Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prevence <PC>

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
Tommy Puerto
Návštěvník
Návštěvník
Příspěvky: 43
Registrován: 04 zář 2014 01:52

Prevence <PC>

#1 Příspěvek od Tommy Puerto »

Ahoj, můj počítač z ultra rychlého přešel na zasekávácí režim. Nevím přesně čím ale posílám preventivku kvůli virům, díky za podívání se. Občas když zapnu pc tak hlavní větrák začne být strašně hlučný a trvá to tak 2 min než s uklidní, prach tam ale nevidím.


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.12.2018
Ran by warto (13-12-2018 21:38:16)
Running from C:\Users\warto\Downloads
Windows 10 Pro Version 1803 17134.471 (X64) (2018-05-20 18:30:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3012513600-1294068158-3791818399-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3012513600-1294068158-3791818399-503 - Limited - Disabled)
Guest (S-1-5-21-3012513600-1294068158-3791818399-501 - Limited - Disabled)
Host (S-1-5-21-3012513600-1294068158-3791818399-1002 - Limited - Enabled) => C:\Users\Host
warto (S-1-5-21-3012513600-1294068158-3791818399-1001 - Administrator - Enabled) => C:\Users\warto
WDAGUtilityAccount (S-1-5-21-3012513600-1294068158-3791818399-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{5F4E8D94-3947-4019-9239-D2541C9A35F2}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{7A5E4942-A527-42E6-A5FC-95109B756CA8}) (Version: 3.5.1.7 - Intel) Hidden
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BitTorrent (HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\BitTorrent) (Version: 7.10.4.44847 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: - Piriform Ltd.)
Crossout Launcher 1.0.3.36 (HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\CrossOutLauncher_is1) (Version: - )
DiRT2 (HKLM-x32\...\{52D1D62C-FEAB-4580-849E-1DB624BADBBD}) (Version: 1.00.0000 - Codemasters)
Discord (HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
Dragon Age Inquisition v.1.11.u10 (HKLM-x32\...\Dragon Age Inquisition_is1) (Version: - )
Epic Games Launcher (HKLM-x32\...\{93BFE5DF-776E-436F-8693-DF1F72C0E3C1}) (Version: 1.1.151.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Far Cry 4 (HKLM-x32\...\Far Cry 4_is1) (Version: 1.4.0 - Ubisoft)
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
FlashBoot 2.3d (HKLM\...\FlashBoot_is1) (Version: - Mikhail Kupchik)
Free ISO Converter (HKLM-x32\...\{957954B6-DFFA-4CA7-8A0F-9E62221A8DEB}_is1) (Version: 1.0 - Media Freeware)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Intel(R) Computing Improvement Program (HKLM\...\{58FBAE3A-E602-47E6-9F32-AE25D48B378A}) (Version: 2.4.04140 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{ef2ad7ab-dd41-48ed-ae53-f7fe3cd903d8}) (Version: 3.5.1.7 - Intel)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes verze 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\OneDriveSetup.exe) (Version: 18.212.1021.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NVIDIA Ovladač 3D Vision 399.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 399.24 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 399.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 399.24 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{9530AE42-DAE1-4619-9594-B23487285D17}) (Version: 9.11.1107 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Ovládací panel NVIDIA 399.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 399.24 - NVIDIA Corporation) Hidden
Rapture3D 2.3.22 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)
RecoveRx version 3.8.0 (HKLM-x32\...\{3DE055DA-690F-43B8-9B7B-54E7D70806F9}_is1) (Version: 3.8.0 - Transcend Information, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SWF Opener (HKLM-x32\...\{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1) (Version: 1.3 - UnH Solutions)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1495134320_is1) (Version: 2.0.0.51 - GOG.com)
Total War Arena (HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\TWA.EU.PRODUCTION) (Version: - Wargaming.net)
Unity Web Player (HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 70.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.0 - VideoLAN)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Zaklínač 2: Vrahové Králů v3.0 (HKLM-x32\...\Zaklínač 2: Vrahové Králů Rozšířená Edice_is1) (Version: 1.0 - Electronic Arts)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-09-06] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {021C6F57-9A81-472E-80CB-2EA74BD3234A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MpCmdRun.exe [2018-09-25] (Microsoft Corporation)
Task: {11544983-8386-422A-A161-CB0FBCF7C2F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-07] (Google Inc.)
Task: {2D3617D5-B11E-4979-8483-9552F540D618} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {652F383D-8BAE-4835-83AF-10F12ECFDB0D} - System32\Tasks\aeyAueyQDMNgjFGdU2 => rundll32 "C:\Program Files (x86)\rlrBQhAPmkumyySPaWR\CNHpQpl.dll",#1
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {7212EE19-E594-4D33-8026-8BE4D60547E3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MpCmdRun.exe [2018-09-25] (Microsoft Corporation)
Task: {7644EFBD-B800-4976-8E07-0EB3D0DDDDF3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)
Task: {7C6356CA-A0C2-4703-992D-F9589DCCEEA9} - System32\Tasks\lDoXvtNaWAZojId2 => rundll32 "C:\Program Files (x86)\vLreQlMWU\robojX.dll",#1
Task: {809AC4A5-94DA-4732-8A2D-19F03EAD0166} - System32\Tasks\S-1-5-21-3012513600-1294068158-3791818399-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-12-08] (Microsoft Corporation)
Task: {821E0A23-EC14-4002-9D57-F66761564AE7} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_101_pepper.exe [2018-12-05] (Adobe Systems Incorporated)
Task: {8FD42F8F-D40A-4CD1-AA7C-CA512857E8C3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MpCmdRun.exe [2018-09-25] (Microsoft Corporation)
Task: {A66FD071-04A6-49A9-BEDA-E5B2B8B5B763} - \Microsoft\Windows\Google\GoogleUpdateTaskMachineUP -> No File <==== ATTENTION
Task: {BA79BBCA-F190-49A6-84F5-52D080B6E7B5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-07] (Google Inc.)
Task: {C1967968-F056-4A52-85DC-70EBDA33BC60} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-12-05] (Adobe Systems Incorporated)
Task: {CC06554D-87A1-4E5D-B1B7-9E6DA065C063} - System32\Tasks\NWWeXkviPPcmWa => rundll32 "C:\Program Files (x86)\dWFoxDgrTwfU2\BrYoVbUoYjvXK.dll",#1
Task: {D75AFEAE-FC90-40E1-B650-A2BF19241225} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {DA85AE09-51D0-4CDE-A62C-53D865923007} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {EB6EA1DB-24FD-49A7-861D-F6DAFF495577} - System32\Tasks\DllKitPRO => C:\Program Files (x86)\DllKitPRO\dllkitpro.exe <==== ATTENTION
Task: {FE3DF3C8-3F45-4484-AB8F-5B1086612FFC} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-09-19 00:51 - 2018-09-19 00:51 - 000194792 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
2018-09-19 00:51 - 2018-09-19 00:51 - 000975872 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\sqlite3.DLL
2018-02-12 23:08 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000937192 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
2018-09-19 00:51 - 2018-09-19 00:51 - 002329320 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_modeler.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000282344 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\pl_agent_lib.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000292584 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_acpi_battery_input.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000339176 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_wifi_input.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000266984 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\devices_use_input.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000322792 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_system_power_state_input.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000693480 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_os_input.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000243944 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_winstat_input.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000750824 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_upnp_input.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000411368 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_input.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000278760 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sgx_input.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000376552 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sampler_input.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000638696 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_hw_input.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000419048 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_fps_input.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000303848 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_heartbeat_input.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000778472 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\sql_logger.dll
2017-09-07 19:13 - 2018-09-06 02:18 - 000142888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-12 17:09 - 2018-11-09 03:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-12-12 17:09 - 2018-12-08 08:33 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-02 21:36 - 2018-07-02 21:36 - 098275328 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
2018-07-02 21:36 - 2018-07-02 21:36 - 003922432 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll
2018-07-02 21:36 - 2018-07-02 21:36 - 000092672 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll
2016-01-06 17:41 - 2016-01-06 17:41 - 000062168 _____ () C:\Program Files\CCleaner\branding.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000863464 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
2018-09-19 00:51 - 2018-09-19 00:51 - 000312552 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_user_waiting_input.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000238824 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_events_input.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000343272 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_foreground_window_input.dll
2018-11-27 02:54 - 2018-11-16 06:43 - 005020504 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.110\libglesv2.dll
2018-11-27 02:54 - 2018-11-16 06:43 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.110\libegl.dll
2018-12-11 15:17 - 2018-12-11 20:09 - 000174480 _____ () C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteLauncher.exe
2018-06-12 19:12 - 2018-06-08 10:31 - 003912608 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2018-06-12 19:12 - 2018-06-08 10:31 - 002506680 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2018-10-10 02:48 - 2018-10-10 02:48 - 004389888 _____ () C:\Program Files\WindowsApps\Microsoft.OneConnect_5.1809.2571.0_x64__8wekyb3d8bbwe\OneConnect.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\AppData:CSM [476]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [476]
AlternateDataStreams: C:\Users\warto\OneDrive\Dokumenty\Assassin's Creed Odyssey:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\warto\OneDrive\Dokumenty\BioWare:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\warto\OneDrive\Dokumenty\Games for Windows - LIVE Demos:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\warto\OneDrive\Dokumenty\Image-Line:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\warto\OneDrive\Dokumenty\My Games:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\warto\OneDrive\Dokumenty\Rockstar Games:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 22:03 - 2018-02-28 13:45 - 000000753 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\warto\Downloads\assassins_creed_origins-wallpaper-1920x1200.jpg
DNS Servers: 10.1.0.33
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\StartupApproved\Run: => "EA Core"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{5D38FC9B-3BA3-4C5F-8102-2B08AA67C949}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{21B53C08-9147-4502-B390-7E01A03DAD87}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{5397481F-A840-4DA7-BBE9-7A5659313106}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{4F06821A-7212-459A-B965-2DCD8D02A1A1}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{71BCA3F8-1108-4BB9-9F1C-CF95C3F34DD7}] => (Allow) LPort=1688
FirewallRules: [{877274C3-04FF-453E-AD6D-9745E0CA973C}] => (Allow) C:\Users\warto\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0B363149-DD6E-4F7F-B483-3DED1BC8E7E5}] => (Allow) C:\Users\warto\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{693305F7-92F7-4E0F-8AF4-81D5029A7646}D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{1248693B-A1BE-47BE-A697-6AE83EF38C84}D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{E88F8F40-CA69-4DC0-A907-7AC706AD9D18}C:\program files (x86)\world of warcraft\utils\wowvoiceproxy.exe] => (Allow) C:\program files (x86)\world of warcraft\utils\wowvoiceproxy.exe
FirewallRules: [UDP Query User{38AE3643-F24B-4121-A934-DC852F51328D}C:\program files (x86)\world of warcraft\utils\wowvoiceproxy.exe] => (Allow) C:\program files (x86)\world of warcraft\utils\wowvoiceproxy.exe
FirewallRules: [TCP Query User{B87C723B-3BDF-45AA-BA72-E5D539DF48A7}D:\mass effect 3 complete edition\binaries\win32\masseffect3.exe] => (Allow) D:\mass effect 3 complete edition\binaries\win32\masseffect3.exe
FirewallRules: [UDP Query User{1E6AAAAC-6B5E-44C6-A9A6-471D3C19AB2E}D:\mass effect 3 complete edition\binaries\win32\masseffect3.exe] => (Allow) D:\mass effect 3 complete edition\binaries\win32\masseffect3.exe
FirewallRules: [TCP Query User{141B2EF2-ABCB-4A5E-878B-D44938CDC812}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{9C17AA51-FC8B-4F4A-9906-D5A976778259}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [{74B1B2AE-1033-4F7C-A665-738C684DEB1F}] => (Allow) D:\dirt2_game.exe
FirewallRules: [{A4E8F381-B403-40A9-B8BB-7FA087965B61}] => (Allow) D:\dirt2_game.exe
FirewallRules: [{C8A83804-6167-453F-B838-9DB6489D9BE8}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{A0C8C48D-620B-4919-8FE7-510EACE9BE74}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{A01BD763-F1C8-42B4-8C48-A5558DFA67B2}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{FE24C43C-9D27-44E6-843F-504502F5F203}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{E7F4EFB5-9E43-4943-9717-69E5C25216C8}] => (Allow) D:\Assassin's Creed Odyssey\ACOdyssey.exe
FirewallRules: [TCP Query User{7CB67C81-3838-4269-8D25-2D2DDBED43C8}C:\users\warto\appdata\roaming\bittorrent\updates\7.10.4_44633.exe] => (Allow) C:\users\warto\appdata\roaming\bittorrent\updates\7.10.4_44633.exe
FirewallRules: [UDP Query User{32955051-F35D-47E1-B0CB-FCE57E603D98}C:\users\warto\appdata\roaming\bittorrent\updates\7.10.4_44633.exe] => (Allow) C:\users\warto\appdata\roaming\bittorrent\updates\7.10.4_44633.exe
FirewallRules: [TCP Query User{A95ADE7A-E220-49EA-A41C-F08479DBA634}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{8F96320C-B014-402E-8B57-86E970BC4860}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{B0725937-A22A-4390-9AAE-3F2EA27FE65F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C065BEA0-AA37-44F8-B721-A32BDF8C3C9A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6F97E5AC-2D5E-4813-B370-70FDC4B84FE7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{1BECAAF7-E961-4B01-844C-5383EEF25F05}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{53A27883-C52D-41B2-BFD4-EE7C5CA8C1E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe
FirewallRules: [{4656C629-AA55-46AD-A38C-E98A5B9ACD20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe
FirewallRules: [TCP Query User{F0E0C053-708A-482C-B0E0-2CBC9221F297}C:\program files (x86)\world of warcraft\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\world of warcraft\diablo iii\x64\diablo iii64.exe
FirewallRules: [UDP Query User{816C9A3F-AF3D-41A6-B49A-609CE8912D5D}C:\program files (x86)\world of warcraft\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\world of warcraft\diablo iii\x64\diablo iii64.exe
FirewallRules: [TCP Query User{9172CF0A-6DB0-4764-A915-785C28EC06AC}C:\program files (x86)\world of warcraft\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\world of warcraft\overwatch\overwatch.exe
FirewallRules: [UDP Query User{E58FD48F-5FD1-442D-9AF9-D58C35200845}C:\program files (x86)\world of warcraft\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\world of warcraft\overwatch\overwatch.exe
FirewallRules: [TCP Query User{9E941686-8A54-46A9-983E-32A385F06666}C:\hry\far cry 4\bin\farcry4.exe] => (Allow) C:\hry\far cry 4\bin\farcry4.exe
FirewallRules: [UDP Query User{FFA2E5BD-F473-4A45-9EE9-A14250773315}C:\hry\far cry 4\bin\farcry4.exe] => (Allow) C:\hry\far cry 4\bin\farcry4.exe
FirewallRules: [{19D8DF29-435F-4782-8918-DC48F07B4DD7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{0DEED14E-DE93-4149-831C-7A232F657215}C:\program files (x86)\the witcher 2 (cz)\bin\witcher2.exe] => (Allow) C:\program files (x86)\the witcher 2 (cz)\bin\witcher2.exe
FirewallRules: [UDP Query User{8AC3F394-E2F6-467A-8009-F549CF9F6711}C:\program files (x86)\the witcher 2 (cz)\bin\witcher2.exe] => (Allow) C:\program files (x86)\the witcher 2 (cz)\bin\witcher2.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/13/2018 07:51:13 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-QD17RQH)
Description: httphttp-2147467263

Error: (12/13/2018 06:14:11 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu WmiApRpl v knihovně DLL C:\WINDOWS\system32\wbem\wmiaprpl.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (12/13/2018 06:14:11 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (12/13/2018 06:14:11 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu MSDTC v knihovně DLL C:\WINDOWS\system32\msdtcuiu.DLL se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (12/13/2018 06:14:11 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu Lsa v knihovně DLL C:\Windows\System32\Secur32.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (12/13/2018 06:14:11 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu ESENT v knihovně DLL C:\WINDOWS\system32\esentprf.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (12/13/2018 06:10:39 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-QD17RQH)
Description: httphttp-2147467263

Error: (12/13/2018 04:41:30 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-QD17RQH)
Description: httphttp-2147467263


System errors:
=============
Error: (12/13/2018 07:34:06 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-QD17RQH)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-QD17RQH\warto (SID: S-1-5-21-3012513600-1294068158-3791818399-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/13/2018 07:13:51 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-QD17RQH)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-QD17RQH\warto (SID: S-1-5-21-3012513600-1294068158-3791818399-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/13/2018 06:10:15 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-QD17RQH)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-QD17RQH\warto (SID: S-1-5-21-3012513600-1294068158-3791818399-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/13/2018 06:09:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-QD17RQH)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-QD17RQH\warto (SID: S-1-5-21-3012513600-1294068158-3791818399-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/13/2018 03:01:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscBrokerManager
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/13/2018 02:59:55 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-QD17RQH)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-QD17RQH\warto (SID: S-1-5-21-3012513600-1294068158-3791818399-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/13/2018 12:47:07 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-QD17RQH)
Description: Server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/12/2018 02:39:14 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-QD17RQH)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-QD17RQH\warto (SID: S-1-5-21-3012513600-1294068158-3791818399-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


Windows Defender:
===================================
Date: 2018-10-07 22:07:37.517
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Fuerboos.C!cl
ID: 2147723654
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Windows\Temp\217.71.252.46.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Windows\SysWOW64\Microsoft\Protect\S-1-83-65\RB_1.4.91.43.exe
Verze podpisu: AV: 1.277.719.0, AS: 1.277.719.0, NIS: 1.277.719.0
Verze modulu: AM: 1.1.15300.6, NIS: 1.1.15300.6

Date: 2018-10-04 09:37:31.175
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.277.515.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15300.6
Kód chyby: 0x80240438
Popis chyby :Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2018-10-04 05:42:54.059
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.277.515.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15300.6
Kód chyby: 0x80240438
Popis chyby :Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2018-10-04 00:27:02.821
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.277.515.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15300.6
Kód chyby: 0x80240438
Popis chyby :Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2018-10-03 22:22:58.744
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.277.515.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15300.6
Kód chyby: 0x80240438
Popis chyby :Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2018-09-14 03:21:04.071
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.275.1140.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15200.1
Kód chyby: 0x80070643
Popis chyby :Při instalaci došlo k závažné chybě.

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G4600 @ 3.60GHz
Percentage of memory in use: 53%
Total physical RAM: 8128.61 MB
Available physical RAM: 3748.17 MB
Total Virtual: 11200.61 MB
Available Virtual: 3131.14 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.24 GB) (Free:5.15 GB) NTFS
Drive d: (ADATA UFD) (Removable) (Total:57.81 GB) (Free:2.03 GB) NTFS

\\?\Volume{5a6ae5dd-a1c3-46c1-a0fb-4e99138bf673}\ (Obnovení) (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
\\?\Volume{acd79ad2-c4af-4496-92ef-e9a2db0b22a9}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 111.8 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (Size: 57.8 GB) (Disk ID: FC6BC999)
Partition 1: (Not Active) - (Size=57.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.12.2018
Ran by warto (administrator) on DESKTOP-QD17RQH (13-12-2018 21:35:58)
Running from C:\Users\warto\Downloads
Loaded Profiles: warto (Available Profiles: warto & Host)
Platform: Windows 10 Pro Version 1803 17134.471 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteLauncher.exe
(BattlEye Innovations) C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping_BE.exe
() C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
(Epic Games, Inc.) C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe
(Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11001.20116.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [126712 2018-09-26] (Intel)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35148688 2018-12-05] (Epic Games, Inc.)
HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\Run: [Discord] => C:\Users\warto\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\Run: [Steam] => "C:\Program Files (x86)\Steam\steam.exe" -silent
HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\Policies\Explorer: [NoSecurityTab] 1
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.1.0.33
Tcpip\..\Interfaces\{16ff6cb6-5bf3-40ec-a69e-69d9cc19bb7c}: [DhcpNameServer] 10.1.0.33

Internet Explorer:
==================

FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-09-06] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-09-06] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin HKU\S-1-5-21-3012513600-1294068158-3791818399-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\warto\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default -> hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={B8FEC9B2-9459-11E1-B6DF-001D60ABBE54}
CHR DefaultSearchKeyword: Default -> google.cz_
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\warto\AppData\Local\Google\Chrome\User Data\Default [2018-12-13]
CHR Extension: (Seznam doplněk - Email) - C:\Users\warto\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2018-11-22]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\warto\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2018-12-04]
CHR Extension: (Seznam doplněk - Esko-) - C:\Users\warto\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2018-11-22]
CHR Extension: (Adblock Plus) - C:\Users\warto\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-12-04]
CHR Extension: (uBlock) - C:\Users\warto\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2018-11-18]
CHR Extension: (Auto Refresh Blocker) - C:\Users\warto\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmhmgghfmjjoejobimppckbalonobkck [2018-06-04]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\warto\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Ochrana hesla) - C:\Users\warto\AppData\Local\Google\Chrome\User Data\Default\Extensions\noondiphcddnnabmjcihcjfbhfklnnep [2018-06-04]
CHR Extension: (Seznam doplněk - Esko) - C:\Users\warto\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2018-11-22]
CHR Extension: (Chrome Media Router) - C:\Users\warto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-20]
CHR Profile: C:\Users\warto\AppData\Local\Google\Chrome\User Data\System Profile [2018-02-24]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7356680 2018-11-08] ()
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [23800 2018-09-26] (Intel)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-25] (EasyAntiCheat Ltd)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [937192 2018-09-19] ()
S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [194792 2018-09-19] ()
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [937192 2018-09-19] ()
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\NisSrv.exe [3847376 2018-09-25] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MsMpEng.exe [114200 2018-09-25] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BEDaisy; C:\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys [2551864 2018-12-13] ()
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-08-31] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-08-31] (Disc Soft Ltd)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-12-13] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_8e4f37220e99138f\nvlddmkm.sys [17213824 2018-09-25] (NVIDIA Corporation)
R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [43008 2018-09-19] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46184 2018-09-25] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [352424 2018-09-25] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60584 2018-09-25] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-13 21:35 - 2018-12-13 21:36 - 000012402 _____ C:\Users\warto\Downloads\FRST.txt
2018-12-13 21:35 - 2018-12-13 21:35 - 002417152 _____ (Farbar) C:\Users\warto\Downloads\FRST64.exe
2018-12-13 21:34 - 2018-12-13 21:34 - 001776640 _____ (Farbar) C:\Users\warto\Downloads\FRST.exe
2018-12-13 14:59 - 2018-12-13 14:59 - 000000000 ____D C:\WINDOWS\Panther
2018-12-12 17:10 - 2018-12-08 13:48 - 000034104 _____ C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2018-12-12 17:10 - 2018-12-08 13:47 - 000645320 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-12-12 17:10 - 2018-12-08 13:42 - 001634944 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-12-12 17:10 - 2018-12-08 13:41 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-12-12 17:10 - 2018-12-08 13:41 - 000481880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-12-12 17:10 - 2018-12-08 13:40 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-12-12 17:10 - 2018-12-08 13:28 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-12-12 17:10 - 2018-12-08 13:27 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdBth.dll
2018-12-12 17:10 - 2018-12-08 13:25 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-12-12 17:10 - 2018-12-08 13:25 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-12-12 17:10 - 2018-12-08 13:23 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-12-12 17:10 - 2018-12-08 13:23 - 002892288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-12-12 17:10 - 2018-12-08 13:23 - 001856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-12-12 17:10 - 2018-12-08 13:22 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-12-12 17:10 - 2018-12-08 09:12 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-12-12 17:10 - 2018-12-08 09:12 - 000269336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-12-12 17:10 - 2018-12-08 09:07 - 001221632 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-12-12 17:10 - 2018-12-08 09:07 - 001030184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-12-12 17:10 - 2018-12-08 09:07 - 000076280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-12-12 17:10 - 2018-12-08 09:06 - 001017168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-12-12 17:10 - 2018-12-08 09:06 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-12-12 17:10 - 2018-12-08 09:06 - 000491416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-12-12 17:10 - 2018-12-08 09:06 - 000433168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-12-12 17:10 - 2018-12-08 09:05 - 007520096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-12-12 17:10 - 2018-12-08 09:05 - 002822656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-12-12 17:10 - 2018-12-08 09:05 - 002463384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-12-12 17:10 - 2018-12-08 09:05 - 001935008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-12-12 17:10 - 2018-12-08 09:05 - 001209888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-12-12 17:10 - 2018-12-08 09:05 - 000793592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-12-12 17:10 - 2018-12-08 09:05 - 000706040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-12-12 17:10 - 2018-12-08 09:05 - 000594224 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-12-12 17:10 - 2018-12-08 09:05 - 000413920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-12-12 17:10 - 2018-12-08 09:05 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-12-12 17:10 - 2018-12-08 09:04 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-12-12 17:10 - 2018-12-08 09:04 - 002590296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2018-12-12 17:10 - 2018-12-08 09:04 - 002371296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-12-12 17:10 - 2018-12-08 09:04 - 001150312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-12-12 17:10 - 2018-12-08 09:04 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-12-12 17:10 - 2018-12-08 09:04 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-12-12 17:10 - 2018-12-08 09:04 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-12-12 17:10 - 2018-12-08 09:04 - 000416024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2018-12-12 17:10 - 2018-12-08 09:04 - 000413176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-12-12 17:10 - 2018-12-08 09:04 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-12-12 17:10 - 2018-12-08 09:04 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-12-12 17:10 - 2018-12-08 08:47 - 000861744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-12-12 17:10 - 2018-12-08 08:46 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-12-12 17:10 - 2018-12-08 08:46 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-12-12 17:10 - 2018-12-08 08:46 - 001397104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-12-12 17:10 - 2018-12-08 08:46 - 000457056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2018-12-12 17:10 - 2018-12-08 08:45 - 006569040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-12-12 17:10 - 2018-12-08 08:45 - 004789952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-12-12 17:10 - 2018-12-08 08:45 - 002307240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2018-12-12 17:10 - 2018-12-08 08:45 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-12-12 17:10 - 2018-12-08 08:45 - 001379816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-12-12 17:10 - 2018-12-08 08:45 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-12-12 17:10 - 2018-12-08 08:45 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-12-12 17:10 - 2018-12-08 08:45 - 000129296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-12-12 17:10 - 2018-12-08 08:42 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-12-12 17:10 - 2018-12-08 08:41 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-12-12 17:10 - 2018-12-08 08:38 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-12-12 17:10 - 2018-12-08 08:38 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-12-12 17:10 - 2018-12-08 08:37 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-12-12 17:10 - 2018-12-08 08:37 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-12-12 17:10 - 2018-12-08 08:37 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-12-12 17:10 - 2018-12-08 08:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2018-12-12 17:10 - 2018-12-08 08:36 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-12-12 17:10 - 2018-12-08 08:36 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-12-12 17:10 - 2018-12-08 08:36 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-12-12 17:10 - 2018-12-08 08:36 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-12-12 17:10 - 2018-12-08 08:36 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-12-12 17:10 - 2018-12-08 08:36 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-12-12 17:10 - 2018-12-08 08:35 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-12-12 17:10 - 2018-12-08 08:35 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-12-12 17:10 - 2018-12-08 08:35 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-12-12 17:10 - 2018-12-08 08:34 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-12-12 17:10 - 2018-12-08 08:34 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-12-12 17:10 - 2018-12-08 08:34 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-12-12 17:10 - 2018-12-08 08:34 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-12-12 17:10 - 2018-12-08 08:34 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2018-12-12 17:10 - 2018-12-08 08:33 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-12-12 17:10 - 2018-12-08 08:33 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-12-12 17:10 - 2018-12-08 08:32 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-12-12 17:10 - 2018-12-08 08:32 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-12-12 17:10 - 2018-12-08 08:32 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-12-12 17:10 - 2018-12-08 08:32 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-12-12 17:10 - 2018-12-08 08:30 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-12-12 17:10 - 2018-12-08 08:29 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-12-12 17:10 - 2018-12-08 08:29 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-12-12 17:10 - 2018-12-08 08:28 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-12-12 17:10 - 2018-12-08 08:28 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-12-12 17:10 - 2018-12-08 08:28 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-12-12 17:10 - 2018-12-08 08:27 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-12-12 17:10 - 2018-12-08 08:27 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-12-12 17:10 - 2018-12-08 08:25 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-12-12 17:10 - 2018-12-08 08:25 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2018-12-12 17:10 - 2018-12-08 08:25 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-12-12 17:10 - 2018-12-08 08:24 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-12-12 17:10 - 2018-11-09 07:00 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-12-12 17:10 - 2018-11-09 06:59 - 008623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-12-12 17:10 - 2018-11-09 06:56 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-12-12 17:10 - 2018-11-09 06:56 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2018-12-12 17:10 - 2018-11-09 06:55 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-12-12 17:10 - 2018-11-09 06:20 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-12-12 17:10 - 2018-11-09 06:18 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-12-12 17:10 - 2018-11-09 06:17 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-12-12 17:10 - 2018-11-09 03:49 - 000565048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-12-12 17:10 - 2018-11-09 03:48 - 003179760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-12-12 17:10 - 2018-11-09 03:48 - 001613288 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-12-12 17:10 - 2018-11-09 03:48 - 000899920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-12-12 17:10 - 2018-11-09 03:48 - 000766704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-12-12 17:10 - 2018-11-09 03:48 - 000745472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-12-12 17:10 - 2018-11-09 03:48 - 000375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-12-12 17:10 - 2018-11-09 03:47 - 002571128 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-12-12 17:10 - 2018-11-09 03:47 - 002062392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-12-12 17:10 - 2018-11-09 03:47 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-12-12 17:10 - 2018-11-09 03:47 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-12-12 17:10 - 2018-11-09 03:21 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-12-12 17:10 - 2018-11-09 03:21 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-12-12 17:10 - 2018-11-09 03:21 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-12-12 17:10 - 2018-11-09 03:21 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2018-12-12 17:10 - 2018-11-09 03:20 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-12-12 17:10 - 2018-11-09 03:20 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-12-12 17:10 - 2018-11-09 03:20 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
2018-12-12 17:10 - 2018-11-09 03:19 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-12-12 17:10 - 2018-11-09 03:19 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-12-12 17:10 - 2018-11-09 03:18 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-12-12 17:10 - 2018-11-09 03:18 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2018-12-12 17:10 - 2018-11-09 03:16 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-12-12 17:10 - 2018-11-09 03:16 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2018-12-12 17:10 - 2018-11-09 03:16 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-12-12 17:10 - 2018-11-09 03:16 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-12-12 17:10 - 2018-11-09 03:15 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-12-12 17:10 - 2018-11-09 03:15 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-12-12 17:10 - 2018-11-09 03:07 - 002417976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-12-12 17:10 - 2018-11-09 03:07 - 001299704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-12-12 17:10 - 2018-11-09 02:48 - 000550728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-12-12 17:10 - 2018-11-09 02:46 - 002253184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-12-12 17:10 - 2018-11-09 02:46 - 002161008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-12-12 17:10 - 2018-11-09 02:46 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-12-12 17:10 - 2018-11-09 02:46 - 000829960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-12-12 17:10 - 2018-11-09 02:46 - 000721024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-12-12 17:10 - 2018-11-09 02:46 - 000573504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-12-12 17:10 - 2018-11-09 02:31 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-12-12 17:10 - 2018-11-09 02:29 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-12-12 17:10 - 2018-11-09 02:29 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-12-12 17:10 - 2018-11-09 02:29 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-12-12 17:10 - 2018-11-09 02:28 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-12-12 17:10 - 2018-11-09 02:28 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-12-12 17:10 - 2018-11-09 02:26 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-12-12 17:10 - 2018-11-09 02:25 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-12-12 17:10 - 2018-11-09 02:25 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 001786896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 001627656 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 001422864 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 001048712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 001038352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000954384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000830480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000825352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000750096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000670224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000652296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000495632 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000399880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000258064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVFileSystemMetadata.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000231440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2018-12-12 17:09 - 2018-12-08 13:47 - 000228368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamMap.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000201744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000180752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2018-12-12 17:09 - 2018-12-08 13:47 - 000173072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVNice.exe
2018-12-12 17:09 - 2018-12-08 13:46 - 000549760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2018-12-12 17:09 - 2018-12-08 13:43 - 000304144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2018-12-12 17:09 - 2018-12-08 13:42 - 004527800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-12-12 17:09 - 2018-12-08 13:42 - 001616824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-12-12 17:09 - 2018-12-08 13:39 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2018-12-12 17:09 - 2018-12-08 13:29 - 013572608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-12-12 17:09 - 2018-12-08 13:29 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-12-12 17:09 - 2018-12-08 13:28 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-12-12 17:09 - 2018-12-08 13:28 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-12-12 17:09 - 2018-12-08 13:27 - 005657600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-12-12 17:09 - 2018-12-08 13:27 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.SecureAssessment.dll
2018-12-12 17:09 - 2018-12-08 13:27 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2018-12-12 17:09 - 2018-12-08 13:27 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdBth.dll
2018-12-12 17:09 - 2018-12-08 13:23 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-12-12 17:09 - 2018-12-08 13:23 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-12-12 17:09 - 2018-12-08 13:23 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-12-12 17:09 - 2018-12-08 13:23 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-12-12 17:09 - 2018-12-08 13:22 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-12-12 17:09 - 2018-12-08 13:22 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-12-12 17:09 - 2018-12-08 09:13 - 001040936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-12-12 17:09 - 2018-12-08 09:12 - 000092688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2018-12-12 17:09 - 2018-12-08 09:07 - 005625352 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-12-12 17:09 - 2018-12-08 09:07 - 001328632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2018-12-12 17:09 - 2018-12-08 09:07 - 001063416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-12-12 17:09 - 2018-12-08 09:07 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-12-12 17:09 - 2018-12-08 09:06 - 000777512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-12-12 17:09 - 2018-12-08 09:06 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-12-12 17:09 - 2018-12-08 09:06 - 000249088 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2018-12-12 17:09 - 2018-12-08 09:05 - 007436216 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-12-12 17:09 - 2018-12-08 09:05 - 001018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2018-12-12 17:09 - 2018-12-08 09:05 - 000421176 _____ (Microsoft Corporation) C:\WINDOWS\system32\xbgmengine.dll
2018-12-12 17:09 - 2018-12-08 09:05 - 000130312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-12-12 17:09 - 2018-12-08 09:05 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fileinfo.sys
2018-12-12 17:09 - 2018-12-08 09:04 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-12-12 17:09 - 2018-12-08 09:04 - 001943328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-12-12 17:09 - 2018-12-08 09:04 - 001457032 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-12-12 17:09 - 2018-12-08 09:04 - 001257672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-12-12 17:09 - 2018-12-08 09:04 - 001188512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-12-12 17:09 - 2018-12-08 09:04 - 001140480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-12-12 17:09 - 2018-12-08 09:04 - 000982912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-12-12 17:09 - 2018-12-08 09:04 - 000375608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-12-12 17:09 - 2018-12-08 09:04 - 000268280 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-12-12 17:09 - 2018-12-08 09:04 - 000158624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-12-12 17:09 - 2018-12-08 09:04 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2018-12-12 17:09 - 2018-12-08 09:04 - 000058168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2018-12-12 17:09 - 2018-12-08 09:04 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2018-12-12 17:09 - 2018-12-08 08:49 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-12-12 17:09 - 2018-12-08 08:47 - 000785760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-12-12 17:09 - 2018-12-08 08:46 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-12-12 17:09 - 2018-12-08 08:46 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-12-12 17:09 - 2018-12-08 08:45 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-12-12 17:09 - 2018-12-08 08:45 - 001620472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-12-12 17:09 - 2018-12-08 08:45 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-12-12 17:09 - 2018-12-08 08:42 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-12-12 17:09 - 2018-12-08 08:40 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-12-12 17:09 - 2018-12-08 08:40 - 004384768 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-12-12 17:09 - 2018-12-08 08:39 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnsruprov.dll
2018-12-12 17:09 - 2018-12-08 08:38 - 022016000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-12-12 17:09 - 2018-12-08 08:38 - 000419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\eeprov.dll
2018-12-12 17:09 - 2018-12-08 08:38 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2018-12-12 17:09 - 2018-12-08 08:38 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2018-12-12 17:09 - 2018-12-08 08:38 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2018-12-12 17:09 - 2018-12-08 08:38 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-12-12 17:09 - 2018-12-08 08:38 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2018-12-12 17:09 - 2018-12-08 08:37 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-12-12 17:09 - 2018-12-08 08:37 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2018-12-12 17:09 - 2018-12-08 08:37 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2018-12-12 17:09 - 2018-12-08 08:37 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll
2018-12-12 17:09 - 2018-12-08 08:37 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2018-12-12 17:09 - 2018-12-08 08:37 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2018-12-12 17:09 - 2018-12-08 08:37 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2018-12-12 17:09 - 2018-12-08 08:36 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-12-12 17:09 - 2018-12-08 08:36 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-12-12 17:09 - 2018-12-08 08:36 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-12-12 17:09 - 2018-12-08 08:36 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-12-12 17:09 - 2018-12-08 08:36 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2018-12-12 17:09 - 2018-12-08 08:36 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2018-12-12 17:09 - 2018-12-08 08:36 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2018-12-12 17:09 - 2018-12-08 08:36 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mmcss.sys
2018-12-12 17:09 - 2018-12-08 08:35 - 002126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2018-12-12 17:09 - 2018-12-08 08:35 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-12-12 17:09 - 2018-12-08 08:35 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-12-12 17:09 - 2018-12-08 08:34 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-12-12 17:09 - 2018-12-08 08:34 - 000693248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2018-12-12 17:09 - 2018-12-08 08:33 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-12-12 17:09 - 2018-12-08 08:33 - 001457152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-12-12 17:09 - 2018-12-08 08:33 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-12-12 17:09 - 2018-12-08 08:33 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-12-12 17:09 - 2018-12-08 08:33 - 000823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2018-12-12 17:09 - 2018-12-08 08:33 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-12-12 17:09 - 2018-12-08 08:32 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-12-12 17:09 - 2018-12-08 08:32 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-12-12 17:09 - 2018-12-08 08:30 - 002966528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-12-12 17:09 - 2018-12-08 08:30 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2018-12-12 17:09 - 2018-12-08 08:29 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2018-12-12 17:09 - 2018-12-08 08:29 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2018-12-12 17:09 - 2018-12-08 08:28 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-12-12 17:09 - 2018-12-08 08:28 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-12-12 17:09 - 2018-12-08 08:28 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-12-12 17:09 - 2018-12-08 08:27 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-12-12 17:09 - 2018-12-08 08:27 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-12-12 17:09 - 2018-12-08 08:27 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2018-12-12 17:09 - 2018-12-08 08:27 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2018-12-12 17:09 - 2018-12-08 08:26 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-12-12 17:09 - 2018-12-08 08:26 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-12-12 17:09 - 2018-12-08 08:25 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-12-12 17:09 - 2018-12-08 08:25 - 000702464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2018-12-12 17:09 - 2018-12-08 08:25 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2018-12-12 17:09 - 2018-12-08 08:24 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2018-12-12 17:09 - 2018-12-08 08:24 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-12-12 17:09 - 2018-12-08 08:24 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-12-12 17:09 - 2018-12-08 07:16 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-12-12 17:09 - 2018-11-09 07:15 - 021388752 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-12-12 17:09 - 2018-11-09 06:58 - 000244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2018-12-12 17:09 - 2018-11-09 06:57 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-12-12 17:09 - 2018-11-09 06:57 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2018-12-12 17:09 - 2018-11-09 06:56 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2018-12-12 17:09 - 2018-11-09 06:55 - 001254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-12-12 17:09 - 2018-11-09 06:54 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2018-12-12 17:09 - 2018-11-09 06:32 - 020383832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-12-12 17:09 - 2018-11-09 06:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-12-12 17:09 - 2018-11-09 06:20 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-12-12 17:09 - 2018-11-09 06:19 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2018-12-12 17:09 - 2018-11-09 06:18 - 000320512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2018-12-12 17:09 - 2018-11-09 03:56 - 001213472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-12-12 17:09 - 2018-11-09 03:49 - 000723416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-12-12 17:09 - 2018-11-09 03:49 - 000368656 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-12-12 17:09 - 2018-11-09 03:48 - 002719736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-12-12 17:09 - 2018-11-09 03:47 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-12-12 17:09 - 2018-11-09 03:47 - 000537912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2018-12-12 17:09 - 2018-11-09 03:22 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-12-12 17:09 - 2018-11-09 03:22 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2018-12-12 17:09 - 2018-11-09 03:21 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-12-12 17:09 - 2018-11-09 03:20 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys
2018-12-12 17:09 - 2018-11-09 03:20 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2018-12-12 17:09 - 2018-11-09 03:19 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2018-12-12 17:09 - 2018-11-09 03:18 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-12-12 17:09 - 2018-11-09 03:18 - 000573952 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2018-12-12 17:09 - 2018-11-09 03:18 - 000300032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2018-12-12 17:09 - 2018-11-09 03:17 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-12-12 17:09 - 2018-11-09 03:17 - 001069568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-12-12 17:09 - 2018-11-09 03:16 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-12-12 17:09 - 2018-11-09 03:15 - 000933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-12-12 17:09 - 2018-11-09 03:15 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-12-12 17:09 - 2018-11-09 02:47 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2018-12-12 17:09 - 2018-11-09 02:31 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-12-12 17:09 - 2018-11-09 02:30 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2018-12-12 17:09 - 2018-11-09 02:30 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2018-12-12 17:09 - 2018-11-09 02:29 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-12-12 17:09 - 2018-11-09 02:27 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2018-12-12 17:09 - 2018-11-09 02:26 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-12-12 17:09 - 2018-11-09 02:26 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-12-12 17:09 - 2018-11-09 02:26 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-12-12 17:09 - 2018-05-20 19:20 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hvsicontainerservice.dll

2018-12-02 10:10 - 2018-12-02 10:15 - 000000000 ____D C:\Users\warto\OneDrive\Dokumenty\Witcher 2
2018-12-02 10:10 - 2018-12-02 10:10 - 000000000 ___DC C:\Users\warto\AppData\Local\The Witcher 2
2018-12-02 09:55 - 2018-12-02 09:55 - 000001150 _____ C:\Users\Public\Desktop\Spustit hru The Witcher 2 (CZ).lnk
2018-12-02 09:55 - 2018-12-02 09:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 2 (CZ)
2018-12-02 09:36 - 2018-12-02 09:55 - 000000000 ____D C:\Program Files (x86)\The Witcher 2 (CZ)
2018-12-02 05:34 - 2018-12-02 08:07 - 000000000 ____D C:\Zaklínač 2 Vrahové Králů Rozšířená Edice
2018-12-02 05:34 - 2018-12-02 05:34 - 000039787 _____ C:\Users\warto\Downloads\[CzT]Zaklinac_2_Vrahove_Kralu_Rozsirena_Edice_The_Witcher_2_Assassins_of_Kings_Enchanced_Edition_CZ_.torrent
2018-12-02 05:26 - 2018-12-02 05:29 - 000041365 _____ C:\WINDOWS\SysWOW64\photorec.ses
2018-12-02 05:24 - 2018-12-02 05:26 - 000000000 ____D C:\Recovered Files
2018-12-02 05:21 - 2018-12-02 05:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transcend
2018-12-02 05:21 - 2018-12-02 05:21 - 000000000 ____D C:\Program Files (x86)\Transcend
2018-12-02 05:20 - 2018-12-02 05:20 - 001962912 _____ (Transcend Information, Inc. ) C:\Users\warto\Downloads\RecoveRx_Win_v3.8.0_setup.exe
2018-12-02 05:19 - 2018-12-02 05:19 - 000889416 _____ (Microsoft Corporation) C:\Users\warto\Downloads\dotNetFx40_Full_setup.exe
2018-12-02 05:13 - 2018-12-02 05:14 - 004302002 _____ C:\Users\warto\Downloads\OnLineRecovery_v1.2.exe
2018-12-02 05:12 - 2018-12-02 05:12 - 006361858 _____ C:\Users\warto\Downloads\OnLineRecovery_JF620_v9.0.0.28.exe
2018-11-22 10:23 - 2018-11-22 10:23 - 000000314 ____C C:\Users\warto\Desktop\Fortnite.url
2018-11-22 03:02 - 2018-11-22 03:03 - 004675538 _____ C:\Users\warto\Downloads\034.rar
2018-11-21 23:17 - 2018-11-21 23:17 - 000051142 _____ C:\Users\warto\Downloads\[CzT]Far_Cry_4_2014_CZ_.torrent
2018-11-21 05:08 - 2018-11-21 05:59 - 000000000 ____D C:\Users\warto\OneDrive\Dokumenty\Overwatch
2018-11-21 03:53 - 2018-11-21 03:53 - 000000000 ____D C:\Users\warto\OneDrive\Dokumenty\Diablo III
2018-11-21 00:43 - 2018-11-22 00:38 - 000000000 ____D C:\Program Files (x86)\World of Warcraft
2018-11-21 00:41 - 2018-11-21 00:41 - 000021785 _____ C:\Users\warto\Downloads\[CzT]Diablo_3_Diablo_III_Collectors_Edition.torrent
2018-11-20 03:52 - 2018-11-20 03:52 - 004366436 _____ C:\Users\warto\Downloads\dpr.rar
2018-11-16 18:04 - 2018-12-07 19:55 - 000000000 ____D C:\Program Files\rempl
2018-11-16 05:45 - 2018-11-16 05:45 - 001573568 _____ C:\Users\warto\Downloads\SteamSetup.exe
2018-11-14 19:29 - 2018-11-14 19:29 - 000036554 _____ C:\Users\warto\Downloads\9.11.2018_EXPOWIN-spol.-s-r.o..pdf
2018-11-14 17:05 - 2018-11-01 12:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-11-14 17:05 - 2018-11-01 12:45 - 001376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-11-14 17:05 - 2018-11-01 12:30 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-11-14 17:05 - 2018-11-01 12:30 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-11-14 17:05 - 2018-11-01 12:29 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2018-11-14 17:05 - 2018-11-01 12:28 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-11-14 17:05 - 2018-11-01 12:27 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-11-14 17:05 - 2018-11-01 12:26 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2018-11-14 17:05 - 2018-11-01 12:26 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2018-11-14 17:05 - 2018-11-01 11:09 - 001027000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-11-14 17:05 - 2018-11-01 10:56 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2018-11-14 17:05 - 2018-11-01 10:56 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-11-14 17:05 - 2018-11-01 10:53 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-11-14 17:05 - 2018-11-01 10:15 - 023861760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-11-14 17:05 - 2018-11-01 10:13 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-11-14 17:05 - 2018-11-01 08:26 - 003291640 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-11-14 17:05 - 2018-11-01 08:26 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-11-14 17:05 - 2018-11-01 08:25 - 001784680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-11-14 17:05 - 2018-11-01 08:25 - 001288920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-11-14 17:05 - 2018-11-01 08:25 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-11-14 17:05 - 2018-11-01 08:25 - 000463672 _____ (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
2018-11-14 17:05 - 2018-11-01 08:03 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmtask.exe
2018-11-14 17:05 - 2018-11-01 08:02 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmapi.dll
2018-11-14 17:05 - 2018-11-01 08:02 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CSystemEventsBrokerClient.dll
2018-11-14 17:05 - 2018-11-01 08:00 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-11-14 17:05 - 2018-11-01 08:00 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-11-14 17:05 - 2018-11-01 07:59 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-11-14 17:05 - 2018-11-01 07:59 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-11-14 17:05 - 2018-11-01 07:59 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2018-11-14 17:05 - 2018-11-01 07:59 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-11-14 17:05 - 2018-11-01 07:59 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2018-11-14 17:05 - 2018-11-01 07:58 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-11-14 17:05 - 2018-11-01 07:58 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-11-14 17:05 - 2018-11-01 07:57 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-11-14 17:05 - 2018-11-01 07:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-11-14 17:05 - 2018-11-01 07:57 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-11-14 17:05 - 2018-11-01 07:57 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-11-14 17:05 - 2018-11-01 07:57 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-11-14 17:05 - 2018-11-01 07:56 - 002929664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2018-11-14 17:05 - 2018-11-01 07:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-11-14 17:05 - 2018-11-01 07:56 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-11-14 17:05 - 2018-11-01 07:54 - 001679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-11-14 17:05 - 2018-11-01 07:54 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-11-14 17:05 - 2018-11-01 07:54 - 000606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-11-14 17:05 - 2018-11-01 07:53 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-11-14 17:05 - 2018-11-01 07:53 - 001373696 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-11-14 17:05 - 2018-11-01 07:53 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-11-14 17:05 - 2018-11-01 07:53 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-11-14 17:05 - 2018-11-01 05:48 - 002478872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-11-14 17:05 - 2018-11-01 05:48 - 000880248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-11-14 17:05 - 2018-11-01 05:48 - 000384520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coml2.dll
2018-11-14 17:05 - 2018-11-01 05:47 - 001020064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-11-14 17:05 - 2018-11-01 05:47 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-11-14 17:05 - 2018-11-01 05:33 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-11-14 17:05 - 2018-11-01 05:30 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-11-14 17:05 - 2018-11-01 05:29 - 001862656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2018-11-14 17:05 - 2018-11-01 05:29 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2018-11-14 17:05 - 2018-11-01 05:28 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-11-14 17:05 - 2018-11-01 05:27 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-11-14 17:05 - 2018-11-01 05:27 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-13 21:35 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-12-13 21:35 - 2018-02-24 12:08 - 000000000 ____D C:\FRST
2018-12-13 20:38 - 2018-02-16 17:11 - 000000000 ___DC C:\Users\warto\AppData\LocalLow\Mozilla
2018-12-13 18:10 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-12-13 18:10 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-12-13 18:10 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2018-12-13 18:10 - 2017-09-07 19:12 - 000000000 ____D C:\ProgramData\NVIDIA
2018-12-13 15:37 - 2018-11-02 03:24 - 000002215 ____C C:\Users\warto\Desktop\Discord.lnk
2018-12-13 15:05 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-12-13 15:03 - 2018-05-20 19:32 - 001689114 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-12-13 15:03 - 2018-05-20 19:30 - 000004212 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E88C2868-49A2-458F-AB33-2959AC309739}
2018-12-13 15:03 - 2018-04-12 16:51 - 000715034 _____ C:\WINDOWS\system32\perfh005.dat
2018-12-13 15:03 - 2018-04-12 16:51 - 000144328 _____ C:\WINDOWS\system32\perfc005.dat
2018-12-13 14:59 - 2018-11-05 21:25 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-12-13 14:59 - 2018-05-20 19:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-12-13 14:59 - 2018-05-20 19:25 - 000251384 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-12-13 14:59 - 2017-10-23 15:13 - 000000000 ___RD C:\Users\warto\3D Objects
2018-12-13 14:59 - 2017-09-07 17:26 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-12-13 00:47 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-12-13 00:47 - 2018-04-12 00:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-12-13 00:47 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-12-13 00:47 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellComponents
2018-12-13 00:47 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-12-13 00:47 - 2018-04-11 22:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-12-12 17:15 - 2017-09-07 19:14 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-12-12 17:14 - 2017-09-07 19:14 - 137260640 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-12-12 17:12 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-12-12 16:41 - 2018-02-10 13:52 - 000000000 ___DC C:\Users\warto\AppData\Roaming\vlc
2018-12-11 23:38 - 2018-06-24 00:12 - 000000000 ___DC C:\Users\warto\AppData\Local\Battle.net
2018-12-11 21:07 - 2018-10-03 19:25 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-12-09 21:48 - 2018-10-07 21:44 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2018-12-09 20:05 - 2018-05-20 19:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-12-07 05:27 - 2017-10-23 05:11 - 000000000 ___DC C:\Users\warto\AppData\Local\Packages
2018-12-06 18:49 - 2018-05-20 19:35 - 000000000 ___DC C:\Users\warto\AppData\Local\D3DSCache
2018-12-06 15:23 - 2018-03-25 01:13 - 000000000 ___DC C:\Users\warto\AppData\Local\UnrealEngine
2018-12-05 18:14 - 2018-10-06 02:44 - 000004666 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-12-05 18:14 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-12-05 18:14 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-12-04 18:23 - 2017-09-22 23:54 - 000000000 ___DC C:\Users\warto\AppData\Roaming\BitTorrent
2018-12-03 14:24 - 2018-05-20 19:30 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3012513600-1294068158-3791818399-1001
2018-12-03 14:24 - 2018-05-20 19:26 - 000002391 ____C C:\Users\warto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-12-03 14:24 - 2017-09-07 17:28 - 000000000 ___RD C:\Users\warto\OneDrive
2018-12-02 04:33 - 2017-09-22 23:54 - 000000896 ____C C:\Users\warto\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2018-12-02 04:31 - 2018-01-15 16:30 - 000000000 ____D C:\Hry
2018-12-01 07:36 - 2018-02-16 17:05 - 000000910 ____C C:\Users\warto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2018-12-01 05:01 - 2018-04-12 00:41 - 000835688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-12-01 05:01 - 2018-04-12 00:41 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-29 23:26 - 2017-11-09 17:14 - 000000000 __RDC C:\Users\warto\Desktop\nevermind
2018-11-27 02:54 - 2017-09-07 18:09 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-22 07:19 - 2018-07-02 21:37 - 000000000 ____D C:\Program Files\Epic Games
2018-11-22 01:30 - 2018-05-08 11:14 - 000000000 ____D C:\Users\warto\OneDrive\Dokumenty\My Games
2018-11-22 01:07 - 2018-05-20 20:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hry
2018-11-21 05:33 - 2017-09-07 18:54 - 000000000 ___DC C:\Users\warto\AppData\Local\Blizzard Entertainment
2018-11-21 03:53 - 2018-06-24 00:12 - 000000000 ___DC C:\Users\warto\AppData\Roaming\Battle.net
2018-11-16 17:17 - 2017-12-09 13:43 - 000000000 ____D C:\Users\warto\ansel
2018-11-16 05:54 - 2018-08-31 17:21 - 000000000 ____D C:\Program Files\DAEMON Tools Lite
2018-11-16 05:53 - 2018-08-31 18:36 - 000000000 ____D C:\ProgramData\Electronic Arts
2018-11-16 05:53 - 2018-08-31 17:32 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-11-16 05:46 - 2018-02-12 23:07 - 000000000 ___DC C:\Users\warto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-11-15 17:44 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-11-15 17:44 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-11-15 17:44 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-11-15 17:44 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-11-14 16:20 - 2018-10-06 02:44 - 000004506 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-11-13 00:48 - 2018-05-20 19:26 - 000000000 ____D C:\Users\warto

==================== Files in the root of some directories =======

2018-11-06 22:28 - 2018-11-06 22:28 - 000000001 ____C () C:\Users\warto\AppData\Local\llftool.4.40.agreement

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-20 19:25

==================== End of FRST.txt ============================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prevence <PC>

#2 Příspěvek od Diallix »

Dobry den.

:arrow: Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, klikni na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Tommy Puerto
Návštěvník
Návštěvník
Příspěvky: 43
Registrován: 04 zář 2014 01:52

Re: Prevence <PC>

#3 Příspěvek od Tommy Puerto »

Hotovo, tady to je.


# -------------------------------
# Malwarebytes AdwCleaner 7.2.5.0
# -------------------------------
# Build: 11-26-2018
# Database: 2018-12-07.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-14-2018
# Duration: 00:00:03
# OS: Windows 10 Pro
# Cleaned: 12
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\DllKitPRO

***** [ Registry ] *****

Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB6EA1DB-24FD-49A7-861D-F6DAFF495577}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DllKitPRO
Deleted HKCU\Software\csastats
Deleted HKCU\Software\PRODUCTSETUP

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted Glary Search
Deleted Slunečnice
Deleted http://home.sweetim.com/?crg=3.1010000. ... 1D60ABBE54}
Deleted http://home.sweetim.com/?crg=3.1010000. ... 1D60ABBE54}
Deleted Search Here
Deleted Search Here
Deleted Softonic EN

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2071 octets] - [14/12/2018 14:07:16]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prevence <PC>

#4 Příspěvek od Diallix »

Super.

Mozem poprosit o nove logy FRST a Addition.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Tommy Puerto
Návštěvník
Návštěvník
Příspěvky: 43
Registrován: 04 zář 2014 01:52

Re: Prevence <PC>

#5 Příspěvek od Tommy Puerto »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.12.2018
Ran by warto (administrator) on DESKTOP-QD17RQH (14-12-2018 14:17:39)
Running from C:\Users\warto\Downloads
Loaded Profiles: warto (Available Profiles: warto & Host)
Platform: Windows 10 Pro Version 1803 17134.471 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\warto\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [126712 2018-09-26] (Intel)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35149712 2018-12-14] (Epic Games, Inc.)
HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\Run: [Discord] => C:\Users\warto\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\Run: [Steam] => "C:\Program Files (x86)\Steam\steam.exe" -silent
HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\Policies\Explorer: [NoSecurityTab] 1
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.1.0.33
Tcpip\..\Interfaces\{16ff6cb6-5bf3-40ec-a69e-69d9cc19bb7c}: [DhcpNameServer] 10.1.0.33

Internet Explorer:
==================

FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-09-06] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-09-06] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin HKU\S-1-5-21-3012513600-1294068158-3791818399-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\warto\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR DefaultSearchKeyword: Default -> google.cz_
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\warto\AppData\Local\Google\Chrome\User Data\Default [2018-12-14]
CHR Extension: (Seznam doplněk - Email) - C:\Users\warto\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2018-11-22]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\warto\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2018-12-04]
CHR Extension: (Seznam doplněk - Esko-) - C:\Users\warto\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2018-11-22]
CHR Extension: (Adblock Plus) - C:\Users\warto\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-12-04]
CHR Extension: (uBlock) - C:\Users\warto\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2018-11-18]
CHR Extension: (Auto Refresh Blocker) - C:\Users\warto\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmhmgghfmjjoejobimppckbalonobkck [2018-06-04]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\warto\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Ochrana hesla) - C:\Users\warto\AppData\Local\Google\Chrome\User Data\Default\Extensions\noondiphcddnnabmjcihcjfbhfklnnep [2018-06-04]
CHR Extension: (Seznam doplněk - Esko) - C:\Users\warto\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2018-11-22]
CHR Extension: (Chrome Media Router) - C:\Users\warto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-20]
CHR Profile: C:\Users\warto\AppData\Local\Google\Chrome\User Data\System Profile [2018-02-24]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7356680 2018-11-08] ()
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [23800 2018-09-26] (Intel)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-25] (EasyAntiCheat Ltd)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [937192 2018-09-19] ()
S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [194792 2018-09-19] ()
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [937192 2018-09-19] ()
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\NisSrv.exe [3847376 2018-09-25] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MsMpEng.exe [114200 2018-09-25] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-08-31] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-08-31] (Disc Soft Ltd)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-12-14] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_8e4f37220e99138f\nvlddmkm.sys [17213824 2018-09-25] (NVIDIA Corporation)
R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [43008 2018-09-19] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46184 2018-09-25] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [352424 2018-09-25] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60584 2018-09-25] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-14 14:17 - 2018-12-14 14:17 - 002417152 _____ (Farbar) C:\Users\warto\Downloads\FRST64 (1).exe
2018-12-14 14:08 - 2018-12-14 14:08 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-12-14 13:06 - 2018-12-14 13:06 - 007321808 _____ (Malwarebytes) C:\Users\warto\Downloads\adwcleaner_7.2.5.0.exe
2018-12-13 21:38 - 2018-12-13 21:38 - 000041045 _____ C:\Users\warto\Downloads\Addition.txt
2018-12-13 21:35 - 2018-12-14 14:17 - 000011898 _____ C:\Users\warto\Downloads\FRST.txt
2018-12-13 21:35 - 2018-12-13 21:35 - 002417152 _____ (Farbar) C:\Users\warto\Downloads\FRST64.exe
2018-12-13 21:34 - 2018-12-13 21:34 - 001776640 _____ (Farbar) C:\Users\warto\Downloads\FRST.exe
2018-12-13 20:46 - 2018-12-13 20:55 - 364440026 _____ C:\Users\warto\Downloads\BXZ131.7z
2018-12-13 14:59 - 2018-12-13 14:59 - 000000000 ____D C:\WINDOWS\Panther
2018-12-12 20:15 - 2018-12-12 20:28 - 280000000 _____ C:\Users\warto\Downloads\btrbbt.part3.rar
2018-12-12 20:15 - 2018-12-12 20:28 - 280000000 _____ C:\Users\warto\Downloads\btrbbt.part2.rar
2018-12-12 20:15 - 2018-12-12 20:28 - 280000000 _____ C:\Users\warto\Downloads\btrbbt.part1.rar
2018-12-12 20:15 - 2018-12-12 20:27 - 228904558 _____ C:\Users\warto\Downloads\btrbbt.part4.rar
2018-12-12 20:14 - 2018-12-12 20:15 - 041854424 _____ C:\Users\warto\Downloads\robbie.7z
2018-12-12 20:10 - 2018-12-12 20:12 - 058989241 _____ C:\Users\warto\Downloads\Pipi'sworksamples.7z
2018-12-12 18:48 - 2018-12-12 18:48 - 018932116 _____ C:\Users\warto\Downloads\heykittykitty.rar
2018-12-12 18:42 - 2018-12-12 18:42 - 003732436 _____ C:\Users\warto\Downloads\Shooshtar.rar
2018-12-12 18:41 - 2018-12-12 18:45 - 129080452 _____ C:\Users\warto\Downloads\beegee.rar
2018-12-12 17:10 - 2018-12-08 13:48 - 000034104 _____ C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2018-12-12 17:10 - 2018-12-08 13:47 - 000645320 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-12-12 17:10 - 2018-12-08 13:42 - 001634944 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-12-12 17:10 - 2018-12-08 13:41 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-12-12 17:10 - 2018-12-08 13:41 - 000481880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-12-12 17:10 - 2018-12-08 13:40 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-12-12 17:10 - 2018-12-08 13:28 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-12-12 17:10 - 2018-12-08 13:27 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdBth.dll
2018-12-12 17:10 - 2018-12-08 13:25 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-12-12 17:10 - 2018-12-08 13:25 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-12-12 17:10 - 2018-12-08 13:23 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-12-12 17:10 - 2018-12-08 13:23 - 002892288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-12-12 17:10 - 2018-12-08 13:23 - 001856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-12-12 17:10 - 2018-12-08 13:22 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-12-12 17:10 - 2018-12-08 09:12 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-12-12 17:10 - 2018-12-08 09:12 - 000269336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-12-12 17:10 - 2018-12-08 09:07 - 001221632 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-12-12 17:10 - 2018-12-08 09:07 - 001030184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-12-12 17:10 - 2018-12-08 09:07 - 000076280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-12-12 17:10 - 2018-12-08 09:06 - 001017168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-12-12 17:10 - 2018-12-08 09:06 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-12-12 17:10 - 2018-12-08 09:06 - 000491416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-12-12 17:10 - 2018-12-08 09:06 - 000433168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-12-12 17:10 - 2018-12-08 09:05 - 007520096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-12-12 17:10 - 2018-12-08 09:05 - 002822656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-12-12 17:10 - 2018-12-08 09:05 - 002463384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-12-12 17:10 - 2018-12-08 09:05 - 001935008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-12-12 17:10 - 2018-12-08 09:05 - 001209888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-12-12 17:10 - 2018-12-08 09:05 - 000793592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-12-12 17:10 - 2018-12-08 09:05 - 000706040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-12-12 17:10 - 2018-12-08 09:05 - 000594224 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-12-12 17:10 - 2018-12-08 09:05 - 000413920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-12-12 17:10 - 2018-12-08 09:05 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-12-12 17:10 - 2018-12-08 09:04 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-12-12 17:10 - 2018-12-08 09:04 - 002590296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2018-12-12 17:10 - 2018-12-08 09:04 - 002371296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-12-12 17:10 - 2018-12-08 09:04 - 001150312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-12-12 17:10 - 2018-12-08 09:04 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-12-12 17:10 - 2018-12-08 09:04 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-12-12 17:10 - 2018-12-08 09:04 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-12-12 17:10 - 2018-12-08 09:04 - 000416024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2018-12-12 17:10 - 2018-12-08 09:04 - 000413176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-12-12 17:10 - 2018-12-08 09:04 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-12-12 17:10 - 2018-12-08 09:04 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-12-12 17:10 - 2018-12-08 08:47 - 000861744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-12-12 17:10 - 2018-12-08 08:46 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-12-12 17:10 - 2018-12-08 08:46 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-12-12 17:10 - 2018-12-08 08:46 - 001397104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-12-12 17:10 - 2018-12-08 08:46 - 000457056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2018-12-12 17:10 - 2018-12-08 08:45 - 006569040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-12-12 17:10 - 2018-12-08 08:45 - 004789952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-12-12 17:10 - 2018-12-08 08:45 - 002307240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2018-12-12 17:10 - 2018-12-08 08:45 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-12-12 17:10 - 2018-12-08 08:45 - 001379816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-12-12 17:10 - 2018-12-08 08:45 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-12-12 17:10 - 2018-12-08 08:45 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-12-12 17:10 - 2018-12-08 08:45 - 000129296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-12-12 17:10 - 2018-12-08 08:42 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-12-12 17:10 - 2018-12-08 08:41 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-12-12 17:10 - 2018-12-08 08:38 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-12-12 17:10 - 2018-12-08 08:38 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-12-12 17:10 - 2018-12-08 08:37 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-12-12 17:10 - 2018-12-08 08:37 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-12-12 17:10 - 2018-12-08 08:37 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-12-12 17:10 - 2018-12-08 08:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2018-12-12 17:10 - 2018-12-08 08:36 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-12-12 17:10 - 2018-12-08 08:36 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-12-12 17:10 - 2018-12-08 08:36 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-12-12 17:10 - 2018-12-08 08:36 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-12-12 17:10 - 2018-12-08 08:36 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-12-12 17:10 - 2018-12-08 08:36 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-12-12 17:10 - 2018-12-08 08:35 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-12-12 17:10 - 2018-12-08 08:35 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-12-12 17:10 - 2018-12-08 08:35 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-12-12 17:10 - 2018-12-08 08:34 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-12-12 17:10 - 2018-12-08 08:34 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-12-12 17:10 - 2018-12-08 08:34 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-12-12 17:10 - 2018-12-08 08:34 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-12-12 17:10 - 2018-12-08 08:34 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2018-12-12 17:10 - 2018-12-08 08:33 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-12-12 17:10 - 2018-12-08 08:33 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-12-12 17:10 - 2018-12-08 08:32 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-12-12 17:10 - 2018-12-08 08:32 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-12-12 17:10 - 2018-12-08 08:32 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-12-12 17:10 - 2018-12-08 08:32 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-12-12 17:10 - 2018-12-08 08:30 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-12-12 17:10 - 2018-12-08 08:29 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-12-12 17:10 - 2018-12-08 08:29 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-12-12 17:10 - 2018-12-08 08:28 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-12-12 17:10 - 2018-12-08 08:28 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-12-12 17:10 - 2018-12-08 08:28 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-12-12 17:10 - 2018-12-08 08:27 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-12-12 17:10 - 2018-12-08 08:27 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-12-12 17:10 - 2018-12-08 08:25 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-12-12 17:10 - 2018-12-08 08:25 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2018-12-12 17:10 - 2018-12-08 08:25 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-12-12 17:10 - 2018-12-08 08:24 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-12-12 17:10 - 2018-11-09 07:00 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-12-12 17:10 - 2018-11-09 06:59 - 008623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-12-12 17:10 - 2018-11-09 06:56 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-12-12 17:10 - 2018-11-09 06:56 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2018-12-12 17:10 - 2018-11-09 06:55 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-12-12 17:10 - 2018-11-09 06:20 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-12-12 17:10 - 2018-11-09 06:18 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-12-12 17:10 - 2018-11-09 06:17 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-12-12 17:10 - 2018-11-09 03:49 - 000565048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-12-12 17:10 - 2018-11-09 03:48 - 003179760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-12-12 17:10 - 2018-11-09 03:48 - 001613288 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-12-12 17:10 - 2018-11-09 03:48 - 000899920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-12-12 17:10 - 2018-11-09 03:48 - 000766704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-12-12 17:10 - 2018-11-09 03:48 - 000745472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-12-12 17:10 - 2018-11-09 03:48 - 000375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-12-12 17:10 - 2018-11-09 03:47 - 002571128 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-12-12 17:10 - 2018-11-09 03:47 - 002062392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-12-12 17:10 - 2018-11-09 03:47 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-12-12 17:10 - 2018-11-09 03:47 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-12-12 17:10 - 2018-11-09 03:21 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-12-12 17:10 - 2018-11-09 03:21 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-12-12 17:10 - 2018-11-09 03:21 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-12-12 17:10 - 2018-11-09 03:21 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2018-12-12 17:10 - 2018-11-09 03:20 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-12-12 17:10 - 2018-11-09 03:20 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-12-12 17:10 - 2018-11-09 03:20 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
2018-12-12 17:10 - 2018-11-09 03:19 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-12-12 17:10 - 2018-11-09 03:19 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-12-12 17:10 - 2018-11-09 03:18 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-12-12 17:10 - 2018-11-09 03:18 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2018-12-12 17:10 - 2018-11-09 03:16 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-12-12 17:10 - 2018-11-09 03:16 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2018-12-12 17:10 - 2018-11-09 03:16 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-12-12 17:10 - 2018-11-09 03:16 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-12-12 17:10 - 2018-11-09 03:15 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-12-12 17:10 - 2018-11-09 03:15 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-12-12 17:10 - 2018-11-09 03:07 - 002417976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-12-12 17:10 - 2018-11-09 03:07 - 001299704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-12-12 17:10 - 2018-11-09 02:48 - 000550728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-12-12 17:10 - 2018-11-09 02:46 - 002253184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-12-12 17:10 - 2018-11-09 02:46 - 002161008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-12-12 17:10 - 2018-11-09 02:46 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-12-12 17:10 - 2018-11-09 02:46 - 000829960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-12-12 17:10 - 2018-11-09 02:46 - 000721024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-12-12 17:10 - 2018-11-09 02:46 - 000573504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-12-12 17:10 - 2018-11-09 02:31 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-12-12 17:10 - 2018-11-09 02:29 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-12-12 17:10 - 2018-11-09 02:29 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-12-12 17:10 - 2018-11-09 02:29 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-12-12 17:10 - 2018-11-09 02:28 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-12-12 17:10 - 2018-11-09 02:28 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-12-12 17:10 - 2018-11-09 02:26 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-12-12 17:10 - 2018-11-09 02:25 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-12-12 17:10 - 2018-11-09 02:25 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 001786896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 001627656 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 001422864 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 001048712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 001038352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000954384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000830480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000825352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000750096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000670224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000652296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000495632 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000399880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000258064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVFileSystemMetadata.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000231440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2018-12-12 17:09 - 2018-12-08 13:47 - 000228368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamMap.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000201744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000180752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2018-12-12 17:09 - 2018-12-08 13:47 - 000173072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVNice.exe
2018-12-12 17:09 - 2018-12-08 13:46 - 000549760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2018-12-12 17:09 - 2018-12-08 13:43 - 000304144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2018-12-12 17:09 - 2018-12-08 13:42 - 004527800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-12-12 17:09 - 2018-12-08 13:42 - 001616824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-12-12 17:09 - 2018-12-08 13:39 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2018-12-12 17:09 - 2018-12-08 13:29 - 013572608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-12-12 17:09 - 2018-12-08 13:29 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-12-12 17:09 - 2018-12-08 13:28 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-12-12 17:09 - 2018-12-08 13:28 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-12-12 17:09 - 2018-12-08 13:27 - 005657600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-12-12 17:09 - 2018-12-08 13:27 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.SecureAssessment.dll
2018-12-12 17:09 - 2018-12-08 13:27 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2018-12-12 17:09 - 2018-12-08 13:27 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdBth.dll
2018-12-12 17:09 - 2018-12-08 13:23 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-12-12 17:09 - 2018-12-08 13:23 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-12-12 17:09 - 2018-12-08 13:23 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-12-12 17:09 - 2018-12-08 13:23 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-12-12 17:09 - 2018-12-08 13:22 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-12-12 17:09 - 2018-12-08 13:22 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-12-12 17:09 - 2018-12-08 09:13 - 001040936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-12-12 17:09 - 2018-12-08 09:12 - 000092688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2018-12-12 17:09 - 2018-12-08 09:07 - 005625352 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-12-12 17:09 - 2018-12-08 09:07 - 001328632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2018-12-12 17:09 - 2018-12-08 09:07 - 001063416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-12-12 17:09 - 2018-12-08 09:07 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-12-12 17:09 - 2018-12-08 09:06 - 000777512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-12-12 17:09 - 2018-12-08 09:06 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-12-12 17:09 - 2018-12-08 09:06 - 000249088 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2018-12-12 17:09 - 2018-12-08 09:05 - 007436216 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-12-12 17:09 - 2018-12-08 09:05 - 001018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2018-12-12 17:09 - 2018-12-08 09:05 - 000421176 _____ (Microsoft Corporation) C:\WINDOWS\system32\xbgmengine.dll
2018-12-12 17:09 - 2018-12-08 09:05 - 000130312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-12-12 17:09 - 2018-12-08 09:05 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fileinfo.sys
2018-12-12 17:09 - 2018-12-08 09:04 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-12-12 17:09 - 2018-12-08 09:04 - 001943328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-12-12 17:09 - 2018-12-08 09:04 - 001457032 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-12-12 17:09 - 2018-12-08 09:04 - 001257672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-12-12 17:09 - 2018-12-08 09:04 - 001188512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-12-12 17:09 - 2018-12-08 09:04 - 001140480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-12-12 17:09 - 2018-12-08 09:04 - 000982912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-12-12 17:09 - 2018-12-08 09:04 - 000375608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-12-12 17:09 - 2018-12-08 09:04 - 000268280 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-12-12 17:09 - 2018-12-08 09:04 - 000158624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-12-12 17:09 - 2018-12-08 09:04 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2018-12-12 17:09 - 2018-12-08 09:04 - 000058168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2018-12-12 17:09 - 2018-12-08 09:04 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2018-12-12 17:09 - 2018-12-08 08:49 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-12-12 17:09 - 2018-12-08 08:47 - 000785760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-12-12 17:09 - 2018-12-08 08:46 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-12-12 17:09 - 2018-12-08 08:46 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-12-12 17:09 - 2018-12-08 08:45 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-12-12 17:09 - 2018-12-08 08:45 - 001620472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-12-12 17:09 - 2018-12-08 08:45 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-12-12 17:09 - 2018-12-08 08:42 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-12-12 17:09 - 2018-12-08 08:40 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-12-12 17:09 - 2018-12-08 08:40 - 004384768 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-12-12 17:09 - 2018-12-08 08:39 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnsruprov.dll
2018-12-12 17:09 - 2018-12-08 08:38 - 022016000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-12-12 17:09 - 2018-12-08 08:38 - 000419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\eeprov.dll
2018-12-12 17:09 - 2018-12-08 08:38 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2018-12-12 17:09 - 2018-12-08 08:38 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2018-12-12 17:09 - 2018-12-08 08:38 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2018-12-12 17:09 - 2018-12-08 08:38 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-12-12 17:09 - 2018-12-08 08:38 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2018-12-12 17:09 - 2018-12-08 08:37 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-12-12 17:09 - 2018-12-08 08:37 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2018-12-12 17:09 - 2018-12-08 08:37 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2018-12-12 17:09 - 2018-12-08 08:37 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll
2018-12-12 17:09 - 2018-12-08 08:37 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2018-12-12 17:09 - 2018-12-08 08:37 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2018-12-12 17:09 - 2018-12-08 08:37 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2018-12-12 17:09 - 2018-12-08 08:36 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-12-12 17:09 - 2018-12-08 08:36 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-12-12 17:09 - 2018-12-08 08:36 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-12-12 17:09 - 2018-12-08 08:36 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-12-12 17:09 - 2018-12-08 08:36 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2018-12-12 17:09 - 2018-12-08 08:36 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2018-12-12 17:09 - 2018-12-08 08:36 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2018-12-12 17:09 - 2018-12-08 08:36 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mmcss.sys
2018-12-12 17:09 - 2018-12-08 08:35 - 002126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2018-12-12 17:09 - 2018-12-08 08:35 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-12-12 17:09 - 2018-12-08 08:35 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-12-12 17:09 - 2018-12-08 08:34 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-12-12 17:09 - 2018-12-08 08:34 - 000693248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2018-12-12 17:09 - 2018-12-08 08:33 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-12-12 17:09 - 2018-12-08 08:33 - 001457152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-12-12 17:09 - 2018-12-08 08:33 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-12-12 17:09 - 2018-12-08 08:33 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-12-12 17:09 - 2018-12-08 08:33 - 000823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2018-12-12 17:09 - 2018-12-08 08:33 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-12-12 17:09 - 2018-12-08 08:32 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-12-12 17:09 - 2018-12-08 08:32 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-12-12 17:09 - 2018-12-08 08:30 - 002966528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-12-12 17:09 - 2018-12-08 08:30 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2018-12-12 17:09 - 2018-12-08 08:29 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2018-12-12 17:09 - 2018-12-08 08:29 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2018-12-12 17:09 - 2018-12-08 08:28 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-12-12 17:09 - 2018-12-08 08:28 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-12-12 17:09 - 2018-12-08 08:28 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-12-12 17:09 - 2018-12-08 08:27 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-12-12 17:09 - 2018-12-08 08:27 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-12-12 17:09 - 2018-12-08 08:27 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2018-12-12 17:09 - 2018-12-08 08:27 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2018-12-12 17:09 - 2018-12-08 08:26 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-12-12 17:09 - 2018-12-08 08:26 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-12-12 17:09 - 2018-12-08 08:25 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-12-12 17:09 - 2018-12-08 08:25 - 000702464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2018-12-12 17:09 - 2018-12-08 08:25 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2018-12-12 17:09 - 2018-12-08 08:24 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2018-12-12 17:09 - 2018-12-08 08:24 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-12-12 17:09 - 2018-12-08 08:24 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-12-12 17:09 - 2018-12-08 07:16 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-12-12 17:09 - 2018-11-09 07:15 - 021388752 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-12-12 17:09 - 2018-11-09 06:58 - 000244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2018-12-12 17:09 - 2018-11-09 06:57 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-12-12 17:09 - 2018-11-09 06:57 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2018-12-12 17:09 - 2018-11-09 06:56 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2018-12-12 17:09 - 2018-11-09 06:55 - 001254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-12-12 17:09 - 2018-11-09 06:54 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2018-12-12 17:09 - 2018-11-09 06:32 - 020383832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-12-12 17:09 - 2018-11-09 06:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-12-12 17:09 - 2018-11-09 06:20 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-12-12 17:09 - 2018-11-09 06:19 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2018-12-12 17:09 - 2018-11-09 06:18 - 000320512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2018-12-12 17:09 - 2018-11-09 03:56 - 001213472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-12-12 17:09 - 2018-11-09 03:49 - 000723416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-12-12 17:09 - 2018-11-09 03:49 - 000368656 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-12-12 17:09 - 2018-11-09 03:48 - 002719736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-12-12 17:09 - 2018-11-09 03:47 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-12-12 17:09 - 2018-11-09 03:47 - 000537912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2018-12-12 17:09 - 2018-11-09 03:22 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-12-12 17:09 - 2018-11-09 03:22 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2018-12-12 17:09 - 2018-11-09 03:21 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-12-12 17:09 - 2018-11-09 03:20 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys
2018-12-12 17:09 - 2018-11-09 03:20 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2018-12-12 17:09 - 2018-11-09 03:19 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2018-12-12 17:09 - 2018-11-09 03:18 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-12-12 17:09 - 2018-11-09 03:18 - 000573952 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2018-12-12 17:09 - 2018-11-09 03:18 - 000300032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2018-12-12 17:09 - 2018-11-09 03:17 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-12-12 17:09 - 2018-11-09 03:17 - 001069568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-12-12 17:09 - 2018-11-09 03:16 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-12-12 17:09 - 2018-11-09 03:15 - 000933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-12-12 17:09 - 2018-11-09 03:15 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-12-12 17:09 - 2018-11-09 02:47 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2018-12-12 17:09 - 2018-11-09 02:31 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-12-12 17:09 - 2018-11-09 02:30 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2018-12-12 17:09 - 2018-11-09 02:30 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2018-12-12 17:09 - 2018-11-09 02:29 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-12-12 17:09 - 2018-11-09 02:27 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2018-12-12 17:09 - 2018-11-09 02:26 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-12-12 17:09 - 2018-11-09 02:26 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-12-12 17:09 - 2018-11-09 02:26 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-12-12 17:09 - 2018-05-20 19:20 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hvsicontainerservice.dll
2018-12-02 10:10 - 2018-12-02 10:15 - 000000000 ____D C:\Users\warto\OneDrive\Dokumenty\Witcher 2
2018-12-02 10:10 - 2018-12-02 10:10 - 000000000 ___DC C:\Users\warto\AppData\Local\The Witcher 2
2018-12-02 09:55 - 2018-12-02 09:55 - 000001150 _____ C:\Users\Public\Desktop\Spustit hru The Witcher 2 (CZ).lnk
2018-12-02 09:55 - 2018-12-02 09:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 2 (CZ)
2018-12-02 09:36 - 2018-12-02 09:55 - 000000000 ____D C:\Program Files (x86)\The Witcher 2 (CZ)
2018-12-02 05:34 - 2018-12-02 08:07 - 000000000 ____D C:\Zaklínač 2 Vrahové Králů Rozšířená Edice
2018-12-02 05:34 - 2018-12-02 05:34 - 000039787 _____ C:\Users\warto\Downloads\[CzT]Zaklinac_2_Vrahove_Kralu_Rozsirena_Edice_The_Witcher_2_Assassins_of_Kings_Enchanced_Edition_CZ_.torrent
2018-12-02 05:26 - 2018-12-02 05:29 - 000041365 _____ C:\WINDOWS\SysWOW64\photorec.ses
2018-12-02 05:24 - 2018-12-02 05:26 - 000000000 ____D C:\Recovered Files
2018-12-02 05:21 - 2018-12-02 05:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transcend
2018-12-02 05:21 - 2018-12-02 05:21 - 000000000 ____D C:\Program Files (x86)\Transcend
2018-12-02 05:20 - 2018-12-02 05:20 - 001962912 _____ (Transcend Information, Inc. ) C:\Users\warto\Downloads\RecoveRx_Win_v3.8.0_setup.exe
2018-12-02 05:19 - 2018-12-02 05:19 - 000889416 _____ (Microsoft Corporation) C:\Users\warto\Downloads\dotNetFx40_Full_setup.exe
2018-12-02 05:13 - 2018-12-02 05:14 - 004302002 _____ C:\Users\warto\Downloads\OnLineRecovery_v1.2.exe
2018-12-02 05:12 - 2018-12-02 05:12 - 006361858 _____ C:\Users\warto\Downloads\OnLineRecovery_JF620_v9.0.0.28.exe
2018-11-29 23:00 - 2018-11-29 23:00 - 006261652 _____ C:\Users\warto\Downloads\BS426.rar
2018-11-29 23:00 - 2018-11-29 23:00 - 004965684 _____ C:\Users\warto\Downloads\BS427.rar
2018-11-22 10:23 - 2018-11-22 10:23 - 000000314 ____C C:\Users\warto\Desktop\Fortnite.url
2018-11-22 03:02 - 2018-11-22 03:03 - 004675538 _____ C:\Users\warto\Downloads\034.rar
2018-11-21 23:17 - 2018-11-21 23:17 - 000051142 _____ C:\Users\warto\Downloads\[CzT]Far_Cry_4_2014_CZ_.torrent
2018-11-21 05:08 - 2018-11-21 05:59 - 000000000 ____D C:\Users\warto\OneDrive\Dokumenty\Overwatch
2018-11-21 03:53 - 2018-11-21 03:53 - 000000000 ____D C:\Users\warto\OneDrive\Dokumenty\Diablo III
2018-11-21 00:43 - 2018-11-22 00:38 - 000000000 ____D C:\Program Files (x86)\World of Warcraft
2018-11-21 00:41 - 2018-11-21 00:41 - 000021785 _____ C:\Users\warto\Downloads\[CzT]Diablo_3_Diablo_III_Collectors_Edition.torrent
2018-11-20 03:52 - 2018-11-20 03:52 - 004366436 _____ C:\Users\warto\Downloads\dpr.rar
2018-11-16 18:04 - 2018-12-07 19:55 - 000000000 ____D C:\Program Files\rempl
2018-11-16 05:45 - 2018-11-16 05:45 - 001573568 _____ C:\Users\warto\Downloads\SteamSetup.exe
2018-11-14 19:29 - 2018-11-14 19:29 - 000036554 _____ C:\Users\warto\Downloads\9.11.2018_EXPOWIN-spol.-s-r.o..pdf
2018-11-14 17:05 - 2018-11-01 12:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-11-14 17:05 - 2018-11-01 12:45 - 001376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-11-14 17:05 - 2018-11-01 12:30 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-11-14 17:05 - 2018-11-01 12:30 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-11-14 17:05 - 2018-11-01 12:29 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2018-11-14 17:05 - 2018-11-01 12:28 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-11-14 17:05 - 2018-11-01 12:27 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-11-14 17:05 - 2018-11-01 12:26 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2018-11-14 17:05 - 2018-11-01 12:26 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2018-11-14 17:05 - 2018-11-01 11:09 - 001027000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-11-14 17:05 - 2018-11-01 10:56 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2018-11-14 17:05 - 2018-11-01 10:56 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-11-14 17:05 - 2018-11-01 10:53 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-11-14 17:05 - 2018-11-01 10:15 - 023861760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-11-14 17:05 - 2018-11-01 10:13 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-11-14 17:05 - 2018-11-01 08:26 - 003291640 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-11-14 17:05 - 2018-11-01 08:26 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-11-14 17:05 - 2018-11-01 08:25 - 001784680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-11-14 17:05 - 2018-11-01 08:25 - 001288920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-11-14 17:05 - 2018-11-01 08:25 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-11-14 17:05 - 2018-11-01 08:25 - 000463672 _____ (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
2018-11-14 17:05 - 2018-11-01 08:03 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmtask.exe
2018-11-14 17:05 - 2018-11-01 08:02 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmapi.dll
2018-11-14 17:05 - 2018-11-01 08:02 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CSystemEventsBrokerClient.dll
2018-11-14 17:05 - 2018-11-01 08:00 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-11-14 17:05 - 2018-11-01 08:00 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-11-14 17:05 - 2018-11-01 07:59 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-11-14 17:05 - 2018-11-01 07:59 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-11-14 17:05 - 2018-11-01 07:59 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2018-11-14 17:05 - 2018-11-01 07:59 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-11-14 17:05 - 2018-11-01 07:59 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2018-11-14 17:05 - 2018-11-01 07:58 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-11-14 17:05 - 2018-11-01 07:58 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-11-14 17:05 - 2018-11-01 07:57 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-11-14 17:05 - 2018-11-01 07:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-11-14 17:05 - 2018-11-01 07:57 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-11-14 17:05 - 2018-11-01 07:57 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-11-14 17:05 - 2018-11-01 07:57 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-11-14 17:05 - 2018-11-01 07:56 - 002929664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2018-11-14 17:05 - 2018-11-01 07:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-11-14 17:05 - 2018-11-01 07:56 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-11-14 17:05 - 2018-11-01 07:54 - 001679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-11-14 17:05 - 2018-11-01 07:54 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-11-14 17:05 - 2018-11-01 07:54 - 000606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-11-14 17:05 - 2018-11-01 07:53 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-11-14 17:05 - 2018-11-01 07:53 - 001373696 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-11-14 17:05 - 2018-11-01 07:53 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-11-14 17:05 - 2018-11-01 07:53 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-11-14 17:05 - 2018-11-01 05:48 - 002478872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-11-14 17:05 - 2018-11-01 05:48 - 000880248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-11-14 17:05 - 2018-11-01 05:48 - 000384520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coml2.dll
2018-11-14 17:05 - 2018-11-01 05:47 - 001020064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-11-14 17:05 - 2018-11-01 05:47 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-11-14 17:05 - 2018-11-01 05:33 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-11-14 17:05 - 2018-11-01 05:30 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-11-14 17:05 - 2018-11-01 05:29 - 001862656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2018-11-14 17:05 - 2018-11-01 05:29 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2018-11-14 17:05 - 2018-11-01 05:28 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-11-14 17:05 - 2018-11-01 05:27 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-11-14 17:05 - 2018-11-01 05:27 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-14 14:18 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-12-14 14:17 - 2018-02-24 12:08 - 000000000 ____D C:\FRST
2018-12-14 14:12 - 2018-05-20 19:32 - 001689114 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-12-14 14:12 - 2018-04-12 16:51 - 000715034 _____ C:\WINDOWS\system32\perfh005.dat
2018-12-14 14:12 - 2018-04-12 16:51 - 000144328 _____ C:\WINDOWS\system32\perfc005.dat
2018-12-14 14:12 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2018-12-14 14:08 - 2018-05-20 19:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-12-14 14:08 - 2017-09-07 19:12 - 000000000 ____D C:\ProgramData\NVIDIA
2018-12-14 14:07 - 2018-04-11 22:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-12-14 14:07 - 2018-02-24 11:24 - 000000000 ____D C:\AdwCleaner
2018-12-14 13:05 - 2018-05-20 19:30 - 000004212 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E88C2868-49A2-458F-AB33-2959AC309739}
2018-12-13 20:38 - 2018-02-16 17:11 - 000000000 ___DC C:\Users\warto\AppData\LocalLow\Mozilla
2018-12-13 18:10 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-12-13 18:10 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-12-13 15:37 - 2018-11-02 03:24 - 000002215 ____C C:\Users\warto\Desktop\Discord.lnk
2018-12-13 15:05 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-12-13 14:59 - 2018-05-20 19:25 - 000251384 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-12-13 14:59 - 2017-10-23 15:13 - 000000000 ___RD C:\Users\warto\3D Objects
2018-12-13 14:59 - 2017-09-07 17:26 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-12-13 00:47 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-12-13 00:47 - 2018-04-12 00:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-12-13 00:47 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-12-13 00:47 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellComponents
2018-12-13 00:47 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-12-12 17:15 - 2017-09-07 19:14 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-12-12 17:14 - 2017-09-07 19:14 - 137260640 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-12-12 17:12 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-12-12 16:41 - 2018-02-10 13:52 - 000000000 ___DC C:\Users\warto\AppData\Roaming\vlc
2018-12-11 23:38 - 2018-06-24 00:12 - 000000000 ___DC C:\Users\warto\AppData\Local\Battle.net
2018-12-11 21:07 - 2018-10-03 19:25 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-12-09 21:48 - 2018-10-07 21:44 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2018-12-09 20:05 - 2018-05-20 19:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-12-07 05:27 - 2017-10-23 05:11 - 000000000 ___DC C:\Users\warto\AppData\Local\Packages
2018-12-06 18:49 - 2018-05-20 19:35 - 000000000 ___DC C:\Users\warto\AppData\Local\D3DSCache
2018-12-06 15:23 - 2018-03-25 01:13 - 000000000 ___DC C:\Users\warto\AppData\Local\UnrealEngine
2018-12-05 18:14 - 2018-10-06 02:44 - 000004666 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-12-05 18:14 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-12-05 18:14 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-12-04 18:23 - 2017-09-22 23:54 - 000000000 ___DC C:\Users\warto\AppData\Roaming\BitTorrent
2018-12-03 14:24 - 2018-05-20 19:30 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3012513600-1294068158-3791818399-1001
2018-12-03 14:24 - 2018-05-20 19:26 - 000002391 ____C C:\Users\warto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-12-03 14:24 - 2017-09-07 17:28 - 000000000 ___RD C:\Users\warto\OneDrive
2018-12-02 04:33 - 2017-09-22 23:54 - 000000896 ____C C:\Users\warto\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2018-12-02 04:31 - 2018-01-15 16:30 - 000000000 ____D C:\Hry
2018-12-01 07:36 - 2018-02-16 17:05 - 000000910 ____C C:\Users\warto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2018-12-01 05:01 - 2018-04-12 00:41 - 000835688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-12-01 05:01 - 2018-04-12 00:41 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-29 23:26 - 2017-11-09 17:14 - 000000000 __RDC C:\Users\warto\Desktop\nevermind
2018-11-27 02:54 - 2017-09-07 18:09 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-22 07:19 - 2018-07-02 21:37 - 000000000 ____D C:\Program Files\Epic Games
2018-11-22 01:30 - 2018-05-08 11:14 - 000000000 ____D C:\Users\warto\OneDrive\Dokumenty\My Games
2018-11-22 01:07 - 2018-05-20 20:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hry
2018-11-21 05:33 - 2017-09-07 18:54 - 000000000 ___DC C:\Users\warto\AppData\Local\Blizzard Entertainment
2018-11-21 03:53 - 2018-06-24 00:12 - 000000000 ___DC C:\Users\warto\AppData\Roaming\Battle.net
2018-11-16 17:17 - 2017-12-09 13:43 - 000000000 ____D C:\Users\warto\ansel
2018-11-16 05:54 - 2018-08-31 17:21 - 000000000 ____D C:\Program Files\DAEMON Tools Lite
2018-11-16 05:53 - 2018-08-31 18:36 - 000000000 ____D C:\ProgramData\Electronic Arts
2018-11-16 05:53 - 2018-08-31 17:32 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-11-16 05:46 - 2018-02-12 23:07 - 000000000 ___DC C:\Users\warto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-11-15 17:44 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-11-15 17:44 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-11-15 17:44 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-11-15 17:44 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-11-14 16:20 - 2018-10-06 02:44 - 000004506 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

==================== Files in the root of some directories =======

2018-11-06 22:28 - 2018-11-06 22:28 - 000000001 ____C () C:\Users\warto\AppData\Local\llftool.4.40.agreement

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-20 19:25

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.12.2018
Ran by warto (14-12-2018 14:18:19)
Running from C:\Users\warto\Downloads
Windows 10 Pro Version 1803 17134.471 (X64) (2018-05-20 18:30:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3012513600-1294068158-3791818399-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3012513600-1294068158-3791818399-503 - Limited - Disabled)
Guest (S-1-5-21-3012513600-1294068158-3791818399-501 - Limited - Disabled)
Host (S-1-5-21-3012513600-1294068158-3791818399-1002 - Limited - Enabled) => C:\Users\Host
warto (S-1-5-21-3012513600-1294068158-3791818399-1001 - Administrator - Enabled) => C:\Users\warto
WDAGUtilityAccount (S-1-5-21-3012513600-1294068158-3791818399-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{5F4E8D94-3947-4019-9239-D2541C9A35F2}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{7A5E4942-A527-42E6-A5FC-95109B756CA8}) (Version: 3.5.1.7 - Intel) Hidden
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BitTorrent (HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\BitTorrent) (Version: 7.10.4.44847 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: - Piriform Ltd.)
Crossout Launcher 1.0.3.36 (HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\CrossOutLauncher_is1) (Version: - )
DiRT2 (HKLM-x32\...\{52D1D62C-FEAB-4580-849E-1DB624BADBBD}) (Version: 1.00.0000 - Codemasters)
Discord (HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
Dragon Age Inquisition v.1.11.u10 (HKLM-x32\...\Dragon Age Inquisition_is1) (Version: - )
Epic Games Launcher (HKLM-x32\...\{93BFE5DF-776E-436F-8693-DF1F72C0E3C1}) (Version: 1.1.151.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Far Cry 4 (HKLM-x32\...\Far Cry 4_is1) (Version: 1.4.0 - Ubisoft)
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
FlashBoot 2.3d (HKLM\...\FlashBoot_is1) (Version: - Mikhail Kupchik)
Free ISO Converter (HKLM-x32\...\{957954B6-DFFA-4CA7-8A0F-9E62221A8DEB}_is1) (Version: 1.0 - Media Freeware)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Intel(R) Computing Improvement Program (HKLM\...\{58FBAE3A-E602-47E6-9F32-AE25D48B378A}) (Version: 2.4.04140 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{ef2ad7ab-dd41-48ed-ae53-f7fe3cd903d8}) (Version: 3.5.1.7 - Intel)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes verze 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\OneDriveSetup.exe) (Version: 18.212.1021.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NVIDIA Ovladač 3D Vision 399.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 399.24 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 399.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 399.24 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{9530AE42-DAE1-4619-9594-B23487285D17}) (Version: 9.11.1107 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Ovládací panel NVIDIA 399.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 399.24 - NVIDIA Corporation) Hidden
Rapture3D 2.3.22 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)
RecoveRx version 3.8.0 (HKLM-x32\...\{3DE055DA-690F-43B8-9B7B-54E7D70806F9}_is1) (Version: 3.8.0 - Transcend Information, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SWF Opener (HKLM-x32\...\{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1) (Version: 1.3 - UnH Solutions)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1495134320_is1) (Version: 2.0.0.51 - GOG.com)
Total War Arena (HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\TWA.EU.PRODUCTION) (Version: - Wargaming.net)
Unity Web Player (HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 70.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.0 - VideoLAN)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Zaklínač 2: Vrahové Králů v3.0 (HKLM-x32\...\Zaklínač 2: Vrahové Králů Rozšířená Edice_is1) (Version: 1.0 - Electronic Arts)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-09-06] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {021C6F57-9A81-472E-80CB-2EA74BD3234A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MpCmdRun.exe [2018-09-25] (Microsoft Corporation)
Task: {11544983-8386-422A-A161-CB0FBCF7C2F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-07] (Google Inc.)
Task: {2D3617D5-B11E-4979-8483-9552F540D618} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {652F383D-8BAE-4835-83AF-10F12ECFDB0D} - System32\Tasks\aeyAueyQDMNgjFGdU2 => rundll32 "C:\Program Files (x86)\rlrBQhAPmkumyySPaWR\CNHpQpl.dll",#1
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {7212EE19-E594-4D33-8026-8BE4D60547E3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MpCmdRun.exe [2018-09-25] (Microsoft Corporation)
Task: {7644EFBD-B800-4976-8E07-0EB3D0DDDDF3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)
Task: {7C6356CA-A0C2-4703-992D-F9589DCCEEA9} - System32\Tasks\lDoXvtNaWAZojId2 => rundll32 "C:\Program Files (x86)\vLreQlMWU\robojX.dll",#1
Task: {809AC4A5-94DA-4732-8A2D-19F03EAD0166} - System32\Tasks\S-1-5-21-3012513600-1294068158-3791818399-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-12-08] (Microsoft Corporation)
Task: {821E0A23-EC14-4002-9D57-F66761564AE7} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_101_pepper.exe [2018-12-05] (Adobe Systems Incorporated)
Task: {8FD42F8F-D40A-4CD1-AA7C-CA512857E8C3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MpCmdRun.exe [2018-09-25] (Microsoft Corporation)
Task: {A66FD071-04A6-49A9-BEDA-E5B2B8B5B763} - \Microsoft\Windows\Google\GoogleUpdateTaskMachineUP -> No File <==== ATTENTION
Task: {BA79BBCA-F190-49A6-84F5-52D080B6E7B5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-07] (Google Inc.)
Task: {C1967968-F056-4A52-85DC-70EBDA33BC60} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-12-05] (Adobe Systems Incorporated)
Task: {CC06554D-87A1-4E5D-B1B7-9E6DA065C063} - System32\Tasks\NWWeXkviPPcmWa => rundll32 "C:\Program Files (x86)\dWFoxDgrTwfU2\BrYoVbUoYjvXK.dll",#1
Task: {D75AFEAE-FC90-40E1-B650-A2BF19241225} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {DA85AE09-51D0-4CDE-A62C-53D865923007} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {FE3DF3C8-3F45-4484-AB8F-5B1086612FFC} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-02-12 23:08 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000194792 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-12 17:09 - 2018-11-09 03:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-12-12 17:09 - 2018-12-08 08:33 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-11 16:06 - 2018-07-11 16:06 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-12-11 15:25 - 2018-12-11 15:25 - 034870272 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-12-11 15:25 - 2018-12-11 15:25 - 000292352 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\SharedUI.dll
2017-12-01 16:18 - 2017-12-01 16:19 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2018-11-28 17:43 - 2018-11-28 17:43 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-12-11 15:25 - 2018-12-11 15:25 - 005967872 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\EntCommon.dll
2018-12-11 15:25 - 2018-12-11 15:25 - 009072128 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-07-02 21:36 - 2018-07-02 21:36 - 098275328 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
2018-07-02 21:36 - 2018-07-02 21:36 - 003922432 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll
2018-07-02 21:36 - 2018-07-02 21:36 - 000092672 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll
2016-01-06 17:41 - 2016-01-06 17:41 - 000062168 _____ () C:\Program Files\CCleaner\branding.dll
2018-11-27 02:54 - 2018-11-16 06:43 - 005020504 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.110\libglesv2.dll
2018-11-27 02:54 - 2018-11-16 06:43 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.110\libegl.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000937192 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
2018-09-19 00:51 - 2018-09-19 00:51 - 002329320 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_modeler.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000282344 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\pl_agent_lib.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000292584 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_acpi_battery_input.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000339176 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_wifi_input.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000266984 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\devices_use_input.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000322792 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_system_power_state_input.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000693480 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_os_input.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000243944 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_winstat_input.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000750824 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_upnp_input.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000411368 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_input.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000278760 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sgx_input.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000376552 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sampler_input.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000638696 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_hw_input.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000419048 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_fps_input.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000303848 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_heartbeat_input.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000778472 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\sql_logger.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000863464 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
2018-09-19 00:51 - 2018-09-19 00:51 - 000312552 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_user_waiting_input.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000238824 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_events_input.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000343272 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_foreground_window_input.dll
2017-07-13 15:23 - 2017-07-13 15:23 - 000042744 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32api.pyd
2017-07-13 15:22 - 2017-07-13 15:22 - 000060664 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywintypes27.dll
2017-07-13 15:22 - 2017-07-13 15:22 - 000126712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pythoncom27.dll
2017-07-13 15:23 - 2017-07-13 15:23 - 000024312 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_multiprocessing.pyd
2017-07-13 15:23 - 2017-07-13 15:23 - 000047352 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ctypes.pyd
2017-07-13 15:23 - 2017-07-13 15:23 - 000026872 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32service.pyd
2017-07-13 15:22 - 2017-07-13 15:22 - 000023800 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\servicemanager.pyd
2017-07-13 15:23 - 2017-07-13 15:23 - 000031992 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_socket.pyd
2017-07-13 15:23 - 2017-07-13 15:23 - 000506616 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ssl.pyd
2017-07-13 15:23 - 2017-07-13 15:23 - 000360184 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_hashlib.pyd
2017-07-13 15:22 - 2017-07-13 15:22 - 000019192 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\select.pyd
2017-07-13 15:23 - 2017-07-13 15:23 - 000021240 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32pipe.pyd
2017-07-13 15:23 - 2017-07-13 15:23 - 000045816 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32file.pyd
2017-07-13 15:23 - 2017-07-13 15:23 - 000018680 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32event.pyd
2017-07-13 15:23 - 2017-07-13 15:23 - 000025336 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32process.pyd
2017-07-13 15:23 - 2017-07-13 15:23 - 000021240 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32ts.pyd
2017-07-13 15:23 - 2017-07-13 15:23 - 000019704 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32profile.pyd
2017-07-13 15:23 - 2017-07-13 15:23 - 000043768 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32security.pyd
2017-07-13 15:23 - 2017-07-13 15:23 - 000025848 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32inet.pyd
2017-07-13 15:22 - 2017-07-13 15:22 - 000191736 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\unicodedata.pyd
2017-07-13 15:22 - 2017-07-13 15:22 - 000019704 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IECDriver.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\AppData:CSM [476]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [476]
AlternateDataStreams: C:\Users\warto\OneDrive\Dokumenty\Assassin's Creed Odyssey:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\warto\OneDrive\Dokumenty\BioWare:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\warto\OneDrive\Dokumenty\Games for Windows - LIVE Demos:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\warto\OneDrive\Dokumenty\Image-Line:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\warto\OneDrive\Dokumenty\My Games:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\warto\OneDrive\Dokumenty\Rockstar Games:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 22:03 - 2018-02-28 13:45 - 000000753 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\warto\Downloads\assassins_creed_origins-wallpaper-1920x1200.jpg
DNS Servers: 10.1.0.33
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\StartupApproved\Run: => "EA Core"
HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\StartupApproved\Run: => "Discord"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{5D38FC9B-3BA3-4C5F-8102-2B08AA67C949}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{21B53C08-9147-4502-B390-7E01A03DAD87}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{5397481F-A840-4DA7-BBE9-7A5659313106}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{4F06821A-7212-459A-B965-2DCD8D02A1A1}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{71BCA3F8-1108-4BB9-9F1C-CF95C3F34DD7}] => (Allow) LPort=1688
FirewallRules: [{877274C3-04FF-453E-AD6D-9745E0CA973C}] => (Allow) C:\Users\warto\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0B363149-DD6E-4F7F-B483-3DED1BC8E7E5}] => (Allow) C:\Users\warto\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{693305F7-92F7-4E0F-8AF4-81D5029A7646}D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{1248693B-A1BE-47BE-A697-6AE83EF38C84}D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{E88F8F40-CA69-4DC0-A907-7AC706AD9D18}C:\program files (x86)\world of warcraft\utils\wowvoiceproxy.exe] => (Allow) C:\program files (x86)\world of warcraft\utils\wowvoiceproxy.exe
FirewallRules: [UDP Query User{38AE3643-F24B-4121-A934-DC852F51328D}C:\program files (x86)\world of warcraft\utils\wowvoiceproxy.exe] => (Allow) C:\program files (x86)\world of warcraft\utils\wowvoiceproxy.exe
FirewallRules: [TCP Query User{B87C723B-3BDF-45AA-BA72-E5D539DF48A7}D:\mass effect 3 complete edition\binaries\win32\masseffect3.exe] => (Allow) D:\mass effect 3 complete edition\binaries\win32\masseffect3.exe
FirewallRules: [UDP Query User{1E6AAAAC-6B5E-44C6-A9A6-471D3C19AB2E}D:\mass effect 3 complete edition\binaries\win32\masseffect3.exe] => (Allow) D:\mass effect 3 complete edition\binaries\win32\masseffect3.exe
FirewallRules: [TCP Query User{141B2EF2-ABCB-4A5E-878B-D44938CDC812}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{9C17AA51-FC8B-4F4A-9906-D5A976778259}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [{74B1B2AE-1033-4F7C-A665-738C684DEB1F}] => (Allow) D:\dirt2_game.exe
FirewallRules: [{A4E8F381-B403-40A9-B8BB-7FA087965B61}] => (Allow) D:\dirt2_game.exe
FirewallRules: [{C8A83804-6167-453F-B838-9DB6489D9BE8}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{A0C8C48D-620B-4919-8FE7-510EACE9BE74}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{A01BD763-F1C8-42B4-8C48-A5558DFA67B2}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{FE24C43C-9D27-44E6-843F-504502F5F203}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{E7F4EFB5-9E43-4943-9717-69E5C25216C8}] => (Allow) D:\Assassin's Creed Odyssey\ACOdyssey.exe
FirewallRules: [TCP Query User{7CB67C81-3838-4269-8D25-2D2DDBED43C8}C:\users\warto\appdata\roaming\bittorrent\updates\7.10.4_44633.exe] => (Allow) C:\users\warto\appdata\roaming\bittorrent\updates\7.10.4_44633.exe
FirewallRules: [UDP Query User{32955051-F35D-47E1-B0CB-FCE57E603D98}C:\users\warto\appdata\roaming\bittorrent\updates\7.10.4_44633.exe] => (Allow) C:\users\warto\appdata\roaming\bittorrent\updates\7.10.4_44633.exe
FirewallRules: [TCP Query User{A95ADE7A-E220-49EA-A41C-F08479DBA634}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{8F96320C-B014-402E-8B57-86E970BC4860}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{B0725937-A22A-4390-9AAE-3F2EA27FE65F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C065BEA0-AA37-44F8-B721-A32BDF8C3C9A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6F97E5AC-2D5E-4813-B370-70FDC4B84FE7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{1BECAAF7-E961-4B01-844C-5383EEF25F05}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{53A27883-C52D-41B2-BFD4-EE7C5CA8C1E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe
FirewallRules: [{4656C629-AA55-46AD-A38C-E98A5B9ACD20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe
FirewallRules: [TCP Query User{F0E0C053-708A-482C-B0E0-2CBC9221F297}C:\program files (x86)\world of warcraft\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\world of warcraft\diablo iii\x64\diablo iii64.exe
FirewallRules: [UDP Query User{816C9A3F-AF3D-41A6-B49A-609CE8912D5D}C:\program files (x86)\world of warcraft\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\world of warcraft\diablo iii\x64\diablo iii64.exe
FirewallRules: [TCP Query User{9172CF0A-6DB0-4764-A915-785C28EC06AC}C:\program files (x86)\world of warcraft\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\world of warcraft\overwatch\overwatch.exe
FirewallRules: [UDP Query User{E58FD48F-5FD1-442D-9AF9-D58C35200845}C:\program files (x86)\world of warcraft\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\world of warcraft\overwatch\overwatch.exe
FirewallRules: [TCP Query User{9E941686-8A54-46A9-983E-32A385F06666}C:\hry\far cry 4\bin\farcry4.exe] => (Allow) C:\hry\far cry 4\bin\farcry4.exe
FirewallRules: [UDP Query User{FFA2E5BD-F473-4A45-9EE9-A14250773315}C:\hry\far cry 4\bin\farcry4.exe] => (Allow) C:\hry\far cry 4\bin\farcry4.exe
FirewallRules: [{19D8DF29-435F-4782-8918-DC48F07B4DD7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{0DEED14E-DE93-4149-831C-7A232F657215}C:\program files (x86)\the witcher 2 (cz)\bin\witcher2.exe] => (Allow) C:\program files (x86)\the witcher 2 (cz)\bin\witcher2.exe
FirewallRules: [UDP Query User{8AC3F394-E2F6-467A-8009-F549CF9F6711}C:\program files (x86)\the witcher 2 (cz)\bin\witcher2.exe] => (Allow) C:\program files (x86)\the witcher 2 (cz)\bin\witcher2.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/14/2018 02:12:14 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu WmiApRpl v knihovně DLL C:\WINDOWS\system32\wbem\wmiaprpl.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (12/14/2018 02:12:14 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (12/14/2018 02:12:14 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu MSDTC v knihovně DLL C:\WINDOWS\system32\msdtcuiu.DLL se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (12/14/2018 02:12:14 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu Lsa v knihovně DLL C:\Windows\System32\Secur32.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (12/14/2018 02:12:14 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu ESENT v knihovně DLL C:\WINDOWS\system32\esentprf.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (12/14/2018 01:05:36 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu WmiApRpl v knihovně DLL C:\WINDOWS\system32\wbem\wmiaprpl.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (12/14/2018 01:05:36 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (12/14/2018 01:05:36 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu MSDTC v knihovně DLL C:\WINDOWS\system32\msdtcuiu.DLL se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.


System errors:
=============
Error: (12/14/2018 02:10:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscBrokerManager
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/14/2018 02:09:05 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-QD17RQH)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-QD17RQH\warto (SID: S-1-5-21-3012513600-1294068158-3791818399-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/14/2018 02:07:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/14/2018 02:07:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Remediation Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (12/14/2018 02:07:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Energy Server Service queencreek byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/14/2018 02:07:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA Display Container LS byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.

Error: (12/14/2018 02:07:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Driver & Support Assistant byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/14/2018 02:07:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Presentation Foundation Font Cache 3.0.0.0 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.


Windows Defender:
===================================
Date: 2018-10-07 22:07:37.517
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Fuerboos.C!cl
ID: 2147723654
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Windows\Temp\217.71.252.46.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Windows\SysWOW64\Microsoft\Protect\S-1-83-65\RB_1.4.91.43.exe
Verze podpisu: AV: 1.277.719.0, AS: 1.277.719.0, NIS: 1.277.719.0
Verze modulu: AM: 1.1.15300.6, NIS: 1.1.15300.6

Date: 2018-10-04 09:37:31.175
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.277.515.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15300.6
Kód chyby: 0x80240438
Popis chyby :Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2018-10-04 05:42:54.059
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.277.515.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15300.6
Kód chyby: 0x80240438
Popis chyby :Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2018-10-04 00:27:02.821
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.277.515.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15300.6
Kód chyby: 0x80240438
Popis chyby :Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2018-10-03 22:22:58.744
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.277.515.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15300.6
Kód chyby: 0x80240438
Popis chyby :Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2018-09-14 03:21:04.071
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.275.1140.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15200.1
Kód chyby: 0x80070643
Popis chyby :Při instalaci došlo k závažné chybě.

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G4600 @ 3.60GHz
Percentage of memory in use: 40%
Total physical RAM: 8128.61 MB
Available physical RAM: 4844.47 MB
Total Virtual: 10816.61 MB
Available Virtual: 5720.04 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.24 GB) (Free:5.77 GB) NTFS
Drive d: (ADATA UFD) (Removable) (Total:57.81 GB) (Free:2.03 GB) NTFS

\\?\Volume{5a6ae5dd-a1c3-46c1-a0fb-4e99138bf673}\ (Obnovení) (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
\\?\Volume{acd79ad2-c4af-4496-92ef-e9a2db0b22a9}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 111.8 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (Size: 57.8 GB) (Disk ID: FC6BC999)
Partition 1: (Not Active) - (Size=57.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prevence <PC>

#6 Příspěvek od Diallix »

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

CloseProcesses:

C:\Program Files (x86)\rlrBQhAPmkumyySPaWR\CNHpQpl.dll
C:\Program Files (x86)\rlrBQhAPmkumyySPaWR
C:\Program Files (x86)\vLreQlMWU\robojX.dll
C:\Program Files (x86)\vLreQlMWU
C:\Program Files (x86)\dWFoxDgrTwfU2\BrYoVbUoYjvXK.dll
C:\Program Files (x86)\dWFoxDgrTwfU2

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\Policies\Explorer: [NoSecurityTab] 1
GroupPolicy: Restriction ? <==== ATTENTION
Task: {652F383D-8BAE-4835-83AF-10F12ECFDB0D} - System32\Tasks\aeyAueyQDMNgjFGdU2 => rundll32 "C:\Program Files (x86)\rlrBQhAPmkumyySPaWR\CNHpQpl.dll",#1
Task: {7C6356CA-A0C2-4703-992D-F9589DCCEEA9} - System32\Tasks\lDoXvtNaWAZojId2 => rundll32 "C:\Program Files (x86)\vLreQlMWU\robojX.dll",#1
Task: {A66FD071-04A6-49A9-BEDA-E5B2B8B5B763} - \Microsoft\Windows\Google\GoogleUpdateTaskMachineUP -> No File <==== ATTENTION
Task: {CC06554D-87A1-4E5D-B1B7-9E6DA065C063} - System32\Tasks\NWWeXkviPPcmWa => rundll32 "C:\Program Files (x86)\dWFoxDgrTwfU2\BrYoVbUoYjvXK.dll",#1
AlternateDataStreams: C:\Users\Public\AppData:CSM [476]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [476]
AlternateDataStreams: C:\Users\warto\OneDrive\Dokumenty\Assassin's Creed Odyssey:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\warto\OneDrive\Dokumenty\BioWare:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\warto\OneDrive\Dokumenty\Games for Windows - LIVE Demos:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\warto\OneDrive\Dokumenty\Image-Line:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\warto\OneDrive\Dokumenty\My Games:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\warto\OneDrive\Dokumenty\Rockstar Games:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]

cmd: Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v DisableSR /t REG_DWORD /d 0 /f
cmd: sc config srservice start= Auto
cmd: net start srservice
Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Tommy Puerto
Návštěvník
Návštěvník
Příspěvky: 43
Registrován: 04 zář 2014 01:52

Re: Prevence <PC>

#7 Příspěvek od Tommy Puerto »

Fix result of Farbar Recovery Scan Tool (x64) Version: 09.12.2018
Ran by warto (15-12-2018 05:23:00) Run:1
Running from C:\Users\warto\Downloads
Loaded Profiles: warto (Available Profiles: warto & Host)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:

C:\Program Files (x86)\rlrBQhAPmkumyySPaWR\CNHpQpl.dll
C:\Program Files (x86)\rlrBQhAPmkumyySPaWR
C:\Program Files (x86)\vLreQlMWU\robojX.dll
C:\Program Files (x86)\vLreQlMWU
C:\Program Files (x86)\dWFoxDgrTwfU2\BrYoVbUoYjvXK.dll
C:\Program Files (x86)\dWFoxDgrTwfU2

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\Policies\Explorer: [NoSecurityTab] 1
GroupPolicy: Restriction ? <==== ATTENTION
Task: {652F383D-8BAE-4835-83AF-10F12ECFDB0D} - System32\Tasks\aeyAueyQDMNgjFGdU2 => rundll32 "C:\Program Files (x86)\rlrBQhAPmkumyySPaWR\CNHpQpl.dll",#1
Task: {7C6356CA-A0C2-4703-992D-F9589DCCEEA9} - System32\Tasks\lDoXvtNaWAZojId2 => rundll32 "C:\Program Files (x86)\vLreQlMWU\robojX.dll",#1
Task: {A66FD071-04A6-49A9-BEDA-E5B2B8B5B763} - \Microsoft\Windows\Google\GoogleUpdateTaskMachineUP -> No File <==== ATTENTION
Task: {CC06554D-87A1-4E5D-B1B7-9E6DA065C063} - System32\Tasks\NWWeXkviPPcmWa => rundll32 "C:\Program Files (x86)\dWFoxDgrTwfU2\BrYoVbUoYjvXK.dll",#1
AlternateDataStreams: C:\Users\Public\AppData:CSM [476]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [476]
AlternateDataStreams: C:\Users\warto\OneDrive\Dokumenty\Assassin's Creed Odyssey:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\warto\OneDrive\Dokumenty\BioWare:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\warto\OneDrive\Dokumenty\Games for Windows - LIVE Demos:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\warto\OneDrive\Dokumenty\Image-Line:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\warto\OneDrive\Dokumenty\My Games:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\warto\OneDrive\Dokumenty\Rockstar Games:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]

cmd: Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v DisableSR /t REG_DWORD /d 0 /f
cmd: sc config srservice start= Auto
cmd: net start srservice
*****************

Processes closed successfully.
"C:\Program Files (x86)\rlrBQhAPmkumyySPaWR\CNHpQpl.dll" => not found
"C:\Program Files (x86)\rlrBQhAPmkumyySPaWR" => not found
"C:\Program Files (x86)\vLreQlMWU\robojX.dll" => not found
"C:\Program Files (x86)\vLreQlMWU" => not found
"C:\Program Files (x86)\dWFoxDgrTwfU2\BrYoVbUoYjvXK.dll" => not found
"C:\Program Files (x86)\dWFoxDgrTwfU2" => not found
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSecurityTab" => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{652F383D-8BAE-4835-83AF-10F12ECFDB0D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{652F383D-8BAE-4835-83AF-10F12ECFDB0D}" => removed successfully
C:\WINDOWS\System32\Tasks\aeyAueyQDMNgjFGdU2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\aeyAueyQDMNgjFGdU2" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7C6356CA-A0C2-4703-992D-F9589DCCEEA9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C6356CA-A0C2-4703-992D-F9589DCCEEA9}" => removed successfully
C:\WINDOWS\System32\Tasks\lDoXvtNaWAZojId2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\lDoXvtNaWAZojId2" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A66FD071-04A6-49A9-BEDA-E5B2B8B5B763}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A66FD071-04A6-49A9-BEDA-E5B2B8B5B763}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Google\GoogleUpdateTaskMachineUP" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC06554D-87A1-4E5D-B1B7-9E6DA065C063}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC06554D-87A1-4E5D-B1B7-9E6DA065C063}" => removed successfully
C:\WINDOWS\System32\Tasks\NWWeXkviPPcmWa => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NWWeXkviPPcmWa" => removed successfully
C:\Users\Public\AppData => ":CSM" ADS removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
C:\Users\warto\OneDrive\Dokumenty\Assassin's Creed Odyssey => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\warto\OneDrive\Dokumenty\BioWare => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\warto\OneDrive\Dokumenty\Games for Windows - LIVE Demos => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\warto\OneDrive\Dokumenty\Image-Line => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\warto\OneDrive\Dokumenty\My Games => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\warto\OneDrive\Dokumenty\Rockstar Games => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully

========= Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v DisableSR /t REG_DWORD /d 0 /f =========

Operace byla dokonźena ŁspŘçnŘ.


========= End of CMD: =========


========= sc config srservice start= Auto =========

[SC] OpenService FAILED 1060:

Zadan  slu§ba nenˇ nainstalovan  slu§ba.


========= End of CMD: =========


========= net start srservice =========

N zev slu§by nenˇ platně.

Dalçˇ n povŘdu zˇsk te pýˇkazem NET HELPMSG 2185.


========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 05:23:02 ====

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prevence <PC>

#8 Příspěvek od Diallix »

Vytvorte na ploche poznamkovy blok, ktory pomenujte na Repair a premenujte ho na .bat, cize sa bude volat Repair.bat.
Pravym tlacidlom mysi klik -> upravit, skopirujte don obsah dole:

Kód: Vybrat vše

@echo off
sc config Alerter start= demand
sc config ALG start= demand
sc config AppMgmt start= demand
sc config AudioSrv start= auto
sc config BITS start= demand
sc config Browser start= auto
sc config cisvc start= demand
sc config ClipSrv start= disabled
sc config COMSysApp start= demand
sc config CryptSvc start= auto
sc config DcomLaunch start= auto
sc config Dhcp start= auto
sc config dmadmin start= demand
sc config dmserver start= auto
sc config Dnscache start= auto
sc config Dot3svc start= demand
sc config EapHost start= demand
sc config ERSvc start= auto
sc config Eventlog start= auto
sc config EventSystem start= demand
sc config FastUserSwitchingCompatibility start= demand
sc config helpsvc start= auto
sc config HidServ start= disabled
sc config hkmsvc start= demand
sc config HTTPFilter start= demand
sc config ImapiService start= demand
sc config lanmanserver start= auto
sc config lanmanworkstation start= auto
sc config LmHosts start= auto
sc config Messenger start= disabled
sc config mnmsrvc start= demand
sc config MSDTC start= demand
sc config MSIServer start= demand
sc config napagent start= demand
sc config NetDDE start= disabled
sc config NetDDEdsdm start= disabled
sc config Netlogon start= demand
sc config Netman start= demand
sc config Nla start= demand
sc config NtLmSsp start= demand
sc config NtmsSvc start= demand
sc config PlugPlay start= auto
sc config PolicyAgent start= auto
sc config ProtectedStorage start= auto
sc config RasAuto start= demand
sc config RasMan start= demand
sc config RDSessMgr start= demand
sc config RemoteAccess start= disabled
sc config RemoteRegistry start= auto
sc config RpcLocator start= demand
sc config RpcSs start= auto
sc config RSVP start= demand
sc config SamSs start= auto
sc config SCardSvr start= demand
sc config Schedule start= auto
sc config seclogon start= auto
sc config SENS start= auto
sc config SharedAccess start= auto
sc config ShellHWDetection start= auto
sc config Spooler start= auto
sc config srservice start= auto
sc config SSDPSRV start= demand
sc config stisvc start= demand
sc config SwPrv start= demand
sc config SysmonLog start= demand
sc config TapiSrv start= demand
sc config TermService start= demand
sc config Themes start= auto
sc config TlntSvr start= demand
sc config TrkWks start= auto
sc config upnphost start= demand
sc config UPS start= demand
sc config VSS start= demand
sc config W32Time start= auto
sc config WebClient start= auto
sc config winmgmt start= auto
sc config WmdmPmSN start= demand
sc config Wmi start= demand
sc config WmiApSrv start= demand
sc config wscsvc start= auto
sc config wuauserv start= auto
sc config WZCSVC start= auto
sc config xmlprov start= demand
Program spustite ako spravca - Klik pravym tlacidlom mysi na Repair.bat -> spustit ako Administrator/Spravca

Po vykonani programu restartujte pocitac.

Po restarte poprosim o nove logy FRST + Addition.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Tommy Puerto
Návštěvník
Návštěvník
Příspěvky: 43
Registrován: 04 zář 2014 01:52

Re: Prevence <PC>

#9 Příspěvek od Tommy Puerto »

Mám ten poznámkový blog s textem a jménem Repair.bat ale spustit to mám jak? Jde to otevřít ale jen jako poznámkový blog.

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prevence <PC>

#10 Příspěvek od Diallix »

Otvorte subor s obsahom, kliknite na ulozi ako, vyberte vsetky subory a ulozte to ako Repair.bat
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Tommy Puerto
Návštěvník
Návštěvník
Příspěvky: 43
Registrován: 04 zář 2014 01:52

Re: Prevence <PC>

#11 Příspěvek od Tommy Puerto »

Tak sem to udělal, klikl a cmd se spustil + restart tak snad je to :D

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.12.2018
Ran by warto (administrator) on DESKTOP-QD17RQH (15-12-2018 18:33:53)
Running from C:\Users\warto\Downloads
Loaded Profiles: warto (Available Profiles: warto & Host)
Platform: Windows 10 Pro Version 1803 17134.471 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11001.20116.0_x64__8wekyb3d8bbwe\HxTsr.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSATray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [126712 2018-09-26] (Intel)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35149712 2018-12-14] (Epic Games, Inc.)
HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\Run: [Discord] => C:\Users\warto\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\Run: [Steam] => "C:\Program Files (x86)\Steam\steam.exe" -silent

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.1.0.33
Tcpip\..\Interfaces\{16ff6cb6-5bf3-40ec-a69e-69d9cc19bb7c}: [DhcpNameServer] 10.1.0.33

Internet Explorer:
==================

FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-09-06] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-09-06] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin HKU\S-1-5-21-3012513600-1294068158-3791818399-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\warto\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR DefaultSearchKeyword: Default -> google.cz_
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\warto\AppData\Local\Google\Chrome\User Data\Default [2018-12-15]
CHR Extension: (Seznam doplněk - Email) - C:\Users\warto\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2018-11-22]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\warto\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2018-12-04]
CHR Extension: (Seznam doplněk - Esko-) - C:\Users\warto\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2018-11-22]
CHR Extension: (Adblock Plus) - C:\Users\warto\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-12-04]
CHR Extension: (uBlock) - C:\Users\warto\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2018-11-18]
CHR Extension: (Auto Refresh Blocker) - C:\Users\warto\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmhmgghfmjjoejobimppckbalonobkck [2018-06-04]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\warto\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Ochrana hesla) - C:\Users\warto\AppData\Local\Google\Chrome\User Data\Default\Extensions\noondiphcddnnabmjcihcjfbhfklnnep [2018-06-04]
CHR Extension: (Seznam doplněk - Esko) - C:\Users\warto\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2018-11-22]
CHR Extension: (Chrome Media Router) - C:\Users\warto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-20]
CHR Profile: C:\Users\warto\AppData\Local\Google\Chrome\User Data\System Profile [2018-02-24]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7356680 2018-11-08] ()
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [23800 2018-09-26] (Intel)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-25] (EasyAntiCheat Ltd)
S2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [937192 2018-09-19] ()
S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [194792 2018-09-19] ()
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [937192 2018-09-19] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-15] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-15] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-08-31] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-08-31] (Disc Soft Ltd)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-12-15] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_8e4f37220e99138f\nvlddmkm.sys [17213824 2018-09-25] (NVIDIA Corporation)
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [43008 2018-09-19] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46680 2018-12-15] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [330936 2018-12-15] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-15] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-15 15:11 - 2018-12-15 15:17 - 235772537 _____ C:\Users\warto\Downloads\c3208.7z
2018-12-15 15:08 - 2018-12-15 15:14 - 091144388 _____ C:\Users\warto\Downloads\_305.rar
2018-12-15 14:13 - 2018-12-15 14:13 - 000002772 ____C C:\Users\warto\Desktop\Repair.bat
2018-12-15 05:23 - 2018-12-15 05:23 - 000006656 _____ C:\Users\warto\Downloads\Fixlog.txt
2018-12-14 14:08 - 2018-12-15 18:33 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-12-13 21:38 - 2018-12-14 14:18 - 000042515 _____ C:\Users\warto\Downloads\Addition.txt
2018-12-13 21:35 - 2018-12-15 18:34 - 000011964 _____ C:\Users\warto\Downloads\FRST.txt
2018-12-13 21:35 - 2018-12-13 21:35 - 002417152 _____ (Farbar) C:\Users\warto\Downloads\FRST64.exe
2018-12-13 14:59 - 2018-12-13 14:59 - 000000000 ____D C:\WINDOWS\Panther
2018-12-12 17:10 - 2018-12-08 13:48 - 000034104 _____ C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2018-12-12 17:10 - 2018-12-08 13:47 - 000645320 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-12-12 17:10 - 2018-12-08 13:42 - 001634944 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-12-12 17:10 - 2018-12-08 13:41 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-12-12 17:10 - 2018-12-08 13:41 - 000481880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-12-12 17:10 - 2018-12-08 13:40 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-12-12 17:10 - 2018-12-08 13:28 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-12-12 17:10 - 2018-12-08 13:27 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdBth.dll
2018-12-12 17:10 - 2018-12-08 13:25 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-12-12 17:10 - 2018-12-08 13:25 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-12-12 17:10 - 2018-12-08 13:23 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-12-12 17:10 - 2018-12-08 13:23 - 002892288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-12-12 17:10 - 2018-12-08 13:23 - 001856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-12-12 17:10 - 2018-12-08 13:22 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-12-12 17:10 - 2018-12-08 09:12 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-12-12 17:10 - 2018-12-08 09:12 - 000269336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-12-12 17:10 - 2018-12-08 09:07 - 001221632 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-12-12 17:10 - 2018-12-08 09:07 - 001030184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-12-12 17:10 - 2018-12-08 09:07 - 000076280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-12-12 17:10 - 2018-12-08 09:06 - 001017168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-12-12 17:10 - 2018-12-08 09:06 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-12-12 17:10 - 2018-12-08 09:06 - 000491416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-12-12 17:10 - 2018-12-08 09:06 - 000433168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-12-12 17:10 - 2018-12-08 09:05 - 007520096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-12-12 17:10 - 2018-12-08 09:05 - 002822656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-12-12 17:10 - 2018-12-08 09:05 - 002463384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-12-12 17:10 - 2018-12-08 09:05 - 001935008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-12-12 17:10 - 2018-12-08 09:05 - 001209888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-12-12 17:10 - 2018-12-08 09:05 - 000793592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-12-12 17:10 - 2018-12-08 09:05 - 000706040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-12-12 17:10 - 2018-12-08 09:05 - 000594224 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-12-12 17:10 - 2018-12-08 09:05 - 000413920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-12-12 17:10 - 2018-12-08 09:05 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-12-12 17:10 - 2018-12-08 09:04 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-12-12 17:10 - 2018-12-08 09:04 - 002590296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2018-12-12 17:10 - 2018-12-08 09:04 - 002371296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-12-12 17:10 - 2018-12-08 09:04 - 001150312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-12-12 17:10 - 2018-12-08 09:04 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-12-12 17:10 - 2018-12-08 09:04 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-12-12 17:10 - 2018-12-08 09:04 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-12-12 17:10 - 2018-12-08 09:04 - 000416024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2018-12-12 17:10 - 2018-12-08 09:04 - 000413176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-12-12 17:10 - 2018-12-08 09:04 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-12-12 17:10 - 2018-12-08 09:04 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-12-12 17:10 - 2018-12-08 08:47 - 000861744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-12-12 17:10 - 2018-12-08 08:46 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-12-12 17:10 - 2018-12-08 08:46 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-12-12 17:10 - 2018-12-08 08:46 - 001397104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-12-12 17:10 - 2018-12-08 08:46 - 000457056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2018-12-12 17:10 - 2018-12-08 08:45 - 006569040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-12-12 17:10 - 2018-12-08 08:45 - 004789952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-12-12 17:10 - 2018-12-08 08:45 - 002307240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2018-12-12 17:10 - 2018-12-08 08:45 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-12-12 17:10 - 2018-12-08 08:45 - 001379816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-12-12 17:10 - 2018-12-08 08:45 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-12-12 17:10 - 2018-12-08 08:45 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-12-12 17:10 - 2018-12-08 08:45 - 000129296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-12-12 17:10 - 2018-12-08 08:42 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-12-12 17:10 - 2018-12-08 08:41 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-12-12 17:10 - 2018-12-08 08:38 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-12-12 17:10 - 2018-12-08 08:38 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-12-12 17:10 - 2018-12-08 08:37 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-12-12 17:10 - 2018-12-08 08:37 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-12-12 17:10 - 2018-12-08 08:37 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-12-12 17:10 - 2018-12-08 08:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2018-12-12 17:10 - 2018-12-08 08:36 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-12-12 17:10 - 2018-12-08 08:36 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-12-12 17:10 - 2018-12-08 08:36 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-12-12 17:10 - 2018-12-08 08:36 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-12-12 17:10 - 2018-12-08 08:36 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-12-12 17:10 - 2018-12-08 08:36 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-12-12 17:10 - 2018-12-08 08:35 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-12-12 17:10 - 2018-12-08 08:35 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-12-12 17:10 - 2018-12-08 08:35 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-12-12 17:10 - 2018-12-08 08:34 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-12-12 17:10 - 2018-12-08 08:34 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-12-12 17:10 - 2018-12-08 08:34 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-12-12 17:10 - 2018-12-08 08:34 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-12-12 17:10 - 2018-12-08 08:34 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2018-12-12 17:10 - 2018-12-08 08:33 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-12-12 17:10 - 2018-12-08 08:33 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-12-12 17:10 - 2018-12-08 08:32 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-12-12 17:10 - 2018-12-08 08:32 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-12-12 17:10 - 2018-12-08 08:32 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-12-12 17:10 - 2018-12-08 08:32 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-12-12 17:10 - 2018-12-08 08:30 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-12-12 17:10 - 2018-12-08 08:29 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-12-12 17:10 - 2018-12-08 08:29 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-12-12 17:10 - 2018-12-08 08:28 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-12-12 17:10 - 2018-12-08 08:28 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-12-12 17:10 - 2018-12-08 08:28 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-12-12 17:10 - 2018-12-08 08:27 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-12-12 17:10 - 2018-12-08 08:27 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-12-12 17:10 - 2018-12-08 08:25 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-12-12 17:10 - 2018-12-08 08:25 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2018-12-12 17:10 - 2018-12-08 08:25 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-12-12 17:10 - 2018-12-08 08:24 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-12-12 17:10 - 2018-11-09 07:00 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-12-12 17:10 - 2018-11-09 06:59 - 008623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-12-12 17:10 - 2018-11-09 06:56 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-12-12 17:10 - 2018-11-09 06:56 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2018-12-12 17:10 - 2018-11-09 06:55 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-12-12 17:10 - 2018-11-09 06:20 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-12-12 17:10 - 2018-11-09 06:18 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-12-12 17:10 - 2018-11-09 06:17 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-12-12 17:10 - 2018-11-09 03:49 - 000565048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-12-12 17:10 - 2018-11-09 03:48 - 003179760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-12-12 17:10 - 2018-11-09 03:48 - 001613288 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-12-12 17:10 - 2018-11-09 03:48 - 000899920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-12-12 17:10 - 2018-11-09 03:48 - 000766704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-12-12 17:10 - 2018-11-09 03:48 - 000745472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-12-12 17:10 - 2018-11-09 03:48 - 000375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-12-12 17:10 - 2018-11-09 03:47 - 002571128 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-12-12 17:10 - 2018-11-09 03:47 - 002062392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-12-12 17:10 - 2018-11-09 03:47 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-12-12 17:10 - 2018-11-09 03:47 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-12-12 17:10 - 2018-11-09 03:21 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-12-12 17:10 - 2018-11-09 03:21 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-12-12 17:10 - 2018-11-09 03:21 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-12-12 17:10 - 2018-11-09 03:21 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2018-12-12 17:10 - 2018-11-09 03:20 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-12-12 17:10 - 2018-11-09 03:20 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-12-12 17:10 - 2018-11-09 03:20 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
2018-12-12 17:10 - 2018-11-09 03:19 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-12-12 17:10 - 2018-11-09 03:19 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-12-12 17:10 - 2018-11-09 03:18 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-12-12 17:10 - 2018-11-09 03:18 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2018-12-12 17:10 - 2018-11-09 03:16 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-12-12 17:10 - 2018-11-09 03:16 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2018-12-12 17:10 - 2018-11-09 03:16 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-12-12 17:10 - 2018-11-09 03:16 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-12-12 17:10 - 2018-11-09 03:15 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-12-12 17:10 - 2018-11-09 03:15 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-12-12 17:10 - 2018-11-09 03:07 - 002417976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-12-12 17:10 - 2018-11-09 03:07 - 001299704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-12-12 17:10 - 2018-11-09 02:48 - 000550728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-12-12 17:10 - 2018-11-09 02:46 - 002253184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-12-12 17:10 - 2018-11-09 02:46 - 002161008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-12-12 17:10 - 2018-11-09 02:46 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-12-12 17:10 - 2018-11-09 02:46 - 000829960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-12-12 17:10 - 2018-11-09 02:46 - 000721024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-12-12 17:10 - 2018-11-09 02:46 - 000573504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-12-12 17:10 - 2018-11-09 02:31 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-12-12 17:10 - 2018-11-09 02:29 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-12-12 17:10 - 2018-11-09 02:29 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-12-12 17:10 - 2018-11-09 02:29 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-12-12 17:10 - 2018-11-09 02:28 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-12-12 17:10 - 2018-11-09 02:28 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-12-12 17:10 - 2018-11-09 02:26 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-12-12 17:10 - 2018-11-09 02:25 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-12-12 17:10 - 2018-11-09 02:25 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 001786896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 001627656 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 001422864 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 001048712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 001038352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000954384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000830480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000825352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000750096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000670224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000652296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000495632 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000399880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000258064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVFileSystemMetadata.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000231440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2018-12-12 17:09 - 2018-12-08 13:47 - 000228368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamMap.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000201744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2018-12-12 17:09 - 2018-12-08 13:47 - 000180752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2018-12-12 17:09 - 2018-12-08 13:47 - 000173072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVNice.exe
2018-12-12 17:09 - 2018-12-08 13:46 - 000549760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2018-12-12 17:09 - 2018-12-08 13:43 - 000304144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2018-12-12 17:09 - 2018-12-08 13:42 - 004527800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-12-12 17:09 - 2018-12-08 13:42 - 001616824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-12-12 17:09 - 2018-12-08 13:39 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2018-12-12 17:09 - 2018-12-08 13:29 - 013572608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-12-12 17:09 - 2018-12-08 13:29 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-12-12 17:09 - 2018-12-08 13:28 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-12-12 17:09 - 2018-12-08 13:28 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-12-12 17:09 - 2018-12-08 13:27 - 005657600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-12-12 17:09 - 2018-12-08 13:27 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.SecureAssessment.dll
2018-12-12 17:09 - 2018-12-08 13:27 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2018-12-12 17:09 - 2018-12-08 13:27 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdBth.dll
2018-12-12 17:09 - 2018-12-08 13:23 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-12-12 17:09 - 2018-12-08 13:23 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-12-12 17:09 - 2018-12-08 13:23 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-12-12 17:09 - 2018-12-08 13:23 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-12-12 17:09 - 2018-12-08 13:22 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-12-12 17:09 - 2018-12-08 13:22 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-12-12 17:09 - 2018-12-08 09:13 - 001040936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-12-12 17:09 - 2018-12-08 09:12 - 000092688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2018-12-12 17:09 - 2018-12-08 09:07 - 005625352 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-12-12 17:09 - 2018-12-08 09:07 - 001328632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2018-12-12 17:09 - 2018-12-08 09:07 - 001063416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-12-12 17:09 - 2018-12-08 09:07 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-12-12 17:09 - 2018-12-08 09:06 - 000777512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-12-12 17:09 - 2018-12-08 09:06 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-12-12 17:09 - 2018-12-08 09:06 - 000249088 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2018-12-12 17:09 - 2018-12-08 09:05 - 007436216 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-12-12 17:09 - 2018-12-08 09:05 - 001018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2018-12-12 17:09 - 2018-12-08 09:05 - 000421176 _____ (Microsoft Corporation) C:\WINDOWS\system32\xbgmengine.dll
2018-12-12 17:09 - 2018-12-08 09:05 - 000130312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-12-12 17:09 - 2018-12-08 09:05 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fileinfo.sys
2018-12-12 17:09 - 2018-12-08 09:04 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-12-12 17:09 - 2018-12-08 09:04 - 001943328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-12-12 17:09 - 2018-12-08 09:04 - 001457032 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-12-12 17:09 - 2018-12-08 09:04 - 001257672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-12-12 17:09 - 2018-12-08 09:04 - 001188512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-12-12 17:09 - 2018-12-08 09:04 - 001140480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-12-12 17:09 - 2018-12-08 09:04 - 000982912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-12-12 17:09 - 2018-12-08 09:04 - 000375608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-12-12 17:09 - 2018-12-08 09:04 - 000268280 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-12-12 17:09 - 2018-12-08 09:04 - 000158624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-12-12 17:09 - 2018-12-08 09:04 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2018-12-12 17:09 - 2018-12-08 09:04 - 000058168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2018-12-12 17:09 - 2018-12-08 09:04 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2018-12-12 17:09 - 2018-12-08 08:49 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-12-12 17:09 - 2018-12-08 08:47 - 000785760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-12-12 17:09 - 2018-12-08 08:46 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-12-12 17:09 - 2018-12-08 08:46 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-12-12 17:09 - 2018-12-08 08:45 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-12-12 17:09 - 2018-12-08 08:45 - 001620472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-12-12 17:09 - 2018-12-08 08:45 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-12-12 17:09 - 2018-12-08 08:42 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-12-12 17:09 - 2018-12-08 08:40 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-12-12 17:09 - 2018-12-08 08:40 - 004384768 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-12-12 17:09 - 2018-12-08 08:39 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnsruprov.dll
2018-12-12 17:09 - 2018-12-08 08:38 - 022016000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-12-12 17:09 - 2018-12-08 08:38 - 000419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\eeprov.dll
2018-12-12 17:09 - 2018-12-08 08:38 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2018-12-12 17:09 - 2018-12-08 08:38 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2018-12-12 17:09 - 2018-12-08 08:38 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2018-12-12 17:09 - 2018-12-08 08:38 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-12-12 17:09 - 2018-12-08 08:38 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2018-12-12 17:09 - 2018-12-08 08:37 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-12-12 17:09 - 2018-12-08 08:37 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2018-12-12 17:09 - 2018-12-08 08:37 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2018-12-12 17:09 - 2018-12-08 08:37 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll
2018-12-12 17:09 - 2018-12-08 08:37 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2018-12-12 17:09 - 2018-12-08 08:37 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2018-12-12 17:09 - 2018-12-08 08:37 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2018-12-12 17:09 - 2018-12-08 08:36 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-12-12 17:09 - 2018-12-08 08:36 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-12-12 17:09 - 2018-12-08 08:36 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-12-12 17:09 - 2018-12-08 08:36 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-12-12 17:09 - 2018-12-08 08:36 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2018-12-12 17:09 - 2018-12-08 08:36 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2018-12-12 17:09 - 2018-12-08 08:36 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2018-12-12 17:09 - 2018-12-08 08:36 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mmcss.sys
2018-12-12 17:09 - 2018-12-08 08:35 - 002126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2018-12-12 17:09 - 2018-12-08 08:35 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-12-12 17:09 - 2018-12-08 08:35 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-12-12 17:09 - 2018-12-08 08:34 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-12-12 17:09 - 2018-12-08 08:34 - 000693248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2018-12-12 17:09 - 2018-12-08 08:33 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-12-12 17:09 - 2018-12-08 08:33 - 001457152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-12-12 17:09 - 2018-12-08 08:33 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-12-12 17:09 - 2018-12-08 08:33 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-12-12 17:09 - 2018-12-08 08:33 - 000823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2018-12-12 17:09 - 2018-12-08 08:33 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-12-12 17:09 - 2018-12-08 08:32 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-12-12 17:09 - 2018-12-08 08:32 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-12-12 17:09 - 2018-12-08 08:30 - 002966528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-12-12 17:09 - 2018-12-08 08:30 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2018-12-12 17:09 - 2018-12-08 08:29 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2018-12-12 17:09 - 2018-12-08 08:29 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2018-12-12 17:09 - 2018-12-08 08:28 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-12-12 17:09 - 2018-12-08 08:28 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-12-12 17:09 - 2018-12-08 08:28 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-12-12 17:09 - 2018-12-08 08:27 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-12-12 17:09 - 2018-12-08 08:27 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-12-12 17:09 - 2018-12-08 08:27 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2018-12-12 17:09 - 2018-12-08 08:27 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2018-12-12 17:09 - 2018-12-08 08:26 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-12-12 17:09 - 2018-12-08 08:26 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-12-12 17:09 - 2018-12-08 08:25 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-12-12 17:09 - 2018-12-08 08:25 - 000702464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2018-12-12 17:09 - 2018-12-08 08:25 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2018-12-12 17:09 - 2018-12-08 08:24 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2018-12-12 17:09 - 2018-12-08 08:24 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-12-12 17:09 - 2018-12-08 08:24 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-12-12 17:09 - 2018-12-08 07:16 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-12-12 17:09 - 2018-11-09 07:15 - 021388752 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-12-12 17:09 - 2018-11-09 06:58 - 000244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2018-12-12 17:09 - 2018-11-09 06:57 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-12-12 17:09 - 2018-11-09 06:57 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2018-12-12 17:09 - 2018-11-09 06:56 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2018-12-12 17:09 - 2018-11-09 06:55 - 001254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-12-12 17:09 - 2018-11-09 06:54 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2018-12-12 17:09 - 2018-11-09 06:32 - 020383832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-12-12 17:09 - 2018-11-09 06:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-12-12 17:09 - 2018-11-09 06:20 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-12-12 17:09 - 2018-11-09 06:19 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2018-12-12 17:09 - 2018-11-09 06:18 - 000320512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2018-12-12 17:09 - 2018-11-09 03:56 - 001213472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-12-12 17:09 - 2018-11-09 03:49 - 000723416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-12-12 17:09 - 2018-11-09 03:49 - 000368656 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-12-12 17:09 - 2018-11-09 03:48 - 002719736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-12-12 17:09 - 2018-11-09 03:47 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-12-12 17:09 - 2018-11-09 03:47 - 000537912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2018-12-12 17:09 - 2018-11-09 03:22 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-12-12 17:09 - 2018-11-09 03:22 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2018-12-12 17:09 - 2018-11-09 03:21 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-12-12 17:09 - 2018-11-09 03:20 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys
2018-12-12 17:09 - 2018-11-09 03:20 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2018-12-12 17:09 - 2018-11-09 03:19 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2018-12-12 17:09 - 2018-11-09 03:18 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-12-12 17:09 - 2018-11-09 03:18 - 000573952 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2018-12-12 17:09 - 2018-11-09 03:18 - 000300032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2018-12-12 17:09 - 2018-11-09 03:17 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-12-12 17:09 - 2018-11-09 03:17 - 001069568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-12-12 17:09 - 2018-11-09 03:16 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-12-12 17:09 - 2018-11-09 03:15 - 000933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-12-12 17:09 - 2018-11-09 03:15 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-12-12 17:09 - 2018-11-09 02:47 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2018-12-12 17:09 - 2018-11-09 02:31 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-12-12 17:09 - 2018-11-09 02:30 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2018-12-12 17:09 - 2018-11-09 02:30 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2018-12-12 17:09 - 2018-11-09 02:29 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-12-12 17:09 - 2018-11-09 02:27 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2018-12-12 17:09 - 2018-11-09 02:26 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-12-12 17:09 - 2018-11-09 02:26 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-12-12 17:09 - 2018-11-09 02:26 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-12-12 17:09 - 2018-05-20 19:20 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hvsicontainerservice.dll
2018-12-08 20:17 - 2018-12-15 18:16 - 000000246 ____C C:\Users\warto\Desktop\Scep.txt
2018-12-02 10:10 - 2018-12-02 10:15 - 000000000 ____D C:\Users\warto\OneDrive\Dokumenty\Witcher 2
2018-12-02 10:10 - 2018-12-02 10:10 - 000000000 ___DC C:\Users\warto\AppData\Local\The Witcher 2
2018-12-02 09:55 - 2018-12-02 09:55 - 000001150 _____ C:\Users\Public\Desktop\Spustit hru The Witcher 2 (CZ).lnk
2018-12-02 09:55 - 2018-12-02 09:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 2 (CZ)
2018-12-02 09:36 - 2018-12-02 09:55 - 000000000 ____D C:\Program Files (x86)\The Witcher 2 (CZ)
2018-12-02 05:34 - 2018-12-02 08:07 - 000000000 ____D C:\Zaklínač 2 Vrahové Králů Rozšířená Edice
2018-12-02 05:34 - 2018-12-02 05:34 - 000039787 _____ C:\Users\warto\Downloads\[CzT]Zaklinac_2_Vrahove_Kralu_Rozsirena_Edice_The_Witcher_2_Assassins_of_Kings_Enchanced_Edition_CZ_.torrent
2018-12-02 05:26 - 2018-12-02 05:29 - 000041365 _____ C:\WINDOWS\SysWOW64\photorec.ses
2018-12-02 05:24 - 2018-12-02 05:26 - 000000000 ____D C:\Recovered Files
2018-12-02 05:21 - 2018-12-02 05:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transcend
2018-12-02 05:21 - 2018-12-02 05:21 - 000000000 ____D C:\Program Files (x86)\Transcend
2018-12-02 05:19 - 2018-12-02 05:19 - 000889416 _____ (Microsoft Corporation) C:\Users\warto\Downloads\dotNetFx40_Full_setup.exe
2018-11-22 10:23 - 2018-11-22 10:23 - 000000314 ____C C:\Users\warto\Desktop\Fortnite.url
2018-11-21 23:17 - 2018-11-21 23:17 - 000051142 _____ C:\Users\warto\Downloads\[CzT]Far_Cry_4_2014_CZ_.torrent
2018-11-21 05:08 - 2018-11-21 05:59 - 000000000 ____D C:\Users\warto\OneDrive\Dokumenty\Overwatch
2018-11-21 03:53 - 2018-11-21 03:53 - 000000000 ____D C:\Users\warto\OneDrive\Dokumenty\Diablo III
2018-11-21 00:43 - 2018-11-22 00:38 - 000000000 ____D C:\Program Files (x86)\World of Warcraft
2018-11-21 00:41 - 2018-11-21 00:41 - 000021785 _____ C:\Users\warto\Downloads\[CzT]Diablo_3_Diablo_III_Collectors_Edition.torrent
2018-11-16 18:04 - 2018-12-07 19:55 - 000000000 ____D C:\Program Files\rempl

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-15 18:33 - 2018-05-20 19:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-12-15 18:33 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-12-15 18:33 - 2018-04-11 22:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-12-15 18:33 - 2018-02-24 12:08 - 000000000 ____D C:\FRST
2018-12-15 18:33 - 2017-09-07 19:12 - 000000000 ____D C:\ProgramData\NVIDIA
2018-12-15 18:11 - 2018-05-20 19:30 - 000004212 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E88C2868-49A2-458F-AB33-2959AC309739}
2018-12-15 14:11 - 2018-09-06 09:57 - 000002772 ____C C:\Users\warto\Desktop\Repair.txt
2018-12-15 11:52 - 2018-02-28 13:46 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-12-15 05:27 - 2018-05-20 19:32 - 001689114 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-12-15 05:27 - 2018-04-12 16:51 - 000715034 _____ C:\WINDOWS\system32\perfh005.dat
2018-12-15 05:27 - 2018-04-12 16:51 - 000144328 _____ C:\WINDOWS\system32\perfc005.dat
2018-12-15 05:27 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2018-12-15 05:27 - 2017-09-07 19:15 - 000592616 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-12-15 05:24 - 2018-05-20 19:30 - 000000008 __RSH C:\Users\warto\ntuser.pol
2018-12-15 05:24 - 2018-05-20 19:26 - 000000000 ____D C:\Users\warto
2018-12-15 05:24 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-12-15 05:23 - 2018-02-24 09:46 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-12-15 05:23 - 2017-03-18 22:03 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-12-15 02:25 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-12-14 14:07 - 2018-02-24 11:24 - 000000000 ____D C:\AdwCleaner
2018-12-13 20:38 - 2018-02-16 17:11 - 000000000 ___DC C:\Users\warto\AppData\LocalLow\Mozilla
2018-12-13 18:10 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-12-13 15:37 - 2018-11-02 03:24 - 000002215 ____C C:\Users\warto\Desktop\Discord.lnk
2018-12-13 14:59 - 2018-05-20 19:25 - 000251384 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-12-13 14:59 - 2017-10-23 15:13 - 000000000 ___RD C:\Users\warto\3D Objects
2018-12-13 14:59 - 2017-09-07 17:26 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-12-13 00:47 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-12-13 00:47 - 2018-04-12 00:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-12-13 00:47 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-12-13 00:47 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellComponents
2018-12-13 00:47 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-12-12 17:15 - 2017-09-07 19:14 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-12-12 17:14 - 2017-09-07 19:14 - 137260640 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-12-12 17:12 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-12-12 16:41 - 2018-02-10 13:52 - 000000000 ___DC C:\Users\warto\AppData\Roaming\vlc
2018-12-11 23:38 - 2018-06-24 00:12 - 000000000 ___DC C:\Users\warto\AppData\Local\Battle.net
2018-12-11 21:07 - 2018-10-03 19:25 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-12-09 21:48 - 2018-10-07 21:44 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2018-12-09 20:05 - 2018-05-20 19:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-12-07 05:27 - 2017-10-23 05:11 - 000000000 ___DC C:\Users\warto\AppData\Local\Packages
2018-12-06 18:49 - 2018-05-20 19:35 - 000000000 ___DC C:\Users\warto\AppData\Local\D3DSCache
2018-12-06 15:23 - 2018-03-25 01:13 - 000000000 ___DC C:\Users\warto\AppData\Local\UnrealEngine
2018-12-05 18:14 - 2018-10-06 02:44 - 000004666 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-12-05 18:14 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-12-05 18:14 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-12-04 18:23 - 2017-09-22 23:54 - 000000000 ___DC C:\Users\warto\AppData\Roaming\BitTorrent
2018-12-03 14:24 - 2018-05-20 19:30 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3012513600-1294068158-3791818399-1001
2018-12-03 14:24 - 2018-05-20 19:26 - 000002391 ____C C:\Users\warto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-12-03 14:24 - 2017-09-07 17:28 - 000000000 ___RD C:\Users\warto\OneDrive
2018-12-02 04:33 - 2017-09-22 23:54 - 000000896 ____C C:\Users\warto\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2018-12-02 04:31 - 2018-01-15 16:30 - 000000000 ____D C:\Hry
2018-12-01 07:36 - 2018-02-16 17:05 - 000000910 ____C C:\Users\warto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2018-12-01 05:01 - 2018-04-12 00:41 - 000835688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-12-01 05:01 - 2018-04-12 00:41 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-29 23:26 - 2017-11-09 17:14 - 000000000 __RDC C:\Users\warto\Desktop\nevermind
2018-11-27 02:54 - 2017-09-07 18:09 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-22 07:19 - 2018-07-02 21:37 - 000000000 ____D C:\Program Files\Epic Games
2018-11-22 01:30 - 2018-05-08 11:14 - 000000000 ____D C:\Users\warto\OneDrive\Dokumenty\My Games
2018-11-22 01:07 - 2018-05-20 20:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hry
2018-11-21 05:33 - 2017-09-07 18:54 - 000000000 ___DC C:\Users\warto\AppData\Local\Blizzard Entertainment
2018-11-21 03:53 - 2018-06-24 00:12 - 000000000 ___DC C:\Users\warto\AppData\Roaming\Battle.net
2018-11-16 17:17 - 2017-12-09 13:43 - 000000000 ____D C:\Users\warto\ansel
2018-11-16 05:54 - 2018-08-31 17:21 - 000000000 ____D C:\Program Files\DAEMON Tools Lite
2018-11-16 05:53 - 2018-08-31 18:36 - 000000000 ____D C:\ProgramData\Electronic Arts
2018-11-16 05:53 - 2018-08-31 17:32 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-11-16 05:46 - 2018-02-12 23:07 - 000000000 ___DC C:\Users\warto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-11-15 17:44 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-11-15 17:44 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-11-15 17:44 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-11-15 17:44 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellExperiences

==================== Files in the root of some directories =======

2018-11-06 22:28 - 2018-11-06 22:28 - 000000001 ____C () C:\Users\warto\AppData\Local\llftool.4.40.agreement

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-20 19:25

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.12.2018
Ran by warto (15-12-2018 18:34:48)
Running from C:\Users\warto\Downloads
Windows 10 Pro Version 1803 17134.471 (X64) (2018-05-20 18:30:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3012513600-1294068158-3791818399-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3012513600-1294068158-3791818399-503 - Limited - Disabled)
Guest (S-1-5-21-3012513600-1294068158-3791818399-501 - Limited - Disabled)
Host (S-1-5-21-3012513600-1294068158-3791818399-1002 - Limited - Enabled) => C:\Users\Host
warto (S-1-5-21-3012513600-1294068158-3791818399-1001 - Administrator - Enabled) => C:\Users\warto
WDAGUtilityAccount (S-1-5-21-3012513600-1294068158-3791818399-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{5F4E8D94-3947-4019-9239-D2541C9A35F2}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{7A5E4942-A527-42E6-A5FC-95109B756CA8}) (Version: 3.5.1.7 - Intel) Hidden
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BitTorrent (HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\BitTorrent) (Version: 7.10.4.44847 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: - Piriform Ltd.)
Crossout Launcher 1.0.3.36 (HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\CrossOutLauncher_is1) (Version: - )
DiRT2 (HKLM-x32\...\{52D1D62C-FEAB-4580-849E-1DB624BADBBD}) (Version: 1.00.0000 - Codemasters)
Discord (HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
Dragon Age Inquisition v.1.11.u10 (HKLM-x32\...\Dragon Age Inquisition_is1) (Version: - )
Epic Games Launcher (HKLM-x32\...\{93BFE5DF-776E-436F-8693-DF1F72C0E3C1}) (Version: 1.1.151.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Far Cry 4 (HKLM-x32\...\Far Cry 4_is1) (Version: 1.4.0 - Ubisoft)
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
FlashBoot 2.3d (HKLM\...\FlashBoot_is1) (Version: - Mikhail Kupchik)
Free ISO Converter (HKLM-x32\...\{957954B6-DFFA-4CA7-8A0F-9E62221A8DEB}_is1) (Version: 1.0 - Media Freeware)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Intel(R) Computing Improvement Program (HKLM\...\{58FBAE3A-E602-47E6-9F32-AE25D48B378A}) (Version: 2.4.04140 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{ef2ad7ab-dd41-48ed-ae53-f7fe3cd903d8}) (Version: 3.5.1.7 - Intel)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes verze 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\OneDriveSetup.exe) (Version: 18.212.1021.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NVIDIA Ovladač 3D Vision 399.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 399.24 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 399.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 399.24 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{9530AE42-DAE1-4619-9594-B23487285D17}) (Version: 9.11.1107 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Ovládací panel NVIDIA 399.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 399.24 - NVIDIA Corporation) Hidden
Rapture3D 2.3.22 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)
RecoveRx version 3.8.0 (HKLM-x32\...\{3DE055DA-690F-43B8-9B7B-54E7D70806F9}_is1) (Version: 3.8.0 - Transcend Information, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SWF Opener (HKLM-x32\...\{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1) (Version: 1.3 - UnH Solutions)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1495134320_is1) (Version: 2.0.0.51 - GOG.com)
Total War Arena (HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\TWA.EU.PRODUCTION) (Version: - Wargaming.net)
Unity Web Player (HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 70.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.0 - VideoLAN)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Zaklínač 2: Vrahové Králů v3.0 (HKLM-x32\...\Zaklínač 2: Vrahové Králů Rozšířená Edice_is1) (Version: 1.0 - Electronic Arts)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-09-06] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11544983-8386-422A-A161-CB0FBCF7C2F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-07] (Google Inc.)
Task: {29B26F54-5430-4F48-8C90-3DA600C07B76} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-15] (Microsoft Corporation)
Task: {2D3617D5-B11E-4979-8483-9552F540D618} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {493E059B-A2E2-4C1A-9FCA-E2E4E3E4933B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-15] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {7644EFBD-B800-4976-8E07-0EB3D0DDDDF3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)
Task: {809AC4A5-94DA-4732-8A2D-19F03EAD0166} - System32\Tasks\S-1-5-21-3012513600-1294068158-3791818399-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-12-08] (Microsoft Corporation)
Task: {821E0A23-EC14-4002-9D57-F66761564AE7} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_101_pepper.exe [2018-12-05] (Adobe Systems Incorporated)
Task: {9DCD1EA1-3FAB-4CB4-AC1B-55A2DAC231B4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-15] (Microsoft Corporation)
Task: {BA79BBCA-F190-49A6-84F5-52D080B6E7B5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-07] (Google Inc.)
Task: {C1967968-F056-4A52-85DC-70EBDA33BC60} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-12-05] (Adobe Systems Incorporated)
Task: {D75AFEAE-FC90-40E1-B650-A2BF19241225} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {DA85AE09-51D0-4CDE-A62C-53D865923007} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {EE27CA57-1312-4A66-AF97-5160821FD479} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-15] (Microsoft Corporation)
Task: {FE3DF3C8-3F45-4484-AB8F-5B1086612FFC} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-02-12 23:08 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-09-19 00:51 - 2018-09-19 00:51 - 000194792 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-12-12 17:09 - 2018-12-08 08:33 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-12-15 02:25 - 2018-12-15 02:25 - 002834944 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1811.3241.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll
2018-12-15 02:25 - 2018-12-15 02:25 - 000120320 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1811.3241.0_x64__8wekyb3d8bbwe\PeopleUtilRT.dll
2018-12-15 02:25 - 2018-12-15 02:25 - 009032704 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1811.3241.0_x64__8wekyb3d8bbwe\Microsoft.People.NativeComponents.dll
2018-07-11 16:06 - 2018-07-11 16:06 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-10-10 02:48 - 2018-10-10 02:48 - 004389888 _____ () C:\Program Files\WindowsApps\Microsoft.OneConnect_5.1809.2571.0_x64__8wekyb3d8bbwe\OneConnect.dll
2018-04-05 09:10 - 2018-04-05 09:10 - 004734464 _____ () C:\Program Files\WindowsApps\Microsoft.Wallet_2.2.18065.0_x64__8wekyb3d8bbwe\Microsoft.Wallet.dll
2018-06-12 19:12 - 2018-06-08 10:31 - 003912608 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2018-06-12 19:12 - 2018-06-08 10:31 - 002506680 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2018-11-06 22:12 - 2018-11-06 22:13 - 000070144 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2018-09-08 21:26 - 2018-09-08 21:27 - 032745472 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1805.2331.0_x64__8wekyb3d8bbwe\PilotshubApp.dll
2018-12-11 15:25 - 2018-12-11 15:25 - 034870272 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-12-11 15:25 - 2018-12-11 15:25 - 000292352 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\SharedUI.dll
2017-12-01 16:18 - 2017-12-01 16:19 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2018-11-28 17:43 - 2018-11-28 17:43 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-12-11 15:25 - 2018-12-11 15:25 - 005967872 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\EntCommon.dll
2018-12-11 15:25 - 2018-12-11 15:25 - 009072128 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-07-02 21:36 - 2018-07-02 21:36 - 098275328 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
2018-07-02 21:36 - 2018-07-02 21:36 - 003922432 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll
2018-07-02 21:36 - 2018-07-02 21:36 - 000092672 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll
2016-01-06 17:41 - 2016-01-06 17:41 - 000062168 _____ () C:\Program Files\CCleaner\branding.dll
2018-11-27 02:54 - 2018-11-16 06:43 - 005020504 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.110\libglesv2.dll
2018-11-27 02:54 - 2018-11-16 06:43 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.110\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 22:03 - 2018-02-28 13:45 - 000000753 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\warto\Downloads\assassins_creed_origins-wallpaper-1920x1200.jpg
DNS Servers: 10.1.0.33
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\StartupApproved\Run: => "EA Core"
HKU\S-1-5-21-3012513600-1294068158-3791818399-1001\...\StartupApproved\Run: => "Discord"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{5D38FC9B-3BA3-4C5F-8102-2B08AA67C949}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{21B53C08-9147-4502-B390-7E01A03DAD87}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{5397481F-A840-4DA7-BBE9-7A5659313106}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{4F06821A-7212-459A-B965-2DCD8D02A1A1}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{71BCA3F8-1108-4BB9-9F1C-CF95C3F34DD7}] => (Allow) LPort=1688
FirewallRules: [{877274C3-04FF-453E-AD6D-9745E0CA973C}] => (Allow) C:\Users\warto\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0B363149-DD6E-4F7F-B483-3DED1BC8E7E5}] => (Allow) C:\Users\warto\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{693305F7-92F7-4E0F-8AF4-81D5029A7646}D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{1248693B-A1BE-47BE-A697-6AE83EF38C84}D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{E88F8F40-CA69-4DC0-A907-7AC706AD9D18}C:\program files (x86)\world of warcraft\utils\wowvoiceproxy.exe] => (Allow) C:\program files (x86)\world of warcraft\utils\wowvoiceproxy.exe
FirewallRules: [UDP Query User{38AE3643-F24B-4121-A934-DC852F51328D}C:\program files (x86)\world of warcraft\utils\wowvoiceproxy.exe] => (Allow) C:\program files (x86)\world of warcraft\utils\wowvoiceproxy.exe
FirewallRules: [TCP Query User{B87C723B-3BDF-45AA-BA72-E5D539DF48A7}D:\mass effect 3 complete edition\binaries\win32\masseffect3.exe] => (Allow) D:\mass effect 3 complete edition\binaries\win32\masseffect3.exe
FirewallRules: [UDP Query User{1E6AAAAC-6B5E-44C6-A9A6-471D3C19AB2E}D:\mass effect 3 complete edition\binaries\win32\masseffect3.exe] => (Allow) D:\mass effect 3 complete edition\binaries\win32\masseffect3.exe
FirewallRules: [TCP Query User{141B2EF2-ABCB-4A5E-878B-D44938CDC812}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{9C17AA51-FC8B-4F4A-9906-D5A976778259}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [{74B1B2AE-1033-4F7C-A665-738C684DEB1F}] => (Allow) D:\dirt2_game.exe
FirewallRules: [{A4E8F381-B403-40A9-B8BB-7FA087965B61}] => (Allow) D:\dirt2_game.exe
FirewallRules: [{C8A83804-6167-453F-B838-9DB6489D9BE8}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{A0C8C48D-620B-4919-8FE7-510EACE9BE74}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{A01BD763-F1C8-42B4-8C48-A5558DFA67B2}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{FE24C43C-9D27-44E6-843F-504502F5F203}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{E7F4EFB5-9E43-4943-9717-69E5C25216C8}] => (Allow) D:\Assassin's Creed Odyssey\ACOdyssey.exe
FirewallRules: [TCP Query User{7CB67C81-3838-4269-8D25-2D2DDBED43C8}C:\users\warto\appdata\roaming\bittorrent\updates\7.10.4_44633.exe] => (Allow) C:\users\warto\appdata\roaming\bittorrent\updates\7.10.4_44633.exe
FirewallRules: [UDP Query User{32955051-F35D-47E1-B0CB-FCE57E603D98}C:\users\warto\appdata\roaming\bittorrent\updates\7.10.4_44633.exe] => (Allow) C:\users\warto\appdata\roaming\bittorrent\updates\7.10.4_44633.exe
FirewallRules: [TCP Query User{A95ADE7A-E220-49EA-A41C-F08479DBA634}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{8F96320C-B014-402E-8B57-86E970BC4860}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{B0725937-A22A-4390-9AAE-3F2EA27FE65F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C065BEA0-AA37-44F8-B721-A32BDF8C3C9A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6F97E5AC-2D5E-4813-B370-70FDC4B84FE7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{1BECAAF7-E961-4B01-844C-5383EEF25F05}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{53A27883-C52D-41B2-BFD4-EE7C5CA8C1E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe
FirewallRules: [{4656C629-AA55-46AD-A38C-E98A5B9ACD20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe
FirewallRules: [TCP Query User{F0E0C053-708A-482C-B0E0-2CBC9221F297}C:\program files (x86)\world of warcraft\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\world of warcraft\diablo iii\x64\diablo iii64.exe
FirewallRules: [UDP Query User{816C9A3F-AF3D-41A6-B49A-609CE8912D5D}C:\program files (x86)\world of warcraft\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\world of warcraft\diablo iii\x64\diablo iii64.exe
FirewallRules: [TCP Query User{9172CF0A-6DB0-4764-A915-785C28EC06AC}C:\program files (x86)\world of warcraft\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\world of warcraft\overwatch\overwatch.exe
FirewallRules: [UDP Query User{E58FD48F-5FD1-442D-9AF9-D58C35200845}C:\program files (x86)\world of warcraft\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\world of warcraft\overwatch\overwatch.exe
FirewallRules: [TCP Query User{9E941686-8A54-46A9-983E-32A385F06666}C:\hry\far cry 4\bin\farcry4.exe] => (Allow) C:\hry\far cry 4\bin\farcry4.exe
FirewallRules: [UDP Query User{FFA2E5BD-F473-4A45-9EE9-A14250773315}C:\hry\far cry 4\bin\farcry4.exe] => (Allow) C:\hry\far cry 4\bin\farcry4.exe
FirewallRules: [{19D8DF29-435F-4782-8918-DC48F07B4DD7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{0DEED14E-DE93-4149-831C-7A232F657215}C:\program files (x86)\the witcher 2 (cz)\bin\witcher2.exe] => (Allow) C:\program files (x86)\the witcher 2 (cz)\bin\witcher2.exe
FirewallRules: [UDP Query User{8AC3F394-E2F6-467A-8009-F549CF9F6711}C:\program files (x86)\the witcher 2 (cz)\bin\witcher2.exe] => (Allow) C:\program files (x86)\the witcher 2 (cz)\bin\witcher2.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/15/2018 11:40:50 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu WmiApRpl v knihovně DLL C:\WINDOWS\system32\wbem\wmiaprpl.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (12/15/2018 11:40:50 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (12/15/2018 11:40:50 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu MSDTC v knihovně DLL C:\WINDOWS\system32\msdtcuiu.DLL se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (12/15/2018 11:40:50 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu Lsa v knihovně DLL C:\Windows\System32\Secur32.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (12/15/2018 11:40:50 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu ESENT v knihovně DLL C:\WINDOWS\system32\esentprf.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (12/15/2018 05:28:11 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu WmiApRpl v knihovně DLL C:\WINDOWS\system32\wbem\wmiaprpl.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (12/15/2018 05:28:11 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (12/15/2018 05:28:11 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu MSDTC v knihovně DLL C:\WINDOWS\system32\msdtcuiu.DLL se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.


System errors:
=============
Error: (12/15/2018 06:33:43 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-QD17RQH)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-QD17RQH\warto (SID: S-1-5-21-3012513600-1294068158-3791818399-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/15/2018 11:37:07 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-QD17RQH)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-QD17RQH\warto (SID: S-1-5-21-3012513600-1294068158-3791818399-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/15/2018 05:25:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscBrokerManager
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/15/2018 05:24:39 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-QD17RQH)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-QD17RQH\warto (SID: S-1-5-21-3012513600-1294068158-3791818399-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/15/2018 05:23:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Energy Server Service queencreek byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/15/2018 05:23:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Remediation Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (12/15/2018 05:23:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (12/15/2018 05:23:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK byla neočekávaně ukončena. Tento stav nastal již 1krát.


Windows Defender:
===================================
Date: 2018-10-07 22:07:37.517
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Fuerboos.C!cl
ID: 2147723654
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Windows\Temp\217.71.252.46.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Windows\SysWOW64\Microsoft\Protect\S-1-83-65\RB_1.4.91.43.exe
Verze podpisu: AV: 1.277.719.0, AS: 1.277.719.0, NIS: 1.277.719.0
Verze modulu: AM: 1.1.15300.6, NIS: 1.1.15300.6

Date: 2018-10-04 09:37:31.175
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.277.515.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15300.6
Kód chyby: 0x80240438
Popis chyby :Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2018-10-04 05:42:54.059
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.277.515.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15300.6
Kód chyby: 0x80240438
Popis chyby :Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2018-10-04 00:27:02.821
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.277.515.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15300.6
Kód chyby: 0x80240438
Popis chyby :Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2018-10-03 22:22:58.744
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.277.515.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15300.6
Kód chyby: 0x80240438
Popis chyby :Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2018-09-14 03:21:04.071
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.275.1140.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15200.1
Kód chyby: 0x80070643
Popis chyby :Při instalaci došlo k závažné chybě.

CodeIntegrity:
===================================

Date: 2018-12-15 11:55:01.663
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\win32kbase.sys that did not meet the Microsoft signing level requirements.

Date: 2018-12-15 05:26:54.508
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.1809.2-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\win32kbase.sys that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G4600 @ 3.60GHz
Percentage of memory in use: 42%
Total physical RAM: 8128.61 MB
Available physical RAM: 4652.59 MB
Total Virtual: 10816.61 MB
Available Virtual: 5599.29 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.24 GB) (Free:9.77 GB) NTFS
Drive d: (ADATA UFD) (Removable) (Total:57.81 GB) (Free:2.03 GB) NTFS

\\?\Volume{5a6ae5dd-a1c3-46c1-a0fb-4e99138bf673}\ (Obnovení) (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
\\?\Volume{acd79ad2-c4af-4496-92ef-e9a2db0b22a9}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 111.8 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (Size: 57.8 GB) (Disk ID: FC6BC999)
Partition 1: (Not Active) - (Size=57.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prevence <PC>

#12 Příspěvek od Diallix »

Otestujtee teento subor na virustotal.com:
C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe

Vysledok dajte sem

Do poznamkoveho bloku skopirujte obsah dole:

Kód:

Kód: Vybrat vše

CloseProcesses:
C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe
C:\WINDOWS\System32\WinBioPlugIns
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Naposledy upravil(a) Diallix dne 16 pro 2018 08:58, celkem upraveno 1 x.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Tommy Puerto
Návštěvník
Návštěvník
Příspěvky: 43
Registrován: 04 zář 2014 01:52

Re: Prevence <PC>

#13 Příspěvek od Tommy Puerto »

Tady je ten log z FRST. A ten FaceFodUninstaller.exe jsem našel jinde než v tom system32, hofil ho na plochu a otestoval tak snad je to jedno.
https://www.virustotal.com/#/file/9e370 ... /detection

Fix result of Farbar Recovery Scan Tool (x64) Version: 09.12.2018
Ran by warto (15-12-2018 23:05:31) Run:2
Running from C:\Users\warto\Downloads
Loaded Profiles: warto (Available Profiles: warto & Host)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe
C:\WINDOWS\System32\WinBioPlugIns
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
*****************

Processes closed successfully.
C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe => moved successfully
C:\WINDOWS\System32\WinBioPlugIns => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65B85F6F-35B3-4459-A179-28255D5B7B25}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65B85F6F-35B3-4459-A179-28255D5B7B25}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\HelloFace\FODCleanupTask" => removed successfully


The system needed a reboot.

==== End of Fixlog 23:05:32 ====

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prevence <PC>

#14 Příspěvek od Diallix »

Ako je na tom pocitac?
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Tommy Puerto
Návštěvník
Návštěvník
Příspěvky: 43
Registrován: 04 zář 2014 01:52

Re: Prevence <PC>

#15 Příspěvek od Tommy Puerto »

Zatím se to zdá být lepší, tak kdyby něco tak se ozvu ale zatím děkuju :)

Odpovědět