VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

GANDCRAB V5.0.4

https://forum.viry.cz:443/viewtopic.php?t=155104

Stránka 1 z 2

GANDCRAB V5.0.4

Napsal: 09 lis 2018 21:00
od franni
zdravim,,pravdepodobne me navstivil tento fesak,,,hledam na googlu ruzne opicarny,,,muzete pomoci,,prosim,,dekuji...

Re: GANDCRAB V5.0.4

Napsal: 09 lis 2018 21:50
od Rudy
Zdravím!
Zkusíme to. Dejte log FRST: https://forum.viry.cz/viewtopic.php?f=13&t=154679 .

Re: GANDCRAB V5.0.4

Napsal: 09 lis 2018 21:56
od franni
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08.11.2018
Ran by MeGret-TPC (administrator) on FRNDA (09-11-2018 21:54:22)
Running from C:\Users\MeGret-TPC\Downloads
Loaded Profiles: MeGret-TPC (Available Profiles: MeGret-TPC)
Platform: Windows 10 Pro Version 1803 17134.165 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AMD) C:\Windows\System32\DriverStore\FileRepository\c0335076.inf_amd64_86bc242f42070102\B334840\atiesrxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AMD) C:\Windows\System32\DriverStore\FileRepository\c0335076.inf_amd64_86bc242f42070102\B334840\atieclxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
() C:\Windows\SysWOW64\ASGT.exe
() C:\Windows\SysWOW64\SecUPDUtilSvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\NisSrv.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Valve Corporation) C:\steam\Steam.exe
() C:\Users\MeGret-TPC\AppData\Local\GameCenter\GameCenter.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) C:\steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) C:\steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(InstallShield Software Corporation) C:\Windows\SysWOW64\InstallShield\setup.exe
(Valve Corporation) C:\steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) C:\steam\bin\cef\cef.win7x64\steamwebhelper.exe
() C:\Users\MeGret-TPC\AppData\Local\GameCenter\GameCenter.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
(EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
(EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2017-08-17] (Realtek Semiconductor)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE*
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-819675408-2753461327-3771956256-1001\...\Run: [World of Tanks] => "C:\World_of_Tanks\WargamingGameUpdater.exe"
HKU\S-1-5-21-819675408-2753461327-3771956256-1001\...\Run: [World of Warships] => "C:\World_of_Warships\WargamingGameUpdater.exe"
HKU\S-1-5-21-819675408-2753461327-3771956256-1001\...\Run: [Steam] => C:\steam\steam.exe [3131680 2018-11-08] (Valve Corporation)
HKU\S-1-5-21-819675408-2753461327-3771956256-1001\...\Run: [World of Tanks (1)] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net)
HKU\S-1-5-21-819675408-2753461327-3771956256-1001\...\Run: [GameCenter] => C:\Users\MeGret-TPC\AppData\Local\GameCenter\GameCenter.exe [9660032 2018-11-07] ()
HKU\S-1-5-21-819675408-2753461327-3771956256-1001\...\MountPoints2: {0a26cf40-38e2-11e6-9bc2-806e6f6e6963} - "I:\setup.exe"
HKU\S-1-5-21-819675408-2753461327-3771956256-1001\...\MountPoints2: {6faddee6-cef4-11e8-9c3f-806e6f6e6963} - "D:\DVDSetup.exe"
HKU\S-1-5-21-819675408-2753461327-3771956256-1001\...\MountPoints2: {8b1956be-cef6-11e8-9c42-309c23650ed5} - "E:\Lenovo_Suite.exe"
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\ASUS\GPU TweakII\GPUTweakII.exe [6310864 2015-12-29] (TODO: <Company name>)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\ASUS\GPU TweakII\Monitor.exe [2670032 2015-11-30] (TODO: <Company name>)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-819675408-2753461327-3771956256-1001] => Proxy is enabled.
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{3d7f9148-dbce-4743-8c61-116810bab61a}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{7fc6b593-8724-4a27-8431-9e2851ce2358}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll => No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll => No File
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [No File]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-10-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-10-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [No File]

Chrome:
=======
CHR HomePage: Default -> hxxp://searchya.com/
CHR StartupUrls: Default -> "hxxp://search.b1.org/?bsrc=hmcor&chid=c167991","hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=B8B1001A92E7EC77&affID=123897&tsp=4992","hxxp://www.google.com","hxxp://www.mystartsearch.com/?type=hp&ts=1419621420&from=amt&uid=ST3500418AS_9VMNAB90XXXX9VMNAB90"
CHR Profile: C:\Users\MeGret-TPC\AppData\Local\Google\Chrome\User Data\Default [2018-11-09]
CHR Extension: (Překladač Google) - C:\Users\MeGret-TPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2018-11-08]
CHR Extension: (Proxy SwitchySharp) - C:\Users\MeGret-TPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm [2018-11-08]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\MeGret-TPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-08]
CHR Extension: (Evernote Web Clipper) - C:\Users\MeGret-TPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2018-11-08]
CHR Extension: (Chrome Media Router) - C:\Users\MeGret-TPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-08]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0335076.inf_amd64_86bc242f42070102\B334840\atiesrxx.exe [508000 2018-10-25] (AMD)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [48640 2015-08-18] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1404936 2018-11-03] ()
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [9872688 2018-11-09] (EnigmaSoft Limited)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
R2 SamsungUPDUtilSvc; C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe [143664 2017-06-08] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation)
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [538416 2018-11-09] (EnigmaSoft Limited)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-10-23] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-10-23] (Microsoft Corporation)
S3 Creative Audio Engine Licensing Service; "C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe" [X]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S3 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [43400 2017-03-01] (Advanced Micro Devices, Inc)
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [24424 2016-08-12] (Advanced Micro Devices, Inc)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [67576 2018-10-25] (Advanced Micro Devices, Inc.)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices, Inc. )
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0335076.inf_amd64_86bc242f42070102\B334840\atikmdag.sys [47503976 2018-10-25] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0335076.inf_amd64_86bc242f42070102\B334840\atikmpag.sys [589920 2018-10-25] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [103928 2018-10-11] (Advanced Micro Devices, Inc.)
R3 AMDPCIDev; C:\WINDOWS\System32\drivers\AMDPCIDev.sys [31592 2018-04-25] (Advanced Micro Devices)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [243048 2017-06-12] (Advanced Micro Devices, Inc. )
R0 asstahci64; C:\WINDOWS\System32\drivers\asstahci64.sys [89448 2015-10-01] (Asmedia Technology)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [107400 2018-10-03] (Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [61624 2018-11-09] (EnigmaSoft Limited)
R3 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [24824 2014-10-23] (ASUSTeK Computer Inc.)
S3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [984032 2017-06-05] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46184 2018-10-23] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [328696 2018-10-23] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-10-23] (Microsoft Corporation)
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-09 21:54 - 2018-11-09 21:54 - 000016596 _____ C:\Users\MeGret-TPC\Downloads\FRST.txt
2018-11-09 21:54 - 2018-11-09 21:54 - 000000000 ____D C:\FRST
2018-11-09 21:53 - 2018-11-09 21:53 - 002415616 _____ (Farbar) C:\Users\MeGret-TPC\Downloads\FRST64.exe
2018-11-09 20:52 - 2018-11-09 20:53 - 075919050 _____ C:\Users\MeGret-TPC\Downloads\SpyHunter 4.16.5.4290 CZ (ML) Portable.rar
2018-11-09 20:49 - 2018-11-09 20:49 - 003393800 _____ (ParetoLogic) C:\Users\MeGret-TPC\Downloads\Pareto_DR_Setup_RW.exe
2018-11-09 20:41 - 2018-11-09 20:41 - 000379392 _____ C:\Users\MeGret-TPC\Downloads\subinacl.msi
2018-11-09 20:41 - 2018-11-09 20:41 - 000000000 ____D C:\Program Files (x86)\Windows Resource Kits
2018-11-09 20:36 - 2018-11-09 20:36 - 005937968 _____ (EnigmaSoft Limited) C:\Users\MeGret-TPC\Downloads\SpyHunter-Installer (3).exe
2018-11-09 20:35 - 2018-11-09 20:36 - 005937968 _____ (EnigmaSoft Limited) C:\Users\MeGret-TPC\Downloads\SpyHunter-Installer (2).exe
2018-11-09 20:30 - 2018-11-09 20:30 - 011546736 _____ (Bitdefender LLC) C:\Users\MeGret-TPC\Downloads\BDGandCrabDecryptTool.exe
2018-11-09 20:29 - 2018-11-09 20:29 - 005937968 _____ (EnigmaSoft Limited) C:\Users\MeGret-TPC\Downloads\SpyHunter-Installer (1).exe
2018-11-09 20:19 - 2018-11-09 20:19 - 000061624 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys
2018-11-09 20:19 - 2018-11-09 20:19 - 000001055 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
2018-11-09 20:19 - 2018-11-09 20:19 - 000000000 ____D C:\sh5ldr
2018-11-09 20:19 - 2018-11-09 20:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2018-11-09 20:19 - 2018-11-09 20:19 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2018-11-09 20:18 - 2018-11-09 20:18 - 005937968 _____ (EnigmaSoft Limited) C:\Users\MeGret-TPC\Downloads\SpyHunter-Installer.exe
2018-11-09 20:18 - 2018-11-09 20:18 - 000000000 ____D C:\Program Files\EnigmaSoft
2018-11-09 19:54 - 2018-11-09 19:55 - 006066688 _____ C:\Users\MeGret-TPC\AppData\Local\dump007.dat
2018-11-08 23:31 - 2018-11-08 23:31 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Google
2018-11-08 23:21 - 2018-11-08 23:21 - 000000020 ___SH C:\Users\MeGret-TPC\ntuser.ini
2018-11-08 18:40 - 2018-11-08 18:40 - 000008914 _____ C:\Users\Public\RZKCMSV-DECRYPT.txt
2018-11-08 18:40 - 2018-11-08 18:40 - 000008914 _____ C:\Users\MeGret-TPC\Downloads\RZKCMSV-DECRYPT.txt
2018-11-08 18:40 - 2018-11-08 18:40 - 000008914 _____ C:\Users\MeGret-TPC\Documents\RZKCMSV-DECRYPT.txt
2018-11-08 18:40 - 2018-11-08 18:40 - 000008914 _____ C:\Users\MeGret-TPC\AppData\Roaming\Microsoft\Windows\Start Menu\RZKCMSV-DECRYPT.txt
2018-11-08 18:40 - 2018-11-08 18:40 - 000000000 ____D C:\ProgramData\Blogger
2018-11-08 18:38 - 2018-11-08 18:38 - 000008914 _____ C:\Users\MeGret-TPC\AppData\Roaming\RZKCMSV-DECRYPT.txt
2018-11-08 18:38 - 2018-11-08 18:38 - 000008914 _____ C:\Users\MeGret-TPC\AppData\LocalLow\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:38 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\Survarium
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\MeGret-TPC\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\MeGret-TPC\AppData\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\MeGret-TPC\AppData\Local\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\Default\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\Default\Downloads\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\Default\Documents\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\Default\Desktop\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\Default\AppData\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\Default\AppData\Roaming\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\Default\AppData\Local\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\Default User\Downloads\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\Default User\Documents\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\Default User\Desktop\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\Default User\AppData\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\Default User\AppData\Roaming\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\Default User\AppData\Local\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Program Files\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Program Files (x86)\RZKCMSV-DECRYPT.txt
2018-11-08 18:35 - 2018-11-09 20:23 - 000000000 ____D C:\ProgramData\kitot
2018-11-08 18:35 - 2018-11-08 18:35 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2018-11-08 18:35 - 2018-11-08 18:35 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-11-08 18:35 - 2018-11-08 18:35 - 000000000 ____D C:\Program Files\MSBuild
2018-11-08 18:35 - 2018-11-08 18:35 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-11-08 18:35 - 2018-11-08 18:35 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-11-08 18:34 - 2018-11-08 23:21 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\William
2018-11-08 18:34 - 2018-03-05 16:07 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-11-08 18:34 - 2018-03-05 16:07 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-11-08 18:34 - 2018-03-05 16:07 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-11-08 18:34 - 2018-02-14 16:21 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-11-08 18:34 - 2018-02-14 16:21 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-11-08 18:34 - 2018-02-14 16:21 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-11-08 18:11 - 2018-11-08 18:38 - 000000000 ____D C:\Users\MeGret-TPC\AppData\LocalLow\Creepy Jar
2018-11-08 18:02 - 2018-11-08 18:40 - 000000000 ____D C:\Users\MeGret-TPC\Downloads\Green.Hell
2018-11-08 01:37 - 2018-11-08 18:40 - 3971751114 _____ C:\Users\MeGret-TPC\Downloads\Green.Hell.rar.rzkcmsv
2018-11-08 01:34 - 2018-11-08 18:40 - 000667312 _____ C:\Users\MeGret-TPC\Downloads\The.Forest.Steamworks.Fix.V7-REVOLT.rar.rzkcmsv
2018-11-08 01:30 - 2018-11-08 18:40 - 2455714870 _____ C:\Users\MeGret-TPC\Downloads\The.Forest.V0.73b.Steam.Rip.rar.rzkcmsv
2018-11-08 00:58 - 2018-11-08 18:37 - 000000542 _____ C:\Users\MeGret-TPC\AppData\Local\imw.ini.rzkcmsv
2018-11-08 00:58 - 2018-11-08 00:58 - 000003892 _____ C:\WINDOWS\System32\Tasks\{B4B9A496-1465-614B-42E6-E9FACFD9FDCB}
2018-11-08 00:58 - 2018-11-08 00:58 - 000003716 _____ C:\WINDOWS\System32\Tasks\{63FF5D84-F332-3C55-1873-E2C6DE6F96AA}
2018-11-08 00:58 - 2018-11-08 00:58 - 000003504 _____ C:\WINDOWS\System32\Tasks\{36E954AC-8F78-691F-B718-D4CE7E4BCF08}
2018-11-08 00:52 - 2018-11-08 18:40 - 001055148 _____ C:\Users\MeGret-TPC\Downloads\rubinumpatcher_d7927.zip.rzkcmsv
2018-11-03 22:28 - 2018-11-08 18:39 - 000018925 _____ C:\Users\MeGret-TPC\Desktop\avatar-therapy-early-trial-results-very-encouraging-20171123-600x600.jpg.rzkcmsv
2018-11-03 19:45 - 2018-11-08 18:39 - 000000742 _____ C:\Users\MeGret-TPC\Desktop\ARK Survival Of The Fittest.url.rzkcmsv
2018-11-03 19:42 - 2018-11-08 18:40 - 000000000 ____D C:\Users\MeGret-TPC\Desktop\screenshots
2018-11-03 19:23 - 2018-11-08 18:40 - 000000000 ____D C:\Users\MeGret-TPC\Desktop\Nová složka
2018-11-03 18:36 - 2018-11-08 18:40 - 000000000 ___RD C:\Users\MeGret-TPC\Downloads\325289AEDD75.TorrentRTFREE_qtx9tqphctw9r!App
2018-11-03 12:07 - 2018-11-08 18:39 - 000133585 _____ C:\Users\MeGret-TPC\Desktop\bubny.jpg.rzkcmsv
2018-11-03 11:37 - 2018-11-09 20:07 - 000000000 ____D C:\steam
2018-11-03 11:37 - 2018-11-03 11:37 - 000000599 _____ C:\Users\Public\Desktop\Steam.lnk
2018-11-03 11:36 - 2018-11-03 11:36 - 001573568 _____ C:\Users\MeGret-TPC\Downloads\SteamSetup.exe
2018-11-02 16:12 - 2018-11-08 18:40 - 096827379 _____ C:\Users\MeGret-TPC\Downloads\Power Metal Collection Vol.172.aac.rzkcmsv
2018-11-02 16:01 - 2018-11-08 18:40 - 089166651 _____ C:\Users\MeGret-TPC\Downloads\Epic Rock Metal Aggressive Gaming Music __ 2017.aac.rzkcmsv
2018-11-02 15:56 - 2018-11-08 18:40 - 100272106 _____ C:\Users\MeGret-TPC\Downloads\Metal Covers of Popular Songs 2015.aac.rzkcmsv
2018-11-02 15:49 - 2018-11-08 18:40 - 111787356 _____ C:\Users\MeGret-TPC\Downloads\Metal Covers of Popular Songs _ Ultimate Mix.aac.rzkcmsv
2018-11-02 15:33 - 2018-11-08 18:39 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Bigasoft Total Video Converter 5
2018-11-02 15:33 - 2018-11-02 15:33 - 000001306 _____ C:\Users\Public\Desktop\Bigasoft Total Video Converter 5.lnk
2018-11-02 15:33 - 2018-11-02 15:33 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bigasoft
2018-11-02 15:33 - 2018-11-02 15:33 - 000000000 ____D C:\Program Files (x86)\Bigasoft
2018-11-02 15:32 - 2018-11-08 18:40 - 019880832 _____ C:\Users\MeGret-TPC\Downloads\Bigasoft-Total-Video-Converter-5.1.1.6250.rar.rzkcmsv
2018-11-02 13:56 - 2018-11-02 13:56 - 006145289 _____ () C:\Users\MeGret-TPC\Downloads\SlovenčinaAW (1).exe
2018-11-02 13:54 - 2018-11-02 13:55 - 006145289 _____ () C:\Users\MeGret-TPC\Downloads\SlovenčinaAW.exe
2018-11-02 09:41 - 2018-11-02 09:43 - 141060687 _____ (Aslain ) C:\Users\MeGret-TPC\Downloads\Aslains_WoT_Modpack_Installer_v.1.2.0.1_10 (1).exe
2018-11-02 09:30 - 2018-11-02 11:11 - 000000880 _____ C:\Users\MeGret-TPC\Desktop\Aslains WoT Logs Archiver.lnk
2018-11-02 09:24 - 2018-11-02 09:25 - 141060687 _____ (Aslain ) C:\Users\MeGret-TPC\Downloads\Aslains_WoT_Modpack_Installer_v.1.2.0.1_10.exe
2018-10-30 19:11 - 2018-11-08 18:40 - 000000000 ____D C:\Users\MeGret-TPC\Desktop\Camera
2018-10-29 23:30 - 2018-11-08 18:38 - 000000000 ____D C:\Users\MeGret-TPC\AppData\LocalLow\AMD
2018-10-29 23:29 - 2018-10-29 23:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2018-10-29 23:25 - 2018-11-08 18:39 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\ATI
2018-10-29 23:25 - 2018-11-08 18:36 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\ATI
2018-10-29 23:25 - 2018-10-29 23:25 - 000000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml
2018-10-29 23:25 - 2018-10-29 23:25 - 000000000 ____D C:\ProgramData\ATI
2018-10-29 17:42 - 2018-11-08 18:40 - 000000000 ____D C:\Users\MeGret-TPC\Downloads\MediaHuman
2018-10-29 17:40 - 2018-11-08 18:40 - 000000760 _____ C:\Users\MeGret-TPC\Desktop\Visit MediaHuman Website.url.rzkcmsv
2018-10-29 17:40 - 2018-11-08 18:37 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\MediaHuman
2018-10-29 17:40 - 2018-10-29 17:42 - 000001317 _____ C:\Users\MeGret-TPC\Desktop\MediaHuman YouTube to MP3 Converter.lnk
2018-10-29 17:40 - 2018-10-29 17:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaHuman
2018-10-29 17:40 - 2018-10-29 17:40 - 000000000 ____D C:\Program Files (x86)\MediaHuman
2018-10-25 19:50 - 2018-10-25 19:50 - 001587816 _____ (AMD) C:\WINDOWS\system32\coinst_18.40.dll
2018-10-25 19:50 - 2018-10-25 19:50 - 001192032 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2018-10-25 19:50 - 2018-10-25 19:50 - 000178792 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2018-10-25 19:50 - 2018-10-25 19:50 - 000154720 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2018-10-25 19:50 - 2018-10-25 19:50 - 000019392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2018-10-25 19:50 - 2018-10-25 19:50 - 000019392 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2018-10-22 12:32 - 2018-11-08 18:38 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\RadeonSettings
2018-10-19 23:06 - 2018-10-19 23:06 - 000166728 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdihk64.dll
2018-10-19 23:06 - 2018-10-19 23:06 - 000137888 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdihk32.dll
2018-10-19 21:32 - 2018-11-08 18:36 - 000000620 ___SH C:\bootTel.dat.rzkcmsv
2018-10-17 20:15 - 2018-11-08 18:40 - 000000000 ___RD C:\Users\MeGret-TPC\OneDrive
2018-10-15 22:55 - 2018-10-15 22:55 - 000000000 ____D C:\Program Files\Microsoft Office
2018-10-15 22:55 - 2018-10-15 22:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Works
2018-10-15 20:19 - 2018-11-08 18:36 - 000000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2018-10-15 20:19 - 2018-11-08 18:36 - 000000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2018-10-15 20:19 - 2018-10-15 22:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-10-15 20:19 - 2018-10-15 20:19 - 000000000 ____D C:\WINDOWS\PCHEALTH
2018-10-15 20:19 - 2018-10-15 20:19 - 000000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2018-10-14 21:34 - 2018-10-14 21:34 - 000003472 _____ C:\WINDOWS\System32\Tasks\CrystalDiskInfo
2018-10-14 21:33 - 2018-11-08 18:39 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Seznam.cz
2018-10-14 21:33 - 2018-10-20 12:41 - 000000000 ____D C:\Program Files (x86)\Seznam.cz
2018-10-14 21:33 - 2018-10-14 21:33 - 000001229 _____ C:\Users\MeGret-TPC\Desktop\CrystalDiskInfo.lnk
2018-10-14 21:33 - 2018-10-14 21:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2018-10-14 21:33 - 2018-10-14 21:33 - 000000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2018-10-14 18:42 - 2018-10-14 18:46 - 000000000 ____D C:\WINDOWS\AutoKMS
2018-10-14 18:38 - 2018-10-14 18:38 - 000000000 ____D C:\ProgramData\Microsoft Toolkit
2018-10-14 18:32 - 2018-10-14 18:32 - 000000000 ____D C:\Program Files\WinRAR
2018-10-14 18:19 - 2018-09-04 23:36 - 001476904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2018-10-14 12:10 - 2018-11-08 18:36 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\CrashRpt
2018-10-14 10:56 - 2018-10-14 10:56 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Armored Warfare MyCom Beta
2018-10-14 09:24 - 2018-11-08 18:39 - 000000663 _____ C:\Users\MeGret-TPC\Desktop\Armored Warfare.url.rzkcmsv
2018-10-14 09:24 - 2018-11-08 18:36 - 000000000 ____D C:\MyGames
2018-10-14 09:24 - 2018-10-14 09:24 - 000002143 _____ C:\Users\MeGret-TPC\Desktop\GameCenter My.com.lnk
2018-10-14 09:24 - 2018-10-14 09:24 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games
2018-10-14 09:23 - 2018-11-09 21:28 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\GameCenter
2018-10-14 09:23 - 2018-10-14 09:23 - 008769664 _____ C:\Users\MeGret-TPC\ArmoredWarfareMycomLoader_fb3ab908112fbbbacaafe8d75cdbd00d_A_en.exe
2018-10-14 09:04 - 2018-10-29 23:29 - 000003074 _____ C:\WINDOWS\System32\Tasks\StartDVR
2018-10-14 09:04 - 2018-10-25 19:50 - 000067576 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdkmafd.sys
2018-10-14 09:04 - 2018-10-14 09:04 - 000000000 ____D C:\WINDOWS\system32\AMD
2018-10-14 09:04 - 2018-10-14 09:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\##ID_STRING16##
2018-10-14 07:44 - 2018-10-29 23:29 - 000003160 _____ C:\WINDOWS\System32\Tasks\StartCN
2018-10-14 07:44 - 2018-10-14 09:04 - 000000000 ____D C:\Program Files (x86)\AMD
2018-10-14 07:20 - 2018-10-14 07:20 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2018-10-14 07:20 - 2018-10-11 20:41 - 000103928 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdkmpfd.sys
2018-10-14 07:19 - 2018-10-29 23:28 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-10-14 07:18 - 2018-11-08 18:38 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\RadeonInstaller
2018-10-14 07:13 - 2018-10-14 07:16 - 334555304 _____ (AMD Inc.) C:\Users\MeGret-TPC\win10-64bit-radeon-software-adrenalin-edition-18.10.1-oct10.exe
2018-10-14 01:18 - 2018-11-08 18:36 - 000000000 ____D C:\Games
2018-10-14 01:18 - 2018-10-14 01:18 - 000000810 _____ C:\Users\MeGret-TPC\Desktop\World of Tanks.lnk
2018-10-14 01:18 - 2018-10-14 01:18 - 000000000 ___HD C:\WINDOWS\msdownld.tmp
2018-10-14 01:18 - 2018-10-14 01:18 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2018-10-14 01:18 - 2018-10-14 01:18 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
2018-10-14 01:17 - 2018-10-14 01:17 - 004685584 _____ (Wargaming.net ) C:\Users\MeGret-TPC\wot.exe
2018-10-14 01:13 - 2018-10-26 19:58 - 000002261 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-10-14 01:13 - 2018-10-26 19:58 - 000002220 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-10-14 01:12 - 2018-11-08 18:37 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\Google
2018-10-14 01:12 - 2018-10-14 01:13 - 000000000 ____D C:\Program Files (x86)\Google
2018-10-14 01:12 - 2018-10-14 01:12 - 000003472 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-10-14 01:12 - 2018-10-14 01:12 - 000003348 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-10-13 15:47 - 2018-10-13 15:47 - 000000000 ____D C:\Program Files (x86)\ASM106xSATA
2018-10-13 15:44 - 2018-10-13 15:44 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2018-10-13 15:44 - 2018-10-13 15:44 - 000000000 ____D C:\WINDOWS\system32\DAX3
2018-10-13 15:44 - 2018-10-13 15:44 - 000000000 ____D C:\WINDOWS\system32\DAX2
2018-10-13 15:43 - 2017-08-17 15:17 - 003299816 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE2.dll
2018-10-13 15:43 - 2017-08-17 15:17 - 002190984 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll
2018-10-13 15:43 - 2017-08-17 15:17 - 001382232 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2018-10-13 15:43 - 2017-08-17 15:17 - 001337640 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaeapo64.dll
2018-10-13 15:43 - 2017-08-17 15:17 - 000873456 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2018-10-13 15:43 - 2017-08-17 15:17 - 000852136 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tosasfapo64.dll
2018-10-13 15:43 - 2017-08-17 15:17 - 000604800 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaemaxapo64.dll
2018-10-13 15:43 - 2017-08-17 15:17 - 000532376 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2018-10-13 15:43 - 2017-08-17 15:17 - 000447176 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\toseaeapo64.dll
2018-10-13 15:43 - 2017-08-17 15:17 - 000221968 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2018-10-13 15:43 - 2017-08-17 15:17 - 000209536 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2018-10-13 15:43 - 2017-08-17 15:17 - 000166200 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2018-10-13 15:43 - 2017-08-17 15:17 - 000158696 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2018-10-13 15:43 - 2017-08-17 15:17 - 000075536 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 072520712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2018-10-13 15:43 - 2017-08-17 15:16 - 007172912 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 005899752 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2018-10-13 15:43 - 2017-08-17 15:16 - 003677160 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2018-10-13 15:43 - 2017-08-17 15:16 - 003509200 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 003410832 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 003205120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 003122656 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 001435136 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 001348160 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 001016928 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000984912 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000965024 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000877432 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000868176 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000866640 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000737968 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000691680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000526280 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000467152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000387312 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000381408 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000341152 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000341152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000258864 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000231912 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000214832 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000192976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000110976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000090912 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000088344 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000088320 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000083624 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000023696 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 007096184 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 006264632 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64AF3.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 005346992 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 003517496 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 003099544 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RltkAPO.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 002444680 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv201.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 001965808 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 001959600 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64AF3.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 001780616 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 001591056 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 001554600 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOProp.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 001508928 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 001326424 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOv251.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 001170872 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOvlldp.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 001159184 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000743960 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000727432 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000708312 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000680544 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundAPO64.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000504304 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000447720 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000445400 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000441264 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000416504 _____ (Harman) C:\WINDOWS\system32\HMUI.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000406456 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2APIPCLL.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000378384 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000366120 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\HMAPO.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000362056 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64AF3.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000360344 _____ (Harman) C:\WINDOWS\system32\HMClariFi.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000327456 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000310424 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64F3.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000272712 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000253896 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000253856 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000252872 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000203840 _____ (Harman) C:\WINDOWS\system32\HMHVS.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000190936 _____ (Harman) C:\WINDOWS\system32\HMEQ_Voice.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000190928 _____ (Harman) C:\WINDOWS\system32\HMEQ.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000179592 _____ (Harman) C:\WINDOWS\system32\HMLimiter.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000154360 _____ (Harman) C:\WINDOWS\system32\HarmanAudioInterface.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000151784 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000134200 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000122320 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000118592 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000105304 _____ C:\WINDOWS\system32\audioLibVc.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000084616 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2018-10-13 15:43 - 2017-08-16 19:35 - 013213369 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2018-10-13 15:43 - 2017-08-16 19:35 - 005804772 _____ C:\WINDOWS\system32\Drivers\rtvienna.dat
2018-10-13 15:43 - 2017-07-21 10:17 - 002839488 ____R (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2018-10-13 15:42 - 2018-11-08 18:36 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\AMD
2018-10-13 15:40 - 2018-11-09 20:06 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-10-13 15:40 - 2018-11-08 18:36 - 000000000 ____D C:\AMD
2018-10-13 15:35 - 2018-10-13 15:35 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_amdpsp_01011.Wdf
2018-10-13 15:35 - 2017-06-12 04:07 - 000091632 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdumcsp.dll
2018-10-13 15:35 - 2017-06-12 04:07 - 000071664 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdumcsp.dll
2018-10-13 15:35 - 2017-06-12 04:07 - 000026096 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\t-base_client_api.dll
2018-10-13 15:35 - 2017-06-12 04:07 - 000022000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\t-base_client_api.dll
2018-10-13 15:33 - 2018-10-29 23:29 - 000000000 ____D C:\Program Files\AMD
2018-10-13 15:32 - 2018-10-13 15:43 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-10-13 15:32 - 2018-10-13 15:38 - 000000000 ____D C:\Program Files (x86)\Realtek
2018-10-13 15:32 - 2017-06-05 08:20 - 000984032 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2018-10-11 20:41 - 2018-10-25 19:50 - 003712096 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 003471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2018-10-11 20:41 - 2018-10-25 19:50 - 003437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2018-10-11 20:41 - 2018-10-25 19:50 - 003340896 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 001629280 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 001192032 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000920160 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000899920 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2018-10-11 20:41 - 2018-10-25 19:50 - 000899920 _____ C:\WINDOWS\system32\atiapfxx.blb
2018-10-11 20:41 - 2018-10-25 19:50 - 000753256 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2018-10-11 20:41 - 2018-10-25 19:50 - 000750688 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000570992 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Rapidfire64.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000553064 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000544816 _____ C:\WINDOWS\system32\amdmiracast.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000492136 _____ C:\WINDOWS\system32\dgtrayicon.exe
2018-10-11 20:41 - 2018-10-25 19:50 - 000481904 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\Rapidfire.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000476768 _____ C:\WINDOWS\system32\GameManager64.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000468072 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000465504 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000432224 _____ C:\WINDOWS\system32\atieah64.exe
2018-10-11 20:41 - 2018-10-25 19:50 - 000383072 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000381544 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000377448 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000349288 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2018-10-11 20:41 - 2018-10-25 19:50 - 000339552 _____ C:\WINDOWS\system32\clinfo.exe
2018-10-11 20:41 - 2018-10-25 19:50 - 000249440 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000218208 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000199360 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000184424 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000173392 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000169264 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000162912 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000159848 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000153192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000149128 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000144816 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000138344 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000137080 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000137080 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000135776 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000132712 _____ C:\WINDOWS\system32\atidxx64.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000128104 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000125024 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000124552 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000113104 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000113104 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000111712 _____ C:\WINDOWS\SysWOW64\atidxx32.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000108648 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000069736 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000046192 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\RapidFireServer64.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000043120 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\RapidFireServer.dll
2018-10-11 20:41 - 2018-10-11 20:41 - 001663112 _____ (AMD) C:\WINDOWS\system32\amf-mft-mjpeg-decoder64.dll
2018-10-11 20:41 - 2018-10-11 20:41 - 001629296 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\SETDB6B.tmp
2018-10-11 20:41 - 2018-10-11 20:41 - 001347184 _____ (AMD) C:\WINDOWS\SysWOW64\amf-mft-mjpeg-decoder32.dll
2018-10-11 20:41 - 2018-10-11 20:41 - 000413600 _____ C:\WINDOWS\system32\EEURestart.exe
2018-10-11 20:41 - 2018-10-11 20:41 - 000204952 _____ C:\WINDOWS\SysWOW64\ativvsvl.dat
2018-10-11 20:41 - 2018-10-11 20:41 - 000204952 _____ C:\WINDOWS\system32\ativvsvl.dat
2018-10-11 20:41 - 2018-10-11 20:41 - 000157144 _____ C:\WINDOWS\SysWOW64\ativvsva.dat
2018-10-11 20:41 - 2018-10-11 20:41 - 000157144 _____ C:\WINDOWS\system32\ativvsva.dat
2018-10-11 20:41 - 2018-10-11 20:41 - 000154384 _____ C:\WINDOWS\system32\samu_krnl_ci.sbin
2018-10-11 20:41 - 2018-10-11 20:41 - 000138832 _____ C:\WINDOWS\system32\samu_krnl_isv_ci.sbin
2018-10-11 20:41 - 2018-10-11 20:41 - 000124464 _____ C:\WINDOWS\system32\kapp_ci.sbin
2018-10-11 20:41 - 2018-10-11 20:41 - 000119760 _____ C:\WINDOWS\system32\kapp_si.sbin
2018-10-11 20:41 - 2018-10-11 20:41 - 000090232 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mcl64.dll
2018-10-11 20:41 - 2018-10-11 20:41 - 000074864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mcl32.dll
2018-10-11 20:41 - 2018-10-11 20:41 - 000034450 _____ C:\WINDOWS\system32\AMDKernelEvents.man

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-09 21:49 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-09 21:28 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2018-11-09 21:05 - 2018-06-10 21:24 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-09 20:12 - 2018-06-10 21:32 - 001689050 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-09 20:12 - 2018-04-12 16:51 - 000715034 _____ C:\WINDOWS\system32\perfh005.dat
2018-11-09 20:12 - 2018-04-12 16:51 - 000144328 _____ C:\WINDOWS\system32\perfc005.dat
2018-11-09 20:06 - 2018-06-10 21:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-09 20:06 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-11-09 20:06 - 2017-03-03 15:13 - 000000000 ____D C:\ProgramData\NVIDIA
2018-11-08 23:21 - 2018-06-10 21:25 - 000000000 ____D C:\Users\MeGret-TPC
2018-11-08 23:21 - 2018-06-10 21:24 - 000425760 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-11-08 23:21 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-08 23:21 - 2017-03-13 20:45 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\ConnectedDevicesPlatform
2018-11-08 22:43 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-08 22:43 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-08 18:40 - 2018-06-10 21:30 - 000000560 ___SH C:\Users\MeGret-TPC\ntuser.ini.rzkcmsv
2018-11-08 18:40 - 2018-04-12 00:38 - 000000000 __RHD C:\Users\Public\Libraries
2018-11-08 18:40 - 2017-11-19 10:19 - 000000000 ___HD C:\Users\MeGret-TPC\MicrosoftEdgeBackups
2018-11-08 18:40 - 2016-11-21 05:46 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-11-08 18:39 - 2018-08-11 14:21 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\SpaceEngineers
2018-11-08 18:39 - 2018-02-17 20:28 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Battle.net
2018-11-08 18:39 - 2017-12-23 22:18 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\TS3Client
2018-11-08 18:39 - 2017-11-19 19:25 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Creative
2018-11-08 18:39 - 2017-10-10 20:08 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Sun
2018-11-08 18:39 - 2017-10-10 20:08 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\.minecraft
2018-11-08 18:39 - 2017-09-08 17:24 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\calibre
2018-11-08 18:39 - 2017-08-16 19:04 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Ashampoo
2018-11-08 18:39 - 2017-06-25 22:59 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\vlc
2018-11-08 18:39 - 2017-06-10 09:02 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Macromedia
2018-11-08 18:39 - 2017-05-21 20:22 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\WinRAR
2018-11-08 18:39 - 2017-04-19 13:28 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Samsung
2018-11-08 18:39 - 2017-03-30 16:39 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Mozilla
2018-11-08 18:39 - 2017-03-12 14:42 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\NVIDIA
2018-11-08 18:39 - 2017-03-03 15:55 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Wargaming.net
2018-11-08 18:39 - 2017-03-03 15:46 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\SplitmediaLabs
2018-11-08 18:39 - 2017-03-03 15:24 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Skype
2018-11-08 18:39 - 2017-03-03 15:22 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Adobe
2018-11-08 18:38 - 2018-09-14 06:49 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\OneDrive
2018-11-08 18:38 - 2018-08-11 09:35 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\Steam
2018-11-08 18:38 - 2018-02-17 22:44 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\PlaceholderTileLogoFolder
2018-11-08 18:38 - 2017-12-23 22:18 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\TeamSpeak 3 Client
2018-11-08 18:38 - 2017-11-19 10:13 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\Packages
2018-11-08 18:38 - 2017-10-19 18:09 - 000000000 ____D C:\Users\MeGret-TPC\AppData\LocalLow\Oracle
2018-11-08 18:38 - 2017-10-10 20:08 - 000000000 ____D C:\Users\MeGret-TPC\AppData\LocalLow\Sun
2018-11-08 18:38 - 2017-08-19 07:48 - 000008145 _____ C:\Users\MeGret-TPC\AppData\Local\Resmon.ResmonCfg.rzkcmsv
2018-11-08 18:38 - 2017-05-26 16:25 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\UNP
2018-11-08 18:38 - 2017-04-27 10:42 - 000000000 ____D C:\Users\MeGret-TPC\AppData\LocalLow\Adobe
2018-11-08 18:38 - 2017-03-30 16:39 - 000000000 ____D C:\Users\MeGret-TPC\AppData\LocalLow\Mozilla
2018-11-08 18:38 - 2017-03-30 16:39 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\Mozilla
2018-11-08 18:38 - 2017-03-25 18:58 - 000000000 ____D C:\Users\MeGret-TPC\AppData\LocalLow\Temp
2018-11-08 18:38 - 2017-03-13 20:18 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\PeerDistRepub
2018-11-08 18:38 - 2017-03-03 15:45 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\NVIDIA Corporation
2018-11-08 18:38 - 2017-03-03 15:45 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\NVIDIA
2018-11-08 18:38 - 2017-03-03 15:22 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\VirtualStore
2018-11-08 18:38 - 2017-03-03 15:22 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\TileDataLayer
2018-11-08 18:38 - 2017-03-03 15:22 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\Publishers
2018-11-08 18:37 - 2017-06-15 18:38 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\Microsoft Help
2018-11-08 18:37 - 2017-03-04 22:43 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\MicrosoftEdge
2018-11-08 18:36 - 2018-08-11 14:21 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\GameAnalytics
2018-11-08 18:36 - 2018-07-17 23:22 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\D3DSCache
2018-11-08 18:36 - 2018-04-12 00:38 - 000000000 ____D C:\PerfLogs
2018-11-08 18:36 - 2018-02-17 20:28 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\Battle.net
2018-11-08 18:36 - 2017-12-01 18:43 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\Blizzard
2018-11-08 18:36 - 2017-09-30 15:04 - 000092548 _____ C:\Users\MeGret-TPC\AppData\Local\GDIPFONTCACHEV1.DAT.rzkcmsv
2018-11-08 18:36 - 2017-09-08 17:28 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\calibre-cache
2018-11-08 18:36 - 2017-08-21 19:32 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\AdFender
2018-11-08 18:36 - 2017-08-16 19:03 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\ashampoo
2018-11-08 18:36 - 2017-07-01 16:42 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\DBG
2018-11-08 18:36 - 2017-06-15 18:38 - 000000000 __RHD C:\MSOCache
2018-11-08 18:36 - 2017-04-27 10:42 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\Adobe
2018-11-08 18:36 - 2017-04-24 18:35 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\Blizzard Entertainment
2018-11-08 18:36 - 2017-04-19 13:27 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\ElevatedDiagnostics
2018-11-08 18:36 - 2017-03-13 20:45 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\Comms
2018-11-08 18:36 - 2017-03-03 15:56 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\CEF
2018-11-08 18:35 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2018-11-08 18:35 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\MUI
2018-11-03 23:42 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-11-03 23:42 - 2017-03-03 15:43 - 000000000 ____D C:\ProgramData\Package Cache
2018-11-03 19:45 - 2018-08-11 10:38 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-10-23 23:43 - 2018-07-13 16:31 - 000000000 ____D C:\ProgramData\Packages
2018-10-23 21:12 - 2018-03-01 15:05 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-10-19 21:50 - 2015-07-10 12:04 - 000000167 _____ C:\WINDOWS\win.ini
2018-10-17 20:24 - 2017-03-04 23:13 - 000559880 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-10-17 20:15 - 2018-06-10 21:30 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-819675408-2753461327-3771956256-1001
2018-10-17 20:15 - 2018-06-10 21:25 - 000002437 _____ C:\Users\MeGret-TPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-10-14 18:46 - 2018-06-10 21:30 - 000004644 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-10-14 18:46 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-10-14 18:46 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-10-14 18:32 - 2017-05-21 20:22 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-10-14 18:32 - 2017-05-21 20:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-10-14 01:07 - 2017-03-04 23:11 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-10-14 01:06 - 2017-03-04 23:11 - 136745976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-10-13 18:59 - 2017-11-19 10:13 - 000061256 _____ C:\WINDOWS\system32\BMXState-{00000008-00000000-00000005-00001102-00000005-00231102}.rfx
2018-10-13 18:59 - 2017-11-19 10:13 - 000000788 _____ C:\WINDOWS\system32\DVCState-{00000008-00000000-00000005-00001102-00000005-00231102}.rfx
2018-10-13 18:59 - 2017-07-01 16:33 - 000061256 _____ C:\WINDOWS\system32\BMXStateBkp-{00000008-00000000-00000005-00001102-00000005-00231102}.rfx
2018-10-13 18:58 - 2017-10-14 19:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2018-10-13 18:57 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\windows nt
2018-10-13 18:57 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\Common Files\system
2018-10-13 18:54 - 2018-08-11 09:33 - 000000000 ____D C:\Program Files (x86)\Steam
2018-10-13 18:54 - 2017-07-01 16:33 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-10-13 18:54 - 2017-03-30 21:12 - 000000000 ____D C:\Program Files (x86)\Creative
2018-10-13 18:43 - 2018-06-10 21:30 - 000002562 _____ C:\WINDOWS\diagwrn.xml
2018-10-13 18:43 - 2018-06-10 21:30 - 000001908 _____ C:\WINDOWS\diagerr.xml
2018-10-13 15:44 - 2017-07-01 16:33 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-10-13 15:44 - 2017-03-03 15:31 - 000000000 ___HD C:\Program Files (x86)\Temp
2018-10-13 15:29 - 2018-04-11 22:04 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-10-11 20:41 - 2017-05-16 17:06 - 001629296 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\SET11C1.tmp

==================== Files in the root of some directories =======

2018-10-14 09:23 - 2018-10-14 09:23 - 008769664 _____ () C:\Users\MeGret-TPC\ArmoredWarfareMycomLoader_fb3ab908112fbbbacaafe8d75cdbd00d_A_en.exe
2018-04-12 00:34 - 2018-04-12 00:34 - 000059904 ____N (Microsoft Corporation) C:\Users\MeGret-TPC\deiefECnJ.exe
2018-10-14 07:13 - 2018-10-14 07:16 - 334555304 _____ (AMD Inc.) C:\Users\MeGret-TPC\win10-64bit-radeon-software-adrenalin-edition-18.10.1-oct10.exe
2018-10-14 01:17 - 2018-10-14 01:17 - 004685584 _____ (Wargaming.net ) C:\Users\MeGret-TPC\wot.exe
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ () C:\Program Files\RZKCMSV-DECRYPT.txt
2018-04-12 00:34 - 2018-04-12 00:34 - 000178688 ____N (Microsoft Corporation) C:\Program Files (x86)\IfeuDZEaOEUA.exe
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ () C:\Program Files (x86)\RZKCMSV-DECRYPT.txt
2018-11-08 18:38 - 2018-11-08 18:38 - 000008914 _____ () C:\Users\MeGret-TPC\AppData\Roaming\RZKCMSV-DECRYPT.txt
2018-11-08 18:39 - 2018-11-08 18:39 - 000008914 _____ () C:\Users\MeGret-TPC\AppData\Roaming\Microsoft\RZKCMSV-DECRYPT.txt
2018-11-09 19:54 - 2018-11-09 19:55 - 006066688 _____ () C:\Users\MeGret-TPC\AppData\Local\dump007.dat
2018-11-08 00:58 - 2018-11-08 18:37 - 000000542 _____ () C:\Users\MeGret-TPC\AppData\Local\imw.ini.rzkcmsv
2018-04-12 00:34 - 2018-04-12 00:34 - 000059904 ____N (Microsoft Corporation) C:\Users\MeGret-TPC\AppData\Local\kAyeMDseXh.exe
2017-08-19 07:48 - 2018-11-08 18:38 - 000008145 _____ () C:\Users\MeGret-TPC\AppData\Local\Resmon.ResmonCfg.rzkcmsv
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ () C:\Users\MeGret-TPC\AppData\Local\RZKCMSV-DECRYPT.txt

Some files in TEMP:
====================
2018-11-08 18:36 - 2018-11-08 18:36 - 002575888 _____ () C:\Users\MeGret-TPC\AppData\Local\Temp\867184789.exe
2018-11-08 18:36 - 2018-11-08 18:36 - 000003072 _____ () C:\Users\MeGret-TPC\AppData\Local\Temp\921123295.exe
2018-11-08 18:34 - 2018-11-08 18:34 - 000101888 _____ () C:\Users\MeGret-TPC\AppData\Local\Temp\Heart.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-10 21:23

==================== End of FRST.txt ============================

Re: GANDCRAB V5.0.4

Napsal: 09 lis 2018 21:57
od franni
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08.11.2018
Ran by MeGret-TPC (09-11-2018 21:55:05)
Running from C:\Users\MeGret-TPC\Downloads
Windows 10 Pro Version 1803 17134.165 (X64) (2018-06-10 20:30:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-819675408-2753461327-3771956256-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-819675408-2753461327-3771956256-503 - Limited - Disabled)
Guest (S-1-5-21-819675408-2753461327-3771956256-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-819675408-2753461327-3771956256-1005 - Limited - Enabled)
MeGret-TPC (S-1-5-21-819675408-2753461327-3771956256-1001 - Administrator - Enabled) => C:\Users\MeGret-TPC
WDAGUtilityAccount (S-1-5-21-819675408-2753461327-3771956256-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
Aktualizace NVIDIA 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.10.2 - Advanced Micro Devices, Inc.)
Armored Warfare MyCom (HKU\S-1-5-21-819675408-2753461327-3771956256-1001\...\Armored Warfare MyCom) (Version: 1.185 - My.com B.V.)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
Aslain's WoT Modpack verze 1.2.0.1.10 (HKLM-x32\...\Aslains_WoT_Modpack_Installer_is1) (Version: 1.2.0.1.10 - Aslain)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{DF6C3726-7E53-4772-9763-E9F147769F51}) (Version: 3.1.8.0000 - Asmedia Technology)
ASUS GPU TweakII (HKLM-x32\...\{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.1.7.2 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU TweakII (HKLM-x32\...\InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.1.7.2 - ASUSTek COMPUTER INC.)
ASUS Product Register Program (HKLM-x32\...\{49BE9B8A-E858-4533-A74A-64306C13DB59}) (Version: 1.0.014 - ASUS)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.031 - ASUSTek Computer Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bigasoft Total Video Converter 5.1.1.6250 (HKLM-x32\...\{A72CE741-1F32-4D79-BFFB-A714375C6750}_is1) (Version: - Bigasoft Corporation)
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
calibre 64bit (HKLM\...\{B16F2206-747F-4758-ADA9-76148D2C0C35}) (Version: 3.7.0 - Kovid Goyal)
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.45 - Creative Technology Limited)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
CrystalDiskInfo 7.8.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.8.0 - Crystal Dew World)
GameCenter My.com (HKU\S-1-5-21-819675408-2753461327-3771956256-1001\...\GameCenter) (Version: 4.1464 - My.com B.V.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.77 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
MediaHuman YouTube to MP3 Converter 3.9.9.7 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.9.9.7 - MediaHuman)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-819675408-2753461327-3771956256-1001\...\OneDriveSetup.exe) (Version: 18.172.0826.0010 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 62.0 (x64 cs) (HKLM\...\Mozilla Firefox 62.0 (x64 cs)) (Version: 62.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.1 - Mozilla)
NAS Starter Utility (HKLM-x32\...\NAS Starter Utility) (Version: - ZyXEL)
NVIDIA Ovladač 3D Vision 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Ovládací panel NVIDIA 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 388.13 - NVIDIA Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.18.526.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8233 - Realtek Semiconductor Corp.)
Samsung Printer Center (HKLM-x32\...\Samsung Printer Center) (Version: 1.0.0.26 - Samsung Electronics Co., Ltd.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Slovenčina (HKU\S-1-5-21-819675408-2753461327-3771956256-1001\...\Slovenčina) (Version: - )
SpyHunter 5 (HKLM-x32\...\SpyHunter5) (Version: 5.0.30.51 - EnigmaSoft Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-819675408-2753461327-3771956256-1001\...\TeamSpeak 3 Client) (Version: 3.1.7 - TeamSpeak Systems GmbH)
Uninstall Samsung Printer Software (HKLM-x32\...\TotalUninstaller) (Version: 4.0.0.67 - Samsung Electronics CO., LTD.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.5.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
WinRAR 5.60 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-819675408-2753461327-3771956256-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
XSplit Gamecaster (HKLM-x32\...\{8915913F-E4AF-46C5-B4EF-3535D83BFFDE}) (Version: 2.5.1507.3018 - SplitmediaLabs)
Your Software Deals 1.0.0 (HKLM-x32\...\Your Software Deals_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-10-19] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07280288-DB4D-4C69-A6A0-EC1F1E0FC6CB} - System32\Tasks\CrystalDiskInfo => C:\Program Files (x86)\CrystalDiskInfo\DiskInfo32.exe [2018-09-26] (Crystal Dew World)
Task: {0D7125B3-7656-4619-A37A-395D9A914DC0} - System32\Tasks\{36E954AC-8F78-691F-B718-D4CE7E4BCF08} => "msiexec.exe" /i hxxps://siamoderg.info/biksomt5m1kp.sem /q
Task: {132D8886-4A07-462A-B824-78AF1B6BF888} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-14] (Google Inc.)
Task: {1EA8098C-25F5-46DE-A412-1C6E1B81EDFC} - System32\Tasks\{63FF5D84-F332-3C55-1873-E2C6DE6F96AA} => "msiexec.exe" -q /package hxxps://siamoderg.info/axqchyoohzpx.tci
Task: {29B99B7C-90C3-4774-9EEF-C7C2C6F89FAE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)
Task: {2D84FD82-F950-4803-B0BE-C1EB93F22EA3} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2018-10-19] (Advanced Micro Devices, Inc.)
Task: {4346CC41-CDA3-4C56-A023-850111055F0E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)
Task: {5A5135D8-94BD-4131-9D72-8756CCD8FEA5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {6783EA1B-F8CB-4EBD-878B-51DDF41C013A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-14] (Google Inc.)
Task: {877C1772-9F30-4BE9-8463-5DF5AA19A3D4} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {92146086-56B7-4E0D-9EA3-C78832C285BA} - System32\Tasks\{B4B9A496-1465-614B-42E6-E9FACFD9FDCB} => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://good-journal.net/cl/?guid=nyor7zhu2zo5lt5unen1imu9nond6q8k&prid=1&pid=4_1324_0
Task: {96688FB2-4CE3-4F3D-A584-F314406F8346} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2018-10-19] (Advanced Micro Devices, Inc.)
Task: {976419D4-FD01-4AB6-80D7-3761E92102BE} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-10-14] (Adobe Systems Incorporated)
Task: {99678DB9-056F-4AD4-A601-75B89C7CDA66} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)
Task: {C3DC2968-1E50-4BFB-93A2-45DC49F2C8A3} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe [2018-10-14] (Adobe Systems Incorporated)
Task: {C5DB1688-8B19-4F27-AF9F-967D1A326EBB} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-18] ()
Task: {E61B0F9B-0AD8-473F-A64D-A77DF90CB170} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Software Deals.lnk -> C:\ProgramData\Ashampoo\YourDeals.exe () -> hxxp://linktarget.ashampoo.com/linktarget/?target=marketplace&edition=eid=13472&utm_medium=desktop&x-pos=Metro

==================== Loaded Modules (Whitelisted) ==============

2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2017-03-03 15:43 - 2017-03-03 15:43 - 000031256 _____ () C:\WINDOWS\System32\us008lm.dll
2015-08-18 22:31 - 2015-08-18 22:31 - 000048640 _____ () C:\Windows\SysWOW64\ASGT.exe
2017-06-08 22:49 - 2017-06-08 22:49 - 000143664 _____ () C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe
2018-07-18 23:43 - 2018-07-06 07:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-10-23 23:42 - 2018-10-23 23:43 - 000183808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-10-23 23:42 - 2018-10-23 23:43 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-10-23 23:42 - 2018-10-23 23:43 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2018-06-27 22:15 - 2018-06-27 22:15 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-06-27 22:15 - 2018-06-27 22:15 - 002552832 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2018-10-23 23:42 - 2018-10-23 23:42 - 035118592 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-10-23 23:42 - 2018-10-23 23:42 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-10-23 23:42 - 2018-10-23 23:42 - 005987328 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-27 21:17 - 2017-09-27 21:18 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-10-23 23:42 - 2018-10-23 23:42 - 009064448 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-10-14 09:23 - 2018-11-07 22:07 - 009660032 _____ () C:\Users\MeGret-TPC\AppData\Local\GameCenter\GameCenter.exe
2018-11-08 23:23 - 2018-10-30 19:06 - 001057056 _____ () C:\steam\bin\cef\cef.win7x64\SDL2.dll
2018-11-08 23:23 - 2018-09-23 01:00 - 102804768 _____ () C:\steam\bin\cef\cef.win7x64\libcef.dll
2018-11-08 23:23 - 2018-09-23 01:00 - 004866336 _____ () C:\steam\bin\cef\cef.win7x64\libglesv2.dll
2018-11-08 23:23 - 2018-09-23 01:00 - 000116000 _____ () C:\steam\bin\cef\cef.win7x64\libegl.dll
2018-07-18 23:43 - 2018-06-15 05:41 - 005471232 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.dll
2018-07-18 23:43 - 2018-06-15 05:36 - 000047616 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.dll
2018-07-18 23:43 - 2018-06-15 05:40 - 005082112 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll
2018-10-26 19:58 - 2018-10-23 22:24 - 005020504 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.77\libglesv2.dll
2018-10-26 19:58 - 2018-10-23 22:24 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.77\libegl.dll
2018-10-14 00:57 - 2018-10-14 01:00 - 000479232 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-10-14 00:57 - 2018-10-14 01:00 - 069128192 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-10-14 00:57 - 2018-10-14 01:00 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2017-10-05 18:45 - 2017-10-05 18:46 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-05-04 02:44 - 2018-05-04 02:45 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-09-01 16:59 - 2018-09-01 17:01 - 003699200 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-09-01 16:59 - 2018-09-01 17:01 - 000035328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-08-21 15:15 - 2018-08-21 15:17 - 002280960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\opencv_core320.dll
2018-08-21 15:15 - 2018-08-21 15:17 - 002480640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\opencv_imgproc320.dll
2018-04-05 14:16 - 2018-04-05 14:17 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-10-14 00:57 - 2018-10-14 01:00 - 014171648 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-09-01 16:59 - 2018-09-01 17:01 - 003544576 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-10-14 00:57 - 2018-10-14 01:00 - 002866176 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-09-01 16:59 - 2018-09-01 17:01 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-31 14:20 - 2018-07-31 14:22 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-10-14 00:57 - 2018-10-14 01:00 - 000145920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\SKU.dll
2017-03-03 15:45 - 2016-06-15 02:14 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2018-11-03 11:38 - 2018-10-30 19:06 - 000879904 _____ () C:\steam\SDL2.dll
2018-11-03 11:38 - 2018-11-08 20:02 - 002649376 _____ () C:\steam\video.dll
2018-11-03 11:38 - 2016-09-01 02:02 - 004969248 _____ () C:\steam\v8.dll
2018-11-03 11:38 - 2017-12-20 02:43 - 000695584 _____ () C:\steam\libavformat-57.dll
2018-11-03 11:38 - 2017-12-20 02:43 - 000351520 _____ () C:\steam\libavresample-3.dll
2018-11-03 11:38 - 2017-12-20 02:43 - 000783648 _____ () C:\steam\libswscale-4.dll
2018-11-03 11:38 - 2017-12-20 02:43 - 000847136 _____ () C:\steam\libavutil-55.dll
2018-11-03 11:38 - 2017-12-20 02:43 - 005137696 _____ () C:\steam\libavcodec-57.dll
2018-11-03 11:38 - 2016-09-01 02:02 - 001195296 _____ () C:\steam\icuuc.dll
2018-11-03 11:38 - 2016-09-01 02:02 - 001563936 _____ () C:\steam\icui18n.dll
2018-11-03 11:38 - 2018-11-08 20:02 - 001028384 _____ () C:\steam\bin\chromehtml.DLL
2018-11-03 11:38 - 2016-07-04 23:17 - 000266560 _____ () C:\steam\openvr_api.dll
2018-10-14 09:23 - 2018-10-22 10:03 - 002613888 _____ () C:\Users\MeGret-TPC\AppData\Local\GameCenter\BigUp2.dll
2018-10-14 09:23 - 2018-10-14 09:23 - 000144896 _____ () C:\Users\MeGret-TPC\AppData\Local\GameCenter\zlib1.dll
2018-10-14 09:23 - 2018-10-14 09:23 - 002537600 _____ () C:\Users\MeGret-TPC\AppData\Local\GameCenter\SkiAcc.dll
2018-10-14 09:23 - 2018-10-14 09:23 - 000083072 _____ () C:\Users\MeGret-TPC\AppData\Local\GameCenter\pxd.dll
2018-10-14 09:23 - 2018-10-14 09:23 - 000256128 _____ () C:\Users\MeGret-TPC\AppData\Local\GameCenter\LightUpdate.dll
2018-04-04 16:57 - 2018-04-04 16:57 - 083481088 _____ () C:\Users\MeGret-TPC\AppData\Local\GameCenter\Chrome\3.3325.1756\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 12:04 - 2015-07-10 12:02 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-819675408-2753461327-3771956256-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E0F5C4B0-52F3-4BE7-A5E1-D7D90246D087}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Printer Center\SamsungPrinterCenter.exe
FirewallRules: [UDP Query User{16F97FBE-AB3C-41AD-A0D4-95769E557C27}C:\program files (x86)\blizzard app\battle.net.8839\battle.net.exe] => (Allow) C:\program files (x86)\blizzard app\battle.net.8839\battle.net.exe
FirewallRules: [TCP Query User{3980848F-3765-4CA2-806E-C5E62A63ECF7}C:\program files (x86)\blizzard app\battle.net.8839\battle.net.exe] => (Allow) C:\program files (x86)\blizzard app\battle.net.8839\battle.net.exe
FirewallRules: [UDP Query User{A18C9094-4D41-405B-99E5-151E42BEB7E4}C:\program files (x86)\zyxel\nas starter utility\nas starter utility.exe] => (Allow) C:\program files (x86)\zyxel\nas starter utility\nas starter utility.exe
FirewallRules: [TCP Query User{6611FD6F-E02D-4655-A19D-4456D09F6587}C:\program files (x86)\zyxel\nas starter utility\nas starter utility.exe] => (Allow) C:\program files (x86)\zyxel\nas starter utility\nas starter utility.exe
FirewallRules: [{D80CDD55-C34A-4BAE-9D8D-4B5091BBDDE3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8A6534E2-584B-411D-B95C-A14226F23EBA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{831EAC7B-6A9E-481B-8E11-A2C4E0BA775F}C:\world_of_warships\wowslauncher.exe] => (Allow) C:\world_of_warships\wowslauncher.exe
FirewallRules: [TCP Query User{5B267066-14D4-438C-B04E-48DAF9BAE98C}C:\world_of_warships\wowslauncher.exe] => (Allow) C:\world_of_warships\wowslauncher.exe
FirewallRules: [{5E486191-31A4-4B6F-AE27-A44E21FE0A7E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B9D1CEED-53B1-4F6B-89CE-307147795EE9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{7FD09255-5E88-4394-8BAA-EA49321E3191}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{21C71B61-81AC-4513-82CB-0AB2F6D29920}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0C506A94-F9FC-4405-A4B1-5A8E88E97C7F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{E151925F-5554-4AAB-B888-8BDD2556BFA0}C:\world_of_tanks\worldoftanks.exe] => (Allow) C:\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{F727C40D-6F40-43FB-A06F-CCC0803E1AD3}C:\world_of_tanks\worldoftanks.exe] => (Allow) C:\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{CD837059-4171-4FBF-80FC-3FE3A0554DE9}C:\world_of_tanks\wotlauncher.exe] => (Allow) C:\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{E73DBA2D-D0D7-48D4-9CAB-D7563AB6B47D}C:\world_of_tanks\wotlauncher.exe] => (Allow) C:\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{C39A4149-F0A9-4F15-A511-678059468061}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{8ACA6309-88A5-4516-AD42-0B0386C55E33}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{E4A4197D-AEF7-400E-862F-58B5D5A996CC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{701C4593-ADD4-4AFD-9A47-5F23639592CF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BCD18F07-2496-40FB-B3C1-BA0344289276}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{659EA0A5-52BF-4B6A-AF1D-D684D5727C4A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{29317E3A-4F89-446C-A027-4FC9625BD4FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{68DFF9FF-8C4F-4A82-B7AF-EE46C7BCBF8C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{A7DCB652-04FB-4947-A1F5-21961F5AFA5A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{303AA42E-DF64-4683-A1A2-C029C7A8B360}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [TCP Query User{736B4A66-A6A0-4A88-9354-8D9AAF64B2C3}C:\users\megret-tpc\appdata\local\gamecenter\gamecenter.exe] => (Allow) C:\users\megret-tpc\appdata\local\gamecenter\gamecenter.exe
FirewallRules: [UDP Query User{E933777E-BC31-4C33-B9F7-2F06BF87CBAA}C:\users\megret-tpc\appdata\local\gamecenter\gamecenter.exe] => (Allow) C:\users\megret-tpc\appdata\local\gamecenter\gamecenter.exe
FirewallRules: [{92755B08-09F0-4AF8-A979-0F12AA9FBFB1}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{813C5E84-E232-4735-B441-54105C633201}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{7C10115A-DB4D-493B-98A9-B045D5BDC9DC}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{AF5F6F56-9A55-4017-A608-489314B2F5D9}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{15E2B108-91EE-41CF-B641-D046D8163340}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6D3B9992-F3CD-40BF-8441-7CEA3C921370}] => (Allow) C:\steam\Steam.exe
FirewallRules: [{2CA812BC-B82B-45CD-8572-277E5D632EFD}] => (Allow) C:\steam\Steam.exe
FirewallRules: [{2EB35DAB-EAF8-47ED-851B-FE938E3B7985}] => (Allow) C:\steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E57340DD-B60A-4128-86BE-91652B7847D9}] => (Allow) C:\steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3C235A18-B5FA-45EB-A9A1-BF654CBAF913}] => (Allow) E:\SteamLibrary\steamapps\common\ARK SOTF\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{567A28E2-777A-41F4-9782-13858C325692}] => (Allow) E:\SteamLibrary\steamapps\common\ARK SOTF\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{F83307F4-C213-4391-A0E7-E858F04E7698}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe
FirewallRules: [{CFA12342-5A44-4771-94EA-6913D4D30364}] => (Allow) C:\Users\MeGret-TPC\AppData\Local\kAyeMDseXh.exe
FirewallRules: [{88291374-E8D6-4B34-914C-EA8B2AADE13B}] => (Allow) C:\Users\MeGret-TPC\deiefECnJ.exe
FirewallRules: [{4C89096B-6A31-4EBF-BA6E-AFE3D37ECD3A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{B89DDEF6-C334-4413-8CBB-EE162CBA85CF}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{560E5289-67E4-4DEC-AC6E-3023E75056BA}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{A1D55ED3-F823-4E48-9DC4-24C673DCE973}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{0CD643F1-ADE3-4FD6-AD2B-A8935888B1F4}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{B54CF621-D2A0-4D6C-8FA4-3D50B141C066}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{6FBC9D66-5B3E-4FA5-8217-42B9E8DFBD3B}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{1EBCBEAF-888D-4B86-9D35-8092B1A4D336}] => (Allow) C:\steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{A6D7E43F-0AB3-45A0-B6DC-FC2EACA56B3C}] => (Allow) C:\steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{D18A5587-7E6B-438D-937F-16E391A53B77}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{49AD8509-9CA3-4DD0-9B96-410230908DD1}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{311177C2-2B48-42BF-AC13-90EEDA19A0D3}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe
FirewallRules: [{1CCAE30C-550F-4136-90FA-2E41DCC1F38F}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{43497D49-1541-459B-ABC5-709B698D8098}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{019ED680-DDF2-4E20-A64C-E89D1EE6A170}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe

==================== Restore Points =========================

22-10-2018 00:39:02 Instalační služba modulů systému Windows
25-10-2018 05:18:37 Instalační služba modulů systému Windows
26-10-2018 19:57:26 Instalační služba modulů systému Windows
28-10-2018 11:57:17 Instalační služba modulů systému Windows
29-10-2018 17:57:55 Instalační služba modulů systému Windows
30-10-2018 19:09:07 Instalační služba modulů systému Windows
02-11-2018 08:42:24 Instalační služba modulů systému Windows
03-11-2018 10:42:18 Instalační služba modulů systému Windows
04-11-2018 20:42:45 Instalační služba modulů systému Windows
05-11-2018 22:42:28 Instalační služba modulů systému Windows
07-11-2018 22:09:36 Instalační služba modulů systému Windows
08-11-2018 22:43:05 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/09/2018 08:41:34 PM) (Source: MsiInstaller) (EventID: 11704) (User: FRNDA)
Description: Product: Windows Resource Kit Tools - SubInAcl.exe -- Error 1704. An installation for ndhjrfudjiwerh is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?

Error: (11/09/2018 08:06:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: GPUTweakII.exe, verze: 1.1.7.2, časové razítko: 0x56822419
Název chybujícího modulu: Vender.dll, verze: 1.1.2.6, časové razítko: 0x565bb08a
Kód výjimky: 0xc0000005
Posun chyby: 0x0000ec74
ID chybujícího procesu: 0x1dec
Čas spuštění chybující aplikace: 0x01d4785f5eab05ad
Cesta k chybující aplikaci: C:\Program Files (x86)\ASUS\GPU TweakII\GPUTweakII.exe
Cesta k chybujícímu modulu: C:\Program Files (x86)\ASUS\GPU TweakII\Vender.dll
ID zprávy: adbf949a-4b18-4583-bd59-9dbad590f26c
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (11/09/2018 08:02:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: compattelrunner.exe, verze: 10.0.17673.1005, časové razítko: 0xe01deb3c
Název chybujícího modulu: ntdll.dll, verze: 10.0.17134.165, časové razítko: 0xf4df6dc2
Kód výjimky: 0xc0000374
Posun chyby: 0x00000000000f4d1b
ID chybujícího procesu: 0xec0
Čas spuštění chybující aplikace: 0x01d4785ecc884d28
Cesta k chybující aplikaci: C:\WINDOWS\system32\compattelrunner.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: 236d2700-9b5d-43fd-83b4-2d87772cf32c
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (11/09/2018 07:54:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: GPUTweakII.exe, verze: 1.1.7.2, časové razítko: 0x56822419
Název chybujícího modulu: Vender.dll, verze: 1.1.2.6, časové razítko: 0x565bb08a
Kód výjimky: 0xc0000005
Posun chyby: 0x0000ec74
ID chybujícího procesu: 0x19fc
Čas spuštění chybující aplikace: 0x01d4785da839d0a3
Cesta k chybující aplikaci: C:\Program Files (x86)\ASUS\GPU TweakII\GPUTweakII.exe
Cesta k chybujícímu modulu: C:\Program Files (x86)\ASUS\GPU TweakII\Vender.dll
ID zprávy: 38654d93-c827-458f-9482-19482451f07e
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (11/09/2018 12:47:50 AM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: FRNDA)
Description: httphttp-2147467263

Error: (11/08/2018 11:40:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: rundll32.exe, verze: 10.0.17134.1, časové razítko: 0x1e3f5e34
Název chybujícího modulu: IECache.dll_unloaded, verze: 0.0.0.0, časové razítko: 0x2a425e19
Kód výjimky: 0xc000041d
Posun chyby: 0x00023e48
ID chybujícího procesu: 0x994
Čas spuštění chybující aplikace: 0x01d477b3b5dc71a3
Cesta k chybující aplikaci: C:\Windows\SysWOW64\rundll32.exe
Cesta k chybujícímu modulu: IECache.dll
ID zprávy: c89b62bc-7ed5-4fa4-a484-ab96f1333bef
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (11/08/2018 11:38:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: rundll32.exe, verze: 10.0.17134.1, časové razítko: 0x1e3f5e34
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.17134.165, časové razítko: 0xfa43f4b2
Kód výjimky: 0x0eedfade
Posun chyby: 0x0010ddc2
ID chybujícího procesu: 0x994
Čas spuštění chybující aplikace: 0x01d477b3b5dc71a3
Cesta k chybující aplikaci: C:\Windows\SysWOW64\rundll32.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: e0bdabb0-ae1c-4fd4-8624-400cb22bc382
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (11/08/2018 11:21:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: GPUTweakII.exe, verze: 1.1.7.2, časové razítko: 0x56822419
Název chybujícího modulu: Vender.dll, verze: 1.1.2.6, časové razítko: 0x565bb08a
Kód výjimky: 0xc0000005
Posun chyby: 0x0000ec74
ID chybujícího procesu: 0x19ec
Čas spuštění chybující aplikace: 0x01d477b16fa391f5
Cesta k chybující aplikaci: C:\Program Files (x86)\ASUS\GPU TweakII\GPUTweakII.exe
Cesta k chybujícímu modulu: C:\Program Files (x86)\ASUS\GPU TweakII\Vender.dll
ID zprávy: 803ec245-4eac-4476-8f93-deed73059580
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (11/09/2018 08:58:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Instalační služba systému Windows byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 300000 milisekund: Restartovat službu.

Error: (11/09/2018 08:26:27 PM) (Source: DCOM) (EventID: 10016) (User: FRNDA)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli FRNDA\MeGret-TPC (SID: S-1-5-21-819675408-2753461327-3771956256-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/09/2018 08:08:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscDataProtection
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/09/2018 08:08:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscBrokerManager
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/09/2018 08:07:08 PM) (Source: DCOM) (EventID: 10016) (User: FRNDA)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli FRNDA\MeGret-TPC (SID: S-1-5-21-819675408-2753461327-3771956256-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/09/2018 08:07:05 PM) (Source: DCOM) (EventID: 10016) (User: FRNDA)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli FRNDA\MeGret-TPC (SID: S-1-5-21-819675408-2753461327-3771956256-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/09/2018 08:07:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Instalační služba systému Windows byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (11/09/2018 08:06:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\NETWORK SERVICE (SID: S-1-5-20) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


Windows Defender:
===================================
Date: 2018-11-09 20:24:13.372
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Pynamer.A!ac
ID: 2147724878
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\MeGret-TPC\AppData\Local\Temp\554040937\ic-0.a5e74b1d8d35b.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
Verze podpisu: AV: 1.279.1512.0, AS: 1.279.1512.0, NIS: 1.279.1512.0
Verze modulu: AM: 1.1.15400.4, NIS: 1.1.15400.4

Date: 2018-11-09 20:24:10.218
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Gandcrab.AF
ID: 2147727324
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\MeGret-TPC\AppData\Local\Temp\553868843\ic-0.ab0ccb5b5e191.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
Verze podpisu: AV: 1.279.1512.0, AS: 1.279.1512.0, NIS: 1.279.1512.0
Verze modulu: AM: 1.1.15400.4, NIS: 1.1.15400.4

Date: 2018-11-09 20:22:44.310
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Skeeyah.A!rfn
ID: 2147694182
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\ProgramData\kitot\kitot.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
Verze podpisu: AV: 1.279.1512.0, AS: 1.279.1512.0, NIS: 1.279.1512.0
Verze modulu: AM: 1.1.15400.4, NIS: 1.1.15400.4

Date: 2018-11-08 22:47:12.601
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: TrojanSpy:Win32/SocStealer!rfn
ID: 2147724296
Závažnost: Vážné
Kategorie: Trojský monitorovací software
Cesta: chromeinstall:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\GOOGLE CHROME; file:_C:\Program Files (x86)\Google\Chrome\Application\winmm.dll
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze podpisu: AV: 1.279.1442.0, AS: 1.279.1442.0, NIS: 1.279.1442.0
Verze modulu: AM: 1.1.15400.4, NIS: 1.1.15400.4

Date: 2018-11-08 22:47:11.570
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Skeeyah.A!rfn
ID: 2147694182
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\MeGret-TPC\AppData\Local\William\William.dll
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Windows\SysWOW64\svchost.exe
Verze podpisu: AV: 1.279.1442.0, AS: 1.279.1442.0, NIS: 1.279.1442.0
Verze modulu: AM: 1.1.15400.4, NIS: 1.1.15400.4

Date: 2018-11-08 18:22:57.933
Description:
Modul programu Antivirová ochrana v programu Windows Defender byl ukončen v důsledku neočekávané chyby.
Typ chyby: Chyba
Kód výjimky: 0xc0000005
Zdroj: wmi:\\FRNDA\ROOT\default:__EventConsumerProviderRegistration.provider="\\\\.\\root\\default:__Win32Provider.Name=\"NTEventLogEventConsumer\""

Date: 2018-10-22 13:18:53.087
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.279.236.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15400.4
Kód chyby: 0x80240016
Popis chyby :Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2018-10-13 19:41:13.412
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.275.1546.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15200.1
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2018-10-13 19:41:13.411
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.275.1546.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15200.1
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2018-10-13 19:41:13.411
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.275.1546.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15200.1
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

CodeIntegrity:
===================================

Date: 2018-11-08 18:23:00.460
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-11-08 18:23:00.451
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-11-08 18:23:00.401
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-11-08 18:23:00.387
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-11-08 18:23:00.375
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-11-08 18:23:00.367
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-11-08 18:22:59.916
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-11-08 18:22:59.893
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Ryzen 5 1600 Six-Core Processor
Percentage of memory in use: 50%
Total physical RAM: 8138.47 MB
Available physical RAM: 4055.43 MB
Total Virtual: 11722.47 MB
Available Virtual: 4353.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.33 GB) (Free:116.26 GB) NTFS
Drive d: (Rezervováno systémem) (Fixed) (Total:0.49 GB) (Free:0.44 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:147.73 GB) (Free:28.42 GB) NTFS

\\?\Volume{c2defe55-aa59-439b-a086-79f0d4925f93}\ (Obnovení) (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
\\?\Volume{38d6c9b2-0000-0000-0000-000e25000000}\ () (Fixed) (Total:0.83 GB) (Free:0.45 GB) NTFS
\\?\Volume{44319eeb-f1a7-42db-9a4e-36ce51961691}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: 38D6C9B2)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=147.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=849 MB) - (Type=27)

==================== End of Addition.txt ============================

Re: GANDCRAB V5.0.4

Napsal: 10 lis 2018 11:25
od Rudy
OK. Teď spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Re: GANDCRAB V5.0.4

Napsal: 10 lis 2018 11:39
od franni
nejde mi nainstalovat,,stazenej je

Re: GANDCRAB V5.0.4

Napsal: 10 lis 2018 11:43
od franni
googl mi mrzne....zkousim firefox

Re: GANDCRAB V5.0.4

Napsal: 10 lis 2018 11:53
od franni
# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-09-21.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 11-10-2018
# Duration: 00:00:08
# OS: Windows 10 Pro
# Scanned: 42056
# Detected: 37


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.WiperSoft C:\Program Files\WiperSoft
PUP.Optional.WiperSoft C:\Users\MeGret-TPC\AppData\Roaming\WiperSoft

***** [ Files ] *****

PUP.Optional.SpyHunter C:\Users\MeGret-TPC\Downloads\SpyHunter-Installer.exe

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.WiperSoft C:\Windows\System32\Tasks\WiperSoft Startup

***** [ Registry ] *****

PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Your Software Deals_is1
PUP.Optional.WiperSoft HKCU\Software\WiperSoft
PUP.Optional.WiperSoft HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2108B16-B703-4CAE-99A9-2057F7CCF602}
PUP.Optional.WiperSoft HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WiperSoft Startup

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy afpabppcibfahafilhkbbgfnlncppdnc

***** [ Chromium URLs ] *****

PUP.Optional.Babylon http://search.babylon.com/?babsrc=HP_ss ... 7&tsp=4992
PUP.Optional.Babylon http://search.babylon.com/?babsrc=HP_ss ... 7&tsp=4992
PUP.Optional.Legacy http://searchya.com/
PUP.Optional.Legacy Search
PUP.Optional.Legacy MPC Safe Search
PUP.Optional.Legacy http://www.mystartsearch.com/?type=hp&t ... XX9VMNAB90
PUP.Optional.Legacy mystartsearch
PUP.Optional.Legacy mystartsearch
PUP.Optional.Legacy izito.cz
PUP.Optional.Legacy ICQ Search
PUP.Optional.Legacy Slunečnice
PUP.Optional.Legacy Ask
PUP.Optional.Legacy Ask.com
PUP.Optional.Legacy SweetIM Search
PUP.Optional.Legacy http://www.mystartsearch.com/?type=hp&t ... XX9VMNAB90
PUP.Optional.Legacy mystartsearch
PUP.Optional.Legacy mystartsearch
PUP.Optional.Legacy MPC Safe Search
PUP.Optional.Legacy http://www.mystartsearch.com/?type=hp&t ... XX9VMNAB90
PUP.Optional.Legacy mystartsearch
PUP.Optional.Legacy mystartsearch
PUP.Optional.Legacy http://www.mystartsearch.com/?type=hp&t ... XX9VMNAB90
PUP.Optional.Legacy mystartsearch
PUP.Optional.Legacy mystartsearch
PUP.Optional.Legacy SweetIM Search
PUP.Optional.Legacy http://search.b1.org/?bsrc=hmcor&chid=c167991
PUP.Optional.Legacy AOL
PUP.Optional.SofTonicAssistant Softonic EN

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Re: GANDCRAB V5.0.4

Napsal: 10 lis 2018 11:54
od franni
naakonec jsem to musel udelat v nouzovem rezimu...

Re: GANDCRAB V5.0.4

Napsal: 10 lis 2018 12:44
od Rudy
V ADW ještě klikněte na mazání, restartujte a pak dejte nový log FRST.

Re: GANDCRAB V5.0.4

Napsal: 10 lis 2018 13:10
od franni
# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-09-21.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 11-10-2018
# Duration: 00:00:08
# OS: Windows 10 Pro
# Scanned: 42056
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [3676 octets] - [10/11/2018 11:50:55]
AdwCleaner[S01].txt - [3737 octets] - [10/11/2018 12:59:22]
AdwCleaner[C01].txt - [3245 octets] - [10/11/2018 12:59:52]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########

Re: GANDCRAB V5.0.4

Napsal: 10 lis 2018 13:15
od franni
tady se to tvari ze nic,,,ale spyhunter mi nasel zas toho gandcraba,,bych vam poslal screen,,ale nejde mi to...a pc se chova furt divne,,bez nouzoveho rezimu nespustim adw ...a soubbory co byli exe,fotky,hudba maji furt ty divne koncovky a u kazde slozky je jeste toto :
---= GANDCRAB V5.0.4 =---

***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED***********************

*****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*****

Attention!

All your files, documents, photos, databases and other important files are encrypted and have the extension: .RZKCMSV

The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.


The server with your key is in a closed network TOR. You can get there by the following ways:

----------------------------------------------------------------------------------------

| 0. Download Tor browser - https://www.torproject.org/

| 1. Install Tor browser
| 2. Open Tor Browser
| 3. Open link in TOR browser: http://gandcrabmfe6mnef.onion/7586f28ae6be354c
| 4. Follow the instructions on this page

----------------------------------------------------------------------------------------


On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.


ATTENTION!

IN ORDER TO PREVENT DATA DAMAGE:

* DO NOT MODIFY ENCRYPTED FILES
* DO NOT CHANGE DATA BELOW

---BEGIN GANDCRAB KEY---
lAQAAGy/exaL/LzmnXxRupwdmcPMi8rwmQvUncA9c/dmrWoD7Ad4qzMb2k1N0oGUaVk7zbRH2TTdzg7Z+U8gyPHgJklRrMwb9ieG4XJrtAfzefdiPdCPsT2CkdOyK4qhMFvyoyn6A47omjJn/RS/ulU9cZiwt6YfwVJdhHZrulP09jSsUSf3xLhFJb7u17ROT5mBVt2kbMy9AuMTke47zI4azZlIf8MKaw2S88B4sQTtLEfnl0my82VYYbnlhtYoTTUz+ho4c/5n7zQiRoUGOiutcfFOwCoQ8Ull9I6nc1x1kqiZ5IVaccl3ls0+txr/brDgrx0GvIhwhDLXbUvL/LVuRYH4t5cM7D5jjqcZKNiCOjsmt64jtWI+pOd7+slgEDaeMC5MFdYxdtcCJvHTyDQiZ+NQM5/LTCBZWqW1oe6Y0L46zHYvMTo9Sc8gRQwA3fNRfxcRc1komyG/at/GhErwwXXnPm4A4t50Ko0/120zpa1lLJtpbFWm70NpcPSUcSaHum0V1Yc2ZYRtOvd6HgPs78Vuh6mjMGFXsRPaSzUN0TQMjLInET+323z3JSBZAu06+r3yLHFL7eFPZW8MX050oSvizXempCc1HGCvd7p0NgEUHKhpHa9rZV1XguuXgeoffbYbvp3JrBwBbD9ExTdlzBCer0kzh+wCp8nYTG31nUsL9RlxyXPmS87xv5VyLb7m9pMzFG6HzVP8gNUmS2oMMLJ4dQ4QHFTfci3YuhXEhIquMBn18inyF93yJjy770azCOx33VV4M0gY69LyLInR78wTWRA8V3mpXUA7yTIBewPAviVzykrIlnAUFoBWdrS9fuWbPvqTfSkYYPbaY+bLa+wsXU3/k8siGpVsfrSjEhn5QVIu3tkqc7fgxwEsXCEptsvMaRBmfcjpy1DNtTPk9pWnWqDdqS51wmUTDCeS7ifFleFU6A/O77rYJ0Tb5EUjvEz2aHA5DPmUGkIHkO23DEAhr4GRvDjuVBlIsfgaBn0YLhdyMdB4AuJObbTy4Ob0BZqKJkmqJu0Y6C2e2akOjjlSuKj5GVH6ZuLXAdyjPGhkq8E+vEWffjprd+L0wsI77CNlyBmEkB8Z7ByGsQrffJ4XrqFOof5m+nHLcVjGR8fkKvYbhNJYCbB/BVFDVxk8uVlqc6V14C3J3PeHc+WOUlSf41MACgucv5HR/Pm0NPhx1kJ7remIdPs+3Rk8ijuqnTQrutu+ZPicjfOjvFXRfaJys+UIjJR+U5HOOhYgpUcUrjph9uadSJfkvU8tkUTB81v3SxV+DbVZSlkSlaxSBEODCN3+7xvKu8q6fUuzSvPKM5y7YKUhC1xKXCYvZuLh0lF/b92kaFLPovewkOsBAgm40ObN92zpoYSG3140akc3QKJ6HZW8IfCRuERqWsEE6Z9QRyIqclXbu4OWtTU+kcnnDQ1h4uUtlvQ9MzNZFjEinWWJA/jiMXtA51C45YWltp64k2mP0yH5ebhYWIKO6rzO+RvBg1KnZHKqhrB6X1UTyRsqGnS4ub61rLDJuieB2FrLtie7oLl2l6JUqU78mLxWuOWTpe1ba7BAQKLy8vXRChu5x3v2AB58IMqFtgaPoswWcz7EraMcLqefLU//AJBQSuIcOME/Is3jeF3tMZH3k+iMMUYumdcu8sMyWabYKhYj2r4efZyE+e63ePr2UFaxSRGfyLB4QETI2GP6m30HT3URY+SVWQ3O10GRZCw+VvgOr04GmxW5+D8KCc+Uf38JEq8txM7Kry7UsprkgbwT8DxmGX+6AUZILkaA6FPISR2FlifSdjMtEZxzWtBixgkN1qfT0y9t8h6j3zN1+5xNlcL13aqtGegepnzrQzVNJKZKNNyLIRJAtnHthF1vl6+w9rYSTcbDSOVZE3gjIiFLJr9X+rPbiA+mF2Vd04OP6i3Q9inhu7/2PZJd1Ufjgdm0kwN93wFXj0N36jipq8iAgTvOs7pRnVLPaK9BgU0PPLUaZixLXMPo4nTZimc6jbsDl2cP7hEmzopV2ECMjlVBmA3ryn9nnSfclqqv4IlVyi1KQQ77TVj7bcNN3y7X7UJ/oz7T07RCxDIuujpKAx7Ad+cV6jd78IUf/6ABg6XXLQVJv/fidBVRt/Rh/vEbJm1QSFT52cmnpeGSCY6uUws2U3WN9wguaw4+t/KKSWyEavyZvGwe4tRwBcPcL0IpHtHbGcmwfWtPFgoiV4yC65MnmcaP+Gyz2XTGIjBsxLLPGpBz5hk=
---END GANDCRAB KEY---

---BEGIN PC DATA---
wfKD6iudumBkmpL8IRr4U4uxEFaCOWntyzx0Oun1/FYZvMWWdB5bYaJd35Z5TrZRk3Y67gVWo7fHTG+H5B5bBNnznNMG75D6WkGVDCbiGJJh84DFEv/gmHyoGJAOLoqj+Pxu2WrxdZKRiq2hcES1Ar4AlbZMOLuX47nHbR0kSXQNbc6Wu8CtYaZYQaSExt4pFI5w24KAAlK4ZAhV3gPGuU/cMSJ52OCMd0OMMK8P2YpZLFGTHJxPmpQoEXY9P/c/fPrN1tNzgTb3jd9ABngml4JnUt1wCA4xZw7tDMIr6H19SibFRw+qkb8tbdivqc6nrrrr57JivrEdkRHBtOKp/2E2FOsuGt1YOlqBBi/t/BGDEd8b8ydH4tq4PqblY5hyf4z72S+ilZQWTRwqZFPJJPsJy5EdwKYoaxPKnKs+A+5bALmfiWEwg61rLA3gxA9Kwg7oZi7pCxFM3vbLM+au1wQZMXQURlaKfDnV1k3gAH8HmT7f4SyaQTxn6bJBlsqw6XIKVYzpdDf3fB0cfMBnP2lNh39SQ3HC26ZDEuXtKkisBZVMGJH/HuwOBb+mRawP0IkRV6Lu47PAzMD9OnYGh84z7uxJRfptWf/cbiDWv+ITXpdeOtQv9EdhPVLc2rdgmmnaLV8zjwtdfjP5E2FciT4EyrIVT/PbUQEgKbb/lDM/dHg3tW4CfaOU93IiLaW8GB1NXfIDGNZ8jSrfmwqAwiQujcUumJ3gmIqnOjltSSskDm5IqxseYE4C7bwEZg==
---END PC DATA---

Re: GANDCRAB V5.0.4

Napsal: 10 lis 2018 13:16
od franni
poslu vam to na mail

Re: GANDCRAB V5.0.4

Napsal: 10 lis 2018 16:09
od Rudy
Toto není log FRST. Ten vypadá třeba takto: https://forum.viry.cz/viewtopic.php?f=1 ... 2#p1512534 . Nic jiného nechci, z toho logu pak ručně odstraníme položky, které tam nepatří. Pokud by se vám nevešel jsem, někam ho upněte a sem dejte odkaz. Mail k řešení problémů nesloží.

Re: GANDCRAB V5.0.4

Napsal: 10 lis 2018 16:25
od franni
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08.11.2018
Ran by MeGret-TPC (administrator) on FRNDA (10-11-2018 16:22:12)
Running from C:\Users\MeGret-TPC\Desktop
Loaded Profiles: MeGret-TPC (Available Profiles: MeGret-TPC)
Platform: Windows 10 Pro Version 1803 17134.165 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\userinit.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2017-08-17] (Realtek Semiconductor)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE*
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-819675408-2753461327-3771956256-1001\...\Run: [World of Tanks] => "C:\World_of_Tanks\WargamingGameUpdater.exe"
HKU\S-1-5-21-819675408-2753461327-3771956256-1001\...\Run: [World of Warships] => "C:\World_of_Warships\WargamingGameUpdater.exe"
HKU\S-1-5-21-819675408-2753461327-3771956256-1001\...\Run: [Steam] => C:\steam\steam.exe [3131680 2018-11-08] (Valve Corporation)
HKU\S-1-5-21-819675408-2753461327-3771956256-1001\...\Run: [World of Tanks (1)] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net)
HKU\S-1-5-21-819675408-2753461327-3771956256-1001\...\Run: [GameCenter] => C:\Users\MeGret-TPC\AppData\Local\GameCenter\GameCenter.exe [9660032 2018-11-07] ()
HKU\S-1-5-21-819675408-2753461327-3771956256-1001\...\Run: [icq.desktop] => C:\Users\MeGret-TPC\AppData\Roaming\ICQ\bin\icq.exe [28501144 2018-11-10] ()
HKU\S-1-5-21-819675408-2753461327-3771956256-1001\...\MountPoints2: {0a26cf40-38e2-11e6-9bc2-806e6f6e6963} - "I:\setup.exe"
HKU\S-1-5-21-819675408-2753461327-3771956256-1001\...\MountPoints2: {6faddee6-cef4-11e8-9c3f-806e6f6e6963} - "D:\DVDSetup.exe"
HKU\S-1-5-21-819675408-2753461327-3771956256-1001\...\MountPoints2: {8b1956be-cef6-11e8-9c42-309c23650ed5} - "E:\Lenovo_Suite.exe"
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\ASUS\GPU TweakII\GPUTweakII.exe [6310864 2015-12-29] (TODO: <Company name>)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\ASUS\GPU TweakII\Monitor.exe [2670032 2015-11-30] (TODO: <Company name>)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-819675408-2753461327-3771956256-1001] => Proxy is enabled.
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3d7f9148-dbce-4743-8c61-116810bab61a}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{7fc6b593-8724-4a27-8431-9e2851ce2358}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll => No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll => No File
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab

FireFox:
========
FF DefaultProfile: jd2ozmku.default
FF ProfilePath: C:\Users\MeGret-TPC\AppData\Roaming\Mozilla\Firefox\Profiles\jd2ozmku.default [2018-11-10]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [No File]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-10-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-10-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [No File]

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxp://search.babylon ... XX9VMNAB90"
CHR Profile: C:\Users\MeGret-TPC\AppData\Local\Google\Chrome\User Data\Default [2018-11-10]
CHR Extension: (Překladač Google) - C:\Users\MeGret-TPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2018-11-08]
CHR Extension: (Proxy SwitchySharp) - C:\Users\MeGret-TPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm [2018-11-08]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\MeGret-TPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-08]
CHR Extension: (Chrome Media Router) - C:\Users\MeGret-TPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-08]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0335076.inf_amd64_86bc242f42070102\B334840\atiesrxx.exe [508000 2018-10-25] (AMD)
S2 ASGT; C:\Windows\SysWOW64\ASGT.exe [48640 2015-08-18] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1404936 2018-11-03] ()
S2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [9872688 2018-11-09] (EnigmaSoft Limited)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S2 SamsungUPDUtilSvc; C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe [143664 2017-06-08] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation)
S2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [538416 2018-11-09] (EnigmaSoft Limited)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-10-23] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-10-23] (Microsoft Corporation)
S3 Creative Audio Engine Licensing Service; "C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe" [X]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S3 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [43400 2017-03-01] (Advanced Micro Devices, Inc)
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [24424 2016-08-12] (Advanced Micro Devices, Inc)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [67576 2018-10-25] (Advanced Micro Devices, Inc.)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices, Inc. )
S3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0335076.inf_amd64_86bc242f42070102\B334840\atikmdag.sys [47503976 2018-10-25] (Advanced Micro Devices, Inc.)
S3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0335076.inf_amd64_86bc242f42070102\B334840\atikmpag.sys [589920 2018-10-25] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [103928 2018-10-11] (Advanced Micro Devices, Inc.)
R3 AMDPCIDev; C:\WINDOWS\System32\drivers\AMDPCIDev.sys [31592 2018-04-25] (Advanced Micro Devices)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [243048 2017-06-12] (Advanced Micro Devices, Inc. )
R0 asstahci64; C:\WINDOWS\System32\drivers\asstahci64.sys [89448 2015-10-01] (Asmedia Technology)
S3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [107400 2018-10-03] (Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [61624 2018-11-10] (EnigmaSoft Limited)
S3 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [24824 2014-10-23] (ASUSTeK Computer Inc.)
S3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [984032 2017-06-05] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46184 2018-10-23] (Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [328696 2018-10-23] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-10-23] (Microsoft Corporation)
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-10 16:22 - 2018-11-10 16:22 - 000012935 _____ C:\Users\MeGret-TPC\Desktop\FRST.txt
2018-11-10 13:21 - 2018-11-10 13:24 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\ICQ
2018-11-10 13:21 - 2018-11-10 13:21 - 000001982 _____ C:\Users\MeGret-TPC\Desktop\ICQ.lnk
2018-11-10 13:21 - 2018-11-10 13:21 - 000001840 _____ C:\Users\MeGret-TPC\AppData\Roaming\Microsoft\Windows\Start Menu\ICQ.lnk
2018-11-10 13:21 - 2018-11-10 13:21 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
2018-11-10 13:20 - 2018-11-10 13:21 - 037185176 _____ C:\Users\MeGret-TPC\Downloads\icq_rfrset_3d928b5c.exe
2018-11-10 13:11 - 2018-11-10 13:11 - 000000000 ___RD C:\Users\MeGret-TPC\3D Objects
2018-11-10 11:52 - 2018-11-10 11:52 - 000003676 _____ C:\Users\MeGret-TPC\Desktop\AdwCleaner[S00].txt
2018-11-10 11:43 - 2018-11-10 11:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-10 11:43 - 2018-11-10 11:43 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-11-10 11:43 - 2018-11-10 11:43 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-11-10 11:43 - 2018-11-10 11:43 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-11-10 11:42 - 2018-11-10 11:42 - 000320056 _____ (Mozilla) C:\Users\MeGret-TPC\Downloads\Firefox Installer.exe
2018-11-10 11:31 - 2018-11-10 12:59 - 000000000 ____D C:\AdwCleaner
2018-11-10 11:31 - 2018-11-10 11:31 - 007592144 _____ (Malwarebytes) C:\Users\MeGret-TPC\Desktop\AdwCleaner.exe
2018-11-10 11:18 - 2018-11-10 16:22 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-11-10 11:17 - 2018-11-10 11:17 - 000000000 ____D C:\WINDOWS\pss
2018-11-10 00:27 - 2018-11-10 00:27 - 011546736 _____ (Bitdefender LLC) C:\Users\MeGret-TPC\Downloads\BDGandCrabDecryptTool (1).exe
2018-11-10 00:21 - 2018-11-10 00:29 - 000000000 _RSHD C:\ProgramData\Key-Base
2018-11-10 00:21 - 2018-11-10 00:21 - 000000000 ____D C:\WINDOWS\SysWOW64\Temp
2018-11-10 00:21 - 2018-11-10 00:21 - 000000000 ____D C:\ProgramData\{7471E7DD-6BB3-287C-5180-FE08440CAB1A}
2018-11-10 00:20 - 2018-11-10 00:20 - 015370584 _____ (Stellar Information Technology Pvt Ltd. ) C:\Users\MeGret-TPC\Downloads\StellarPhoenixWindowsDataRecovery-Professional.exe
2018-11-10 00:20 - 2018-11-10 00:20 - 000001233 _____ C:\Users\MeGret-TPC\Desktop\Stellar Data Recovery Professional .lnk
2018-11-10 00:20 - 2018-11-10 00:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Data Recovery Professional
2018-11-10 00:20 - 2018-11-10 00:20 - 000000000 ____D C:\Program Files (x86)\Stellar Data Recovery Professional
2018-11-10 00:10 - 2018-11-10 00:10 - 000027888 _____ (Wiper Software) C:\WINDOWS\system32\wiperrm.exe
2018-11-10 00:10 - 2018-11-10 00:10 - 000000811 _____ C:\Users\MeGret-TPC\Desktop\WiperSoft.lnk
2018-11-10 00:09 - 2018-11-10 00:09 - 002046576 _____ (WiperSoft) C:\Users\MeGret-TPC\Downloads\WiperSoft-installer.exe
2018-11-09 23:33 - 2018-11-09 23:33 - 000000011 _____ C:\Users\MeGret-TPC\setup14.ini
2018-11-09 21:55 - 2018-11-09 21:55 - 000057412 _____ C:\Users\MeGret-TPC\Downloads\Addition.txt
2018-11-09 21:54 - 2018-11-10 16:22 - 000000000 ____D C:\FRST
2018-11-09 21:54 - 2018-11-09 21:55 - 000068261 _____ C:\Users\MeGret-TPC\Downloads\FRST.txt
2018-11-09 21:53 - 2018-11-09 21:53 - 002415616 _____ (Farbar) C:\Users\MeGret-TPC\Desktop\FRST64.exe
2018-11-09 20:52 - 2018-11-09 20:53 - 075919050 _____ C:\Users\MeGret-TPC\Downloads\SpyHunter 4.16.5.4290 CZ (ML) Portable.rar
2018-11-09 20:49 - 2018-11-09 20:49 - 003393800 _____ (ParetoLogic) C:\Users\MeGret-TPC\Downloads\Pareto_DR_Setup_RW.exe
2018-11-09 20:41 - 2018-11-09 20:41 - 000379392 _____ C:\Users\MeGret-TPC\Downloads\subinacl.msi
2018-11-09 20:41 - 2018-11-09 20:41 - 000000000 ____D C:\Program Files (x86)\Windows Resource Kits
2018-11-09 20:36 - 2018-11-09 20:36 - 005937968 _____ (EnigmaSoft Limited) C:\Users\MeGret-TPC\Downloads\SpyHunter-Installer (3).exe
2018-11-09 20:35 - 2018-11-09 20:36 - 005937968 _____ (EnigmaSoft Limited) C:\Users\MeGret-TPC\Downloads\SpyHunter-Installer (2).exe
2018-11-09 20:29 - 2018-11-09 20:29 - 005937968 _____ (EnigmaSoft Limited) C:\Users\MeGret-TPC\Downloads\SpyHunter-Installer (1).exe
2018-11-09 20:19 - 2018-11-10 13:02 - 000061624 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys
2018-11-09 20:19 - 2018-11-09 20:19 - 000001055 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
2018-11-09 20:19 - 2018-11-09 20:19 - 000000000 ____D C:\sh5ldr
2018-11-09 20:19 - 2018-11-09 20:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2018-11-09 20:19 - 2018-11-09 20:19 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2018-11-09 20:18 - 2018-11-09 20:18 - 000000000 ____D C:\Program Files\EnigmaSoft
2018-11-09 19:54 - 2018-11-09 19:55 - 006066688 _____ C:\Users\MeGret-TPC\AppData\Local\dump007.dat
2018-11-08 23:31 - 2018-11-08 23:31 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Google
2018-11-08 23:21 - 2018-11-08 23:21 - 000000020 ___SH C:\Users\MeGret-TPC\ntuser.ini
2018-11-08 18:40 - 2018-11-08 18:40 - 000008914 _____ C:\Users\Public\RZKCMSV-DECRYPT.txt
2018-11-08 18:40 - 2018-11-08 18:40 - 000008914 _____ C:\Users\MeGret-TPC\Downloads\RZKCMSV-DECRYPT.txt
2018-11-08 18:40 - 2018-11-08 18:40 - 000008914 _____ C:\Users\MeGret-TPC\Documents\RZKCMSV-DECRYPT.txt
2018-11-08 18:40 - 2018-11-08 18:40 - 000008914 _____ C:\Users\MeGret-TPC\AppData\Roaming\Microsoft\Windows\Start Menu\RZKCMSV-DECRYPT.txt
2018-11-08 18:40 - 2018-11-08 18:40 - 000000000 ____D C:\ProgramData\Blogger
2018-11-08 18:38 - 2018-11-08 18:38 - 000008914 _____ C:\Users\MeGret-TPC\AppData\Roaming\RZKCMSV-DECRYPT.txt
2018-11-08 18:38 - 2018-11-08 18:38 - 000008914 _____ C:\Users\MeGret-TPC\AppData\LocalLow\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:38 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\Survarium
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\MeGret-TPC\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\MeGret-TPC\AppData\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\MeGret-TPC\AppData\Local\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\Default\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\Default\Downloads\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\Default\Documents\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\Default\Desktop\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\Default\AppData\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\Default\AppData\Roaming\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\Default\AppData\Local\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\Default User\Downloads\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\Default User\Documents\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\Default User\Desktop\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\Default User\AppData\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\Default User\AppData\Roaming\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Users\Default User\AppData\Local\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Program Files\RZKCMSV-DECRYPT.txt
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ C:\Program Files (x86)\RZKCMSV-DECRYPT.txt
2018-11-08 18:35 - 2018-11-09 20:23 - 000000000 ____D C:\ProgramData\kitot
2018-11-08 18:35 - 2018-11-08 18:35 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2018-11-08 18:35 - 2018-11-08 18:35 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-11-08 18:35 - 2018-11-08 18:35 - 000000000 ____D C:\Program Files\MSBuild
2018-11-08 18:35 - 2018-11-08 18:35 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-11-08 18:35 - 2018-11-08 18:35 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-11-08 18:34 - 2018-11-08 23:21 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\William
2018-11-08 18:34 - 2018-03-05 16:07 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-11-08 18:34 - 2018-03-05 16:07 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-11-08 18:34 - 2018-03-05 16:07 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-11-08 18:34 - 2018-02-14 16:21 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-11-08 18:34 - 2018-02-14 16:21 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-11-08 18:34 - 2018-02-14 16:21 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-11-08 18:11 - 2018-11-08 18:38 - 000000000 ____D C:\Users\MeGret-TPC\AppData\LocalLow\Creepy Jar
2018-11-08 18:02 - 2018-11-08 18:40 - 000000000 ____D C:\Users\MeGret-TPC\Downloads\Green.Hell
2018-11-08 01:37 - 2018-11-08 18:40 - 3971751114 _____ C:\Users\MeGret-TPC\Downloads\Green.Hell.rar.rzkcmsv
2018-11-08 01:34 - 2018-11-08 18:40 - 000667312 _____ C:\Users\MeGret-TPC\Downloads\The.Forest.Steamworks.Fix.V7-REVOLT.rar.rzkcmsv
2018-11-08 01:30 - 2018-11-08 18:40 - 2455714870 _____ C:\Users\MeGret-TPC\Downloads\The.Forest.V0.73b.Steam.Rip.rar.rzkcmsv
2018-11-08 00:58 - 2018-11-08 18:37 - 000000542 _____ C:\Users\MeGret-TPC\AppData\Local\imw.ini.rzkcmsv
2018-11-08 00:58 - 2018-11-08 00:58 - 000003892 _____ C:\WINDOWS\System32\Tasks\{B4B9A496-1465-614B-42E6-E9FACFD9FDCB}
2018-11-08 00:58 - 2018-11-08 00:58 - 000003716 _____ C:\WINDOWS\System32\Tasks\{63FF5D84-F332-3C55-1873-E2C6DE6F96AA}
2018-11-08 00:58 - 2018-11-08 00:58 - 000003504 _____ C:\WINDOWS\System32\Tasks\{36E954AC-8F78-691F-B718-D4CE7E4BCF08}
2018-11-08 00:52 - 2018-11-08 18:40 - 001055148 _____ C:\Users\MeGret-TPC\Downloads\rubinumpatcher_d7927.zip.rzkcmsv
2018-11-03 22:28 - 2018-11-08 18:39 - 000018925 _____ C:\Users\MeGret-TPC\Desktop\avatar-therapy-early-trial-results-very-encouraging-20171123-600x600.jpg.rzkcmsv
2018-11-03 19:45 - 2018-11-08 18:39 - 000000742 _____ C:\Users\MeGret-TPC\Desktop\ARK Survival Of The Fittest.url.rzkcmsv
2018-11-03 19:42 - 2018-11-08 18:40 - 000000000 ____D C:\Users\MeGret-TPC\Desktop\screenshots
2018-11-03 19:23 - 2018-11-08 18:40 - 000000000 ____D C:\Users\MeGret-TPC\Desktop\Nová složka
2018-11-03 18:36 - 2018-11-08 18:40 - 000000000 ___RD C:\Users\MeGret-TPC\Downloads\325289AEDD75.TorrentRTFREE_qtx9tqphctw9r!App
2018-11-03 12:07 - 2018-11-08 18:39 - 000133585 _____ C:\Users\MeGret-TPC\Desktop\bubny.jpg.rzkcmsv
2018-11-03 11:37 - 2018-11-10 16:21 - 000000000 ____D C:\steam
2018-11-03 11:37 - 2018-11-03 11:37 - 000000599 _____ C:\Users\Public\Desktop\Steam.lnk
2018-11-03 11:36 - 2018-11-03 11:36 - 001573568 _____ C:\Users\MeGret-TPC\Downloads\SteamSetup.exe
2018-11-02 16:12 - 2018-11-08 18:40 - 096827379 _____ C:\Users\MeGret-TPC\Downloads\Power Metal Collection Vol.172.aac.rzkcmsv
2018-11-02 16:01 - 2018-11-08 18:40 - 089166651 _____ C:\Users\MeGret-TPC\Downloads\Epic Rock Metal Aggressive Gaming Music __ 2017.aac.rzkcmsv
2018-11-02 15:56 - 2018-11-08 18:40 - 100272106 _____ C:\Users\MeGret-TPC\Downloads\Metal Covers of Popular Songs 2015.aac.rzkcmsv
2018-11-02 15:49 - 2018-11-08 18:40 - 111787356 _____ C:\Users\MeGret-TPC\Downloads\Metal Covers of Popular Songs _ Ultimate Mix.aac.rzkcmsv
2018-11-02 15:33 - 2018-11-08 18:39 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Bigasoft Total Video Converter 5
2018-11-02 15:33 - 2018-11-02 15:33 - 000001306 _____ C:\Users\Public\Desktop\Bigasoft Total Video Converter 5.lnk
2018-11-02 15:33 - 2018-11-02 15:33 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bigasoft
2018-11-02 15:33 - 2018-11-02 15:33 - 000000000 ____D C:\Program Files (x86)\Bigasoft
2018-11-02 15:32 - 2018-11-08 18:40 - 019880832 _____ C:\Users\MeGret-TPC\Downloads\Bigasoft-Total-Video-Converter-5.1.1.6250.rar.rzkcmsv
2018-11-02 13:56 - 2018-11-02 13:56 - 006145289 _____ () C:\Users\MeGret-TPC\Downloads\SlovenčinaAW (1).exe
2018-11-02 13:54 - 2018-11-02 13:55 - 006145289 _____ () C:\Users\MeGret-TPC\Downloads\SlovenčinaAW.exe
2018-11-02 09:41 - 2018-11-02 09:43 - 141060687 _____ (Aslain ) C:\Users\MeGret-TPC\Downloads\Aslains_WoT_Modpack_Installer_v.1.2.0.1_10 (1).exe
2018-11-02 09:30 - 2018-11-02 11:11 - 000000880 _____ C:\Users\MeGret-TPC\Desktop\Aslains WoT Logs Archiver.lnk
2018-11-02 09:24 - 2018-11-02 09:25 - 141060687 _____ (Aslain ) C:\Users\MeGret-TPC\Downloads\Aslains_WoT_Modpack_Installer_v.1.2.0.1_10.exe
2018-10-30 19:11 - 2018-11-10 13:18 - 000000000 ____D C:\Users\MeGret-TPC\Desktop\Camera
2018-10-29 23:30 - 2018-11-08 18:38 - 000000000 ____D C:\Users\MeGret-TPC\AppData\LocalLow\AMD
2018-10-29 23:29 - 2018-10-29 23:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2018-10-29 23:25 - 2018-11-08 18:39 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\ATI
2018-10-29 23:25 - 2018-11-08 18:36 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\ATI
2018-10-29 23:25 - 2018-10-29 23:25 - 000000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml
2018-10-29 23:25 - 2018-10-29 23:25 - 000000000 ____D C:\ProgramData\ATI
2018-10-29 17:42 - 2018-11-08 18:40 - 000000000 ____D C:\Users\MeGret-TPC\Downloads\MediaHuman
2018-10-29 17:40 - 2018-11-08 18:40 - 000000760 _____ C:\Users\MeGret-TPC\Desktop\Visit MediaHuman Website.url.rzkcmsv
2018-10-29 17:40 - 2018-11-08 18:37 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\MediaHuman
2018-10-29 17:40 - 2018-10-29 17:42 - 000001317 _____ C:\Users\MeGret-TPC\Desktop\MediaHuman YouTube to MP3 Converter.lnk
2018-10-29 17:40 - 2018-10-29 17:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaHuman
2018-10-29 17:40 - 2018-10-29 17:40 - 000000000 ____D C:\Program Files (x86)\MediaHuman
2018-10-25 19:50 - 2018-10-25 19:50 - 001587816 _____ (AMD) C:\WINDOWS\system32\coinst_18.40.dll
2018-10-25 19:50 - 2018-10-25 19:50 - 001192032 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2018-10-25 19:50 - 2018-10-25 19:50 - 000178792 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2018-10-25 19:50 - 2018-10-25 19:50 - 000154720 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2018-10-25 19:50 - 2018-10-25 19:50 - 000019392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2018-10-25 19:50 - 2018-10-25 19:50 - 000019392 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2018-10-22 12:32 - 2018-11-08 18:38 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\RadeonSettings
2018-10-19 23:06 - 2018-10-19 23:06 - 000166728 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdihk64.dll
2018-10-19 23:06 - 2018-10-19 23:06 - 000137888 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdihk32.dll
2018-10-19 21:32 - 2018-11-08 18:36 - 000000620 ___SH C:\bootTel.dat.rzkcmsv
2018-10-17 20:15 - 2018-11-08 18:40 - 000000000 ___RD C:\Users\MeGret-TPC\OneDrive
2018-10-15 22:55 - 2018-10-15 22:55 - 000000000 ____D C:\Program Files\Microsoft Office
2018-10-15 22:55 - 2018-10-15 22:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Works
2018-10-15 20:19 - 2018-11-08 18:36 - 000000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2018-10-15 20:19 - 2018-11-08 18:36 - 000000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2018-10-15 20:19 - 2018-10-15 22:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-10-15 20:19 - 2018-10-15 20:19 - 000000000 ____D C:\WINDOWS\PCHEALTH
2018-10-15 20:19 - 2018-10-15 20:19 - 000000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2018-10-14 21:34 - 2018-10-14 21:34 - 000003472 _____ C:\WINDOWS\System32\Tasks\CrystalDiskInfo
2018-10-14 21:33 - 2018-11-08 18:39 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Seznam.cz
2018-10-14 21:33 - 2018-10-20 12:41 - 000000000 ____D C:\Program Files (x86)\Seznam.cz
2018-10-14 21:33 - 2018-10-14 21:33 - 000001229 _____ C:\Users\MeGret-TPC\Desktop\CrystalDiskInfo.lnk
2018-10-14 21:33 - 2018-10-14 21:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2018-10-14 21:33 - 2018-10-14 21:33 - 000000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2018-10-14 18:42 - 2018-10-14 18:46 - 000000000 ____D C:\WINDOWS\AutoKMS
2018-10-14 18:38 - 2018-10-14 18:38 - 000000000 ____D C:\ProgramData\Microsoft Toolkit
2018-10-14 18:32 - 2018-10-14 18:32 - 000000000 ____D C:\Program Files\WinRAR
2018-10-14 18:19 - 2018-09-04 23:36 - 001476904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2018-10-14 12:10 - 2018-11-08 18:36 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\CrashRpt
2018-10-14 10:56 - 2018-10-14 10:56 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Armored Warfare MyCom Beta
2018-10-14 09:24 - 2018-11-08 18:39 - 000000663 _____ C:\Users\MeGret-TPC\Desktop\Armored Warfare.url.rzkcmsv
2018-10-14 09:24 - 2018-11-08 18:36 - 000000000 ____D C:\MyGames
2018-10-14 09:24 - 2018-10-14 09:24 - 000002143 _____ C:\Users\MeGret-TPC\Desktop\GameCenter My.com.lnk
2018-10-14 09:24 - 2018-10-14 09:24 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games
2018-10-14 09:23 - 2018-11-10 14:01 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\GameCenter
2018-10-14 09:23 - 2018-10-14 09:23 - 008769664 _____ C:\Users\MeGret-TPC\ArmoredWarfareMycomLoader_fb3ab908112fbbbacaafe8d75cdbd00d_A_en.exe
2018-10-14 09:04 - 2018-10-29 23:29 - 000003074 _____ C:\WINDOWS\System32\Tasks\StartDVR
2018-10-14 09:04 - 2018-10-25 19:50 - 000067576 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdkmafd.sys
2018-10-14 09:04 - 2018-10-14 09:04 - 000000000 ____D C:\WINDOWS\system32\AMD
2018-10-14 09:04 - 2018-10-14 09:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\##ID_STRING16##
2018-10-14 07:44 - 2018-10-29 23:29 - 000003160 _____ C:\WINDOWS\System32\Tasks\StartCN
2018-10-14 07:44 - 2018-10-14 09:04 - 000000000 ____D C:\Program Files (x86)\AMD
2018-10-14 07:20 - 2018-10-14 07:20 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2018-10-14 07:20 - 2018-10-11 20:41 - 000103928 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdkmpfd.sys
2018-10-14 07:19 - 2018-10-29 23:28 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-10-14 07:18 - 2018-11-08 18:38 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\RadeonInstaller
2018-10-14 07:13 - 2018-10-14 07:16 - 334555304 _____ (AMD Inc.) C:\Users\MeGret-TPC\win10-64bit-radeon-software-adrenalin-edition-18.10.1-oct10.exe
2018-10-14 01:18 - 2018-11-08 18:36 - 000000000 ____D C:\Games
2018-10-14 01:18 - 2018-10-14 01:18 - 000000810 _____ C:\Users\MeGret-TPC\Desktop\World of Tanks.lnk
2018-10-14 01:18 - 2018-10-14 01:18 - 000000000 ___HD C:\WINDOWS\msdownld.tmp
2018-10-14 01:18 - 2018-10-14 01:18 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2018-10-14 01:18 - 2018-10-14 01:18 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
2018-10-14 01:17 - 2018-10-14 01:17 - 004685584 _____ (Wargaming.net ) C:\Users\MeGret-TPC\wot.exe
2018-10-14 01:13 - 2018-10-26 19:58 - 000002261 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-10-14 01:13 - 2018-10-26 19:58 - 000002220 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-10-14 01:12 - 2018-11-08 18:37 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\Google
2018-10-14 01:12 - 2018-10-14 01:13 - 000000000 ____D C:\Program Files (x86)\Google
2018-10-14 01:12 - 2018-10-14 01:12 - 000003472 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-10-14 01:12 - 2018-10-14 01:12 - 000003348 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-10-13 15:47 - 2018-10-13 15:47 - 000000000 ____D C:\Program Files (x86)\ASM106xSATA
2018-10-13 15:44 - 2018-10-13 15:44 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2018-10-13 15:44 - 2018-10-13 15:44 - 000000000 ____D C:\WINDOWS\system32\DAX3
2018-10-13 15:44 - 2018-10-13 15:44 - 000000000 ____D C:\WINDOWS\system32\DAX2
2018-10-13 15:43 - 2017-08-17 15:17 - 003299816 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE2.dll
2018-10-13 15:43 - 2017-08-17 15:17 - 002190984 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll
2018-10-13 15:43 - 2017-08-17 15:17 - 001382232 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2018-10-13 15:43 - 2017-08-17 15:17 - 001337640 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaeapo64.dll
2018-10-13 15:43 - 2017-08-17 15:17 - 000873456 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2018-10-13 15:43 - 2017-08-17 15:17 - 000852136 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tosasfapo64.dll
2018-10-13 15:43 - 2017-08-17 15:17 - 000604800 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaemaxapo64.dll
2018-10-13 15:43 - 2017-08-17 15:17 - 000532376 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2018-10-13 15:43 - 2017-08-17 15:17 - 000447176 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\toseaeapo64.dll
2018-10-13 15:43 - 2017-08-17 15:17 - 000221968 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2018-10-13 15:43 - 2017-08-17 15:17 - 000209536 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2018-10-13 15:43 - 2017-08-17 15:17 - 000166200 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2018-10-13 15:43 - 2017-08-17 15:17 - 000158696 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2018-10-13 15:43 - 2017-08-17 15:17 - 000075536 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 072520712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2018-10-13 15:43 - 2017-08-17 15:16 - 007172912 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 005899752 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2018-10-13 15:43 - 2017-08-17 15:16 - 003677160 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2018-10-13 15:43 - 2017-08-17 15:16 - 003509200 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 003410832 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 003205120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 003122656 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 001435136 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 001348160 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 001016928 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000984912 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000965024 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000877432 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000868176 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000866640 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000737968 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000691680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000526280 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000467152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000387312 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000381408 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000341152 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000341152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000258864 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000231912 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000214832 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000192976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000110976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000090912 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000088344 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000088320 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000083624 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2018-10-13 15:43 - 2017-08-17 15:16 - 000023696 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 007096184 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 006264632 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64AF3.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 005346992 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 003517496 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 003099544 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RltkAPO.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 002444680 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv201.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 001965808 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 001959600 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64AF3.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 001780616 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 001591056 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 001554600 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOProp.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 001508928 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 001326424 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOv251.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 001170872 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOvlldp.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 001159184 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000743960 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000727432 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000708312 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000680544 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundAPO64.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000504304 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000447720 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000445400 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000441264 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000416504 _____ (Harman) C:\WINDOWS\system32\HMUI.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000406456 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2APIPCLL.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000378384 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000366120 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\HMAPO.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000362056 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64AF3.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000360344 _____ (Harman) C:\WINDOWS\system32\HMClariFi.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000327456 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000310424 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64F3.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000272712 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000253896 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000253856 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000252872 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000203840 _____ (Harman) C:\WINDOWS\system32\HMHVS.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000190936 _____ (Harman) C:\WINDOWS\system32\HMEQ_Voice.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000190928 _____ (Harman) C:\WINDOWS\system32\HMEQ.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000179592 _____ (Harman) C:\WINDOWS\system32\HMLimiter.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000154360 _____ (Harman) C:\WINDOWS\system32\HarmanAudioInterface.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000151784 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000134200 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000122320 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000118592 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000105304 _____ C:\WINDOWS\system32\audioLibVc.dll
2018-10-13 15:43 - 2017-08-17 15:15 - 000084616 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2018-10-13 15:43 - 2017-08-16 19:35 - 013213369 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2018-10-13 15:43 - 2017-08-16 19:35 - 005804772 _____ C:\WINDOWS\system32\Drivers\rtvienna.dat
2018-10-13 15:43 - 2017-07-21 10:17 - 002839488 ____R (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2018-10-13 15:42 - 2018-11-08 18:36 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\AMD
2018-10-13 15:40 - 2018-11-10 16:21 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-10-13 15:40 - 2018-11-08 18:36 - 000000000 ____D C:\AMD
2018-10-13 15:35 - 2018-10-13 15:35 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_amdpsp_01011.Wdf
2018-10-13 15:35 - 2017-06-12 04:07 - 000091632 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdumcsp.dll
2018-10-13 15:35 - 2017-06-12 04:07 - 000071664 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdumcsp.dll
2018-10-13 15:35 - 2017-06-12 04:07 - 000026096 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\t-base_client_api.dll
2018-10-13 15:35 - 2017-06-12 04:07 - 000022000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\t-base_client_api.dll
2018-10-13 15:33 - 2018-10-29 23:29 - 000000000 ____D C:\Program Files\AMD
2018-10-13 15:32 - 2018-10-13 15:43 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-10-13 15:32 - 2018-10-13 15:38 - 000000000 ____D C:\Program Files (x86)\Realtek
2018-10-13 15:32 - 2017-06-05 08:20 - 000984032 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2018-10-11 20:41 - 2018-10-25 19:50 - 003712096 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 003471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2018-10-11 20:41 - 2018-10-25 19:50 - 003437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2018-10-11 20:41 - 2018-10-25 19:50 - 003340896 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 001629280 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 001192032 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000920160 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000899920 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2018-10-11 20:41 - 2018-10-25 19:50 - 000899920 _____ C:\WINDOWS\system32\atiapfxx.blb
2018-10-11 20:41 - 2018-10-25 19:50 - 000753256 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2018-10-11 20:41 - 2018-10-25 19:50 - 000750688 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000570992 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Rapidfire64.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000553064 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000544816 _____ C:\WINDOWS\system32\amdmiracast.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000492136 _____ C:\WINDOWS\system32\dgtrayicon.exe
2018-10-11 20:41 - 2018-10-25 19:50 - 000481904 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\Rapidfire.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000476768 _____ C:\WINDOWS\system32\GameManager64.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000468072 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000465504 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000432224 _____ C:\WINDOWS\system32\atieah64.exe
2018-10-11 20:41 - 2018-10-25 19:50 - 000383072 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000381544 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000377448 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000349288 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2018-10-11 20:41 - 2018-10-25 19:50 - 000339552 _____ C:\WINDOWS\system32\clinfo.exe
2018-10-11 20:41 - 2018-10-25 19:50 - 000249440 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000218208 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000199360 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000184424 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000173392 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000169264 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000162912 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000159848 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000153192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000149128 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000144816 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000138344 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000137080 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000137080 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000135776 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000132712 _____ C:\WINDOWS\system32\atidxx64.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000128104 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000125024 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000124552 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000113104 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000113104 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000111712 _____ C:\WINDOWS\SysWOW64\atidxx32.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000108648 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000069736 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000046192 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\RapidFireServer64.dll
2018-10-11 20:41 - 2018-10-25 19:50 - 000043120 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\RapidFireServer.dll
2018-10-11 20:41 - 2018-10-11 20:41 - 001663112 _____ (AMD) C:\WINDOWS\system32\amf-mft-mjpeg-decoder64.dll
2018-10-11 20:41 - 2018-10-11 20:41 - 001629296 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\SETDB6B.tmp
2018-10-11 20:41 - 2018-10-11 20:41 - 001347184 _____ (AMD) C:\WINDOWS\SysWOW64\amf-mft-mjpeg-decoder32.dll
2018-10-11 20:41 - 2018-10-11 20:41 - 000413600 _____ C:\WINDOWS\system32\EEURestart.exe
2018-10-11 20:41 - 2018-10-11 20:41 - 000204952 _____ C:\WINDOWS\SysWOW64\ativvsvl.dat
2018-10-11 20:41 - 2018-10-11 20:41 - 000204952 _____ C:\WINDOWS\system32\ativvsvl.dat
2018-10-11 20:41 - 2018-10-11 20:41 - 000157144 _____ C:\WINDOWS\SysWOW64\ativvsva.dat
2018-10-11 20:41 - 2018-10-11 20:41 - 000157144 _____ C:\WINDOWS\system32\ativvsva.dat
2018-10-11 20:41 - 2018-10-11 20:41 - 000154384 _____ C:\WINDOWS\system32\samu_krnl_ci.sbin
2018-10-11 20:41 - 2018-10-11 20:41 - 000138832 _____ C:\WINDOWS\system32\samu_krnl_isv_ci.sbin
2018-10-11 20:41 - 2018-10-11 20:41 - 000124464 _____ C:\WINDOWS\system32\kapp_ci.sbin
2018-10-11 20:41 - 2018-10-11 20:41 - 000119760 _____ C:\WINDOWS\system32\kapp_si.sbin
2018-10-11 20:41 - 2018-10-11 20:41 - 000090232 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mcl64.dll
2018-10-11 20:41 - 2018-10-11 20:41 - 000074864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mcl32.dll
2018-10-11 20:41 - 2018-10-11 20:41 - 000034450 _____ C:\WINDOWS\system32\AMDKernelEvents.man

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-10 16:21 - 2018-06-10 21:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-10 16:21 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-11-10 16:16 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-10 16:15 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2018-11-10 16:14 - 2018-06-10 21:24 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-10 13:11 - 2018-06-10 21:25 - 000000000 ____D C:\Users\MeGret-TPC
2018-11-10 13:08 - 2018-06-10 21:32 - 001689050 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-10 13:08 - 2018-04-12 16:51 - 000715034 _____ C:\WINDOWS\system32\perfh005.dat
2018-11-10 13:08 - 2018-04-12 16:51 - 000144328 _____ C:\WINDOWS\system32\perfc005.dat
2018-11-10 13:02 - 2017-03-03 15:13 - 000000000 ____D C:\ProgramData\NVIDIA
2018-11-10 11:46 - 2017-11-19 10:19 - 000000000 ___HD C:\Users\MeGret-TPC\MicrosoftEdgeBackups
2018-11-10 11:46 - 2017-03-30 16:39 - 000000000 ____D C:\Users\MeGret-TPC\AppData\LocalLow\Mozilla
2018-11-10 11:19 - 2017-04-19 13:27 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\ElevatedDiagnostics
2018-11-10 09:58 - 2018-06-13 19:04 - 000000000 ____D C:\WINDOWS\Minidump
2018-11-10 00:05 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\registration
2018-11-10 00:04 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-10 00:03 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-09 23:48 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-08 23:21 - 2018-06-10 21:24 - 000425760 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-11-08 23:21 - 2017-03-13 20:45 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\ConnectedDevicesPlatform
2018-11-08 18:40 - 2018-06-10 21:30 - 000000560 ___SH C:\Users\MeGret-TPC\ntuser.ini.rzkcmsv
2018-11-08 18:40 - 2018-04-12 00:38 - 000000000 __RHD C:\Users\Public\Libraries
2018-11-08 18:40 - 2016-11-21 05:46 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-11-08 18:39 - 2018-08-11 14:21 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\SpaceEngineers
2018-11-08 18:39 - 2018-02-17 20:28 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Battle.net
2018-11-08 18:39 - 2017-12-23 22:18 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\TS3Client
2018-11-08 18:39 - 2017-11-19 19:25 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Creative
2018-11-08 18:39 - 2017-10-10 20:08 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Sun
2018-11-08 18:39 - 2017-10-10 20:08 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\.minecraft
2018-11-08 18:39 - 2017-09-08 17:24 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\calibre
2018-11-08 18:39 - 2017-08-16 19:04 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Ashampoo
2018-11-08 18:39 - 2017-06-25 22:59 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\vlc
2018-11-08 18:39 - 2017-06-10 09:02 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Macromedia
2018-11-08 18:39 - 2017-05-21 20:22 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\WinRAR
2018-11-08 18:39 - 2017-04-19 13:28 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Samsung
2018-11-08 18:39 - 2017-03-30 16:39 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Mozilla
2018-11-08 18:39 - 2017-03-12 14:42 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\NVIDIA
2018-11-08 18:39 - 2017-03-03 15:55 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Wargaming.net
2018-11-08 18:39 - 2017-03-03 15:46 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\SplitmediaLabs
2018-11-08 18:39 - 2017-03-03 15:24 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Skype
2018-11-08 18:39 - 2017-03-03 15:22 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Adobe
2018-11-08 18:38 - 2018-09-14 06:49 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\OneDrive
2018-11-08 18:38 - 2018-08-11 09:35 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\Steam
2018-11-08 18:38 - 2018-02-17 22:44 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\PlaceholderTileLogoFolder
2018-11-08 18:38 - 2017-12-23 22:18 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\TeamSpeak 3 Client
2018-11-08 18:38 - 2017-11-19 10:13 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\Packages
2018-11-08 18:38 - 2017-10-19 18:09 - 000000000 ____D C:\Users\MeGret-TPC\AppData\LocalLow\Oracle
2018-11-08 18:38 - 2017-10-10 20:08 - 000000000 ____D C:\Users\MeGret-TPC\AppData\LocalLow\Sun
2018-11-08 18:38 - 2017-08-19 07:48 - 000008145 _____ C:\Users\MeGret-TPC\AppData\Local\Resmon.ResmonCfg.rzkcmsv
2018-11-08 18:38 - 2017-05-26 16:25 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\UNP
2018-11-08 18:38 - 2017-04-27 10:42 - 000000000 ____D C:\Users\MeGret-TPC\AppData\LocalLow\Adobe
2018-11-08 18:38 - 2017-03-30 16:39 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\Mozilla
2018-11-08 18:38 - 2017-03-25 18:58 - 000000000 ____D C:\Users\MeGret-TPC\AppData\LocalLow\Temp
2018-11-08 18:38 - 2017-03-13 20:18 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\PeerDistRepub
2018-11-08 18:38 - 2017-03-03 15:45 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\NVIDIA Corporation
2018-11-08 18:38 - 2017-03-03 15:45 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\NVIDIA
2018-11-08 18:38 - 2017-03-03 15:22 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\VirtualStore
2018-11-08 18:38 - 2017-03-03 15:22 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\TileDataLayer
2018-11-08 18:38 - 2017-03-03 15:22 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\Publishers
2018-11-08 18:37 - 2017-06-15 18:38 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\Microsoft Help
2018-11-08 18:37 - 2017-03-04 22:43 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\MicrosoftEdge
2018-11-08 18:36 - 2018-08-11 14:21 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\GameAnalytics
2018-11-08 18:36 - 2018-07-17 23:22 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\D3DSCache
2018-11-08 18:36 - 2018-04-12 00:38 - 000000000 ____D C:\PerfLogs
2018-11-08 18:36 - 2018-02-17 20:28 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\Battle.net
2018-11-08 18:36 - 2017-12-01 18:43 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\Blizzard
2018-11-08 18:36 - 2017-09-30 15:04 - 000092548 _____ C:\Users\MeGret-TPC\AppData\Local\GDIPFONTCACHEV1.DAT.rzkcmsv
2018-11-08 18:36 - 2017-09-08 17:28 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\calibre-cache
2018-11-08 18:36 - 2017-08-21 19:32 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\AdFender
2018-11-08 18:36 - 2017-08-16 19:03 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\ashampoo
2018-11-08 18:36 - 2017-07-01 16:42 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\DBG
2018-11-08 18:36 - 2017-06-15 18:38 - 000000000 __RHD C:\MSOCache
2018-11-08 18:36 - 2017-04-27 10:42 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\Adobe
2018-11-08 18:36 - 2017-04-24 18:35 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\Blizzard Entertainment
2018-11-08 18:36 - 2017-03-13 20:45 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\Comms
2018-11-08 18:36 - 2017-03-03 15:56 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Local\CEF
2018-11-08 18:35 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2018-11-08 18:35 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\MUI
2018-11-03 23:42 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-11-03 23:42 - 2017-03-03 15:43 - 000000000 ____D C:\ProgramData\Package Cache
2018-11-03 19:45 - 2018-08-11 10:38 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-10-23 23:43 - 2018-07-13 16:31 - 000000000 ____D C:\ProgramData\Packages
2018-10-23 21:12 - 2018-03-01 15:05 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-10-19 21:50 - 2015-07-10 12:04 - 000000167 _____ C:\WINDOWS\win.ini
2018-10-17 20:24 - 2017-03-04 23:13 - 000559880 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-10-17 20:15 - 2018-06-10 21:30 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-819675408-2753461327-3771956256-1001
2018-10-17 20:15 - 2018-06-10 21:25 - 000002437 _____ C:\Users\MeGret-TPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-10-14 18:46 - 2018-06-10 21:30 - 000004644 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-10-14 18:46 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-10-14 18:46 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-10-14 18:32 - 2017-05-21 20:22 - 000000000 ____D C:\Users\MeGret-TPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-10-14 18:32 - 2017-05-21 20:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-10-14 01:07 - 2017-03-04 23:11 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-10-14 01:06 - 2017-03-04 23:11 - 136745976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-10-13 18:59 - 2017-11-19 10:13 - 000061256 _____ C:\WINDOWS\system32\BMXState-{00000008-00000000-00000005-00001102-00000005-00231102}.rfx
2018-10-13 18:59 - 2017-11-19 10:13 - 000000788 _____ C:\WINDOWS\system32\DVCState-{00000008-00000000-00000005-00001102-00000005-00231102}.rfx
2018-10-13 18:59 - 2017-07-01 16:33 - 000061256 _____ C:\WINDOWS\system32\BMXStateBkp-{00000008-00000000-00000005-00001102-00000005-00231102}.rfx
2018-10-13 18:58 - 2017-10-14 19:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2018-10-13 18:57 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\windows nt
2018-10-13 18:57 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\Common Files\system
2018-10-13 18:54 - 2018-08-11 09:33 - 000000000 ____D C:\Program Files (x86)\Steam
2018-10-13 18:54 - 2017-07-01 16:33 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-10-13 18:54 - 2017-03-30 21:12 - 000000000 ____D C:\Program Files (x86)\Creative
2018-10-13 18:43 - 2018-06-10 21:30 - 000002562 _____ C:\WINDOWS\diagwrn.xml
2018-10-13 18:43 - 2018-06-10 21:30 - 000001908 _____ C:\WINDOWS\diagerr.xml
2018-10-13 15:44 - 2017-07-01 16:33 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-10-13 15:44 - 2017-03-03 15:31 - 000000000 ___HD C:\Program Files (x86)\Temp
2018-10-13 15:29 - 2018-04-11 22:04 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-10-11 20:41 - 2017-05-16 17:06 - 001629296 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\SET11C1.tmp

==================== Files in the root of some directories =======

2018-10-14 09:23 - 2018-10-14 09:23 - 008769664 _____ () C:\Users\MeGret-TPC\ArmoredWarfareMycomLoader_fb3ab908112fbbbacaafe8d75cdbd00d_A_en.exe
2018-04-12 00:34 - 2018-04-12 00:34 - 000059904 ____N (Microsoft Corporation) C:\Users\MeGret-TPC\deiefECnJ.exe
2018-10-14 07:13 - 2018-10-14 07:16 - 334555304 _____ (AMD Inc.) C:\Users\MeGret-TPC\win10-64bit-radeon-software-adrenalin-edition-18.10.1-oct10.exe
2018-10-14 01:17 - 2018-10-14 01:17 - 004685584 _____ (Wargaming.net ) C:\Users\MeGret-TPC\wot.exe
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ () C:\Program Files\RZKCMSV-DECRYPT.txt
2018-04-12 00:34 - 2018-04-12 00:34 - 000178688 ____N (Microsoft Corporation) C:\Program Files (x86)\IfeuDZEaOEUA.exe
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ () C:\Program Files (x86)\RZKCMSV-DECRYPT.txt
2018-11-08 18:38 - 2018-11-08 18:38 - 000008914 _____ () C:\Users\MeGret-TPC\AppData\Roaming\RZKCMSV-DECRYPT.txt
2018-11-08 18:39 - 2018-11-08 18:39 - 000008914 _____ () C:\Users\MeGret-TPC\AppData\Roaming\Microsoft\RZKCMSV-DECRYPT.txt
2018-11-09 19:54 - 2018-11-09 19:55 - 006066688 _____ () C:\Users\MeGret-TPC\AppData\Local\dump007.dat
2018-11-08 00:58 - 2018-11-08 18:37 - 000000542 _____ () C:\Users\MeGret-TPC\AppData\Local\imw.ini.rzkcmsv
2018-04-12 00:34 - 2018-04-12 00:34 - 000059904 ____N (Microsoft Corporation) C:\Users\MeGret-TPC\AppData\Local\kAyeMDseXh.exe
2017-08-19 07:48 - 2018-11-08 18:38 - 000008145 _____ () C:\Users\MeGret-TPC\AppData\Local\Resmon.ResmonCfg.rzkcmsv
2018-11-08 18:36 - 2018-11-08 18:36 - 000008914 _____ () C:\Users\MeGret-TPC\AppData\Local\RZKCMSV-DECRYPT.txt

Some files in TEMP:
====================
2018-11-08 18:36 - 2018-11-08 18:36 - 002575888 _____ () C:\Users\MeGret-TPC\AppData\Local\Temp\867184789.exe
2018-11-08 18:36 - 2018-11-08 18:36 - 000003072 _____ () C:\Users\MeGret-TPC\AppData\Local\Temp\921123295.exe
2018-11-08 18:34 - 2018-11-08 18:34 - 000101888 _____ () C:\Users\MeGret-TPC\AppData\Local\Temp\Heart.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


safeboot: Minimal => The system is configured to boot to Safe Mode <==== ATTENTION

LastRegBack: 2018-06-10 21:23

==================== End of FRST.txt ============================
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz