VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Botnet - zjištěna infikace malwarem

https://forum.viry.cz:443/viewtopic.php?t=156081

Stránka 4 z 6

Re: Botnet - zjištěna infikace malwarem

Napsal: 05 črc 2019 16:50
od durod
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 3-07-2019
Ran by Slavicek (05-07-2019 17:36:33)
Running from C:\Users\Slavicek\Desktop
Windows 10 Pro Version 1903 18362.207 (X64) (2019-06-18 07:43:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-79263149-2179494062-2174528413-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-79263149-2179494062-2174528413-503 - Limited - Disabled)
Guest (S-1-5-21-79263149-2179494062-2174528413-501 - Limited - Disabled)
Slavicek (S-1-5-21-79263149-2179494062-2174528413-1001 - Administrator - Enabled) => C:\Users\Slavicek
WDAGUtilityAccount (S-1-5-21-79263149-2179494062-2174528413-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.1.1 - Advanced Micro Devices, Inc.)
Assassin's Creed Unity (HKLM-x32\...\Uplay Install 720) (Version: - Ubisoft)
Blender (HKLM\...\{E29A1273-2E7A-40E7-AA63-428A11D59429}) (Version: 2.79.2 - Blender Foundation)
Clownfish Voice Changer (HKLM\...\ClownfishVoiceChanger) (Version: - )
CPUID CPU-Z 1.89 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.89 - CPUID, Inc.)
Discord (HKU\S-1-5-21-79263149-2179494062-2174528413-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{93BFE5DF-776E-436F-8693-DF1F72C0E3C1}) (Version: 1.1.151.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
f.lux (HKU\S-1-5-21-79263149-2179494062-2174528413-1001\...\Flux) (Version: - f.lux Software LLC)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.0.1.1049 - Foxit Software Inc.)
GnuCash 3.1 (HKLM-x32\...\GnuCash_is1) (Version: - GnuCash Development Team)
Google Chrome (HKU\S-1-5-21-79263149-2179494062-2174528413-1001\...\Google Chrome) (Version: 75.0.3770.100 - Google LLC)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000060-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.60.0 - Intel Corporation)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Life Is Strange - Complete First Season verze 1.0 u13 (HKLM-x32\...\{2EC1CC17-23FA-49C5-898C-F15B3F708B7E}_is1) (Version: 1.0 u13 - )
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProPlusRetail - cs-cz) (Version: 16.0.11727.20230 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-79263149-2179494062-2174528413-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0005 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 61.0.2 (x64 sk) (HKLM\...\Mozilla Firefox 61.0.2 (x64 sk)) (Version: 61.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.3 - Mozilla)
MSI Afterburner 4.4.2 (HKLM-x32\...\Afterburner) (Version: 4.4.2 - MSI Co., LTD)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 23.1.0 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11727.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11727.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11727.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.11727.20230 - Microsoft Corporation) Hidden
OpenOffice 4.1.5 (HKLM-x32\...\{E177AC33-EC9C-4537-8996-37ED331D9227}) (Version: 4.15.9789 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.41.27263 - Electronic Arts, Inc.)
paint.net (HKLM\...\{B998B716-4001-4919-BA90-BA14B51DFEB5}) (Version: 4.1.6 - dotPDN LLC)
Plague Inc Evolved (HKLM-x32\...\Plague Inc Evolved) (Version: - Plague Inc Evolved)
RivaTuner Statistics Server 7.0.2 (HKLM-x32\...\RTSS) (Version: 7.0.2 - Unwinder)
Roblox Player for Slavicek (HKU\S-1-5-21-79263149-2179494062-2174528413-1001\...\roblox-player) (Version: - Roblox Corporation)
Roblox Studio for Slavicek (HKU\S-1-5-21-79263149-2179494062-2174528413-1001\...\roblox-studio) (Version: - Roblox Corporation)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TechSmith Screen Capture Codec (HKLM-x32\...\{84FE50F5-B0F3-4D18-8BE8-A4DEEE0C37AD}) (Version: 4.1.1.0 - TechSmith Corporation) Hidden
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.52.100.1020 - Electronic Arts Inc.)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.12 - Ghisler Software GmbH)
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 85.1 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22807 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Wondershare Filmora(Build 8.7.2) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_1.7.0.0_x64__tf1gferkr813w [2017-12-07] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_4.1.2.0_x86__kgqvnymyfvs32 [2017-12-07] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.101.900.0_x86__kgqvnymyfvs32 [2017-12-07] (king.com)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_2.6.0.9_x86__h6adky7gbf63m [2017-12-07] (Gameloft.)
File Viewer Plus -> C:\Program Files\WindowsApps\SharpenedProductions.FileViewerPlus_3.1.1.0_x86__xkt78gamzntbr [2018-12-16] (Sharpened Productions)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_85.1.379.0_x64__v10z8vjag6ke6 [2018-08-10] (HP Inc.)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe [2019-06-18] (Microsoft Corporation) [MS Ad]
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_2.9.0.10_x86__h6adky7gbf63m [2017-12-07] (Gameloft.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1804.2.0_x86__8wekyb3d8bbwe [2019-04-28] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2019-06-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.2.11280.0_x86__8wekyb3d8bbwe [2019-06-18] (Microsoft Studios) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.21.2212.0_x64__8wekyb3d8bbwe [2017-12-07] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe [2019-06-18] (Microsoft Corporation) [MS Ad]
TVHPlayer Beta -> C:\Program Files\WindowsApps\9388Wally.465111A6D3D5_0.9.2.5_x86__srjp817t7b3e0 [2018-02-03] (Wally)
WinZip Universal -> C:\Program Files\WindowsApps\WinZipComputing.WinZipUniversal_1.1.18.0_x64__3ykzqggjzj4z0 [2017-12-07] (WinZip Computing)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-79263149-2179494062-2174528413-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\Slavicek\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll (Google Inc -> Google LLC)
CustomCLSID: HKU\S-1-5-21-79263149-2179494062-2174528413-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\Slavicek\AppData\Local\Google\Chrome\Application\75.0.3770.100\notification_helper.exe (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-79263149-2179494062-2174528413-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Slavicek\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll (Google Inc -> Google LLC)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-01-12] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-06-05 06:13 - 2017-06-05 06:13 - 000015360 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2017-06-05 06:13 - 2017-06-05 06:13 - 002519040 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2018-01-12 17:59 - 2018-01-12 17:59 - 000155688 _____ (AMD PMP-PE CB Code Signer v20170331 -> Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\SYSTEM32\amdihk64.dll
2018-03-28 13:15 - 2019-06-11 08:21 - 001277440 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2018-03-28 13:15 - 2019-06-11 08:22 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2018-03-28 13:15 - 2019-05-25 09:55 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2019-07-04 14:02 - 2019-05-25 09:56 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2019-07-04 14:02 - 2019-05-25 09:56 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2019-07-04 14:02 - 2019-05-25 09:56 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2019-07-04 14:02 - 2019-05-25 09:56 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2019-07-04 14:02 - 2019-05-25 09:56 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000032768 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000039936 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000034816 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000237568 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000024064 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000481792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 001336832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2018-01-12 17:42 - 2018-01-12 17:42 - 005766144 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 006045696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 001204736 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000279552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 003234304 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 003406848 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000328704 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000325632 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 068669952 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000110080 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 005523456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000283136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000194560 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 003281408 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000049152 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000311296 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000089600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WmsSelfHealing => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\hvsifltr => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WmsSelfHealing => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 15:46 - 2019-07-05 09:57 - 000000855 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-79263149-2179494062-2174528413-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Slavicek\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\20190623_115234.jpg
DNS Servers: 213.46.172.37 - 213.46.172.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-79263149-2179494062-2174528413-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-79263149-2179494062-2174528413-1001\...\StartupApproved\Run: => "Opera Browser Assistant"
HKU\S-1-5-21-79263149-2179494062-2174528413-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{03513F34-92B9-4159-9D45-25E792C05DEA}C:\windows\syswow64\svchost.exe] => (Block) C:\windows\syswow64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [TCP Query User{6A536E7A-8E44-4524-A015-0B3AE2EF2758}C:\windows\syswow64\svchost.exe] => (Block) C:\windows\syswow64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{CB5CA05E-19A5-4B8C-9BDC-C36422E9A1A2}] => (Allow) C:\Users\Slavicek\AppData\Local\Programs\Opera\60.0.3255.151\opera.exe No File
FirewallRules: [{EB92E8D1-018A-4798-83E7-452A4A94CA0C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{53B2B6EB-E441-4621-A27C-E787C96C45ED}] => (Allow) C:\Users\Slavicek\AppData\Local\Programs\Opera\60.0.3255.109\opera.exe No File
FirewallRules: [UDP Query User{C7ED3982-2FA5-4641-A7E1-A76E6218DE34}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [TCP Query User{37BF5091-A596-474C-895B-15D57AF62A1D}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [UDP Query User{80CA397F-28C0-4324-A944-64D3AE847B31}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{B6F84E87-F3A6-4FCC-8AAD-EC6F4012977A}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{773B181C-39B5-4CAE-A59C-58A29C33978E}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{C48DA8F7-478C-49D2-826B-38A28941F83D}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{BB8013A1-8737-4796-974B-FEC547E46011}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B4785CCF-2BF9-4073-B95E-CDD5A5B7E5AD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4632AB01-333F-425E-9928-32DD9DEEC0C4}] => (Allow) LPort=5558
FirewallRules: [{E46849C2-A68F-4A05-A31D-D7AED9CEC7F1}] => (Allow) LPort=5556
FirewallRules: [UDP Query User{C4C4583E-4F9D-4352-97E4-37933D8DEF9D}C:\users\slavicek\desktop\odorik.exe] => (Allow) C:\users\slavicek\desktop\odorik.exe (Odorik.cz) [File not signed]
FirewallRules: [TCP Query User{5A872D68-D54C-4FF2-AAEA-1E1D5677C520}C:\users\slavicek\desktop\odorik.exe] => (Allow) C:\users\slavicek\desktop\odorik.exe (Odorik.cz) [File not signed]
FirewallRules: [{4A314205-58FA-4627-B21E-65541C998966}] => (Block) C:\users\slavicek\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{5891494F-428A-495B-AAD4-44EFB87EFA30}] => (Block) C:\users\slavicek\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{59C644F9-81E3-4E6B-9BB6-5393916B4DBE}C:\users\slavicek\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\slavicek\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{03994D94-3F24-4EBA-9C0F-75D2129C31D8}C:\users\slavicek\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\slavicek\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{28819002-4F9A-4009-9115-BB46B6D616DF}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe No File
FirewallRules: [UDP Query User{0DB069FE-766F-4822-9D31-C851767C5AE5}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe No File
FirewallRules: [{6EC6DAC7-B3B7-4A97-B35B-EA1C502533A4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BDD97B8D-0757-4C58-BFB0-52292BF6F71B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{D81B8BD3-3B67-474B-BA6D-72323733FC90}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{DB4862B7-1CCF-4A9E-8DE8-028661F902C9}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [TCP Query User{BC7B43CA-FB4B-41AC-813B-53D919F4B380}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{BDB3C070-E70C-4E42-8F61-586C39B065D9}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{21D88489-CFD7-45BD-8BBB-1102D7AC41BD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{08C3FB04-6BD8-4D9E-BF37-A6ED81186C0A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{F7CC01F0-022A-4F39-BB12-B3B175F6AF59}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{77E768F0-6AEE-41B1-AB2E-1B3F10B0E7F3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{E2CB89DF-2405-43EA-A234-247400346EB2}] => (Allow) D:1\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe No File
FirewallRules: [{707EDAE2-899A-4843-9D1F-6DA8E56FAE0C}] => (Allow) D:1\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe No File
FirewallRules: [{958CB981-D5FB-4B77-A164-8E8A7FBA2665}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{C16555BE-0705-47B9-8006-C0F2B77A340A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{A7F06730-A410-438D-8873-B1282607A9A2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{34EE703D-91F4-4DC4-831F-8FFA67A2B85C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{07B99EB4-C9D7-47C2-B401-74FB262FF525}D:\xgames\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\xgames\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{806382E6-DB0C-451E-91F8-0F8CB29398BB}D:\xgames\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\xgames\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{E9E85B90-8151-4607-BD85-7B12830AA327}] => (Allow) D:\Ubisoft Game Launcher\games\Assassin's Creed Unity\ACU.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{42C37B5A-BEF7-4BED-A76A-F2B767FB1397}] => (Allow) D:\Ubisoft Game Launcher\games\Assassin's Creed Unity\ACU.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{6A9210C1-805D-496E-9637-89E46F38576D}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{53329BC7-A8FF-479B-A350-48A0BF0753EC}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{897727BA-5DD0-402D-8ECE-10DAF261B55D}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{CA8DE110-38E6-47CB-AC5B-2A975DF54D50}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [WMS-Dashboard] => (Allow) %ProgramFiles%\Windows MultiPoint Server\WmsDashboard.exe No File
FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-UDP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe No File
FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-TCP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe No File
FirewallRules: [WMS-Manager] => (Allow) %ProgramFiles%\Windows MultiPoint Server\WmsManager.exe No File
FirewallRules: [WMS-Service] => (Allow) %ProgramFiles%\Windows MultiPoint Server\Wmssvc.exe No File
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe No File
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe No File
FirewallRules: [HNS Container Networking - DNS (UDP-In) - 879AA28C-BC5D-4082-82F6-B488CD887C81 - 0] => (Allow) LPort=53

==================== Restore Points =========================

05-07-2019 09:37:06 Tweaking.com - Windows Repair 2018
05-07-2019 09:41:48 5/7/2019

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/05/2019 05:28:06 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Služba Windows Search byla zastavena, protože došlo k problému s indexovacím modulem The catalog is corrupt.

Podrobnosti:
Katalog indexu obsahu je poškozený. 0xc0041801 (0xc0041801)

Error: (07/05/2019 05:28:06 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vyhledávací služby zjistila, že index {id=4810 - onecoreuap\base\appmodel\search\search\ytrip\tripoli\inverted\decodinglayeroccurrences.cpp (600)} obsahuje poškozené datové soubory. Služba se pokusí tyto potíže automaticky odstranit vytvořením nového indexu.

Podrobnosti:
Neplatné údaje. 0x8007000d (0x8007000d)

Error: (07/05/2019 05:28:06 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vyhledávací služby zjistila, že index {id=4810 - onecoreuap\base\appmodel\search\search\ytrip\tripoli\inverted\decodinglayeroccurrences.cpp (600)} obsahuje poškozené datové soubory. Služba se pokusí tyto potíže automaticky odstranit vytvořením nového indexu.

Neplatné údaje. 0x8007000d (0x8007000d)

Error: (07/05/2019 10:14:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SecHealthUI.exe, verze: 10.0.18362.1, časové razítko: 0x5c9016a0
Název chybujícího modulu: SecHealthUIViewModels.dll, verze: 10.0.18362.1, časové razítko: 0x5c9016e7
Kód výjimky: 0xc000041d
Posun chyby: 0x00000000000088d8
ID chybujícího procesu: 0x3128
Čas spuštění chybující aplikace: 0x01d533099f121e39
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
Cesta k chybujícímu modulu: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll
ID zprávy: aee98d61-affe-4d3c-bb0f-a9e6d52ad3e1
Úplný název chybujícího balíčku: Microsoft.Windows.SecHealthUI_10.0.18362.1_neutral__cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: SecHealthUI

Error: (07/05/2019 10:14:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SecHealthUI.exe, verze: 10.0.18362.1, časové razítko: 0x5c9016a0
Název chybujícího modulu: SecHealthUIViewModels.dll, verze: 10.0.18362.1, časové razítko: 0x5c9016e7
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000088d8
ID chybujícího procesu: 0x3128
Čas spuštění chybující aplikace: 0x01d533099f121e39
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
Cesta k chybujícímu modulu: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll
ID zprávy: 15e0fd7c-02e1-4818-bb54-24be305d7043
Úplný název chybujícího balíčku: Microsoft.Windows.SecHealthUI_10.0.18362.1_neutral__cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: SecHealthUI

Error: (07/05/2019 10:07:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SecHealthUI.exe, verze: 10.0.18362.1, časové razítko: 0x5c9016a0
Název chybujícího modulu: SecHealthUIViewModels.dll, verze: 10.0.18362.1, časové razítko: 0x5c9016e7
Kód výjimky: 0xc000041d
Posun chyby: 0x00000000000088d8
ID chybujícího procesu: 0x3ac
Čas spuštění chybující aplikace: 0x01d53308776b186b
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
Cesta k chybujícímu modulu: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll
ID zprávy: 9d5f83e7-abd0-4972-ba01-e8a11f32dd04
Úplný název chybujícího balíčku: Microsoft.Windows.SecHealthUI_10.0.18362.1_neutral__cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: SecHealthUI

Error: (07/05/2019 10:07:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SecHealthUI.exe, verze: 10.0.18362.1, časové razítko: 0x5c9016a0
Název chybujícího modulu: SecHealthUIViewModels.dll, verze: 10.0.18362.1, časové razítko: 0x5c9016e7
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000088d8
ID chybujícího procesu: 0x3ac
Čas spuštění chybující aplikace: 0x01d53308776b186b
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
Cesta k chybujícímu modulu: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll
ID zprávy: 24a06cf4-18ad-4194-9561-9a9a7efd9c54
Úplný název chybujícího balíčku: Microsoft.Windows.SecHealthUI_10.0.18362.1_neutral__cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: SecHealthUI

Error: (07/05/2019 10:04:37 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Při aktualizaci stavu na SECURITY_PRODUCT_STATE_ON došlo k chybě.


System errors:
=============
Error: (07/05/2019 05:29:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Browser neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (07/05/2019 05:29:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Browser bylo dosaženo časového limitu (30000 ms).

Error: (07/05/2019 05:29:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Browser neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (07/05/2019 05:29:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Browser bylo dosaženo časového limitu (30000 ms).

Error: (07/05/2019 05:29:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Browser neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (07/05/2019 05:29:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Browser bylo dosaženo časového limitu (30000 ms).

Error: (07/05/2019 05:27:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Browser neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (07/05/2019 05:27:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Browser bylo dosaženo časového limitu (45000 ms).


CodeIntegrity:
===================================

Date: 2019-06-24 20:55:25.167
Description:
Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume7\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2019-06-24 20:55:25.154
Description:
Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume7\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 1608 05/10/2011
Motherboard: ASUSTeK Computer INC. P8P67
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 27%
Total physical RAM: 16360.79 MB
Available physical RAM: 11820.11 MB
Total Virtual: 17384.79 MB
Available Virtual: 11982.16 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:88.89 GB) (Free:28.47 GB) NTFS
Drive d: (Nový zväzok) (Fixed) (Total:345.57 GB) (Free:15 GB) NTFS
Drive e: (Install_FIlmy) (Fixed) (Total:585.94 GB) (Free:67.88 GB) NTFS
Drive f: (Nový zväzok) (Fixed) (Total:376.27 GB) (Free:64.24 GB) NTFS
Drive g: () (Fixed) (Total:110 GB) (Free:5.26 GB) NTFS
Drive h: (Adrika) (Fixed) (Total:109.89 GB) (Free:7.94 GB) NTFS

\\?\Volume{05a743f9-0000-0000-0000-100000000000}\ (Vyhradené systémom) (Fixed) (Total:0.54 GB) (Free:0.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 4284FF7D)
Partition 1: (Not Active) - (Size=345.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=585.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: 9B64CFD8)
Partition 1: (Not Active) - (Size=376.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=219.9 GB) - (Type=0F Extended)

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 89.4 GB) (Disk ID: 05A743F9)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=88.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Re: Botnet - zjištěna infikace malwarem

Napsal: 06 črc 2019 01:34
od Conder
:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
CloseProcesses:
CreateRestorePoint:

ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv
ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc
File: C:\Windows\system32\vsocklib.dll

GroupPolicy: Restriction - Windows Defender <======= ATTENTION
GroupPolicy: Restriction ? <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION

Winsock: Catalog9 17 %windir%\system32\vsocklib.dll => No File 
Winsock: Catalog9 18 %windir%\system32\vsocklib.dll => No File 
Winsock: Catalog9-x64 17 %windir%\system32\vsocklib.dll => No File 
Winsock: Catalog9-x64 18 %windir%\system32\vsocklib.dll => No File 
cmd: netsh winsock reset

S3 Browser; %SystemRoot%\System32\browser.dll [X]

ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
FirewallRules: [UDP Query User{03513F34-92B9-4159-9D45-25E792C05DEA}C:\windows\syswow64\svchost.exe] => (Block) C:\windows\syswow64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [TCP Query User{6A536E7A-8E44-4524-A015-0B3AE2EF2758}C:\windows\syswow64\svchost.exe] => (Block) C:\windows\syswow64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{4A314205-58FA-4627-B21E-65541C998966}] => (Block) C:\users\slavicek\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{5891494F-428A-495B-AAD4-44EFB87EFA30}] => (Block) C:\users\slavicek\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)

Hosts:
EmptyTemp:
End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Re: Botnet - zjištěna infikace malwarem

Napsal: 06 črc 2019 06:03
od durod
Fix result of Farbar Recovery Scan Tool (x64) Version: 3-07-2019
Ran by Slavicek (06-07-2019 06:58:58) Run:2
Running from C:\Users\Slavicek\Desktop
Loaded Profiles: Slavicek (Available Profiles: Slavicek)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv
ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc
File: C:\Windows\system32\vsocklib.dll

GroupPolicy: Restriction - Windows Defender <======= ATTENTION
GroupPolicy: Restriction ? <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION

Winsock: Catalog9 17 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9 18 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9-x64 17 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9-x64 18 %windir%\system32\vsocklib.dll => No File
cmd: netsh winsock reset

S3 Browser; %SystemRoot%\System32\browser.dll [X]

ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
FirewallRules: [UDP Query User{03513F34-92B9-4159-9D45-25E792C05DEA}C:\windows\syswow64\svchost.exe] => (Block) C:\windows\syswow64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [TCP Query User{6A536E7A-8E44-4524-A015-0B3AE2EF2758}C:\windows\syswow64\svchost.exe] => (Block) C:\windows\syswow64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{4A314205-58FA-4627-B21E-65541C998966}] => (Block) C:\users\slavicek\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{5891494F-428A-495B-AAD4-44EFB87EFA30}] => (Block) C:\users\slavicek\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.
================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
"Type"="32"
"Start"="2"
"ErrorControl"="1"
"ServiceSidType"="1"
"ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs -p"
"ObjectName"="LocalSystem"
"DependOnService"="rpcss"
"RequiredPrivileges"="SeAuditPrivilege*SeCreateGlobalPrivilege*SeCreatePageFilePrivilege*SeTcbPrivilege*SeAssignPrimaryTokenPrivilege*SeImpersonatePrivilege*SeIncreaseQuotaPrivilege*SeShutdownPrivilege*SeDebugPrivilege*SeB (the data entry has 215 more characters)."
"Description"="@%systemroot%\system32\wuaueng.dll,-106"
"DisplayName"="Windows Update"
"FailureActions"="80510100000000000000000003000000140000000100000060ea000000000000000000000000000000000000"
"SvcMemHardLimitInMB"="246"
"SvcMemMidLimitInMB"="167"
"SvcMemSoftLimitInMB"="88"
[HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters]
"ServiceDll"="%systemroot%\system32\wuaueng.dll"
"ServiceDllUnloadOnStop"="1"
"ServiceMain"="WUServiceMain"
[HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\Security]
"Security"="010014807800000084000000140000003000000002001c000100000002801400ff000f000101000000000001000000000200480003000000000014009d00020001010000000000050b00000000001800ff010f0001020000000000052000000020020000 (the data entry has 88 more characters)."
[HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\TriggerInfo]
[HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\TriggerInfo\0]
"Type"="5"
"Action"="1"
"Guid"="e6ca9f65db5ba94db1ffca2a178d46e0"
[HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\TriggerInfo\1]
"Type"="5"
"Action"="1"
"Guid"="c846fb5489f04c46b1fd59d1b62c3b50"

=== End of ExportKey ===
================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"DelayedAutoStart"="1"
"DependOnService"="RpcSs"
"Description"="@%SystemRoot%\System32\wscsvc.dll,-201"
"DisplayName"="@%SystemRoot%\System32\wscsvc.dll,-200"
"ErrorControl"="1"
"FailureActions"="805101000000000000000000030000001400000001000000c0d4010001000000e09304000000000000000000"
"ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p"
"LaunchProtected"="2"
"ObjectName"="NT AUTHORITY\LocalService"
"RequiredPrivileges"="SeChangeNotifyPrivilege*SeImpersonatePrivilege"
"ServiceSidType"="1"
"Start"="2"
"Type"="32"
[HKLM\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters]
"ServiceDll"="%SystemRoot%\System32\wscsvc.dll"
"ServiceDllUnloadOnStop"="1"
[HKLM\SYSTEM\CurrentControlSet\Services\wscsvc\Security]
"Security"="010014801c01000028010000140000003000000002001c000100000002801400ff010f000101000000000001000000000200ec0008000000000018009d00020001020000000000052000000021020000000014009d010200010100000000000512000000 (the data entry has 416 more characters)."

=== End of ExportKey ===

========================= File: C:\Windows\system32\vsocklib.dll ========================

"C:\Windows\system32\vsocklib.dll" => not found
====== End of File: ======

"C:\WINDOWS\system32\GroupPolicy\Machine" => not found
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017 => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018 => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000017 => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000018 => removed successfully

========= netsh winsock reset =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========

HKLM\System\CurrentControlSet\Services\Browser => removed successfully
Browser => service removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{03513F34-92B9-4159-9D45-25E792C05DEA}C:\windows\syswow64\svchost.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6A536E7A-8E44-4524-A015-0B3AE2EF2758}C:\windows\syswow64\svchost.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4A314205-58FA-4627-B21E-65541C998966}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5891494F-428A-495B-AAD4-44EFB87EFA30}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 26577274 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 11876741 B
Edge => 1337681 B
Chrome => 389490413 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 25700 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
Slavicek => 44780041 B

RecycleBin => 92615316 B
EmptyTemp: => 550.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 06:59:56 ====
stale zasednute policka v sekci Nastaveni pred viry...

Re: Botnet - zjištěna infikace malwarem

Napsal: 06 črc 2019 15:46
od Conder
:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
CloseProcesses:
CreateRestorePoint:

Folder: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy
Folder: C:\WINDOWS\system32\GroupPolicy
Folder: C:\WINDOWS\system32\GroupPolicyUsers
ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend

CMD: DISM.exe /Online /Cleanup-image /Restorehealth
CMD: sfc /scannow

PowerShell: Get-AppxPackage -AllUsers "Microsoft.Windows.SecHealthUI"
PowerShell: Get-AppxPackage -AllUsers "Microsoft.Windows.SecHealthUI" | ForEach-Object {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}

C:\WINDOWS\system32\GroupPolicy
C:\WINDOWS\system32\GroupPolicyUsers
CMD: gpupdate.exe /force
C:\WINDOWS\security\Database\secedit.sdb

Hosts:
EmptyTemp:
End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Re: Botnet - zjištěna infikace malwarem

Napsal: 06 črc 2019 17:38
od durod
Stale rovnako...
Fix result of Farbar Recovery Scan Tool (x64) Version: 3-07-2019
Ran by Slavicek (06-07-2019 18:26:33) Run:3
Running from C:\Users\Slavicek\Desktop
Loaded Profiles: Slavicek (Available Profiles: Slavicek)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

Folder: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy
Folder: C:\WINDOWS\system32\GroupPolicy
Folder: C:\WINDOWS\system32\GroupPolicyUsers
ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend

CMD: DISM.exe /Online /Cleanup-image /Restorehealth
CMD: sfc /scannow

PowerShell: Get-AppxPackage -AllUsers "Microsoft.Windows.SecHealthUI"
PowerShell: Get-AppxPackage -AllUsers "Microsoft.Windows.SecHealthUI" | ForEach-Object {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}

C:\WINDOWS\system32\GroupPolicy
C:\WINDOWS\system32\GroupPolicyUsers
CMD: gpupdate.exe /force
C:\WINDOWS\security\Database\secedit.sdb

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========================= Folder: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy ========================

2019-03-19 06:44 - 2019-03-19 06:44 - 000000321 ____A [DD3113CBC2CB51DA450292C91D9DB56A] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AppxBlockMap.xml
2019-03-19 06:44 - 2019-03-19 06:44 - 000018814 ____A [3345A0838BD989089434CF7786B2B679] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AppxManifest.xml
2019-03-19 06:44 - 2019-03-19 06:44 - 000008587 ____A [E858696A0E57C147F4C5614DF5365259] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AppxSignature.p7x
2019-03-19 06:44 - 2019-03-19 06:44 - 000343680 ____A [1C30A7468C2504B0F1668927943104B6] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\resources.pri
2019-03-19 06:44 - 2019-03-19 06:44 - 006339072 ____A [165B34AB1ACF4DF76428E48FD9F2B7FA] (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
2019-03-19 06:44 - 2019-03-19 06:44 - 000096256 ____A [F32BB3B602EE8B3F926F4BB498EA6EC6] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIAppShell.winmd
2019-03-19 06:44 - 2019-03-19 06:44 - 003807744 ____A [89F3863A689E5990CEC73CBB9BFFA8AF] (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.dll
2019-03-19 06:44 - 2019-03-19 06:44 - 000163328 ____A [8ADAE495C36B02A58CB0DDA4DC95797C] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.winmd
2019-03-19 06:44 - 2019-03-19 06:44 - 000051200 ____A [DF79E3DF90328B84FDB4036AD802C893] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.dll
2019-03-19 06:44 - 2019-03-19 06:44 - 000003584 ____A [A4F8EDC19099F6B870DEB5A99451725D] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.winmd
2019-03-19 06:44 - 2019-03-19 06:44 - 005398528 ____A [FA5F350F819FE8D65111F26D4AAAAE3E] (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll
2019-03-19 06:44 - 2019-03-19 06:44 - 000415744 ____A [1785E0B172C3E9169EA544010A7101EC] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.winmd
2019-03-19 06:52 - 2019-03-19 06:53 - 000000000 ____D [00000000000000000000000000000000] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets
2019-03-19 06:44 - 2019-03-19 06:44 - 000026574 ____A [186C8434820041094FBE2AC4B9E317AA] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Account.contrast-black.ico
2019-03-19 06:44 - 2019-03-19 06:44 - 000026574 ____A [DC1A5A7D5601072213DA73FF52224E2B] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Account.contrast-white.ico
2019-03-19 06:44 - 2019-03-19 06:44 - 000026574 ____A [942741C9BCD88E068206D7EE7A2EC633] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Account.theme-dark.ico
2019-03-19 06:44 - 2019-03-19 06:44 - 000026574 ____A [BB40304D6D52480A179750F29E81D80C] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Account.theme-light.ico
2019-03-19 06:44 - 2019-03-19 06:44 - 000026574 ____A [E034A433422ABCDD0154B0619975D224] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\AppAndBrowser.contrast-black.ico
2019-03-19 06:44 - 2019-03-19 06:44 - 000026574 ____A [C5EBAA83E80FFA53CE30E5733445A5A0] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\AppAndBrowser.contrast-white.ico
2019-03-19 06:44 - 2019-03-19 06:44 - 000026574 ____A [5DCD85E571F63DC7AFF9D71F766EC6C7] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\AppAndBrowser.theme-dark.ico
2019-03-19 06:44 - 2019-03-19 06:44 - 000026574 ____A [2A42AB414C5BACF354F2F70399E6DB44] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\AppAndBrowser.theme-light.ico
2019-03-19 06:44 - 2019-03-19 06:44 - 000010807 ____A [ECD761CA55F3B050FAA7AA6BE4DA12A9] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\DefenderAppSplashScreen.scale-400.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000026574 ____A [F3FD4F0ACC5875CC66F96AB31BD852C4] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Device.contrast-black.ico
2019-03-19 06:44 - 2019-03-19 06:44 - 000026574 ____A [86EC6F39FDABB8F057FC2EA46F7EEE39] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Device.contrast-white.ico
2019-03-19 06:44 - 2019-03-19 06:44 - 000026574 ____A [E4C735AAF1137DA6FB8C9E1478389055] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Device.theme-dark.ico
2019-03-19 06:44 - 2019-03-19 06:44 - 000026574 ____A [B77C83697A8A7A11FFB9EB683086C27D] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Device.theme-light.ico
2019-03-19 06:44 - 2019-03-19 06:44 - 000026574 ____A [4482D80711B658EBA2DDBB442A2B57D2] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Family.contrast-black.ico
2019-03-19 06:44 - 2019-03-19 06:44 - 000026574 ____A [DA4DBC5E7EB85BB83EBFBD567F600CC2] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Family.contrast-white.ico
2019-03-19 06:44 - 2019-03-19 06:44 - 000026574 ____A [BE2EAE084B4D08EC414CF7A6A2FA1499] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Family.theme-dark.ico
2019-03-19 06:44 - 2019-03-19 06:44 - 000026574 ____A [FCCC2F4A83473D3F57AB0EA061F74B16] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Family.theme-light.ico
2019-03-19 06:44 - 2019-03-19 06:44 - 000029500 ____A [C46E3D244CA9DF7DC4D38120E76C893B] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\family_illustration-01.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000026574 ____A [20378E737DD364BE15D59FFC47891112] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Health.contrast-black.ico
2019-03-19 06:44 - 2019-03-19 06:44 - 000026574 ____A [543624930122AD5B5287F92F1FF4D279] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Health.contrast-white.ico
2019-03-19 06:44 - 2019-03-19 06:44 - 000026574 ____A [B71DB49BF2084F0CAEECBB397FD7628C] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Health.theme-dark.ico
2019-03-19 06:44 - 2019-03-19 06:44 - 000026574 ____A [2247F8F56E342800E809CB85132D5C71] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Health.theme-light.ico
2019-03-19 06:44 - 2019-03-19 06:44 - 000026574 ____A [30F98BE95EB86B3F9FA6FA92EAA0896C] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Network.contrast-black.ico
2019-03-19 06:44 - 2019-03-19 06:44 - 000026574 ____A [86637329A91DD060BD2CDC2DA63A3C9A] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Network.contrast-white.ico
2019-03-19 06:44 - 2019-03-19 06:44 - 000026574 ____A [30DDB685FF95A9EAB473D01F287F98D5] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Network.theme-dark.ico
2019-03-19 06:44 - 2019-03-19 06:44 - 000026574 ____A [CD9506767723B02A4B721E4DBEDA3B84] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Network.theme-light.ico
2019-03-19 06:44 - 2019-03-19 06:44 - 000000576 ____A [927681971E1BD80FF2EA361C213650BD] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square150x150Logo.contrast-black_scale-100.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000760 ____A [1837D1159B63462D6AC7A5744F27B3AF] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square150x150Logo.contrast-black_scale-125.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000879 ____A [D08E10918B8D5B1657FB7F10F8CD3C42] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square150x150Logo.contrast-black_scale-150.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000001223 ____A [2CC683414EA821E603226D6DE3D6D04A] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square150x150Logo.contrast-black_scale-200.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000002806 ____A [5AD6D0F73324D1A1EBDEFABDBB23821B] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square150x150Logo.contrast-black_scale-400.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000444 ____A [2EFDCC34813B01E52D52ECAB9641D95B] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square150x150Logo.contrast-white_scale-100.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000547 ____A [FC15838FBDCF5CA436F3850DAF290047] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square150x150Logo.contrast-white_scale-125.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000640 ____A [5C1AA28E388A8C73CEB170EC0FBABEA7] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square150x150Logo.contrast-white_scale-150.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000870 ____A [736A97469961E7479060CF0E95226210] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square150x150Logo.contrast-white_scale-200.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000002053 ____A [368B6BCDA0E002CC0F1CEEB70A6549DA] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square150x150Logo.contrast-white_scale-400.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000576 ____A [927681971E1BD80FF2EA361C213650BD] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square150x150Logo.scale-100.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000760 ____A [1837D1159B63462D6AC7A5744F27B3AF] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square150x150Logo.scale-125.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000879 ____A [D08E10918B8D5B1657FB7F10F8CD3C42] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square150x150Logo.scale-150.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000001223 ____A [2CC683414EA821E603226D6DE3D6D04A] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square150x150Logo.scale-200.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000002806 ____A [5AD6D0F73324D1A1EBDEFABDBB23821B] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square150x150Logo.scale-400.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000296 ____A [55C082E5C753A3BE7704DDF066D0E895] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square44x44Logo.targetsize-44.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000296 ____A [55C082E5C753A3BE7704DDF066D0E895] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square44x44Logo.targetsize-44_altform-unplated.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000296 ____A [55C082E5C753A3BE7704DDF066D0E895] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000276 ____A [C4BE1CE9DC39FB83FD5A2D617C2A4837] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square44x44Logo.targetsize-44_altform-unplated_contrast-white.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000296 ____A [55C082E5C753A3BE7704DDF066D0E895] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square44x44Logo.targetsize-44_altform-unplated_theme-dark.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000276 ____A [C4BE1CE9DC39FB83FD5A2D617C2A4837] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square44x44Logo.targetsize-44_altform-unplated_theme-light.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000296 ____A [55C082E5C753A3BE7704DDF066D0E895] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square44x44Logo.targetsize-44_contrast-black.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000276 ____A [C4BE1CE9DC39FB83FD5A2D617C2A4837] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square44x44Logo.targetsize-44_contrast-white.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000296 ____A [55C082E5C753A3BE7704DDF066D0E895] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square44x44Logo.targetsize-44_theme-dark.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000276 ____A [C4BE1CE9DC39FB83FD5A2D617C2A4837] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square44x44Logo.targetsize-44_theme-light.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000343 ____A [13A8F8E42E31D78176AC750FB503C27E] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square71x71Logo.contrast-black_scale-100.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000432 ____A [8D07A18C75F368B0F2E07703C5C2603E] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square71x71Logo.contrast-black_scale-125.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000501 ____A [CC732D0BD874A5559714F32366AFFE1A] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square71x71Logo.contrast-black_scale-150.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000699 ____A [D66EC7A87E6895BAB7C3BF8EF8F04FF8] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square71x71Logo.contrast-black_scale-200.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000001493 ____A [1CDFC3CF2812613427716932E3B01A40] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square71x71Logo.contrast-black_scale-400.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000313 ____A [EBCF00AC08ECF29415E4E9617A4DAFE9] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square71x71Logo.contrast-white_scale-100.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000393 ____A [186576FB095BA2C84683515379254C78] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square71x71Logo.contrast-white_scale-125.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000439 ____A [997BC28FDEB5968752E14FEB6491C2DD] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square71x71Logo.contrast-white_scale-150.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000586 ____A [47F7D772DB5F45AA06ABDA8EBC661AEE] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square71x71Logo.contrast-white_scale-200.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000001166 ____A [0FA4F65255BFC4027A49244CE9D4FD01] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square71x71Logo.contrast-white_scale-400.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000343 ____A [13A8F8E42E31D78176AC750FB503C27E] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square71x71Logo.scale-100.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000432 ____A [8D07A18C75F368B0F2E07703C5C2603E] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square71x71Logo.scale-125.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000501 ____A [CC732D0BD874A5559714F32366AFFE1A] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square71x71Logo.scale-150.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000699 ____A [D66EC7A87E6895BAB7C3BF8EF8F04FF8] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square71x71Logo.scale-200.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000001493 ____A [1CDFC3CF2812613427716932E3B01A40] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Square71x71Logo.scale-400.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000501 ____A [CC732D0BD874A5559714F32366AFFE1A] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\squaretile-sdk.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000026574 ____A [3BB23E6A774E0707E9FB19C64C763FD7] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Threat.contrast-black.ico
2019-03-19 06:44 - 2019-03-19 06:44 - 000026574 ____A [F41FE13F7A22D0D16DE2729B00B26487] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Threat.contrast-white.ico
2019-03-19 06:44 - 2019-03-19 06:44 - 000026574 ____A [79F62F9B45DCE8A9E8F274992BCB6DBD] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Threat.theme-dark.ico
2019-03-19 06:44 - 2019-03-19 06:44 - 000026574 ____A [B1BB3AA713958EF0BAB671FBF40C0D7A] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Threat.theme-light.ico
2019-03-19 06:44 - 2019-03-19 06:44 - 000027857 ____A [C8D6D279FA17F4D3FF22932BCEA10AB9] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\WDSC_Illustration_834x834.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000664 ____A [633DB8032C0DFBC8F1627DC8D6CD4A52] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Wide310x150Logo.contrast-black_scale-100.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000862 ____A [112BC53F27A787CE4341D4D9F6D36C7C] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Wide310x150Logo.contrast-black_scale-125.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000001081 ____A [5D2C33F19CB874F33BFC29A020DB1B45] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Wide310x150Logo.contrast-black_scale-150.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000001467 ____A [673EF6C76CABB0867E3DA3D4CEAEC38D] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Wide310x150Logo.contrast-black_scale-200.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000003674 ____A [1B9B0D1A7FE6FB671715E9474567692D] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Wide310x150Logo.contrast-black_scale-400.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000497 ____A [511623C7106FB9B6F1FB594E010DDD47] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Wide310x150Logo.contrast-white_scale-100.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000658 ____A [EA3A69F2C4B25ACC5185B88BE8DBB5C7] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Wide310x150Logo.contrast-white_scale-125.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000824 ____A [DD7431E5E954194C4F40E7310C399104] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Wide310x150Logo.contrast-white_scale-150.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000001094 ____A [A27579603A0CAA07B8330C0F3349503B] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Wide310x150Logo.contrast-white_scale-200.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000002849 ____A [258348C8A801DCF6E7D033D209D09C2E] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Wide310x150Logo.contrast-white_scale-400.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000664 ____A [633DB8032C0DFBC8F1627DC8D6CD4A52] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Wide310x150Logo.scale-100.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000000862 ____A [112BC53F27A787CE4341D4D9F6D36C7C] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Wide310x150Logo.scale-125.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000001081 ____A [5D2C33F19CB874F33BFC29A020DB1B45] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Wide310x150Logo.scale-150.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000001467 ____A [673EF6C76CABB0867E3DA3D4CEAEC38D] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Wide310x150Logo.scale-200.png
2019-03-19 06:44 - 2019-03-19 06:44 - 000003674 ____A [1B9B0D1A7FE6FB671715E9474567692D] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Wide310x150Logo.scale-400.png
2019-03-19 06:52 - 2019-03-19 06:53 - 000000000 ____D [00000000000000000000000000000000] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Fonts
2019-03-19 06:44 - 2019-03-19 06:44 - 000016672 ____A [AB7E1F12BF7634392A967770B8DB7D85] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Fonts\SetMDL2.ttf
2019-03-19 06:44 - 2019-03-19 06:44 - 000009360 ____A [9FBD3ED4087C5C537C26DAF9B6C4B77B] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Assets\Fonts\WDefMDL2.ttf
2019-06-18 09:40 - 2019-06-18 10:49 - 000000000 __SHD [00000000000000000000000000000000] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\microsoft.system.package.metadata
2019-06-18 10:49 - 2019-06-18 10:49 - 000000000 ____D [00000000000000000000000000000000] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\microsoft.system.package.metadata\Autogen
2019-06-18 10:49 - 2019-06-18 10:49 - 000000004 ___AS [1036E3DDDC89A4E68D8A33F3823A180E] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\microsoft.system.package.metadata\Autogen\JSByteCodeCache_64
2019-03-19 12:54 - 2019-06-18 09:04 - 000000000 ____D [00000000000000000000000000000000] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\pris
2019-06-18 09:03 - 2019-06-18 09:03 - 000146432 ____A [92A32CA866F69D1841F0B2D650C37F4C] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\pris\resources.cs-CZ.pri
2019-06-18 09:00 - 2019-06-18 09:00 - 000132104 ____A [D7B89C7BF0CA269B03EE4D778D4EE485] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\pris\resources.en-GB.pri
2019-06-18 08:58 - 2019-06-18 08:58 - 000131936 ____A [DB378CCE3C8253B00F2EFBF234F966EA] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\pris\resources.en-US.pri
2019-03-19 12:53 - 2019-03-19 12:53 - 000146848 ____A [E83AE61458388BD2BED7CE52D1BA34AF] () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\pris\resources.sk-SK.pri

====== End of Folder: ======


========================= Folder: C:\WINDOWS\system32\GroupPolicy ========================

2019-06-13 15:41 - 2019-06-13 15:41 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\system32\GroupPolicy\Adm
2018-08-25 11:45 - 2018-08-25 11:45 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\system32\GroupPolicy\User

====== End of Folder: ======


========================= Folder: C:\WINDOWS\system32\GroupPolicyUsers ========================


====== End of Folder: ======

================== ExportKey: ===================

"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend" => not found

=== End of ExportKey ===

========= DISM.exe /Online /Cleanup-image /Restorehealth =========


Deployment Image Servicing and Management tool
Version: 10.0.18362.1

Image Version: 10.0.18362.207


[== 4.5% ]

[== 4.5% ]

[== 4.6% ]

[== 4.8% ]

[== 5.0% ]

[== 5.1% ]

[=== 5.3% ]

[=== 5.4% ]

[=== 5.5% ]

[=== 5.8% ]

[=== 5.9% ]

[=== 6.3% ]

[=== 6.5% ]

[=== 6.5% ]

[=== 6.7% ]

[=== 6.8% ]

[==== 6.9% ]

[==== 6.9% ]

[==== 7.0% ]

[==== 7.0% ]

[==== 7.1% ]

[==== 7.1% ]

[==== 7.1% ]

[==== 7.2% ]

[==== 7.5% ]

[==== 7.6% ]

[==== 8.3% ]

[===== 9.2% ]

[===== 9.9% ]

[====== 10.5% ]

[====== 11.0% ]

[====== 11.5% ]

[====== 11.8% ]

[======= 12.1% ]

[======= 12.2% ]

[======= 13.2% ]

[======== 13.8% ]

[======== 14.5% ]

[======== 15.4% ]

[========= 15.5% ]

[========= 15.6% ]

[========= 15.6% ]

[========= 16.1% ]

[========= 17.0% ]

[========== 18.0% ]

[========== 18.3% ]

[========== 18.6% ]

[=========== 19.3% ]

[=========== 19.4% ]

[=========== 19.9% ]

[=========== 20.3% ]

[============ 20.7% ]

[============ 21.4% ]

[============ 21.8% ]

[============ 22.3% ]

[============= 22.7% ]

[============= 23.4% ]

[============= 23.9% ]

[============== 24.2% ]

[============== 24.7% ]

[============== 25.5% ]

[=============== 26.1% ]

[=============== 26.5% ]

[=============== 26.8% ]

[=============== 27.2% ]

[=============== 27.4% ]

[================ 27.6% ]

[================ 28.4% ]

[================ 28.8% ]

[================ 29.1% ]

[================ 29.3% ]

[================= 29.5% ]

[================= 30.5% ]

[================= 31.0% ]

[================== 31.2% ]

[================== 31.5% ]

[================== 32.5% ]

[=================== 33.5% ]

[==================== 34.5% ]

[==================== 35.5% ]

[===================== 36.5% ]

[===================== 37.5% ]

[====================== 38.5% ]

[====================== 39.5% ]

[======================= 40.5% ]

[======================== 41.5% ]

[======================== 42.0% ]

[======================== 43.0% ]

[========================= 44.0% ]

[========================== 45.0% ]

[========================== 46.0% ]

[===========================47.0% ]

[===========================48.0% ]

[===========================49.0% ]

[===========================50.0% ]

[===========================51.0% ]

[===========================52.0% ]

[===========================53.0% ]

[===========================54.0% ]

[===========================54.5% ]

[===========================55.3% ]

[===========================55.7% ]

[===========================56.7% ]

[===========================57.2%= ]

[===========================57.5%= ]

[===========================58.1%= ]

[===========================58.2%= ]

[===========================58.5%= ]

[===========================59.4%== ]

[===========================59.9%== ]

[===========================60.2%== ]

[===========================60.8%=== ]

[===========================61.8%=== ]

[===========================62.8%==== ]

[===========================63.8%===== ]

[===========================64.8%===== ]

[===========================65.5%====== ]

[===========================66.3%====== ]

[===========================67.3%======= ]

[===========================68.3%======= ]

[===========================69.3%======== ]

[===========================70.3%======== ]

[===========================71.3%========= ]

[===========================72.3%========= ]

[===========================73.3%========== ]

[===========================73.8%========== ]

[===========================74.2%=========== ]

[===========================75.0%=========== ]

[===========================75.9%============ ]

[===========================76.1%============ ]

[===========================76.5%============ ]

[===========================77.2%============ ]

[===========================77.3%============ ]

[===========================77.4%============ ]

[===========================77.7%============= ]

[===========================78.1%============= ]

[===========================78.4%============= ]

[===========================78.5%============= ]

[===========================79.5%============== ]

[===========================79.8%============== ]

[===========================80.1%============== ]

[===========================80.4%============== ]

[===========================80.6%============== ]

[===========================81.2%=============== ]

[===========================81.5%=============== ]

[===========================82.1%=============== ]

[===========================83.1%================ ]

[===========================84.0%================ ]

[===========================85.0%================= ]

[===========================85.6%================= ]

[===========================86.5%================== ]

[===========================87.1%================== ]

[===========================87.5%================== ]

[===========================87.7%================== ]

[===========================87.7%================== ]

[===========================87.9%================== ]

[===========================88.9%=================== ]

[===========================89.9%==================== ]

[===========================90.9%==================== ]

[===========================91.5%===================== ]

[===========================92.0%===================== ]

[===========================93.0%===================== ]

[===========================94.0%====================== ]

[===========================95.0%======================= ]

[===========================96.0%======================= ]

[===========================97.0%======================== ]

[===========================97.7%======================== ]

[===========================98.7%========================= ]

[===========================99.7%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[===========================99.9%========================= ]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]

[==========================100.0%==========================]
The restore operation completed successfully.
The operation completed successfully.

========= End of CMD: =========


========= sfc /scannow =========



Beginning system scan. This process will take some time.



Beginning verification phase of system scan.


Verification 0% complete.
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.


Windows Resource Protection did not find any integrity violations.


========= End of CMD: =========


========= Get-AppxPackage -AllUsers "Microsoft.Windows.SecHealthUI" =========



Name : Microsoft.Windows.SecHealthUI
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Architecture : Neutral
ResourceId :
Version : 10.0.18362.1
PackageFullName : Microsoft.Windows.SecHealthUI_10.0.18362.1_neutral__cw5n1h2txyewy
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy
IsFramework : False
PackageFamilyName : Microsoft.Windows.SecHealthUI_cw5n1h2txyewy
PublisherId : cw5n1h2txyewy
PackageUserInformation : {S-1-5-21-79263149-2179494062-2174528413-1001 [Slavicek]: Installed}
IsResourcePackage : False
IsBundle : False
IsDevelopmentMode : False
NonRemovable : True
IsPartiallyStaged : False
SignatureKind : System
Status : Ok




========= End of Powershell: =========


========= Get-AppxPackage -AllUsers "Microsoft.Windows.SecHealthUI" | ForEach-Object {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"} =========


========= End of Powershell: =========

C:\WINDOWS\system32\GroupPolicy => moved successfully
C:\WINDOWS\system32\GroupPolicyUsers => moved successfully

========= gpupdate.exe /force =========

Updating policy...



Computer Policy update has completed successfully.

User Policy update has completed successfully.




========= End of CMD: =========

C:\WINDOWS\security\Database\secedit.sdb => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16968136 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 127893 B
Edge => 2014775 B
Chrome => 362338269 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 4032 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
Slavicek => 1954522 B

RecycleBin => 110157191 B
EmptyTemp: => 480.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:34:34 ====

Re: Botnet - zjištěna infikace malwarem

Napsal: 08 črc 2019 17:40
od Conder
:arrow: Vytvor bod obnovy: Win+R -> Ochrana systemu -> Vytvorit -> napis lubovolny nazov (napr. RP) -> klikni na Vytvorit a pockaj na dokoncenie.

:arrow: Vyskusaj tento nastroj (pouzi moznost BruteFix): https://forum.viry.cz/viewtopic.php?f=24&t=155684

Re: Botnet - zjištěna infikace malwarem

Napsal: 09 črc 2019 07:28
od durod
Nejde spustit...

Re: Botnet - zjištěna infikace malwarem

Napsal: 09 črc 2019 11:34
od Diallix
Dobry den.

Skuste pouzit tento navod: https://www.dll4free.com/msvcp100d.dll.html Je nutne kniznicu stiahnut, zaregistrovat (vsetko v uvedenom navode), restartovat pocitac a nastroj spustit znova.

Re: Botnet - zjištěna infikace malwarem

Napsal: 10 črc 2019 09:55
od durod
Jsem na dovci od dnes, za 2 tydny se opet ozvu, prosim o nezamykani threadu, zatim diky za pomoc.

Re: Botnet - zjištěna infikace malwarem

Napsal: 15 črc 2019 15:46
od Conder
OK, pockame :)

Re: Botnet - zjištěna infikace malwarem

Napsal: 25 črc 2019 18:12
od durod
Tak jsem zpet :-)
Diallix píše:Dobry den.

Skuste pouzit tento navod: https://www.dll4free.com/msvcp100d.dll.html Je nutne kniznicu stiahnut, zaregistrovat (vsetko v uvedenom navode), restartovat pocitac a nastroj spustit znova.
Krome msvcp100d.dll jsem musel stahnout taky msvcr100d.dll.

Po spusteni WindowsFirewallFix ulozil Bitdefender soubor do karanteny. Po udeleni vyjmky vse probehlo, PC se restartovalo, ale opetovne se automaticky program WindowsFirewallFix nespustil...Windows defender stale nejde spustit( i kdyz je Bitdefender odinstalovany)...
Tak jsem Fix zkousel opakovane, vzdy probehlo cisteni, ale po restartu PC opet nenabehnul...

Obrázek

Re: Botnet - zjištěna infikace malwarem

Napsal: 25 črc 2019 18:20
od Diallix
musite vypnut vsetku rezidentnu kontrolu + antivir. Ak tak v pripade neuspechu, skuste program spustit v nudzovom rezime. Program sa po restarte musi uplne vykonat.

Re: Botnet - zjištěna infikace malwarem

Napsal: 25 črc 2019 18:56
od durod
Spustil jsem to v safe mode , ale po restartu program nepokracuje...

Re: Botnet - zjištěna infikace malwarem

Napsal: 25 črc 2019 19:04
od Diallix
spustal ste ho s Admin. Pravami? Mozete, prosim vyddrzat? Skusim napisat aplikaciu na odblokovanie ochrany

Re: Botnet - zjištěna infikace malwarem

Napsal: 25 črc 2019 19:04
od Diallix
spustal ste ho s Admin. Pravami? Mozete, prosim vyddrzat? Skusim napisat aplikaciu na odblokovanie ochrany
Všechny časy jsou v UTC+01:00
Stránka 4 z 6

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz