-02-12 23:53 - 2018-12-22 06:02 - 000266376 _____ C:\Windows\system32\FNTCACHE.DAT
2019-02-12 23:44 - 2018-12-22 05:27 - 000000000 ____D C:\eSupport
2019-02-12 23:43 - 2018-12-22 05:27 - 000000000 ____D C:\Windows\Panther
2019-02-12 23:41 - 2018-09-15 07:09 - 000032768 _____ C:\Windows\system32\config\ELAM
2019-02-12 23:29 - 2018-12-22 05:27 - 000000000 ____D C:\Windows\ASUS
2019-02-12 22:53 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\Help
2019-02-12 22:19 - 2018-09-15 08:31 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2019-02-01 23:31 - 2018-09-15 08:36 - 000835480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-02-01 23:31 - 2018-09-15 08:36 - 000179600 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2019-02-13 00:01 - 2019-02-22 15:45 - 000000200 _____ () C:\Users\ASUS\AppData\Roaming\sp_data.sys
2019-02-21 21:52 - 2019-02-21 21:52 - 000000425 _____ () C:\Users\ASUS\AppData\Local\UserProducts.xml

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Boris
Návštěvník
Návštěvník
Příspěvky: 94
Registrován: 18 úno 2015 17:26

Re: Malware

#8 Příspěvek od Boris »

Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.02.2019 02
Ran by ASUS (22-02-2019 16:09:31)
Running from C:\Users\ASUS\Desktop
Windows 10 Home Version 1809 17763.168 (X64) (2019-02-12 22:48:40)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2630770035-1559974836-2095674083-500 - Administrator - Disabled)
ASUS (S-1-5-21-2630770035-1559974836-2095674083-1001 - Administrator - Enabled) => C:\Users\ASUS
DefaultAccount (S-1-5-21-2630770035-1559974836-2095674083-503 - Limited - Disabled)
Guest (S-1-5-21-2630770035-1559974836-2095674083-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2630770035-1559974836-2095674083-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2630770035-1559974836-2095674083-1001\...\uTorrent) (Version: 3.5.5.44994 - BitTorrent Inc.)
Aktualizácie NVIDIA 35.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 35.0.0.0 - NVIDIA Corporation) Hidden
ASUS Device Activation (HKLM-x32\...\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}) (Version: 1.0.4.0 - ASUSTeK COMPUTER INC.)
ASUS GiftBox Service (HKLM-x32\...\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}) (Version: 3.0.8 - ASUSTeK COMPUTER INC.)
ASUS Hello (HKLM-x32\...\{D8CE1923-92A9-4036-817E-9E0D8AA2169B}) (Version: 1.0.5 - ASUSTeK COMPUTER INC.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.6.6 - ASUSTeK COMPUTER INC.)
ASUS PTP Driver (HKLM-x32\...\{7618E419-9124-4E6C-9AF4-487A6DDEC1C5}) (Version: 11.0.22 - ASUSTek COMPUTER INC.)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.19.0004 - ASUS)
ATK Package (ASUS Keyboard Hotkeys) (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0057 - ASUSTeK COMPUTER INC.)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.2.9 - ICEpower a/s)
CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.10.0.0770 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-2630770035-1559974836-2095674083-1001\...\Discord) (Version: 0.0.304 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 418.91 - NVIDIA Corporation) Hidden
GameFirst IV (HKLM-x32\...\{370651DD-8ABF-4807-9533-0869FDF79BFA}) (Version: 1.5.31 - ASUSTeK COMPUTER INC.) Hidden
GameFirst IV (HKLM-x32\...\GameFirst IV 1.5.31) (Version: 1.5.31 - ASUSTeK COMPUTER INC.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.119 - Spoločnosť Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1043 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4849 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.9.0.1015 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1725.1 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000010-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.10.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{766125c2-307e-4cf5-a246-e0338e1e30a9}) (Version: 20.10.1 - Intel Corporation)
Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains)
Malwarebytes verzia 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Metro Exodus (HKLM-x32\...\{F25D08D9-EBE0-4C15-AAD2-50B446E85B17}_is1) (Version: - 4A Games)
Microsoft OneDrive (HKU\S-1-5-21-2630770035-1559974836-2095674083-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Mozilla Firefox 65.0.1 (x64 sk) (HKLM\...\Mozilla Firefox 65.0.1 (x64 sk)) (Version: 65.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 65.0.1 - Mozilla)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.13 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.17.0.126 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.17.0.126 - NVIDIA Corporation)
NVIDIA Grafický ovládač 418.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 418.91 - NVIDIA Corporation)
NVIDIA Ovládač 3D Vision 418.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 418.91 - NVIDIA Corporation)
NVIDIA Softvér systému s podporou technológie PhysX 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
Ovládací panel NVIDIA 418.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 418.91 - NVIDIA Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.16299.29095 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.23.1003.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8302 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.6 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.6 - VS Revo Group, Ltd.)
ROG Gaming Center (HKLM\...\{CC182DBF-FC67-4F79-9930-6A2682E60BDD}) (Version: 2.1.5 - ASUSTeK COMPUTER INC.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Warcraft III - The Frozen Throne v1.26 (HKLM-x32\...\Warcraft III - The Frozen Throne v1.26 1.26) (Version: 1.26 - Blizzard)
Windows Driver Package - ASUSTek COMPUTER INC. (AsusPTPDrv) HIDClass (08/02/2017 11.0.0.18) (HKLM\...\E90A37D273EA609437C18750E3A7AB5C391A4E33) (Version: 08/02/2017 11.0.0.18 - ASUSTek COMPUTER INC.)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.83 Build 18 - Windscribe Limited)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.5 - ASUSTeK COMPUTER INC.)
WinRAR 5.70 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.1 - win.rar GmbH)
XSplit Gamecaster (HKLM-x32\...\{A39B5969-9683-49F9-AA69-F40EF0D91441}) (Version: 3.0.1705.3123 - SplitmediaLabs)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2630770035-1559974836-2095674083-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Windows -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-19] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-19] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-02-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-02-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_284fc0001ef3d612\igfxDTCM.dll [2017-12-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2019-02-06] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-19] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-19] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00A8F6B5-64EE-472D-A3FD-2D789BF430DC} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0BBC1D3A-5320-4C45-8669-81EFE50ADA1D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {17EB3C41-4400-44D4-8B26-BECF84EF3EDA} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1AEE6ED7-7013-49ED-A4F3-97DFB725B18A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {2941AD78-06AA-4189-B8B0-0514ABEE0B1C} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {35512286-1E16-4F71-A799-F4688B71018F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {4495358F-9DCA-479B-AF4E-904649874D9D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {48313DE5-781D-41D0-9448-2E2A1C534B23} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {4BBB7A18-777D-4FC5-93C3-64CE408BE47C} - System32\Tasks\ROG Gaming Center => C:\Program Files (x86)\ASUSTeK COMPUTER INC\ROG Gaming Center\ROGGamingKey.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {4D8F9CA7-08F1-4B2F-AD8B-8BAD891E2736} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4F6E5BA3-1695-4F64-A62B-E001CAE811CA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {68B2C10E-171B-44A2-A964-7626DEADD915} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {7F1776E5-60D1-4A04-9FFD-B30C8B42F375} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9016DD39-8264-456C-ABB3-D3E325D0C968} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {92EF4C8D-1F27-41F5-AD7E-0B566F5211F7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {9757AAA3-87EB-42AF-B3CC-E74EC2380317} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {9DFAB387-C09F-4392-B716-D41494E61C5A} - System32\Tasks\ASUS Hello => C:\Program Files (x86)\ASUS\ASUS Hello\ASUSHelloBG.exe (ASUSTeK Computer Inc. -> )
Task: {9FC0B12E-3786-4B49-A5E7-3D62A66E3CCA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {AA175071-ABFD-47B1-A7CE-86A84BA6CA6A} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) [File not signed]
Task: {AFD3D772-85EC-41C4-B78F-DC998794A448} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {B5555066-082B-464B-A544-F0E2C653EA00} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {BC5293AE-2392-40E9-BB4D-395E7CC22805} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C9EBBE81-7FB4-4A39-B3CB-E090DDB7CE2A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CB3E51A2-176D-4B83-B3A7-B4F2936A410C} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe () [File not signed]
Task: {E108B2D9-1A2A-4256-8995-1F51D388FAE1} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {E527791F-9B43-4BCB-835E-F10D4A37EE42} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E7218DC2-FF17-470C-B353-4274FCDDC647} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {FB4BF084-C590-4739-BEAB-FC5DED772109} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-02-12 22:53 - 2019-02-06 20:22 - 000154504 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2019-02-19 14:14 - 2019-01-30 21:13 - 001315208 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-11-24 04:18 - 2017-11-24 04:18 - 000609168 _____ () C:\Program Files (x86)\ASUS\ASUS Hello\ASUSHelloBG.exe
2018-09-15 08:28 - 2018-09-15 08:28 - 000834088 _____ () C:\Windows\SYSTEM32\inputhost.dll
2018-09-15 08:28 - 2018-09-15 08:28 - 000474624 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-22 05:57 - 2018-12-22 05:57 - 002801152 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-09-15 08:28 - 2018-09-15 08:28 - 001740288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-09-15 10:12 - 2018-09-15 10:12 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-02-19 14:40 - 2019-02-19 14:40 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2019-02-19 14:40 - 2019-02-19 14:41 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2019-02-19 14:40 - 2019-02-19 14:40 - 010541568 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2019-02-19 14:40 - 2019-02-19 14:41 - 002933760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\skypert.dll
2019-02-19 14:40 - 2019-02-19 14:41 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2019-02-19 14:48 - 2019-02-19 14:48 - 006940160 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20388.0_x64__8wekyb3d8bbwe\YourPhone.exe
2019-02-19 14:48 - 2019-02-19 14:48 - 002456576 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20388.0_x64__8wekyb3d8bbwe\YourPhone.AppCore.dll
2019-02-19 14:48 - 2019-02-19 14:48 - 000254976 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20388.0_x64__8wekyb3d8bbwe\AppConfig.dll
2019-02-19 22:23 - 2019-02-19 22:31 - 001004032 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20388.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2019-02-19 14:48 - 2019-02-19 14:48 - 003318784 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20388.0_x64__8wekyb3d8bbwe\PhoneCommunicationAppService.dll
2019-02-19 14:38 - 2019-02-19 14:39 - 000282624 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2019-02-19 14:38 - 2019-02-19 14:39 - 002538056 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-02-19 14:36 - 2019-02-19 14:39 - 000481280 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2019-02-19 14:36 - 2019-02-19 14:39 - 080636416 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2019-02-19 14:36 - 2019-02-19 14:39 - 000012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2019-02-19 14:36 - 2019-02-19 14:39 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2019-02-19 14:36 - 2019-02-19 14:39 - 003824640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2019-02-19 14:36 - 2019-02-19 14:39 - 014225408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2019-02-19 14:36 - 2019-02-19 14:37 - 002871296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2019-02-19 14:36 - 2019-02-19 14:39 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-09-15 10:15 - 2018-09-15 10:15 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-02-19 14:36 - 2019-02-19 14:39 - 000146432 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\SKU.dll
2017-10-27 23:15 - 2017-10-27 23:15 - 000050064 _____ () C:\Program Files (x86)\ASUS\ASUS Hello\AsGAUpd.dll
2019-02-19 14:14 - 2019-01-30 21:13 - 001033096 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-09-25 22:28 - 2017-09-25 22:28 - 001244304 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-10-13 07:17 - 2016-10-13 07:17 - 000033280 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2016-10-13 07:17 - 2016-10-13 07:17 - 000125440 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2016-10-13 07:17 - 2016-10-13 07:17 - 000029184 _____ () C:\Program Files (x86)\ASUS\Splendid\VideoEnhance.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2630770035-1559974836-2095674083-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2630770035-1559974836-2095674083-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-02-19 14:29 - 2019-02-21 23:44 - 000000841 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-2630770035-1559974836-2095674083-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ASUS\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\bobo4.jpg
DNS Servers: 147.175.130.10 - 147.175.137.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKU\S-1-5-21-2630770035-1559974836-2095674083-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-2630770035-1559974836-2095674083-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2630770035-1559974836-2095674083-1001\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-2630770035-1559974836-2095674083-1001\...\StartupApproved\Run: => "Discord"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{304DB113-57C7-4BA3-BBF5-669868C3E6D7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16040.10730.20103.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe No File
FirewallRules: [{1CAFAC6B-F1CB-405F-BAE0-82CEE5A1AD16}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel(R) Wireless Connectivity Solutions -> )
FirewallRules: [{F744316D-F211-42D9-830E-34A9F03250CB}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe (SplitmediaLabs Limited -> SplitmediaLabs)
FirewallRules: [{745C6DB0-4030-4858-98AD-691E47283877}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe (SplitmediaLabs Limited -> SplitmediaLabs)
FirewallRules: [{1BFD642C-A806-4238-9A6D-E2486B78867F}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.cam.exe (SplitmediaLabs Limited -> SplitmediaLabs Limited)
FirewallRules: [{D345CDBF-5F61-4DAE-A045-3AE6131F3502}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.cam.exe (SplitmediaLabs Limited -> SplitmediaLabs Limited)
FirewallRules: [{4A492495-87CC-484E-A309-12FE1EB1BDEE}] => (Allow) C:\Program Files (x86)\ASUSTeK COMPUTER INC\ROG Gaming Center\ROGGCAndroidService.exe (ASUSTeK Computer Inc. -> ASUSTeK COMPUTER INC.)
FirewallRules: [{A5EDCECA-6741-4B38-86A7-A85AE6FAE5F3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{C32857AC-0848-4CC4-8EF6-A8E20A6F8557}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{B1608FEC-4D9C-437E-9FBB-9FD56B170602}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{2AF14565-0E8C-4486-AA72-6D3E92F3EA57}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{1F551CB6-0F13-4FB4-ADF4-4E7F186D6E5D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{FB0289F0-517F-4370-BC6C-BC1B67F1C127}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9B48F30C-FFB2-4C77-8919-7B966CA14653}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{147103CA-7E76-4FA5-98A7-9498942178C1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{51E868C9-2C3A-4B9D-83F1-F4BC9978BA29}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{CC0973CA-1E7B-4C29-8B20-2D10131A1740}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{51D73BD1-1927-4F21-9FCE-5F8863063E8A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{E1971B11-1DAC-4820-8F12-CED89450B515}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Block) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [UDP Query User{18AC37FA-A972-4BE7-AAD4-EB78A48DB02A}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Block) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [{A4DD4942-FF7F-4708-9F31-DE017065D228}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{1EADFC3A-0891-4E94-BF39-C4968BDBD3C4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{6AFD4713-27F9-4BF7-85DC-6B66F4D082E9}] => (Allow) F:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{CF863CCC-B6E8-443A-A361-F77B9C6A7028}] => (Allow) F:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [TCP Query User{E9165C49-C338-4EA7-888D-DD8B1F3F1CCC}C:\users\asus\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\asus\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{4BC2E9DA-506C-4C36-A3CD-BBD005257D98}C:\users\asus\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\asus\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{8C99E163-4768-476E-9EB1-B3EED76D6ED9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

19-02-2019 23:57:38 Inštalátor modulov systému Windows
20-02-2019 20:08:02 Inštalátor modulov systému Windows
21-02-2019 21:39:55 Revo Uninstaller's restore point - Mozilla Maintenance Service
22-02-2019 12:28:41 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/22/2019 03:01:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: MetroExodus.exe, verzia: 1.0.0.0, časová značka: 0x5c641104
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.17763.168, časová značka: 0xe66d9775
Kód výnimky: 0xc0000005
Odstup chyby: 0x000000000001de43
Identifikácia chybujúceho procesu: 0x1618
Čas spustenia chybujúcej aplikácie: 0x01d4cab723185828
Cesta chybujúcej aplikácie: F:\Metro Exodus\MetroExodus.exe
Cesta chybujúceho modulu: C:\Windows\SYSTEM32\ntdll.dll
Identifikácia hlásenia: ac1a5edd-a165-4a17-990c-f756dd4ba49d
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (02/22/2019 12:51:41 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

Error: (02/21/2019 11:43:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: DaS_21.exe, verzia: 2.1.0.4, časová značka: 0x540c90b2
Názov chybujúceho modulu: KERNELBASE.dll, verzia: 10.0.17763.134, časová značka: 0x1659a33b
Kód výnimky: 0xe0434352
Odstup chyby: 0x0000000000055299
Identifikácia chybujúceho procesu: 0x2328
Čas spustenia chybujúcej aplikácie: 0x01d4ca36d370cf66
Cesta chybujúcej aplikácie: C:\Users\ASUS\AppData\Local\Temp\DaS_21.exe
Cesta chybujúceho modulu: C:\Windows\System32\KERNELBASE.dll
Identifikácia hlásenia: 2993df16-4aac-4f2d-96b4-3767ab4e6ca1
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (02/21/2019 11:43:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DaS_21.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
at System.IO.__Error.WinIOError(Int32, System.String)
at System.Console.SetWindowSize(Int32, Int32)
at DriverAndServicesOut.Program.Main(System.String[])

Error: (02/21/2019 11:43:07 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (02/21/2019 09:38:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (02/21/2019 09:38:05 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {24560a51-0ed8-4077-86f5-0da1a39c9e9e}

Error: (02/21/2019 10:10:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchUI.exe version 10.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2c54

Start Time: 01d4c9c4f34fe84c

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

Report Id: 4ab42b05-dcd3-45e1-a134-380d727d4bee

Faulting package full name: Microsoft.Windows.Cortana_1.11.5.17763_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: CortanaUI

Hang type: Quiesce


System errors:
=============
Error: (02/22/2019 04:01:53 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-6SHUAF6D)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user LAPTOP-6SHUAF6D\ASUS SID (S-1-5-21-2630770035-1559974836-2095674083-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/22/2019 04:01:53 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-6SHUAF6D)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user LAPTOP-6SHUAF6D\ASUS SID (S-1-5-21-2630770035-1559974836-2095674083-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/22/2019 03:46:05 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-6SHUAF6D)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user LAPTOP-6SHUAF6D\ASUS SID (S-1-5-21-2630770035-1559974836-2095674083-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/22/2019 03:46:05 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-6SHUAF6D)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user LAPTOP-6SHUAF6D\ASUS SID (S-1-5-21-2630770035-1559974836-2095674083-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/22/2019 03:06:11 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: Počítač sa po kontrole chýb reštartoval. Kontrola chýb: 0x00000116 (0xffffac8dba7b5010, 0xfffff8033588eb58, 0xffffffffc000009a, 0x0000000000000004). Výpis sa uložil do súboru: C:\Windows\MEMORY.DMP. Identifikácia hlásenia: 1f35eff8-b1ee-487a-8a6b-c86a706fd993.

Error: (02/22/2019 03:02:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.SecurityAppBroker
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/22/2019 03:02:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/22/2019 03:02:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2019-02-21 17:30:57.123
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D09EF8AC-6855-4392-84EB-ECDD366B4A5B}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-02-21 11:39:48.012
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {B8769987-A5DC-4969-B934-E31E03E6A2DD}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-02-20 23:51:08.957
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {96D54E06-7950-4858-9EA9-04E6CF421831}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-02-20 20:58:50.392
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {BE3788EC-78BD-4E0C-A969-EAA321B9CBBD}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-02-19 18:06:33.419
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 1.287.338.0
Previous Signature Version: 1.273.933.0
Update Source: User
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 1.1.15700.8
Previous Engine Version: 1.1.15700.8
Error code: 0x80509004
Error description: Vyskytol sa neočakávaný problém. Nainštalujte všetky dostupné aktualizácie a potom znova skúste spustiť program. Informácie o inštalácii programov nájdete v Pomoci a technickej podpore.

Date: 2019-02-19 18:06:33.419
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 1.287.338.0
Previous Signature Version: 1.273.933.0
Update Source: User
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 1.1.15700.8
Previous Engine Version: 1.1.15700.8
Error code: 0x80509004
Error description: Vyskytol sa neočakávaný problém. Nainštalujte všetky dostupné aktualizácie a potom znova skúste spustiť program. Informácie o inštalácii programov nájdete v Pomoci a technickej podpore.

Date: 2019-02-19 18:06:32.651
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.273.933.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15700.8
Error code: 0x80240022
Error description: Program nemôže skontrolovať aktualizácie definícií.

CodeIntegrity:
===================================

Date: 2019-02-19 17:26:34.565
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-02-19 17:26:34.563
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-02-19 17:26:34.554
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-02-19 17:26:34.552
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-02-19 14:29:03.968
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\mcafee.com\agent\mcupdate.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-02-19 14:29:03.914
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\mcafee.com\agent\mcupdate.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-02-19 14:29:03.802
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\mcafee.com\agent\mcupdate.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-02-19 14:29:03.730
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\mcafee.com\agent\mcupdate.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-7300HQ CPU @ 2.50GHz
Percentage of memory in use: 48%
Total physical RAM: 8077.02 MB
Available physical RAM: 4175.9 MB
Total Virtual: 12367.37 MB
Available Virtual: 6847.62 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:491.01 GB) (Free:346.6 GB) NTFS
Drive f: (Jednotka) (Fixed) (Total:439.45 GB) (Free:366.51 GB) NTFS

\\?\Volume{8e850a0f-1ca7-44a6-8891-00584dfa9b53}\ (RECOVERY) (Fixed) (Total:0.78 GB) (Free:0.36 GB) NTFS
\\?\Volume{7dd30c7b-18a4-4418-969c-b86e17ef7e6c}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2D7BE537)

Partition: GPT.

==================== End of Addition.txt ============================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118152
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Malware

#9 Příspěvek od Rudy »

Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Boris
Návštěvník
Návštěvník
Příspěvky: 94
Registrován: 18 úno 2015 17:26

Re: Malware

#10 Příspěvek od Boris »

Niečo to odstránilo ale nevyriešilo. Stále mi to otvára na nejaku stránku a malwarebytes stale blokuje tie stránky. Scan som spravil 2 krat.
1. krát C00

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-02-21.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-22-2019
# Duration: 00:00:05
# OS: Windows 10 Home
# Cleaned: 4
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1744 octets] - [22/02/2019 17:47:51]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

2.krát C01

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-02-21.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-22-2019
# Duration: 00:00:01
# OS: Windows 10 Home
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1744 octets] - [22/02/2019 17:47:51]
AdwCleaner[C00].txt - [1856 octets] - [22/02/2019 17:48:16]
AdwCleaner[S01].txt - [1372 octets] - [22/02/2019 17:58:03]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########


1. krat S00

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-02-21.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-22-2019
# Duration: 00:00:09
# OS: Windows 10 Home
# Scanned: 31818
# Detected: 4


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
PUP.Optional.WebCompanion HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

2. krat S01

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-02-21.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-22-2019
# Duration: 00:00:07
# OS: Windows 10 Home
# Scanned: 31818
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [1744 octets] - [22/02/2019 17:47:51]
AdwCleaner[C00].txt - [1856 octets] - [22/02/2019 17:48:16]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118152
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Malware

#11 Příspěvek od Rudy »

Dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Boris
Návštěvník
Návštěvník
Příspěvky: 94
Registrován: 18 úno 2015 17:26

Re: Malware

#12 Příspěvek od Boris »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.02.2019 02
Ran by ASUS (administrator) on LAPTOP-6SHUAF6D (22-02-2019 18:59:31)
Running from C:\Users\ASUS\Desktop
Loaded Profiles: ASUS (Available Profiles: ASUS)
Platform: Windows 10 Home Version 1809 17763.316 (X64) Language: Slovenčina (Slovensko)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_284fc0001ef3d612\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_284fc0001ef3d612\IntelCpHDCPSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS GiftBox Service\GiftBoxService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_284fc0001ef3d612\IntelCpHeciSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUSTek COMPUTER INC\ROG Gaming Center\ROGGamingKey.exe
() C:\Program Files (x86)\ASUS\ASUS Hello\ASUSHelloBG.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_284fc0001ef3d612\igfxEM.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK COMPUTER INC.) C:\Program Files (x86)\ASUSTek COMPUTER INC\ROG Gaming Center\ROGGamingCenterService.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20453.0_x64__8wekyb3d8bbwe\YourPhone.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(ASUS) C:\Program Files\WindowsApps\B9ECED6F.ROGAuraCore_2.1.30.0_x86__qmba6cd70vzyy\AuraListen.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [SecurityHealth] => C:\Windows\system32\SecurityHealthSystray.exe [83968 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
HKU\S-1-5-21-2630770035-1559974836-2095674083-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [735336 2019-02-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-2630770035-1559974836-2095674083-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [10097840 2018-09-07] (Windscribe Limited -> Windscribe Limited)
HKU\S-1-5-21-2630770035-1559974836-2095674083-1001\...\Run: [Discord] => C:\Users\ASUS\AppData\Local\Discord\app-0.0.304\Discord.exe [81747288 2019-01-15] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-2630770035-1559974836-2095674083-1001\...\MountPoints2: {ea204584-2f1c-11e9-8ecf-8878732e08af} - "E:\setup.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\Installer\chrmstp.exe [2019-02-22] (Google LLC -> Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\updateSteam.bat [2018-02-03] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 147.175.130.10 147.175.137.20 147.175.1.11
Tcpip\..\Interfaces\{0a28b5ae-26ce-428a-bd83-873bd8529b64}: [DhcpNameServer] 147.175.130.10 147.175.137.20 147.175.1.11
Tcpip\..\Interfaces\{3e58615b-8090-4847-bf0d-d163c8ef737f}: [DhcpNameServer] 147.175.130.10 147.175.137.20 147.175.1.11

Internet Explorer:
==================
HKU\S-1-5-21-2630770035-1559974836-2095674083-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-2630770035-1559974836-2095674083-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2630770035-1559974836-2095674083-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}

FireFox:
========
FF DefaultProfile: 10tpobol.default
FF ProfilePath: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\10tpobol.default [2019-02-22]
FF NewTab: Mozilla\Firefox\Profiles\10tpobol.default -> about:newtab
FF Extension: (Black - Brushed - Metal) - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\10tpobol.default\Extensions\{2fbc813c-b821-4242-918b-7b5799e06eea}.xpi [2019-02-21]
FF Extension: (Black-gray gradient) - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\10tpobol.default\Extensions\{57b60e61-e238-4976-b42c-00c393e28ef4}.xpi [2019-02-21]
FF Extension: (Black and grey wood) - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\10tpobol.default\Extensions\{61255482-4ade-421e-87fd-85315cc8d6a4}.xpi [2019-02-21]
FF Extension: (dark black and brown wood) - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\10tpobol.default\Extensions\{6b1bc377-7a80-4d63-9e3e-4391632bf47c}.xpi [2019-02-21]
FF Extension: (Black Feathers) - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\10tpobol.default\Extensions\{855e3765-b569-4345-9f0c-60342b0cb5a0}.xpi [2019-02-21]
FF Extension: (Brushed Black Metal) - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\10tpobol.default\Extensions\{860aef89-cc58-40cd-99d2-436a2e68d975}.xpi [2019-02-21]
FF Extension: (Black wgreen) - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\10tpobol.default\Extensions\{f653e2e0-8a54-45f4-a038-ff90698f0444}.xpi [2019-02-21]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2019-02-06] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2019-02-06] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-02-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-02-19] (Google Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AsHidService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [127864 2017-07-28] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
S3 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [326032 2018-06-05] (ASUSTeK Computer Inc. -> )
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4132456 2019-02-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 GiftBox.Service; C:\Program Files (x86)\ASUS\ASUS GiftBox Service\GiftBoxService.exe [273880 2017-10-21] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [542392 2017-11-18] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-09-21] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-09-21] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [197264 2017-09-25] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268968 2017-10-24] (Intel(R) Wireless Connectivity Solutions -> )
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
R3 ROGGamingCenterService; C:\Program Files (x86)\ASUSTeK COMPUTER INC\ROG Gaming Center\ROGGamingCenterService.exe [31744 2017-09-12] (ASUSTeK COMPUTER INC.) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-02-19] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-02-19] (Microsoft Corporation -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [493232 2018-09-07] (Windscribe Limited -> Windscribe Limited)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18264 2017-05-12] (Intel(R) Extreme Tuning Utility -> Intel(R) Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3758760 2017-10-24] (Intel(R) Wireless Connectivity Solutions -> Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AsusPTPDrv; C:\Windows\System32\drivers\AsusPTPFilter.sys [100752 2017-08-16] (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
S3 bsitf; C:\Windows\system32\DRIVERS\bsitf.sys [37208 2019-02-13] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [42256 2019-02-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [59360 2019-02-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R3 HIDSwitch; C:\Windows\System32\drivers\AsRadioControl.sys [31112 2017-05-02] (ASUSTeK Computer Inc. -> ASUS)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [136200 2017-11-18] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 IntcDAud; C:\Windows\system32\DRIVERS\IntcDAud.sys [808944 2017-11-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel(R) Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37912 2017-04-18] (Intel Corporation -> Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198512 2019-02-20] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [127136 2019-02-22] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [72864 2019-02-22] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-02-22] (Malwarebytes Corporation -> Malwarebytes)
R1 netfilter2; C:\Windows\System32\drivers\netfilter2.sys [79504 2016-09-18] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7638536 2017-10-30] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
S3 Netwtw06; C:\Windows\System32\drivers\Netwtw06.sys [8723968 2018-09-15] (Microsoft Windows -> Intel Corporation)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_892f6532cdcad6cc\nvlddmkm.sys [20707744 2019-02-08] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-01-16] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [66792 2018-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
R3 RSP2STOR; C:\Windows\System32\drivers\RtsP2Stor.sys [329664 2017-10-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [1010648 2017-10-20] (Realtek Semiconductor Corp. -> Realtek )
R3 tapwindscribe0901; C:\Windows\System32\drivers\tapwindscribe0901.sys [54896 2018-07-13] (Windscribe Limited -> The OpenVPN Project)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46472 2019-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [333792 2019-02-19] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [62432 2019-02-19] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-22 18:27 - 2019-02-22 18:31 - 000072864 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-02-22 18:26 - 2019-02-22 18:31 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-02-22 18:26 - 2019-02-22 18:26 - 000127136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-02-22 17:46 - 2019-02-22 17:48 - 000000000 ____D C:\AdwCleaner
2019-02-22 17:46 - 2019-02-22 17:46 - 007316688 _____ (Malwarebytes) C:\Users\ASUS\Downloads\adwcleaner_7.2.7.0.exe
2019-02-22 17:15 - 2019-02-22 17:15 - 026807296 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 024617472 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 023439360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 020812288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 019284480 _____ (Microsoft Corporation) C:\Windows\system32\HologramWorld.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 019023872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 015224832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 012858368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 012151808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 011724288 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 009941504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 008875520 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 007897088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 007883776 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 007724992 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 006540424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 006070272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 005584864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 005440008 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 005205464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 005112792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 005086208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 004885504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 004688896 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 004627456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 004526080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 003952952 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Mirage.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 003922944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 003743744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 003656192 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 003550384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 002986352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Mirage.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 002942464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 002776920 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 002689024 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 002469648 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 002392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcGenral.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 002323696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 002298880 _____ (Microsoft Corporation) C:\Windows\system32\ResetEngine.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 002278448 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 002275888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 001899160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 001783296 _____ (Microsoft Corporation) C:\Windows\system32\wsp_health.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 001720936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 001700864 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 001674480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 001671864 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 001484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 001467560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 001387520 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvruserservice.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 001309696 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 001309184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_health.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 001289192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 001282640 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 001271608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContentDeliveryManager.Utilities.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 001259024 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2019-02-22 17:15 - 2019-02-22 17:15 - 001254912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 001224704 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 001200920 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 001168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 001110528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 001098136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 001064448 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 001057976 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 001047552 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 001022464 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.MixedRealityCapture.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 001018880 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000972288 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000913920 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000912384 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000875008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000870400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000854784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000840192 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000833536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000829440 _____ (Microsoft Corporation) C:\Windows\system32\HologramCompositor.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000794112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000787456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000782968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000762368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprddm.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000762272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000742912 _____ (Microsoft Corporation) C:\Windows\system32\SpaceControl.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000684032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uReFS.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000662528 ____R (Microsoft Corporation) C:\Windows\system32\MixedRealityCapture.Pipeline.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000652320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000649272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000624640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000622592 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000615936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000570368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000522312 _____ (Microsoft Corporation) C:\Windows\system32\systemreset.exe
2019-02-22 17:15 - 2019-02-22 17:15 - 000492032 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TileDataRepository.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000429056 _____ (Microsoft Corporation) C:\Windows\system32\MixedReality.Broker.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000427520 _____ (Microsoft Corporation) C:\Windows\system32\MSFlacDecoder.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000424960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000421904 _____ (Microsoft Corporation) C:\Windows\system32\MSAudDecMFT.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000371712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSFlacDecoder.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000349184 _____ (Microsoft Corporation) C:\Windows\system32\AcGenral.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000340480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2019-02-22 17:15 - 2019-02-22 17:15 - 000314368 _____ (Microsoft Corporation) C:\Windows\system32\AcLayers.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000301096 _____ (Microsoft Corporation) C:\Windows\system32\wmpeffects.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000297984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.System.Diagnostics.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000289792 _____ (Microsoft Corporation) C:\Windows\system32\discan.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000284160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasppp.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000277536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000263360 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000241680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpeffects.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000241152 _____ (Microsoft Corporation) C:\Windows\system32\ResetEngOnline.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000218624 _____ (Microsoft Corporation) C:\Windows\system32\wmpdxm.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000201216 _____ (Microsoft Corporation) C:\Windows\system32\wincredui.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000176640 _____ (Microsoft Corporation) C:\Windows\system32\spacebridge.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpdxm.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryUpgrade.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000159744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredui.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasman.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\container.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000139776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintWorkflowService.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000137216 _____ (Microsoft Corporation) C:\Windows\system32\SpaceAgent.exe
2019-02-22 17:15 - 2019-02-22 17:15 - 000129024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spopk.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000125440 _____ (Microsoft Corporation) C:\Windows\system32\wmpshell.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000122368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DisplayManager.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000114344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rmclient.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000104960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000104960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000100352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys
2019-02-22 17:15 - 2019-02-22 17:15 - 000098816 ____R (Microsoft Corporation) C:\Windows\system32\MixedRealityCapture.Broker.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpshell.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000093696 _____ (Microsoft Corporation) C:\Windows\system32\nlahc.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\PktMon.exe
2019-02-22 17:15 - 2019-02-22 17:15 - 000091424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CompPkgSup.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\nslookup.exe
2019-02-22 17:15 - 2019-02-22 17:15 - 000077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nslookup.exe
2019-02-22 17:15 - 2019-02-22 17:15 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdBth.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 000044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 022111856 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 017520640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 009683984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-02-22 17:14 - 2019-02-22 17:14 - 007645600 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 005565952 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 005561856 _____ (Microsoft Corporation) C:\Windows\system32\StartTileData.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 005527552 _____ (Microsoft Corporation) C:\Windows\system32\InputService.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 004991096 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 004702704 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 004588544 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2019-02-22 17:14 - 2019-02-22 17:14 - 004298752 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 004019200 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 003982848 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 003662336 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 003556352 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 003386368 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 003379000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 003338328 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 003270144 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 002992640 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 002929152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 002927120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 002766136 _____ (Microsoft Corporation) C:\Windows\system32\UpdateAgent.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 002721280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 002702528 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 002626592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 002618880 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 002594872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 002488320 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 002466304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 002437552 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 002187264 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 002149368 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 002085376 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 002072728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 002021584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 001994768 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 001975296 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 001969680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 001884672 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 001715712 _____ (Microsoft Corporation) C:\Windows\system32\ISM.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 001700880 _____ (Microsoft Corporation) C:\Windows\system32\ContentDeliveryManager.Utilities.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 001696936 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-02-22 17:14 - 2019-02-22 17:14 - 001671680 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 001641400 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 001616384 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 001604096 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 001533440 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 001496064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 001467384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-02-22 17:14 - 2019-02-22 17:14 - 001462272 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 001446400 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 001415680 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 001341584 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-02-22 17:14 - 2019-02-22 17:14 - 001331744 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 001315840 _____ (Microsoft Corporation) C:\Windows\system32\wpx.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 001314304 _____ (Microsoft Corporation) C:\Windows\system32\NotificationController.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 001258512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 001255736 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2019-02-22 17:14 - 2019-02-22 17:14 - 001221120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 001212416 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 001209360 _____ (Microsoft Corporation) C:\Windows\system32\drvstore.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 001180760 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 001178344 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2019-02-22 17:14 - 2019-02-22 17:14 - 001056256 _____ (Microsoft Corporation) C:\Windows\system32\pidgenx.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 001054200 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2019-02-22 17:14 - 2019-02-22 17:14 - 001050936 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2019-02-22 17:14 - 2019-02-22 17:14 - 001050624 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 001032704 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 001010176 _____ (Microsoft Corporation) C:\Windows\system32\refsutil.exe
2019-02-22 17:14 - 2019-02-22 17:14 - 000998912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000982576 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000982032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refsv1.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000970256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000956416 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000954368 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000925184 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000918304 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000901632 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000897848 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000887808 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000865784 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000864056 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthService.exe
2019-02-22 17:14 - 2019-02-22 17:14 - 000850968 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000836096 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000822448 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000820736 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Core.TextInput.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000806560 _____ C:\Windows\SysWOW64\locale.nls
2019-02-22 17:14 - 2019-02-22 17:14 - 000806560 _____ C:\Windows\system32\locale.nls
2019-02-22 17:14 - 2019-02-22 17:14 - 000800256 _____ (Microsoft Corporation) C:\Windows\system32\uReFS.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000799568 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000773120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000769536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000765960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000756640 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2019-02-22 17:14 - 2019-02-22 17:14 - 000752136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000744960 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000741888 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000735232 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000726208 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000700416 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Language.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000684544 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000680184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000651792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000651304 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2019-02-22 17:14 - 2019-02-22 17:14 - 000648192 _____ (Microsoft Corporation) C:\Windows\system32\w32time.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000629576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000612368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000609792 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000604552 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-02-22 17:14 - 2019-02-22 17:14 - 000593920 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000588304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000582240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000580024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000578560 _____ (Microsoft Corporation) C:\Windows\system32\SppExtComObj.Exe
2019-02-22 17:14 - 2019-02-22 17:14 - 000577536 _____ (Microsoft Corporation) C:\Windows\system32\netprofmsvc.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000566584 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000556544 _____ (Microsoft Corporation) C:\Windows\system32\BTAGService.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000553984 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000547840 _____ (Microsoft Corporation) C:\Windows\system32\TileDataRepository.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000543744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000535048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000531976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000527872 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2019-02-22 17:14 - 2019-02-22 17:14 - 000519992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Vid.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000518656 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000516608 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000515584 _____ (Microsoft Corporation) C:\Windows\system32\sppcext.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000506408 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000496872 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2019-02-22 17:14 - 2019-02-22 17:14 - 000494080 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000494080 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Activities.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000475152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2019-02-22 17:14 - 2019-02-22 17:14 - 000473616 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2019-02-22 17:14 - 2019-02-22 17:14 - 000463672 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000461824 _____ (Microsoft Corporation) C:\Windows\system32\WpAXHolder.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000454160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000448000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.Printing.Workflow.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000433152 _____ (Microsoft Corporation) C:\Windows\system32\SensorService.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000430904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000420864 _____ (Microsoft Corporation) C:\Windows\system32\SettingsEnvironment.Desktop.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000419128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\eeprov.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000408800 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000407552 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000407040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000402944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000402576 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000398416 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave_secure.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000394752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcLayers.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000388096 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2019-02-22 17:14 - 2019-02-22 17:14 - 000387384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000383288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000375544 _____ (Microsoft Corporation) C:\Windows\system32\MusNotifyIcon.exe
2019-02-22 17:14 - 2019-02-22 17:14 - 000371200 _____ (Microsoft Corporation) C:\Windows\system32\Windows.System.Diagnostics.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000365056 _____ (Microsoft Corporation) C:\Windows\system32\NotificationControllerPS.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000353488 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000349184 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000346624 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000326144 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Cortana.OneCore.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000324408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000306704 _____ (Microsoft Corporation) C:\Windows\system32\computestorage.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000305664 _____ (Microsoft Corporation) C:\Windows\system32\rasppp.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000303616 _____ (Microsoft Corporation) C:\Windows\system32\wc_storage.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000298296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000276488 _____ (Microsoft Corporation) C:\Windows\system32\MTF.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000275768 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000262672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000251904 _____ (Microsoft Corporation) C:\Windows\system32\HttpsDataSource.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\container.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000203280 _____ (Microsoft Corporation) C:\Windows\system32\tcbloader.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000202552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MTF.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000198144 _____ (Microsoft Corporation) C:\Windows\system32\netiohlp.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\bthserv.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000195896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spacedump.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000195072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryUpgrade.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000193032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000184320 _____ (Microsoft Corporation) C:\Windows\system32\rasman.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000179712 _____ (Microsoft Corporation) C:\Windows\system32\wuuhosdeployment.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000178696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000178176 _____ (Microsoft Corporation) C:\Windows\system32\appsruprov.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000175104 _____ (Microsoft Corporation) C:\Windows\system32\energyprov.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000171520 _____ (Microsoft Corporation) C:\Windows\system32\DisplayManager.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000165376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spacebridge.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000165376 _____ (Microsoft Corporation) C:\Windows\system32\CompPkgSrv.exe
2019-02-22 17:14 - 2019-02-22 17:14 - 000164288 _____ (Microsoft Corporation) C:\Windows\system32\vertdll.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\spopk.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000157192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netiohlp.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000155648 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000151872 _____ (Microsoft Corporation) C:\Windows\system32\rmclient.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000148480 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2019-02-22 17:14 - 2019-02-22 17:14 - 000146888 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-02-22 17:14 - 2019-02-22 17:14 - 000143872 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000140808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000132104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000121872 _____ (Microsoft Corporation) C:\Windows\system32\kdnet.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000120320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000114856 _____ (Microsoft Corporation) C:\Windows\system32\CompPkgSup.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000111104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000102392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bindflt.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000097592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000095544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storqosflt.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000094224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000090424 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wcnfs.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000083472 _____ (Microsoft Corporation) C:\Windows\system32\vid.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000080400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpci.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000074424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WindowsTrustedRT.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000071168 _____ (Microsoft Corporation) C:\Windows\system32\fdBth.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\umpo-overrides.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000055608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\iorate.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000051712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mmcss.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000047136 _____ (Microsoft Corporation) C:\Windows\system32\browser_broker.exe
2019-02-22 17:14 - 2019-02-22 17:14 - 000046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2019-02-22 17:14 - 2019-02-22 17:14 - 000041984 _____ (Microsoft Corporation) C:\Windows\system32\lpkinstall.exe
2019-02-22 17:14 - 2019-02-22 17:14 - 000039936 _____ (Microsoft Corporation) C:\Windows\system32\npmproxy.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000039304 _____ (Microsoft Corporation) C:\Windows\system32\NtlmShared.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wpnsruprov.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000033056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NtlmShared.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\npmproxy.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2019-02-22 17:14 - 2019-02-22 17:14 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2019-02-22 17:14 - 2019-02-22 17:14 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2019-02-22 17:14 - 2019-02-22 17:14 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2019-02-22 17:14 - 2019-02-22 17:14 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2019-02-22 17:14 - 2019-02-22 17:14 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2019-02-22 17:14 - 2019-02-22 17:14 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2019-02-22 17:14 - 2019-02-22 17:14 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2019-02-22 17:14 - 2019-02-22 17:14 - 000000072 _____ C:\Windows\system32\edgehtmlpluginpolicy.bin
2019-02-22 16:07 - 2019-02-22 19:00 - 000017657 _____ C:\Users\ASUS\Desktop\FRST.txt
2019-02-22 16:07 - 2019-02-22 18:59 - 000000000 ____D C:\FRST
2019-02-22 16:06 - 2019-02-22 16:06 - 002435072 _____ (Farbar) C:\Users\ASUS\Desktop\FRST64.exe
2019-02-22 15:01 - 2019-02-22 15:01 - 000000000 ____D C:\Users\ASUS\AppData\Local\DBG
2019-02-22 14:59 - 2019-02-22 18:10 - 000000000 ____D C:\Windows\Minidump
2019-02-22 12:57 - 2019-02-22 12:57 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\CPY_SAVES
2019-02-22 12:50 - 2019-02-22 12:50 - 000000688 _____ C:\Users\Public\Desktop\Metro Exodus.lnk
2019-02-22 12:50 - 2019-02-22 12:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metro Exodus
2019-02-22 00:29 - 2014-02-13 23:59 - 000024064 _____ C:\Windows\zoek-delete.exe
2019-02-21 23:43 - 2019-02-22 15:01 - 000000000 ____D C:\Users\ASUS\AppData\Local\CrashDumps
2019-02-21 23:39 - 2019-02-22 00:17 - 000000000 ____D C:\zoek_backup
2019-02-21 23:39 - 2019-02-21 23:39 - 002038755 _____ C:\Users\ASUS\Downloads\zoek.exe
2019-02-21 21:52 - 2019-02-21 21:52 - 000000425 _____ C:\Users\ASUS\AppData\Local\UserProducts.xml
2019-02-21 21:51 - 2019-02-21 21:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2019-02-21 21:41 - 2019-02-21 21:41 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-02-21 21:41 - 2019-02-21 21:41 - 000000995 _____ C:\Users\Public\Desktop\Firefox.lnk
2019-02-21 21:41 - 2019-02-21 21:41 - 000000000 ____D C:\Users\ASUS\AppData\Local\Mozilla
2019-02-21 21:41 - 2019-02-21 21:41 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-02-21 21:41 - 2019-02-21 21:41 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-02-21 13:00 - 2019-02-21 13:00 - 000067557 _____ C:\Users\ASUS\Downloads\sg2242-MEEX-CO.rar
2019-02-21 12:57 - 2019-02-21 12:57 - 000023242 _____ C:\Users\ASUS\Downloads\Crack.rar
2019-02-20 16:56 - 2019-02-20 16:56 - 000198512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-02-19 23:28 - 2019-02-19 23:28 - 000000000 ____D C:\Users\ASUS\Desktop\Škola
2019-02-19 23:27 - 2019-02-06 20:26 - 000133328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2019-02-19 23:26 - 2019-02-19 23:26 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2019-02-19 23:23 - 2019-02-08 15:41 - 001005776 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2019-02-19 23:23 - 2019-02-08 15:41 - 001005776 _____ C:\Windows\system32\vulkan-1.dll
2019-02-19 23:23 - 2019-02-08 15:41 - 000869584 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2019-02-19 23:23 - 2019-02-08 15:41 - 000869584 _____ C:\Windows\SysWOW64\vulkan-1.dll
2019-02-19 23:23 - 2019-02-08 15:41 - 000551680 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2019-02-19 23:23 - 2019-02-08 15:41 - 000456992 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2019-02-19 23:23 - 2019-02-08 15:41 - 000269520 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2019-02-19 23:23 - 2019-02-08 15:41 - 000269520 _____ C:\Windows\system32\vulkaninfo.exe
2019-02-19 23:23 - 2019-02-08 15:41 - 000243920 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-02-19 23:23 - 2019-02-08 15:41 - 000243920 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2019-02-19 23:23 - 2019-02-08 15:39 - 001464224 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2019-02-19 23:23 - 2019-02-08 15:39 - 001129104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2019-02-19 23:23 - 2019-02-08 15:39 - 000668848 _____ C:\Windows\system32\nvofapi64.dll
2019-02-19 23:23 - 2019-02-08 15:39 - 000631896 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2019-02-19 23:23 - 2019-02-08 15:39 - 000534752 _____ C:\Windows\SysWOW64\nvofapi.dll
2019-02-19 23:23 - 2019-02-08 15:39 - 000521872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2019-02-19 23:23 - 2019-02-08 15:38 - 040234432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2019-02-19 23:23 - 2019-02-08 15:38 - 035139840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2019-02-19 23:23 - 2019-02-08 15:38 - 005272832 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2019-02-19 23:23 - 2019-02-08 15:38 - 004623968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2019-02-19 23:23 - 2019-02-08 15:38 - 002032104 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2019-02-19 23:23 - 2019-02-08 15:38 - 001734104 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6441891.dll
2019-02-19 23:23 - 2019-02-08 15:38 - 001535120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2019-02-19 23:23 - 2019-02-08 15:38 - 001468048 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6441891.dll
2019-02-19 23:23 - 2019-02-08 15:37 - 020102000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2019-02-19 23:23 - 2019-02-08 15:37 - 010894304 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2019-02-19 23:23 - 2019-02-08 15:37 - 009254488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2019-02-19 23:23 - 2019-02-08 15:37 - 001471624 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2019-02-19 23:23 - 2019-02-08 15:37 - 001462424 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2019-02-19 23:23 - 2019-02-08 15:37 - 001169152 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2019-02-19 23:23 - 2019-02-08 15:37 - 001152016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2019-02-19 23:23 - 2019-02-08 15:37 - 001145928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2019-02-19 23:23 - 2019-02-08 15:37 - 000915144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2019-02-19 23:23 - 2019-02-08 15:37 - 000794656 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2019-02-19 23:23 - 2019-02-08 15:37 - 000638392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2019-02-19 23:23 - 2019-02-08 15:36 - 017428536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2019-02-19 23:23 - 2019-02-08 15:36 - 004297208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2019-02-19 22:30 - 2019-02-19 22:31 - 000000407 _____ C:\Users\ASUS\Desktop\File Explorer.lnk
2019-02-19 22:28 - 2019-02-22 18:59 - 000000000 ____D C:\Users\ASUS\AppData\LocalLow\Mozilla
2019-02-19 22:28 - 2019-02-21 21:41 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\Mozilla
2019-02-19 22:28 - 2019-02-19 22:28 - 000000000 ____D C:\ProgramData\Mozilla
2019-02-19 22:26 - 2019-02-19 22:26 - 000000000 ____D C:\Users\ASUS\AppData\Local\OneDrive
2019-02-19 22:26 - 2019-02-19 22:26 - 000000000 ____D C:\Users\ASUS\AppData\Local\ASUS
2019-02-19 22:24 - 2019-02-22 12:51 - 000000000 ____D C:\Program Files (x86)\Steam
2019-02-19 22:24 - 2019-02-19 22:24 - 000001038 _____ C:\Users\Public\Desktop\Steam.lnk
2019-02-19 22:24 - 2019-02-19 22:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2019-02-19 22:23 - 2019-02-19 23:43 - 000000000 ____D C:\Users\ASUS\AppData\Local\PlaceholderTileLogoFolder
2019-02-19 22:12 - 2019-02-19 22:12 - 000000000 ___HD C:\Users\ASUS\MicrosoftEdgeBackups
2019-02-19 21:10 - 2019-02-22 12:58 - 000000000 ____D C:\Users\ASUS\ansel
2019-02-19 21:10 - 2019-02-19 21:10 - 000000000 ____D C:\Users\ASUS\AppData\Local\NVIDIA
2019-02-19 21:09 - 2019-02-19 21:09 - 000002143 _____ C:\Users\Public\Desktop\Frozen Throne.lnk
2019-02-19 21:09 - 2019-02-19 21:09 - 000000000 ____D C:\ProgramData\Caphyon
2019-02-19 21:08 - 2019-02-22 17:42 - 000000000 ____D C:\Program Files (x86)\Warcraft III - The Frozen Throne
2019-02-19 21:06 - 2019-02-19 21:06 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\Blizzard
2019-02-19 18:43 - 2019-02-19 18:43 - 000000000 ____D C:\Users\ASUS\AppData\Local\mbam
2019-02-19 18:42 - 2019-02-19 18:42 - 000000000 ____D C:\Users\ASUS\AppData\Local\mbamtray
2019-02-19 18:41 - 2019-02-19 18:41 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-02-19 18:41 - 2019-02-19 18:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-02-19 18:41 - 2019-02-19 18:41 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-02-19 18:41 - 2019-02-19 18:41 - 000000000 ____D C:\Program Files\Malwarebytes
2019-02-19 18:41 - 2019-02-01 11:20 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2019-02-19 18:41 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-02-19 18:35 - 2019-02-19 18:35 - 000002234 _____ C:\Users\ASUS\Desktop\Discord.lnk
2019-02-19 18:35 - 2019-02-19 18:35 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2019-02-19 18:35 - 2019-02-19 18:35 - 000000000 ____D C:\Users\ASUS\AppData\Local\SquirrelTemp
2019-02-19 18:35 - 2019-02-19 18:35 - 000000000 ____D C:\Users\ASUS\AppData\Local\Discord
2019-02-19 18:25 - 2019-02-19 18:25 - 000000000 ____D C:\Users\ASUS\AppData\LocalLow\uTorrent
2019-02-19 18:05 - 2019-02-19 18:05 - 000592616 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2019-02-19 17:15 - 2019-02-19 17:15 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\WinRAR
2019-02-19 17:14 - 2019-02-19 17:14 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2019-02-19 17:13 - 2019-02-19 17:13 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2019-02-19 17:12 - 2019-02-19 17:16 - 000000000 ____D C:\Program Files\WinRAR
2019-02-19 17:12 - 2019-02-19 17:12 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-02-19 17:12 - 2019-02-19 17:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-02-19 17:11 - 2019-02-19 18:07 - 000000000 ____D C:\ProgramData\AVAST Software
2019-02-19 17:10 - 2019-02-19 18:25 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\uTorrent
2019-02-19 17:10 - 2019-02-19 17:10 - 000000897 _____ C:\Users\ASUS\Desktop\µTorrent.lnk
2019-02-19 17:04 - 2019-02-19 17:04 - 000000307 _____ C:\Users\ASUS\Downloads\Metro Exodus CPY SKIDROW RELOADED.zip
2019-02-19 14:43 - 2019-02-19 14:43 - 000000219 _____ C:\Users\ASUS\Desktop\Dota 2.url
2019-02-19 14:28 - 2019-02-19 14:28 - 000000000 ____D C:\Users\ASUS\AppData\Local\Disc_Soft_Ltd
2019-02-19 14:24 - 2019-02-21 17:31 - 000000000 ____D C:\Windows\OCR
2019-02-19 14:24 - 2019-02-19 14:24 - 000001449 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2019-02-19 14:15 - 2019-02-19 14:15 - 000003976 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-02-19 14:15 - 2019-02-19 14:15 - 000003940 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-02-19 14:15 - 2019-02-19 14:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2019-02-19 14:15 - 2019-01-30 21:13 - 002741640 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2019-02-19 14:15 - 2019-01-30 21:13 - 002124680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2019-02-19 14:15 - 2019-01-30 21:13 - 001323400 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2019-02-19 14:14 - 2019-02-19 14:15 - 000004106 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-02-19 14:14 - 2019-02-19 14:14 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-02-19 14:14 - 2019-02-19 14:14 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-02-19 14:14 - 2019-02-19 14:14 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-02-19 14:14 - 2019-02-19 14:14 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-02-19 14:14 - 2019-02-19 14:14 - 000003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-02-19 14:14 - 2019-02-19 14:14 - 000003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-02-19 14:14 - 2019-02-19 14:14 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-02-19 14:14 - 2019-02-03 11:49 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2019-02-19 14:14 - 2018-12-19 11:03 - 000203576 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2019-02-19 14:14 - 2018-12-19 11:03 - 000179512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2019-02-19 14:13 - 2018-10-03 20:28 - 000066792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2019-02-19 14:13 - 2018-10-01 19:47 - 000070024 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2019-02-19 14:12 - 2019-02-19 14:12 - 000000000 ____D C:\Users\ASUS\AppData\Local\Windscribe
2019-02-19 14:11 - 2019-02-19 14:25 - 000000000 ____D C:\Program Files (x86)\Windscribe
2019-02-19 14:11 - 2019-02-19 14:11 - 000001146 _____ C:\Users\Public\Desktop\Windscribe.lnk
2019-02-19 14:11 - 2019-02-19 14:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windscribe
2019-02-19 14:11 - 2018-07-13 17:12 - 000054896 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tapwindscribe0901.sys
2019-02-19 14:09 - 2019-02-19 14:09 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\Macromedia
2019-02-19 14:06 - 2019-02-19 14:08 - 000000000 ____D C:\Windows\system32\MRT
2019-02-19 14:06 - 2019-02-19 14:06 - 129330784 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-02-19 13:57 - 2019-02-19 13:57 - 000001081 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2019-02-19 13:57 - 2019-02-19 13:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2019-02-19 13:57 - 2019-02-19 13:57 - 000000000 ____D C:\Program Files\VS Revo Group
2019-02-19 13:53 - 2019-02-22 07:38 - 000004210 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-02-19 13:53 - 2019-02-19 14:25 - 000000000 ____D C:\Program Files\CCleaner
2019-02-19 13:53 - 2019-02-19 13:53 - 000002886 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-02-19 13:53 - 2019-02-19 13:53 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-02-19 13:53 - 2019-02-19 13:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-02-19 13:52 - 2019-02-19 14:28 - 000001862 _____ C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Web.lnk
2019-02-19 13:51 - 2019-02-19 13:56 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\DAEMON Tools Lite
2019-02-19 13:51 - 2019-02-19 13:51 - 000059360 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2019-02-19 13:51 - 2019-02-19 13:51 - 000042256 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2019-02-19 13:51 - 2019-02-19 13:51 - 000000858 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2019-02-19 13:51 - 2019-02-19 13:51 - 000000000 ____D C:\Users\Public\Documents\Catch!
2019-02-19 13:51 - 2019-02-19 13:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\DAEMON Tools Lite
2019-02-19 13:51 - 2019-02-19 13:51 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
2019-02-19 13:51 - 2019-02-19 13:51 - 000000000 ____D C:\Program Files\DAEMON Tools Lite
2019-02-19 13:49 - 2019-02-19 13:49 - 000000000 ____D C:\Users\ASUS\AppData\Local\CEF
2019-02-19 13:48 - 2019-02-22 07:44 - 000002315 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-19 13:48 - 2019-02-22 07:44 - 000002274 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-02-19 13:48 - 2019-02-19 13:49 - 000000000 ____D C:\Users\ASUS\AppData\Local\Steam
2019-02-19 13:39 - 2019-02-19 13:57 - 000000335 _____ C:\Users\ASUS\Desktop\computer.lnk
2019-02-19 13:38 - 2019-02-19 13:48 - 000000000 ____D C:\Users\ASUS\AppData\Local\Google
2019-02-19 13:38 - 2019-02-19 13:47 - 000000000 ____D C:\Program Files (x86)\Google
2019-02-19 13:38 - 2019-02-19 13:38 - 000003456 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-02-19 13:38 - 2019-02-19 13:38 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-02-13 00:25 - 2019-02-22 12:58 - 000000000 ____D C:\Users\ASUS\AppData\Local\D3DSCache
2019-02-13 00:17 - 2019-02-13 00:17 - 000037208 _____ (ASUSTek Computer Inc.) C:\Windows\system32\Drivers\bsitf.sys
2019-02-13 00:17 - 2019-02-13 00:17 - 000000000 ____D C:\ProgramData\APRP
2019-02-13 00:16 - 2019-02-13 00:16 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2019-02-13 00:16 - 2019-02-13 00:16 - 000000000 ____D C:\Users\ASUS\AppData\Local\Comms
2019-02-13 00:14 - 2019-02-19 22:50 - 000000000 ____D C:\Users\ASUS\AppData\Local\Publishers
2019-02-13 00:02 - 2019-02-19 14:59 - 000000000 ____D C:\ProgramData\Packages
2019-02-13 00:01 - 2019-02-22 18:34 - 000000200 _____ C:\Users\ASUS\AppData\Roaming\sp_data.sys
2019-02-13 00:01 - 2019-02-19 22:24 - 000003376 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2630770035-1559974836-2095674083-1001
2019-02-13 00:01 - 2019-02-19 14:28 - 000000000 ___RD C:\Users\ASUS\OneDrive
2019-02-12 23:59 - 2019-02-22 12:58 - 000000000 ____D C:\Users\ASUS\AppData\Local\NVIDIA Corporation
2019-02-12 23:59 - 2019-02-19 22:19 - 000000000 ____D C:\Users\ASUS\AppData\Local\MicrosoftEdge
2019-02-12 23:57 - 2019-02-22 18:31 - 000000000 __SHD C:\Users\ASUS\IntelGraphicsProfiles
2019-02-12 23:57 - 2019-02-22 17:54 - 000000000 ___RD C:\Users\ASUS\3D Objects
2019-02-12 23:57 - 2019-02-19 22:52 - 000000000 ____D C:\Users\ASUS\AppData\Local\Packages
2019-02-12 23:57 - 2019-02-19 14:26 - 000000000 ____D C:\Users\ASUS\AppData\Local\ConnectedDevicesPlatform
2019-02-12 23:57 - 2019-02-12 23:59 - 000000000 ____D C:\Users\ASUS\AppData\Local\VirtualStore
2019-02-12 23:57 - 2019-02-12 23:57 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\Intel
2019-02-12 23:57 - 2019-02-12 23:57 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\Adobe
2019-02-12 23:56 - 2019-02-22 18:31 - 000000000 ____D C:\Users\ASUS
2019-02-12 23:56 - 2019-02-19 22:24 - 000002370 _____ C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-12 23:56 - 2019-02-12 23:56 - 000000020 ___SH C:\Users\ASUS\ntuser.ini
2019-02-12 23:46 - 2019-02-12 23:46 - 000000000 _SHDL C:\Documents and Settings
2019-02-12 23:42 - 2019-02-12 23:29 - 000012735 ____H C:\devlist.txt
2019-02-12 23:31 - 2019-02-12 23:41 - 000022863 _____ C:\Windows\diagwrn.xml
2019-02-12 23:31 - 2019-02-12 23:41 - 000022863 _____ C:\Windows\diagerr.xml
2019-02-12 23:23 - 2019-02-12 23:46 - 000002338 _____ C:\Windows\System32\Tasks\ASUS Hello
2019-02-12 23:16 - 2019-02-19 17:27 - 000000000 ____D C:\ProgramData\ASUS
2019-02-12 23:16 - 2019-02-12 23:46 - 000002552 _____ C:\Windows\System32\Tasks\ROG Gaming Center
2019-02-12 23:16 - 2019-02-12 23:16 - 000000000 ____D C:\Program Files\ASUS
2019-02-12 23:15 - 2019-02-12 23:15 - 000000000 ____D C:\Program Files\Microsoft Synchronization Services
2019-02-12 23:15 - 2019-02-12 23:15 - 000000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2019-02-12 23:15 - 2019-02-12 23:15 - 000000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2019-02-12 23:15 - 2019-02-12 23:15 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2019-02-12 23:13 - 2019-02-22 18:06 - 000795988 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-12 23:09 - 2019-02-19 14:42 - 000000000 ____D C:\Windows\System32\Tasks\McAfee
2019-02-12 23:06 - 2019-02-12 23:06 - 000000000 ____D C:\ProgramData\SplitMediaLabs
2019-02-12 23:06 - 2019-02-12 23:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
2019-02-12 23:06 - 2019-02-12 23:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICEpower
2019-02-12 23:06 - 2019-02-12 23:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameFirst IV
2019-02-12 23:06 - 2019-02-12 23:06 - 000000000 ____D C:\Program Files (x86)\SplitmediaLabs
2019-02-12 23:06 - 2019-02-12 23:06 - 000000000 ____D C:\Program Files (x86)\ICEpower
2019-02-12 23:06 - 2016-09-18 18:10 - 000079504 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\netfilter2.sys
2019-02-12 23:04 - 2019-02-19 16:51 - 000003980 _____ C:\Windows\System32\Tasks\Update Checker
2019-02-12 23:04 - 2019-02-19 16:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2019-02-12 23:04 - 2019-02-12 23:46 - 000001984 _____ C:\Windows\System32\Tasks\ASUS Splendid ACMON
2019-02-12 23:03 - 2019-02-19 16:51 - 000000000 ____D C:\Program Files (x86)\ASUS
2019-02-12 23:03 - 2019-02-12 23:47 - 000002924 _____ C:\Windows\System32\Tasks\ATK Package 36D18D69AFC3
2019-02-12 23:03 - 2019-02-12 23:47 - 000002214 _____ C:\Windows\System32\Tasks\ATK Package A22126881260
2019-02-12 23:02 - 2019-02-12 23:16 - 000000000 ____D C:\Program Files (x86)\ASUSTek COMPUTER INC
2019-02-12 23:02 - 2019-02-12 23:02 - 000000000 ____D C:\Program Files\DIFX
2019-02-12 23:02 - 2017-10-26 10:54 - 000329664 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsP2Stor.sys
2019-02-12 23:02 - 2016-07-14 02:40 - 009891328 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll
2019-02-12 23:01 - 2019-02-12 23:46 - 000002346 _____ C:\Windows\System32\Tasks\RtHDVBg_ListenToDevice
2019-02-12 23:01 - 2019-02-12 23:46 - 000002282 _____ C:\Windows\System32\Tasks\RTKCPL
2019-02-12 23:01 - 2019-02-12 23:01 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2019-02-12 23:01 - 2019-02-12 23:01 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2019-02-12 23:01 - 2019-02-12 23:01 - 000000000 ____D C:\Windows\system32\DAX3
2019-02-12 23:01 - 2019-02-12 23:01 - 000000000 ____D C:\Windows\system32\DAX2
2019-02-12 23:01 - 2019-02-12 23:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2019-02-12 23:01 - 2019-02-12 23:01 - 000000000 ____D C:\Program Files\Realtek
2019-02-12 23:01 - 2017-11-15 18:45 - 000258856 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2019-02-12 23:01 - 2017-11-15 18:44 - 003299816 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
2019-02-12 23:01 - 2017-11-15 18:44 - 002190976 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2019-02-12 23:01 - 2017-11-15 18:44 - 001382232 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2019-02-12 23:01 - 2017-11-15 18:44 - 001337632 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaeapo64.dll
2019-02-12 23:01 - 2017-11-15 18:44 - 000852128 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tosasfapo64.dll
2019-02-12 23:01 - 2017-11-15 18:44 - 000604792 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaemaxapo64.dll
2019-02-12 23:01 - 2017-11-15 18:44 - 000447176 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\toseaeapo64.dll
2019-02-12 23:01 - 2017-11-15 18:43 - 003121112 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2019-02-12 23:01 - 2017-11-15 18:43 - 001435136 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2019-02-12 23:01 - 2017-11-15 18:43 - 000873456 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2019-02-12 23:01 - 2017-11-15 18:43 - 000532376 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2019-02-12 23:01 - 2017-11-15 18:43 - 000467152 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2019-02-12 23:01 - 2017-11-15 18:43 - 000381400 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2019-02-12 23:01 - 2017-11-15 18:43 - 000341144 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2019-02-12 23:01 - 2017-11-15 18:43 - 000341144 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2019-02-12 23:01 - 2017-11-15 18:43 - 000221960 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2019-02-12 23:01 - 2017-11-15 18:43 - 000209528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2019-02-12 23:01 - 2017-11-15 18:43 - 000166200 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2019-02-12 23:01 - 2017-11-15 18:43 - 000158688 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2019-02-12 23:01 - 2017-11-15 18:43 - 000075536 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2019-02-12 23:01 - 2017-11-15 18:42 - 003410320 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll
2019-02-12 23:01 - 2017-11-15 18:42 - 000986992 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2019-02-12 23:01 - 2017-11-15 18:42 - 000965016 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2019-02-12 23:01 - 2017-11-15 18:42 - 000231912 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2019-02-12 23:01 - 2017-11-15 18:41 - 001016928 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDHF64.dll
2019-02-12 23:01 - 2017-11-15 18:41 - 000877424 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDHF32.dll
2019-02-12 23:01 - 2017-11-15 18:41 - 000868176 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2019-02-12 23:01 - 2017-11-15 18:41 - 000866632 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2019-02-12 23:01 - 2017-11-15 18:41 - 000737960 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.dll
2019-02-12 23:01 - 2017-11-15 18:41 - 000526280 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2019-02-12 23:01 - 2017-11-15 18:41 - 000090912 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2019-02-12 23:01 - 2017-11-15 18:41 - 000088312 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2019-02-12 23:01 - 2017-11-15 18:41 - 000083616 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2019-02-12 23:01 - 2017-10-20 04:32 - 001010648 _____ (Realtek ) C:\Windows\system32\Drivers\rt640x64.sys
2019-02-12 23:00 - 2019-02-12 23:02 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-02-12 23:00 - 2019-02-12 23:02 - 000000000 ____D C:\Program Files (x86)\Realtek
2019-02-12 23:00 - 2019-02-12 23:01 - 000000000 ___HD C:\Program Files (x86)\Temp
2019-02-12 23:00 - 2017-11-15 18:45 - 072520704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2019-02-12 23:00 - 2017-11-15 18:45 - 006038440 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2019-02-12 23:00 - 2017-11-15 18:45 - 003677152 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2019-02-12 23:00 - 2017-11-15 18:45 - 003205600 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2019-02-12 23:00 - 2017-11-15 18:45 - 002922976 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2019-02-12 23:00 - 2017-11-15 18:45 - 000023688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2019-02-12 23:00 - 2017-11-15 18:44 - 007172904 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2019-02-12 23:00 - 2017-11-15 18:44 - 007096184 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2019-02-12 23:00 - 2017-11-15 18:44 - 006264632 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2019-02-12 23:00 - 2017-11-15 18:44 - 001159176 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2019-02-12 23:00 - 2017-11-15 18:44 - 000416504 _____ (Harman) C:\Windows\system32\HMUI.dll
2019-02-12 23:00 - 2017-11-15 18:44 - 000378376 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2019-02-12 23:00 - 2017-11-15 18:44 - 000154360 _____ (Harman) C:\Windows\system32\HarmanAudioInterface.dll
2019-02-12 23:00 - 2017-11-15 18:43 - 000122312 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2019-02-12 23:00 - 2017-11-15 18:43 - 000118584 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2019-02-12 23:00 - 2017-11-15 18:43 - 000105304 _____ C:\Windows\system32\audioLibVc.dll
2019-02-12 23:00 - 2017-11-15 18:41 - 003509192 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2019-02-12 23:00 - 2017-11-15 18:41 - 000343704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2019-02-12 23:00 - 2017-11-15 18:41 - 000192976 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2019-02-12 23:00 - 2017-11-15 18:40 - 003562432 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2019-02-12 23:00 - 2017-11-15 18:40 - 003135776 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2019-02-12 23:00 - 2017-11-15 18:40 - 001351232 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2019-02-12 23:00 - 2017-11-15 18:40 - 000691672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2019-02-12 23:00 - 2017-11-15 18:40 - 000387304 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2019-02-12 23:00 - 2017-11-15 18:40 - 000321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2019-02-12 23:00 - 2017-11-15 18:40 - 000321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2019-02-12 23:00 - 2017-11-15 18:40 - 000214824 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2019-02-12 23:00 - 2017-11-15 18:40 - 000151784 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2019-02-12 23:00 - 2017-11-15 18:40 - 000110976 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2019-02-12 23:00 - 2017-11-15 18:40 - 000088344 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2019-02-12 23:00 - 2017-11-15 18:40 - 000084608 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2019-02-12 23:00 - 2017-11-15 18:39 - 001780608 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2019-02-12 23:00 - 2017-11-15 18:39 - 001591056 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2019-02-12 23:00 - 2017-11-15 18:39 - 000727432 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2019-02-12 23:00 - 2017-11-15 18:39 - 000708304 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2019-02-12 23:00 - 2017-11-15 18:39 - 000680544 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2019-02-12 23:00 - 2017-11-15 18:39 - 000447712 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2019-02-12 23:00 - 2017-11-15 18:39 - 000406448 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2APIPCLL.dll
2019-02-12 23:00 - 2017-11-15 18:39 - 000366112 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\HMAPO.dll
2019-02-12 23:00 - 2017-11-15 18:39 - 000360336 _____ (Harman) C:\Windows\system32\HMClariFi.dll
2019-02-12 23:00 - 2017-11-15 18:39 - 000203832 _____ (Harman) C:\Windows\system32\HMHVS.dll
2019-02-12 23:00 - 2017-11-15 18:39 - 000190928 _____ (Harman) C:\Windows\system32\HMEQ_Voice.dll
2019-02-12 23:00 - 2017-11-15 18:39 - 000190928 _____ (Harman) C:\Windows\system32\HMEQ.dll
2019-02-12 23:00 - 2017-11-15 18:39 - 000179592 _____ (Harman) C:\Windows\system32\HMLimiter.dll
2019-02-12 23:00 - 2017-11-15 18:39 - 000134192 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 005346984 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 002444680 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 001965808 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 001959592 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 001508928 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 001372384 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOv251.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 001259720 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOvlldp.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 000743960 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 000504296 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 000445392 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 000441264 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 000362048 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 000327448 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 000310416 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 000272712 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 000253896 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 000253856 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2019-02-12 23:00 - 2017-11-15 18:38 - 000252872 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2019-02-12 23:00 - 2017-11-15 18:37 - 001544248 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOProp.dll
2019-02-12 23:00 - 2017-11-15 18:09 - 014964257 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2019-02-12 23:00 - 2017-11-15 18:09 - 005804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2019-02-12 23:00 - 2017-07-21 10:17 - 002839488 ____N (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2019-02-12 22:59 - 2019-02-12 23:47 - 000003118 _____ C:\Windows\System32\Tasks\Intel PTT EK Recertification
2019-02-12 22:54 - 2019-02-07 00:37 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2019-02-12 22:54 - 2010-05-26 20:41 - 002401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2019-02-12 22:54 - 2010-05-26 20:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2019-02-12 22:54 - 2010-05-26 20:41 - 000511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2019-02-12 22:54 - 2010-05-26 20:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2019-02-12 22:54 - 2010-05-26 20:41 - 000276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2019-02-12 22:54 - 2010-05-26 20:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2019-02-12 22:53 - 2019-02-22 18:33 - 000000000 ____D C:\ProgramData\NVIDIA
2019-02-12 22:53 - 2019-02-19 23:27 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-02-12 22:53 - 2019-02-06 20:22 - 005364776 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2019-02-12 22:53 - 2019-02-06 20:22 - 002624824 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2019-02-12 22:53 - 2019-02-06 20:22 - 001767280 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2019-02-12 22:53 - 2019-02-06 20:22 - 000651248 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2019-02-12 22:53 - 2019-02-06 20:22 - 000450768 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2019-02-12 22:53 - 2019-02-06 20:22 - 000125136 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2019-02-12 22:53 - 2019-02-06 20:22 - 000082800 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2019-02-12 22:53 - 2019-02-06 13:37 - 008491402 _____ C:\Windows\system32\nvcoproc.bin
2019-02-12 22:52 - 2019-02-19 23:28 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-02-12 22:52 - 2019-02-19 23:27 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-02-12 22:52 - 2019-02-12 22:52 - 000019428 _____ C:\Windows\system32\results.xml
2019-02-12 22:52 - 2019-02-08 15:36 - 005037936 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2019-02-12 22:52 - 2019-02-07 00:37 - 000049634 _____ C:\Windows\system32\nvinfo.pb
2019-02-12 22:52 - 2017-09-25 15:16 - 001988032 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438573.dll
2019-02-12 22:52 - 2017-09-25 15:16 - 001673664 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438573.dll
2019-02-12 22:50 - 2019-02-19 23:26 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2019-02-12 22:50 - 2019-02-12 22:50 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
2019-02-12 22:49 - 2019-02-12 22:50 - 000000000 ___HD C:\Intel
2019-02-12 22:45 - 2019-02-12 22:45 - 000000000 ___HD C:\Windows\system32\WLANProfiles
2019-02-12 22:44 - 2019-02-12 23:16 - 000000000 ____D C:\ProgramData\Intel
2019-02-12 22:44 - 2019-02-12 23:16 - 000000000 ____D C:\Program Files (x86)\Intel
2019-02-12 22:44 - 2019-02-12 22:59 - 000000000 ____D C:\Program Files\Intel
2019-02-12 22:44 - 2019-02-12 22:44 - 000000000 ____D C:\Program Files\Common Files\Intel
2019-02-12 22:42 - 2019-02-12 23:47 - 000002856 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2630770035-1559974836-2095674083-500
2019-02-12 22:38 - 2019-02-12 22:38 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2019-02-12 22:36 - 2019-02-22 17:54 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-02-12 22:24 - 2019-02-12 22:02 - 000000097 _____ C:\Windows\AsPEToolVer.txt
2019-02-12 22:24 - 2018-05-16 04:54 - 000000055 _____ C:\Windows\AsToolCDVer.txt
2019-02-12 22:23 - 2018-06-06 02:35 - 000000057 _____ C:\Windows\AsKitVer.txt
2019-02-12 22:23 - 2018-05-16 04:51 - 000000063 _____ C:\Windows\AsProcKitVer.txt

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-22 18:55 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-22 18:31 - 2018-12-22 06:02 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-22 18:31 - 2018-12-22 06:02 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-02-22 18:27 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-22 18:27 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\AppReadiness
2019-02-22 18:25 - 2018-09-15 07:09 - 000524288 _____ C:\Windows\system32\config\BBI
2019-02-22 18:06 - 2018-09-15 08:31 - 000000000 ____D C:\Windows\INF
2019-02-22 17:51 - 2018-12-22 06:02 - 000266376 _____ C:\Windows\system32\FNTCACHE.DAT
2019-02-22 17:48 - 2018-09-15 10:11 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2019-02-22 17:48 - 2018-09-15 10:11 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2019-02-22 17:48 - 2018-09-15 08:33 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2019-02-22 17:48 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\TextInput
2019-02-22 17:48 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\SysWOW64\oobe
2019-02-22 17:48 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\SysWOW64\Dism
2019-02-22 17:48 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\oobe
2019-02-22 17:48 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\migwiz
2019-02-22 17:48 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\appraiser
2019-02-22 17:48 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\ShellExperiences
2019-02-22 17:48 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\ShellComponents
2019-02-22 17:48 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\bcastdvr
2019-02-22 17:48 - 2018-09-15 07:09 - 000000000 ____D C:\Windows\system32\Dism
2019-02-22 17:17 - 2018-09-15 08:23 - 000000000 ____D C:\Windows\CbsTemp
2019-02-22 17:17 - 2018-09-15 07:09 - 000000000 ____D C:\Windows\servicing
2019-02-22 14:58 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\LiveKernelReports
2019-02-20 09:22 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\appcompat
2019-02-19 22:17 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2019-02-19 18:41 - 2018-09-15 08:33 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-02-19 18:22 - 2018-12-22 06:02 - 000000000 ____D C:\Windows\system32\Drivers\wd
2019-02-19 18:10 - 2018-09-15 08:33 - 000000000 ___RD C:\Program Files\Windows Defender
2019-02-19 17:52 - 2018-09-15 10:08 - 000000000 ____D C:\Windows\SysWOW64\winrm
2019-02-19 17:52 - 2018-09-15 10:08 - 000000000 ____D C:\Windows\SysWOW64\WCN
2019-02-19 17:52 - 2018-09-15 10:08 - 000000000 ____D C:\Windows\SysWOW64\slmgr
2019-02-19 17:52 - 2018-09-15 10:08 - 000000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2019-02-19 17:52 - 2018-09-15 10:08 - 000000000 ____D C:\Windows\system32\winrm
2019-02-19 17:52 - 2018-09-15 10:08 - 000000000 ____D C:\Windows\system32\WCN
2019-02-19 17:52 - 2018-09-15 10:08 - 000000000 ____D C:\Windows\system32\slmgr
2019-02-19 17:52 - 2018-09-15 10:08 - 000000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2019-02-19 17:52 - 2018-09-15 08:33 - 000000000 ___SD C:\Windows\SysWOW64\F12
2019-02-19 17:52 - 2018-09-15 08:33 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2019-02-19 17:52 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\SysWOW64\com
2019-02-19 17:52 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2019-02-19 17:52 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2019-02-19 17:52 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2019-02-19 17:52 - 2018-09-15 07:09 - 000000000 ____D C:\Windows\system32\Sysprep
2019-02-19 17:51 - 2018-09-15 08:33 - 000000000 ___SD C:\Windows\system32\F12
2019-02-19 17:51 - 2018-09-15 08:33 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2019-02-19 17:51 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\com
2019-02-19 17:51 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\PolicyDefinitions
2019-02-19 17:51 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\IME
2019-02-19 17:51 - 2018-09-15 08:33 - 000000000 ____D C:\Program Files\Common Files\system
2019-02-19 17:51 - 2018-09-15 08:33 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2019-02-13 00:16 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\ServiceState
2019-02-12 23:57 - 2018-12-22 05:27 - 000000000 ____D C:\Windows\Log
2019-02-12 23:44 - 2018-12-22 05:27 - 000000000 ____D C:\eSupport
2019-02-12 23:43 - 2018-12-22 05:27 - 000000000 ____D C:\Windows\Panther
2019-02-12 23:41 - 2018-09-15 07:09 - 000032768 _____ C:\Windows\system32\config\ELAM
2019-02-12 23:29 - 2018-12-22 05:27 - 000000000 ____D C:\Windows\ASUS
2019-02-12 22:53 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\Help
2019-02-12 22:19 - 2018-09-15 08:31 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2019-02-01 23:31 - 2018-09-15 08:36 - 000835480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-02-01 23:31 - 2018-09-15 08:36 - 000179600 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2019-02-13 00:01 - 2019-02-22 18:34 - 000000200 _____ () C:\Users\ASUS\AppData\Roaming\sp_data.sys
2019-02-21 21:52 - 2019-02-21 21:52 - 000000425 _____ () C:\Users\ASUS\AppData\Local\UserProducts.xml

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Boris
Návštěvník
Návštěvník
Příspěvky: 94
Registrován: 18 úno 2015 17:26

Re: Malware

#13 Příspěvek od Boris »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.02.2019 02
Ran by ASUS (22-02-2019 19:00:43)
Running from C:\Users\ASUS\Desktop
Windows 10 Home Version 1809 17763.316 (X64) (2019-02-12 22:48:40)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2630770035-1559974836-2095674083-500 - Administrator - Disabled)
ASUS (S-1-5-21-2630770035-1559974836-2095674083-1001 - Administrator - Enabled) => C:\Users\ASUS
DefaultAccount (S-1-5-21-2630770035-1559974836-2095674083-503 - Limited - Disabled)
Guest (S-1-5-21-2630770035-1559974836-2095674083-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2630770035-1559974836-2095674083-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2630770035-1559974836-2095674083-1001\...\uTorrent) (Version: 3.5.5.44994 - BitTorrent Inc.)
Aktualizácie NVIDIA 35.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 35.0.0.0 - NVIDIA Corporation) Hidden
ASUS Device Activation (HKLM-x32\...\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}) (Version: 1.0.4.0 - ASUSTeK COMPUTER INC.)
ASUS GiftBox Service (HKLM-x32\...\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}) (Version: 3.0.8 - ASUSTeK COMPUTER INC.)
ASUS Hello (HKLM-x32\...\{D8CE1923-92A9-4036-817E-9E0D8AA2169B}) (Version: 1.0.5 - ASUSTeK COMPUTER INC.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.6.6 - ASUSTeK COMPUTER INC.)
ASUS PTP Driver (HKLM-x32\...\{7618E419-9124-4E6C-9AF4-487A6DDEC1C5}) (Version: 11.0.22 - ASUSTek COMPUTER INC.)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.19.0004 - ASUS)
ATK Package (ASUS Keyboard Hotkeys) (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0057 - ASUSTeK COMPUTER INC.)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.2.9 - ICEpower a/s)
CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.10.0.0770 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-2630770035-1559974836-2095674083-1001\...\Discord) (Version: 0.0.304 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 418.91 - NVIDIA Corporation) Hidden
GameFirst IV (HKLM-x32\...\{370651DD-8ABF-4807-9533-0869FDF79BFA}) (Version: 1.5.31 - ASUSTeK COMPUTER INC.) Hidden
GameFirst IV (HKLM-x32\...\GameFirst IV 1.5.31) (Version: 1.5.31 - ASUSTeK COMPUTER INC.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.119 - Spoločnosť Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1043 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4849 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.9.0.1015 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1725.1 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000010-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.10.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{766125c2-307e-4cf5-a246-e0338e1e30a9}) (Version: 20.10.1 - Intel Corporation)
Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains)
Malwarebytes verzia 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Metro Exodus (HKLM-x32\...\{F25D08D9-EBE0-4C15-AAD2-50B446E85B17}_is1) (Version: - 4A Games)
Microsoft OneDrive (HKU\S-1-5-21-2630770035-1559974836-2095674083-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Mozilla Firefox 65.0.1 (x64 sk) (HKLM\...\Mozilla Firefox 65.0.1 (x64 sk)) (Version: 65.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 65.0.1 - Mozilla)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.13 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.17.0.126 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.17.0.126 - NVIDIA Corporation)
NVIDIA Grafický ovládač 418.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 418.91 - NVIDIA Corporation)
NVIDIA Ovládač 3D Vision 418.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 418.91 - NVIDIA Corporation)
NVIDIA Softvér systému s podporou technológie PhysX 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
Ovládací panel NVIDIA 418.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 418.91 - NVIDIA Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.16299.29095 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.23.1003.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8302 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.6 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.6 - VS Revo Group, Ltd.)
ROG Gaming Center (HKLM\...\{CC182DBF-FC67-4F79-9930-6A2682E60BDD}) (Version: 2.1.5 - ASUSTeK COMPUTER INC.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Warcraft III - The Frozen Throne v1.26 (HKLM-x32\...\Warcraft III - The Frozen Throne v1.26 1.26) (Version: 1.26 - Blizzard)
Windows Driver Package - ASUSTek COMPUTER INC. (AsusPTPDrv) HIDClass (08/02/2017 11.0.0.18) (HKLM\...\E90A37D273EA609437C18750E3A7AB5C391A4E33) (Version: 08/02/2017 11.0.0.18 - ASUSTek COMPUTER INC.)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.83 Build 18 - Windscribe Limited)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.5 - ASUSTeK COMPUTER INC.)
WinRAR 5.70 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.1 - win.rar GmbH)
XSplit Gamecaster (HKLM-x32\...\{A39B5969-9683-49F9-AA69-F40EF0D91441}) (Version: 3.0.1705.3123 - SplitmediaLabs)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2630770035-1559974836-2095674083-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Windows -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-19] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-19] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-02-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-02-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_284fc0001ef3d612\igfxDTCM.dll [2017-12-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2019-02-06] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-19] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-19] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00A8F6B5-64EE-472D-A3FD-2D789BF430DC} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0BBC1D3A-5320-4C45-8669-81EFE50ADA1D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {17EB3C41-4400-44D4-8B26-BECF84EF3EDA} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1AEE6ED7-7013-49ED-A4F3-97DFB725B18A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {2941AD78-06AA-4189-B8B0-0514ABEE0B1C} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {35512286-1E16-4F71-A799-F4688B71018F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {4495358F-9DCA-479B-AF4E-904649874D9D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {48313DE5-781D-41D0-9448-2E2A1C534B23} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {4BBB7A18-777D-4FC5-93C3-64CE408BE47C} - System32\Tasks\ROG Gaming Center => C:\Program Files (x86)\ASUSTeK COMPUTER INC\ROG Gaming Center\ROGGamingKey.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {4D8F9CA7-08F1-4B2F-AD8B-8BAD891E2736} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4F6E5BA3-1695-4F64-A62B-E001CAE811CA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {68B2C10E-171B-44A2-A964-7626DEADD915} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {7F1776E5-60D1-4A04-9FFD-B30C8B42F375} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9016DD39-8264-456C-ABB3-D3E325D0C968} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {92EF4C8D-1F27-41F5-AD7E-0B566F5211F7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {9757AAA3-87EB-42AF-B3CC-E74EC2380317} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {9DFAB387-C09F-4392-B716-D41494E61C5A} - System32\Tasks\ASUS Hello => C:\Program Files (x86)\ASUS\ASUS Hello\ASUSHelloBG.exe (ASUSTeK Computer Inc. -> )
Task: {9FC0B12E-3786-4B49-A5E7-3D62A66E3CCA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {AA175071-ABFD-47B1-A7CE-86A84BA6CA6A} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) [File not signed]
Task: {AFD3D772-85EC-41C4-B78F-DC998794A448} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {B5555066-082B-464B-A544-F0E2C653EA00} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {BC5293AE-2392-40E9-BB4D-395E7CC22805} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C9EBBE81-7FB4-4A39-B3CB-E090DDB7CE2A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CB3E51A2-176D-4B83-B3A7-B4F2936A410C} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe () [File not signed]
Task: {E108B2D9-1A2A-4256-8995-1F51D388FAE1} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {E527791F-9B43-4BCB-835E-F10D4A37EE42} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E7218DC2-FF17-470C-B353-4274FCDDC647} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {FB4BF084-C590-4739-BEAB-FC5DED772109} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-02-19 14:14 - 2019-01-30 21:13 - 001315208 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-11-24 04:18 - 2017-11-24 04:18 - 000609168 _____ () C:\Program Files (x86)\ASUS\ASUS Hello\ASUSHelloBG.exe
2018-09-15 08:28 - 2018-09-15 08:28 - 000834088 _____ () C:\Windows\SYSTEM32\inputhost.dll
2018-09-15 08:28 - 2018-09-15 08:28 - 000474624 _____ () C:\Windows\ShellExperiences\TileControl.dll
2019-02-22 17:14 - 2019-02-22 17:14 - 002801152 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-02-22 17:15 - 2019-02-22 17:15 - 001740800 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-09-15 10:12 - 2018-09-15 10:12 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-02-22 18:15 - 2019-02-22 18:16 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2019-02-22 18:15 - 2019-02-22 18:16 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2019-02-19 14:40 - 2019-02-19 14:40 - 010541568 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2019-02-19 14:40 - 2019-02-19 14:41 - 002933760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\skypert.dll
2019-02-19 14:40 - 2019-02-19 14:41 - 000688640 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2019-02-19 14:40 - 2019-02-19 14:40 - 002362096 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\Processing.NDI.Lib.UWP.x64.dll
2019-02-22 18:15 - 2019-02-22 18:16 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2019-02-22 18:15 - 2019-02-22 18:16 - 007181824 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20453.0_x64__8wekyb3d8bbwe\YourPhone.exe
2019-02-22 18:15 - 2019-02-22 18:16 - 002542592 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20453.0_x64__8wekyb3d8bbwe\YourPhone.AppCore.dll
2019-02-22 18:15 - 2019-02-22 18:16 - 000256000 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20453.0_x64__8wekyb3d8bbwe\AppConfig.dll
2019-02-19 22:23 - 2019-02-19 22:31 - 001004032 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20453.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2019-02-22 18:15 - 2019-02-22 18:16 - 003547136 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20453.0_x64__8wekyb3d8bbwe\PhoneCommunicationAppService.dll
2019-02-19 14:32 - 2019-02-19 14:32 - 004380232 _____ () C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.0_2.1810.18004.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-02-19 14:38 - 2019-02-19 14:39 - 000282624 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2019-02-19 14:38 - 2019-02-19 14:39 - 002538056 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-10-27 23:15 - 2017-10-27 23:15 - 000050064 _____ () C:\Program Files (x86)\ASUS\ASUS Hello\AsGAUpd.dll
2019-02-19 14:14 - 2019-01-30 21:13 - 001033096 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-09-25 22:28 - 2017-09-25 22:28 - 001244304 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-10-13 07:17 - 2016-10-13 07:17 - 000033280 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2016-10-13 07:17 - 2016-10-13 07:17 - 000125440 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2016-10-13 07:17 - 2016-10-13 07:17 - 000029184 _____ () C:\Program Files (x86)\ASUS\Splendid\VideoEnhance.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2630770035-1559974836-2095674083-1001\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-02-19 14:29 - 2019-02-21 23:44 - 000000841 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-2630770035-1559974836-2095674083-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ASUS\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\bobo4.jpg
DNS Servers: 147.175.130.10 - 147.175.137.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKU\S-1-5-21-2630770035-1559974836-2095674083-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-2630770035-1559974836-2095674083-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2630770035-1559974836-2095674083-1001\...\StartupApproved\Run: => "Discord"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{304DB113-57C7-4BA3-BBF5-669868C3E6D7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16040.10730.20103.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe No File
FirewallRules: [{1CAFAC6B-F1CB-405F-BAE0-82CEE5A1AD16}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel(R) Wireless Connectivity Solutions -> )
FirewallRules: [{F744316D-F211-42D9-830E-34A9F03250CB}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe (SplitmediaLabs Limited -> SplitmediaLabs)
FirewallRules: [{745C6DB0-4030-4858-98AD-691E47283877}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe (SplitmediaLabs Limited -> SplitmediaLabs)
FirewallRules: [{1BFD642C-A806-4238-9A6D-E2486B78867F}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.cam.exe (SplitmediaLabs Limited -> SplitmediaLabs Limited)
FirewallRules: [{D345CDBF-5F61-4DAE-A045-3AE6131F3502}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.cam.exe (SplitmediaLabs Limited -> SplitmediaLabs Limited)
FirewallRules: [{4A492495-87CC-484E-A309-12FE1EB1BDEE}] => (Allow) C:\Program Files (x86)\ASUSTeK COMPUTER INC\ROG Gaming Center\ROGGCAndroidService.exe (ASUSTeK Computer Inc. -> ASUSTeK COMPUTER INC.)
FirewallRules: [{A5EDCECA-6741-4B38-86A7-A85AE6FAE5F3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{C32857AC-0848-4CC4-8EF6-A8E20A6F8557}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{B1608FEC-4D9C-437E-9FBB-9FD56B170602}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{2AF14565-0E8C-4486-AA72-6D3E92F3EA57}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{1F551CB6-0F13-4FB4-ADF4-4E7F186D6E5D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{FB0289F0-517F-4370-BC6C-BC1B67F1C127}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9B48F30C-FFB2-4C77-8919-7B966CA14653}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{147103CA-7E76-4FA5-98A7-9498942178C1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{51E868C9-2C3A-4B9D-83F1-F4BC9978BA29}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{CC0973CA-1E7B-4C29-8B20-2D10131A1740}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{51D73BD1-1927-4F21-9FCE-5F8863063E8A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{E1971B11-1DAC-4820-8F12-CED89450B515}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Block) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [UDP Query User{18AC37FA-A972-4BE7-AAD4-EB78A48DB02A}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Block) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [{A4DD4942-FF7F-4708-9F31-DE017065D228}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{1EADFC3A-0891-4E94-BF39-C4968BDBD3C4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{6AFD4713-27F9-4BF7-85DC-6B66F4D082E9}] => (Allow) F:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{CF863CCC-B6E8-443A-A361-F77B9C6A7028}] => (Allow) F:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [TCP Query User{E9165C49-C338-4EA7-888D-DD8B1F3F1CCC}C:\users\asus\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\asus\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{4BC2E9DA-506C-4C36-A3CD-BBD005257D98}C:\users\asus\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\asus\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{8C99E163-4768-476E-9EB1-B3EED76D6ED9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

19-02-2019 23:57:38 Inštalátor modulov systému Windows
20-02-2019 20:08:02 Inštalátor modulov systému Windows
21-02-2019 21:39:55 Revo Uninstaller's restore point - Mozilla Maintenance Service
22-02-2019 12:28:41 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/22/2019 03:01:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: MetroExodus.exe, verzia: 1.0.0.0, časová značka: 0x5c641104
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.17763.168, časová značka: 0xe66d9775
Kód výnimky: 0xc0000005
Odstup chyby: 0x000000000001de43
Identifikácia chybujúceho procesu: 0x1618
Čas spustenia chybujúcej aplikácie: 0x01d4cab723185828
Cesta chybujúcej aplikácie: F:\Metro Exodus\MetroExodus.exe
Cesta chybujúceho modulu: C:\Windows\SYSTEM32\ntdll.dll
Identifikácia hlásenia: ac1a5edd-a165-4a17-990c-f756dd4ba49d
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (02/22/2019 12:51:41 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

Error: (02/21/2019 11:43:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: DaS_21.exe, verzia: 2.1.0.4, časová značka: 0x540c90b2
Názov chybujúceho modulu: KERNELBASE.dll, verzia: 10.0.17763.134, časová značka: 0x1659a33b
Kód výnimky: 0xe0434352
Odstup chyby: 0x0000000000055299
Identifikácia chybujúceho procesu: 0x2328
Čas spustenia chybujúcej aplikácie: 0x01d4ca36d370cf66
Cesta chybujúcej aplikácie: C:\Users\ASUS\AppData\Local\Temp\DaS_21.exe
Cesta chybujúceho modulu: C:\Windows\System32\KERNELBASE.dll
Identifikácia hlásenia: 2993df16-4aac-4f2d-96b4-3767ab4e6ca1
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (02/21/2019 11:43:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DaS_21.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
at System.IO.__Error.WinIOError(Int32, System.String)
at System.Console.SetWindowSize(Int32, Int32)
at DriverAndServicesOut.Program.Main(System.String[])

Error: (02/21/2019 11:43:07 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (02/21/2019 09:38:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (02/21/2019 09:38:05 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {24560a51-0ed8-4077-86f5-0da1a39c9e9e}

Error: (02/21/2019 10:10:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchUI.exe version 10.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2c54

Start Time: 01d4c9c4f34fe84c

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

Report Id: 4ab42b05-dcd3-45e1-a134-380d727d4bee

Faulting package full name: Microsoft.Windows.Cortana_1.11.5.17763_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: CortanaUI

Hang type: Quiesce


System errors:
=============
Error: (02/22/2019 06:49:01 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-6SHUAF6D)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user LAPTOP-6SHUAF6D\ASUS SID (S-1-5-21-2630770035-1559974836-2095674083-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/22/2019 06:49:01 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-6SHUAF6D)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user LAPTOP-6SHUAF6D\ASUS SID (S-1-5-21-2630770035-1559974836-2095674083-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/22/2019 06:39:28 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-6SHUAF6D)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user LAPTOP-6SHUAF6D\ASUS SID (S-1-5-21-2630770035-1559974836-2095674083-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/22/2019 06:39:28 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-6SHUAF6D)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user LAPTOP-6SHUAF6D\ASUS SID (S-1-5-21-2630770035-1559974836-2095674083-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/22/2019 06:33:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/22/2019 06:33:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.SecurityAppBroker
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/22/2019 06:33:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/22/2019 06:16:21 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Zlyhanie inštalácie: Systému Windows sa nepodarilo nainštalovať nasledujúcu aktualizáciu. Vyskytla sa chyba 0x80073d02: 9WZDNCRFJ364-MICROSOFT.SKYPEAPP.


Windows Defender:
===================================
Date: 2019-02-21 17:30:57.123
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D09EF8AC-6855-4392-84EB-ECDD366B4A5B}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-02-21 11:39:48.012
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {B8769987-A5DC-4969-B934-E31E03E6A2DD}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-02-20 23:51:08.957
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {96D54E06-7950-4858-9EA9-04E6CF421831}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-02-20 20:58:50.392
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {BE3788EC-78BD-4E0C-A969-EAA321B9CBBD}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-02-19 18:06:33.419
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 1.287.338.0
Previous Signature Version: 1.273.933.0
Update Source: User
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 1.1.15700.8
Previous Engine Version: 1.1.15700.8
Error code: 0x80509004
Error description: Vyskytol sa neočakávaný problém. Nainštalujte všetky dostupné aktualizácie a potom znova skúste spustiť program. Informácie o inštalácii programov nájdete v Pomoci a technickej podpore.

Date: 2019-02-19 18:06:33.419
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 1.287.338.0
Previous Signature Version: 1.273.933.0
Update Source: User
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 1.1.15700.8
Previous Engine Version: 1.1.15700.8
Error code: 0x80509004
Error description: Vyskytol sa neočakávaný problém. Nainštalujte všetky dostupné aktualizácie a potom znova skúste spustiť program. Informácie o inštalácii programov nájdete v Pomoci a technickej podpore.

Date: 2019-02-19 18:06:32.651
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.273.933.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15700.8
Error code: 0x80240022
Error description: Program nemôže skontrolovať aktualizácie definícií.

CodeIntegrity:
===================================

Date: 2019-02-19 17:26:34.565
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-02-19 17:26:34.563
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-02-19 17:26:34.554
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-02-19 17:26:34.552
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-02-19 14:29:03.968
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\mcafee.com\agent\mcupdate.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-02-19 14:29:03.914
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\mcafee.com\agent\mcupdate.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-02-19 14:29:03.802
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\mcafee.com\agent\mcupdate.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-02-19 14:29:03.730
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\mcafee.com\agent\mcupdate.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-7300HQ CPU @ 2.50GHz
Percentage of memory in use: 35%
Total physical RAM: 8077.02 MB
Available physical RAM: 5209.54 MB
Total Virtual: 11661.02 MB
Available Virtual: 7882.05 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:491.01 GB) (Free:345.34 GB) NTFS
Drive f: (Jednotka) (Fixed) (Total:439.45 GB) (Free:366.51 GB) NTFS

\\?\Volume{8e850a0f-1ca7-44a6-8891-00584dfa9b53}\ (RECOVERY) (Fixed) (Total:0.78 GB) (Free:0.36 GB) NTFS
\\?\Volume{7dd30c7b-18a4-4418-969c-b86e17ef7e6c}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2D7BE537)

Partition: GPT.

==================== End of Addition.txt ============================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118152
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Malware

#14 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {92EF4C8D-1F27-41F5-AD7E-0B566F5211F7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {9757AAA3-87EB-42AF-B3CC-E74EC2380317} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
HKU\S-1-5-21-2630770035-1559974836-2095674083-1001\...\MountPoints2: {ea204584-2f1c-11e9-8ecf-8878732e08af} - "E:\setup.exe"
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Boris
Návštěvník
Návštěvník
Příspěvky: 94
Registrován: 18 úno 2015 17:26

Re: Malware

#15 Příspěvek od Boris »

Reštartovalo ntbook ale asi nepomohlo lebo furt mi ukaze tu stranku na presmerovanie a ked kliknem dalej tam ma to prenesie sem: https://en.wikipedia.org/wiki/Original_Software

Fix result of Farbar Recovery Scan Tool (x64) Version: 20.02.2019 02
Ran by ASUS (22-02-2019 20:23:58) Run:1
Running from C:\Users\ASUS\Desktop
Loaded Profiles: ASUS (Available Profiles: ASUS)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {92EF4C8D-1F27-41F5-AD7E-0B566F5211F7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {9757AAA3-87EB-42AF-B3CC-E74EC2380317} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
HKU\S-1-5-21-2630770035-1559974836-2095674083-1001\...\MountPoints2: {ea204584-2f1c-11e9-8ecf-8878732e08af} - "E:\setup.exe"
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92EF4C8D-1F27-41F5-AD7E-0B566F5211F7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92EF4C8D-1F27-41F5-AD7E-0B566F5211F7}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9757AAA3-87EB-42AF-B3CC-E74EC2380317}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9757AAA3-87EB-42AF-B3CC-E74EC2380317}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
HKU\S-1-5-21-2630770035-1559974836-2095674083-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea204584-2f1c-11e9-8ecf-8878732e08af} => removed successfully
HKLM\Software\Classes\CLSID\{ea204584-2f1c-11e9-8ecf-8878732e08af} => not found
"C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 6316032 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 29675050 B
Java, Flash, Steam htmlcache => 66548431 B
Windows/system/drivers => 2708655 B
Edge => 896856 B
Chrome => 5109290 B
Firefox => 720684185 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 8456 B
NetworkService => 0 B
ASUS => 3719050 B

RecycleBin => 50071826289 B
EmptyTemp: => 47.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:25:22 ====

Zamčeno