Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Instagram hacknutý?

Návody, recenze, diskuze, řešení problémů

Moderátor: Moderátoři

Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Zpráva
Autor
dj-paja
Návštěvník
Návštěvník
Příspěvky: 412
Registrován: 16 úno 2012 12:30

Re: Instagram hacknutý?

#31 Příspěvek od dj-paja »

Ahoj,myslíš dvoufázové ověření viz instagram,potřebuji odstranit 3600 foloverů lidí,které neznám poradíš jak odstranit díky.

dj-paja
Návštěvník
Návštěvník
Příspěvky: 412
Registrován: 16 úno 2012 12:30

Re: Instagram hacknutý?

#32 Příspěvek od dj-paja »

Vloženy nové logy pro skenované,je podotýkám nelze provést fixaci poraďte,případně jiný nástroj po dočištění notebooku děkuji.


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-03-2020
Ran by toxic (administrator) on DESKTOP-3HMT51S (Acer Aspire 6930G) (01-04-2020 17:45:59)
Running from D:\Stažené soubory
Loaded Profiles: toxic (Available Profiles: defaultuser0 & toxic)
Platform: Microsoft Windows 10 Home Version 1909 18363.720 (X86) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Nainstalovano\Avast \wsc_proxy.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12003.1001.1.0_x86__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_3.38.25003.0_x86__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_3.38.25003.0_x86__8wekyb3d8bbwe\GameBarFT.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_3.38.25003.0_x86__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.20022.11011.0_x86__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Nainstalovano\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Nainstalovano\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Nainstalovano\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Nainstalovano\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Nainstalovano\Mozilla Firefox\firefox.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Opera Software AS -> Opera Software) C:\Nainstalovano\Opera\assistant\browser_assistant.exe
(Opera Software AS -> Opera Software) C:\Nainstalovano\Opera\assistant\browser_assistant.exe
(Prolific Technology Inc.) [File not signed] C:\Windows\System32\IoctlSvc.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files\Wondershare\WAF\2.4.3.237\WsAppService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1793736 2015-06-29] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-05-28] (Nero AG -> Nero AG)
HKLM\...\Run: [AvastUI.exe] => C:\Nainstalovano\Avast \AvLaunch.exe [238392 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-1134202389-2396285059-191239155-1001\...\Run: [Opera Browser Assistant] => C:\Nainstalovano\Opera\assistant\browser_assistant.exe [3024920 2020-03-27] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-1134202389-2396285059-191239155-1001\...\MountPoints2: {44e84d53-4b79-11ea-b132-00238b4d4eb9} - "I:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1134202389-2396285059-191239155-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\yowindow.scr
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\80.0.3987.162\Installer\chrmstp.exe [2020-04-01] (Google LLC -> Google LLC)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1028E910-F232-4272-BCA5-37123A0423A3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {274CC0BB-CC9D-467E-9475-E5DC3E8C9FF6} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1410152 2020-02-27] (Avast Software s.r.o. -> Avast Software)
Task: {28AFB791-C07F-4EB2-923D-09DFFAB77A07} - System32\Tasks\Avast Emergency Update => C:\Nainstalovano\Avast \AvEmUpdate.exe [3196864 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
Task: {3C3A201C-1DE3-4A93-9E80-24EBF5C2225B} - System32\Tasks\R@1n-KMS\Windows64Core => wmic path SoftwareLicensingProduct where (ID="58e97c99-f377-4ef1-81d5-4ad5522b5fd8") call Activate
Task: {65C688D3-89E2-496A-8105-42DBB0875149} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2019-11-27] (Google Inc -> Google Inc.)
Task: {BA7BBA0E-A0D1-46A5-9BF0-6FFB40DA45D5} - System32\Tasks\Opera scheduled assistant Autoupdate 1576856810 => C:\Nainstalovano\Opera\launcher.exe [1355800 2020-03-19] (Opera Software AS -> Opera Software)
Task: {D9940D10-AA63-4D72-9155-CF8A8DE3209C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2019-11-27] (Google Inc -> Google Inc.)
Task: {DD5856EC-43E1-4D6E-9970-8DE5562A6CC6} - System32\Tasks\Opera scheduled Autoupdate 1574370956 => C:\Nainstalovano\Opera\launcher.exe [1355800 2020-03-19] (Opera Software AS -> Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{35d52512-9f34-46a5-bf7d-a7cacdda0654}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: bkp0e99m.default
FF ProfilePath: C:\Users\toxic\AppData\Roaming\Mozilla\Firefox\Profiles\bkp0e99m.default [2019-11-27]
FF ProfilePath: C:\Users\toxic\AppData\Roaming\Mozilla\Firefox\Profiles\0ruyt16n.default-release [2020-04-01]
FF DownloadDir: D:\Stažené soubory
FF Homepage: Mozilla\Firefox\Profiles\0ruyt16n.default-release -> www.seznam.cz
FF Notifications: Mozilla\Firefox\Profiles\0ruyt16n.default-release -> hxxps://www.instagram.com; hxxps://plzensky.denik.cz
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.)
StartMenuInternet: Firefox-DE8BB025F0219FDF - C:\Nainstalovano\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\toxic\AppData\Local\Google\Chrome\User Data\Default [2020-03-25]
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxp://www.seznam.cz/"
CHR Extension: (Prezentace) - C:\Users\toxic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-11-27]
CHR Extension: (Dokumenty) - C:\Users\toxic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-11-27]
CHR Extension: (Disk Google) - C:\Users\toxic\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-11-27]
CHR Extension: (YouTube) - C:\Users\toxic\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-11-27]
CHR Extension: (Tabulky) - C:\Users\toxic\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-11-27]
CHR Extension: (Dokumenty Google offline) - C:\Users\toxic\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\toxic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-27]
CHR Extension: (Gmail) - C:\Users\toxic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-11-27]
CHR Extension: (Chrome Media Router) - C:\Users\toxic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-03-23]

Opera:
=======
OPR DownloadDir: D:\Stažené soubory
OPR StartupUrls: "hxxp://www.seznam.cz/"

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [88648 2020-02-25] (Adobe Inc. -> Adobe Systems)
S2 avast! Antivirus; C:\Nainstalovano\Avast \AvastSvc.exe [367184 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Nainstalovano\Avast \wsc_proxy.exe [57536 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
S3 Microsoft Office Groove Audit Service; C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveAuditService.exe [65824 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
S3 NBService; C:\Nainstalovano\Nero 7\Nero BackItUp\NBService.exe [800040 2008-04-08] (Nero AG -> Nero AG)
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\NisSrv.exe [2258536 2019-11-29] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MsMpEng.exe [85032 2019-11-29] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService; C:\Program Files\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35752 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [175464 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15792 2020-02-26] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41448 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [148416 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [95416 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [73552 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [690232 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [395096 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [177000 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [277648 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [243128 2019-12-02] (Disc Soft Ltd -> Disc Soft Ltd)
R3 L1E; C:\WINDOWS\System32\drivers\L1E62x86.sys [55296 2019-03-19] (Microsoft Windows -> Atheros Communications, Inc.)
R3 NETwNs32; C:\WINDOWS\System32\drivers\NETwNs32.sys [7518208 2019-03-19] (Microsoft Windows -> Intel Corporation)
S3 nmwcd; C:\WINDOWS\system32\drivers\ccdcmb.sys [18176 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdc; C:\WINDOWS\system32\drivers\ccdcmbo.sys [23168 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 pccsmcfd; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [19072 2012-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
R3 SrvHsfHDA; C:\WINDOWS\system32\DRIVERS\VSTAZL3.SYS [207360 2019-03-19] (Microsoft Windows -> Conexant Systems, Inc.)
R3 SrvHsfV92; C:\WINDOWS\system32\DRIVERS\VSTDPV3.SYS [980992 2019-03-19] (Microsoft Windows -> Conexant Systems, Inc.)
R3 SrvHsfWinac; C:\WINDOWS\system32\DRIVERS\VSTCNXT3.SYS [661504 2019-03-19] (Microsoft Windows -> Conexant Systems, Inc.)
S3 upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [8192 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [8192 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [38280 2019-11-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [275680 2019-11-29] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [38624 2019-11-29] (Microsoft Windows -> Microsoft Corporation)
S3 winbondcir; C:\WINDOWS\system32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Winbond Electronics Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [207360 2019-03-19] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-29 22:24 - 2020-03-29 23:22 - 000000000 ____D C:\koncerty AVI
2020-03-28 12:59 - 2020-03-26 00:03 - 429395506 _____ C:\Nákaza _ Contagion (2011) CZ Dabing 480p.mp4
2020-03-28 12:06 - 2020-03-28 12:28 - 000000000 ____D C:\Mafia Games
2020-03-27 20:04 - 2020-03-27 20:04 - 000000000 ____D C:\Users\toxic\AppData\Local\2K Games
2020-03-27 19:12 - 2020-03-27 20:07 - 000000764 _____ C:\Users\toxic\Desktop\Mafia II.lnk
2020-03-24 21:24 - 2020-03-24 21:24 - 000002912 _____ C:\Users\toxic\Desktop\fixlist.txt.txt
2020-03-24 21:19 - 2020-03-24 21:19 - 000002912 _____ C:\Users\toxic\Desktop\Nový textový dokument (3).txt
2020-03-24 21:14 - 2020-04-01 17:45 - 000000955 _____ C:\Users\toxic\Desktop\FRST – zástupce.lnk
2020-03-23 15:29 - 2020-02-26 15:16 - 000308600 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2020-03-15 22:11 - 2020-03-15 22:11 - 183140351 _____ C:\Users\toxic\Downloads\Pravda ohledně corona virusu Cz Dabing... - Edita Strbavá Lundra.wmv
2020-03-13 14:56 - 2020-03-13 14:56 - 006520776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-03-13 14:56 - 2020-03-13 14:56 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2020-03-13 14:56 - 2020-03-13 14:56 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2020-03-13 14:56 - 2020-03-13 14:56 - 000462864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-03-13 14:56 - 2020-03-13 14:56 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll
2020-03-11 21:48 - 2020-03-11 21:48 - 000000000 ____D C:\Users\toxic\AppData\Local\ElevatedDiagnostics
2020-03-10 21:34 - 2020-03-10 21:34 - 009711616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2020-03-10 21:34 - 2020-03-10 21:34 - 003488768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-03-10 21:34 - 2020-03-10 21:34 - 003243296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.dll
2020-03-10 21:34 - 2020-03-10 21:34 - 002315680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-03-10 21:34 - 2020-03-10 21:34 - 001874328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2020-03-10 21:34 - 2020-03-10 21:34 - 001867816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-03-10 21:34 - 2020-03-10 21:34 - 001792312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2020-03-10 21:34 - 2020-03-10 21:34 - 001616912 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-03-10 21:34 - 2020-03-10 21:34 - 001555904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2020-03-10 21:34 - 2020-03-10 21:34 - 001474048 _____ C:\WINDOWS\system32\rdpnano.dll
2020-03-10 21:34 - 2020-03-10 21:34 - 001417976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2020-03-10 21:34 - 2020-03-10 21:34 - 001400320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2020-03-10 21:34 - 2020-03-10 21:34 - 001108040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2020-03-10 21:34 - 2020-03-10 21:34 - 001080832 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2020-03-10 21:34 - 2020-03-10 21:34 - 001012792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-03-10 21:34 - 2020-03-10 21:34 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2020-03-10 21:34 - 2020-03-10 21:34 - 000952416 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2020-03-10 21:34 - 2020-03-10 21:34 - 000757632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2020-03-10 21:34 - 2020-03-10 21:34 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2020-03-10 21:34 - 2020-03-10 21:34 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-03-10 21:34 - 2020-03-10 21:34 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbc32.dll
2020-03-10 21:34 - 2020-03-10 21:34 - 000446232 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2020-03-10 21:34 - 2020-03-10 21:34 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2020-03-10 21:34 - 2020-03-10 21:34 - 000239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacEncoder.dll
2020-03-10 21:34 - 2020-03-10 21:34 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-03-10 21:34 - 2020-03-10 21:34 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2020-03-10 21:34 - 2020-03-10 21:34 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2020-03-10 21:34 - 2020-03-10 21:34 - 000079672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2020-03-10 21:34 - 2020-03-10 21:34 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2020-03-10 21:34 - 2020-03-10 21:34 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2020-03-10 21:34 - 2020-03-10 21:34 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
2020-03-10 21:34 - 2020-03-10 21:34 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-03-10 21:34 - 2020-03-10 21:34 - 000023864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2020-03-10 21:34 - 2020-03-10 21:34 - 000018448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe
2020-03-10 21:33 - 2020-03-10 21:34 - 006285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 018027008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 007070736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-03-10 21:33 - 2020-03-10 21:33 - 005911040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 003819520 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 002999808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 002985984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 002797568 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-03-10 21:33 - 2020-03-10 21:33 - 002584008 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 002307584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 002259872 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 002235408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-03-10 21:33 - 2020-03-10 21:33 - 002203664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2020-03-10 21:33 - 2020-03-10 21:33 - 002077880 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 001797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 001684992 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 001659528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 001429096 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 001402880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 001223680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 001157120 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 001077632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2020-03-10 21:33 - 2020-03-10 21:33 - 001071120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2020-03-10 21:33 - 2020-03-10 21:33 - 001031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 001018552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2020-03-10 21:33 - 2020-03-10 21:33 - 001007672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000892696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000769552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000746352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2020-03-10 21:33 - 2020-03-10 21:33 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000713728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2020-03-10 21:33 - 2020-03-10 21:33 - 000680184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpksetup.exe
2020-03-10 21:33 - 2020-03-10 21:33 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2020-03-10 21:33 - 2020-03-10 21:33 - 000478792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprdim.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000362000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-03-10 21:33 - 2020-03-10 21:33 - 000356368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2020-03-10 21:33 - 2020-03-10 21:33 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000331280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-03-10 21:33 - 2020-03-10 21:33 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnphost.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000300032 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000267280 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2020-03-10 21:33 - 2020-03-10 21:33 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2020-03-10 21:33 - 2020-03-10 21:33 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2020-03-10 21:33 - 2020-03-10 21:33 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000205840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2020-03-10 21:33 - 2020-03-10 21:33 - 000199480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2020-03-10 21:33 - 2020-03-10 21:33 - 000193592 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys
2020-03-10 21:33 - 2020-03-10 21:33 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtm.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2020-03-10 21:33 - 2020-03-10 21:33 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2020-03-10 21:33 - 2020-03-10 21:33 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAuto.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000136328 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000130112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnpclean.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2020-03-10 21:33 - 2020-03-10 21:33 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceMetadataRetrievalClient.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys
2020-03-10 21:33 - 2020-03-10 21:33 - 000105832 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2020-03-10 21:33 - 2020-03-10 21:33 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000102760 _____ (Microsoft Corporation) C:\WINDOWS\system32\profapi.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000097592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2020-03-10 21:33 - 2020-03-10 21:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000080912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2020-03-10 21:33 - 2020-03-10 21:33 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterpriseresourcemanager.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmRes.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlrmdr.exe
2020-03-10 21:33 - 2020-03-10 21:33 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\udhisapi.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2020-03-10 21:33 - 2020-03-10 21:33 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstUI.exe
2020-03-10 21:33 - 2020-03-10 21:33 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000054800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2020-03-10 21:33 - 2020-03-10 21:33 - 000051512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthHost.exe
2020-03-10 21:33 - 2020-03-10 21:33 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmprovhost.exe
2020-03-10 21:33 - 2020-03-10 21:33 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2020-03-10 21:33 - 2020-03-10 21:33 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnpcont.exe
2020-03-10 21:33 - 2020-03-10 21:33 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmapi.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afunix.sys
2020-03-10 21:33 - 2020-03-10 21:33 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmtask.exe
2020-03-10 21:33 - 2020-03-10 21:33 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAgent.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\msauserext.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmproxy.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpnotify.exe
2020-03-10 21:33 - 2020-03-10 21:33 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmsprep.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MUILanguageCleanup.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmplpxy.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LangCleanupSysprepAction.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2020-03-10 21:33 - 2020-03-10 21:33 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtprio.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2020-03-10 21:33 - 2020-03-10 21:33 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpksetupproxyserv.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 006084344 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 005112832 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 004868184 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-03-10 21:32 - 2020-03-10 21:32 - 004755968 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 003971808 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2020-03-10 21:32 - 2020-03-10 21:32 - 003560960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 003131392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 003037696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 002875904 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 002761016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 002740736 _____ (Microsoft Corporation) C:\WINDOWS\system32\directml.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 002561536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 002305536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 002058240 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 002021888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 001985104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 001661952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 001587200 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 001539888 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 001512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 001484600 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 001454400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 001264128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpsharercom.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 001257984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 001150464 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-03-10 21:32 - 2020-03-10 21:32 - 001101312 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 001091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 001054376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 001004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 001000960 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000935040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2020-03-10 21:32 - 2020-03-10 21:32 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000786040 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000776488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000741376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000689976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2020-03-10 21:32 - 2020-03-10 21:32 - 000668296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000659968 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000627216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000622592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000551824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxs.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000538128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 000531672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000526848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000478720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-03-10 21:32 - 2020-03-10 21:32 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000425272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2020-03-10 21:32 - 2020-03-10 21:32 - 000415976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2020-03-10 21:32 - 2020-03-10 21:32 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2020-03-10 21:32 - 2020-03-10 21:32 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000404992 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2020-03-10 21:32 - 2020-03-10 21:32 - 000402528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2020-03-10 21:32 - 2020-03-10 21:32 - 000400440 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 000344376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2020-03-10 21:32 - 2020-03-10 21:32 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 000319976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 000303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountExtension.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000246288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Acx01000.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnservice.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000213984 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2020-03-10 21:32 - 2020-03-10 21:32 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netman.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountCloudAP.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 000192016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringMgr.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000173880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000167224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 000166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000160568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 000156984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 000156984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000152080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\viac7.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 000144400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000142648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 000133432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 000120560 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000109072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 000108856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2020-03-10 21:32 - 2020-03-10 21:32 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\GraphicsCapture.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUser.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000105384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000105272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 000104976 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandler.exe
2020-03-10 21:32 - 2020-03-10 21:32 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Taskbar.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2020-03-10 21:32 - 2020-03-10 21:32 - 000068408 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2020-03-10 21:32 - 2020-03-10 21:32 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\monitor.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000046928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000042336 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000041784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pciidex.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\cellulardatacapabilityhandler.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2020-03-10 21:32 - 2020-03-10 21:32 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAProfileNotificationHandler.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxstrace.exe
2020-03-10 21:32 - 2020-03-10 21:32 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FaxPrinterInstaller.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthMini.SYS
2020-03-10 21:32 - 2020-03-10 21:32 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000023952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspipe.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000023864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tbs.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 000022840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atapi.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wci.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000017208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelide.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 000014648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pciide.sys
2020-03-10 21:32 - 2020-03-10 21:32 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchTM.exe
2020-03-10 21:32 - 2020-03-10 21:32 - 000003584 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCertResources.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tier2punctuations.dll
2020-03-10 21:32 - 2020-03-10 21:32 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUserRes.dll
2020-03-10 21:18 - 2020-02-11 06:48 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-03-05 00:20 - 2020-03-05 00:20 - 000000000 ____D C:\Users\toxic\AppData\Local\Philipp Schmieder
2020-03-02 20:17 - 2020-03-11 22:24 - 000000000 ____D C:\Users\toxic\AppData\Local\WiFi Guard
2020-03-02 20:17 - 2020-03-02 20:17 - 000000916 _____ C:\Users\Public\Desktop\SoftPerfect WiFi Guard.lnk
2020-03-02 20:16 - 2020-03-02 20:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftPerfect WiFi Guard

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-01 17:47 - 2016-11-14 23:34 - 000000000 ____D C:\FRST
2020-04-01 17:30 - 2019-12-21 18:55 - 000000000 ____D C:\Users\toxic\Downloads\opera autoupdate
2020-04-01 17:27 - 2014-04-11 16:15 - 000000000 ____D C:\Nainstalovano
2020-04-01 17:26 - 2019-11-27 01:38 - 000000000 ____D C:\Users\toxic\AppData\LocalLow\Mozilla
2020-04-01 14:52 - 2019-03-19 04:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-04-01 14:25 - 2019-11-27 01:27 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-01 14:25 - 2019-11-27 01:27 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-04-01 01:16 - 2019-12-24 15:43 - 000000000 ____D C:\Users\toxic\AppData\Roaming\Videoder
2020-04-01 00:36 - 2019-11-29 00:47 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-04-01 00:34 - 2019-03-19 04:46 - 000000000 ___HD C:\Program Files\WindowsApps
2020-04-01 00:34 - 2019-03-19 04:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-03-31 00:29 - 2019-11-27 23:11 - 000089068 _____ C:\Users\toxic\Desktop\Nový textový dokument.txt
2020-03-30 20:08 - 2019-11-27 00:36 - 000000000 ____D C:\Users\toxic\AppData\Roaming\vlc
2020-03-30 19:17 - 2019-11-29 01:03 - 001693636 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-03-30 19:17 - 2019-03-19 09:13 - 000718018 _____ C:\WINDOWS\system32\perfh005.dat
2020-03-30 19:17 - 2019-03-19 09:13 - 000145062 _____ C:\WINDOWS\system32\perfc005.dat
2020-03-30 19:17 - 2019-03-19 04:44 - 000000000 ____D C:\WINDOWS\INF
2020-03-27 22:17 - 2019-12-20 17:46 - 000004376 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1576856810
2020-03-27 20:15 - 2019-11-27 01:21 - 000000000 ____D C:\Users\toxic\AppData\Local\CrashDumps
2020-03-27 20:06 - 2020-02-03 20:40 - 000000000 ____D C:\Users\toxic\AppData\Roaming\NVIDIA
2020-03-27 20:06 - 2019-11-29 00:53 - 000000000 ____D C:\Users\toxic
2020-03-27 20:06 - 2019-11-27 00:02 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2020-03-27 19:08 - 2020-02-16 18:42 - 000000000 ____D C:\Games
2020-03-25 22:31 - 2019-11-27 23:12 - 000045452 _____ C:\Users\toxic\Desktop\Nový textový dokument (2).txt
2020-03-23 15:32 - 2019-11-29 01:51 - 000000000 _____ C:\WINDOWS\system32\last.dump
2020-03-23 15:31 - 2019-11-27 01:24 - 000001512 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2020-03-23 15:31 - 2019-11-27 01:24 - 000001500 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2020-03-23 15:30 - 2019-11-29 01:16 - 000003962 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2020-03-23 15:29 - 2019-03-19 04:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-03-23 15:24 - 2019-11-29 01:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-03-23 15:23 - 2019-03-19 04:35 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-03-23 15:22 - 2016-11-17 22:20 - 000000000 ____D C:\AdwCleaner
2020-03-23 14:21 - 2019-12-06 14:42 - 000000976 _____ C:\Users\toxic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2020-03-23 14:21 - 2019-11-29 01:16 - 000004164 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1574370956
2020-03-23 02:04 - 2020-02-15 00:49 - 000000000 ____D C:\Program Files\bookingDesktopApp
2020-03-22 21:02 - 2019-03-19 04:35 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-03-22 19:44 - 2019-11-29 01:16 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1134202389-2396285059-191239155-1001
2020-03-22 19:44 - 2019-11-29 00:53 - 000002361 _____ C:\Users\toxic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-03-22 19:44 - 2019-11-26 03:27 - 000000000 ___RD C:\Users\toxic\OneDrive
2020-03-21 20:50 - 2019-11-29 01:16 - 000003462 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-03-21 20:50 - 2019-11-29 01:16 - 000003338 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-03-20 01:37 - 2019-12-24 15:43 - 000000000 ____D C:\Users\toxic\AppData\Local\Videoder
2020-03-18 22:21 - 2019-12-06 01:59 - 000004550 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-03-18 22:20 - 2019-12-06 01:58 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-03-18 22:20 - 2019-12-06 01:56 - 000000000 ____D C:\Program Files\Common Files\Adobe
2020-03-13 16:18 - 2019-03-19 04:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-03-13 16:18 - 2019-03-19 04:46 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-03-11 22:09 - 2019-03-19 04:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-03-11 15:15 - 2019-11-29 01:35 - 000000000 ___RD C:\Users\toxic\3D Objects
2020-03-11 15:15 - 2019-11-26 03:23 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-03-11 15:13 - 2019-11-29 00:47 - 000433704 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-03-11 02:13 - 2019-03-19 04:46 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2020-03-11 02:13 - 2019-03-19 04:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-03-11 02:13 - 2019-03-19 04:46 - 000000000 ____D C:\WINDOWS\SystemResources
2020-03-11 02:13 - 2019-03-19 04:46 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2020-03-11 02:13 - 2019-03-19 04:46 - 000000000 ____D C:\WINDOWS\system32\setup
2020-03-11 02:13 - 2019-03-19 04:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-03-11 02:13 - 2019-03-19 04:46 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-03-11 02:13 - 2019-03-19 04:46 - 000000000 ____D C:\Program Files\Windows Defender
2020-03-11 02:13 - 2019-03-19 04:35 - 000000000 ____D C:\WINDOWS\servicing
2020-03-10 21:50 - 2019-11-27 03:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-03-10 21:42 - 2019-11-27 03:11 - 118379832 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-03-07 17:37 - 2019-11-29 21:00 - 000000000 ____D C:\ProgramData\Packages
2020-03-07 00:39 - 2019-04-09 16:14 - 000000000 ____D C:\Youtube klipy
2020-03-04 17:57 - 2019-11-29 21:09 - 000000000 ____D C:\Users\toxic\AppData\Local\PlaceholderTileLogoFolder
2020-03-04 17:57 - 2019-11-26 03:23 - 000000000 ____D C:\Users\toxic\AppData\Local\Packages
2020-03-02 20:16 - 2019-11-21 21:45 - 000000000 ____D C:\Nainstalováno

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

dj-paja
Návštěvník
Návštěvník
Příspěvky: 412
Registrován: 16 úno 2012 12:30

Re: Instagram hacknutý?

#33 Příspěvek od dj-paja »

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-03-2020
Ran by toxic (01-04-2020 17:49:42)
Running from D:\Stažené soubory
Microsoft Windows 10 Home Version 1909 18363.720 (X86) (2019-11-28 23:17:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1134202389-2396285059-191239155-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1134202389-2396285059-191239155-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1134202389-2396285059-191239155-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1134202389-2396285059-191239155-501 - Limited - Disabled)
toxic (S-1-5-21-1134202389-2396285059-191239155-1001 - Administrator - Enabled) => C:\Users\toxic
WDAGUtilityAccount (S-1-5-21-1134202389-2396285059-191239155-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Out of date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 2.2.1 - )
7-Zip 19.00 (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated)
AIMP (HKLM\...\AIMP) (Version: v4.60.2161, 28.11.2019 - AIMP DevTeam)
Aktualizace NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 20.1.2397 - AVAST Software)
Balíček ovladače systému Windows - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Balíček ovladače systému Windows - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Balíček ovladače systému Windows - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
ClipGrab 3.8.10 (HKLM\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - The ClipGrab Project)
DEAD OR ALIVE 5 Last Round (HKLM\...\REVBRE9SQUxJVkU1TGFzdFJvdW5k_is1) (Version: 1 - )
FIFA 11 (HKLM\...\{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}) (Version: 1.0.0.0 - Electronic Arts)
Google Chrome (HKLM\...\Google Chrome) (Version: 80.0.3987.162 - Google LLC)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
MassTube 12.9.8.361 (HKLM\...\{622A0A32-9711-43D3-A6F1-B0FC78F1A68A}_is1) (Version: 12.9.8.361 - Havy Alegria)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1134202389-2396285059-191239155-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0010 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Mortal Kombat-Komplete Edition (HKLM\...\Mortal Kombat-Komplete Edition_is1) (Version: 1.0.0.2 - )
Mozilla Firefox 70.0.1 (x86 cs) (HKLM\...\Mozilla Firefox 70.0.1 (x86 cs)) (Version: 70.0.1 - Mozilla)
Mozilla Firefox 74.0 (x86 cs) (HKU\S-1-5-21-1134202389-2396285059-191239155-1001\...\Mozilla Firefox 74.0 (x86 cs)) (Version: 74.0 - Mozilla)
MSVC90_x86 (HKLM\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
Need for Speed(TM) Hot Pursuit (HKLM\...\{83A606F5-BF6F-42ED-9F33-B9F74297CDED}) (Version: 1.0.0.0 - Electronic Arts)
Nero 7 Ultra Edition (HKLM\...\{C6115A28-F277-4E82-B067-84D28BF21029}) (Version: 7.03.1357 - Nero AG)
Nokia Connectivity Cable Driver (HKLM\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia PC Suite (HKLM\...\{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}) (Version: 7.1.180.94 - Nokia) Hidden
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
NVIDIA Ovladač HD audia 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Opera Stable 67.0.3575.97 (HKU\S-1-5-21-1134202389-2396285059-191239155-1001\...\Opera 67.0.3575.97) (Version: 67.0.3575.97 - Opera Software)
Ovládací panel NVIDIA 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 342.01 - NVIDIA Corporation) Hidden
PC Connectivity Solution (HKLM\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
SoftPerfect WiFi Guard version 2.1.2 (HKLM\...\{38AFD787-4D2E-4442-92D2-7739F5F92CF4}_is1) (Version: 2.1.2 - SoftPerfect)
Ultra Street Fighter IV (HKLM\...\VWx0cmFTdHJlZXRGaWdodGVySVY=_is1) (Version: 1 - )
UpdateAssistant (HKLM\...\{A8CB3AA1-4ED7-4E95-BA0A-3DC927739A0E}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
Videoder 1.0.9 (HKLM\...\808fc302-3d01-59ce-8094-e0443a55877e) (Version: 1.0.9 - GlennioTech)

Packages:
=========
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.5.9.0_x86__kgqvnymyfvs32 [2020-02-21] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.164.200.0_x86__kgqvnymyfvs32 [2020-03-21] (king.com)
Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.34.3400.0_x86__ytsefhwckbdv6 [2020-03-27] (G5 Entertainment AB)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-11-27] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.1224.0_x86__8wekyb3d8bbwe [2020-02-29] (Microsoft Studios) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x86__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_3.5.1.0_x86__nfy108tqq3p12 [2020-03-21] (Thumbmunkeys Ltd) [MS Ad]
WiFi Analyzer -> C:\Program Files\WindowsApps\19965MATTHAFNER.WIFIANALYZER_2.5.1.0_x86__gs5k5vmxr2ste [2020-03-04] (Matt Hafner)
WinZip Universal -> C:\Program Files\WindowsApps\WinZipComputing.WinZipUniversal_1.5.13516.0_x86__3ykzqggjzj4z0 [2019-11-27] (WinZip Computing)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1134202389-2396285059-191239155-1001_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-1134202389-2396285059-191239155-1001_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-1134202389-2396285059-191239155-1001_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-1134202389-2396285059-191239155-1001_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-1134202389-2396285059-191239155-1001_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-1134202389-2396285059-191239155-1001_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-1134202389-2396285059-191239155-1001_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-1134202389-2396285059-191239155-1001_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-1134202389-2396285059-191239155-1001_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-1134202389-2396285059-191239155-1001_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-1134202389-2396285059-191239155-1001_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-1134202389-2396285059-191239155-1001_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-1134202389-2396285059-191239155-1001_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-1134202389-2396285059-191239155-1001_Classes\CLSID\{E7629152-0A34-4487-B787-5D1144304455}\localserver32 -> C:\Nainstalovano\Opera\67.0.3575.97\notification_helper.exe (Opera Software AS -> The Chromium Authors)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Nainstalovano\Avast \ashShell.dll [2020-02-26] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Nainstalovano\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Nainstalovano\Avast \ashShell.dll [2020-02-26] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Nainstalovano\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-07-24] (Nero AG -> Nero AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Nainstalovano\winrar\rarext.dll [2013-08-22] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Nainstalovano\Avast \ashShell.dll [2020-02-26] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Nainstalovano\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Nainstalovano\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Nainstalovano\Avast \ashShell.dll [2020-02-26] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Nainstalovano\winrar\rarext.dll [2013-08-22] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\toxic\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2018-04-01 00:06 - 2019-02-21 18:00 - 000050688 _____ (Igor Pavlov) [File not signed] C:\Nainstalovano\7-Zip\7-zip.dll
2003-03-18 21:12 - 2003-03-18 21:12 - 001047552 _____ (Microsoft Corporation) [File not signed] C:\Nainstalovano\Nero 7\Nero BackItUp\MFC71U.DLL
2003-03-19 07:14 - 2003-03-19 07:14 - 000499712 _____ (Microsoft Corporation) [File not signed] C:\Nainstalovano\Nero 7\Nero BackItUp\MSVCP71.dll
2003-02-21 15:42 - 2003-02-21 15:42 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Nainstalovano\Nero 7\Nero BackItUp\MSVCR71.dll
2003-03-19 07:20 - 2003-03-19 07:20 - 001060864 _____ (Microsoft Corporation) [File not signed] C:\Nainstalovano\Nero 7\Nero CoverDesigner\MFC71.DLL
2019-11-29 00:44 - 2019-11-29 00:44 - 000095744 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1\ATL80.DLL
2012-06-26 14:08 - 2012-06-26 14:08 - 000026112 _____ (Nokia) [File not signed] C:\Nainstalovano\Nokia Pc Suite\Nokia PC Suite 7\Lang\PhoneBrowser_eng-us.nlr
2012-06-26 12:57 - 2012-06-26 12:57 - 000918016 _____ (Nokia) [File not signed] C:\Nainstalovano\Nokia Pc Suite\Nokia PC Suite 7\NGSCM.DLL
2012-06-26 14:08 - 2012-06-26 14:08 - 000572928 _____ (Nokia) [File not signed] C:\Nainstalovano\Nokia Pc Suite\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 10:30 - 2016-07-16 10:27 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\NVIDIA Corporation\PhysX\Common;C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1134202389-2396285059-191239155-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B31BED72-3CC1-457A-964B-28B97AAF2CB4}] => (Allow) C:\Nainstalovano\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{683FC3F6-4699-49EC-AF2B-B093D9B930B9}] => (Allow) C:\Nainstalovano\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5BFF3B66-0E39-44D4-8CAD-4617B5B14B6F}] => (Allow) C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\ONENOTE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AE62D462-FE43-4427-BB9C-80FED63DE71D}] => (Allow) C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\ONENOTE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E20AB518-F9F3-4733-B4EB-AEDCB95B5904}] => (Allow) C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GROOVE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D49776E0-C381-47B7-AE8D-F9D3BA5C1E17}] => (Allow) C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GROOVE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{11230171-89DB-4505-A05B-EFB6111DD5AD}] => (Allow) C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{92045936-EC05-4EAF-B6DA-097C4A01F362}] => (Allow) C:\Nainstalovano\UTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{03F7477D-5189-4748-8364-B2CDA98B39C9}] => (Allow) C:\Nainstalovano\UTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{82396DAB-0755-4A8D-B989-8C274C1A9597}] => (Allow) C:\Windows\KMS-R@1n.exe No File
FirewallRules: [{43FE55AC-4C98-4B9D-A5AF-6E4F54F808FE}] => (Allow) C:\Windows\KMS-R@1n.exe No File
FirewallRules: [{65353CFF-4EC8-4F4A-8AD1-7098F594C13E}] => (Allow) D:\Hry\Need for Speed Hot Pursuit\Launcher.exe (Electronic Arts -> Electronic Arts)
FirewallRules: [{4650C396-4E98-4237-9B9E-DCFDCD7DB469}] => (Allow) D:\Hry\Need for Speed Hot Pursuit\Launcher.exe (Electronic Arts -> Electronic Arts)
FirewallRules: [TCP Query User{48834D61-429C-49B1-870D-62DF079D27FB}D:\hry\need for speed hot pursuit\nfs11.exe] => (Allow) D:\hry\need for speed hot pursuit\nfs11.exe (Electronic Arts) [File not signed]
FirewallRules: [UDP Query User{6E95A3C1-F062-4EEB-A903-A6B12DF840AB}D:\hry\need for speed hot pursuit\nfs11.exe] => (Allow) D:\hry\need for speed hot pursuit\nfs11.exe (Electronic Arts) [File not signed]
FirewallRules: [TCP Query User{3EC0C9A7-01AE-49DE-9FAA-5BD7E4F6E6B1}D:\hry\fifa 2011\game\fifa.exe] => (Allow) D:\hry\fifa 2011\game\fifa.exe (Electronic Arts) [File not signed]
FirewallRules: [UDP Query User{97E5ABCF-49CA-4412-B1E9-DB68ADD1269E}D:\hry\fifa 2011\game\fifa.exe] => (Allow) D:\hry\fifa 2011\game\fifa.exe (Electronic Arts) [File not signed]
FirewallRules: [TCP Query User{32D95052-140A-46BF-BA2D-1E49FB499362}D:\hry\mortal kombat-komplete edition\disccontentpc\mkke.exe] => (Allow) D:\hry\mortal kombat-komplete edition\disccontentpc\mkke.exe () [File not signed]
FirewallRules: [UDP Query User{BE95EC90-571B-4006-93A3-7124D00F244B}D:\hry\mortal kombat-komplete edition\disccontentpc\mkke.exe] => (Allow) D:\hry\mortal kombat-komplete edition\disccontentpc\mkke.exe () [File not signed]
FirewallRules: [TCP Query User{DE440A82-6B6A-49A1-8A79-CA15CA30B061}C:\nainstalovano\airdroid\airdroid.exe] => (Allow) C:\nainstalovano\airdroid\airdroid.exe No File
FirewallRules: [UDP Query User{16B7A653-CF60-4006-95D8-68580A92A479}C:\nainstalovano\airdroid\airdroid.exe] => (Allow) C:\nainstalovano\airdroid\airdroid.exe No File
FirewallRules: [TCP Query User{D59F69E8-AF41-4F3E-9627-2C0CD79C802E}C:\nainstalovano\quickfiletransfer\quickfiletransfer.exe] => (Allow) C:\nainstalovano\quickfiletransfer\quickfiletransfer.exe No File
FirewallRules: [UDP Query User{C7014422-E6DD-4DC5-AAFE-3A49A1646758}C:\nainstalovano\quickfiletransfer\quickfiletransfer.exe] => (Allow) C:\nainstalovano\quickfiletransfer\quickfiletransfer.exe No File
FirewallRules: [{A45ED7E3-D1E3-4B11-8963-B12ABF267006}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:97.12 GB) (Free:17.02 GB) (18%)

==================== Faulty Device Manager Devices ============

Name: Winbond CIR Transceiver
Description: Winbond CIR Transceiver
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Winbond Electronics Corporation
Service: winbondcir
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: ========================

Application errors:
==================
Error: (04/01/2020 05:38:17 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3376,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (04/01/2020 05:33:02 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3376,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (04/01/2020 02:37:41 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7116,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (04/01/2020 01:16:01 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6532,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (04/01/2020 12:55:16 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8528,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (04/01/2020 12:39:28 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6792,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (04/01/2020 12:05:22 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7800,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (03/31/2020 10:28:54 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9788,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).


System errors:
=============
Error: (03/28/2020 01:19:04 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3HMT51S)
Description: Server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} se v daném časovém limitu neregistroval u služby DCOM.

Error: (03/28/2020 01:19:04 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3HMT51S)
Description: Server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} se v daném časovém limitu neregistroval u služby DCOM.

Error: (03/27/2020 04:48:39 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (03/27/2020 04:07:13 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (03/27/2020 01:05:14 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (03/24/2020 11:39:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (03/24/2020 07:29:02 PM) (Source: disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR3.

Error: (03/24/2020 03:53:40 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4


Windows Defender:
===================================
Date: 2019-11-29 00:35:25.895
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/AutoKMS
ID: 2147685180
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Windows\KMS-R@1nHook.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: NT AUTHORITY\NETWORK SERVICE
Název procesu: C:\Windows\System32\svchost.exe
Verze bezpečnostních informací: AV: 1.305.3007.0, AS: 1.305.3007.0, NIS: 1.305.3007.0
Verze modulu: AM: 1.1.16500.1, NIS: 1.1.16500.1

Date: 2019-11-29 00:35:22.382
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/AutoKMS
ID: 2147685180
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Windows\KMS-R@1n.exe; file:_C:\Windows\KMS-R@1nHook.exe; imagefileexecoptions:_HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\OSppSvc.exe; imagefileexecoptions:_HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SppExtComObj.exe; process:_pid:4652,ProcessStart:132194575828921540; regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\OSppSvc.exe; regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SppExtComObj.exe; service:_KMS-R@1n
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Windows\System32\svchost.exe
Verze bezpečnostních informací: AV: 1.305.3007.0, AS: 1.305.3007.0, NIS: 1.305.3007.0
Verze modulu: AM: 1.1.16500.1, NIS: 1.1.16500.1

Date: 2019-11-29 00:35:03.034
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/AutoKMS
ID: 2147685180
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Windows\KMS-R@1nHook.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: NT AUTHORITY\NETWORK SERVICE
Název procesu: C:\Windows\System32\svchost.exe
Verze bezpečnostních informací: AV: 1.305.3007.0, AS: 1.305.3007.0, NIS: 1.305.3007.0
Verze modulu: AM: 1.1.16500.1, NIS: 1.1.16500.1

Date: 2019-11-29 00:34:05.240
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/AutoKMS
ID: 2147685180
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Windows\KMS-R@1n.exe; file:_C:\Windows\KMS-R@1nHook.exe; process:_pid:4652,ProcessStart:132194575828921540; service:_KMS-R@1n
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Windows\System32\svchost.exe
Verze bezpečnostních informací: AV: 1.305.3007.0, AS: 1.305.3007.0, NIS: 1.305.3007.0
Verze modulu: AM: 1.1.16500.1, NIS: 1.1.16500.1

Date: 2019-11-29 00:34:03.651
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/AutoKMS
ID: 2147685180
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Windows\KMS-R@1n.exe; file:_C:\Windows\KMS-R@1nHook.exe; process:_pid:4652,ProcessStart:132194575828921540; service:_KMS-R@1n
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.305.3007.0, AS: 1.305.3007.0, NIS: 1.305.3007.0
Verze modulu: AM: 1.1.16500.1, NIS: 1.1.16500.1

Date: 2020-03-02 22:01:29.674
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.305.3007.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16500.1
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2020-03-02 22:01:29.674
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.305.3007.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16500.1
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2020-03-02 22:01:29.673
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.305.3007.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16500.1
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2020-03-02 22:01:29.661
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.305.3007.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16500.1
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2020-03-02 22:01:29.661
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.305.3007.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16500.1
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

CodeIntegrity:
===================================

Date: 2020-04-01 14:21:31.080
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume2\Nainstalovano\Avast \aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-04-01 14:21:31.017
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume2\Nainstalovano\Avast \aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-04-01 14:21:30.951
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume2\Nainstalovano\Avast \aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-04-01 14:21:30.891
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume2\Nainstalovano\Avast \aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-04-01 14:21:29.479
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume2\Nainstalovano\Avast \aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-04-01 00:34:03.786
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Nainstalovano\Avast \aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-04-01 00:34:03.712
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Nainstalovano\Avast \aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-04-01 00:34:03.604
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Nainstalovano\Avast \aswAMSI.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

BIOS: Acer v0.3211 10/17/2008
Motherboard: Acer Makalu
Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz
Percentage of memory in use: 72%
Total physical RAM: 3066.86 MB
Available physical RAM: 851.94 MB
Total Virtual: 7564.09 MB
Available Virtual: 4668.57 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.12 GB) (Free:17.01 GB) NTFS
Drive d: () (Fixed) (Total:368.1 GB) (Free:1.58 GB) NTFS
Drive h: (Elements) (Fixed) (Total:1863.01 GB) (Free:1.46 GB) NTFS

\\?\Volume{95bc2171-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS
\\?\Volume{95bc2171-0000-0000-0000-e04d18000000}\ () (Fixed) (Total:0.44 GB) (Free:0.1 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 95BC2171)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0002F734)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

dj-paja
Návštěvník
Návštěvník
Příspěvky: 412
Registrován: 16 úno 2012 12:30

Re: Instagram hacknutý?

#34 Příspěvek od dj-paja »

ještě bych si dovolil,podotknout k instagramu,kde mám sledují cca 2334 lidí což je nesmysl,já jsem nic nepotvrzoval.Pokud dotyčného/dotyčnou zablokuji,za chvilku je odblokován zpět nevím co stím je to mazec.

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Instagram hacknutý?

#35 Příspěvek od Conder »

Podla tychto logov sa FRST nenachadza na ploche, ale v zlozke "D:\Stažené soubory". Postupuj teda takto:
Otvor Poznamkovy blok
Skopiruj text nizsie a vloz ho do Poznamkoveho bloku
V Poznamkovom bloku klikni na Subor -> Ulozit
Ako nazov suboru napis "fixlist.txt" a subor uloz do zlozky "D:\Stažené soubory"
Nasledne spusti FRST (zo zlozky "D:\Stažené soubory") a klikni na Fix
Pockaj na dokoncenie a potom potvrd restartovanie PC
Po restartovani PC sa v zlozke "D:\Stažené soubory" bude nachadzat subor Fixlog.txt - otvor ho a jeho obsah skopiruj a vloz do dalsej odpovede

Kód: Vybrat vše

Start::
CloseProcesses:
SystemRestore: On
CreateRestorePoint:

File: C:\WINDOWS\yowindow.scr
File: C:\Windows\system32\IoctlSvc.exe
File: C:\Windows\system32\msxml4.dll
File: C:\Nainstalovano\7-Zip\7-zip.dll
File: C:\Nainstalovano\Nero 7\Nero BackItUp\MFC71U.DLL
File: C:\Nainstalovano\Nero 7\Nero BackItUp\MSVCP71.dll
File: C:\Nainstalovano\Nero 7\Nero BackItUp\MSVCR71.dll
File: C:\Nainstalovano\Nero 7\Nero CoverDesigner\MFC71.DLL
File: C:\WINDOWS\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1\ATL80.DLL
File: C:\Nainstalovano\Nokia Pc Suite\Nokia PC Suite 7\NGSCM.DLL

FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {3C3A201C-1DE3-4A93-9E80-24EBF5C2225B} - System32\Tasks\R@1n-KMS\Windows64Core => wmic path SoftwareLicensingProduct where (ID="58e97c99-f377-4ef1-81d5-4ad5522b5fd8") call Activate
FirewallRules: [{82396DAB-0755-4A8D-B989-8C274C1A9597}] => (Allow) C:\Windows\KMS-R@1n.exe No File
FirewallRules: [{43FE55AC-4C98-4B9D-A5AF-6E4F54F808FE}] => (Allow) C:\Windows\KMS-R@1n.exe No File
FirewallRules: [TCP Query User{DE440A82-6B6A-49A1-8A79-CA15CA30B061}C:\nainstalovano\airdroid\airdroid.exe] => (Allow) C:\nainstalovano\airdroid\airdroid.exe No File
FirewallRules: [UDP Query User{16B7A653-CF60-4006-95D8-68580A92A479}C:\nainstalovano\airdroid\airdroid.exe] => (Allow) C:\nainstalovano\airdroid\airdroid.exe No File
FirewallRules: [TCP Query User{D59F69E8-AF41-4F3E-9627-2C0CD79C802E}C:\nainstalovano\quickfiletransfer\quickfiletransfer.exe] => (Allow) C:\nainstalovano\quickfiletransfer\quickfiletransfer.exe No File
FirewallRules: [UDP Query User{C7014422-E6DD-4DC5-AAFE-3A49A1646758}C:\nainstalovano\quickfiletransfer\quickfiletransfer.exe] => (Allow) C:\nainstalovano\quickfiletransfer\quickfiletransfer.exe No File
C:\Windows\KMS-R@1nHook.exe

Hosts:
EmptyTemp:
End::
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

dj-paja
Návštěvník
Návštěvník
Příspěvky: 412
Registrován: 16 úno 2012 12:30

Re: Instagram hacknutý?

#36 Příspěvek od dj-paja »

Na notebooku byla,provedena nová fixace zeptám se program odstranil 2 GB dat muhu někde,zjistit o jaká data či soubory šlo díky,vkládám nový log.

Fix result of Farbar Recovery Scan Tool (x86) Version: 29-03-2020
Ran by toxic (02-04-2020 18:32:58) Run:1
Running from D:\Stažené soubory
Loaded Profiles: toxic (Available Profiles: defaultuser0 & toxic)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CloseProcesses:
SystemRestore: On
CreateRestorePoint:
File: C:\WINDOWS\yowindow.scr
File: C:\Windows\system32\IoctlSvc.exe
File: C:\Windows\system32\msxml4.dll
File: C:\Nainstalovano\7-Zip\7-zip.dll
File: C:\Nainstalovano\Nero 7\Nero BackItUp\MFC71U.DLL
File: C:\Nainstalovano\Nero 7\Nero BackItUp\MSVCP71.dll
File: C:\Nainstalovano\Nero 7\Nero BackItUp\MSVCR71.dll
File: C:\Nainstalovano\Nero 7\Nero CoverDesigner\MFC71.DLL
File: C:\WINDOWS\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1\ATL80.DLL
File: C:\Nainstalovano\Nokia Pc Suite\Nokia PC Suite 7\NGSCM.DLL
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {3C3A201C-1DE3-4A93-9E80-24EBF5C2225B} - System32\Tasks\R@1n-KMS\Windows64Core => wmic path SoftwareLicensingProduct where (ID="58e97c99-f377-4ef1-81d5-4ad5522b5fd8") call Activate
FirewallRules: [{82396DAB-0755-4A8D-B989-8C274C1A9597}] => (Allow) C:\Windows\KMS-R@1n.exe No File
FirewallRules: [{43FE55AC-4C98-4B9D-A5AF-6E4F54F808FE}] => (Allow) C:\Windows\KMS-R@1n.exe No File
FirewallRules: [TCP Query User{DE440A82-6B6A-49A1-8A79-CA15CA30B061}C:\nainstalovano\airdroid\airdroid.exe] => (Allow) C:\nainstalovano\airdroid\airdroid.exe No File
FirewallRules: [UDP Query User{16B7A653-CF60-4006-95D8-68580A92A479}C:\nainstalovano\airdroid\airdroid.exe] => (Allow) C:\nainstalovano\airdroid\airdroid.exe No File
FirewallRules: [TCP Query User{D59F69E8-AF41-4F3E-9627-2C0CD79C802E}C:\nainstalovano\quickfiletransfer\quickfiletransfer.exe] => (Allow) C:\nainstalovano\quickfiletransfer\quickfiletransfer.exe No File
FirewallRules: [UDP Query User{C7014422-E6DD-4DC5-AAFE-3A49A1646758}C:\nainstalovano\quickfiletransfer\quickfiletransfer.exe] => (Allow) C:\nainstalovano\quickfiletransfer\quickfiletransfer.exe No File
C:\Windows\KMS-R@1nHook.exe
Hosts:
EmptyTemp:

*****************

Processes closed successfully.
SystemRestore: On => completed
Restore point was successfully created.

========================= File: C:\WINDOWS\yowindow.scr ========================

"C:\WINDOWS\yowindow.scr" => not found
====== End of File: ======


========================= File: C:\Windows\system32\IoctlSvc.exe ========================

C:\Windows\system32\IoctlSvc.exe
File not signed
MD5: 875E4E0661F3A5994DF9E5E3A0A4F96B
Creation and modification date: 2006-12-19 10:30 - 2006-12-19 10:30
Size: 000081920
Attributes: ----A
Company Name: Prolific Technology Inc.
Internal Name: IoctlSvc
Original Name: IoctlSvc.exe
Product: IoctlSvc Application
Description: PLFlash DeviceIoControl Service
File Version: 1, 6, 0, 0
Product Version: 1, 6, 0, 0
Copyright: Copyright (C) 2006 Prolific Technology Inc.
VirusTotal: https://www.virustotal.com/file/7198c02 ... 578477502/

====== End of File: ======


========================= File: C:\Windows\system32\msxml4.dll ========================

C:\Windows\system32\msxml4.dll
File not signed
MD5: 44E45BD9327ABC0540593E809B32F3CA
Creation and modification date: 2003-04-18 17:46 - 2003-04-18 17:46
Size: 001233920
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: MSXML4.dll
Original Name: MSXML4.dll
Product: Microsoft(R) MSXML 4.0 SP 2
Description: MSXML 4.0 SP 2
File Version: 4.20.9818.0
Product Version: 4.20.9818.0
Copyright: Copyright (C) Microsoft Corporation. 1981-2002
VirusTotal: https://www.virustotal.com/file/9808f05 ... 585103309/

====== End of File: ======


========================= File: C:\Nainstalovano\7-Zip\7-zip.dll ========================

C:\Nainstalovano\7-Zip\7-zip.dll
File not signed
MD5: B00572D1CB3A88B71EBA6B7E603E9E50
Creation and modification date: 2018-04-01 00:06 - 2019-02-21 18:00
Size: 000050688
Attributes: ----A
Company Name: Igor Pavlov
Internal Name: 7-zip
Original Name: 7-zip.dll
Product: 7-Zip
Description: 7-Zip Shell Extension
File Version: 19.00
Product Version: 19.00
Copyright: Copyright (c) 1999-2018 Igor Pavlov
VirusTotal: https://www.virustotal.com/file/68fd28a ... 585350569/

====== End of File: ======


========================= File: C:\Nainstalovano\Nero 7\Nero BackItUp\MFC71U.DLL ========================

C:\Nainstalovano\Nero 7\Nero BackItUp\MFC71U.DLL
File not signed
MD5: 7B93C623333F121DC9E689CCB1B7A733
Creation and modification date: 2003-03-18 21:12 - 2003-03-18 21:12
Size: 001047552
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: MFC71U.DLL
Original Name: MFC71U.DLL
Product: Microsoft® Visual Studio .NET
Description: MFCDLL Shared Library - Retail Version
File Version: 7.10.3077.0
Product Version: 7.10.3077.0
Copyright: © Microsoft Corporation. All rights reserved.
VirusTotal: https://www.virustotal.com/file/0c58f68 ... 585667930/

====== End of File: ======


========================= File: C:\Nainstalovano\Nero 7\Nero BackItUp\MSVCP71.dll ========================

C:\Nainstalovano\Nero 7\Nero BackItUp\MSVCP71.dll
File not signed
MD5: 561FA2ABB31DFA8FAB762145F81667C2
Creation and modification date: 2003-03-19 07:14 - 2003-03-19 07:14
Size: 000499712
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: MSVCP71.DLL
Original Name: MSVCP71.DLL
Product: Microsoft® Visual Studio .NET
Description: Microsoft® C++ Runtime Library
File Version: 7.10.3077.0
Product Version: 7.10.3077.0
Copyright: © Microsoft Corporation. All rights reserved.
VirusTotal: 0

====== End of File: ======


========================= File: C:\Nainstalovano\Nero 7\Nero BackItUp\MSVCR71.dll ========================

C:\Nainstalovano\Nero 7\Nero BackItUp\MSVCR71.dll
File not signed
MD5: 86F1895AE8C5E8B17D99ECE768A70732
Creation and modification date: 2003-02-21 15:42 - 2003-02-21 15:42
Size: 000348160
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: MSVCR71.DLL
Original Name: MSVCR71.DLL
Product: Microsoft® Visual Studio .NET
Description: Microsoft® C Runtime Library
File Version: 7.10.3052.4
Product Version: 7.10.3052.4
Copyright: © Microsoft Corporation. All rights reserved.
VirusTotal: 0

====== End of File: ======


========================= File: C:\Nainstalovano\Nero 7\Nero CoverDesigner\MFC71.DLL ========================

C:\Nainstalovano\Nero 7\Nero CoverDesigner\MFC71.DLL
File not signed
MD5: F35A584E947A5B401FEB0FE01DB4A0D7
Creation and modification date: 2003-03-19 07:20 - 2003-03-19 07:20
Size: 001060864
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: MFC71.DLL
Original Name: MFC71.DLL
Product: Microsoft® Visual Studio .NET
Description: MFCDLL Shared Library - Retail Version
File Version: 7.10.3077.0
Product Version: 7.10.3077.0
Copyright: © Microsoft Corporation. All rights reserved.
VirusTotal: 0

====== End of File: ======


========================= File: C:\WINDOWS\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1\ATL80.DLL ========================

C:\WINDOWS\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1\ATL80.DLL
File not signed
MD5: 16B206229B2A348C8BCD8B5A6102A979
Creation and modification date: 2019-11-29 00:44 - 2019-11-29 00:44
Size: 000095744
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: ATL80.DLL
Original Name: ATL80.DLL
Product: Microsoft® Visual Studio® 2005
Description: ATL Module for Windows (Unicode)
File Version: 8.00.50727.42
Product Version: 8.00.50727.42
Copyright: © Microsoft Corporation. All rights reserved.
VirusTotal: 0

====== End of File: ======


========================= File: C:\Nainstalovano\Nokia Pc Suite\Nokia PC Suite 7\NGSCM.DLL ========================

C:\Nainstalovano\Nokia Pc Suite\Nokia PC Suite 7\NGSCM.DLL
File not signed
MD5: 570A2F439709B4A3A70FAD059F1BBF75
Creation and modification date: 2012-06-26 12:57 - 2012-06-26 12:57
Size: 000918016
Attributes: ----A
Company Name: Nokia
Internal Name: NGSCM
Original Name: NGSCM.dll
Product: Next Gen Suite Common Modules
Description: Next Gen Suite Common Modules
File Version: 7,1,180,94
Product Version: 7,1
Copyright: Copyright © 2000-2011 Nokia. All Rights Reserved.
VirusTotal: 0

====== End of File: ======

HKLM\SOFTWARE\Policies\Mozilla => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C3A201C-1DE3-4A93-9E80-24EBF5C2225B}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C3A201C-1DE3-4A93-9E80-24EBF5C2225B}" => removed successfully.
C:\Windows\System32\Tasks\R@1n-KMS\Windows64Core => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS\Windows64Core" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{82396DAB-0755-4A8D-B989-8C274C1A9597}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{43FE55AC-4C98-4B9D-A5AF-6E4F54F808FE}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DE440A82-6B6A-49A1-8A79-CA15CA30B061}C:\nainstalovano\airdroid\airdroid.exe" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{16B7A653-CF60-4006-95D8-68580A92A479}C:\nainstalovano\airdroid\airdroid.exe" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D59F69E8-AF41-4F3E-9627-2C0CD79C802E}C:\nainstalovano\quickfiletransfer\quickfiletransfer.exe" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C7014422-E6DD-4DC5-AAFE-3A49A1646758}C:\nainstalovano\quickfiletransfer\quickfiletransfer.exe" => removed successfully.
"C:\Windows\KMS-R@1nHook.exe" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8937472 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 195410492 B
Java, Flash, Steam htmlcache => 1332 B
Windows/system/drivers => 2071256 B
Edge => 2109311 B
Chrome => 406236910 B
Firefox => 994943947 B
Opera => 11209116 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
LocalService => 138260 B
NetworkService => 153146 B
defaultuser0 => 160314 B
toxic => 218718261 B

RecycleBin => 0 B
EmptyTemp: => 1.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:43:35 ====

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Instagram hacknutý?

#37 Příspěvek od Conder »

Islo o v podstate iba o zbytocnosti ako docasne subory, vyrovnavaciu pamat (cache) a podobne, hlavne z prehliadacov.

PC vyzera podla logov cisty.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

dj-paja
Návštěvník
Návštěvník
Příspěvky: 412
Registrován: 16 úno 2012 12:30

Re: Instagram hacknutý?

#38 Příspěvek od dj-paja »

v Pořádku zeptám se tedy co mám dělat s tím instagramem,jak tu zde píší ohledně odstranění sledujících děkuji.

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Instagram hacknutý?

#39 Příspěvek od Conder »

Bohuzial, s tym velmi neviem poradit. Odstranenie sledovanych uctov na Instagrame zrejme nejde urobit hromadne. Co sa tyka tych 3000 ludi, jedna sa naozaj o ucty, ktore sledujes ty (Sleduji / Following) a nie o ucty, ktore sleduju teba (Sledující / Followers)?

Kazdopadne ak si este neurobil, urcite odporucam zmenit heslo a zapnut dvojfaktorovu autentiazaciu (ako spominal kolega altrok).
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

jotanran
Návštěvník
Návštěvník
Příspěvky: 1
Registrován: 16 čer 2020 18:08

Re: Instagram hacknutý?

#40 Příspěvek od jotanran »

Totéž se mi stalo, potřebuji pomoc se svým instagramem, aby ho turisté nedosáhli

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Instagram hacknutý?

#41 Příspěvek od Conder »

jotanran píše: 16 čer 2020 18:42 Totéž se mi stalo, potřebuji pomoc se svým instagramem, aby ho turisté nedosáhli
Prosim, zaloz si vlastnu temu a popis blizsie, s cim potrebujes pomoct. Ak mas podozrenie na malware v PC alebo chces skontrolovat logy a vycistit PC, napis do Řešení problémů, logy.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Odpovědět