Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Problém s notebookem

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
solaris104
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 21 dub 2011 08:06

Problém s notebookem

#1 Příspěvek od solaris104 »

Syn má problém s notebookem, otevírají se mu tam reklamy. Prosím o kontrolu logů. Omlouvám, se dal jsem to do špatného vlákna :-).
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by luky2 (administrator) on DESKTOP-58PCG34 (04-04-2019 16:16:31)
Running from C:\Users\luky2\Downloads
Loaded Profiles: luky2 (Available Profiles: luky2)
Platform: Windows 10 Home Version 1803 17134.648 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124757.inf_amd64_b607c305e0c4e0a1\igfxCUIService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124757.inf_amd64_b607c305e0c4e0a1\IntelCpHDCPSvc.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(RemoteMyApp sp. z o.o. -> RemoteMyApp sp. z o.o.) C:\Program Files (x86)\Remotr\RemotrService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MsMpEng.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124757.inf_amd64_b607c305e0c4e0a1\IntelCpHeciSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\NisSrv.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124757.inf_amd64_b607c305e0c4e0a1\igfxEM.exe
(RemoteMyApp sp. z o.o. -> RemoteMyApp sp. z o.o.) C:\Program Files (x86)\Remotr\RemotrServer.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
( ) [File not signed] C:\Users\luky2\AppData\Local\Temp\is-NH2E4.tmp\ClubZef.exe
() [File not signed] C:\Users\luky2\AppData\Local\Temp\is-6MSPJ.tmp\ClubZef.tmp
() [File not signed] C:\Program Files (x86)\Multitimer\Multitimer.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19021.10411.0_x64__8wekyb3d8bbwe\Video.UI.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19011.19410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(MICROLEAVES LTD -> ) C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
(MICROLEAVES LTD -> ) C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
(MICROLEAVES LTD -> ) C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
(MICROLEAVES LTD -> ) C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
(MICROLEAVES LTD -> ) C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
(MICROLEAVES LTD -> ) C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Ghisler Software GmbH -> Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD64.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9279328 2018-09-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Multitimer] => C:\Program Files (x86)\Multitimer\Multitimer.exe [281600 2017-12-12] () [File not signed] <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-89336185-1752920803-2482885247-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35179920 2019-03-29] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-89336185-1752920803-2482885247-1001\...\Run: [4300929] => C:\Users\luky2\AppData\Local\Temp\is-NH2E4.tmp\ClubZef.exe [945943 2019-04-01] ( ) [File not signed] <==== ATTENTION
HKU\S-1-5-21-89336185-1752920803-2482885247-1001\...\MountPoints2: {0fc0f702-5a9d-11e8-87e7-9061ae6a387a} - "E:\HiSuiteDownLoader.exe"
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.86\Installer\chrmstp.exe [2019-03-26] (Google LLC -> Google Inc.)
AppInit_DLLs: C:\ProgramData\Quoteex\DomCof.dll => No File
AppInit_DLLs-x32: C:\ProgramData\Quoteex\Toptone.dll => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{40c12641-82a7-4d24-9b43-bdf57d0cf09f}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-89336185-1752920803-2482885247-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Wtk_W1S58UI_SXgu_BqB8jypWdpG5QjtayozQyXWxOPWfkjGwVfJcLkdhgE9xKvPxah6d4GcMKSAUalBwt1HoWmSE1m9y09s7hZwizjHE6u9GQi1cuZzwiE97pWIBYEbbMz0gFmi6_vPyPXLrnfcKub02z0MX0A&q={searchTerms}
HKU\S-1-5-21-89336185-1752920803-2482885247-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Wtk_W1S58UI_SXgu_BqB8jypWdpG5QjtayozQyXWxOPWfkjGwVfJcLkdhgE9xKvPxatiLh75JxcgUuJeI1OejHC057Qq58M2rGpg2eUZR9kMZwXoPR2XFOGhmJs4kJbD1dsA7u8g06GPFH32gjSHTwfDvF8CTDg
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Wtk_W1S58UI_SXgu_BqB8jypWdpG5QjtayozQyXWxOPWfkjGwVfJcLkdhgE9xKvPxah6d4GcMKSAUalBwt1HoWmSE1m9y09s7hZwizjHE6u9GQi1cuZzwiE97pWIBYEbbMz0gFmi6_vPyPXLrnfcKub02z0MX0A&q={searchTerms}
SearchScopes: HKU\S-1-5-21-89336185-1752920803-2482885247-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Wtk_W1S58UI_SXgu_BqB8jypWdpG5QjtayozQyXWxOPWfkjGwVfJcLkdhgE9xKvPxah6d4GcMKSAUalBwt1HoWmSE1m9y09s7hZwizjHE6u9GQi1cuZzwiE97pWIBYEbbMz0gFmi6_vPyPXLrnfcKub02z0MX0A&q={searchTerms}
SearchScopes: HKU\S-1-5-21-89336185-1752920803-2482885247-1001 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = hxxp://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10420__181014&q={searchTerms}
SearchScopes: HKU\S-1-5-21-89336185-1752920803-2482885247-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Wtk_W1S58UI_SXgu_BqB8jypWdpG5QjtayozQyXWxOPWfkjGwVfJcLkdhgE9xKvPxah6d4GcMKSAUalBwt1HoWmSE1m9y09s7hZwizjHE6u9GQi1cuZzwiE97pWIBYEbbMz0gFmi6_vPyPXLrnfcKub02z0MX0A&q={searchTerms}

FireFox:
========
FF DefaultProfile: rbzy94k7.default-1537610630674
FF ProfilePath: C:\Users\luky2\AppData\Roaming\Mozilla\Firefox\Profiles\rbzy94k7.default-1537610630674 [2019-04-04]
FF NewTab: Mozilla\Firefox\Profiles\rbzy94k7.default-1537610630674 -> file:///C:/ProgramData/Quoteexs/ff.NT
FF HomepageOverride: Mozilla\Firefox\Profiles\rbzy94k7.default-1537610630674 -> Disabled: _1gMembers_@www.inboxace.com
FF HomepageOverride: Mozilla\Firefox\Profiles\rbzy94k7.default-1537610630674 -> Disabled: _65Members_@download.fromdoctopdf.com
FF NewTabOverride: Mozilla\Firefox\Profiles\rbzy94k7.default-1537610630674 -> Disabled: _1gMembers_@www.inboxace.com
FF NewTabOverride: Mozilla\Firefox\Profiles\rbzy94k7.default-1537610630674 -> Disabled: _65Members_@download.fromdoctopdf.com
FF NewTabOverride: Mozilla\Firefox\Profiles\rbzy94k7.default-1537610630674 -> Enabled: _j5Members_@ext.ask.com
FF Extension: (InboxAce) - C:\Users\luky2\AppData\Roaming\Mozilla\Firefox\Profiles\rbzy94k7.default-1537610630674\Extensions\_1gMembers_@www.inboxace.com.xpi [2018-12-20] [UpdateUrl:hxxps:\/\/updates.tb.ask.com\/updateXpi.json?id=100000448&version=8.885.14.38124&track=TTAB02&trackRevision=1&fromId=_1gMembers_%40www.inboxace.com&isBridgeExtension=false]
FF Extension: (FromDocToPDF) - C:\Users\luky2\AppData\Roaming\Mozilla\Firefox\Profiles\rbzy94k7.default-1537610630674\Extensions\_65Members_@download.fromdoctopdf.com.xpi [2019-03-07] [UpdateUrl:hxxps:\/\/updates.tb.ask.com\/updateXpi.json?id=207743773&version=8.885.14.58114&track=TTAB02&trackRevision=1&fromId=_65Members_%40download.fromdoctopdf.com&isBridgeExtension=false]
FF Extension: (Search Extension by Ask) - C:\Users\luky2\AppData\Roaming\Mozilla\Firefox\Profiles\rbzy94k7.default-1537610630674\Extensions\_j5Members_@ext.ask.com.xpi [2019-01-31] [UpdateUrl:hxxps:\/\/updates.tb.ask.com\/updateXpi.json?id=232530392&version=50.217.14.46628&track=TTAB02&trackRevision=1&fromId=_j5Members_%40ext.ask.com&isBridgeExtension=false]
FF Extension: (GoMovies) - C:\Users\luky2\AppData\Roaming\Mozilla\Firefox\Profiles\rbzy94k7.default-1537610630674\Extensions\{7ff51e81-f4b1-4682-9f45-43a771d80748}.xpi [2018-10-22]
FF Extension: (No Name) - C:\Users\luky2\AppData\Roaming\Mozilla\Firefox\Profiles\rbzy94k7.default-1537610630674\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-04-04]
FF SearchPlugin: C:\Users\luky2\AppData\Roaming\Mozilla\Firefox\Profiles\rbzy94k7.default-1537610630674\searchplugins\securesearch.xml [2018-10-14]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Wtk_W1S58UI_SXgu_BqB8jypWdpG5QjtayozQyXWxOPWfkjGwVfJcLkdhgE9xKvPxah8qfDMPv-kBfwNYrRg0ylnWV_yic4k6J6r937xa6fK-tixResSNpaN5zDjEPkPS0mXco-Y9konis69vC7gW7RAjNjwn5x
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/","hxxp://www.google.com/"
CHR NewTab: Default -> Active:"chrome-extension://lebfnajechalpbihdkadmgikpigidnlh/start/index.html", Active:"chrome-extension://iiomiohchifbhgllmilekghfgncdceni/index.html", Active:"chrome-extension://cpfeiadabjbeeceklgnhgidkenddajog/newtabproduct.html"
CHR DefaultSearchURL: Default -> hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Wtk_W1S58UI_SXgu_BqB8jypWdpG5QjtayozQyXWxOPWfkjGwVfJcLkdhgE9xKvPxah_rnpXqPdYa_aasHa5DOk2QesusHNUxVG99fWVxT_yEe8VC_-dt9JkRFwwYKOpa__EtUDHu7mz4K-nLNb7Uy8KG-ukccx&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR Profile: C:\Users\luky2\AppData\Local\Google\Chrome\User Data\Default [2019-04-03]
CHR Extension: (Prezentace) - C:\Users\luky2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-30]
CHR Extension: (Dokumenty) - C:\Users\luky2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-30]
CHR Extension: (Disk Google) - C:\Users\luky2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-30]
CHR Extension: (Incredi Search) - C:\Users\luky2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bampcglfdicmjdplmgokdoainihncljk [2018-06-01]
CHR Extension: (YouTube) - C:\Users\luky2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-30]
CHR Extension: (Incredi Search Plus) - C:\Users\luky2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cddjbfnipggobbnegllagigpknibckfg [2018-06-17]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\luky2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-03-23]
CHR Extension: (EverydayLookup) - C:\Users\luky2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfeiadabjbeeceklgnhgidkenddajog [2019-03-23]
CHR Extension: (MySportTab) - C:\Users\luky2\AppData\Local\Google\Chrome\User Data\Default\Extensions\eddinkenclkhbfppfphhjpghnppmigij [2019-03-18]
CHR Extension: (MySearch) - C:\Users\luky2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcbbjhgjjpgffmhhldiocphgfhclcnoj [2018-10-21]
CHR Extension: (Tabulky) - C:\Users\luky2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-30]
CHR Extension: (Dokumenty Google offline) - C:\Users\luky2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
CHR Extension: (App Start) - C:\Users\luky2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiomiohchifbhgllmilekghfgncdceni [2018-08-12]
CHR Extension: (Bazz Search) - C:\Users\luky2\AppData\Local\Google\Chrome\User Data\Default\Extensions\inafjghmmkmiobijhbgkfekenbfbklhb [2019-04-03]
CHR Extension: (CS GO - Counter Strike Online HD Wallpapers) - C:\Users\luky2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lebfnajechalpbihdkadmgikpigidnlh [2019-01-06]
CHR Extension: (Ask Web Search) - C:\Users\luky2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgfehfbnofiffladdncogfobimealokp [2019-03-18]
CHR Extension: (FromDocToPDF) - C:\Users\luky2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2019-02-21]
CHR Extension: (Incredi Start) - C:\Users\luky2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbhikldancfcapdfmlhmjocggacpkfef [2018-06-01]
CHR Extension: (App Search) - C:\Users\luky2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mddiihmhihkeooidcjnbjdoppoaebkmf [2018-08-12]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\luky2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\luky2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-30]
CHR Extension: (Chrome Media Router) - C:\Users\luky2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-28]
CHR Profile: C:\Users\luky2\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-04-02]
CHR Profile: C:\Users\luky2\AppData\Local\Google\Chrome\User Data\System Profile [2019-04-02]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8473200 2019-03-27] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-03-25] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2218552 2017-01-12] (Intel Corporation -> Intel Corporation)
R2 ibtsiva; C:\WINDOWS\System32\ibtsiva.exe [541896 2018-07-06] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
S2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe [204128 2018-08-24] (Microsoft Windows Hardware Compatibility Publisher -> Intel)
R2 Remotr Service; C:\Program Files (x86)\Remotr\RemotrService.exe [207480 2017-02-27] (RemoteMyApp sp. z o.o. -> RemoteMyApp sp. z o.o.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [268128 2018-09-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-02-22] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-02-22] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [67976 2017-03-31] (Intel Corporation -> Intel Corporation)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-10-25] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-10-25] (Disc Soft Ltd -> Disc Soft Ltd)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [355208 2017-01-12] (Intel Corporation -> Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [199192 2018-05-11] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8623128 2018-04-04] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-12] (Microsoft Windows -> Realtek )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-02-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [333792 2019-02-22] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62432 2019-02-22] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35568 2018-08-31] (HP Inc. -> HP)
S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-04 16:16 - 2019-04-04 16:17 - 000020110 _____ C:\Users\luky2\Downloads\FRST.txt
2019-04-04 16:16 - 2019-04-04 16:16 - 000000000 ____D C:\FRST
2019-04-04 16:15 - 2019-04-04 16:15 - 002434048 _____ (Farbar) C:\Users\luky2\Downloads\FRST64.exe
2019-04-04 16:11 - 2019-04-04 16:11 - 007657592 _____ (ESET spol. s r.o.) C:\Users\luky2\Downloads\esetonlinescanner_enu.exe
2019-04-04 16:06 - 2019-04-04 16:06 - 000003334 _____ C:\WINDOWS\System32\Tasks\psv_SailTanfax
2019-04-04 15:40 - 2019-04-04 15:40 - 000003318 _____ C:\WINDOWS\System32\Tasks\psv_Konkcore
2019-04-04 15:40 - 2019-04-04 15:40 - 000003296 _____ C:\WINDOWS\System32\Tasks\snf
2019-04-04 15:37 - 2019-04-04 15:37 - 000003330 _____ C:\WINDOWS\System32\Tasks\psv_Lab-Light
2019-04-02 15:17 - 2019-04-02 15:17 - 000000000 ____D C:\Program Files (x86)\Multitimer
2019-04-02 15:16 - 2019-04-04 16:06 - 000722944 _____ C:\Users\luky2\AppData\Local\sha.db
2019-04-02 15:16 - 2019-04-04 15:40 - 000003714 _____ C:\WINDOWS\System32\Tasks\snp
2019-04-02 15:16 - 2019-04-04 15:36 - 000015606 _____ C:\WINDOWS\SysWOW64\findit.xml
2019-04-02 15:16 - 2019-04-02 17:34 - 000000000 ____D C:\Program Files (x86)\Lets
2019-04-02 15:16 - 2019-04-02 15:18 - 000000000 ____D C:\ProgramData\Logic Cramble
2019-04-02 15:16 - 2019-04-02 15:16 - 007901696 _____ C:\Users\luky2\AppData\Local\agent.dat
2019-04-02 15:16 - 2019-04-02 15:16 - 002035759 _____ C:\Users\luky2\AppData\Local\Bluefincom.tst
2019-04-02 15:16 - 2019-04-02 15:16 - 001895383 _____ C:\Users\luky2\AppData\Local\OverKix.bin
2019-04-02 15:16 - 2019-04-02 15:16 - 000140800 _____ C:\Users\luky2\AppData\Local\installer.dat
2019-04-02 15:16 - 2019-04-02 15:16 - 000126464 _____ C:\Users\luky2\AppData\Local\noah.dat
2019-04-02 15:16 - 2019-04-02 15:16 - 000070992 _____ C:\Users\luky2\AppData\Local\Config.xml
2019-04-02 15:16 - 2019-04-02 15:16 - 000018432 _____ C:\Users\luky2\AppData\Local\Main.dat
2019-04-02 15:16 - 2019-04-02 15:16 - 000016416 _____ C:\Users\luky2\AppData\Local\InstallationConfiguration.xml
2019-04-02 15:16 - 2019-04-02 15:16 - 000005568 _____ C:\Users\luky2\AppData\Local\md.xml
2019-04-02 15:16 - 2019-04-02 15:15 - 001632256 _____ (TODO: <Company name>) C:\Users\luky2\AppData\Local\Trio-Tip.exe
2019-04-02 15:16 - 2019-04-02 15:15 - 001632256 _____ (TODO: <Company name>) C:\Users\luky2\AppData\Local\Bluefincom.exe
2019-04-02 15:15 - 2019-04-03 16:55 - 000000414 _____ C:\WINDOWS\Tasks\Updater_Online_Application.job
2019-04-02 15:15 - 2019-04-03 16:55 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G6.job
2019-04-02 15:15 - 2019-04-03 16:55 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G5.job
2019-04-02 15:15 - 2019-04-03 16:55 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G4.job
2019-04-02 15:15 - 2019-04-03 16:55 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G3.job
2019-04-02 15:15 - 2019-04-03 16:55 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G2.job
2019-04-02 15:15 - 2019-04-03 16:55 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G1.job
2019-04-02 15:15 - 2019-04-02 15:15 - 000003308 _____ C:\WINDOWS\System32\Tasks\Updater_Online_Application
2019-04-02 15:15 - 2019-04-02 15:15 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G6
2019-04-02 15:15 - 2019-04-02 15:15 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G5
2019-04-02 15:15 - 2019-04-02 15:15 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G4
2019-04-02 15:15 - 2019-04-02 15:15 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G3
2019-04-02 15:15 - 2019-04-02 15:15 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G2
2019-04-02 15:15 - 2019-04-02 15:15 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G1
2019-04-02 15:15 - 2019-04-02 15:15 - 000000000 ____D C:\Users\luky2\AppData\Roaming\Microleaves
2019-04-02 15:15 - 2019-04-02 15:15 - 000000000 ____D C:\Users\luky2\AppData\Local\AdvinstAnalytics
2019-04-02 15:15 - 2019-04-02 15:15 - 000000000 ____D C:\Program Files (x86)\Microleaves
2019-03-28 16:36 - 2019-03-28 16:36 - 000000000 ____D C:\Users\luky2\AppData\Roaming\apw
2019-03-25 17:18 - 2019-03-25 17:18 - 000000000 ____D C:\Program Files (x86)\Christmas Shopper Simulator
2019-03-25 17:16 - 2019-03-25 17:20 - 277664256 _____ C:\Users\luky2\Downloads\ChristmasShopperSimulator_v1.0(1).msi
2019-03-25 17:15 - 2019-03-29 18:30 - 000000000 ____D C:\Users\luky2\Desktop\Games
2019-03-25 17:12 - 2019-03-25 17:15 - 277664256 _____ C:\Users\luky2\Downloads\ChristmasShopperSimulator_v1.0.msi
2019-03-25 17:07 - 2019-03-25 17:07 - 000000000 ____D C:\Users\luky2\AppData\Local\Darwin
2019-03-25 11:38 - 2019-03-25 11:38 - 000000000 ____D C:\Users\luky2\AppData\LocalLow\Mana Potion Studios
2019-03-24 20:01 - 2019-03-24 19:40 - 000000000 _____ C:\Users\luky2\Downloads\Gmod.rar
2019-03-22 18:32 - 2019-03-22 18:32 - 000000000 ____D C:\Users\luky2\AppData\LocalLow\Night School Studio
2019-03-13 17:33 - 2019-03-06 17:37 - 001616608 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-03-13 17:33 - 2019-03-06 17:14 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-03-13 17:33 - 2019-03-06 17:14 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-03-13 17:33 - 2019-03-06 17:13 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-03-13 17:33 - 2019-03-06 14:05 - 004054016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-03-13 17:33 - 2019-03-06 14:04 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-03-13 17:33 - 2019-03-06 11:29 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-03-13 17:33 - 2019-03-06 11:16 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-03-13 17:33 - 2019-03-06 11:16 - 001188000 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2019-03-13 17:33 - 2019-03-06 11:03 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-03-13 17:33 - 2019-03-06 11:03 - 002719544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-03-13 17:33 - 2019-03-06 11:03 - 000375608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2019-03-13 17:33 - 2019-03-06 10:44 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-03-13 17:33 - 2019-03-06 10:32 - 003399168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-03-13 17:33 - 2019-03-06 10:32 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-03-13 17:33 - 2019-03-06 10:31 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-03-13 17:33 - 2019-03-06 10:31 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-03-13 17:33 - 2019-03-06 10:29 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-03-13 17:33 - 2019-03-06 10:29 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-03-13 17:33 - 2019-03-06 10:29 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-03-13 17:33 - 2019-03-06 10:27 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-03-13 17:33 - 2019-03-06 10:27 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-03-13 17:33 - 2019-03-06 10:27 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-03-13 17:33 - 2019-03-06 08:14 - 006568528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-03-13 17:33 - 2019-03-06 08:14 - 000785568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2019-03-13 17:33 - 2019-02-16 15:02 - 002871304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-03-13 17:33 - 2019-02-16 14:57 - 001048472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-03-13 17:33 - 2019-02-16 14:56 - 000549520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2019-03-13 17:33 - 2019-02-16 14:53 - 001516416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-03-13 17:33 - 2019-02-16 14:34 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-03-13 17:33 - 2019-02-16 14:34 - 001725952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2019-03-13 17:33 - 2019-02-16 14:34 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2019-03-13 17:33 - 2019-02-16 14:32 - 003646976 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-03-13 17:33 - 2019-02-16 14:30 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-03-13 17:33 - 2019-02-16 14:24 - 000444176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2019-03-13 17:33 - 2019-02-16 14:22 - 001322176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-03-13 17:33 - 2019-02-16 14:08 - 000373760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2019-03-13 17:33 - 2019-02-16 14:06 - 002890752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-03-13 17:33 - 2019-02-16 14:06 - 001530880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2019-03-13 17:33 - 2019-02-16 12:24 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-03-13 17:33 - 2019-02-16 12:22 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-03-13 17:33 - 2019-02-16 10:03 - 007901392 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2019-03-13 17:33 - 2019-02-16 10:03 - 005625360 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-03-13 17:33 - 2019-02-16 10:03 - 000510288 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-03-13 17:33 - 2019-02-16 10:02 - 005821440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2019-03-13 17:33 - 2019-02-16 10:02 - 001792712 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2019-03-13 17:33 - 2019-02-16 10:02 - 000705848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-03-13 17:33 - 2019-02-16 10:01 - 001285424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-03-13 17:33 - 2019-02-16 10:01 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-03-13 17:33 - 2019-02-16 10:01 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-03-13 17:33 - 2019-02-16 10:01 - 001028920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-03-13 17:33 - 2019-02-16 10:01 - 000735464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-03-13 17:33 - 2019-02-16 10:01 - 000594024 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-03-13 17:33 - 2019-02-16 09:53 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-03-13 17:33 - 2019-02-16 09:51 - 001584536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2019-03-13 17:33 - 2019-02-16 09:50 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-03-13 17:33 - 2019-02-16 09:50 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-03-13 17:33 - 2019-02-16 09:50 - 000560384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-03-13 17:33 - 2019-02-16 09:37 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2019-03-13 17:33 - 2019-02-16 09:36 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2019-03-13 17:33 - 2019-02-16 09:35 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-03-13 17:33 - 2019-02-16 09:35 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-03-13 17:33 - 2019-02-16 09:34 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2019-03-13 17:33 - 2019-02-16 09:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-03-13 17:33 - 2019-02-16 09:33 - 006646784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2019-03-13 17:33 - 2019-02-16 09:33 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-03-13 17:33 - 2019-02-16 09:33 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-03-13 17:33 - 2019-02-16 09:32 - 002969088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-03-13 17:33 - 2019-02-16 09:31 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2019-03-13 17:33 - 2019-02-16 09:31 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2019-03-13 17:33 - 2019-02-16 09:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2019-03-13 17:33 - 2019-02-16 09:30 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2019-03-13 17:33 - 2019-02-16 09:30 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2019-03-13 17:33 - 2019-02-16 09:30 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2019-03-13 17:33 - 2019-02-16 09:29 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-03-13 17:33 - 2019-02-16 09:29 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-03-13 17:33 - 2019-02-16 09:28 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2019-03-13 17:33 - 2019-02-16 09:28 - 002585600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-03-13 17:33 - 2019-02-16 09:28 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2019-03-13 17:33 - 2019-02-16 09:28 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2019-03-13 17:33 - 2019-02-16 09:28 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2019-03-13 17:33 - 2019-02-16 09:27 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2019-03-13 17:33 - 2019-02-16 09:27 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-03-13 17:33 - 2019-02-16 09:26 - 001459712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-03-13 17:33 - 2019-02-16 09:26 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2019-03-13 17:33 - 2019-02-16 09:26 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2019-03-13 17:33 - 2019-02-16 09:26 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-03-13 17:33 - 2019-02-16 09:25 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2019-03-13 17:33 - 2019-02-16 09:25 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2019-03-13 17:32 - 2019-03-06 17:39 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-03-13 17:32 - 2019-03-06 17:36 - 001047352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2019-03-13 17:32 - 2019-03-06 17:20 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-03-13 17:32 - 2019-03-06 17:19 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-03-13 17:32 - 2019-03-06 17:17 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-03-13 17:32 - 2019-03-06 17:17 - 000810496 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2019-03-13 17:32 - 2019-03-06 17:17 - 000116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2019-03-13 17:32 - 2019-03-06 17:14 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-03-13 17:32 - 2019-03-06 17:13 - 001856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-03-13 17:32 - 2019-03-06 17:13 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-03-13 17:32 - 2019-03-06 17:13 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-03-13 17:32 - 2019-03-06 17:12 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-03-13 17:32 - 2019-03-06 14:18 - 000918032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2019-03-13 17:32 - 2019-03-06 14:18 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-03-13 17:32 - 2019-03-06 14:10 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-03-13 17:32 - 2019-03-06 14:09 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-03-13 17:32 - 2019-03-06 14:06 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-03-13 17:32 - 2019-03-06 14:05 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-03-13 17:32 - 2019-03-06 14:04 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-03-13 17:32 - 2019-03-06 13:59 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-03-13 17:32 - 2019-03-06 11:16 - 001457032 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-03-13 17:32 - 2019-03-06 11:16 - 000776792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-03-13 17:32 - 2019-03-06 11:16 - 000722744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2019-03-13 17:32 - 2019-03-06 11:16 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-03-13 17:32 - 2019-03-06 11:16 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2019-03-13 17:32 - 2019-03-06 11:11 - 000493880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-03-13 17:32 - 2019-03-06 11:10 - 000248880 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2019-03-13 17:32 - 2019-03-06 11:07 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-03-13 17:32 - 2019-03-06 11:07 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-03-13 17:32 - 2019-03-06 11:07 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-03-13 17:32 - 2019-03-06 11:06 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-03-13 17:32 - 2019-03-06 11:06 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-03-13 17:32 - 2019-03-06 11:06 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-03-13 17:32 - 2019-03-06 11:05 - 000439224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-03-13 17:32 - 2019-03-06 11:05 - 000436240 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-03-13 17:32 - 2019-03-06 11:05 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-03-13 17:32 - 2019-03-06 11:04 - 002765856 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-03-13 17:32 - 2019-03-06 11:04 - 000945464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-03-13 17:32 - 2019-03-06 11:04 - 000628024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
2019-03-13 17:32 - 2019-03-06 11:03 - 002465784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-03-13 17:32 - 2019-03-06 11:03 - 001921848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-03-13 17:32 - 2019-03-06 11:03 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-03-13 17:32 - 2019-03-06 11:03 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-03-13 17:32 - 2019-03-06 11:02 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-03-13 17:32 - 2019-03-06 11:02 - 001257672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-03-13 17:32 - 2019-03-06 11:02 - 001140480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-03-13 17:32 - 2019-03-06 11:02 - 000982912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-03-13 17:32 - 2019-03-06 11:02 - 000626488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2019-03-13 17:32 - 2019-03-06 10:36 - 022716928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-03-13 17:32 - 2019-03-06 10:36 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-03-13 17:32 - 2019-03-06 10:34 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-03-13 17:32 - 2019-03-06 10:33 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-03-13 17:32 - 2019-03-06 10:32 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-03-13 17:32 - 2019-03-06 10:31 - 007598592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-03-13 17:32 - 2019-03-06 10:31 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-03-13 17:32 - 2019-03-06 10:31 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-03-13 17:32 - 2019-03-06 10:31 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-03-13 17:32 - 2019-03-06 10:31 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-03-13 17:32 - 2019-03-06 10:31 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-03-13 17:32 - 2019-03-06 10:31 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-03-13 17:32 - 2019-03-06 10:31 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-03-13 17:32 - 2019-03-06 10:31 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-03-13 17:32 - 2019-03-06 10:29 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2019-03-13 17:32 - 2019-03-06 10:28 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-03-13 17:32 - 2019-03-06 10:28 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-03-13 17:32 - 2019-03-06 10:27 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-03-13 17:32 - 2019-03-06 10:26 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-03-13 17:32 - 2019-03-06 10:26 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2019-03-13 17:32 - 2019-03-06 10:26 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2019-03-13 17:32 - 2019-03-06 10:25 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-03-13 17:32 - 2019-03-06 09:08 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-03-13 17:32 - 2019-03-06 08:17 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-03-13 17:32 - 2019-03-06 08:17 - 000146712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-03-13 17:32 - 2019-03-06 08:15 - 002253488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-03-13 17:32 - 2019-03-06 08:15 - 000434488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-03-13 17:32 - 2019-03-06 08:14 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-03-13 17:32 - 2019-03-06 08:14 - 000450872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
2019-03-13 17:32 - 2019-03-06 08:14 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-03-13 17:32 - 2019-03-06 08:13 - 000607248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2019-03-13 17:32 - 2019-03-06 08:05 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-03-13 17:32 - 2019-03-06 07:56 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-03-13 17:32 - 2019-03-06 07:53 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-03-13 17:32 - 2019-03-06 07:53 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-03-13 17:32 - 2019-03-06 07:52 - 005790720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-03-13 17:32 - 2019-03-06 07:52 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-03-13 17:32 - 2019-03-06 07:52 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-03-13 17:32 - 2019-03-06 07:51 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-03-13 17:32 - 2019-03-06 07:51 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-03-13 17:32 - 2019-03-06 07:51 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-03-13 17:32 - 2019-03-06 07:50 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-03-13 17:32 - 2019-03-06 07:50 - 001347584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2019-03-13 17:32 - 2019-03-06 07:50 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-03-13 17:32 - 2019-03-06 07:49 - 004516352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-03-13 17:32 - 2019-03-06 07:49 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-03-13 17:32 - 2019-03-06 07:49 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-03-13 17:32 - 2019-03-06 07:48 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-03-13 17:32 - 2019-03-06 07:48 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-03-13 17:32 - 2019-02-21 05:26 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-03-13 17:32 - 2019-02-16 15:02 - 001644040 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-03-13 17:32 - 2019-02-16 15:02 - 000808456 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-03-13 17:32 - 2019-02-16 15:02 - 000735752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-03-13 17:32 - 2019-02-16 15:02 - 000620040 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-03-13 17:32 - 2019-02-16 15:02 - 000460296 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-03-13 17:32 - 2019-02-16 15:02 - 000322568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-03-13 17:32 - 2019-02-16 15:02 - 000147464 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-03-13 17:32 - 2019-02-16 15:02 - 000071176 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-03-13 17:32 - 2019-02-16 14:57 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-03-13 17:32 - 2019-02-16 14:56 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-03-13 17:32 - 2019-02-16 14:36 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-03-13 17:32 - 2019-02-16 14:33 - 001786880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2019-03-13 17:32 - 2019-02-16 14:32 - 002051072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2019-03-13 17:32 - 2019-02-16 14:31 - 001271808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2019-03-13 17:32 - 2019-02-16 14:31 - 001003520 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2019-03-13 17:32 - 2019-02-16 14:31 - 000861184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2019-03-13 17:32 - 2019-02-16 14:31 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2019-03-13 17:32 - 2019-02-16 14:30 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2019-03-13 17:32 - 2019-02-16 14:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-03-13 17:32 - 2019-02-16 14:29 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2019-03-13 17:32 - 2019-02-16 14:07 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2019-03-13 17:32 - 2019-02-16 14:07 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2019-03-13 17:32 - 2019-02-16 14:06 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2019-03-13 17:32 - 2019-02-16 14:06 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2019-03-13 17:32 - 2019-02-16 14:06 - 000765952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2019-03-13 17:32 - 2019-02-16 14:04 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2019-03-13 17:32 - 2019-02-16 10:16 - 000511800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-03-13 17:32 - 2019-02-16 10:15 - 000505656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-03-13 17:32 - 2019-02-16 10:15 - 000035640 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-03-13 17:32 - 2019-02-16 10:05 - 000087800 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
2019-03-13 17:32 - 2019-02-16 10:04 - 000193032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-03-13 17:32 - 2019-02-16 10:02 - 003291632 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-03-13 17:32 - 2019-02-16 10:02 - 001934800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-03-13 17:32 - 2019-02-16 10:02 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-03-13 17:32 - 2019-02-16 10:02 - 000413712 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-03-13 17:32 - 2019-02-16 10:01 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-03-13 17:32 - 2019-02-16 10:01 - 000641984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2019-03-13 17:32 - 2019-02-16 10:01 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-03-13 17:32 - 2019-02-16 10:01 - 000480840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-03-13 17:32 - 2019-02-16 10:01 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2019-03-13 17:32 - 2019-02-16 10:01 - 000161664 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2019-03-13 17:32 - 2019-02-16 09:57 - 000383288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-03-13 17:32 - 2019-02-16 09:51 - 002479168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-03-13 17:32 - 2019-02-16 09:51 - 000170952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2019-03-13 17:32 - 2019-02-16 09:50 - 001805648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-03-13 17:32 - 2019-02-16 09:50 - 001171336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-03-13 17:32 - 2019-02-16 09:50 - 000504072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp_win.dll
2019-03-13 17:32 - 2019-02-16 09:36 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-03-13 17:32 - 2019-02-16 09:34 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-03-13 17:32 - 2019-02-16 09:33 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2019-03-13 17:32 - 2019-02-16 09:33 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2019-03-13 17:32 - 2019-02-16 09:33 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-03-13 17:32 - 2019-02-16 09:32 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2019-03-13 17:32 - 2019-02-16 09:31 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2019-03-13 17:32 - 2019-02-16 09:31 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-03-13 17:32 - 2019-02-16 09:30 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2019-03-13 17:32 - 2019-02-16 09:30 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2019-03-13 17:32 - 2019-02-16 09:30 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-03-13 17:32 - 2019-02-16 09:28 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2019-03-13 17:32 - 2019-02-16 09:27 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2019-03-13 17:32 - 2019-02-16 09:26 - 000935424 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-03-10 13:33 - 2019-03-10 13:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome to the Game
2019-03-10 13:32 - 2019-03-10 13:32 - 000000000 ____D C:\Program Files (x86)\Welcome to the Game
2019-03-10 12:00 - 2019-03-10 13:34 - 000000000 ____D C:\Users\luky2\AppData\LocalLow\Reflect Studios
2019-03-10 12:00 - 2019-03-10 12:00 - 000000661 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome to the Game II.lnk
2019-03-10 12:00 - 2019-03-10 12:00 - 000000000 ____D C:\Program Files\Welcome to the Game II

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-04 16:17 - 2018-08-21 08:47 - 000000000 ____D C:\Users\luky2\AppData\LocalLow\Mozilla
2019-04-04 16:05 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-04 15:59 - 2019-03-04 07:21 - 000000000 ____D C:\ProgramData\Remotr
2019-04-04 15:41 - 2017-12-30 10:12 - 000002313 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-04 14:59 - 2018-05-11 06:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-04-04 05:27 - 2017-12-30 10:01 - 000000000 __SHD C:\Users\luky2\IntelGraphicsProfiles
2019-04-03 18:36 - 2018-06-14 19:32 - 000000000 ____D C:\Program Files (x86)\Steam
2019-04-03 17:01 - 2018-05-11 06:43 - 001689050 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-04-03 17:01 - 2018-04-12 17:50 - 000717712 _____ C:\WINDOWS\system32\perfh005.dat
2019-04-03 17:01 - 2018-04-12 17:50 - 000144954 _____ C:\WINDOWS\system32\perfc005.dat
2019-04-03 17:01 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2019-04-03 16:55 - 2018-05-11 06:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-03 16:54 - 2018-04-11 23:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2019-04-03 06:32 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-04-02 18:21 - 2018-05-11 06:41 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-89336185-1752920803-2482885247-1001
2019-04-02 18:21 - 2018-05-11 06:35 - 000002361 _____ C:\Users\luky2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-04-02 18:21 - 2017-12-30 09:59 - 000000000 ___RD C:\Users\luky2\OneDrive
2019-04-02 17:34 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-02 15:16 - 2018-07-18 20:26 - 000000000 ____D C:\Users\luky2\AppData\Local\CrashDumps
2019-04-01 18:35 - 2017-12-30 10:37 - 000000000 ____D C:\Users\luky2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2019-03-31 16:44 - 2018-08-24 07:34 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-03-31 16:44 - 2018-08-24 07:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-03-29 18:44 - 2018-12-06 16:32 - 000001536 _____ C:\Users\luky2\AppData\Local\GfxMetrics.cfg
2019-03-29 11:18 - 2017-12-30 10:28 - 000000000 ____D C:\Users\luky2\AppData\Local\PlaceholderTileLogoFolder
2019-03-29 11:18 - 2017-12-30 09:56 - 000000000 ____D C:\Users\luky2\AppData\Local\Packages
2019-03-29 08:22 - 2018-05-11 06:41 - 000003470 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-03-29 08:22 - 2018-05-11 06:41 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-03-28 19:59 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-03-28 16:37 - 2018-08-24 07:34 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-03-28 16:33 - 2018-10-28 17:25 - 000000000 ____D C:\Users\luky2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-03-28 16:32 - 2018-06-14 19:33 - 000000000 ____D C:\Users\luky2\AppData\Local\Steam
2019-03-25 17:07 - 2018-10-16 17:14 - 000000000 ____D C:\Users\luky2\AppData\Roaming\EasyAntiCheat
2019-03-25 17:07 - 2018-05-10 18:55 - 000000000 ____D C:\ProgramData\Package Cache
2019-03-21 19:34 - 2018-05-10 18:53 - 000000000 ____D C:\ProgramData\Epic
2019-03-21 19:32 - 2018-05-10 18:56 - 000000000 ____D C:\Program Files\Epic Games
2019-03-20 18:24 - 2018-11-16 07:35 - 000000000 ____D C:\Program Files\rempl
2019-03-15 22:20 - 2018-05-11 06:35 - 000000000 ____D C:\Users\luky2
2019-03-15 13:03 - 2018-05-11 06:33 - 000234120 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-03-15 13:02 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-03-15 13:02 - 2018-04-12 01:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-03-15 13:02 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-03-15 13:02 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-03-15 13:02 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-03-15 13:02 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-03-15 13:02 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-03-15 13:02 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2019-03-13 17:38 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-03-13 17:31 - 2017-12-30 10:10 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-03-13 17:11 - 2017-12-30 10:10 - 127411920 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2018-10-20 10:11 - 2018-10-24 06:26 - 000000139 _____ () C:\Users\luky2\AppData\Roaming\WB.CFG
2019-04-02 15:16 - 2019-04-02 15:16 - 007901696 _____ () C:\Users\luky2\AppData\Local\agent.dat
2019-04-02 15:16 - 2019-04-02 15:15 - 001632256 _____ (TODO: <Company name>) C:\Users\luky2\AppData\Local\Bluefincom.exe
2019-04-02 15:16 - 2019-04-02 15:16 - 002035759 _____ () C:\Users\luky2\AppData\Local\Bluefincom.tst
2019-04-02 15:16 - 2019-04-02 15:16 - 000070992 _____ () C:\Users\luky2\AppData\Local\Config.xml
2018-12-06 16:32 - 2019-03-29 18:44 - 000001536 _____ () C:\Users\luky2\AppData\Local\GfxMetrics.cfg
2019-04-02 15:16 - 2019-04-02 15:16 - 000016416 _____ () C:\Users\luky2\AppData\Local\InstallationConfiguration.xml
2019-04-02 15:16 - 2019-04-02 15:16 - 000140800 _____ () C:\Users\luky2\AppData\Local\installer.dat
2019-04-02 15:16 - 2019-04-02 15:16 - 000018432 _____ () C:\Users\luky2\AppData\Local\Main.dat
2019-04-02 15:16 - 2019-04-02 15:16 - 000005568 _____ () C:\Users\luky2\AppData\Local\md.xml
2019-04-02 15:16 - 2019-04-02 15:16 - 000126464 _____ () C:\Users\luky2\AppData\Local\noah.dat
2019-04-02 15:16 - 2019-04-02 15:16 - 001895383 _____ () C:\Users\luky2\AppData\Local\OverKix.bin
2019-04-02 15:16 - 2019-04-04 16:06 - 000722944 _____ () C:\Users\luky2\AppData\Local\sha.db
2019-04-02 15:16 - 2019-04-02 15:15 - 001632256 _____ (TODO: <Company name>) C:\Users\luky2\AppData\Local\Trio-Tip.exe
2019-04-02 15:16 - 2019-04-02 15:16 - 000032038 _____ () C:\Users\luky2\AppData\Local\uninstall_temp.ico

Some files in TEMP:
====================
2019-04-02 15:17 - 2019-04-02 15:17 - 000375522 _____ ( ) C:\Users\luky2\AppData\Local\Temp\f0x0s11ir0r.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-11 06:33

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by luky2 (04-04-2019 16:18:08)
Running from C:\Users\luky2\Downloads
Windows 10 Home Version 1803 17134.648 (X64) (2018-05-11 04:41:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-89336185-1752920803-2482885247-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-89336185-1752920803-2482885247-503 - Limited - Disabled)
Guest (S-1-5-21-89336185-1752920803-2482885247-501 - Limited - Disabled)
luky2 (S-1-5-21-89336185-1752920803-2482885247-1001 - Administrator - Enabled) => C:\Users\luky2
WDAGUtilityAccount (S-1-5-21-89336185-1752920803-2482885247-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Epic Games Launcher (HKLM-x32\...\{93BFE5DF-776E-436F-8693-DF1F72C0E3C1}) (Version: 1.1.151.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.86 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Christmas Shopper Simulator (HKLM-x32\...\{139C8AA5-BA56-4388-B5EC-31E0BF09A7C6}) (Version: 1.0.0 - Game Retail Ltd.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4815 - Intel Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft OneDrive (HKU\S-1-5-21-89336185-1752920803-2482885247-1001\...\OneDriveSetup.exe) (Version: 19.033.0218.0011 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 66.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 66.0.2 (x64 cs)) (Version: 66.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.2 - Mozilla)
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.7.0 - Microleaves) Hidden <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8544 - Realtek Semiconductor Corp.)
Remotr version 1.3.1438 (HKLM-x32\...\Remotr_is1) (Version: 1.3.1438 - RemoteMyApp sp. z o.o.)
Roblox Player for luky2 (HKU\S-1-5-21-89336185-1752920803-2482885247-1001\...\roblox-player) (Version: - Roblox Corporation)
Roblox Studio for luky2 (HKU\S-1-5-21-89336185-1752920803-2482885247-1001\...\roblox-studio) (Version: - Roblox Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.12 - Ghisler Software GmbH)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{FBA3961B-D1DF-493C-BC1F-E67D3B832895}) (Version: 2.56.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-2) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Welcome to the Game II (HKLM\...\d2VsY29tZXRvdGhlZ2FtZWlp_is1) (Version: 1 - )
Welcome to the Game version 1.0 (HKLM-x32\...\{F092F89F-60CD-4488-A483-35D52DF9266B}_is1) (Version: 1.0 - Welcome to the Game)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
World of Tanks EU (HKU\S-1-5-21-89336185-1752920803-2482885247-1001\...\WOT.EU.PRODUCTION) (Version: - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-89336185-1752920803-2482885247-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki124757.inf_amd64_b607c305e0c4e0a1\igfxDTCM.dll [2017-10-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A6F0DBF-CA8E-4BBE-8B4B-AD3F4AA0E888} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (MICROLEAVES LTD -> ) <==== ATTENTION
Task: {0E0E1284-0BCB-42A8-B277-8465BE663C90} - System32\Tasks\psv_Konkcore => cmd.exe /c regedit.exe /s "C:\ProgramData\Quoteex\Lotdox.reg" & del "C:\ProgramData\Quoteex\Lotdox.reg" & SCHTASKS /Delete /TN "psv_Konkcore" /F <==== ATTENTION
Task: {13FBAE45-5F63-4393-844F-4B0AE60F4381} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {27364FA3-F79D-4FE4-851D-FA98E829940F} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe (MICROLEAVES LTD -> Microleaves) <==== ATTENTION
Task: {496F1ED9-0CC3-47E7-9906-BEB8FAA9D393} - System32\Tasks\snp => C:\ProgramData\Quoteex\Quoteex.exe <==== ATTENTION
Task: {4E6AD350-20D1-4615-A4FF-5BFC70A880FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {4F400BEE-1FD6-4496-A22D-65B6A6325367} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {5418EEAA-5935-4BA1-AB3E-8F81BABDC074} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (MICROLEAVES LTD -> ) <==== ATTENTION
Task: {6C1D547F-6CE5-4477-84B7-F90D48CA4D05} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {7B4B7A67-1B00-43E8-A7A2-B1CD49FAA38D} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (MICROLEAVES LTD -> ) <==== ATTENTION
Task: {84F0092B-6730-495F-8CE5-437FEBC39276} - System32\Tasks\psv_Lab-Light => cmd.exe /c regedit.exe /s "C:\ProgramData\Quoteex\Sum-Hold.reg" & del "C:\ProgramData\Quoteex\Sum-Hold.reg" & SCHTASKS /Delete /TN "psv_Lab-Light" /F <==== ATTENTION
Task: {887CF1BC-038F-4B7C-955A-FC1EB84D88F5} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (MICROLEAVES LTD -> ) <==== ATTENTION
Task: {9C1D798D-CFE9-4E76-87BA-567959AD7529} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (MICROLEAVES LTD -> ) <==== ATTENTION
Task: {AEEFBB81-9F4F-4DD7-8ECA-E25BCAB54C8E} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
Task: {C7536095-C919-45DF-99B5-A6812B64404B} - System32\Tasks\S-1-5-21-89336185-1752920803-2482885247-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe (Microsoft Windows -> Microsoft Corporation)
Task: {C81A59EA-2389-4455-BC99-C506A6182505} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (MICROLEAVES LTD -> ) <==== ATTENTION
Task: {C8F5E614-7C77-4078-8D82-A3E85808AACE} - System32\Tasks\psv_SailTanfax => cmd.exe /c regedit.exe /s "C:\ProgramData\Quoteex\Dentojob.reg" & del "C:\ProgramData\Quoteex\Dentojob.reg" & SCHTASKS /Delete /TN "psv_SailTanfax" /F <==== ATTENTION
Task: {D6D9106B-9DBB-4008-B4D3-0BAC7E962ABC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {E055ABEF-34FE-48BB-8A54-39557FC9317D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {F197253A-0776-4C20-B1C5-0B23E032ABB2} - System32\Tasks\snf => C:\ProgramData\Quoteex\Quoteex.exe <==== ATTENTION
Task: {FE452B5C-4C30-4422-BDB7-FEE4F8C9BEFD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\luky2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%

==================== Loaded Modules (Whitelisted) ==============

2019-04-02 15:16 - 2019-04-01 09:30 - 000945943 _____ ( ) [File not signed] C:\Users\luky2\AppData\Local\Temp\is-NH2E4.tmp\ClubZef.exe
2019-04-04 05:28 - 2019-04-04 05:28 - 000951808 _____ () [File not signed] C:\Users\luky2\AppData\Local\Temp\is-6MSPJ.tmp\ClubZef.tmp
2019-03-04 07:21 - 2016-06-22 21:54 - 001170432 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Remotr\x86\SQLite.Interop.dll
2019-04-04 05:28 - 2016-04-17 20:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\luky2\AppData\Local\Temp\is-1Q30F.tmp\idp.dll
2019-04-04 05:28 - 2008-10-15 17:44 - 000205312 _____ () [File not signed] C:\Users\luky2\AppData\Local\Temp\is-1Q30F.tmp\itdownload.dll
2019-04-04 05:28 - 2017-05-03 12:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\luky2\AppData\Local\Temp\is-1Q30F.tmp\psvince.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\luky2\OneDrive\Documents\Baldi's Basics Field Trip Demo_1.1_Windows:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\luky2\OneDrive\Documents\BALDI_1.3.2_Windows:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\luky2\OneDrive\Documents\DAVAProject:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\luky2\OneDrive\Documents\Dolphin Emulator:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\luky2\OneDrive\Documents\My Games:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\luky2\OneDrive\Documents\U-Play online:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\luky2\OneDrive\Documents\UCH_Alpha_0.8.11_Win:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\luky2\OneDrive\Documents\UnrealTournament:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Public\AppData:CSM [476]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [474]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-89336185-1752920803-2482885247-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-89336185-1752920803-2482885247-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 15:46 - 2018-10-28 16:11 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-89336185-1752920803-2482885247-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\luky2\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\334192.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{A762509C-127D-47F5-BF89-EC5EE368B020}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{8884322A-4CFC-427B-BC71-566C18FE0D50}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{69BD85E1-7BEE-45A1-AEE9-B35940D686E3}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{297F9769-E74E-4A2A-86EA-971908CB5B48}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{F7CA0AA3-AE2E-480D-9B73-42633B2288EA}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{121D0EB3-586C-453C-B6C6-584D9215254B}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{24B1DF50-A795-4F1F-BB4A-299B57B30AA0}C:\program files\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe] => (Allow) C:\program files\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{29B2B051-9EB3-494F-AFFF-643B346A243D}C:\program files\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe] => (Allow) C:\program files\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{001A6436-580A-4727-9A2B-98854FAFBE99}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{BCCBA0AB-EAE7-4C34-A747-F67712BF9C2F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{67928BC8-9B53-404F-B5E3-A91E91A6525A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{E72A82BA-3A9E-4B24-99AB-E8EA6FBDDC9E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{A76F8D47-48FE-44B3-B994-B6550E1DC91B}C:\users\luky2\desktop\counterstrikeglobaloffensivev60\counter-strike global offensive\tools\steamcmd.exe] => (Allow) C:\users\luky2\desktop\counterstrikeglobaloffensivev60\counter-strike global offensive\tools\steamcmd.exe No File
FirewallRules: [UDP Query User{F06BE9B2-CFEC-4294-A3D6-2065287C7C82}C:\users\luky2\desktop\counterstrikeglobaloffensivev60\counter-strike global offensive\tools\steamcmd.exe] => (Allow) C:\users\luky2\desktop\counterstrikeglobaloffensivev60\counter-strike global offensive\tools\steamcmd.exe No File
FirewallRules: [TCP Query User{7D0C76F4-6E7B-4BCA-9098-108771693CFD}C:\users\luky2\desktop\counterstrikeglobaloffensivev60\counter-strike global offensive\csgo.exe] => (Allow) C:\users\luky2\desktop\counterstrikeglobaloffensivev60\counter-strike global offensive\csgo.exe No File
FirewallRules: [UDP Query User{970B3B6C-AAAE-4100-9510-36C0CDB68BCF}C:\users\luky2\desktop\counterstrikeglobaloffensivev60\counter-strike global offensive\csgo.exe] => (Allow) C:\users\luky2\desktop\counterstrikeglobaloffensivev60\counter-strike global offensive\csgo.exe No File
FirewallRules: [TCP Query User{D23F1466-E47C-41EA-B37F-01568D886225}C:\users\luky2\downloads\hideandseek1\hideandseek\helloneighbor\binaries\win64\helloneighbor-win64-shipping.exe] => (Allow) C:\users\luky2\downloads\hideandseek1\hideandseek\helloneighbor\binaries\win64\helloneighbor-win64-shipping.exe No File
FirewallRules: [UDP Query User{C9C2E13B-E6CF-472C-B825-18BB19E03AAC}C:\users\luky2\downloads\hideandseek1\hideandseek\helloneighbor\binaries\win64\helloneighbor-win64-shipping.exe] => (Allow) C:\users\luky2\downloads\hideandseek1\hideandseek\helloneighbor\binaries\win64\helloneighbor-win64-shipping.exe No File
FirewallRules: [TCP Query User{8CCC0564-9DDE-434E-BEC4-A85CE0202687}C:\users\luky2\downloads\counterstrikeglobaloffensivev60 (1)\counter-strike global offensive\csgo.exe] => (Allow) C:\users\luky2\downloads\counterstrikeglobaloffensivev60 (1)\counter-strike global offensive\csgo.exe No File
FirewallRules: [UDP Query User{D81AC645-6B9D-4EE3-A2A2-3684466E021F}C:\users\luky2\downloads\counterstrikeglobaloffensivev60 (1)\counter-strike global offensive\csgo.exe] => (Allow) C:\users\luky2\downloads\counterstrikeglobaloffensivev60 (1)\counter-strike global offensive\csgo.exe No File
FirewallRules: [{7708238D-E0B7-4062-8C59-1EA8C267F673}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{3B07F66F-739B-4AAA-8FDC-3CED7F97C331}C:\users\luky2\appdata\local\temp\rar$exa0.993\ultimate chicken horse\ultimatechickenhorse.exe] => (Allow) C:\users\luky2\appdata\local\temp\rar$exa0.993\ultimate chicken horse\ultimatechickenhorse.exe No File
FirewallRules: [UDP Query User{30245A2D-46DA-448F-8562-63AEAF3F07C1}C:\users\luky2\appdata\local\temp\rar$exa0.993\ultimate chicken horse\ultimatechickenhorse.exe] => (Allow) C:\users\luky2\appdata\local\temp\rar$exa0.993\ultimate chicken horse\ultimatechickenhorse.exe No File
FirewallRules: [TCP Query User{4B1A06E4-F799-4BEE-8E6B-6B1A4463461E}C:\users\luky2\appdata\local\temp\rar$exa0.106\ultimate chicken horse\ultimatechickenhorse.exe] => (Allow) C:\users\luky2\appdata\local\temp\rar$exa0.106\ultimate chicken horse\ultimatechickenhorse.exe No File
FirewallRules: [UDP Query User{67F4BA14-0942-4759-B0C0-2A975D24B41B}C:\users\luky2\appdata\local\temp\rar$exa0.106\ultimate chicken horse\ultimatechickenhorse.exe] => (Allow) C:\users\luky2\appdata\local\temp\rar$exa0.106\ultimate chicken horse\ultimatechickenhorse.exe No File
FirewallRules: [TCP Query User{934B0A31-066F-484B-BC4C-07B3243F9EE1}C:\users\luky2\onedrive\documents\uch_alpha_0.8.11_win\uch_alpha_0.8.11_win\uch_alpha_0.8.11_win.exe] => (Allow) C:\users\luky2\onedrive\documents\uch_alpha_0.8.11_win\uch_alpha_0.8.11_win\uch_alpha_0.8.11_win.exe No File
FirewallRules: [UDP Query User{2A5639B4-CD73-4BF4-8094-25690184B72F}C:\users\luky2\onedrive\documents\uch_alpha_0.8.11_win\uch_alpha_0.8.11_win\uch_alpha_0.8.11_win.exe] => (Allow) C:\users\luky2\onedrive\documents\uch_alpha_0.8.11_win\uch_alpha_0.8.11_win\uch_alpha_0.8.11_win.exe No File
FirewallRules: [TCP Query User{34BA4D1D-5983-42B3-9460-B60506D5D5D2}C:\users\luky2\appdata\local\temp\rar$exa0.990\ultimate chicken horse\ultimatechickenhorse.exe] => (Allow) C:\users\luky2\appdata\local\temp\rar$exa0.990\ultimate chicken horse\ultimatechickenhorse.exe No File
FirewallRules: [UDP Query User{B867F480-2CF5-410A-BFC1-FF2EAEA308DD}C:\users\luky2\appdata\local\temp\rar$exa0.990\ultimate chicken horse\ultimatechickenhorse.exe] => (Allow) C:\users\luky2\appdata\local\temp\rar$exa0.990\ultimate chicken horse\ultimatechickenhorse.exe No File
FirewallRules: [TCP Query User{BD1AA3EC-DFF5-4163-B7D9-4D3E53EF829D}C:\users\luky2\desktop\ultimate chicken horse\uch_alpha_0.8.11_win.exe] => (Block) C:\users\luky2\desktop\ultimate chicken horse\uch_alpha_0.8.11_win.exe No File
FirewallRules: [UDP Query User{B935337B-9509-4C1C-B053-9A6DC56E378F}C:\users\luky2\desktop\ultimate chicken horse\uch_alpha_0.8.11_win.exe] => (Block) C:\users\luky2\desktop\ultimate chicken horse\uch_alpha_0.8.11_win.exe No File
FirewallRules: [TCP Query User{82BD37E6-7BEE-4869-BA65-B7D7A777A4EE}C:\games\viscera_alpha\binaries\win32\udk.exe] => (Allow) C:\games\viscera_alpha\binaries\win32\udk.exe No File
FirewallRules: [UDP Query User{CD5275F9-B4B1-4B92-B2D7-7AAE938B0C0A}C:\games\viscera_alpha\binaries\win32\udk.exe] => (Allow) C:\games\viscera_alpha\binaries\win32\udk.exe No File
FirewallRules: [TCP Query User{43A95483-3D42-4F75-B3AC-FE07B3A36EDD}C:\users\luky2\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\luky2\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{A8BE16AD-6918-49B1-A8DB-1037018631F3}C:\users\luky2\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\luky2\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{433F6636-6123-43A8-B9A3-92EF27CEFC58}C:\users\luky2\desktop\games\ultimatechickenhorse.exe] => (Allow) C:\users\luky2\desktop\games\ultimatechickenhorse.exe No File
FirewallRules: [UDP Query User{A3B948EF-E2FB-4342-8C21-5FA3917CA3C3}C:\users\luky2\desktop\games\ultimatechickenhorse.exe] => (Allow) C:\users\luky2\desktop\games\ultimatechickenhorse.exe No File
FirewallRules: [{91A6E32F-EABE-46EE-8F54-89B889BD9358}] => (Allow) C:\Users\luky2\AppData\Local\WarThunder\launcher.exe No File
FirewallRules: [{88935252-9CD6-48F8-8442-8225433BF843}] => (Allow) C:\Users\luky2\AppData\Local\WarThunder\launcher.exe No File
FirewallRules: [{D5F6D81C-1C2E-410C-A656-F20E8F2A4EBE}] => (Allow) C:\Users\luky2\AppData\Local\WarThunder\bpreport.exe No File
FirewallRules: [{E6E08E27-26EF-4427-A00E-034C7494D4CF}] => (Allow) C:\Users\luky2\AppData\Local\WarThunder\bpreport.exe No File
FirewallRules: [{1F0C1F51-8FC4-4E08-B3F0-AAC76EF2A5C6}] => (Allow) C:\Users\luky2\AppData\Local\WarThunder\gaijin_downloader.exe No File
FirewallRules: [{E10B5EA5-213B-4E98-A1A1-F5593E8D3436}] => (Allow) C:\Users\luky2\AppData\Local\WarThunder\gaijin_downloader.exe No File
FirewallRules: [TCP Query User{94AAE027-9FA3-4A39-B016-753B44C46B9B}C:\users\luky2\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\luky2\appdata\local\warthunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [UDP Query User{C9C44071-5C5F-4F3C-AFA3-F2FEE1F0DA79}C:\users\luky2\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\luky2\appdata\local\warthunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [TCP Query User{711A3CF8-A22E-4645-A855-7DD6207FF1EF}C:\games\viscera_alpha\binaries\win32\udk.exe] => (Allow) C:\games\viscera_alpha\binaries\win32\udk.exe No File
FirewallRules: [UDP Query User{8EB608C4-AA69-48F8-8F59-82BA7F29161F}C:\games\viscera_alpha\binaries\win32\udk.exe] => (Allow) C:\games\viscera_alpha\binaries\win32\udk.exe No File
FirewallRules: [TCP Query User{430EEF76-F499-44EC-A765-DD94A3D1FF99}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{410814D1-61AD-42C1-86D3-450BEA513DD4}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{0B7CF884-706A-47DA-AEA1-13753E5BA57E}C:\users\luky2\desktop\games\ultimatechickenhorse.exe] => (Allow) C:\users\luky2\desktop\games\ultimatechickenhorse.exe No File
FirewallRules: [UDP Query User{6443293F-83E2-4749-9F02-5B4D1974D254}C:\users\luky2\desktop\games\ultimatechickenhorse.exe] => (Allow) C:\users\luky2\desktop\games\ultimatechickenhorse.exe No File
FirewallRules: [TCP Query User{F64FCBBC-4ECD-41C1-939E-E190051D0569}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{0FFE5C0A-C7CB-43E4-8CB5-AB064DD5A98A}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{51C57F42-01B5-4F68-8600-482E99781049}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [{30BF8961-789E-4345-B3CD-2A9F78926A99}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [TCP Query User{0628D9BC-0368-4EBE-9971-7D7E06AEBA74}C:\users\luky2\appdata\local\temp\rar$exa0.334\windowsnoeditor\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\users\luky2\appdata\local\temp\rar$exa0.334\windowsnoeditor\engine\binaries\win64\ue4game-win64-shipping.exe No File
FirewallRules: [UDP Query User{CBA0030B-9D88-4FA0-95B6-EA38BB7AC9C7}C:\users\luky2\appdata\local\temp\rar$exa0.334\windowsnoeditor\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\users\luky2\appdata\local\temp\rar$exa0.334\windowsnoeditor\engine\binaries\win64\ue4game-win64-shipping.exe No File
FirewallRules: [{431F6539-8E3F-4DBC-9CDB-302DFA11DF09}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe No File
FirewallRules: [TCP Query User{DA995371-EDF2-4B20-A179-EB0199B3D1FD}C:\users\luky2\appdata\local\temp\rar$exa0.340\paint.the.town.red.v0.8.44\paintthetownred.exe] => (Allow) C:\users\luky2\appdata\local\temp\rar$exa0.340\paint.the.town.red.v0.8.44\paintthetownred.exe No File
FirewallRules: [UDP Query User{41BA5604-CFED-495F-A604-CBF29EF648C6}C:\users\luky2\appdata\local\temp\rar$exa0.340\paint.the.town.red.v0.8.44\paintthetownred.exe] => (Allow) C:\users\luky2\appdata\local\temp\rar$exa0.340\paint.the.town.red.v0.8.44\paintthetownred.exe No File
FirewallRules: [TCP Query User{B96288DD-3CE5-4B57-BD89-44C18DC1328C}C:\users\luky2\desktop\games\paintthetownred.exe] => (Allow) C:\users\luky2\desktop\games\paintthetownred.exe No File
FirewallRules: [UDP Query User{25E45FB0-FCD0-478C-99E6-34C395605E9F}C:\users\luky2\desktop\games\paintthetownred.exe] => (Allow) C:\users\luky2\desktop\games\paintthetownred.exe No File
FirewallRules: [{B8B5DD74-372D-4F74-9089-7C4C445ED6E6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{5C9B3F5B-34A0-441F-B141-F420B0BD97A0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{59CB9BE0-8676-4CE5-A67A-E8FB0EC4B165}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Loading Screen Simulator\LSS.exe () [File not signed]
FirewallRules: [{1005BA0E-909D-44EA-8722-FF4EF60015BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Loading Screen Simulator\LSS.exe () [File not signed]
FirewallRules: [TCP Query User{9ABAE83A-CE41-4A9F-9264-B4185E7C27EC}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe No File
FirewallRules: [UDP Query User{1A80CF92-03D5-457A-8352-8B792FD9A2EA}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe No File
FirewallRules: [TCP Query User{AD5D2607-0339-475E-9C8F-F8B93CAF286E}C:\games\world_of_tanks_eu\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_eu\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{A343FEB2-83ED-495B-97E5-644CDDCB8957}C:\games\world_of_tanks_eu\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_eu\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{11E0D42C-8F79-4E68-AB46-295B0DCAF2C9}] => (Allow) C:\Program Files (x86)\Remotr\RemotrServer.exe (RemoteMyApp sp. z o.o. -> RemoteMyApp sp. z o.o.)
FirewallRules: [{A5B8D262-8683-4B72-B852-A9A0843FD62B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{149F7ABC-AA9E-4760-9996-5A42B3FA8EEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{343180E5-22B3-47AD-AF49-9BFC75FC525E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darwin Project\Darwin.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{5DF9C0E1-79AE-4EB9-AC01-3C9654037983}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darwin Project\Darwin.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{27D74D79-744F-41F6-9A20-5A8C3D498100}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darwin Project\Darwin\Binaries\Win64\Darwin-Win64-Shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{B2B4D191-BA51-40F0-AD85-8F3DECE533BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darwin Project\Darwin\Binaries\Win64\Darwin-Win64-Shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{9EE7B306-378E-4A78-AD9D-3D13F490C7F7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{FAE9CAED-9C57-4D8F-B282-DFACD8862990}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life A Place in the West\apw.exe (GitHub, Inc.) [File not signed]
FirewallRules: [{7264FBF6-9850-44F1-B4ED-A313DF6FFE1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life A Place in the West\apw.exe (GitHub, Inc.) [File not signed]

==================== Restore Points =========================

25-03-2019 17:17:26 Installed Christmas Shopper Simulator
02-04-2019 18:26:40 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/04/2019 03:13:09 PM) (Source: COM) (EventID: 10031) (User: )
Description: Při zrušení zařazení vlastního zařazeného objektu byla provedena kontrola zásad zrušení zařazení a třída {41FD88F7-F295-4D39-91AC-A85F3149A05B} byla odmítnuta.

Error: (04/04/2019 03:13:09 PM) (Source: COM) (EventID: 10031) (User: )
Description: Při zrušení zařazení vlastního zařazeného objektu byla provedena kontrola zásad zrušení zařazení a třída {95CABCC9-BC57-4C12-B8DF-BA193232AA01} byla odmítnuta.

Error: (04/04/2019 03:12:29 PM) (Source: COM) (EventID: 10031) (User: )
Description: Při zrušení zařazení vlastního zařazeného objektu byla provedena kontrola zásad zrušení zařazení a třída {95CABCC9-BC57-4C12-B8DF-BA193232AA01} byla odmítnuta.

Error: (04/04/2019 03:12:29 PM) (Source: COM) (EventID: 10031) (User: )
Description: Při zrušení zařazení vlastního zařazeného objektu byla provedena kontrola zásad zrušení zařazení a třída {41FD88F7-F295-4D39-91AC-A85F3149A05B} byla odmítnuta.

Error: (04/04/2019 03:12:29 PM) (Source: COM) (EventID: 10031) (User: )
Description: Při zrušení zařazení vlastního zařazeného objektu byla provedena kontrola zásad zrušení zařazení a třída {95CABCC9-BC57-4C12-B8DF-BA193232AA01} byla odmítnuta.

Error: (04/04/2019 03:12:29 PM) (Source: COM) (EventID: 10031) (User: )
Description: Při zrušení zařazení vlastního zařazeného objektu byla provedena kontrola zásad zrušení zařazení a třída {95CABCC9-BC57-4C12-B8DF-BA193232AA01} byla odmítnuta.

Error: (04/04/2019 03:12:01 PM) (Source: COM) (EventID: 10031) (User: )
Description: Při zrušení zařazení vlastního zařazeného objektu byla provedena kontrola zásad zrušení zařazení a třída {95CABCC9-BC57-4C12-B8DF-BA193232AA01} byla odmítnuta.

Error: (04/04/2019 03:11:59 PM) (Source: COM) (EventID: 10031) (User: )
Description: Při zrušení zařazení vlastního zařazeného objektu byla provedena kontrola zásad zrušení zařazení a třída {41FD88F7-F295-4D39-91AC-A85F3149A05B} byla odmítnuta.


System errors:
=============
Error: (04/04/2019 05:28:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (04/04/2019 05:28:44 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-58PCG34)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
a APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
uživateli DESKTOP-58PCG34\luky2 (SID: S-1-5-21-89336185-1752920803-2482885247-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (04/04/2019 05:27:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (04/03/2019 06:26:28 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-58PCG34)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-58PCG34\luky2 (SID: S-1-5-21-89336185-1752920803-2482885247-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (04/03/2019 04:57:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscDataProtection
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (04/03/2019 04:57:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscBrokerManager
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (04/03/2019 04:55:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (04/03/2019 04:55:31 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-58PCG34)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-58PCG34\luky2 (SID: S-1-5-21-89336185-1752920803-2482885247-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


Windows Defender:
===================================
Date: 2019-04-02 17:33:08.019
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Tiggre!plock
ID: 2147723626
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Program Files (x86)\Lets\527371333.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-58PCG34\luky2
Název procesu: C:\Windows\System32\runonce.exe
Verze podpisu: AV: 1.291.908.0, AS: 1.291.908.0, NIS: 1.291.908.0
Verze modulu: AM: 1.1.15800.1, NIS: 1.1.15800.1

Date: 2019-04-02 15:18:30.924
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Bitrep.A
ID: 2147723097
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\ProgramData\Logic Cramble\set.exe; file:_C:\Users\luky2\AppData\Local\Temp\RarSFX0\LogicHandler.exe; process:_pid:9812,ProcessStart:131986846036120352; service:_backlh
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\ProgramData\Logic Cramble\set.exe
Verze podpisu: AV: 1.291.908.0, AS: 1.291.908.0, NIS: 1.291.908.0
Verze modulu: AM: 1.1.15800.1, NIS: 1.1.15800.1

Date: 2019-04-02 15:17:02.557
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Bitrep.A
ID: 2147723097
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\ProgramData\Logic Cramble\set.exe; file:_C:\Users\luky2\AppData\Local\Temp\RarSFX0\LogicHandler.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Windows\System32\svchost.exe
Verze podpisu: AV: 1.291.908.0, AS: 1.291.908.0, NIS: 1.291.908.0
Verze modulu: AM: 1.1.15800.1, NIS: 1.1.15800.1

Date: 2019-04-02 15:16:51.902
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Fuerboos.C!cl
ID: 2147723654
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\luky2\AppData\Local\Temp\167474656\ic-0.aba2634d997a3.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: E:\csgo_freeqn_v19.exe
Verze podpisu: AV: 1.291.908.0, AS: 1.291.908.0, NIS: 1.291.908.0
Verze modulu: AM: 1.1.15800.1, NIS: 1.1.15800.1

Date: 2019-04-02 15:16:50.684
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Fuerboos.C!cl
ID: 2147723654
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\luky2\AppData\Local\Temp\167474656\ic-0.aba2634d997a3.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze podpisu: AV: 1.291.908.0, AS: 1.291.908.0, NIS: 1.291.908.0
Verze modulu: AM: 1.1.15800.1, NIS: 1.1.15800.1

Date: 2019-02-12 14:43:13.802
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x80004005
Popis chyby: Nespecifikovaná chyba
Důvod: Ovladač filtru přeskočil prohledávání položek a je v režimu průchodu. Příčinou může být nízký stav prostředků.

CodeIntegrity:
===================================

Date: 2019-01-23 14:45:03.902
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-01-23 14:45:03.899
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-01-23 14:42:15.878
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-01-23 14:42:15.715
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-01-23 14:42:15.084
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-01-23 14:42:15.071
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-01-23 06:00:38.878
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-01-23 06:00:38.872
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-6006U CPU @ 2.00GHz
Percentage of memory in use: 53%
Total physical RAM: 4012.91 MB
Available physical RAM: 1874.97 MB
Total Virtual: 11436.91 MB
Available Virtual: 8407.29 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.05 GB) (Free:40.01 GB) NTFS

\\?\Volume{cf2869da-963f-47ae-89c9-798a59ee60dd}\ (Obnovení) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{054e9650-510d-407d-a277-622996ed8d25}\ () (Fixed) (Total:0.82 GB) (Free:0.34 GB) NTFS
\\?\Volume{c32cce9a-a881-4a38-9a59-0017e5ffebeb}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 4DDC17A4)

Partition: GPT.

==================== End of Addition.txt ============================

Kodlz
Přítel fóra
Přítel fóra
Příspěvky: 780
Registrován: 30 kvě 2008 12:11

Re: Problém s notebookem

#2 Příspěvek od Kodlz »

Ahoj
Na plose, tam kde mas umisteny FRST vytvor TXT soubor, ktery pojmenujes fixlist.txt a do nej vloz nasledujici text:

( Spusť znovu FRST a klikni na >Fix<. Po skončení akce se objeví log, který sem zkopíruj).
start
CreateRestorePoint:

CloseProcesses:

Hosts:

EmptyTemp:

HKLM-x32\...\Run: [Multitimer] => C:\Program Files (x86)\Multitimer\Multitimer.exe [281600 2017-12-12] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-89336185-1752920803-2482885247-1001\...\Run: [4300929] => C:\Users\luky2\AppData\Local\Temp\is-NH2E4.tmp\ClubZef.exe [945943 2019-04-01] ( ) [File not signed] <==== ATTENTION
AppInit_DLLs: C:\ProgramData\Quoteex\DomCof.dll => No File
AppInit_DLLs-x32: C:\ProgramData\Quoteex\Toptone.dll => No File
HKU\S-1-5-21-89336185-1752920803-2482885247-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%7 ... 2z0MX0A&q={searchTerms}
HKU\S-1-5-21-89336185-1752920803-2482885247-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72 ... wfDvF8CTDg
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%7 ... 2z0MX0A&q={searchTerms}
SearchScopes: HKU\S-1-5-21-89336185-1752920803-2482885247-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%7 ... 2z0MX0A&q={searchTerms}
SearchScopes: HKU\S-1-5-21-89336185-1752920803-2482885247-1001 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = hxxp://securedsearch.lavasoft.com/resul ... _181014&q={searchTerms}
SearchScopes: HKU\S-1-5-21-89336185-1752920803-2482885247-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%7 ... 2z0MX0A&q={searchTerms}
FF NewTab: Mozilla\Firefox\Profiles\rbzy94k7.default-1537610630674 -> file:///C:/ProgramData/Quoteexs/ff.NT
FF HomepageOverride: Mozilla\Firefox\Profiles\rbzy94k7.default-1537610630674 -> Disabled: _1gMembers_@www.inboxace.com
FF HomepageOverride: Mozilla\Firefox\Profiles\rbzy94k7.default-1537610630674 -> Disabled: _65Members_@download.fromdoctopdf.com
FF NewTabOverride: Mozilla\Firefox\Profiles\rbzy94k7.default-1537610630674 -> Disabled: _1gMembers_@www.inboxace.com
FF NewTabOverride: Mozilla\Firefox\Profiles\rbzy94k7.default-1537610630674 -> Disabled: _65Members_@download.fromdoctopdf.com
FF NewTabOverride: Mozilla\Firefox\Profiles\rbzy94k7.default-1537610630674 -> Enabled: _j5Members_@ext.ask.com
CHR HomePage: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72 ... 7RAjNjwn5x
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/","hxxp://www.google.com/"
CHR NewTab: Default -> Active:"chrome-extension://lebfnajechalpbihdkadmgikpigidnlh/start/index.html", Active:"chrome-extension://iiomiohchifbhgllmilekghfgncdceni/index.html", Active:"chrome-extension://cpfeiadabjbeeceklgnhgidkenddajog/newtabproduct.html"
CHR DefaultSearchURL: Default -> hxxps://%66%65%65%64.%73%6F%6E%69%63-%7 ... G-ukccx&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X]
2019-04-02 15:17 - 2019-04-02 15:17 - 000375522 _____ ( ) C:\Users\luky2\AppData\Local\Temp\f0x0s11ir0r.exe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {0A6F0DBF-CA8E-4BBE-8B4B-AD3F4AA0E888} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (MICROLEAVES LTD -> ) <==== ATTENTION
Task: {0E0E1284-0BCB-42A8-B277-8465BE663C90} - System32\Tasks\psv_Konkcore => cmd.exe /c regedit.exe /s "C:\ProgramData\Quoteex\Lotdox.reg" & del "C:\ProgramData\Quoteex\Lotdox.reg" & SCHTASKS /Delete /TN "psv_Konkcore" /F <==== ATTENTION
Task: {27364FA3-F79D-4FE4-851D-FA98E829940F} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe (MICROLEAVES LTD -> Microleaves) <==== ATTENTION
Task: {496F1ED9-0CC3-47E7-9906-BEB8FAA9D393} - System32\Tasks\snp => C:\ProgramData\Quoteex\Quoteex.exe <==== ATTENTION
Task: {4E6AD350-20D1-4615-A4FF-5BFC70A880FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {5418EEAA-5935-4BA1-AB3E-8F81BABDC074} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (MICROLEAVES LTD -> ) <==== ATTENTION
Task: {7B4B7A67-1B00-43E8-A7A2-B1CD49FAA38D} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (MICROLEAVES LTD -> ) <==== ATTENTION
Task: {84F0092B-6730-495F-8CE5-437FEBC39276} - System32\Tasks\psv_Lab-Light => cmd.exe /c regedit.exe /s "C:\ProgramData\Quoteex\Sum-Hold.reg" & del "C:\ProgramData\Quoteex\Sum-Hold.reg" & SCHTASKS /Delete /TN "psv_Lab-Light" /F <==== ATTENTION
Task: {887CF1BC-038F-4B7C-955A-FC1EB84D88F5} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (MICROLEAVES LTD -> ) <==== ATTENTION
Task: {9C1D798D-CFE9-4E76-87BA-567959AD7529} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (MICROLEAVES LTD -> ) <==== ATTENTION
Task: {C81A59EA-2389-4455-BC99-C506A6182505} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (MICROLEAVES LTD -> ) <==== ATTENTION
Task: {C8F5E614-7C77-4078-8D82-A3E85808AACE} - System32\Tasks\psv_SailTanfax => cmd.exe /c regedit.exe /s "C:\ProgramData\Quoteex\Dentojob.reg" & del "C:\ProgramData\Quoteex\Dentojob.reg" & SCHTASKS /Delete /TN "psv_SailTanfax" /F <==== ATTENTION
Task: {F197253A-0776-4C20-B1C5-0B23E032ABB2} - System32\Tasks\snf => C:\ProgramData\Quoteex\Quoteex.exe <==== ATTENTION
Task: {FE452B5C-4C30-4422-BDB7-FEE4F8C9BEFD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
ShortcutWithArgument: C:\Users\luky2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
2019-04-02 15:16 - 2019-04-01 09:30 - 000945943 _____ ( ) [File not signed] C:\Users\luky2\AppData\Local\Temp\is-NH2E4.tmp\ClubZef.exe
2019-04-04 05:28 - 2019-04-04 05:28 - 000951808 _____ () [File not signed] C:\Users\luky2\AppData\Local\Temp\is-6MSPJ.tmp\ClubZef.tmp
2019-04-04 05:28 - 2016-04-17 20:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\luky2\AppData\Local\Temp\is-1Q30F.tmp\idp.dll
2019-04-04 05:28 - 2008-10-15 17:44 - 000205312 _____ () [File not signed] C:\Users\luky2\AppData\Local\Temp\is-1Q30F.tmp\itdownload.dll
2019-04-04 05:28 - 2017-05-03 12:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\luky2\AppData\Local\Temp\is-1Q30F.tmp\psvince.dll

AlternateDataStreams: C:\Users\luky2\OneDrive\Documents\Baldi's Basics Field Trip Demo_1.1_Windows:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\luky2\OneDrive\Documents\BALDI_1.3.2_Windows:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\luky2\OneDrive\Documents\DAVAProject:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\luky2\OneDrive\Documents\Dolphin Emulator:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\luky2\OneDrive\Documents\My Games:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\luky2\OneDrive\Documents\U-Play online:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\luky2\OneDrive\Documents\UCH_Alpha_0.8.11_Win:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\luky2\OneDrive\Documents\UnrealTournament:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Public\AppData:CSM [476]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [474]
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-89336185-1752920803-2482885247-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-89336185-1752920803-2482885247-1001\...\webcompanion.com -> hxxp://webcompanion.com
FirewallRules: [TCP Query User{A76F8D47-48FE-44B3-B994-B6550E1DC91B}C:\users\luky2\desktop\counterstrikeglobaloffensivev60\counter-strike global offensive\tools\steamcmd.exe] => (Allow) C:\users\luky2\desktop\counterstrikeglobaloffensivev60\counter-strike global offensive\tools\steamcmd.exe No File
FirewallRules: [UDP Query User{F06BE9B2-CFEC-4294-A3D6-2065287C7C82}C:\users\luky2\desktop\counterstrikeglobaloffensivev60\counter-strike global offensive\tools\steamcmd.exe] => (Allow) C:\users\luky2\desktop\counterstrikeglobaloffensivev60\counter-strike global offensive\tools\steamcmd.exe No File
FirewallRules: [TCP Query User{7D0C76F4-6E7B-4BCA-9098-108771693CFD}C:\users\luky2\desktop\counterstrikeglobaloffensivev60\counter-strike global offensive\csgo.exe] => (Allow) C:\users\luky2\desktop\counterstrikeglobaloffensivev60\counter-strike global offensive\csgo.exe No File
FirewallRules: [UDP Query User{970B3B6C-AAAE-4100-9510-36C0CDB68BCF}C:\users\luky2\desktop\counterstrikeglobaloffensivev60\counter-strike global offensive\csgo.exe] => (Allow) C:\users\luky2\desktop\counterstrikeglobaloffensivev60\counter-strike global offensive\csgo.exe No File
FirewallRules: [TCP Query User{D23F1466-E47C-41EA-B37F-01568D886225}C:\users\luky2\downloads\hideandseek1\hideandseek\helloneighbor\binaries\win64\helloneighbor-win64-shipping.exe] => (Allow) C:\users\luky2\downloads\hideandseek1\hideandseek\helloneighbor\binaries\win64\helloneighbor-win64-shipping.exe No File
FirewallRules: [UDP Query User{C9C2E13B-E6CF-472C-B825-18BB19E03AAC}C:\users\luky2\downloads\hideandseek1\hideandseek\helloneighbor\binaries\win64\helloneighbor-win64-shipping.exe] => (Allow) C:\users\luky2\downloads\hideandseek1\hideandseek\helloneighbor\binaries\win64\helloneighbor-win64-shipping.exe No File
FirewallRules: [TCP Query User{8CCC0564-9DDE-434E-BEC4-A85CE0202687}C:\users\luky2\downloads\counterstrikeglobaloffensivev60 (1)\counter-strike global offensive\csgo.exe] => (Allow) C:\users\luky2\downloads\counterstrikeglobaloffensivev60 (1)\counter-strike global offensive\csgo.exe No File
FirewallRules: [UDP Query User{D81AC645-6B9D-4EE3-A2A2-3684466E021F}C:\users\luky2\downloads\counterstrikeglobaloffensivev60 (1)\counter-strike global offensive\csgo.exe] => (Allow) C:\users\luky2\downloads\counterstrikeglobaloffensivev60 (1)\counter-strike global offensive\csgo.exe No File
FirewallRules: [TCP Query User{3B07F66F-739B-4AAA-8FDC-3CED7F97C331}C:\users\luky2\appdata\local\temp\rar$exa0.993\ultimate chicken horse\ultimatechickenhorse.exe] => (Allow) C:\users\luky2\appdata\local\temp\rar$exa0.993\ultimate chicken horse\ultimatechickenhorse.exe No File
FirewallRules: [UDP Query User{30245A2D-46DA-448F-8562-63AEAF3F07C1}C:\users\luky2\appdata\local\temp\rar$exa0.993\ultimate chicken horse\ultimatechickenhorse.exe] => (Allow) C:\users\luky2\appdata\local\temp\rar$exa0.993\ultimate chicken horse\ultimatechickenhorse.exe No File
FirewallRules: [TCP Query User{4B1A06E4-F799-4BEE-8E6B-6B1A4463461E}C:\users\luky2\appdata\local\temp\rar$exa0.106\ultimate chicken horse\ultimatechickenhorse.exe] => (Allow) C:\users\luky2\appdata\local\temp\rar$exa0.106\ultimate chicken horse\ultimatechickenhorse.exe No File
FirewallRules: [UDP Query User{67F4BA14-0942-4759-B0C0-2A975D24B41B}C:\users\luky2\appdata\local\temp\rar$exa0.106\ultimate chicken horse\ultimatechickenhorse.exe] => (Allow) C:\users\luky2\appdata\local\temp\rar$exa0.106\ultimate chicken horse\ultimatechickenhorse.exe No File
FirewallRules: [TCP Query User{934B0A31-066F-484B-BC4C-07B3243F9EE1}C:\users\luky2\onedrive\documents\uch_alpha_0.8.11_win\uch_alpha_0.8.11_win\uch_alpha_0.8.11_win.exe] => (Allow) C:\users\luky2\onedrive\documents\uch_alpha_0.8.11_win\uch_alpha_0.8.11_win\uch_alpha_0.8.11_win.exe No File
FirewallRules: [UDP Query User{2A5639B4-CD73-4BF4-8094-25690184B72F}C:\users\luky2\onedrive\documents\uch_alpha_0.8.11_win\uch_alpha_0.8.11_win\uch_alpha_0.8.11_win.exe] => (Allow) C:\users\luky2\onedrive\documents\uch_alpha_0.8.11_win\uch_alpha_0.8.11_win\uch_alpha_0.8.11_win.exe No File
FirewallRules: [TCP Query User{34BA4D1D-5983-42B3-9460-B60506D5D5D2}C:\users\luky2\appdata\local\temp\rar$exa0.990\ultimate chicken horse\ultimatechickenhorse.exe] => (Allow) C:\users\luky2\appdata\local\temp\rar$exa0.990\ultimate chicken horse\ultimatechickenhorse.exe No File
FirewallRules: [UDP Query User{B867F480-2CF5-410A-BFC1-FF2EAEA308DD}C:\users\luky2\appdata\local\temp\rar$exa0.990\ultimate chicken horse\ultimatechickenhorse.exe] => (Allow) C:\users\luky2\appdata\local\temp\rar$exa0.990\ultimate chicken horse\ultimatechickenhorse.exe No File
FirewallRules: [TCP Query User{BD1AA3EC-DFF5-4163-B7D9-4D3E53EF829D}C:\users\luky2\desktop\ultimate chicken horse\uch_alpha_0.8.11_win.exe] => (Block) C:\users\luky2\desktop\ultimate chicken horse\uch_alpha_0.8.11_win.exe No File
FirewallRules: [UDP Query User{B935337B-9509-4C1C-B053-9A6DC56E378F}C:\users\luky2\desktop\ultimate chicken horse\uch_alpha_0.8.11_win.exe] => (Block) C:\users\luky2\desktop\ultimate chicken horse\uch_alpha_0.8.11_win.exe No File
FirewallRules: [TCP Query User{82BD37E6-7BEE-4869-BA65-B7D7A777A4EE}C:\games\viscera_alpha\binaries\win32\udk.exe] => (Allow) C:\games\viscera_alpha\binaries\win32\udk.exe No File
FirewallRules: [UDP Query User{CD5275F9-B4B1-4B92-B2D7-7AAE938B0C0A}C:\games\viscera_alpha\binaries\win32\udk.exe] => (Allow) C:\games\viscera_alpha\binaries\win32\udk.exe No File
FirewallRules: [TCP Query User{433F6636-6123-43A8-B9A3-92EF27CEFC58}C:\users\luky2\desktop\games\ultimatechickenhorse.exe] => (Allow) C:\users\luky2\desktop\games\ultimatechickenhorse.exe No File
FirewallRules: [UDP Query User{A3B948EF-E2FB-4342-8C21-5FA3917CA3C3}C:\users\luky2\desktop\games\ultimatechickenhorse.exe] => (Allow) C:\users\luky2\desktop\games\ultimatechickenhorse.exe No File
FirewallRules: [{91A6E32F-EABE-46EE-8F54-89B889BD9358}] => (Allow) C:\Users\luky2\AppData\Local\WarThunder\launcher.exe No File
FirewallRules: [{88935252-9CD6-48F8-8442-8225433BF843}] => (Allow) C:\Users\luky2\AppData\Local\WarThunder\launcher.exe No File
FirewallRules: [{D5F6D81C-1C2E-410C-A656-F20E8F2A4EBE}] => (Allow) C:\Users\luky2\AppData\Local\WarThunder\bpreport.exe No File
FirewallRules: [{E6E08E27-26EF-4427-A00E-034C7494D4CF}] => (Allow) C:\Users\luky2\AppData\Local\WarThunder\bpreport.exe No File
FirewallRules: [{1F0C1F51-8FC4-4E08-B3F0-AAC76EF2A5C6}] => (Allow) C:\Users\luky2\AppData\Local\WarThunder\gaijin_downloader.exe No File
FirewallRules: [{E10B5EA5-213B-4E98-A1A1-F5593E8D3436}] => (Allow) C:\Users\luky2\AppData\Local\WarThunder\gaijin_downloader.exe No File
FirewallRules: [TCP Query User{711A3CF8-A22E-4645-A855-7DD6207FF1EF}C:\games\viscera_alpha\binaries\win32\udk.exe] => (Allow) C:\games\viscera_alpha\binaries\win32\udk.exe No File
FirewallRules: [UDP Query User{8EB608C4-AA69-48F8-8F59-82BA7F29161F}C:\games\viscera_alpha\binaries\win32\udk.exe] => (Allow) C:\games\viscera_alpha\binaries\win32\udk.exe No File
FirewallRules: [TCP Query User{0B7CF884-706A-47DA-AEA1-13753E5BA57E}C:\users\luky2\desktop\games\ultimatechickenhorse.exe] => (Allow) C:\users\luky2\desktop\games\ultimatechickenhorse.exe No File
FirewallRules: [UDP Query User{6443293F-83E2-4749-9F02-5B4D1974D254}C:\users\luky2\desktop\games\ultimatechickenhorse.exe] => (Allow) C:\users\luky2\desktop\games\ultimatechickenhorse.exe No File
FirewallRules: [{51C57F42-01B5-4F68-8600-482E99781049}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [{30BF8961-789E-4345-B3CD-2A9F78926A99}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [TCP Query User{0628D9BC-0368-4EBE-9971-7D7E06AEBA74}C:\users\luky2\appdata\local\temp\rar$exa0.334\windowsnoeditor\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\users\luky2\appdata\local\temp\rar$exa0.334\windowsnoeditor\engine\binaries\win64\ue4game-win64-shipping.exe No File
FirewallRules: [UDP Query User{CBA0030B-9D88-4FA0-95B6-EA38BB7AC9C7}C:\users\luky2\appdata\local\temp\rar$exa0.334\windowsnoeditor\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\users\luky2\appdata\local\temp\rar$exa0.334\windowsnoeditor\engine\binaries\win64\ue4game-win64-shipping.exe No File
FirewallRules: [{431F6539-8E3F-4DBC-9CDB-302DFA11DF09}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe No File
FirewallRules: [TCP Query User{DA995371-EDF2-4B20-A179-EB0199B3D1FD}C:\users\luky2\appdata\local\temp\rar$exa0.340\paint.the.town.red.v0.8.44\paintthetownred.exe] => (Allow) C:\users\luky2\appdata\local\temp\rar$exa0.340\paint.the.town.red.v0.8.44\paintthetownred.exe No File
FirewallRules: [UDP Query User{41BA5604-CFED-495F-A604-CBF29EF648C6}C:\users\luky2\appdata\local\temp\rar$exa0.340\paint.the.town.red.v0.8.44\paintthetownred.exe] => (Allow) C:\users\luky2\appdata\local\temp\rar$exa0.340\paint.the.town.red.v0.8.44\paintthetownred.exe No File
FirewallRules: [TCP Query User{B96288DD-3CE5-4B57-BD89-44C18DC1328C}C:\users\luky2\desktop\games\paintthetownred.exe] => (Allow) C:\users\luky2\desktop\games\paintthetownred.exe No File
FirewallRules: [UDP Query User{25E45FB0-FCD0-478C-99E6-34C395605E9F}C:\users\luky2\desktop\games\paintthetownred.exe] => (Allow) C:\users\luky2\desktop\games\paintthetownred.exe No File
FirewallRules: [TCP Query User{9ABAE83A-CE41-4A9F-9264-B4185E7C27EC}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe No File
FirewallRules: [UDP Query User{1A80CF92-03D5-457A-8352-8B792FD9A2EA}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe No File
HKU\S-1-5-21-89336185-1752920803-2482885247-1001\...\MountPoints2: {0fc0f702-5a9d-11e8-87e7-9061ae6a387a} - "E:\HiSuiteDownLoader.exe"
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.7.0 - Microleaves) Hidden <==== ATTENTION
C:\ProgramData\Quoteex

end


:arrow: Nasledne dej odinstalovat aplikaci "Online Application" ( ta se ti zobrazi az po zpusteni fixlistu).

Kodlz
Přítel fóra
Přítel fóra
Příspěvky: 780
Registrován: 30 kvě 2008 12:11

Re: Problém s notebookem

#3 Příspěvek od Kodlz »

:closed:

Zamčeno