Poprosim o kontrolu logu. Neco skryteho ?

Zpráva

tiqilux · #1 Příspěvek od **tiqilux** » 13 dub 2019 16:41

Dobry den,

stretol som sa s nestandardnym spravanim pocitaca a neviem si poradit.

Ide o to ze WMI Provider host nonstop vytazuje na 6 az 30% cpu.

ADWCleaner nasiel jeden PUP.Optional.Legacy chrome start page ktory nemizne ani po clean and restart, toto ale nemusi byt spojene s hlavnym problemom.

Windows Update po kazdom search for updates najde cez 50 novych updatov hlavne Intel processor od roku 2006 az 2019. Je to divne ale pred mesiacom clean reinstall koli novemu M2 disku tak mozno stale dobieha.

Event Viewer ukazuje na rozdne errory pri procese 5858 ktory ale nie je v TaskManageri a neda sa identifikovat.

priklad erroru
(Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = DESKTOP-SBCHK78; User = NT AUTHORITY\SYSTEM; ClientProcessId = 14368; Component = Unknown; Operation = Start IWbemServices::CreateInstanceEnum - root\WMI : ASUSHW; ResultCode = 0x80041032; PossibleCause = Throttling Idle Tasks, refer to CIMOM regkey: ArbTaskMaxIdle)
alebo
(Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = DESKTOP; User = DESKTOP-; ClientProcessId = 12368; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor; ResultCode = 0x80041032; PossibleCause = Throttling Idle Tasks, refer to CIMOM regkey: ArbTaskMaxIdle)

Malwarebytes a Windows defender nenasli nic.

Prikladam FIRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by Michal (administrator) on DESKTOP-SBCHK78 (13-04-2019 17:23:52)
Running from E:\download
Loaded Profiles: Michal & (Available Profiles: Michal)
Platform: Windows 10 Pro Version 1809 17763.437 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(CyberSight, Inc. -> ) C:\Program Files\RansomStopper\Service\RSAgent.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1903.4-0\MsMpEng.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.33\AsusFanControlService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1903.4-0\NisSrv.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Adobe Systems, Incorporated -> ) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Malwarebytes Corporation -> Malwarebytes) E:\download\adwcleaner_7.3.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CsrHCRPServer] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrHCRPServer.exe [1134288 2012-03-23] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
HKLM\...\Run: [CsrAudioguiCtrl] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrAudioguiCtrl.exe [511696 2012-03-23] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
HKLM\...\Run: [CsrSyncMLServer] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrSyncMLServer.exe [244944 2012-03-23] (Cambridge Silicon Radio Ltd. -> )
HKLM\...\Run: [vksts] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe [25792 2012-03-23] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
HKLM\...\Run: [HarmonyUserStartup] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe [39128 2012-03-23] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
HKLM\...\Run: [CSRHarmonySkypePlugin] => C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe [146656 2012-03-23] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
HKLM\...\Run: [TrayApplication] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe [529616 2012-03-23] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8841472 2016-06-17] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2177160 2019-03-03] (Logitech Inc -> Logitech, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2410960 2019-03-01] (Adobe Systems Incorporated -> Adobe Inc.)
HKLM-x32\...\Run: [PivotSoftware] => C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe [112424 2013-06-18] (Portrait Displays, Inc. -> )
HKLM-x32\...\Run: [DT BEN] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [122336 2016-11-18] (PORTRAIT DISPLAYS, INC. -> Portrait Displays, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [4810288 2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1342014794-1341724580-1558506771-1001\...\Run: [RansomStopper] => C:\Program Files\RansomStopper\GUI\RansomStopper.exe [81308672 2018-11-27] (CyberSight, Inc. -> CyberSight)
HKU\S-1-5-21-1342014794-1341724580-1558506771-1001\...\Run: [GoogleChromeAutoLaunch_7999338B87431E4923015A2D4B0F7CC3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1716720 2019-04-04] (Google LLC -> Google Inc.)
HKU\S-1-5-21-1342014794-1341724580-1558506771-1001\...\Run: [f.lux] => C:\Users\Michal\AppData\Local\FluxSoftware\Flux\flux.exe [1376264 2019-04-03] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-1342014794-1341724580-1558506771-1001\...\Run: [Timeular] => C:\Program Files\Timeular\Timeular.exe [67932080 2019-04-05] (Timeular GmbH -> Timeular GmbH)
HKU\S-1-5-21-1342014794-1341724580-1558506771-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [10097840 2018-09-08] (Windscribe Limited -> Windscribe Limited)
HKU\S-1-5-21-1342014794-1341724580-1558506771-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5933616 2019-03-25] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1342014794-1341724580-1558506771-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019162331867\...\Run: [RansomStopper] => C:\Program Files\RansomStopper\GUI\RansomStopper.exe [81308672 2018-11-27] (CyberSight, Inc. -> CyberSight)
HKU\S-1-5-21-1342014794-1341724580-1558506771-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019162331867\...\Run: [GoogleChromeAutoLaunch_7999338B87431E4923015A2D4B0F7CC3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1716720 2019-04-04] (Google LLC -> Google Inc.)
HKU\S-1-5-21-1342014794-1341724580-1558506771-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019162331867\...\Run: [f.lux] => C:\Users\Michal\AppData\Local\FluxSoftware\Flux\flux.exe [1376264 2019-04-03] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-1342014794-1341724580-1558506771-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019162331867\...\Run: [Timeular] => C:\Program Files\Timeular\Timeular.exe [67932080 2019-04-05] (Timeular GmbH -> Timeular GmbH)
HKU\S-1-5-21-1342014794-1341724580-1558506771-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019162331867\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [10097840 2018-09-08] (Windscribe Limited -> Windscribe Limited)
HKU\S-1-5-21-1342014794-1341724580-1558506771-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019162331867\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5933616 2019-03-25] (Adobe Inc. -> Adobe Systems Incorporated)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-10] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{5355DA8C-FE32-49b4-A567-A67535C86592}] -> C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BLEtokenCredentialProvider.dll [2012-03-23] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RansomStopper.lnk [2019-02-18]
ShortcutTarget: RansomStopper.lnk -> C:\Program Files\RansomStopper\GUI\RansomStopper.exe (CyberSight, Inc. -> CyberSight)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TREZOR Bridge.lnk [2019-02-21]
ShortcutTarget: TREZOR Bridge.lnk -> C:\Program Files (x86)\TREZOR Bridge\trezord.exe (SatoshiLabs s.r.o. -> )

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 185.156.174.10 cz-001.whiskergalaxy.com #added by Windscribe, do not modify.
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{650050F1-30BF-4035-B7E1-9719A3B56709}: [NameServer] 10.255.255.3
Tcpip\..\Interfaces\{97ce071a-48ea-4317-a330-5d13f21dad4f}: [DhcpNameServer] 213.46.172.36 213.46.172.37

Internet Explorer:
==================
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-02-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-02-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-02-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-02-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-02-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-02-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-01-20] (Skype Technologies SA -> Skype Technologies)

FireFox:
========
FF DefaultProfile: ynswfrvn.default
FF ProfilePath: C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\ynswfrvn.default [2019-04-13]
FF Extension: (uBlock Origin) - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\ynswfrvn.default\Extensions\uBlock0@raymondhill.net.xpi [2019-03-13]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2019-01-31]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-03-01] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2019-01-11] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2019-01-11] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-03-01] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.sk/
CHR StartupUrls: Default -> "hxxp://websearch.searchbomb.info/?pid=377&r=2013/11/25&hid=11459849472601307050&lg=EN&cc=SK&unqvl=42","hxxps://www.google.com/"
CHR DefaultSearchKeyword: Default -> lp
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default [2019-04-13]
CHR Extension: (Slides) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-18]
CHR Extension: (Docs) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-18]
CHR Extension: (Google Drive) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2019-02-18]
CHR Extension: (YouTube) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-18]
CHR Extension: (uBlock Origin) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-04-03]
CHR Extension: (Adobe Acrobat) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-04-02]
CHR Extension: (Gmail Offline) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2019-02-18]
CHR Extension: (minerBlock) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\emikbbbebcdfohonlaifafnoanocnebl [2019-02-18]
CHR Extension: (Full Page Screen Capture) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2019-02-18]
CHR Extension: (Sheets) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-18]
CHR Extension: (Google Calendar) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2019-03-26]
CHR Extension: (Pinterest Save Button) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2019-04-03]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2019-03-22]
CHR Extension: (feedly) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2019-02-18]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2019-04-09]
CHR Extension: (Windscribe - Free VPN and Ad Blocker) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2019-02-18]
CHR Extension: (Toshl Finance) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\igkglemnonbchhapbnnmfjgebfphlcce [2019-02-18]
CHR Extension: (TREZOR Password Manager) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\imloifkgjagghnncjkhggdhalmcnfklk [2019-03-28]
CHR Extension: (TREZOR Chrome Extension) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcjjhjgimijdkoamemaghajlhegmoclj [2019-02-18]
CHR Extension: (Grammarly for Chrome) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-04-11]
CHR Extension: (Evernote Web) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2019-02-18]
CHR Extension: (Save to Pocket) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2019-04-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-18]
CHR Extension: (Gmail) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-02-18]
CHR Extension: (Chrome Media Router) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-26]
CHR Extension: (Privacy Badger) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2019-02-21]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2019-03-01] (Adobe Systems Incorporated -> Adobe Inc.)
S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-25] (ASUSTeK Computer Inc. -> ) [File not signed]
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.33\AsusFanControlService.exe [1340376 2017-12-05] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 BtSwitcherService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe [64216 2012-03-23] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S2 CSRBtAudioService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe [465624 2012-03-23] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S2 CsrBtOBEXService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe [1041616 2012-03-23] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S2 CsrBtService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe [825032 2012-03-23] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [142816 2016-11-18] (PORTRAIT DISPLAYS, INC. -> Portrait Displays, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
R2 RSAgent; C:\Program Files\RansomStopper\Service\RSAgent.exe [1549312 2018-11-27] (CyberSight, Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5382448 2019-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 TimeularDriverService; C:\Program Files\Timeular\service\TimeularDriverService.exe [463792 2019-04-05] (Timeular GmbH -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\NisSrv.exe [3856504 2019-04-09] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MsMpEng.exe [113992 2019-04-09] (Microsoft Corporation -> Microsoft Corporation)
S2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [493232 2018-09-08] (Windscribe Limited -> Windscribe Limited)
S2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology Corp. -> Wacom Technology, Corp.)
S2 asComSvc; "C:\Program Files (x86)\ASUS\AXSP\4.00.01\atkexComSvc.exe" [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2017-12-26] (ASUSTeK Computer Inc. -> )
R0 csmon; C:\Windows\System32\DRIVERS\csmon.sys [47808 2018-11-06] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 CsrBtPort; C:\Windows\system32\DRIVERS\CsrBtPort.sys [2784968 2012-03-23] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrhidmini; C:\Windows\System32\drivers\csrhidmini.sys [29896 2012-03-23] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrpan; C:\Windows\System32\drivers\csrpan.sys [39616 2012-03-23] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrserial; C:\Windows\system32\DRIVERS\csrserial.sys [61128 2012-03-23] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrusb; C:\Windows\System32\Drivers\csrusb.sys [47296 2012-03-23] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2012-03-23] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
R3 e1dexpress; C:\Windows\System32\DriverStore\FileRepository\e1d68x64.inf_amd64_9b64147bed2d44a1\e1d68x64.sys [567872 2019-01-31] (Intel(R) INTELND1820 -> Intel Corporation)
S3 esihdrv; C:\Users\Michal\AppData\Local\Temp\esihdrv.sys [191664 2019-04-13] (ESET, spol. s r.o. -> ESET) <==== ATTENTION
R3 hidkmdf; C:\Windows\System32\drivers\hidkmdf.sys [14136 2014-08-06] (Wacom Technology Corp. -> Windows (R) Win 7 DDK provider)
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [34064 2017-12-26] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-04-13] (Malwarebytes Corporation -> Malwarebytes)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5db32447b43ce666\nvlddmkm.sys [20461984 2019-01-12] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-01-16] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [74576 2019-01-11] (NVIDIA Corporation -> NVIDIA Corporation)
R3 tapwindscribe0901; C:\Windows\System32\drivers\tapwindscribe0901.sys [54896 2018-07-14] (Windscribe Limited -> The OpenVPN Project)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46472 2019-04-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [35584 2018-02-27] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [343520 2019-04-09] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [68576 2019-04-09] (Microsoft Windows -> Microsoft Corporation)
R0 ZVDiskProt; C:\Windows\system32\DRIVERS\ZVDiskProt.sys [40512 2018-11-06] (Microsoft Windows Hardware Compatibility Publisher -> ZitoVault)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-13 17:21 - 2019-04-13 17:21 - 000003144 _____ C:\Windows\System32\Tasks\AdwCleaner_onReboot
2019-04-13 17:02 - 2019-04-13 17:23 - 000000000 ____D C:\FRST
2019-04-13 09:01 - 2019-04-13 00:34 - 080216064 _____ C:\Windows\system32\config\SOFTWARE
2019-04-13 00:35 - 2019-04-13 00:35 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-04-13 00:21 - 2019-04-13 00:23 - 000000000 ____D C:\AdwCleaner
2019-04-13 00:12 - 2019-04-13 00:12 - 000001045 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2019.lnk
2019-04-13 00:09 - 2019-04-13 00:09 - 000001231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects 2019.lnk
2019-04-13 00:04 - 2019-04-13 00:04 - 000002480 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator 2019.lnk
2019-04-13 00:03 - 2019-04-13 00:03 - 000001020 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom CC.lnk
2019-04-13 00:03 - 2019-04-13 00:03 - 000001008 _____ C:\Users\Michal\Desktop\Lightroom CC.lnk
2019-04-13 00:01 - 2019-04-13 00:01 - 000001111 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro 2019.lnk
2019-04-12 23:57 - 2019-04-12 23:57 - 000001078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition 2019.lnk
2019-04-12 23:54 - 2019-04-12 23:54 - 000001123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder 2019.lnk
2019-04-12 23:50 - 2019-04-12 23:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2019-04-12 23:50 - 2019-04-12 23:50 - 000000000 ____D C:\Program Files\Logitech
2019-04-12 12:32 - 2019-04-12 12:32 - 000007607 _____ C:\Users\Michal\AppData\Local\Resmon.ResmonCfg
2019-04-11 15:42 - 2019-04-13 00:48 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-04-10 09:50 - 2019-04-10 09:50 - 026810368 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 023440896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 020815360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 019025408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 017513472 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 015223296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 012843520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 012139008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 009682744 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 008898048 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 007919104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 007883776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 007877120 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 007645608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 006925824 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 006544824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 006440960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 006309040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 006071296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 005765120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 005436904 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 005205448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 004866560 _____ (Microsoft Corporation) C:\Windows\system32\Windows.AI.MachineLearning.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 004704272 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 004660224 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 004588536 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 004527624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 004304896 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 003982848 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 003904512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 003690496 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 003657728 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 003656192 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 003602944 _____ (Microsoft Corporation) C:\Windows\system32\tellib.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 003557888 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 003551112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 003496448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.AI.MachineLearning.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 003421696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 003384832 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 003377976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 003334496 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 003334144 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 002995712 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 002942464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 002925880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 002871304 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 002842624 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 002777224 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 002765312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 002701304 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 002689024 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 002627384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 002592816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 002469376 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 002438368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 002346496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 002275896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 002189312 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 002127360 _____ (Microsoft Corporation) C:\Windows\system32\wsp_fs.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 002073960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 002042368 _____ (Microsoft Corporation) C:\Windows\system32\Windows.CloudStore.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001994768 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001969464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 001918464 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001892864 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001886208 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001860096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001844448 _____ (Microsoft Corporation) C:\Windows\system32\D3D12.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001830200 _____ (Microsoft Corporation) C:\Windows\system32\rdpserverbase.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001760768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001711104 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001701888 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001697752 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-04-10 09:50 - 2019-04-10 09:50 - 001687552 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001674480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001671680 _____ (Microsoft Corporation) C:\Windows\system32\InstallService.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001671352 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001647632 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001641400 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001616384 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001615872 ____R (The ICU Project) C:\Windows\SysWOW64\icuin.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001605120 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001590064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpserverbase.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001567232 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001521664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_fs.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001506304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001478968 _____ (Microsoft Corporation) C:\Windows\system32\rdpbase.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001468952 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 001467344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001459080 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001458056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3D12.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001395056 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001387520 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvruserservice.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001370624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001360184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 001342400 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-04-10 09:50 - 2019-04-10 09:50 - 001315328 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001311232 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Vpn.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001309696 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001297120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001294520 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001259320 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2019-04-10 09:50 - 2019-04-10 09:50 - 001259320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 001256448 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001221944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpbase.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001217024 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001213752 _____ (Microsoft Corporation) C:\Windows\system32\drvstore.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001191728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001179680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 001155072 ____R (The ICU Project) C:\Windows\SysWOW64\icuuc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001145856 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001133568 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApiPublic.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001072424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001064448 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001058304 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2019-04-10 09:50 - 2019-04-10 09:50 - 001057792 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 001054200 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 001047552 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001035776 _____ (Microsoft Corporation) C:\Windows\system32\ShareHost.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001026792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001019392 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001007616 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001001472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000998712 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000984888 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000982880 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000982528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Vpn.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000981816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refsv1.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 000976896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000974352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000964096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000949248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000948224 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000927232 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000926208 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApi.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000912384 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000909840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000897536 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000888320 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000884224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApiPublic.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000882688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000882176 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2019-04-10 09:50 - 2019-04-10 09:50 - 000877056 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.BackgroundMediaPlayback.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000874496 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000865792 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000855040 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Playback.MediaPlayer.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000850760 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000845824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ShareHost.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000840192 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000828728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000821048 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000815616 _____ (Microsoft Corporation) C:\Windows\system32\fvewiz.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000809784 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000807424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdiWiFi.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 000793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000776192 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000772608 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000769536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 000766480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000762880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprddm.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000757664 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000756736 _____ (Microsoft Corporation) C:\Windows\system32\DolbyHrtfEnc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000740352 _____ (Microsoft Corporation) C:\Windows\system32\cscsvc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000737080 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000731648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000730936 _____ (Microsoft Corporation) C:\Windows\system32\LicensingWinRT.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000730112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000725928 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000712192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000711168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApi.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000701440 _____ (Microsoft Corporation) C:\Windows\system32\FrameServer.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000699392 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Language.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000684032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000676352 _____ (Microsoft Corporation) C:\Windows\system32\AppReadiness.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000672256 _____ (Microsoft Corporation) C:\Windows\system32\configmanager2.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000671232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fveapi.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000660480 _____ (Microsoft Corporation) C:\Windows\system32\OneDriveSettingSyncProvider.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000653040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000651064 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000649064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000642048 _____ (Microsoft Corporation) C:\Windows\system32\SharedRealitySvc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000620560 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000617984 _____ (Microsoft Corporation) C:\Windows\system32\AssignedAccessManager.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000617784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicensingWinRT.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000611840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.LowLevel.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000609792 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000604008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000598544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000593920 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000580024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000579072 _____ (Microsoft Corporation) C:\Windows\system32\netprofmsvc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000568632 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000553784 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000552448 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000551936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 000551936 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000543744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 000540672 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2019-04-10 09:50 - 2019-04-10 09:50 - 000540448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000531968 _____ (Microsoft Corporation) C:\Windows\system32\sppcext.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000528384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000522752 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000513040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000508208 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Enumeration.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000506880 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseAppMgmtSvc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000506168 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000505344 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000500224 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_PCDisplay.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppcext.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000485192 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase_enclave.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000475648 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000474928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2019-04-10 09:50 - 2019-04-10 09:50 - 000469504 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000466432 _____ (Microsoft Corporation) C:\Windows\system32\slui.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\rdpshell.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000463672 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000461112 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000460800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmenrollengine.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000454144 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\LockAppBroker.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000448000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.Printing.Workflow.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000424960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000414720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2019-04-10 09:50 - 2019-04-10 09:50 - 000408528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Enumeration.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000407552 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000407504 _____ (Microsoft Corporation) C:\Windows\system32\wevtapi.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000404792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 000392704 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000386360 _____ (Microsoft Corporation) C:\Windows\system32\thumbcache.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000385536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.LowLevel.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000384312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000372224 _____ (Microsoft Corporation) C:\Windows\system32\bdechangepin.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppBroker.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000363520 _____ (Microsoft Corporation) C:\Windows\system32\rdpinit.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000358912 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEnroller.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000349184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000346624 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000343984 _____ (Microsoft Corporation) C:\Windows\system32\AudioSrvPolicyManager.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000343552 _____ (Microsoft Corporation) C:\Windows\system32\RADCUI.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000332800 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000331776 _____ (Microsoft Corporation) C:\Windows\system32\fvecpl.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000324096 _____ (Microsoft Corporation) C:\Windows\system32\sppcommdlg.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000322568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000317240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssecflt.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 000316416 _____ (Microsoft Corporation) C:\Windows\system32\FSClient.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000312632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\thumbcache.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fveapibase.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000309760 _____ (Microsoft Corporation) C:\Windows\system32\fveui.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000301568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 000294912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RADCUI.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000283032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtapi.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000264704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000263680 _____ (Microsoft Corporation) C:\Windows\system32\WiFiCloudStore.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000263600 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000257696 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000255128 _____ (Microsoft Corporation) C:\Windows\system32\SgrmBroker.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000246784 _____ (Microsoft Corporation) C:\Windows\system32\tetheringservice.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\SharedPCCSP.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000224768 _____ (Microsoft Corporation) C:\Windows\system32\BitLockerCsp.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000201216 _____ (Microsoft Corporation) C:\Windows\system32\wincredui.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000188416 _____ (Microsoft Corporation) C:\Windows\system32\DMPushRouterCore.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000183296 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Radios.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000182784 _____ (Microsoft Corporation) C:\Windows\system32\Windows.SharedPC.CredentialProvider.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000179712 _____ (Microsoft Corporation) C:\Windows\system32\wuuhosdeployment.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000177152 _____ (Microsoft Corporation) C:\Windows\system32\LanguageComponentsInstaller.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000176640 _____ (Microsoft Corporation) C:\Windows\system32\spacebridge.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\drvinst.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000159744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredui.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000159272 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000157496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 000155136 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.SerialCommunication.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000147496 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000143880 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000143872 _____ (Microsoft Corporation) C:\Windows\system32\oleprn.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BitLockerCsp.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\mdmmigrator.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000138752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 000134456 _____ (Microsoft Corporation) C:\Windows\system32\ImplatSetup.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000133120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Radios.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000121344 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\RjvMDMConfig.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000115360 _____ (Microsoft Corporation) C:\Windows\system32\phoneactivate.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleprn.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\negoexts.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000111104 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000108032 _____ (Microsoft Corporation) C:\Windows\system32\drvsetup.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000107832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000107008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.SerialCommunication.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000098664 _____ (Microsoft Corporation) C:\Windows\system32\mpr.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000097808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 000097280 _____ (Microsoft Corporation) C:\Windows\system32\EduPrintProv.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000096256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000089600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvsetup.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000089336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpr.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000087040 _____ (Microsoft Corporation) C:\Windows\system32\mssecuser.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\KdsCli.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dtdump.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 000071208 _____ (Microsoft Corporation) C:\Windows\system32\win32appinventorycsp.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000067072 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000066048 _____ (Microsoft Corporation) C:\Windows\system32\ntlanman.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\RDSPnf.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntlanman.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000049664 _____ (Microsoft Corporation) C:\Windows\system32\cscapi.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000049152 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\dataclen.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\nshhttp.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\cmintegrator.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscapi.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\perfproc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000039936 _____ (Microsoft Corporation) C:\Windows\system32\perfts.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000039736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WppRecorder.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfproc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshhttp.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dataclen.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000035640 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\sxssrv.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfts.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\RpcPing.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\cscdll.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmintegrator.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RpcPing.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscdll.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2019-04-10 09:50 - 2019-04-10 09:50 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2019-04-10 09:50 - 2019-04-10 09:50 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2019-04-10 09:50 - 2019-04-10 09:50 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2019-04-10 09:50 - 2019-04-10 09:50 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2019-04-10 09:50 - 2019-04-10 09:50 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2019-04-10 09:50 - 2019-04-10 09:50 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2019-04-10 09:50 - 2019-04-10 09:50 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2019-04-10 09:49 - 2019-04-10 09:50 - 001022616 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 007687576 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 004991112 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 002720256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2019-04-10 09:49 - 2019-04-10 09:49 - 002022304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 002017792 _____ C:\Windows\system32\rdpnano.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 001856000 ____R (The ICU Project) C:\Windows\system32\icuin.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 001672704 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 001496576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 001253688 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2019-04-10 09:49 - 2019-04-10 09:49 - 001053192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ClipSp.sys
2019-04-10 09:49 - 2019-04-10 09:49 - 001044280 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2019-04-10 09:49 - 2019-04-10 09:49 - 000871792 _____ (Microsoft Corporation) C:\Windows\system32\ClipSVC.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000865784 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000822272 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-04-10 09:49 - 2019-04-10 09:49 - 000799568 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000793832 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000761280 _____ (Microsoft Corporation) C:\Windows\system32\pkeyhelper.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000675096 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000651792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2019-04-10 09:49 - 2019-04-10 09:49 - 000607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000556544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000447488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000421392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2019-04-10 09:49 - 2019-04-10 09:49 - 000386872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000385024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000370688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000368640 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000349184 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000306488 _____ (Microsoft Corporation) C:\Windows\system32\computestorage.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000300032 _____ (Microsoft Corporation) C:\Windows\system32\wc_storage.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000234808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netvsc.sys
2019-04-10 09:49 - 2019-04-10 09:49 - 000195896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spacedump.sys
2019-04-10 09:49 - 2019-04-10 09:49 - 000169784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wcifs.sys
2019-04-10 09:49 - 2019-04-10 09:49 - 000165376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spacebridge.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000159112 _____ (Microsoft Corporation) C:\Windows\system32\winquic.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000156984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winquic.sys
2019-04-10 09:49 - 2019-04-10 09:49 - 000131384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2019-04-10 09:49 - 2019-04-10 09:49 - 000100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\negoexts.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000095544 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000090424 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000048128 _____ (Microsoft Corporation) C:\Windows\system32\wcimage.dll
2019-04-05 23:11 - 2019-04-12 17:04 - 000000000 ____D C:\Windows\Minidump
2019-04-05 09:31 - 2019-04-05 09:31 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01011.Wdf
2019-04-05 09:18 - 2019-04-05 09:18 - 001795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2019-04-05 09:18 - 2019-04-05 09:18 - 001002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2019-04-05 09:18 - 2019-04-05 09:18 - 000000000 ____D C:\ProgramData\TimeularDriverService
2019-04-02 11:54 - 2019-04-02 11:54 - 000000080 ___SH C:\bootTel.dat
2019-03-31 10:25 - 2019-04-01 00:30 - 000000000 ____D C:\BBC
2019-03-20 19:04 - 2019-04-12 23:50 - 000000000 ____D C:\Users\Michal\AppData\Local\Deployment
2019-03-20 19:04 - 2019-03-20 19:04 - 000000000 ____D C:\Users\Michal\AppData\Local\Apps\2.0
2019-03-18 17:08 - 2019-03-18 17:08 - 000000531 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
2019-03-18 17:08 - 2019-03-18 17:08 - 000000519 _____ C:\Users\Public\Desktop\Anki.lnk
2019-03-18 17:08 - 2019-03-18 17:08 - 000000000 ____D C:\Program Files\Anki
2019-03-14 22:46 - 2019-03-14 22:46 - 000000000 ____D C:\Users\Michal\AppData\LocalLow\Temp

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-13 17:21 - 2019-02-18 21:00 - 000000000 ____D C:\Users\Michal\AppData\Local\CrashDumps
2019-04-13 17:21 - 2019-02-18 19:31 - 000000000 ____D C:\Users\Michal\AppData\Local\Timeular
2019-04-13 17:21 - 2019-02-18 19:14 - 000000000 ____D C:\Users\Michal\AppData\Roaming\RansomStopper
2019-04-13 17:21 - 2019-02-18 18:12 - 000000000 ____D C:\ProgramData\NVIDIA
2019-04-13 17:21 - 2018-09-15 09:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-13 17:03 - 2019-02-18 22:41 - 000000000 ____D C:\Program Files (x86)\Windscribe
2019-04-13 16:45 - 2019-02-18 19:32 - 000000000 ____D C:\Program Files (x86)\ASUS
2019-04-13 16:22 - 2018-09-15 09:33 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2019-04-13 16:21 - 2019-02-21 22:01 - 000000000 ____D C:\Program Files (x86)\TREZOR Bridge
2019-04-13 16:21 - 2019-02-18 20:35 - 000000000 ___RD C:\Users\Michal\Creative Cloud Files
2019-04-13 16:21 - 2019-02-18 19:31 - 000000000 ____D C:\Program Files\Timeular
2019-04-13 16:21 - 2019-02-18 19:30 - 000000000 ____D C:\Users\Michal\AppData\Local\Adobe
2019-04-13 16:21 - 2018-09-15 09:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-13 16:21 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\AppReadiness
2019-04-13 09:01 - 2019-02-19 21:18 - 000000000 ____D C:\Windows\Microsoft Antimalware
2019-04-13 00:48 - 2019-02-25 14:20 - 000000000 ____D C:\Users\Michal\AppData\LocalLow\Mozilla
2019-04-13 00:47 - 2019-02-18 19:18 - 000000000 ____D C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2019-04-13 00:39 - 2019-02-18 17:57 - 000795988 _____ C:\Windows\system32\PerfStringBackup.INI
2019-04-13 00:39 - 2018-09-15 09:31 - 000000000 ____D C:\Windows\INF
2019-04-13 00:35 - 2019-02-19 02:51 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-04-13 00:35 - 2019-02-18 20:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-04-13 00:34 - 2018-09-15 08:09 - 000524288 _____ C:\Windows\system32\config\BBI
2019-04-13 00:28 - 2019-02-25 14:20 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-04-13 00:12 - 2019-02-18 21:31 - 000000000 ____D C:\Users\Michal\Documents\Adobe
2019-04-13 00:12 - 2019-02-18 20:26 - 000000000 ___HD C:\adobeTemp
2019-04-13 00:12 - 2019-02-18 18:02 - 000000000 ____D C:\Users\Michal\AppData\Roaming\Adobe
2019-04-13 00:09 - 2019-02-18 21:35 - 000000000 ____D C:\Users\Public\Documents\Adobe
2019-04-13 00:04 - 2019-02-18 20:36 - 000000000 ____D C:\Program Files\Common Files\Adobe
2019-04-13 00:03 - 2019-02-18 20:35 - 000000000 ____D C:\Program Files\Adobe
2019-04-12 23:56 - 2019-02-18 21:43 - 000000000 ____D C:\Users\Michal\AppData\Local\ElevatedDiagnostics
2019-04-12 23:55 - 2019-02-18 20:24 - 000000000 ____D C:\ProgramData\Adobe
2019-04-12 23:53 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\system32\NDF
2019-04-12 23:48 - 2019-02-19 02:51 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-04-12 22:48 - 2018-09-15 09:23 - 000000000 ____D C:\Windows\CbsTemp
2019-04-12 17:04 - 2019-02-19 02:51 - 000105984 ____N C:\Windows\Minidump\041219-31250-01.dmp
2019-04-12 15:31 - 2019-02-21 17:12 - 000000000 ____D C:\Users\Michal\AppData\Roaming\OctaneRender
2019-04-11 22:30 - 2019-03-05 12:56 - 000000000 ____D C:\totalcmd
2019-04-10 19:59 - 2019-02-19 02:51 - 000373016 _____ C:\Windows\system32\FNTCACHE.DAT
2019-04-10 13:52 - 2018-09-15 11:11 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-04-10 13:52 - 2018-09-15 09:33 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2019-04-10 13:52 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\SysWOW64\Dism
2019-04-10 13:52 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\system32\oobe
2019-04-10 13:52 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\PolicyDefinitions
2019-04-10 13:52 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\bcastdvr
2019-04-10 13:52 - 2018-09-15 08:09 - 000000000 ____D C:\Windows\system32\Dism
2019-04-10 10:26 - 2019-02-18 19:15 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-10 10:11 - 2019-02-19 11:38 - 000000000 ____D C:\Program Files\7-Zip
2019-04-10 09:45 - 2019-02-18 18:10 - 000000000 ____D C:\Windows\system32\MRT
2019-04-10 09:43 - 2019-02-18 18:10 - 131129288 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-04-09 18:25 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2019-04-09 14:04 - 2019-03-04 19:40 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2019-04-09 14:04 - 2019-03-04 19:40 - 000002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2019-04-09 14:01 - 2019-02-19 02:51 - 000000000 ____D C:\Windows\system32\Drivers\wd
2019-04-07 23:28 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\LiveKernelReports
2019-04-07 22:18 - 2019-02-18 20:53 - 000002165 _____ C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2019-04-07 18:18 - 2019-02-18 21:29 - 000000000 ____D C:\Users\Public\Documents\AdobeInstalledCodecs
2019-04-07 08:44 - 2019-02-18 19:31 - 000000000 ____D C:\Users\Michal\AppData\Roaming\Timeular
2019-04-06 22:49 - 2019-02-18 18:01 - 000000000 ____D C:\Users\Michal
2019-04-02 00:12 - 2019-03-09 15:55 - 000000000 ____D C:\Users\Michal\AppData\Roaming\vlc
2019-04-01 20:02 - 2018-09-15 09:36 - 000835480 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-04-01 20:02 - 2018-09-15 09:36 - 000179608 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-03-31 22:23 - 2019-02-18 20:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2019-03-29 20:53 - 2019-03-06 11:41 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-03-29 19:33 - 2019-02-18 18:04 - 000003382 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1342014794-1341724580-1558506771-1001
2019-03-29 19:33 - 2019-02-18 18:04 - 000000000 ___RD C:\Users\Michal\OneDrive
2019-03-29 19:33 - 2019-02-18 18:01 - 000002370 _____ C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-03-28 15:20 - 2019-02-18 19:15 - 000003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-03-28 15:20 - 2019-02-18 19:15 - 000003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-03-27 10:50 - 2019-02-20 17:06 - 000000000 _____ C:\Users\Michal\Documents\CIV_LogFile.txt
2019-03-20 19:09 - 2019-02-18 19:31 - 000000000 ____D C:\BluetoothExchangeFolder
2019-03-19 21:01 - 2019-02-19 13:29 - 000000081 _____ C:\Users\Michal\AppData\Local\FILM_AE_LogFile.txt
2019-03-16 14:18 - 2019-02-18 19:38 - 000000000 ____D C:\ProgramData\Logishrd
2019-03-14 10:41 - 2019-02-18 18:02 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-03-14 10:41 - 2019-02-18 18:02 - 000000000 ___RD C:\Users\Michal\3D Objects
2019-03-14 01:58 - 2018-09-15 09:33 - 000000000 ___RD C:\Program Files\Windows Defender
2019-03-14 01:58 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\TextInput
2019-03-14 01:58 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\system32\appraiser
2019-03-14 01:58 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\ShellExperiences

==================== Files in the root of some directories =======

2019-03-06 11:51 - 2019-03-06 11:51 - 000001456 _____ () C:\Users\Michal\AppData\Local\Adobe Save for Web 13.0 Prefs
2019-02-19 13:29 - 2019-03-19 21:01 - 000000081 _____ () C:\Users\Michal\AppData\Local\FILM_AE_LogFile.txt
2019-02-18 20:24 - 2019-02-18 20:24 - 000000410 _____ () C:\Users\Michal\AppData\Local\oobelibMkey.log
2019-04-12 12:32 - 2019-04-12 12:32 - 000007607 _____ () C:\Users\Michal\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2019-03-03 03:19 - 2019-03-03 03:19 - 000546952 _____ (Logitech) C:\Users\Michal\AppData\Local\Temp\LDeviceInstaller.exe
2019-04-12 23:50 - 2018-12-15 02:46 - 000058848 _____ (Logitech Inc.) C:\Users\Michal\AppData\Local\Temp\LogiOptionsfileUninstaller.exe
2019-04-12 23:50 - 2018-12-15 02:55 - 000259304 _____ (Logitech Inc.) C:\Users\Michal\AppData\Local\Temp\LogiOptionsUninstaller.exe
2019-03-03 03:19 - 2019-03-03 03:19 - 004139656 _____ (Logitech, Inc.) C:\Users\Michal\AppData\Local\Temp\PlugInInstallerUtility.exe
2019-03-03 03:19 - 2019-03-03 03:19 - 002729096 _____ (Logitech, Inc.) C:\Users\Michal\AppData\Local\Temp\PlugInInstallLib.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by Michal (13-04-2019 17:24:57)
Running from E:\download
Windows 10 Pro Version 1809 17763.437 (X64) (2019-02-18 15:53:31)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1342014794-1341724580-1558506771-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1342014794-1341724580-1558506771-503 - Limited - Disabled)
Guest (S-1-5-21-1342014794-1341724580-1558506771-501 - Limited - Disabled)
Michal (S-1-5-21-1342014794-1341724580-1558506771-1001 - Administrator - Enabled) => C:\Users\Michal
WDAGUtilityAccount (S-1-5-21-1342014794-1341724580-1558506771-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.06 (x64) (HKLM\...\7-Zip) (Version: 18.06 - Igor Pavlov)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
Adobe After Effects 2019 (HKLM-x32\...\AEFT_16_1_1) (Version: 16.1.1 - Adobe Systems Incorporated)
Adobe Audition 2019 (HKLM-x32\...\AUDT_12_1) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.8.1.435 - Adobe Systems Incorporated)
Adobe Fuse CC (Beta) (HKLM-x32\...\{B57067F9-E97B-46EE-94F5-179373B81A6C}) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Illustrator 2019 (HKLM-x32\...\ILST_23_0_3) (Version: 23.0.3 - Adobe Systems Incorporated)
Adobe Lightroom CC (HKLM-x32\...\LRCC_2_2_1) (Version: 2.2.1 - Adobe Systems Incorporated)
Adobe Media Encoder 2019 (HKLM-x32\...\AME_13_1) (Version: 13.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0_4) (Version: 20.0.4 - Adobe Systems Incorporated)
Adobe Premiere Pro 2019 (HKLM-x32\...\PPRO_13_1) (Version: 13.1 - Adobe Systems Incorporated)
AI Suite 3 (HKLM-x32\...\{CD36E28B-6023-469A-91E7-049A2874EC13}) (Version: 3.00.13 - ASUSTeK Computer Inc.)
Anki (HKLM-x32\...\Anki) (Version: - )
Cinema 4D 20.030 (HKLM\...\MAXONE3565005) (Version: 20.030 - MAXON Computer GmbH)
CSR Harmony Wireless Software Stack (HKLM\...\{17DEA095-8EE1-49A2-AC5A-9663DB098FA9}) (Version: 2.1.63.0 - Cambridge Silicon Radio Limited.)
Display Pilot (HKLM-x32\...\{6DD25D67-4339-47A1-950E-EEFC321CBB24}) (Version: 2.71.002 - Portrait Displays, Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 417.71 - NVIDIA Corporation) Hidden
f.lux (HKU\S-1-5-21-1342014794-1341724580-1558506771-1001\...\Flux) (Version: - f.lux Software LLC)
f.lux (HKU\S-1-5-21-1342014794-1341724580-1558506771-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019162331867\...\Flux) (Version: - f.lux Software LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{3DAC4F8C-80E6-4204-8A58-747FA4CBAA03}) (Version: 16.0.246 - Intel Corporation)
Logitech Options (HKLM\...\LogiOptions) (Version: 7.12.43 - Logitech)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-1342014794-1341724580-1558506771-1001\...\OneDriveSetup.exe) (Version: 19.033.0218.0011 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1342014794-1341724580-1558506771-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019162331867\...\OneDriveSetup.exe) (Version: 19.033.0218.0011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Mozilla Firefox 66.0.3 (x64 sk) (HKLM\...\Mozilla Firefox 66.0.3 (x64 sk)) (Version: 66.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 65.0.1 - Mozilla)
Mozilla Thunderbird 60.5.3 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 60.5.3 (x86 en-US)) (Version: 60.5.3 - Mozilla)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.13 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 417.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 417.71 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.17.0.126 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.17.0.126 - NVIDIA Corporation)
NVIDIA Graphics Driver 417.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 417.71 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
Pivot Pro Plugin (HKLM-x32\...\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}) (Version: 9.61.004 - Portrait Displays, Inc.) Hidden
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
RansomStopper (HKLM-x32\...\{e00d8975-8fe0-4558-aede-1a866ada852a}) (Version: 3.1.1 - CyberSight Inc.)
RansomStopper 3.1.1 (HKLM\...\{AC9656E6-873F-4E9C-9157-868A9102D28F}) (Version: 3.1.1 - CyberSight Inc) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7848 - Realtek Semiconductor Corp.)
RescuePRO Deluxe 6.0.2.7 (HKLM-x32\...\{38D9AAB8-116B-40BB-A801-50B71DF82D24}_is1) (Version: 6.0.2.7 - LC Technology International, Inc.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.2.0.1610 - Samsung Electronics)
SDK (HKLM-x32\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 3.02.002 - Portrait Displays, Inc.) Hidden
Timeular 2.0.1 (HKLM\...\1fd0dfa9-499a-520d-8e28-ff5f601ac38d) (Version: 2.0.1 - Timeular GmbH)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.21a - Ghisler Software GmbH)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebM for Premiere (HKLM\...\{7BCAE84F-ACE9-4089-87BB-75B914551743}) (Version: 1.0.0 - fnord software)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.83 Build 18 - Windscribe Limited)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1342014794-1341724580-1558506771-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019162331867_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-1342014794-1341724580-1558506771-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019162331867_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-97D5B1B13351} -> [Creative Cloud Files] => C:\Users\Michal\Creative Cloud Files [2019-02-18 20:35]
CustomCLSID: HKU\S-1-5-21-1342014794-1341724580-1558506771-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019162331867_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
CustomCLSID: HKU\S-1-5-21-1342014794-1341724580-1558506771-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-1342014794-1341724580-1558506771-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-97D5B1B13351} -> [Creative Cloud Files] => C:\Users\Michal\Creative Cloud Files [2019-02-18 20:35]
CustomCLSID: HKU\S-1-5-21-1342014794-1341724580-1558506771-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-06] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-06] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-06] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-06] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2019-01-11] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [PortraitDisplaysContextMenu] -> {8602BDD8-9780-4717-B89A-7F89AF75B2AB} => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\shellmenu64.dll [2013-06-18] (Portrait Displays, Inc. -> Portrait Displays, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-06] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08B465C0-05C6-43C3-A15C-3CA42FF349AB} - System32\Tasks\AdwCleaner_onReboot => E:\download\adwcleaner_7.3.exe (Malwarebytes Corporation -> Malwarebytes)
Task: {0A6DDD43-9870-4963-A8A0-39143F7B988F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {0B4D1890-A029-4B23-AE82-63F94A355D57} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe (ASUSTeK Computer Inc. -> )
Task: {1524899E-CE69-43CD-B672-E82782BA4AF4} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {1811579C-B130-4F54-B13D-329DF003AD57} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1AF6D001-3AF4-4E39-A2A7-FE6C8B633E94} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {20275C84-870A-40B9-82FB-0D6D2A12209E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {281CB350-92B5-4C0C-847E-439CBEBB6D8E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {2D713048-F73C-4973-AFEB-1978189C250D} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3489CBE4-A355-4CAC-9DBF-FEA843B125C5} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3558E271-CF25-464F-AA89-CDFA0BCB215C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {4A987506-45DE-40D0-8D80-363C12EAD35D} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4CC9AC4F-EA5B-4173-B10F-BB1764D6192E} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4D902ACC-C243-4348-BF0D-99E70674A593} - System32\Tasks\RestartRSServices => "C:\ProgramData\CyberSight\RansomStopper\StartServices.cmd"
Task: {52576AF6-904F-4860-8B18-41F3FD6A3BB2} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6E9B6C98-2F6E-4AE1-B876-62AC32B085D1} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-SBCHK78-Michal => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {8619E772-1F72-42AC-A881-156781A04E94} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {93B23056-4319-4921-A020-E4B576BB411D} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-SBCHK78-Michal => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {B4B033E3-2C97-4656-BFAC-09C74664E6FC} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
Task: {B94AD81E-A1EF-40E1-BF3E-E5DD169D910F} - System32\Tasks\ASUS\GpuFanHelper => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe (ASUSTeK Computer Inc. -> TODO: <Company name>)
Task: {CAE48223-A637-4F7D-BBC7-D401D5102FFE} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E3AEC995-9DAE-4318-AA66-4024857D76EC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {E6E734F6-42C6-4CBE-97AF-814F96E22950} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ECE4212E-9A96-49D5-9A5A-7236DBE899AE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {F2F5305A-8CA9-42D1-80E9-20262560CED9} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F41B3531-7589-446D-911D-082535C9E457} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TREZOR Chrome Extension.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=jcjjhjgimijdkoamemaghajlhegmoclj

==================== Loaded Modules (Whitelisted) ==============

2018-10-17 19:29 - 2018-10-17 19:29 - 001342976 _____ (Cryptlex, LLC.) [File not signed] C:\Program Files\RansomStopper\Service\LexActivator.dll
2018-10-17 19:29 - 2018-10-17 19:29 - 000626176 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\RansomStopper\Service\libssl-1_1-x64.dll
2018-10-17 19:29 - 2018-10-17 19:29 - 003135488 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\RansomStopper\Service\libcrypto-1_1-x64.dll
2018-10-30 22:53 - 2018-10-30 22:53 - 000071680 _____ () [File not signed] C:\Program Files\RansomStopper\Service\snappy.dll
2018-04-27 19:39 - 2018-04-27 19:39 - 001825280 _____ () [File not signed] C:\Program Files\RansomStopper\Service\cpprest_2_10.dll
2018-04-27 19:19 - 2018-04-27 19:19 - 000023552 _____ () [File not signed] C:\Program Files\RansomStopper\Service\boost_system-vc141-mt-x64-1_67.dll
2018-04-27 19:20 - 2018-04-27 19:20 - 000052736 _____ () [File not signed] C:\Program Files\RansomStopper\Service\boost_date_time-vc141-mt-x64-1_67.dll
2018-04-27 19:27 - 2018-04-27 19:27 - 000364544 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\RansomStopper\Service\SSLEAY32.dll
2018-04-27 19:27 - 2018-04-27 19:27 - 002298368 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\RansomStopper\Service\LIBEAY32.dll
2018-04-27 19:33 - 2018-04-27 19:33 - 000087040 _____ () [File not signed] C:\Program Files\RansomStopper\Service\zlib1.dll
2019-02-19 11:38 - 2018-12-30 09:00 - 000077824 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-02-18 19:33 - 2017-10-30 05:15 - 000147456 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2019-02-18 19:33 - 2017-10-30 05:15 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsAcpi.dll
2019-02-18 19:33 - 2017-10-30 05:15 - 000676864 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\asacpiEx.dll
2019-02-18 21:18 - 2017-12-20 21:01 - 000193536 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\ASUS\VGA COM\2.00.03\AsusGpuTweak.dll
2019-02-18 21:18 - 2017-11-28 03:57 - 000062464 _____ () [File not signed] C:\Program Files (x86)\ASUS\VGA COM\2.00.03\Exeio.dll
2019-02-18 21:18 - 2017-05-03 18:17 - 000106496 _____ (ASUSTek Computer Inc.,) [File not signed] C:\Program Files (x86)\ASUS\VGA COM\2.00.03\EIO.DLL
2019-02-18 21:18 - 2017-11-28 03:57 - 001772544 _____ () [File not signed] C:\Program Files (x86)\ASUS\VGA COM\2.00.03\Vender.dll
2019-02-18 19:33 - 2017-10-30 05:15 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsMultiLang.dll
2019-02-18 21:18 - 2017-11-24 18:47 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\AsMultiLang.dll
2019-02-18 21:18 - 2017-11-24 18:48 - 000082432 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\IccHelper.dll
2019-03-06 11:41 - 2019-03-29 20:53 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-03-06 11:41 - 2019-03-29 20:53 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-03-06 11:41 - 2019-03-29 20:53 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-03-06 11:41 - 2019-03-29 20:53 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-03-06 11:41 - 2019-03-29 20:53 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-03-06 11:41 - 2019-03-29 20:53 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-03-06 11:41 - 2019-03-29 20:53 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-03-06 11:41 - 2019-03-29 20:53 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-03-06 11:41 - 2019-03-29 20:53 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-03-29 20:53 - 2019-03-29 20:53 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-03-29 20:53 - 2019-03-29 20:53 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-03-06 11:41 - 2019-03-29 20:53 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-03-29 20:53 - 2019-03-29 20:53 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-03-29 20:53 - 2019-03-29 20:53 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-03-29 20:53 - 2019-03-29 20:53 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-03-29 20:53 - 2019-03-29 20:53 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-03-29 20:53 - 2019-03-29 20:53 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-03-29 20:53 - 2019-03-29 20:53 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-03-29 20:53 - 2019-03-29 20:53 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2019-02-18 21:18 - 2017-11-24 18:47 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\asacpi.dll
2019-02-18 21:18 - 2017-11-24 18:47 - 000676864 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\asacpiEx.dll
2019-02-18 21:18 - 2017-11-24 18:48 - 000082432 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\IccHelper.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-04-01 01:41 - 2019-04-13 17:04 - 000000904 _____ C:\Windows\system32\drivers\etc\hosts

185.156.174.10 cz-001.whiskergalaxy.com #added by Windscribe, do not modify.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: %INTEL_DEV_REDIST%redist\intel64_win\compiler;%INTEL_DEV_REDIST%redist\intel64\compiler;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019162331834\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019162331853\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1342014794-1341724580-1558506771-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1342014794-1341724580-1558506771-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019162331867\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 10.255.255.3 - 213.46.172.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9A03C5E8-B639-4A77-B59D-A1240E696338}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{35534C3F-3DE1-4548-993D-96C6899846D8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C94F5C83-7BEC-45B2-B426-302A98FF1534}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4D5FDF03-EA18-4C49-A60C-03CD2D0AE60F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5CDB70FC-E8B6-49F7-91EB-FC7FD3763A09}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4C3A270A-AD11-4C0D-8390-FE9F6E4CE87E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{E3E8F6DF-17C1-4F7F-A78C-AA6EEBFA003A}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [UDP Query User{8D1F8CA7-3494-48F7-BCC9-5B843F60D7FB}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [{F18BC48E-B3AC-437D-A92B-244EEE1697B1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{14A3435C-421C-42C0-B853-AB04387A0B62}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{15953421-7EB3-4914-9843-7235D8870B3B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{07B252FA-B0C5-4B02-89B9-F75FE5A7183A}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)

==================== Restore Points =========================

04-04-2019 12:14:21 Scheduled Checkpoint
10-04-2019 09:43:27 Windows Update
13-04-2019 16:25:10 Windows Update
13-04-2019 16:25:25 Windows Update

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/13/2019 05:21:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.17763.348, time stamp: 0x03d46193
Faulting module name: dthook.dll_unloaded, version: 0.0.0.0, time stamp: 0x582e359c
Exception code: 0xc0000005
Fault offset: 0x0000000000007d10
Faulting process id: 0x3950
Faulting application start time: 0x01d4f2041a294cf4
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: dthook.dll
Report Id: 1c987ee3-5784-4dfc-ba6b-255fdb5c2443
Faulting package full name:
Faulting package-relative application ID:

Error: (04/13/2019 05:04:26 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: DESKTOP-SBCHK78)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Error: (04/13/2019 05:04:25 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: DESKTOP-SBCHK78)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Error: (04/13/2019 12:48:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.17763.348, time stamp: 0x03d46193
Faulting module name: dthook.dll_unloaded, version: 0.0.0.0, time stamp: 0x582e359c
Exception code: 0xc0000005
Fault offset: 0x0000000000007d10
Faulting process id: 0x136c
Faulting application start time: 0x01d4f180b7af69d3
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: dthook.dll
Report Id: a01173e7-53f8-480f-aad9-9c58266dec83
Faulting package full name:
Faulting package-relative application ID:

Error: (04/12/2019 11:18:31 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Archiv-HDD (F:) was not optimized because an error was encountered: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (04/12/2019 10:54:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CsrBtOBEXService.exe, version: 2.1.63.0, time stamp: 0x4f68683b
Faulting module name: CsrBtOBEXService.exe, version: 2.1.63.0, time stamp: 0x4f68683b
Exception code: 0xc0000005
Fault offset: 0x0000000000006f58
Faulting process id: 0xefc
Faulting application start time: 0x01d4f170dd764008
Faulting application path: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
Faulting module path: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
Report Id: c675afbe-9f71-47b7-a11d-abd82a9ca439
Faulting package full name:
Faulting package-relative application ID:

Error: (04/12/2019 10:45:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CsrBtOBEXService.exe, version: 2.1.63.0, time stamp: 0x4f68683b
Faulting module name: CsrBtOBEXService.exe, version: 2.1.63.0, time stamp: 0x4f68683b
Exception code: 0xc0000005
Fault offset: 0x0000000000006f58
Faulting process id: 0x1054
Faulting application start time: 0x01d4f16e5ac298b8
Faulting application path: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
Faulting module path: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
Report Id: 85206e7d-90fd-405a-b9cb-4c333ec62ecc
Faulting package full name:
Faulting package-relative application ID:

Error: (04/12/2019 10:27:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CsrBtOBEXService.exe, version: 2.1.63.0, time stamp: 0x4f68683b
Faulting module name: CsrBtOBEXService.exe, version: 2.1.63.0, time stamp: 0x4f68683b
Exception code: 0xc0000005
Fault offset: 0x0000000000006f58
Faulting process id: 0x298
Faulting application start time: 0x01d4f16b64c56b6f
Faulting application path: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
Faulting module path: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
Report Id: 6e5a2aa3-e80f-4561-bbcb-87ded9c9c0ec
Faulting package full name:
Faulting package-relative application ID:

System errors:
=============
Error: (04/13/2019 05:21:30 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-SBCHK78)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-SBCHK78\Michal SID (S-1-5-21-1342014794-1341724580-1558506771-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/13/2019 05:21:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WindscribeService service terminated unexpectedly. It has done this 2 time(s).

Error: (04/13/2019 05:21:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (04/13/2019 05:21:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (04/13/2019 05:21:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CSR OBEX Service service terminated unexpectedly. It has done this 2 time(s).

Error: (04/13/2019 05:21:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CSR Bluetooth Audio Service service terminated unexpectedly. It has done this 2 time(s).

Error: (04/13/2019 05:21:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CSR Bluetooth Service service terminated unexpectedly. It has done this 2 time(s).

Error: (04/13/2019 05:21:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Telemetry Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Windows Defender:
===================================
Date: 2019-04-13 00:01:35.463
Description:
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HDBox\Setup.exe has been blocked from modifying %userprofile%\Documents\Adobe\Premiere Pro CC 2019\Learn Panel\panel-payloads\content\tutorial_working-with-audio\ by Controlled Folder Access.
Detection time: 2019-04-12T22:01:35.463Z
Path: %userprofile%\Documents\Adobe\Premiere Pro CC 2019\Learn Panel\panel-payloads\content\tutorial_working-with-audio\
Process Name: C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HDBox\Setup.exe
Signature Version: 1.291.1757.0
Engine Version: 1.1.15800.1
Product Version: 4.18.1903.4

Date: 2019-04-13 00:00:57.239
Description:
E:\download\sysinspector_nt64_enu.exe has been blocked from modifying E:\download\ by Controlled Folder Access.
Detection time: 2019-04-12T22:00:57.239Z
Path: E:\download\
Process Name: E:\download\sysinspector_nt64_enu.exe
Signature Version: 1.291.1757.0
Engine Version: 1.1.15800.1
Product Version: 4.18.1903.4

Date: 2019-04-12 23:53:10.021
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C47D95D4-7AA8-4DD9-9FFE-1FBB1ADBFE3C}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2019-04-12 23:50:09.710
Description:
C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe has been blocked from modifying %userprofile%\Documents\Adobe\CoreSync\ by Controlled Folder Access.
Detection time: 2019-04-12T21:50:09.705Z
Path: %userprofile%\Documents\Adobe\CoreSync\
Process Name: C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
Signature Version: 1.291.1757.0
Engine Version: 1.1.15800.1
Product Version: 4.18.1903.4

Date: 2019-04-12 22:47:58.140
Description:
Controlled Folder Access blocked C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe from making changes to memory.
Detection time: 2019-04-12T20:47:58.140Z
Path: \Device\Harddisk1\DR1
Process Name: C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
Signature Version: 1.291.1757.0
Engine Version: 1.1.15800.1
Product Version: 4.18.1903.4

Date: 2019-04-12 22:17:54.669
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.291.1735.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-04-12 22:16:37.511
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.291.1735.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-04-12 22:16:20.821
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.291.1735.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-04-12 22:16:16.727
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.291.1735.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-5820K CPU @ 3.30GHz
Percentage of memory in use: 19%
Total physical RAM: 32678.98 MB
Available physical RAM: 26446.27 MB
Total Virtual: 47014.98 MB
Available Virtual: 38751.31 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.16 GB) (Free:314.24 GB) NTFS
Drive d: (Cache-SSD) (Fixed) (Total:223.44 GB) (Free:91.21 GB) NTFS
Drive e: (Data-HDD) (Fixed) (Total:3725.9 GB) (Free:233.15 GB) NTFS
Drive f: (Archiv-HDD) (Fixed) (Total:2785.37 GB) (Free:0.25 GB) NTFS

\\?\Volume{3733fde9-eb53-4036-b640-18a86ad18428}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.1 GB) NTFS
\\?\Volume{069945e3-0f1d-41cc-9288-725181ba41d0}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 3 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 4.

==================== End of Addition.txt ============================

O co by mohlo ist ?
Dik moc by to pomohlo.

#2 Příspěvek od **Rudy** » 13 dub 2019 17:08

Zdravím!
Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Michal\AppData\Local\Temp
Task: {0A6DDD43-9870-4963-A8A0-39143F7B988F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {F41B3531-7589-446D-911D-082535C9E457} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)

EmptyTemp:
End

Uložte do E:\download jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

tiqilux · #3 Příspěvek od **tiqilux** » 13 dub 2019 19:24

Dik za rychlu reakciu. Takto to vyslo:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by Michal (administrator) on DESKTOP (13-04-2019 20:07:06)
Running from E:\download
Loaded Profiles: Michal (Available Profiles: Michal)
Platform: Windows 10 Pro Version 1809 17763.437 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SpaceAgent.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\spaceman.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe
(ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(PORTRAIT DISPLAYS, INC. -> Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
(CyberSight, Inc. -> ) C:\Program Files\RansomStopper\Service\RSAgent.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(PORTRAIT DISPLAYS, INC. -> Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Timeular GmbH -> ) C:\Program Files\Timeular\service\TimeularDriverService.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1903.4-0\MsMpEng.exe
(Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1903.4-0\NisSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19031.57.0_x64__8wekyb3d8bbwe\YourPhone.exe
(Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrHCRPServer.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrAudioguiCtrl.exe
(Cambridge Silicon Radio Ltd. -> ) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrSyncMLServer.exe
(Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe
(Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe
(Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe
(Adobe Systems, Incorporated -> ) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Michal\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(F.lux Software LLC -> f.lux Software LLC) C:\Users\Michal\AppData\Local\FluxSoftware\Flux\flux.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Timeular GmbH -> Timeular GmbH) C:\Program Files\Timeular\Timeular.exe
(Timeular GmbH -> Timeular GmbH) C:\Program Files\Timeular\Timeular.exe
(Timeular GmbH -> Timeular GmbH) C:\Program Files\Timeular\Timeular.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
(CyberSight, Inc. -> CyberSight) C:\Program Files\RansomStopper\GUI\RansomStopper.exe
(Adobe Systems Incorporated -> Adobe Inc.) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(CyberSight, Inc. -> CyberSight) C:\Program Files\RansomStopper\GUI\RansomStopper.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CyberSight, Inc. -> CyberSight) C:\Program Files\RansomStopper\GUI\RansomStopper.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(SatoshiLabs s.r.o. -> ) C:\Program Files (x86)\TREZOR Bridge\trezord.exe
(PORTRAIT DISPLAYS, INC. -> Portrait Displays, Inc) C:\Program Files (x86)\BenQ\Display Pilot\dthtml.exe
(PORTRAIT DISPLAYS, INC. -> Portrait Displays Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
(Adobe Inc. -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Adobe Systems Incorporated -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(PORTRAIT DISPLAYS, INC. -> Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelper.exe
(Portrait Displays, Inc. -> ) C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe
(Portrait Displays, Inc. -> ) C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Floater.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(PORTRAIT DISPLAYS, INC. -> ) C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe
(PORTRAIT DISPLAYS, INC. -> ) C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CsrHCRPServer] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrHCRPServer.exe [1134288 2012-03-23] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
HKLM\...\Run: [CsrAudioguiCtrl] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrAudioguiCtrl.exe [511696 2012-03-23] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
HKLM\...\Run: [CsrSyncMLServer] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrSyncMLServer.exe [244944 2012-03-23] (Cambridge Silicon Radio Ltd. -> )
HKLM\...\Run: [vksts] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe [25792 2012-03-23] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
HKLM\...\Run: [HarmonyUserStartup] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe [39128 2012-03-23] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
HKLM\...\Run: [CSRHarmonySkypePlugin] => C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe [146656 2012-03-23] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
HKLM\...\Run: [TrayApplication] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe [529616 2012-03-23] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8841472 2016-06-17] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2177160 2019-03-03] (Logitech Inc -> Logitech, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2410960 2019-03-01] (Adobe Systems Incorporated -> Adobe Inc.)
HKLM-x32\...\Run: [PivotSoftware] => C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe [112424 2013-06-18] (Portrait Displays, Inc. -> )
HKLM-x32\...\Run: [DT BEN] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [122336 2016-11-18] (PORTRAIT DISPLAYS, INC. -> Portrait Displays, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [4810288 2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)
HKU\S-1-5-21-1342014794-1341724580-1558506771-1001\...\Run: [RansomStopper] => C:\Program Files\RansomStopper\GUI\RansomStopper.exe [81308672 2018-11-27] (CyberSight, Inc. -> CyberSight)
HKU\S-1-5-21-1342014794-1341724580-1558506771-1001\...\Run: [GoogleChromeAutoLaunch_7999338B87431E4923015A2D4B0F7CC3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1716720 2019-04-04] (Google LLC -> Google Inc.)
HKU\S-1-5-21-1342014794-1341724580-1558506771-1001\...\Run: [f.lux] => C:\Users\Michal\AppData\Local\FluxSoftware\Flux\flux.exe [1376264 2019-04-03] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-1342014794-1341724580-1558506771-1001\...\Run: [Timeular] => C:\Program Files\Timeular\Timeular.exe [67932080 2019-04-05] (Timeular GmbH -> Timeular GmbH)
HKU\S-1-5-21-1342014794-1341724580-1558506771-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [10097840 2018-09-08] (Windscribe Limited -> Windscribe Limited)
HKU\S-1-5-21-1342014794-1341724580-1558506771-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5933616 2019-03-25] (Adobe Inc. -> Adobe Systems Incorporated)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-10] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{5355DA8C-FE32-49b4-A567-A67535C86592}] -> C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BLEtokenCredentialProvider.dll [2012-03-23] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RansomStopper.lnk [2019-02-18]
ShortcutTarget: RansomStopper.lnk -> C:\Program Files\RansomStopper\GUI\RansomStopper.exe (CyberSight, Inc. -> CyberSight)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TREZOR Bridge.lnk [2019-02-21]
ShortcutTarget: TREZOR Bridge.lnk -> C:\Program Files (x86)\TREZOR Bridge\trezord.exe (SatoshiLabs s.r.o. -> )

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 185.156.174.10 cz-001.whiskergalaxy.com #added by Windscribe, do not modify.
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{97ce071a-48ea-4317-a330-5d13f21dad4f}: [DhcpNameServer] 213.46.172.36 213.46.172.37

Internet Explorer:
==================
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-02-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-02-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-02-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-02-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-02-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-02-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-01-20] (Skype Technologies SA -> Skype Technologies)

FireFox:
========
FF DefaultProfile: ynswfrvn.default
FF ProfilePath: C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\ynswfrvn.default [2019-04-13]
FF Extension: (uBlock Origin) - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\ynswfrvn.default\Extensions\uBlock0@raymondhill.net.xpi [2019-03-13]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2019-01-31]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-03-01] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2019-01-11] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2019-01-11] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-03-01] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.sk/
CHR StartupUrls: Default -> "hxxp://websearch.searchbomb.info/?pid=377&r=2013/11/25&hid=11459849472601307050&lg=EN&cc=SK&unqvl=42","hxxps://www.google.com/"
CHR DefaultSearchKeyword: Default -> lp
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default [2019-04-13]
CHR Extension: (Slides) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-18]
CHR Extension: (Docs) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-18]
CHR Extension: (Google Drive) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2019-02-18]
CHR Extension: (YouTube) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-18]
CHR Extension: (uBlock Origin) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-04-03]
CHR Extension: (Adobe Acrobat) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-04-02]
CHR Extension: (Gmail Offline) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2019-02-18]
CHR Extension: (minerBlock) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\emikbbbebcdfohonlaifafnoanocnebl [2019-02-18]
CHR Extension: (Full Page Screen Capture) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2019-02-18]
CHR Extension: (Sheets) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-18]
CHR Extension: (Google Calendar) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2019-03-26]
CHR Extension: (Pinterest Save Button) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2019-04-03]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2019-03-22]
CHR Extension: (feedly) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2019-02-18]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2019-04-09]
CHR Extension: (Windscribe - Free VPN and Ad Blocker) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2019-02-18]
CHR Extension: (Toshl Finance) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\igkglemnonbchhapbnnmfjgebfphlcce [2019-02-18]
CHR Extension: (TREZOR Password Manager) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\imloifkgjagghnncjkhggdhalmcnfklk [2019-03-28]
CHR Extension: (TREZOR Chrome Extension) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcjjhjgimijdkoamemaghajlhegmoclj [2019-02-18]
CHR Extension: (Grammarly for Chrome) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-04-11]
CHR Extension: (Evernote Web) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2019-02-18]
CHR Extension: (Save to Pocket) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2019-04-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-18]
CHR Extension: (Gmail) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-02-18]
CHR Extension: (Chrome Media Router) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-26]
CHR Extension: (Privacy Badger) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2019-02-21]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2019-03-01] (Adobe Systems Incorporated -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-25] (ASUSTeK Computer Inc. -> ) [File not signed]
S2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.33\AsusFanControlService.exe [1340376 2017-12-05] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 BtSwitcherService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe [64216 2012-03-23] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
R2 CSRBtAudioService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe [465624 2012-03-23] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
R2 CsrBtOBEXService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe [1041616 2012-03-23] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
R2 CsrBtService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe [825032 2012-03-23] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [142816 2016-11-18] (PORTRAIT DISPLAYS, INC. -> Portrait Displays, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
R2 RSAgent; C:\Program Files\RansomStopper\Service\RSAgent.exe [1549312 2018-11-27] (CyberSight, Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5382448 2019-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TimeularDriverService; C:\Program Files\Timeular\service\TimeularDriverService.exe [463792 2019-04-05] (Timeular GmbH -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\NisSrv.exe [3856504 2019-04-09] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MsMpEng.exe [113992 2019-04-09] (Microsoft Corporation -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [493232 2018-09-08] (Windscribe Limited -> Windscribe Limited)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology Corp. -> Wacom Technology, Corp.)
S2 asComSvc; "C:\Program Files (x86)\ASUS\AXSP\4.00.01\atkexComSvc.exe" [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2017-12-26] (ASUSTeK Computer Inc. -> )
R0 csmon; C:\Windows\System32\DRIVERS\csmon.sys [47808 2018-11-06] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 CsrBtPort; C:\Windows\system32\DRIVERS\CsrBtPort.sys [2784968 2012-03-23] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrhidmini; C:\Windows\System32\drivers\csrhidmini.sys [29896 2012-03-23] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrpan; C:\Windows\System32\drivers\csrpan.sys [39616 2012-03-23] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrserial; C:\Windows\system32\DRIVERS\csrserial.sys [61128 2012-03-23] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrusb; C:\Windows\System32\Drivers\csrusb.sys [47296 2012-03-23] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2012-03-23] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
R3 e1dexpress; C:\Windows\System32\DriverStore\FileRepository\e1d68x64.inf_amd64_9b64147bed2d44a1\e1d68x64.sys [567872 2019-01-31] (Intel(R) INTELND1820 -> Intel Corporation)
R3 hidkmdf; C:\Windows\System32\drivers\hidkmdf.sys [14136 2014-08-06] (Wacom Technology Corp. -> Windows (R) Win 7 DDK provider)
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [34064 2017-12-26] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-04-13] (Malwarebytes Corporation -> Malwarebytes)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5db32447b43ce666\nvlddmkm.sys [20461984 2019-01-12] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-01-16] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [74576 2019-01-11] (NVIDIA Corporation -> NVIDIA Corporation)
R3 tapwindscribe0901; C:\Windows\System32\drivers\tapwindscribe0901.sys [54896 2018-07-14] (Windscribe Limited -> The OpenVPN Project)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46472 2019-04-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [35584 2018-02-27] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [343520 2019-04-09] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [68576 2019-04-09] (Microsoft Windows -> Microsoft Corporation)
R0 ZVDiskProt; C:\Windows\system32\DRIVERS\ZVDiskProt.sys [40512 2018-11-06] (Microsoft Windows Hardware Compatibility Publisher -> ZitoVault)
S3 esihdrv; \??\C:\Users\Michal\AppData\Local\Temp\esihdrv.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-13 20:06 - 2019-04-13 20:06 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-04-13 17:02 - 2019-04-13 20:07 - 000000000 ____D C:\FRST
2019-04-13 09:01 - 2019-04-13 20:04 - 080216064 _____ C:\Windows\system32\config\SOFTWARE
2019-04-13 00:21 - 2019-04-13 00:23 - 000000000 ____D C:\AdwCleaner
2019-04-13 00:12 - 2019-04-13 00:12 - 000001045 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2019.lnk
2019-04-13 00:09 - 2019-04-13 00:09 - 000001231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects 2019.lnk
2019-04-13 00:04 - 2019-04-13 00:04 - 000002480 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator 2019.lnk
2019-04-13 00:03 - 2019-04-13 00:03 - 000001020 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom CC.lnk
2019-04-13 00:03 - 2019-04-13 00:03 - 000001008 _____ C:\Users\Michal\Desktop\Lightroom CC.lnk
2019-04-13 00:01 - 2019-04-13 00:01 - 000001111 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro 2019.lnk
2019-04-12 23:57 - 2019-04-12 23:57 - 000001078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition 2019.lnk
2019-04-12 23:54 - 2019-04-12 23:54 - 000001123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder 2019.lnk
2019-04-12 23:50 - 2019-04-12 23:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2019-04-12 23:50 - 2019-04-12 23:50 - 000000000 ____D C:\Program Files\Logitech
2019-04-12 12:32 - 2019-04-12 12:32 - 000007607 _____ C:\Users\Michal\AppData\Local\Resmon.ResmonCfg
2019-04-11 15:42 - 2019-04-13 00:48 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-04-10 09:50 - 2019-04-10 09:50 - 026810368 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 023440896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 020815360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 019025408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 017513472 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 015223296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 012843520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 012139008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 009682744 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 008898048 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 007919104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 007883776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 007877120 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 007645608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 006925824 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 006544824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 006440960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 006309040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 006071296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 005765120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 005436904 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 005205448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 004866560 _____ (Microsoft Corporation) C:\Windows\system32\Windows.AI.MachineLearning.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 004704272 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 004660224 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 004588536 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 004527624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 004304896 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 003982848 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 003904512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 003690496 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 003657728 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 003656192 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 003602944 _____ (Microsoft Corporation) C:\Windows\system32\tellib.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 003557888 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 003551112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 003496448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.AI.MachineLearning.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 003421696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 003384832 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 003377976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 003334496 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 003334144 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 002995712 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 002942464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 002925880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 002871304 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 002842624 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 002777224 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 002765312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 002701304 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 002689024 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 002627384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 002592816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 002469376 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 002438368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 002346496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 002275896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 002189312 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 002127360 _____ (Microsoft Corporation) C:\Windows\system32\wsp_fs.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 002073960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 002042368 _____ (Microsoft Corporation) C:\Windows\system32\Windows.CloudStore.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001994768 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001969464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 001918464 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001892864 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001886208 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001860096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001844448 _____ (Microsoft Corporation) C:\Windows\system32\D3D12.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001830200 _____ (Microsoft Corporation) C:\Windows\system32\rdpserverbase.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001760768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001711104 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001701888 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001697752 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-04-10 09:50 - 2019-04-10 09:50 - 001687552 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001674480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001671680 _____ (Microsoft Corporation) C:\Windows\system32\InstallService.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001671352 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001647632 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001641400 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001616384 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001615872 ____R (The ICU Project) C:\Windows\SysWOW64\icuin.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001605120 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001590064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpserverbase.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001567232 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001521664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_fs.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001506304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001478968 _____ (Microsoft Corporation) C:\Windows\system32\rdpbase.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001468952 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 001467344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001459080 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001458056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3D12.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001395056 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001387520 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvruserservice.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001370624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001360184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 001342400 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-04-10 09:50 - 2019-04-10 09:50 - 001315328 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001311232 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Vpn.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001309696 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001297120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001294520 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001259320 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2019-04-10 09:50 - 2019-04-10 09:50 - 001259320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 001256448 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001221944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpbase.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001217024 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001213752 _____ (Microsoft Corporation) C:\Windows\system32\drvstore.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001191728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001179680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 001155072 ____R (The ICU Project) C:\Windows\SysWOW64\icuuc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001145856 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001133568 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApiPublic.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001072424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001064448 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001058304 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2019-04-10 09:50 - 2019-04-10 09:50 - 001057792 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 001054200 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 001047552 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001035776 _____ (Microsoft Corporation) C:\Windows\system32\ShareHost.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001026792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001019392 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001007616 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 001001472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000998712 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000984888 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000982880 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000982528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Vpn.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000981816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refsv1.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 000976896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000974352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000964096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000949248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000948224 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000927232 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000926208 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApi.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000912384 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000909840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000897536 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000888320 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000884224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApiPublic.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000882688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000882176 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2019-04-10 09:50 - 2019-04-10 09:50 - 000877056 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.BackgroundMediaPlayback.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000874496 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000865792 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000855040 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Playback.MediaPlayer.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000850760 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000845824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ShareHost.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000840192 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000828728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000821048 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000815616 _____ (Microsoft Corporation) C:\Windows\system32\fvewiz.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000809784 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000807424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdiWiFi.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 000793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000776192 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000772608 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000769536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 000766480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000762880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprddm.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000757664 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000756736 _____ (Microsoft Corporation) C:\Windows\system32\DolbyHrtfEnc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000740352 _____ (Microsoft Corporation) C:\Windows\system32\cscsvc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000737080 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000731648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000730936 _____ (Microsoft Corporation) C:\Windows\system32\LicensingWinRT.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000730112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000725928 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000712192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000711168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApi.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000701440 _____ (Microsoft Corporation) C:\Windows\system32\FrameServer.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000699392 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Language.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000684032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000676352 _____ (Microsoft Corporation) C:\Windows\system32\AppReadiness.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000672256 _____ (Microsoft Corporation) C:\Windows\system32\configmanager2.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000671232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fveapi.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000660480 _____ (Microsoft Corporation) C:\Windows\system32\OneDriveSettingSyncProvider.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000653040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000651064 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000649064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000642048 _____ (Microsoft Corporation) C:\Windows\system32\SharedRealitySvc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000620560 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000617984 _____ (Microsoft Corporation) C:\Windows\system32\AssignedAccessManager.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000617784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicensingWinRT.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000611840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.LowLevel.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000609792 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000604008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000598544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000593920 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000580024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000579072 _____ (Microsoft Corporation) C:\Windows\system32\netprofmsvc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000568632 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000553784 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000552448 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000551936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 000551936 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000543744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 000540672 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2019-04-10 09:50 - 2019-04-10 09:50 - 000540448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000531968 _____ (Microsoft Corporation) C:\Windows\system32\sppcext.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000528384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000522752 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000513040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000508208 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Enumeration.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000506880 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseAppMgmtSvc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000506168 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000505344 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000500224 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_PCDisplay.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppcext.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000485192 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase_enclave.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000475648 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000474928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2019-04-10 09:50 - 2019-04-10 09:50 - 000469504 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000466432 _____ (Microsoft Corporation) C:\Windows\system32\slui.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\rdpshell.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000463672 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000461112 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000460800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmenrollengine.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000454144 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\LockAppBroker.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000448000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.Printing.Workflow.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000424960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000414720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2019-04-10 09:50 - 2019-04-10 09:50 - 000408528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Enumeration.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000407552 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000407504 _____ (Microsoft Corporation) C:\Windows\system32\wevtapi.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000404792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 000392704 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000386360 _____ (Microsoft Corporation) C:\Windows\system32\thumbcache.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000385536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.LowLevel.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000384312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000372224 _____ (Microsoft Corporation) C:\Windows\system32\bdechangepin.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppBroker.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000363520 _____ (Microsoft Corporation) C:\Windows\system32\rdpinit.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000358912 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEnroller.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000349184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000346624 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000343984 _____ (Microsoft Corporation) C:\Windows\system32\AudioSrvPolicyManager.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000343552 _____ (Microsoft Corporation) C:\Windows\system32\RADCUI.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000332800 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000331776 _____ (Microsoft Corporation) C:\Windows\system32\fvecpl.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000324096 _____ (Microsoft Corporation) C:\Windows\system32\sppcommdlg.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000322568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000317240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssecflt.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 000316416 _____ (Microsoft Corporation) C:\Windows\system32\FSClient.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000312632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\thumbcache.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fveapibase.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000309760 _____ (Microsoft Corporation) C:\Windows\system32\fveui.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000301568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 000294912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RADCUI.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000283032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtapi.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000264704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000263680 _____ (Microsoft Corporation) C:\Windows\system32\WiFiCloudStore.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000263600 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000257696 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000255128 _____ (Microsoft Corporation) C:\Windows\system32\SgrmBroker.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000246784 _____ (Microsoft Corporation) C:\Windows\system32\tetheringservice.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\SharedPCCSP.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000224768 _____ (Microsoft Corporation) C:\Windows\system32\BitLockerCsp.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000201216 _____ (Microsoft Corporation) C:\Windows\system32\wincredui.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000188416 _____ (Microsoft Corporation) C:\Windows\system32\DMPushRouterCore.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000183296 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Radios.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000182784 _____ (Microsoft Corporation) C:\Windows\system32\Windows.SharedPC.CredentialProvider.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000179712 _____ (Microsoft Corporation) C:\Windows\system32\wuuhosdeployment.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000177152 _____ (Microsoft Corporation) C:\Windows\system32\LanguageComponentsInstaller.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000176640 _____ (Microsoft Corporation) C:\Windows\system32\spacebridge.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\drvinst.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000159744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredui.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000159272 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000157496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 000155136 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.SerialCommunication.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000147496 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000143880 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000143872 _____ (Microsoft Corporation) C:\Windows\system32\oleprn.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BitLockerCsp.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\mdmmigrator.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000138752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 000134456 _____ (Microsoft Corporation) C:\Windows\system32\ImplatSetup.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000133120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Radios.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000121344 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\RjvMDMConfig.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000115360 _____ (Microsoft Corporation) C:\Windows\system32\phoneactivate.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleprn.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\negoexts.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000111104 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000108032 _____ (Microsoft Corporation) C:\Windows\system32\drvsetup.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000107832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000107008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.SerialCommunication.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000098664 _____ (Microsoft Corporation) C:\Windows\system32\mpr.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000097808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 000097280 _____ (Microsoft Corporation) C:\Windows\system32\EduPrintProv.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000096256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000089600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvsetup.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000089336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpr.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000087040 _____ (Microsoft Corporation) C:\Windows\system32\mssecuser.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\KdsCli.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dtdump.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 000071208 _____ (Microsoft Corporation) C:\Windows\system32\win32appinventorycsp.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000067072 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000066048 _____ (Microsoft Corporation) C:\Windows\system32\ntlanman.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\RDSPnf.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntlanman.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000049664 _____ (Microsoft Corporation) C:\Windows\system32\cscapi.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000049152 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\dataclen.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\nshhttp.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\cmintegrator.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscapi.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\perfproc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000039936 _____ (Microsoft Corporation) C:\Windows\system32\perfts.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000039736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WppRecorder.sys
2019-04-10 09:50 - 2019-04-10 09:50 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfproc.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshhttp.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dataclen.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000035640 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\sxssrv.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfts.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\RpcPing.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\cscdll.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmintegrator.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RpcPing.exe
2019-04-10 09:50 - 2019-04-10 09:50 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscdll.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2019-04-10 09:50 - 2019-04-10 09:50 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2019-04-10 09:50 - 2019-04-10 09:50 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2019-04-10 09:50 - 2019-04-10 09:50 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2019-04-10 09:50 - 2019-04-10 09:50 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2019-04-10 09:50 - 2019-04-10 09:50 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2019-04-10 09:50 - 2019-04-10 09:50 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2019-04-10 09:50 - 2019-04-10 09:50 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2019-04-10 09:50 - 2019-04-10 09:50 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2019-04-10 09:49 - 2019-04-10 09:50 - 001022616 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 007687576 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 004991112 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 002720256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2019-04-10 09:49 - 2019-04-10 09:49 - 002022304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 002017792 _____ C:\Windows\system32\rdpnano.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 001856000 ____R (The ICU Project) C:\Windows\system32\icuin.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 001672704 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 001496576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 001253688 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2019-04-10 09:49 - 2019-04-10 09:49 - 001053192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ClipSp.sys
2019-04-10 09:49 - 2019-04-10 09:49 - 001044280 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2019-04-10 09:49 - 2019-04-10 09:49 - 000871792 _____ (Microsoft Corporation) C:\Windows\system32\ClipSVC.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000865784 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000822272 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-04-10 09:49 - 2019-04-10 09:49 - 000799568 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000793832 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000761280 _____ (Microsoft Corporation) C:\Windows\system32\pkeyhelper.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000675096 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000651792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2019-04-10 09:49 - 2019-04-10 09:49 - 000607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000556544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000447488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000421392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2019-04-10 09:49 - 2019-04-10 09:49 - 000386872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000385024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000370688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000368640 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000349184 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000306488 _____ (Microsoft Corporation) C:\Windows\system32\computestorage.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000300032 _____ (Microsoft Corporation) C:\Windows\system32\wc_storage.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000234808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netvsc.sys
2019-04-10 09:49 - 2019-04-10 09:49 - 000195896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spacedump.sys
2019-04-10 09:49 - 2019-04-10 09:49 - 000169784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wcifs.sys
2019-04-10 09:49 - 2019-04-10 09:49 - 000165376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spacebridge.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000159112 _____ (Microsoft Corporation) C:\Windows\system32\winquic.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000156984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winquic.sys
2019-04-10 09:49 - 2019-04-10 09:49 - 000131384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2019-04-10 09:49 - 2019-04-10 09:49 - 000100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\negoexts.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000095544 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000090424 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2019-04-10 09:49 - 2019-04-10 09:49 - 000048128 _____ (Microsoft Corporation) C:\Windows\system32\wcimage.dll
2019-04-05 23:11 - 2019-04-13 17:53 - 000000000 ____D C:\Windows\Minidump
2019-04-05 09:31 - 2019-04-05 09:31 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01011.Wdf
2019-04-05 09:18 - 2019-04-05 09:18 - 001795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2019-04-05 09:18 - 2019-04-05 09:18 - 001002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2019-04-05 09:18 - 2019-04-05 09:18 - 000000000 ____D C:\ProgramData\TimeularDriverService
2019-04-02 11:54 - 2019-04-02 11:54 - 000000080 ___SH C:\bootTel.dat
2019-03-20 19:04 - 2019-04-12 23:50 - 000000000 ____D C:\Users\Michal\AppData\Local\Deployment
2019-03-20 19:04 - 2019-03-20 19:04 - 000000000 ____D C:\Users\Michal\AppData\Local\Apps\2.0
2019-03-18 17:08 - 2019-03-18 17:08 - 000000531 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
2019-03-18 17:08 - 2019-03-18 17:08 - 000000519 _____ C:\Users\Public\Desktop\Anki.lnk
2019-03-18 17:08 - 2019-03-18 17:08 - 000000000 ____D C:\Program Files\Anki
2019-03-14 22:46 - 2019-04-13 20:03 - 000000000 ____D C:\Users\Michal\AppData\LocalLow\Temp

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-13 20:07 - 2019-02-18 18:12 - 000000000 ____D C:\ProgramData\NVIDIA
2019-04-13 20:06 - 2019-02-21 22:01 - 000000000 ____D C:\Program Files (x86)\TREZOR Bridge
2019-04-13 20:06 - 2019-02-18 22:41 - 000000000 ____D C:\Program Files (x86)\Windscribe
2019-04-13 20:06 - 2019-02-18 20:35 - 000000000 ___RD C:\Users\Michal\Creative Cloud Files
2019-04-13 20:06 - 2019-02-18 19:31 - 000000000 ____D C:\Users\Michal\AppData\Local\Timeular
2019-04-13 20:06 - 2019-02-18 19:31 - 000000000 ____D C:\Program Files\Timeular
2019-04-13 20:06 - 2019-02-18 19:30 - 000000000 ____D C:\Users\Michal\AppData\Local\Adobe
2019-04-13 20:06 - 2019-02-18 19:14 - 000000000 ____D C:\Users\Michal\AppData\Roaming\RansomStopper
2019-04-13 20:05 - 2019-02-19 02:51 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-04-13 20:05 - 2018-09-15 09:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-13 20:04 - 2018-09-15 08:09 - 000524288 _____ C:\Windows\system32\config\BBI
2019-04-13 20:03 - 2019-02-18 21:00 - 000000000 ____D C:\Users\Michal\AppData\Local\CrashDumps
2019-04-13 19:59 - 2019-02-19 02:51 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-04-13 19:59 - 2018-09-15 09:31 - 000000000 ____D C:\Windows\INF
2019-04-13 19:14 - 2019-02-18 17:57 - 000795988 _____ C:\Windows\system32\PerfStringBackup.INI
2019-04-13 17:45 - 2018-09-15 09:33 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2019-04-13 16:45 - 2019-02-18 19:32 - 000000000 ____D C:\Program Files (x86)\ASUS
2019-04-13 16:21 - 2018-09-15 09:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-13 16:21 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\AppReadiness
2019-04-13 09:01 - 2019-02-19 21:18 - 000000000 ____D C:\Windows\Microsoft Antimalware
2019-04-13 00:48 - 2019-02-25 14:20 - 000000000 ____D C:\Users\Michal\AppData\LocalLow\Mozilla
2019-04-13 00:47 - 2019-02-18 19:18 - 000000000 ____D C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2019-04-13 00:35 - 2019-02-18 20:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-04-13 00:28 - 2019-02-25 14:20 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-04-13 00:12 - 2019-02-18 21:31 - 000000000 ____D C:\Users\Michal\Documents\Adobe
2019-04-13 00:12 - 2019-02-18 20:26 - 000000000 ___HD C:\adobeTemp
2019-04-13 00:12 - 2019-02-18 18:02 - 000000000 ____D C:\Users\Michal\AppData\Roaming\Adobe
2019-04-13 00:09 - 2019-02-18 21:35 - 000000000 ____D C:\Users\Public\Documents\Adobe
2019-04-13 00:04 - 2019-02-18 20:36 - 000000000 ____D C:\Program Files\Common Files\Adobe
2019-04-13 00:03 - 2019-02-18 20:35 - 000000000 ____D C:\Program Files\Adobe
2019-04-12 23:56 - 2019-02-18 21:43 - 000000000 ____D C:\Users\Michal\AppData\Local\ElevatedDiagnostics
2019-04-12 23:55 - 2019-02-18 20:24 - 000000000 ____D C:\ProgramData\Adobe
2019-04-12 23:53 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\system32\NDF
2019-04-12 22:48 - 2018-09-15 09:23 - 000000000 ____D C:\Windows\CbsTemp
2019-04-12 15:31 - 2019-02-21 17:12 - 000000000 ____D C:\Users\Michal\AppData\Roaming\OctaneRender
2019-04-11 22:30 - 2019-03-05 12:56 - 000000000 ____D C:\totalcmd
2019-04-10 19:59 - 2019-02-19 02:51 - 000373016 _____ C:\Windows\system32\FNTCACHE.DAT
2019-04-10 13:52 - 2018-09-15 11:11 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-04-10 13:52 - 2018-09-15 09:33 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2019-04-10 13:52 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\SysWOW64\Dism
2019-04-10 13:52 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\system32\oobe
2019-04-10 13:52 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\PolicyDefinitions
2019-04-10 13:52 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\bcastdvr
2019-04-10 13:52 - 2018-09-15 08:09 - 000000000 ____D C:\Windows\system32\Dism
2019-04-10 10:26 - 2019-02-18 19:15 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-10 10:11 - 2019-02-19 11:38 - 000000000 ____D C:\Program Files\7-Zip
2019-04-10 09:45 - 2019-02-18 18:10 - 000000000 ____D C:\Windows\system32\MRT
2019-04-10 09:43 - 2019-02-18 18:10 - 131129288 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-04-09 18:25 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2019-04-09 14:04 - 2019-03-04 19:40 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2019-04-09 14:04 - 2019-03-04 19:40 - 000002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2019-04-09 14:01 - 2019-02-19 02:51 - 000000000 ____D C:\Windows\system32\Drivers\wd
2019-04-07 23:28 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\LiveKernelReports
2019-04-07 22:18 - 2019-02-18 20:53 - 000002165 _____ C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2019-04-07 18:18 - 2019-02-18 21:29 - 000000000 ____D C:\Users\Public\Documents\AdobeInstalledCodecs
2019-04-07 08:44 - 2019-02-18 19:31 - 000000000 ____D C:\Users\Michal\AppData\Roaming\Timeular
2019-04-06 22:49 - 2019-02-18 18:01 - 000000000 ____D C:\Users\Michal
2019-04-02 00:12 - 2019-03-09 15:55 - 000000000 ____D C:\Users\Michal\AppData\Roaming\vlc
2019-04-01 20:02 - 2018-09-15 09:36 - 000835480 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-04-01 20:02 - 2018-09-15 09:36 - 000179608 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-03-31 22:23 - 2019-02-18 20:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2019-03-29 20:53 - 2019-03-06 11:41 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-03-29 19:33 - 2019-02-18 18:04 - 000003382 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1342014794-1341724580-1558506771-1001
2019-03-29 19:33 - 2019-02-18 18:04 - 000000000 ___RD C:\Users\Michal\OneDrive
2019-03-29 19:33 - 2019-02-18 18:01 - 000002370 _____ C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-03-27 10:50 - 2019-02-20 17:06 - 000000000 _____ C:\Users\Michal\Documents\CIV_LogFile.txt
2019-03-20 19:09 - 2019-02-18 19:31 - 000000000 ____D C:\BluetoothExchangeFolder
2019-03-19 21:01 - 2019-02-19 13:29 - 000000081 _____ C:\Users\Michal\AppData\Local\FILM_AE_LogFile.txt
2019-03-16 14:18 - 2019-02-18 19:38 - 000000000 ____D C:\ProgramData\Logishrd
2019-03-14 10:41 - 2019-02-18 18:02 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-03-14 10:41 - 2019-02-18 18:02 - 000000000 ___RD C:\Users\Michal\3D Objects
2019-03-14 01:58 - 2018-09-15 09:33 - 000000000 ___RD C:\Program Files\Windows Defender
2019-03-14 01:58 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\TextInput
2019-03-14 01:58 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\system32\appraiser
2019-03-14 01:58 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\ShellExperiences

==================== Files in the root of some directories =======

2019-03-06 11:51 - 2019-03-06 11:51 - 000001456 _____ () C:\Users\Michal\AppData\Local\Adobe Save for Web 13.0 Prefs
2019-02-19 13:29 - 2019-03-19 21:01 - 000000081 _____ () C:\Users\Michal\AppData\Local\FILM_AE_LogFile.txt
2019-02-18 20:24 - 2019-02-18 20:24 - 000000410 _____ () C:\Users\Michal\AppData\Local\oobelibMkey.log
2019-04-12 12:32 - 2019-04-12 12:32 - 000007607 _____ () C:\Users\Michal\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by Michal (13-04-2019 20:08:22)
Running from E:\download
Windows 10 Pro Version 1809 17763.437 (X64) (2019-02-18 15:53:31)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1342014794-1341724580-1558506771-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1342014794-1341724580-1558506771-503 - Limited - Disabled)
Guest (S-1-5-21-1342014794-1341724580-1558506771-501 - Limited - Disabled)
Michal (S-1-5-21-1342014794-1341724580-1558506771-1001 - Administrator - Enabled) => C:\Users\Michal
WDAGUtilityAccount (S-1-5-21-1342014794-1341724580-1558506771-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.06 (x64) (HKLM\...\7-Zip) (Version: 18.06 - Igor Pavlov)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
Adobe After Effects 2019 (HKLM-x32\...\AEFT_16_1_1) (Version: 16.1.1 - Adobe Systems Incorporated)
Adobe Audition 2019 (HKLM-x32\...\AUDT_12_1) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.8.1.435 - Adobe Systems Incorporated)
Adobe Fuse CC (Beta) (HKLM-x32\...\{B57067F9-E97B-46EE-94F5-179373B81A6C}) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Illustrator 2019 (HKLM-x32\...\ILST_23_0_3) (Version: 23.0.3 - Adobe Systems Incorporated)
Adobe Lightroom CC (HKLM-x32\...\LRCC_2_2_1) (Version: 2.2.1 - Adobe Systems Incorporated)
Adobe Media Encoder 2019 (HKLM-x32\...\AME_13_1) (Version: 13.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0_4) (Version: 20.0.4 - Adobe Systems Incorporated)
Adobe Premiere Pro 2019 (HKLM-x32\...\PPRO_13_1) (Version: 13.1 - Adobe Systems Incorporated)
AI Suite 3 (HKLM-x32\...\{CD36E28B-6023-469A-91E7-049A2874EC13}) (Version: 3.00.13 - ASUSTeK Computer Inc.)
Anki (HKLM-x32\...\Anki) (Version: - )
CSR Harmony Wireless Software Stack (HKLM\...\{17DEA095-8EE1-49A2-AC5A-9663DB098FA9}) (Version: 2.1.63.0 - Cambridge Silicon Radio Limited.)
Display Pilot (HKLM-x32\...\{6DD25D67-4339-47A1-950E-EEFC321CBB24}) (Version: 2.71.002 - Portrait Displays, Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 417.71 - NVIDIA Corporation) Hidden
f.lux (HKU\S-1-5-21-1342014794-1341724580-1558506771-1001\...\Flux) (Version: - f.lux Software LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{3DAC4F8C-80E6-4204-8A58-747FA4CBAA03}) (Version: 16.0.246 - Intel Corporation)
Logitech Options (HKLM\...\LogiOptions) (Version: 7.12.43 - Logitech)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-1342014794-1341724580-1558506771-1001\...\OneDriveSetup.exe) (Version: 19.033.0218.0011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Mozilla Firefox 66.0.3 (x64 sk) (HKLM\...\Mozilla Firefox 66.0.3 (x64 sk)) (Version: 66.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 65.0.1 - Mozilla)
Mozilla Thunderbird 60.5.3 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 60.5.3 (x86 en-US)) (Version: 60.5.3 - Mozilla)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.13 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 417.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 417.71 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.17.0.126 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.17.0.126 - NVIDIA Corporation)
NVIDIA Graphics Driver 417.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 417.71 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
Pivot Pro Plugin (HKLM-x32\...\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}) (Version: 9.61.004 - Portrait Displays, Inc.) Hidden
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
RansomStopper (HKLM-x32\...\{e00d8975-8fe0-4558-aede-1a866ada852a}) (Version: 3.1.1 - CyberSight Inc.)
RansomStopper 3.1.1 (HKLM\...\{AC9656E6-873F-4E9C-9157-868A9102D28F}) (Version: 3.1.1 - CyberSight Inc) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7848 - Realtek Semiconductor Corp.)
ReelSmart Motion Blur 4, After Effects-compatible plugin set (HKLM-x32\...\ReelSmart Motion Blur 4, After Effects-compatible plugin set) (Version: - )
RescuePRO Deluxe 6.0.2.7 (HKLM-x32\...\{38D9AAB8-116B-40BB-A801-50B71DF82D24}_is1) (Version: 6.0.2.7 - LC Technology International, Inc.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.2.0.1610 - Samsung Electronics)
SDK (HKLM-x32\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 3.02.002 - Portrait Displays, Inc.) Hidden
Timeular 2.0.1 (HKLM\...\1fd0dfa9-499a-520d-8e28-ff5f601ac38d) (Version: 2.0.1 - Timeular GmbH)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.21a - Ghisler Software GmbH)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebM for Premiere (HKLM\...\{7BCAE84F-ACE9-4089-87BB-75B914551743}) (Version: 1.0.0 - fnord software)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.83 Build 18 - Windscribe Limited)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1342014794-1341724580-1558506771-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-1342014794-1341724580-1558506771-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-97D5B1B13351} -> [Creative Cloud Files] => C:\Users\Michal\Creative Cloud Files [2019-02-18 20:35]
CustomCLSID: HKU\S-1-5-21-1342014794-1341724580-1558506771-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-06] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-06] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-06] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-06] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2019-01-11] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [PortraitDisplaysContextMenu] -> {8602BDD8-9780-4717-B89A-7F89AF75B2AB} => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\shellmenu64.dll [2013-06-18] (Portrait Displays, Inc. -> Portrait Displays, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-06] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B4D1890-A029-4B23-AE82-63F94A355D57} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe (ASUSTeK Computer Inc. -> )
Task: {1524899E-CE69-43CD-B672-E82782BA4AF4} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {1811579C-B130-4F54-B13D-329DF003AD57} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1AF6D001-3AF4-4E39-A2A7-FE6C8B633E94} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {20275C84-870A-40B9-82FB-0D6D2A12209E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {281CB350-92B5-4C0C-847E-439CBEBB6D8E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {2D713048-F73C-4973-AFEB-1978189C250D} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3489CBE4-A355-4CAC-9DBF-FEA843B125C5} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3558E271-CF25-464F-AA89-CDFA0BCB215C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {4A987506-45DE-40D0-8D80-363C12EAD35D} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4CC9AC4F-EA5B-4173-B10F-BB1764D6192E} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4D902ACC-C243-4348-BF0D-99E70674A593} - System32\Tasks\RestartRSServices => "C:\ProgramData\CyberSight\RansomStopper\StartServices.cmd"
Task: {52576AF6-904F-4860-8B18-41F3FD6A3BB2} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6E9B6C98-2F6E-4AE1-B876-62AC32B085D1} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-SBCHK78-Michal => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {8619E772-1F72-42AC-A881-156781A04E94} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {93B23056-4319-4921-A020-E4B576BB411D} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-SBCHK78-Michal => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {B4B033E3-2C97-4656-BFAC-09C74664E6FC} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
Task: {B94AD81E-A1EF-40E1-BF3E-E5DD169D910F} - System32\Tasks\ASUS\GpuFanHelper => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe (ASUSTeK Computer Inc. -> TODO: <Company name>)
Task: {CAE48223-A637-4F7D-BBC7-D401D5102FFE} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E3AEC995-9DAE-4318-AA66-4024857D76EC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {E6E734F6-42C6-4CBE-97AF-814F96E22950} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ECE4212E-9A96-49D5-9A5A-7236DBE899AE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {F2F5305A-8CA9-42D1-80E9-20262560CED9} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TREZOR Chrome Extension.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=jcjjhjgimijdkoamemaghajlhegmoclj

==================== Loaded Modules (Whitelisted) ==============

2019-02-18 21:12 - 2014-04-25 00:29 - 001360016 _____ (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
2018-10-17 19:29 - 2018-10-17 19:29 - 001342976 _____ (Cryptlex, LLC.) [File not signed] C:\Program Files\RansomStopper\Service\LexActivator.dll
2018-10-17 19:29 - 2018-10-17 19:29 - 000626176 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\RansomStopper\Service\libssl-1_1-x64.dll
2018-10-17 19:29 - 2018-10-17 19:29 - 003135488 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\RansomStopper\Service\libcrypto-1_1-x64.dll
2018-10-30 22:53 - 2018-10-30 22:53 - 000071680 _____ () [File not signed] C:\Program Files\RansomStopper\Service\snappy.dll
2018-04-27 19:39 - 2018-04-27 19:39 - 001825280 _____ () [File not signed] C:\Program Files\RansomStopper\Service\cpprest_2_10.dll
2018-04-27 19:20 - 2018-04-27 19:20 - 000052736 _____ () [File not signed] C:\Program Files\RansomStopper\Service\boost_date_time-vc141-mt-x64-1_67.dll
2018-04-27 19:19 - 2018-04-27 19:19 - 000023552 _____ () [File not signed] C:\Program Files\RansomStopper\Service\boost_system-vc141-mt-x64-1_67.dll
2018-04-27 19:27 - 2018-04-27 19:27 - 000364544 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\RansomStopper\Service\SSLEAY32.dll
2018-04-27 19:33 - 2018-04-27 19:33 - 000087040 _____ () [File not signed] C:\Program Files\RansomStopper\Service\zlib1.dll
2018-04-27 19:27 - 2018-04-27 19:27 - 002298368 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\RansomStopper\Service\LIBEAY32.dll
2019-02-19 11:38 - 2018-12-30 09:00 - 000077824 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-03-10 02:52 - 2019-03-10 02:52 - 032393728 _____ (Dolby) [File not signed] C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_2.4.521.0_x64__rz1tebttyb220\DolbyUWP.dll
2019-02-18 18:51 - 2019-02-18 18:51 - 000948736 _____ () [File not signed] C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_2.4.521.0_x64__rz1tebttyb220\e_sqlite3.dll
2019-02-18 19:31 - 2019-04-05 09:18 - 001955328 _____ () [File not signed] C:\Program Files\Timeular\ffmpeg.dll
2019-02-18 19:31 - 2019-04-05 09:18 - 017863680 _____ (Node.js) [File not signed] C:\Program Files\Timeular\node.dll
2019-04-13 20:06 - 2019-04-13 20:06 - 000104960 _____ () [File not signed] \\?\C:\Users\Michal\AppData\Local\Temp\be02a9b8-aaea-4622-b950-24a7d9853143.tmp.node
2019-04-13 20:06 - 2019-04-13 20:06 - 000278528 _____ () [File not signed] \\?\C:\Users\Michal\AppData\Local\Temp\ce6b8f25-9eef-4a6a-8150-38baf5d8a4d6.tmp.node
2019-04-13 20:06 - 2019-04-13 20:06 - 000351744 _____ () [File not signed] \\?\C:\Users\Michal\AppData\Local\Temp\7b7c1bdd-c8bd-4b7f-97ef-15a48a3234a6.tmp.node
2019-04-13 20:06 - 2019-04-13 20:06 - 000116736 _____ () [File not signed] \\?\C:\Users\Michal\AppData\Local\Temp\6eddf6d6-3412-4683-99b5-aa25d240c345.tmp.node
2019-04-13 20:06 - 2019-04-13 20:06 - 000718848 _____ () [File not signed] \\?\C:\Users\Michal\AppData\Local\Temp\0c80c2db-dd20-48b4-9fa5-f254aed56013.tmp.node
2019-02-18 19:31 - 2019-04-05 09:18 - 003687936 _____ () [File not signed] C:\Program Files\Timeular\libglesv2.dll
2019-02-18 19:31 - 2019-04-05 09:18 - 000017920 _____ () [File not signed] C:\Program Files\Timeular\libegl.dll
2018-11-27 02:44 - 2018-11-27 02:44 - 001961472 _____ () [File not signed] C:\Program Files\RansomStopper\GUI\ffmpeg.dll
2018-11-27 02:44 - 2018-11-27 02:44 - 018658304 _____ (Node.js) [File not signed] C:\Program Files\RansomStopper\GUI\node.dll
2018-11-27 02:44 - 2018-11-27 02:44 - 003429376 _____ () [File not signed] C:\Program Files\RansomStopper\GUI\libglesv2.dll
2018-11-27 02:44 - 2018-11-27 02:44 - 000017408 _____ () [File not signed] C:\Program Files\RansomStopper\GUI\libegl.dll
2019-04-13 20:06 - 2019-04-13 20:06 - 001330688 _____ () [File not signed] \\?\C:\Users\Michal\AppData\Local\Temp\2DF0.tmp.node
2019-02-18 20:49 - 2009-07-12 05:46 - 001105920 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\BenQ\Display Pilot\MFC80.DLL
2019-02-18 20:23 - 2019-02-18 20:23 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\MFC80ENU.DLL
2019-02-18 20:49 - 2013-06-18 22:24 - 000372736 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\ijl15.dll
2019-03-06 11:41 - 2019-03-29 20:53 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-03-06 11:41 - 2019-03-29 20:53 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-03-06 11:41 - 2019-03-29 20:53 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-03-06 11:41 - 2019-03-29 20:53 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-03-06 11:41 - 2019-03-29 20:53 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-03-06 11:41 - 2019-03-29 20:53 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-03-06 11:41 - 2019-03-29 20:53 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-03-06 11:41 - 2019-03-29 20:53 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-03-06 11:41 - 2019-03-29 20:53 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-03-29 20:53 - 2019-03-29 20:53 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-03-29 20:53 - 2019-03-29 20:53 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-03-06 11:41 - 2019-03-29 20:53 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-03-29 20:53 - 2019-03-29 20:53 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-03-29 20:53 - 2019-03-29 20:53 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-03-29 20:53 - 2019-03-29 20:53 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-03-29 20:53 - 2019-03-29 20:53 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-03-29 20:53 - 2019-03-29 20:53 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-03-29 20:53 - 2019-03-29 20:53 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-03-29 20:53 - 2019-03-29 20:53 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-04-01 01:41 - 2019-04-13 17:04 - 000000904 _____ C:\Windows\system32\drivers\etc\hosts

185.156.174.10 cz-001.whiskergalaxy.com #added by Windscribe, do not modify.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: %INTEL_DEV_REDIST%redist\intel64_win\compiler;%INTEL_DEV_REDIST%redist\intel64\compiler;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-1342014794-1341724580-1558506771-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 213.46.172.36 - 213.46.172.37
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9A03C5E8-B639-4A77-B59D-A1240E696338}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{35534C3F-3DE1-4548-993D-96C6899846D8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C94F5C83-7BEC-45B2-B426-302A98FF1534}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4D5FDF03-EA18-4C49-A60C-03CD2D0AE60F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5CDB70FC-E8B6-49F7-91EB-FC7FD3763A09}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4C3A270A-AD11-4C0D-8390-FE9F6E4CE87E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{E3E8F6DF-17C1-4F7F-A78C-AA6EEBFA003A}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [UDP Query User{8D1F8CA7-3494-48F7-BCC9-5B843F60D7FB}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [TCP Query User{2BC3CDAA-C979-47FB-A832-1C711B31339A}C:\program files\maxon\cinema 4d r20\cinema 4d.exe] => (Block) C:\program files\maxon\cinema 4d r20\cinema 4d.exe (MAXON Computer GmbH -> MAXON Computer GmbH)
FirewallRules: [UDP Query User{19F5E6DB-17B8-41FB-9A6E-40573A5CB69C}C:\program files\maxon\cinema 4d r20\cinema 4d.exe] => (Block) C:\program files\maxon\cinema 4d r20\cinema 4d.exe (MAXON Computer GmbH -> MAXON Computer GmbH)
FirewallRules: [TCP Query User{9BFEA628-0A2B-442E-848C-C52F0CDFABE2}C:\program files\adobe\adobe media encoder cc 2019\adobe media encoder.exe] => (Block) C:\program files\adobe\adobe media encoder cc 2019\adobe media encoder.exe (Adobe Inc. -> Adobe)
FirewallRules: [UDP Query User{B14E05C4-772C-48F6-8FCC-CC5E8E065CB7}C:\program files\adobe\adobe media encoder cc 2019\adobe media encoder.exe] => (Block) C:\program files\adobe\adobe media encoder cc 2019\adobe media encoder.exe (Adobe Inc. -> Adobe)
FirewallRules: [TCP Query User{18BAA8DF-6854-431A-8550-BF09C444EDA4}C:\program files\adobe\adobe after effects cc 2019\support files\afterfx.exe] => (Block) C:\program files\adobe\adobe after effects cc 2019\support files\afterfx.exe (Adobe Inc. -> Adobe Systems Incorporated)
FirewallRules: [UDP Query User{85FC8512-C518-409E-8B75-2FBA914A9482}C:\program files\adobe\adobe after effects cc 2019\support files\afterfx.exe] => (Block) C:\program files\adobe\adobe after effects cc 2019\support files\afterfx.exe (Adobe Inc. -> Adobe Systems Incorporated)
FirewallRules: [{F18BC48E-B3AC-437D-A92B-244EEE1697B1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{14A3435C-421C-42C0-B853-AB04387A0B62}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{517A16C2-179A-476E-9FA7-CB44CA85773A}C:\program files\adobe\adobe premiere pro cc 2019\adobe premiere pro.exe] => (Block) C:\program files\adobe\adobe premiere pro cc 2019\adobe premiere pro.exe (Adobe Inc. -> Adobe)
FirewallRules: [UDP Query User{9254C9AF-9EC7-4F52-9665-CBA19A1FA21E}C:\program files\adobe\adobe premiere pro cc 2019\adobe premiere pro.exe] => (Block) C:\program files\adobe\adobe premiere pro cc 2019\adobe premiere pro.exe (Adobe Inc. -> Adobe)
FirewallRules: [{15953421-7EB3-4914-9843-7235D8870B3B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{07B252FA-B0C5-4B02-89B9-F75FE5A7183A}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)

==================== Restore Points =========================

04-04-2019 12:14:21 Scheduled Checkpoint
10-04-2019 09:43:27 Windows Update
13-04-2019 16:25:10 Windows Update
13-04-2019 16:25:25 Windows Update

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/13/2019 08:05:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusFanControlService.exe, version: 3.0.0.0, time stamp: 0x5a25f4c2
Faulting module name: AsusFanControlService.exe, version: 3.0.0.0, time stamp: 0x5a25f4c2
Exception code: 0xc0000005
Fault offset: 0x0002ee68
Faulting process id: 0xf8c
Faulting application start time: 0x01d4f2237718e018
Faulting application path: C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.33\AsusFanControlService.exe
Faulting module path: C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.33\AsusFanControlService.exe
Report Id: b34c7b36-8c9f-4da8-9202-6288db0dcfc6
Faulting package full name:
Faulting package-relative application ID:

Error: (04/13/2019 08:03:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.17763.348, time stamp: 0x03d46193
Faulting module name: dthook.dll_unloaded, version: 0.0.0.0, time stamp: 0x582e359c
Exception code: 0xc0000005
Fault offset: 0x0000000000007d10
Faulting process id: 0xbb8
Faulting application start time: 0x01d4f20fbba89ceb
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: dthook.dll
Report Id: 2f3f14c1-0fcc-447d-bd07-4a5d4af9a992
Faulting package full name:
Faulting package-relative application ID:

Error: (04/13/2019 05:42:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusFanControlService.exe, version: 3.0.0.0, time stamp: 0x5a25f4c2
Faulting module name: AsusFanControlService.exe, version: 3.0.0.0, time stamp: 0x5a25f4c2
Exception code: 0xc0000005
Fault offset: 0x0002ee68
Faulting process id: 0xfa0
Faulting application start time: 0x01d4f20f906b0c0d
Faulting application path: C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.33\AsusFanControlService.exe
Faulting module path: C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.33\AsusFanControlService.exe
Report Id: 1934046c-1353-4e33-8133-a9737c95a8e1
Faulting package full name:
Faulting package-relative application ID:

Error: (04/13/2019 05:21:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.17763.348, time stamp: 0x03d46193
Faulting module name: dthook.dll_unloaded, version: 0.0.0.0, time stamp: 0x582e359c
Exception code: 0xc0000005
Fault offset: 0x0000000000007d10
Faulting process id: 0x3950
Faulting application start time: 0x01d4f2041a294cf4
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: dthook.dll
Report Id: 1c987ee3-5784-4dfc-ba6b-255fdb5c2443
Faulting package full name:
Faulting package-relative application ID:

Error: (04/13/2019 05:04:26 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: DESKTOP-SBCHK78)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Error: (04/13/2019 05:04:25 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: DESKTOP-SBCHK78)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Error: (04/13/2019 12:48:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.17763.348, time stamp: 0x03d46193
Faulting module name: dthook.dll_unloaded, version: 0.0.0.0, time stamp: 0x582e359c
Exception code: 0xc0000005
Fault offset: 0x0000000000007d10
Faulting process id: 0x136c
Faulting application start time: 0x01d4f180b7af69d3
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: dthook.dll
Report Id: a01173e7-53f8-480f-aad9-9c58266dec83
Faulting package full name:
Faulting package-relative application ID:

Error: (04/12/2019 11:18:31 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Archiv-HDD (F:) was not optimized because an error was encountered: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

System errors:
=============
Error: (04/13/2019 08:07:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/13/2019 08:07:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/13/2019 08:07:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.SecurityAppBroker
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/13/2019 08:06:06 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-SBCHK78)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-SBCHK78\Michal SID (S-1-5-21-1342014794-1341724580-1558506771-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/13/2019 08:05:54 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-SBCHK78)
Description: DCOM got error "2" attempting to start the service asComSvc with arguments "Unavailable" in order to run the server:
{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}

Error: (04/13/2019 08:05:52 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-SBCHK78)
Description: DCOM got error "2" attempting to start the service asComSvc with arguments "Unavailable" in order to run the server:
{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}

Error: (04/13/2019 08:05:51 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-SBCHK78)
Description: DCOM got error "2" attempting to start the service asComSvc with arguments "Unavailable" in order to run the server:
{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}

Error: (04/13/2019 08:05:51 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-SBCHK78)
Description: DCOM got error "2" attempting to start the service asComSvc with arguments "Unavailable" in order to run the server:
{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}

Windows Defender:
===================================
Date: 2019-04-13 00:01:35.463
Description:
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HDBox\Setup.exe has been blocked from modifying %userprofile%\Documents\Adobe\Premiere Pro CC 2019\Learn Panel\panel-payloads\content\tutorial_working-with-audio\ by Controlled Folder Access.
Detection time: 2019-04-12T22:01:35.463Z
Path: %userprofile%\Documents\Adobe\Premiere Pro CC 2019\Learn Panel\panel-payloads\content\tutorial_working-with-audio\
Process Name: C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HDBox\Setup.exe
Signature Version: 1.291.1757.0
Engine Version: 1.1.15800.1
Product Version: 4.18.1903.4

Date: 2019-04-13 00:00:57.239
Description:
E:\download\sysinspector_nt64_enu.exe has been blocked from modifying E:\download\ by Controlled Folder Access.
Detection time: 2019-04-12T22:00:57.239Z
Path: E:\download\
Process Name: E:\download\sysinspector_nt64_enu.exe
Signature Version: 1.291.1757.0
Engine Version: 1.1.15800.1
Product Version: 4.18.1903.4

Date: 2019-04-12 22:17:54.669
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.291.1735.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-04-12 22:16:37.511
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.291.1735.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-04-12 22:16:20.821
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.291.1735.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-04-12 22:16:16.727
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.291.1735.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-5820K CPU @ 3.30GHz
Percentage of memory in use: 14%
Total physical RAM: 32678.98 MB
Available physical RAM: 27850.89 MB
Total Virtual: 47014.98 MB
Available Virtual: 40391.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.16 GB) (Free:314.4 GB) NTFS
Drive d: (Cache-SSD) (Fixed) (Total:223.44 GB) (Free:91.21 GB) NTFS
Drive e: (Data-HDD) (Fixed) (Total:3725.9 GB) (Free:233.16 GB) NTFS
Drive f: (Archiv-HDD) (Fixed) (Total:2785.37 GB) (Free:0.25 GB) NTFS

\\?\Volume{3733fde9-eb53-4036-b640-18a86ad18428}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.1 GB) NTFS
\\?\Volume{069945e3-0f1d-41cc-9288-725181ba41d0}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 3 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 4.

==================== End of Addition.txt ============================

#4 Příspěvek od **Rudy** » 13 dub 2019 19:48

OK. Potřebuji vidět obsah souboru fixlog.txt. Najdete ho v E:\download.

tiqilux · #5 Příspěvek od **tiqilux** » 14 dub 2019 09:26

Fix result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by Michal (13-04-2019 20:02:59) Run:1
Running from E:\download
Loaded Profiles: Michal (Available Profiles: Michal)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Michal\AppData\Local\Temp
Task: {0A6DDD43-9870-4963-A8A0-39143F7B988F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {F41B3531-7589-446D-911D-082535C9E457} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\Users\Michal\AppData\Local\Temp => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A6DDD43-9870-4963-A8A0-39143F7B988F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A6DDD43-9870-4963-A8A0-39143F7B988F}" => removed successfully
"C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F41B3531-7589-446D-911D-082535C9E457}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F41B3531-7589-446D-911D-082535C9E457}" => removed successfully
"C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 779247076 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => -92328666 B
Edge => 1335840 B
Chrome => 447559892 B
Firefox => 1086332443 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 167022 B
NetworkService => 0 B
Michal => 6186377 B

RecycleBin => 0 B
EmptyTemp: => 2.1 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 20:04:12 ====

#6 Příspěvek od **Rudy** » 14 dub 2019 10:10

Smazáno. Nastala nějaká změna?

tiqilux · #7 Příspěvek od **tiqilux** » 16 dub 2019 19:52

Zdravim,
ADWCleaner ukazuje PUP.Optional.Legacy Chrome start page.
WMI procesor na 10 -20 %

Hmmm

tiqilux · #8 Příspěvek od **tiqilux** » 16 dub 2019 19:59

Restart PC po cisteni ADW >
explorer.exe error - memory could not be written - zabranuje restartu,
po restarte pri vypnuti programov zabranujucich v restarte ADW stale ukazuje ten isty 1 PUP

#9 Příspěvek od **Rudy** » 16 dub 2019 20:08

OK. Zkuste obnovu systému k datu, kdy korketně fungoval.

tiqilux · #10 Příspěvek od **tiqilux** » 17 dub 2019 10:39

V tom pripade asi len reinstall.

#11 Příspěvek od **Rudy** » 17 dub 2019 14:33

Proč? Obnovu nelze provést?

VIRY.CZ

Poprosim o kontrolu logu. Neco skryteho ?

Poprosim o kontrolu logu. Neco skryteho ?

Re: Poprosim o kontrolu logu. Neco skryteho ?

Re: Poprosim o kontrolu logu. Neco skryteho ?

Re: Poprosim o kontrolu logu. Neco skryteho ?

Re: Poprosim o kontrolu logu. Neco skryteho ?

Re: Poprosim o kontrolu logu. Neco skryteho ?

Re: Poprosim o kontrolu logu. Neco skryteho ?

Re: Poprosim o kontrolu logu. Neco skryteho ?

Re: Poprosim o kontrolu logu. Neco skryteho ?

Re: Poprosim o kontrolu logu. Neco skryteho ?

Re: Poprosim o kontrolu logu. Neco skryteho ?