VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Kontrola logu

https://forum.viry.cz:443/viewtopic.php?t=155233

Stránka 1 z 1

Kontrola logu

Napsal: 30 lis 2018 18:45
od Janík
Poprosim o kontrolu. Ďakujem.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29.11.2018 01
Ran by Kuko (administrator) on DESKTOP-1T8OR3O (30-11-2018 18:35:37)
Running from C:\Users\Kuko\Desktop
Loaded Profiles: Kuko (Available Profiles: Kuko)
Platform: Windows 10 Pro Version 1809 17763.134 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe
(COMODO) C:\Program Files (x86)\Comodo\COMODO Secure Shopping\csssrv64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\SecurityHealthSystray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Microsoft Corporation) C:\Windows\System32\CompPkgSrv.exe
(Microsoft Corporation) C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe
(mgierw) F:\Stahuj\zz__UnPack\Skuska\FarmHelper3\FarmHelper3.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\WINDOWS\system32\SecurityHealthSystray.exe [83968 2018-09-15] (Microsoft Corporation)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1598144 2018-10-29] (COMODO)
HKLM-x32\...\Run: [vdcss] => C:\Program Files (x86)\COMODO\COMODO Secure Shopping\vdcss.exe [8511152 2018-03-06] (COMODO)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [4072376 2018-01-17] (COMODO)
HKLM-x32\...\Run: [RoccatKoneXTD] => C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE [552960 2014-10-19] (ROCCAT GmbH)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Corporation)
HKU\S-1-5-21-3558140580-3056915041-1531952502-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [8907184 2018-11-14] (SUPERAntiSpyware)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{74cd4349-00d5-4099-8573-466211a98d10}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: IeUrlFilter Class -> {2DD257A3-5028-41AE-A1E7-A12F76A08893} -> C:\Program Files (x86)\COMODO\COMODO Secure Shopping\cssbho64.dll [2018-03-06] (COMODO)
BHO-x32: IeUrlFilter Class -> {2DD257A3-5028-41AE-A1E7-A12F76A08893} -> C:\Program Files (x86)\COMODO\COMODO Secure Shopping\cssbho32.dll [2018-03-06] (COMODO)
DPF: HKLM-x32 {62789780-B744-11D0-986B-00609731A21D} hxxps://mapa.katasterportal.sk/kapor2/lib/mgaxctrl.cab

Edge:
======
Edge Extension: (BookReader) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets [2018-09-15]
Edge Extension: (PinJSAPI) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [2018-09-15]

FireFox:
========
FF DefaultProfile: 0i1ky2ti.default
FF ProfilePath: C:\Users\Kuko\AppData\Roaming\Mozilla\Firefox\Profiles\0i1ky2ti.default [2018-11-30]
FF Homepage: Mozilla\Firefox\Profiles\0i1ky2ti.default -> hxxps://www.google.com/webhp?tab=Tw
FF Extension: (Facebook Container) - C:\Users\Kuko\AppData\Roaming\Mozilla\Firefox\Profiles\0i1ky2ti.default\Extensions\@contain-facebook.xpi [2018-11-17]
FF Extension: (Firefox Multi-Account Containers) - C:\Users\Kuko\AppData\Roaming\Mozilla\Firefox\Profiles\0i1ky2ti.default\Extensions\@testpilot-containers.xpi [2018-06-06]
FF Extension: (Classic Theme Restorer) - C:\Users\Kuko\AppData\Roaming\Mozilla\Firefox\Profiles\0i1ky2ti.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2017-11-14] [Legacy]
FF Extension: (Youtube to MP3 Plugin) - C:\Users\Kuko\AppData\Roaming\Mozilla\Firefox\Profiles\0i1ky2ti.default\Extensions\flv2mp3@hotger.com.xpi [2017-11-17]
FF Extension: (LCD Clock) - C:\Users\Kuko\AppData\Roaming\Mozilla\Firefox\Profiles\0i1ky2ti.default\Extensions\lcdclock_boller@gmail.com.xpi [2017-09-01] [Legacy]
FF Extension: (uMatrix) - C:\Users\Kuko\AppData\Roaming\Mozilla\Firefox\Profiles\0i1ky2ti.default\Extensions\uMatrix@raymondhill.net.xpi [2018-08-27]
FF Extension: (Download Status Bar) - C:\Users\Kuko\AppData\Roaming\Mozilla\Firefox\Profiles\0i1ky2ti.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2017-09-01] [Legacy]
FF Extension: (NoScript) - C:\Users\Kuko\AppData\Roaming\Mozilla\Firefox\Profiles\0i1ky2ti.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-11-26]
FF Extension: (Vývojová verzia Adblock Plus) - C:\Users\Kuko\AppData\Roaming\Mozilla\Firefox\Profiles\0i1ky2ti.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-11-14]
FF Extension: (Extended Statusbar) - C:\Users\Kuko\AppData\Roaming\Mozilla\Firefox\Profiles\0i1ky2ti.default\Extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}.xpi [2017-09-01] [Legacy]
FF Extension: (Greasemonkey) - C:\Users\Kuko\AppData\Roaming\Mozilla\Firefox\Profiles\0i1ky2ti.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-08-28]
FF ProfilePath: C:\Users\Kuko\AppData\Roaming\Comodo\CSS\User Data-firefox1 [2018-11-25]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_148.dll [2018-11-18] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_148.dll [2018-11-18] ()

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
R2 BrokerInfrastructure; C:\WINDOWS\System32\psmsrv.dll [241664 2018-11-13] (Microsoft Corporation)
S3 cbdhsvc; C:\WINDOWS\System32\cbdhsvc.dll [961024 2018-09-15] (Microsoft Corporation)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [10747264 2018-10-29] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2018-10-29] (COMODO)
S3 ConsentUxUserSvc; C:\WINDOWS\System32\ConsentUxClient.dll [157696 2018-09-15] (Microsoft Corporation)
R2 csssrv; C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe [4199088 2018-03-06] (COMODO)
S3 DisplayEnhancementService; C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll [914944 2018-09-15] (Microsoft Corporation)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [3065608 2018-10-17] (Comodo)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [1199544 2018-01-17] (COMODO)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2158912 2018-04-10] (Electronic Arts)
S3 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3028808 2018-04-10] (Electronic Arts)
S3 perceptionsimulation; C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe [78848 2018-09-15] (Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5381624 2018-09-15] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [384512 2018-09-15] ()
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [41952 2016-10-27] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-09-04] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-09-04] (Microsoft Corporation)
S3 WManSvc; C:\WINDOWS\system32\Windows.Management.Service.dll [370176 2018-09-15] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110096 2016-04-18] (Advanced Micro Devices)
R1 BasicDisplay; C:\WINDOWS\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_5103ac179273be89\BasicDisplay.sys [68096 2018-09-15] (Microsoft Corporation)
R1 BasicRender; C:\WINDOWS\System32\DriverStore\FileRepository\basicrender.inf_amd64_0b8d03c3bc0e7fd9\BasicRender.sys [37376 2018-09-15] (Microsoft Corporation)
S3 BthMini; C:\WINDOWS\System32\drivers\BTHMINI.sys [34816 2018-09-15] (Microsoft Corporation)
S0 cmdboot; C:\WINDOWS\System32\DRIVERS\cmdboot.sys [17944 2018-05-23] (COMODO)
R1 cmdcss; C:\WINDOWS\system32\drivers\cmdcss.sys [125000 2018-02-28] (COMODO)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [44056 2018-05-23] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [832032 2018-05-23] (COMODO)
R1 cmdhlp; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [50768 2018-05-23] (COMODO)
S3 hidspi; C:\WINDOWS\System32\drivers\hidspi.sys [60928 2018-09-15] (Microsoft Corporation)
S3 iaLPSS2i_GPIO2_CNL; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_CNL.sys [112128 2018-09-15] (Intel Corporation)
S3 iaLPSS2i_GPIO2_GLK; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_GLK.sys [96256 2018-09-15] (Intel Corporation)
S3 iaLPSS2i_I2C_CNL; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_CNL.sys [180736 2018-09-15] (Intel Corporation)
S3 iaLPSS2i_I2C_GLK; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_GLK.sys [177664 2018-09-15] (Intel Corporation)
R1 inspect; C:\WINDOWS\system32\DRIVERS\inspect.sys [134400 2018-05-23] (COMODO)
R1 isedrv; C:\WINDOWS\system32\drivers\isedrv.sys [63200 2017-12-13] (COMODO)
S3 MbbCx; C:\WINDOWS\System32\drivers\MbbCx.sys [290816 2018-09-15] (Microsoft Corporation)
S3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys [53760 2018-09-15] (Microsoft Corporation)
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
S3 PktMon; C:\WINDOWS\System32\drivers\PktMon.sys [85504 2018-09-15] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [605696 2018-09-15] (Realtek )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 SmartSAMD; C:\WINDOWS\System32\drivers\SmartSAMD.sys [219960 2018-09-15] (Microsemi Corportation)
S3 UcmUcsiAcpiClient; C:\WINDOWS\System32\drivers\UcmUcsiAcpiClient.sys [31232 2018-09-15] (Microsoft Corporation)
S3 UcmUcsiCx0101; C:\WINDOWS\System32\Drivers\UcmUcsiCx.sys [99840 2018-09-15] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46584 2018-09-04] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [340008 2018-09-04] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-09-04] (Microsoft Corporation)
R3 WinQuic; C:\WINDOWS\System32\drivers\winquic.sys [156984 2018-09-15] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: WManSvc -> C:\Windows\system32\Windows.Management.Service.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-30 18:35 - 2018-11-30 18:36 - 000014686 _____ C:\Users\Kuko\Desktop\FRST.txt
2018-11-30 18:35 - 2018-11-30 18:35 - 000000000 ____D C:\FRST
2018-11-30 18:34 - 2018-11-30 18:34 - 002417152 _____ (Farbar) C:\Users\Kuko\Desktop\FRST64.exe
2018-11-25 22:19 - 2018-11-27 08:00 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-11-25 22:19 - 2018-11-26 09:54 - 000000540 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 5749c466-8ede-4f41-948a-25ab6b4d890c.job
2018-11-25 22:19 - 2018-11-26 09:54 - 000000540 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 448778f3-c24f-4e46-9578-4cdfd8d3064c.job
2018-11-25 22:19 - 2018-11-25 22:19 - 000003778 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 5749c466-8ede-4f41-948a-25ab6b4d890c
2018-11-25 22:19 - 2018-11-25 22:19 - 000003696 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 448778f3-c24f-4e46-9578-4cdfd8d3064c
2018-11-25 22:19 - 2018-11-25 22:19 - 000001849 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2018-11-25 22:19 - 2018-11-25 22:19 - 000000000 ____D C:\Users\Kuko\AppData\Roaming\SUPERAntiSpyware.com
2018-11-25 22:19 - 2018-11-25 22:19 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2018-11-25 22:19 - 2018-11-25 22:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2018-11-23 20:50 - 2018-11-30 16:17 - 000047488 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2018-11-23 20:50 - 2018-11-23 20:50 - 000000000 ___HD C:\VTRoot
2018-11-23 20:24 - 2018-11-27 23:24 - 001474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2018-11-23 20:24 - 2018-11-23 20:24 - 000000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2018-11-23 20:24 - 2018-11-23 20:24 - 000000000 ____D C:\ProgramData\Shared Space
2018-11-23 20:24 - 2018-11-23 20:24 - 000000000 ____D C:\Program Files\COMODO
2018-11-23 20:24 - 2018-05-23 05:06 - 000017944 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdboot.sys
2018-11-23 20:21 - 2018-11-23 20:21 - 000000758 _____ C:\WINDOWS\SysWOW64\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
2018-11-23 20:21 - 2018-11-23 20:21 - 000000000 _____ C:\WINDOWS\System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
2018-11-13 23:35 - 2018-11-13 23:35 - 024616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-11-13 23:35 - 2018-11-13 23:35 - 020808704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-11-13 23:35 - 2018-11-13 23:35 - 019284480 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2018-11-13 23:35 - 2018-11-13 23:35 - 019024384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-11-13 23:35 - 2018-11-13 23:35 - 006059008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-11-13 23:35 - 2018-11-13 23:35 - 005440016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-11-13 23:35 - 2018-11-13 23:35 - 004488192 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-11-13 23:35 - 2018-11-13 23:35 - 003550592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-11-13 23:35 - 2018-11-13 23:35 - 003442176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-11-13 23:35 - 2018-11-13 23:35 - 002985328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-11-13 23:35 - 2018-11-13 23:35 - 002469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-11-13 23:35 - 2018-11-13 23:35 - 002429752 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-11-13 23:35 - 2018-11-13 23:35 - 002323696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-11-13 23:35 - 2018-11-13 23:35 - 002278240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-11-13 23:35 - 2018-11-13 23:35 - 002160160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2018-11-13 23:35 - 2018-11-13 23:35 - 001289400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-11-13 23:35 - 2018-11-13 23:35 - 001200920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-11-13 23:35 - 2018-11-13 23:35 - 001024920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-11-13 23:35 - 2018-11-13 23:35 - 000833536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-11-13 23:35 - 2018-11-13 23:35 - 000829440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-11-13 23:35 - 2018-11-13 23:35 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-11-13 23:35 - 2018-11-13 23:35 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-11-13 23:35 - 2018-11-13 23:35 - 000654848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-11-13 23:35 - 2018-11-13 23:35 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 026804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 023440384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 009696264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-11-13 23:34 - 2018-11-13 23:34 - 007857152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 007645392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 006543224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 004886016 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 004588752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-11-13 23:34 - 2018-11-13 23:34 - 004245280 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-11-13 23:34 - 2018-11-13 23:34 - 003981312 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 003951192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 003744256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 003730352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-11-13 23:34 - 2018-11-13 23:34 - 003662336 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-11-13 23:34 - 2018-11-13 23:34 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 003379216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-11-13 23:34 - 2018-11-13 23:34 - 003337800 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 002988544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 002879488 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 002721792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-11-13 23:34 - 2018-11-13 23:34 - 002702536 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 002689024 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 002617856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 002594872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 002488320 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-11-13 23:34 - 2018-11-13 23:34 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 002186752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 002185728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 002085168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 002072384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 001975296 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 001903616 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 001899160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 001843432 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 001824768 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 001751080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 001749504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 001715200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 001671680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 001641608 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 001612808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 001602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 001476096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 001462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 001456720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 001402408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 001395248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 001391096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2018-11-13 23:34 - 2018-11-13 23:34 - 001388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 001387496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 001331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 001279000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2018-11-13 23:34 - 2018-11-13 23:34 - 001255736 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-11-13 23:34 - 2018-11-13 23:34 - 001254912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 001221528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-11-13 23:34 - 2018-11-13 23:34 - 001212416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 001181824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 001097312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 001064248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2018-11-13 23:34 - 2018-11-13 23:34 - 001053352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-11-13 23:34 - 2018-11-13 23:34 - 001050936 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-11-13 23:34 - 2018-11-13 23:34 - 001048576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 001026992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000918304 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000901632 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000883200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000828936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000818832 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.applicationmodel.datatransfer.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000783696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000744960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000743432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000667152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\computecore.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000649736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000604336 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-11-13 23:34 - 2018-11-13 23:34 - 000604248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.applicationmodel.datatransfer.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000582248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-11-13 23:34 - 2018-11-13 23:34 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000531976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000506392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000495624 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000402568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000398400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000383288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-11-13 23:34 - 2018-11-13 23:34 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000373768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coml2.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000298488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-11-13 23:34 - 2018-11-13 23:34 - 000275768 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000193032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-11-13 23:34 - 2018-11-13 23:34 - 000175096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2018-11-13 23:34 - 2018-11-13 23:34 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2018-11-13 23:34 - 2018-11-13 23:34 - 000152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManMigrationPlugin.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2018-11-13 23:34 - 2018-11-13 23:34 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2018-11-13 23:34 - 2018-11-13 23:34 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-11-13 23:34 - 2018-11-13 23:34 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-11-04 22:27 - 2018-11-04 22:27 - 000000000 ____D C:\Users\Kuko\AppData\Local\mbam
2018-11-04 22:26 - 2018-11-04 23:29 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-11-04 22:26 - 2018-11-04 22:26 - 000000000 ____D C:\Users\Kuko\AppData\Local\mbamtray
2018-11-04 22:26 - 2018-11-04 22:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-11-03 03:14 - 2018-11-25 09:58 - 000001422 _____ C:\Users\Kuko\Desktop\FarmHelper3 – odkaz.lnk
2018-11-02 22:58 - 2018-11-24 08:44 - 000004598 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-11-02 21:51 - 2018-11-03 02:21 - 000000000 ____D C:\Users\Kuko\AppData\Roaming\FarmHelper

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-30 18:14 - 2018-10-03 12:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-30 16:33 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-30 11:11 - 2018-10-03 12:09 - 001245922 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-30 11:11 - 2018-09-15 08:31 - 000000000 ____D C:\WINDOWS\INF
2018-11-30 11:11 - 2018-04-14 11:16 - 000319624 _____ C:\WINDOWS\system32\perfh01B.dat
2018-11-30 11:11 - 2018-04-14 11:16 - 000095926 _____ C:\WINDOWS\system32\perfc01B.dat
2018-11-30 11:07 - 2017-09-01 12:48 - 000000000 ____D C:\Users\Kuko\AppData\LocalLow\Mozilla
2018-11-30 11:04 - 2018-10-03 12:07 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-30 03:06 - 2018-09-15 07:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-11-29 13:58 - 2018-04-24 20:28 - 000000000 ____D C:\Users\Kuko\AppData\Roaming\MPC-HC
2018-11-29 12:03 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-29 12:03 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-27 23:14 - 2018-04-02 17:21 - 000000000 ____D C:\Users\Kuko\AppData\Local\PlaceholderTileLogoFolder
2018-11-25 21:29 - 2017-09-01 16:21 - 000000000 ____D C:\Users\Kuko\AppData\Roaming\Comodo
2018-11-25 20:49 - 2017-09-01 16:10 - 000000000 ____D C:\ProgramData\Comodo
2018-11-25 20:42 - 2017-09-02 11:39 - 000001120 _____ C:\Users\Kuko\Desktop\Total Commander.lnk
2018-11-25 10:55 - 2018-09-15 08:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-25 10:48 - 2018-09-15 07:09 - 000000000 ____D C:\WINDOWS\servicing
2018-11-25 10:17 - 2017-09-01 11:57 - 000000000 ____D C:\Users\Kuko\AppData\Roaming\vlc
2018-11-24 08:44 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-11-24 08:44 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-11-24 08:44 - 2017-09-10 09:21 - 000000000 ____D C:\Users\Kuko\AppData\Local\Adobe
2018-11-23 20:34 - 2017-09-01 16:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2018-11-23 20:24 - 2018-09-15 08:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-11-23 20:21 - 2017-09-01 12:21 - 000559880 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-11-23 20:18 - 2018-10-20 22:26 - 000000000 ____D C:\ProgramData\Comodo Downloader
2018-11-23 20:06 - 2018-10-03 11:42 - 000000000 ____D C:\Users\Kuko
2018-11-21 15:13 - 2018-09-15 08:36 - 000834960 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-11-21 15:13 - 2018-09-15 08:36 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-18 20:16 - 2017-09-14 18:20 - 000000000 ____D C:\Program Files (x86)\Steam
2018-11-18 09:29 - 2018-10-03 12:07 - 000004586 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-11-17 09:51 - 2017-09-01 12:48 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-11-17 09:51 - 2017-09-01 12:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-17 01:07 - 2017-09-01 12:48 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-11-14 10:47 - 2018-10-03 12:00 - 000281744 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-11-14 02:13 - 2018-09-15 17:24 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-11-14 02:13 - 2018-09-15 17:24 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-11-14 02:13 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-11-14 02:13 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-11-13 23:28 - 2017-09-01 12:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-11-13 23:25 - 2017-09-01 12:19 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-11-10 23:25 - 2018-10-03 12:07 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update

==================== Files in the root of some directories =======

2017-11-01 14:31 - 2018-07-25 23:58 - 000007639 _____ () C:\Users\Kuko\AppData\Local\Resmon.ResmonCfg
2017-09-03 13:58 - 2017-09-03 14:06 - 000032038 _____ () C:\Users\Kuko\AppData\Local\SquareClock.Production_Home_Siko_WebIcon.ico

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29.11.2018 01
Ran by Kuko (30-11-2018 18:37:08)
Running from C:\Users\Kuko\Desktop
Windows 10 Pro Version 1809 17763.134 (X64) (2018-10-03 11:07:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3558140580-3056915041-1531952502-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3558140580-3056915041-1531952502-503 - Limited - Disabled)
Guest (S-1-5-21-3558140580-3056915041-1531952502-501 - Limited - Disabled)
Kuko (S-1-5-21-3558140580-3056915041-1531952502-1001 - Administrator - Enabled) => C:\Users\Kuko
WDAGUtilityAccount (S-1-5-21-3558140580-3056915041-1531952502-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Enabled - Up to date) {08B84BA8-CC77-5A8B-A100-3F522B1B6106}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Advanced Protection (Enabled - Up to date) {B3D9AA4C-EA4D-5505-9BB0-0420509C2BBB}
FW: COMODO Firewall (Enabled) {3083CA8D-8618-5BD3-8A5F-9667D5C8267D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.148 - Adobe Systems Incorporated)
Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
Advanced Mouse Clicker 4.1.3.6 (HKLM-x32\...\{CF055AF5-2B81-419B-8BD9-5C8250100692}_is1) (Version: - Robot-Soft.com, Inc.)
AlienFX for KoneXTD (HKLM\...\{48725548-E470-4816-99DD-6667EABAB982}) (Version: 1.02 - Roccat GmbH) Hidden
AlienFX for KoneXTD (HKLM-x32\...\InstallShield_{48725548-E470-4816-99DD-6667EABAB982}) (Version: 1.02 - Roccat GmbH)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
ArcSoft TotalMedia 3.5 (HKLM-x32\...\{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}) (Version: 3.5.7.307 - ArcSoft)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 69.0.3497.81 - Comodo)
COMODO Internet Security Premium (HKLM\...\{785D9670-B355-487D-8B6A-6B28490AF489}) (Version: 11.0.0.6728 - COMODO Security Solutions Inc.) Hidden
COMODO Internet Security Premium (HKLM\...\COMODO Internet Security) (Version: 11.0.0.6728 - COMODO Security Solutions Inc.)
COMODO Secure Shopping (HKLM-x32\...\{D15DF9B0-3A98-4BEF-B7D5-FC3AEA442656}) (Version: 1.3.138.0 - COMODO) Hidden
COMODO Secure Shopping (HKLM-x32\...\Comodo Secure_Shopping_list_uninstall) (Version: 1.3.442656.138 - Comodo)
Cossacks 3 (HKLM-x32\...\1797227701_is1) (Version: 2.2.2.92.5963 - GOG.com)
Cossacks 3: Days of Brilliance (HKLM-x32\...\2058625388_is1) (Version: 2.2.3.92.6008 - GOG.com)
Cossacks 3: Digital Deluxe Upgrade (HKLM-x32\...\1945153467_is1) (Version: 2.2.3.92.6008 - GOG.com)
Cossacks 3: Early Bird (HKLM-x32\...\1282435442_is1) (Version: 2.2.3.92.6008 - GOG.com)
Cossacks 3: Guardians of the Highlands (HKLM-x32\...\1483750963_is1) (Version: 2.2.3.92.6008 - GOG.com)
Cossacks 3: Path to Grandeur (HKLM-x32\...\1365995253_is1) (Version: 2.2.3.92.6008 - GOG.com)
Cossacks 3: Rise to Glory (HKLM-x32\...\1830579185_is1) (Version: 2.2.3.92.6008 - GOG.com)
Cossacks 3: The Golden Age (HKLM-x32\...\1318550073_is1) (Version: 2.2.3.92.6008 - GOG.com)
High-Definition Video Playback (HKLM-x32\...\{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}) (Version: 7.3.10800.5.0 - Nero AG) Hidden
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.3.438464.135 - Comodo)
Kingston SSD Manager version 1.1.0.5 (HKLM-x32\...\{9A5DD901-0B98-4F2B-9421-B5975014184F}_is1) (Version: 1.1.0.5 - Kingston Digital, Inc)
League Displays (HKLM-x32\...\LolScreenSaver) (Version: W1.0.913-beta - Riot Games)
League of Legends (HKLM-x32\...\{6FEDADF5-40EC-4E18-A376-0FDBACE65338}) (Version: 4.2.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
Malwarebytes verzia 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 63.0.3 (x64 sk) (HKLM\...\Mozilla Firefox 63.0.3 (x64 sk)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.4 - Mozilla)
MPC-HC 1.7.11 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.11 - MPC-HC Team)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.6.10600.4.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10300.1.100 - Nero AG)
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.6.10500.3.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10400.0.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10200.0.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.6.11300 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.10.10600.4.100 - Nero AG)
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.10.10300.2.100 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.4.10800.7.100 - Nero AG)
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.10.10400.3.100 - Nero AG)
Origin (HKLM-x32\...\Origin) (Version: 10.5.17.52805 - Electronic Arts, Inc.)
ROCCAT Kone XTD Mouse Driver (HKLM-x32\...\{7133137D-DF48-4522-AD88-13C82B7D0A63}) (Version: - Roccat GmbH)
Shutdown8 (HKU\S-1-5-21-3558140580-3056915041-1531952502-1001\...\Shutdown8) (Version: 1.08 - Bandisoft.com)
Siko Kitchen Planner Web SK (HKU\S-1-5-21-3558140580-3056915041-1531952502-1001\...\SquareClock_Production_Home_5-2_bbbe2f7a) (Version: - 3DVIA SAS)
Siko Web Kitchen Planner (HKU\S-1-5-21-3558140580-3056915041-1531952502-1001\...\SquareClock_Production_Home_Siko_Web) (Version: - 3DVIA SAS)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 8.0.1024 - SUPERAntiSpyware.com)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
Total Commander 64-bit (Remove or Repair) (HKLM-x32\...\Totalcmd64) (Version: 9.0 - Ghisler Software GmbH)
TotalMedia Setup (HKLM-x32\...\{24C4BB38-F45D-4247-90B9-7E6CAA877FF3}) (Version: 1.00.0000 - Conexant)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
WinRAR 5.50 (64-bitová verzia) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Wolfenstein The New Order verze 1.0.0.2 (HKLM-x32\...\{1D725EB0-44A5-4149-9CA3-FD68D1E71DB5}_is1) (Version: 1.0.0.2 - Bethesda Softworks)
Wolfenstein The Old Blood (HKLM-x32\...\Wolfenstein The Old Blood_is1) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-10-29] (COMODO)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-10-29] (COMODO)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-10-29] (COMODO)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F58B4B4-6F52-402C-B18C-A7DBABFE3DFE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-10] (Piriform Ltd)
Task: {172BA1D1-2C95-4629-A4FD-07112F046917} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-10-29] (COMODO)
Task: {2020CE8F-D911-4FC5-A365-A6356600E1E5} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_153_pepper.exe [2018-11-24] (Adobe Systems Incorporated)
Task: {2B8317C6-5721-4A78-8964-BADF94B16ED7} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2018-10-29] (COMODO)
Task: {30746B5F-AB55-4E0F-8EA7-2EACBA1544B6} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-10-29] (COMODO)
Task: {688958A8-F0E7-4028-8647-DA4797F34BD3} - System32\Tasks\S-1-5-21-3558140580-3056915041-1531952502-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-09-15] (Microsoft Corporation)
Task: {6F493021-9028-4793-B653-85052499A113} - System32\Tasks\SUPERAntiSpyware Scheduled Task 448778f3-c24f-4e46-9578-4cdfd8d3064c => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {7A35A2E3-3CB4-4E28-B98D-832C02003592} - System32\Tasks\Microsoft\Windows\Flighting\OneSettings\RefreshCache
Task: {7A9D9A63-0266-464F-A573-50A043C83EF3} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_148_Plugin.exe [2018-11-18] (Adobe Systems Incorporated)
Task: {96EE24D3-81D7-4986-B8C8-C90C5BD9C73F} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2018-10-29] (COMODO)
Task: {AD4E8AFB-A48C-4E13-BE83-B8D87600CFB4} - System32\Tasks\Microsoft\Windows\WlanSvc\CDSSync
Task: {BD21C377-5B30-4E5A-B6F2-37D2086885E5} - System32\Tasks\Microsoft\Windows\BitLocker\BitLocker Encrypt All Drives
Task: {C91EF4E6-6534-4A21-A2B5-77673490B38E} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-10-29] (COMODO)
Task: {D1AB5F8E-77D2-4DEB-9965-C895F9FE74E7} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2018-10-29] (COMODO)
Task: {D82F047E-77AF-43E1-A089-51133366A47B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-10] (Piriform Ltd)
Task: {DD9162C4-2C13-495A-8CFE-6DF6267ED5E3} - System32\Tasks\SUPERAntiSpyware Scheduled Task 5749c466-8ede-4f41-948a-25ab6b4d890c => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {DF2964C0-99E7-49E6-83EE-C5D65985BCCC} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-10-29] (COMODO)
Task: {E39F8E32-F4B6-44B2-B8AF-D84A6CFEB7B8} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-09-15] ()
Task: {E3DA4300-4458-4AC0-B5C4-D22F2E00E052} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-10-29] (COMODO)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 448778f3-c24f-4e46-9578-4cdfd8d3064c.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 5749c466-8ede-4f41-948a-25ab6b4d890c.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Kuko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\395fbb84ca74fb25\Comodo Dragon.lnk -> C:\Program Files (x86)\Comodo\Dragon\dragon.exe (Comodo) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) ==============

2018-10-29 12:17 - 2018-10-29 12:17 - 000159424 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdwrhlp.dll
2018-10-29 12:17 - 2018-10-29 12:17 - 000246464 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll
2018-10-29 12:16 - 2018-10-29 12:16 - 000107200 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll
2018-09-15 08:28 - 2018-09-15 08:28 - 000834088 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-09-15 08:28 - 2018-09-15 08:28 - 000474624 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-09-15 08:28 - 2018-09-15 08:28 - 002801152 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-09-15 08:28 - 2018-09-15 08:28 - 001740288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-11-04 15:43 - 2015-11-04 15:43 - 000102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2018-11-06 15:38 - 2018-11-06 15:38 - 000194048 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-11-06 15:38 - 2018-11-06 15:38 - 002538056 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-11-06 15:38 - 2018-11-06 15:38 - 001754112 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.dll
2017-09-07 08:39 - 2017-09-07 08:39 - 000073920 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2017-09-09 19:57 - 2012-06-17 10:20 - 000061440 _____ () C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\hiddriver.dll
2018-11-02 21:51 - 2015-08-14 23:02 - 000279955 _____ () F:\Stahuj\zz__UnPack\Skuska\FarmHelper3\libidn-11.dll
2018-11-02 21:51 - 2015-08-14 23:02 - 000084992 _____ () F:\Stahuj\zz__UnPack\Skuska\FarmHelper3\zlib1.dll
2018-11-02 21:51 - 2018-05-01 16:30 - 000012800 _____ () F:\Stahuj\zz__UnPack\Skuska\FarmHelper3\StringLib.dll
2018-11-02 21:51 - 2018-05-04 17:33 - 000161280 _____ () F:\Stahuj\zz__UnPack\Skuska\FarmHelper3\Zlib.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 22:03 - 2017-03-18 22:01 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3558140580-3056915041-1531952502-1001\Control Panel\Desktop\\Wallpaper -> f:\win sp\icewater2.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: ACDaemon => 3
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 3
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKU\S-1-5-21-3558140580-3056915041-1531952502-1001\...\StartupApproved\Run: => "OneDriveSetup"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [Microsoft-Windows-DeviceManagement-CertificateInstall-TCP-Out] => (Allow) %SystemRoot%\system32\dmcertinst.exe
FirewallRules: [Microsoft-Windows-DeviceManagement-OmaDmClient-TCP-Out] => (Allow) %SystemRoot%\system32\omadmclient.exe
FirewallRules: [{04440348-CC08-47B3-9821-6A69328E3A12}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{2F874A65-7E5C-4CF6-A8B6-E6330EDB6AAC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{4C20A642-D6E5-4D38-A2A2-0F800E893547}] => (Allow) G:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{D5D9893F-396C-448E-BB71-8E30EB175E48}] => (Allow) G:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{D4F0F5EA-33A7-452C-A621-6F1CB824BBCF}] => (Allow) G:\SteamLibrary\steamapps\common\BioShock 2 Remastered\Build\Final\Bioshock2HD.exe
FirewallRules: [{043E4618-DB93-43FD-ACC6-73369A1D2284}] => (Allow) G:\SteamLibrary\steamapps\common\BioShock 2 Remastered\Build\Final\Bioshock2HD.exe
FirewallRules: [{319E7C91-2442-4BD9-9C94-714BF68EDD50}] => (Allow) G:\SteamLibrary\steamapps\common\BioShock Remastered\Build\Final\BioshockHD.exe
FirewallRules: [{070A6912-4B94-4C17-9A7A-FF39998FFABA}] => (Allow) G:\SteamLibrary\steamapps\common\BioShock Remastered\Build\Final\BioshockHD.exe
FirewallRules: [{ADE09357-A3CF-4668-A3BF-7001F8E0B3DD}] => (Allow) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe
FirewallRules: [{49A82B36-E156-4EF7-8DDE-F41B3803A1C1}] => (Allow) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe
FirewallRules: [{13028F56-AAE7-4CE3-9007-94281E3092F4}] => (Allow) G:\SteamLibrary\steamapps\common\Dawn of War III\RelicDoW3.exe
FirewallRules: [{B175F16B-5265-4B49-A2A6-5E5CCBEC88D8}] => (Allow) G:\SteamLibrary\steamapps\common\Dawn of War III\RelicDoW3.exe
FirewallRules: [{6636362C-F4A2-4779-A773-5F81C7D1C088}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0FA1E36F-C59C-483A-B198-EB012D4CB03C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7122BF3E-7FC6-4036-B001-40486BB63E8F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{EC152769-F24F-4F65-8D38-E2147A5E9E1E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{0D86AD1C-00B8-4E84-9CB6-4ABA119EDD14}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{533FCF72-F79A-42B9-8F74-5D639328B16A}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{9AC77C61-BFA8-4C21-8FFA-0C1775DACDD0}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{AB8AC56D-AD7F-47C0-9E38-1DB1C0971980}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/30/2018 06:35:07 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (11/30/2018 06:24:56 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (11/30/2018 05:24:56 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (11/30/2018 04:26:53 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (11/30/2018 03:24:56 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (11/30/2018 02:24:56 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (11/30/2018 02:00:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: FarmHelper3.exe, verzia: 3.24.1.144, časová značka: 0x5beff921
Názov chybujúceho modulu: FarmHelper3.exe, verzia: 3.24.1.144, časová značka: 0x5beff921
Kód výnimky: 0xc0000005
Odstup chyby: 0x00045a0d
Identifikácia chybujúceho procesu: 0x20f0
Čas spustenia chybujúcej aplikácie: 0x01d48894d45316ac
Cesta chybujúcej aplikácie: F:\Stahuj\zz__UnPack\Skuska\FarmHelper3\FarmHelper3.exe
Cesta chybujúceho modulu: F:\Stahuj\zz__UnPack\Skuska\FarmHelper3\FarmHelper3.exe
Identifikácia hlásenia: bfc39e65-5f3d-42d1-8e43-f5c21399e4aa
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (11/30/2018 01:26:46 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.


System errors:
=============
Error: (11/30/2018 12:18:49 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-1T8OR3O)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-1T8OR3O\Kuko SID (S-1-5-21-3558140580-3056915041-1531952502-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/30/2018 12:18:49 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-1T8OR3O)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-1T8OR3O\Kuko SID (S-1-5-21-3558140580-3056915041-1531952502-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/30/2018 12:04:43 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-1T8OR3O)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-1T8OR3O\Kuko SID (S-1-5-21-3558140580-3056915041-1531952502-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/30/2018 12:04:43 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-1T8OR3O)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-1T8OR3O\Kuko SID (S-1-5-21-3558140580-3056915041-1531952502-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/30/2018 11:06:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby Služba Windows Defender Antivirus zlyhalo kvôli nasledujúcej chybe:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (11/30/2018 11:06:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.SecurityAppBroker
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/30/2018 11:04:30 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (11/29/2018 01:58:36 PM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-1T8OR3O)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"0"
Happened while starting this command:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}


CodeIntegrity:
===================================

Date: 2018-11-30 16:33:39.608
Description:
Code Integrity determined that a process (\Device\HarddiskVolume9\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume9\Windows\System32\cssguard64.dll that did not meet the Windows signing level requirements.

Date: 2018-11-30 16:33:39.601
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-11-30 13:09:43.279
Description:
Code Integrity determined that a process (\Device\HarddiskVolume9\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume9\Windows\System32\cssguard64.dll that did not meet the Windows signing level requirements.

Date: 2018-11-30 13:09:43.272
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-11-30 12:32:52.230
Description:
Code Integrity determined that a process (\Device\HarddiskVolume9\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume9\Windows\System32\cssguard64.dll that did not meet the Windows signing level requirements.

Date: 2018-11-30 12:32:52.223
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-11-30 12:18:49.666
Description:
Code Integrity determined that a process (\Device\HarddiskVolume9\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume9\Windows\System32\cssguard64.dll that did not meet the Windows signing level requirements.

Date: 2018-11-30 12:18:49.659
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD Phenom(tm) II X6 1055T Processor
Percentage of memory in use: 25%
Total physical RAM: 12286.18 MB
Available physical RAM: 9202.52 MB
Total Virtual: 12286.18 MB
Available Virtual: 9097.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:54.94 GB) (Free:28.71 GB) NTFS
Drive d: (Win XP) (Fixed) (Total:15.63 GB) (Free:2.83 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Local Disk Hry) (Fixed) (Total:39.06 GB) (Free:17.44 GB) NTFS
Drive f: (Local Disk Stahuj) (Fixed) (Total:19.83 GB) (Free:2.25 GB) NTFS
Drive g: (Games) (Fixed) (Total:200 GB) (Free:12.19 GB) NTFS
Drive h: (Wirtu) (Fixed) (Total:200 GB) (Free:90.5 GB) NTFS
Drive i: () (Fixed) (Total:200 GB) (Free:185.25 GB) NTFS
Drive j: (Zaloha) (Fixed) (Total:331.51 GB) (Free:262.81 GB) NTFS

\\?\Volume{c8e6be3e-0000-0000-0000-100000000000}\ (Vyhradené systémom) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS
\\?\Volume{c8e6be3e-0000-0000-0000-c0db0d000000}\ () (Fixed) (Total:0.46 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 74.5 GB) (Disk ID: 0BDC0BDB)
Partition 1: (Active) - (Size=15.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=58.9 GB) - (Type=0F Extended)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 0B0BCF48)
Partition 1: (Active) - (Size=200 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=731.5 GB) - (Type=05)

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 55.9 GB) (Disk ID: C8E6BE3E)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=54.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=475 MB) - (Type=27)

==================== End of Addition.txt ============================

Re: Kontrola logu

Napsal: 30 lis 2018 19:10
od Rudy
Zdravím!
Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Kontrola logu

Napsal: 30 lis 2018 19:45
od Janík
Omylom som vymazal log,tak som spustil este raz

Fix result of Farbar Recovery Scan Tool (x64) Version: 29.11.2018 01
Ran by Kuko (30-11-2018 19:40:52) Run:2
Running from C:\Users\Kuko\Desktop
Loaded Profiles: Kuko (Available Profiles: Kuko)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => not found
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => not found
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => not found
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => not found
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => not found
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => not found
HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => not found
HKLM\Software\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => not found
HKLM\Software\Wow6432Node\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => not found
HKLM\Software\Wow6432Node\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => not found
HKLM\Software\Wow6432Node\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => not found
HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => not found
HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => not found
HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => not found
HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => not found
HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => not found
HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => not found
HKLM\Software\Wow6432Node\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8512209 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1814 B
Edge => 0 B
Chrome => 0 B
Firefox => 16268806 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 904 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
Kuko => 42741 B

RecycleBin => 0 B
EmptyTemp: => 31.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:42:09 ====

Re: Kontrola logu

Napsal: 30 lis 2018 19:59
od Rudy
OK, čisto. Nějaký problém?

Re: Kontrola logu

Napsal: 30 lis 2018 20:26
od Janík
Prisiel mail,ktory som si mal poslat sam sebe a vyhrazal sa,ze ked nezaplatim BTC,tak mi bude skodit

......How I made it:
In the software of the router, through which you went online, was a vulnerability.
I just hacked this router and placed my malicious code on it.
When you went online, my trojan was installed on the OS of your device. ........

,napisal mi login na konto pre os,to som mal ,ale pred par mesiacmi a ze mi hackol router aj s datumom kedy a ze ma chybu v Fw a ze tam nahral.Router bol hacknuty-spadnuty,nevedel som sa dostat do neho,ina ip adresa aj maska siete,nakoniec sa podarilo a nahral som tam nanovo firmware,len vyrobca uz zariadenie nepodporuje,taze len stary.Som preskenoval cely pc a nenasiel som nic,pre istotu som sa obratil na vas,cim vam dakujem.

Re: Kontrola logu

Napsal: 30 lis 2018 20:55
od Rudy
Většinou je toto fake. Pro jistotu ještě udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Re: Kontrola logu

Napsal: 30 lis 2018 22:14
od Janík
Malwarebytes
www.malwarebytes.com

-Podrobnosti denníka-
Dátum skenovania: 30. 11. 2018
Čas skenovania: 22:06
Súbor denníka: d5a54bee-f4e3-11e8-9141-002618d3f6fe.json

-Údaje o softvéri-
Verzia: 3.6.1.2711
Verzia súčastí: 1.0.482
Aktualizovať verziu balíka: 1.0.8105
Licencia: Zadarmo

-Systémové informácie-
OS: Windows 10 (Build 17763.134)
Procesor: x64
Systém súborov: NTFS
Používateľ: DESKTOP-1T8OR3O\Kuko

-Zhrnutie skenovania-
Typ skenovania: Vyhľadávanie hrozieb
Skenovanie bolo spustené: Manuálne
Výsledok: Dokončené
Preskenované objekty: 281144
Zistené hrozby: 0
Hrozby umiestnené do karantény: 0
Uplynulý čas: 5 min, 19 s

-Možnosti skenovania-
Pamäť: Povolené
Spúšťanie: Povolené
Systém súborov: Povolené
Archívy: Povolené
Rootkity: Povolené
Heuristika: Povolené
PUP: Zistiť
PUM: Zistiť

-Podrobnosti skenovania-
Proces: 0
(Nezistili sa nijaké škodlivé položky)

Modul: 0
(Nezistili sa nijaké škodlivé položky)

Kľúč databázy Registry: 0
(Nezistili sa nijaké škodlivé položky)

Hodnota databázy Registry: 0
(Nezistili sa nijaké škodlivé položky)

Údaje databázy Registry: 0
(Nezistili sa nijaké škodlivé položky)

Prúd údajov: 0
(Nezistili sa nijaké škodlivé položky)

Priečinok: 0
(Nezistili sa nijaké škodlivé položky)

Súbor: 0
(Nezistili sa nijaké škodlivé položky)

Fyzický sektor: 0
(Nezistili sa nijaké škodlivé položky)

WMI: 0
(Nezistili sa nijaké škodlivé položky)


(end)

Re: Kontrola logu

Napsal: 01 pro 2018 11:07
od Rudy
OK, v PC máte čisto.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz