VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu

https://forum.viry.cz:443/viewtopic.php?t=157113

Stránka 1 z 2

Prosím o kontrolu

Napsal: 09 kvě 2020 00:25
od verunka1242a
Asi se jedná o nějaký vir :/ z ničeho nic se mi zapne prohlížeč a tam reklama
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-05-2020
Ran by Mimic (administrator) on DESKTOP-0G63EDE (Gigabyte Technology Co., Ltd. AB350-Gaming 3) (09-05-2020 01:17:59)
Running from C:\Users\Mimic\Downloads
Loaded Profiles: Mimic & Administrator (Available Profiles: Mimic & Administrator)
Platform: Windows 10 Pro Version 1903 18362.778 (X64) Language: Angličtina (Spojené státy)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

( ) [File not signed] C:\Users\Mimic\AppData\Roaming\lmysq1uidml\2lvgbbzvbr4.exe
() [File not signed] C:\Program Files (x86)\Article\260488253.exe
() [File not signed] C:\Program Files (x86)\Google\Update\trz4546.tmp
() [File not signed] C:\Users\Mimic\AppData\Local\073bfcbc-c78a-4c6a-957d-ff527959a316\30CD.tmp.exe
() [File not signed] C:\Users\Mimic\AppData\Local\Temp\is-OGHS3.tmp\2lvgbbzvbr4.tmp
() [File not signed] C:\Users\Mimic\AppData\Roaming\baieaav
() [File not signed] C:\Users\Mimic\AppData\Roaming\Microsoft\Windows\wbfiabtc\ieaavbrc.exe
() [File not signed] C:\Windows\System32\x8TE8BjR2Z.exe
() [File not signed] D:\The.Forest.v1.12\TheForest.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_10.9.62.0_x86__nzyj5cx40ttqa\iCloud\APSDaemon.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_10.9.62.0_x86__nzyj5cx40ttqa\iCloud\iCloudChrome.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_10.9.62.0_x86__nzyj5cx40ttqa\iCloud\secd.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <2>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(bookingDesktopApp.) [File not signed] C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe
(DEVGURU Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(Discord Inc. -> Discord Inc.) C:\Users\Mimic\AppData\Local\Discord\app-0.0.306\Discord.exe <6>
(E99XY6) [File not signed] C:\Program Files\IXEX3YSQML\IXEX3YSQM.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <28>
(LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(LAVASOFT SOFTWARE CANADA INC -> Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.220.4152.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.220.4152.0_x64__8wekyb3d8bbwe\GameBarFT.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.220.4152.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\runonce.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Opera Software AS -> Opera Software) C:\Users\Mimic\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2017-11-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [108216 2020-04-22] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [4StoryPrePatch] => D:\4secret\4SecretPrePatch.exe
HKLM-x32\...\Run: [DiskFixer] => C:\Program Files (x86)\DiskFixer\DiskFixer.exe [247808 2019-07-04] () [File not signed] <==== ATTENTION
HKLM-x32\...\Run: [kissq] => C:\Users\Mimic\AppData\Local\Temp\kissq.exe************* [572416 2020-05-09] () [File not signed] <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1235492812-2151765122-4279266773-1002\...\Run: [Opera Browser Assistant] => C:\Users\Mimic\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2774040 2019-12-19] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-1235492812-2151765122-4279266773-1002\...\Run: [TSMApplication] => C:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe [1623040 2019-09-15] () [File not signed]
HKU\S-1-5-21-1235492812-2151765122-4279266773-1002\...\Run: [uTorrent] => C:\Users\Mimic\AppData\Roaming\uTorrent\uTorrent.exe [1829872 2020-04-11] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-1235492812-2151765122-4279266773-1002\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8022104 2020-04-11] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
HKU\S-1-5-21-1235492812-2151765122-4279266773-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3140376 2020-04-29] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-1235492812-2151765122-4279266773-1002\...\Run: [Discord] => C:\Users\Mimic\AppData\Local\Discord\app-0.0.306\Discord.exe [90950968 2020-02-24] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-1235492812-2151765122-4279266773-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3372832 2020-04-28] (Valve -> Valve Corporation)
HKU\S-1-5-21-1235492812-2151765122-4279266773-1002\...\Run: [1959965] => C:\Users\Mimic\AppData\Roaming\lmysq1uidml\2lvgbbzvbr4.exe [1615912 2020-05-09] ( ) [File not signed]
HKU\S-1-5-21-1235492812-2151765122-4279266773-1002\...\Run: [JP5PGCUU9J608YE] => C:\Program Files\IXEX3YSQML\IXEX3YSQM.exe [2545664 2020-05-09] (E99XY6) [File not signed]
HKU\S-1-5-21-1235492812-2151765122-4279266773-1002\...\Run: [mkqmcssb] => C:\Users\Mimic\jawdutxb.exe [12747776 2020-05-09] () [File not signed]
HKU\S-1-5-21-1235492812-2151765122-4279266773-1002\...\Run: [SysHelper] => C:\Users\Mimic\AppData\Local\073bfcbc-c78a-4c6a-957d-ff527959a316\30CD.tmp.exe [807936 2020-05-09] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-1235492812-2151765122-4279266773-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.138\Installer\chrmstp.exe [2020-05-08] (Google LLC -> Google LLC)
Startup: C:\Users\Mimic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartClock.lnk [2020-05-09]
ShortcutTarget: SmartClock.lnk -> C:\Users\Mimic\AppData\Roaming\Smart Clock\SmartClock.exe () [File not signed]
Startup: C:\Users\Mimic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2019-12-06]
ShortcutTarget: Twitch.lnk -> C:\Users\Mimic\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.)
Startup: C:\Users\Mimic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wbfiabtc.lnk [2020-05-09]
ShortcutAndArgument: wbfiabtc.lnk -> C:\Windows\System32\cmd.exe => /c start "" "C:\Users\Mimic\AppData\Roaming\Microsoft\Windows\wbfiabtc\ieaavbrc.exe"
BootExecute: autocheck autochk * aswBoot.exe /M:12cbeb31 /dir:"C:\Program Files\AVAST Software\Avast"
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B0DB705-37EA-4968-946C-030378D84EBF} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1660520 2020-02-27] (Avast Software s.r.o. -> Avast Software)
Task: {150916DD-CF36-4970-A3B7-A2585A598989} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1BD676E1-AA73-4FED-A03C-8417BAE84505} - System32\Tasks\Apple Diagnostics => C:\Users\Mimic\AppData\Local\Microsoft\WindowsApps\eReporter-AppX.exe [0 2020-04-10] ()
Task: {1D1C6C6B-9A8E-48A1-B36F-CC86593C1EC6} - System32\Tasks\NvNgxUpdateCheckDaily_{A6B397E0-97E0-97E0-97E0-A6B397E097E0} => C:\Users\Mimic\AppData\Roaming\baieaav [182784 2020-04-16] () [File not signed]
Task: {2F0A4BE8-1120-4177-B3C7-39A1529CD257} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4B9C8B00-0C44-41BE-9D13-12910D52BE9F} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {62091182-D407-4452-ADBD-F97647F845F4} - System32\Tasks\Time Trigger Task => C:\Users\Mimic\AppData\Local\073bfcbc-c78a-4c6a-957d-ff527959a316\30CD.tmp.exe [807936 2020-05-09] () [File not signed] <==== ATTENTION
Task: {622F0575-92ED-44C8-AD89-23ED90891700} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {787F1597-6AD7-4ABE-A205-EDF26D076555} - System32\Tasks\Opera scheduled Autoupdate 1573960803 => C:\Users\Mimic\AppData\Local\Programs\Opera\launcher.exe [1528344 2019-12-19] (Opera Software AS -> Opera Software)
Task: {7CE076D1-9C0A-428C-B187-C1E5E3896ED4} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3325032 2020-04-22] (Avast Software s.r.o. -> AVAST Software)
Task: {84147B29-B764-401F-A85E-ACCB02629676} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {857BF743-6CB9-4AE7-BEE6-59A3D03F1504} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-04-22] (Adobe Inc. -> Adobe)
Task: {86C9F6A5-D635-4E0B-BEF2-310250ADFF67} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {98AD43E8-36DF-4981-A1A1-AEFD90354284} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_363_pepper.exe [1454136 2020-04-22] (Adobe Inc. -> Adobe)
Task: {AA52F0B7-DA61-4995-A1FD-AAA8F2B354BE} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B85D2DC0-3A80-406C-AE72-BF7AAAACED42} - System32\Tasks\bookingDesktopAppUpdateTaskMachineCore => C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe [102400 2019-10-07] (bookingDesktopApp.) [File not signed]
Task: {C8FA0CD0-1E5F-411C-B66A-10FA1AE717D5} - System32\Tasks\bookingDesktopAppUpdateTaskMachineUA => C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe [102400 2019-10-07] (bookingDesktopApp.) [File not signed]
Task: {C9429676-507B-481A-A9A5-12BCDD4E380D} - System32\Tasks\Opera scheduled Autoupdate 711520318 => C:\Users\Mimic\AppData\Roaming\Microsoft\Windows\wbfiabtc\ieaavbrc.exe [284160 2020-04-16] () [File not signed] <==== ATTENTION
Task: {D574D76B-50D5-4C8C-AA2C-CE4B2E8BFE50} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D6A41E2D-2999-4590-9066-D69B6B045DF1} - System32\Tasks\Opera scheduled assistant Autoupdate 1573960808 => C:\Users\Mimic\AppData\Local\Programs\Opera\launcher.exe [1528344 2019-12-19] (Opera Software AS -> Opera Software)
Task: {DB685ADF-FC7D-434C-AF82-644416A0DF1C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302880 2019-12-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E1A57FA0-EC40-455E-8561-360EAE1B058D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [653848 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F6A0F20A-B5B6-4EE9-AE12-B7D81FE63911} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{5582edf2-6605-4509-9265-68cb85011cfc}: [DhcpNameServer] 213.46.172.37 213.46.172.36

Internet Explorer:
==================
HKU\S-1-5-21-1235492812-2151765122-4279266773-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT171101&iDate=2020-04-11 10:54:34&bName=
SearchScopes: HKU\S-1-5-21-1235492812-2151765122-4279266773-1002 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-12-31] (Oracle America, Inc. -> Oracle Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-04-21] (McAfee, LLC -> McAfee, LLC)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-12-31] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-12-29] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-04-21] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-12-29] (Oracle America, Inc. -> Oracle Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2020-04-21] [UpdateUrl:hxxps://www.siteadvisor.com/waffinstall/update.json]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-12-31] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-12-31] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @bookingdesktopapp.com/bookingDesktopApp Update;version=3 -> C:\Program Files (x86)\bookingDesktopApp\Update\1.3.99.0\npbookingDesktopAppUpdate3.dll [2019-10-07] (bookingDesktopApp.) [File not signed]
FF Plugin-x32: @bookingdesktopapp.com/bookingDesktopApp Update;version=9 -> C:\Program Files (x86)\bookingDesktopApp\Update\1.3.99.0\npbookingDesktopAppUpdate3.dll [2019-10-07] (bookingDesktopApp.) [File not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-12-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-12-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Mimic\AppData\Local\Google\Chrome\User Data\Default [2020-05-09]
CHR HomePage: Default -> hxxp://www.google.com
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=E210US91105G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> hxxps://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
CHR Extension: (Prezentace) - C:\Users\Mimic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-26]
CHR Extension: (Dokumenty) - C:\Users\Mimic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-26]
CHR Extension: (Disk Google) - C:\Users\Mimic\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-26]
CHR Extension: (YouTube) - C:\Users\Mimic\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-26]
CHR Extension: (Aliexpress SuperStar česky, Historie cen a koruny) - C:\Users\Mimic\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciclollkolafellcaolgccmfjldgpolo [2020-04-20]
CHR Extension: (Tabulky) - C:\Users\Mimic\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-12-26]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Mimic\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2020-04-16]
CHR Extension: (Záložky na iCloudu) - C:\Users\Mimic\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2020-05-01]
CHR Extension: (Vzdálená plocha Chrome) - C:\Users\Mimic\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-12-18]
CHR Extension: (Dokumenty Google offline) - C:\Users\Mimic\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-21]
CHR Extension: (Vysor) - C:\Users\Mimic\AppData\Local\Google\Chrome\User Data\Default\Extensions\gidgenkbbabolejbgbpnhbimgjbffefm [2020-02-13]
CHR Extension: (book_helper) - C:\Users\Mimic\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilglhooclnbolhaeopeihnnbpipkippd [2020-05-09]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Mimic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\Mimic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-24]
CHR Extension: (Chrome Media Router) - C:\Users\Mimic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-22]
CHR Profile: C:\Users\Mimic\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-05-09]
CHR Extension: (book_helper) - C:\Users\Mimic\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\ilglhooclnbolhaeopeihnnbpipkippd [2020-05-09]
CHR Profile: C:\Users\Mimic\AppData\Local\Google\Chrome\User Data\System Profile [2020-05-09]
CHR Extension: (book_helper) - C:\Users\Mimic\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\ilglhooclnbolhaeopeihnnbpipkippd [2020-05-09]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

Opera:
=======
OPR Extension: (book_helper) - C:\Users\Mimic\AppData\Roaming\Opera Software\Opera Stable\Extensions\ilglhooclnbolhaeopeihnnbpipkippd [2020-05-09]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"AarSvc_8185f3a" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\AarSvc_8185f3a => C:\WINDOWS\system32\svchost.exe [53744 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"BcastDVRUserService_8185f3a" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\BcastDVRUserService_8185f3a => C:\WINDOWS\system32\svchost.exe [53744 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"BluetoothUserService_8185f3a" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\BluetoothUserService_8185f3a => C:\WINDOWS\system32\svchost.exe [53744 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"CaptureService_8185f3a" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\CaptureService_8185f3a => C:\WINDOWS\system32\svchost.exe [53744 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"cbdhsvc_8185f3a" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\cbdhsvc_8185f3a => C:\WINDOWS\system32\svchost.exe [53744 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"CDPUserSvc_8185f3a" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\CDPUserSvc_8185f3a => C:\WINDOWS\system32\svchost.exe [53744 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"ConsentUxUserSvc_8185f3a" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\ConsentUxUserSvc_8185f3a => C:\WINDOWS\system32\svchost.exe [53744 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"CredentialEnrollmentManagerUserSvc_8185f3a" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\CredentialEnrollmentManagerUserSvc_8185f3a => C:\WINDOWS\system32\CredentialEnrollmentManager.exe [380120 2019-03-19] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"DeviceAssociationBrokerSvc_8185f3a" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\DeviceAssociationBrokerSvc_8185f3a => C:\WINDOWS\system32\svchost.exe [53744 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"DevicePickerUserSvc_8185f3a" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\DevicePickerUserSvc_8185f3a => C:\WINDOWS\system32\svchost.exe [53744 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"DevicesFlowUserSvc_8185f3a" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\DevicesFlowUserSvc_8185f3a => C:\WINDOWS\system32\svchost.exe [53744 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"DiagTrack" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\DiagTrack => C:\WINDOWS\system32\diagtrack.dll [3802624 2020-04-16] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"dmwappushservice" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\dmwappushservice => C:\WINDOWS\system32\dmwappushsvc.dll [58368 2019-03-19] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"gupdate" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\gupdate => "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc <==== ATTENTION (Rootkit!/Locked Service)
"gupdatem" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\gupdatem => "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc <==== ATTENTION (Rootkit!/Locked Service)
"MessagingService_8185f3a" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\MessagingService_8185f3a => C:\WINDOWS\system32\svchost.exe [53744 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"OneSyncSvc_8185f3a" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\OneSyncSvc_8185f3a => C:\WINDOWS\system32\svchost.exe [53744 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"PimIndexMaintenanceSvc_8185f3a" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\PimIndexMaintenanceSvc_8185f3a => C:\WINDOWS\system32\svchost.exe [53744 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"PrintWorkflowUserSvc_8185f3a" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\PrintWorkflowUserSvc_8185f3a => C:\WINDOWS\system32\svchost.exe [53744 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"SecurityHealthService" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\SecurityHealthService => C:\WINDOWS\system32\SecurityHealthService.exe [929144 2020-03-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"Sense" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\Sense => C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5930136 2020-04-16] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"UnistoreSvc_8185f3a" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\UnistoreSvc_8185f3a => C:\WINDOWS\System32\svchost.exe [53744 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"UserDataSvc_8185f3a" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\UserDataSvc_8185f3a => C:\WINDOWS\system32\svchost.exe [53744 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"WdFilter" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\WdFilter => C:\WINDOWS\system32\drivers\wd\WdFilter.sys [350136 2019-10-17] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"WdNisSvc" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\WdNisSvc => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\NisSrv.exe [3004048 2019-10-17] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"WinDefend" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\WinDefend => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MsMpEng.exe [103384 2019-10-17] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"WpnUserService_8185f3a" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\WpnUserService_8185f3a => C:\WINDOWS\system32\svchost.exe [53744 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"wscsvc" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\wscsvc => C:\WINDOWS\System32\wscsvc.dll [322504 2019-11-13] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"wuauserv" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\wuauserv => C:\WINDOWS\system32\wuaueng.dll [3109376 2020-04-16] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"{45487F67-EC9F-4449-A6F2-2D0970F9B80B}" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\{45487F67-EC9F-4449-A6F2-2D0970F9B80B} => C:\WINDOWS\System32\drivers\Wdf33262.sys [6527376 2020-05-09] () [File not signed] <==== ATTENTION (Rootkit!/Locked Service)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5504928 2020-04-22] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [345384 2020-04-22] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [58048 2020-04-22] (Avast Software s.r.o. -> AVAST Software)
S2 bookingdesktopapp; C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe [102400 2019-10-07] (bookingDesktopApp.) [File not signed]
S3 bookingdesktopappm; C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe [102400 2019-10-07] (bookingDesktopApp.) [File not signed]
S3 GameforgeClientService; C:\Program Files (x86)\GameforgeClient\gfservice.exe [529568 2020-04-03] (Gameforge 4D GmbH -> )
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [916712 2020-04-21] (McAfee, LLC -> McAfee, LLC)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2495280 2020-04-29] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3446576 2020-04-29] (Electronic Arts, Inc. -> Electronic Arts)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2019-09-24] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [780328 2019-09-24] (DEVGURU Co., Ltd. -> DEVGURU Co., LTD.)
S3 TNTClientDaemonMS2; C:\Program Files (x86)\GameforgeLoginMS2\daemon.exe [406184 2019-02-28] (Gameforge 4D GmbH -> )
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [29272 2020-04-11] (LAVASOFT SOFTWARE CANADA INC -> )
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [46040 2019-10-30] (Advanced Micro Devices INC. -> Advanced Micro Devices, Inc)
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [24528 2019-04-18] (AMD PMP-PE CB Code Signer v20160415 -> Advanced Micro Devices, Inc)
R3 AMDPCIDev; C:\WINDOWS\System32\drivers\AMDPCIDev.sys [32520 2019-09-17] (Advanced Micro Devices INC. -> Advanced Micro Devices)
R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [138064 2019-06-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37856 2020-04-22] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [206120 2020-04-22] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [234776 2020-04-22] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [178968 2020-04-22] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [60696 2020-04-22] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2020-02-25] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42984 2020-04-22] (Avast Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [175920 2020-04-22] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [500960 2020-04-22] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [109480 2020-04-22] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85056 2020-04-22] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851808 2020-04-22] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [459408 2020-04-22] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [235696 2020-04-22] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [317280 2020-04-22] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2019-10-16] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [136040 2019-09-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 EagleX64; C:\WINDOWS\system32\drivers\EagleX64.sys [140600 2020-03-30] (AhnLab, Inc. -> AhnLab, Inc.)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [1214752 2018-10-15] (Kaspersky Lab -> AO Kaspersky Lab)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_db678424d2641c3d\nvlddmkm.sys [22094728 2019-10-04] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-12-07] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1167768 2019-11-20] (Realtek Semiconductor Corp. -> Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2019-09-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46688 2019-10-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54200 2019-10-17] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [74552 2019-07-17] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [310536 2019-10-07] (Beijing Duodian Online Science and Technology Co.,Ltd -> BigNox Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-09 01:17 - 2020-05-09 01:18 - 000039454 _____ C:\Users\Mimic\Downloads\FRST.txt
2020-05-09 01:17 - 2020-05-09 01:18 - 000000000 ____D C:\FRST
2020-05-09 01:16 - 2020-05-09 01:16 - 002283520 _____ (Farbar) C:\Users\Mimic\Downloads\FRST64.exe
2020-05-09 01:07 - 2020-05-09 01:07 - 000000000 ____D C:\Users\Mimic\AppData\Roaming\Tencent
2020-05-09 01:06 - 2020-05-09 01:06 - 000607232 _____ C:\WINDOWS\system32\x8TE8BjR2Z.exe
2020-05-09 01:05 - 2020-05-09 01:05 - 018350080 _____ C:\WINDOWS\system32\config\000000
2020-05-09 01:05 - 2020-05-09 01:05 - 018350080 _____ C:\WINDOWS\system32\C_32770.NLS
2020-05-09 01:05 - 2020-05-09 01:05 - 000013346 ____C C:\Users\Mimic\AppData\LocalLow\chrome_autofill.txt
2020-05-09 01:05 - 2020-05-09 01:05 - 000003766 _____ C:\WINDOWS\system32\Tasks\Time Trigger Task
2020-05-09 01:05 - 2020-05-09 01:05 - 000000000 ___DC C:\Users\Mimic\AppData\LocalLow\JN3by345by53432y
2020-05-09 01:05 - 2020-05-09 01:05 - 000000000 ____D C:\Users\Mimic\AppData\Local\073bfcbc-c78a-4c6a-957d-ff527959a316
2020-05-09 01:05 - 2020-05-09 01:04 - 003440640 ____C C:\Users\Mimic\AppData\LocalLow\IDCdJOyapn
2020-05-09 01:05 - 2020-05-09 01:04 - 000294912 ____C C:\Users\Mimic\AppData\LocalLow\frAQBc8Wsa
2020-05-09 01:05 - 2020-05-09 00:59 - 000393216 ____C C:\Users\Mimic\AppData\LocalLow\rQF69AzBla
2020-05-09 01:05 - 2020-05-09 00:59 - 000393216 ____C C:\Users\Mimic\AppData\LocalLow\exuieaoEiI
2020-05-09 01:05 - 2019-05-15 11:11 - 000065536 ____C C:\Users\Mimic\AppData\LocalLow\x3CF3EDNhm
2020-05-09 01:05 - 2019-05-15 11:11 - 000065536 ____C C:\Users\Mimic\AppData\LocalLow\gxIX4a2dRE
2020-05-09 01:05 - 2019-05-15 11:11 - 000065536 ____C C:\Users\Mimic\AppData\LocalLow\bbSqWy6yhK
2020-05-09 01:05 - 2019-05-15 11:11 - 000065536 ____C C:\Users\Mimic\AppData\LocalLow\3soLBPh71Y
2020-05-09 01:05 - 2019-05-15 11:11 - 000022528 ____C C:\Users\Mimic\AppData\LocalLow\RYwTiizs2t
2020-05-09 01:05 - 2019-05-15 11:11 - 000022528 ____C C:\Users\Mimic\AppData\LocalLow\1xVPfvJcrg
2020-05-09 01:04 - 2020-05-09 01:05 - 000916735 ____C (SQLite Development Team) C:\Users\Mimic\AppData\LocalLow\sqlite3.dll
2020-05-09 01:04 - 2020-05-09 01:04 - 012747776 _____ C:\Users\Mimic\jawdutxb.exe
2020-05-09 01:04 - 2020-05-09 01:04 - 006527376 ____N C:\WINDOWS\system32\Drivers\Wdf33262.sys
2020-05-09 01:04 - 2020-05-09 01:04 - 000003756 _____ C:\WINDOWS\system32\Tasks\NvNgxUpdateCheckDaily_{A6B397E0-97E0-97E0-97E0-A6B397E097E0}
2020-05-09 01:04 - 2020-05-09 01:04 - 000003570 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 711520318
2020-05-09 01:04 - 2020-05-09 01:04 - 000001092 ____C C:\Users\Mimic\Desktop\DiskFixer.lnk
2020-05-09 01:04 - 2020-05-09 01:04 - 000001039 ____C C:\Users\Mimic\Desktop\ScrSnap.lnk
2020-05-09 01:04 - 2020-05-09 01:04 - 000000000 ____D C:\Users\Mimic\AppData\Roaming\Smart Clock
2020-05-09 01:04 - 2020-05-09 01:04 - 000000000 ____D C:\Users\Mimic\AppData\Roaming\lmysq1uidml
2020-05-09 01:04 - 2020-05-09 01:04 - 000000000 ____D C:\Users\Mimic\AppData\Local\ScrSnap
2020-05-09 01:04 - 2020-05-09 01:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DreamTrips
2020-05-09 01:04 - 2020-05-09 01:04 - 000000000 ____D C:\Program Files\IXEX3YSQML
2020-05-09 01:04 - 2020-05-09 01:04 - 000000000 ____D C:\Program Files (x86)\Seed Trade
2020-05-09 01:04 - 2020-05-09 01:04 - 000000000 ____D C:\Program Files (x86)\Genie-Soft
2020-05-09 01:04 - 2020-05-09 01:04 - 000000000 ____D C:\Program Files (x86)\DreamTrips
2020-05-09 01:04 - 2020-05-09 01:04 - 000000000 ____D C:\Program Files (x86)\DiskFixer
2020-05-09 01:04 - 2020-05-09 01:04 - 000000000 ____D C:\Program Files (x86)\Article
2020-05-09 01:03 - 2020-05-09 01:03 - 007049216 _____ C:\Users\Mimic\Downloads\setup_download the forest v1_8364531295.iso
2020-05-09 00:48 - 2020-05-09 01:06 - 000000000 ____D C:\Program Files (x86)\Steam
2020-05-09 00:48 - 2020-05-09 00:48 - 000001036 _____ C:\Users\Public\Desktop\Steam.lnk
2020-05-09 00:48 - 2020-05-09 00:48 - 000001036 _____ C:\ProgramData\Desktop\Steam.lnk
2020-05-09 00:48 - 2020-05-09 00:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2020-05-09 00:44 - 2020-05-09 01:04 - 098272520 _____ C:\Users\Mimic\Downloads\Nepotvrzeno 384933.crdownload
2020-05-09 00:34 - 2020-05-09 00:34 - 000098460 _____ C:\Users\Mimic\Downloads\[CzT]The_Forest_VR_v_1_12_Multiplayer_2019_CZ_.torrent
2020-05-09 00:33 - 2020-05-09 00:33 - 001573568 _____ C:\Users\Mimic\Downloads\SteamSetup.exe
2020-05-08 22:53 - 2020-05-08 22:53 - 000000000 ___DC C:\Users\Mimic\AppData\LocalLow\SKS
2020-05-08 22:16 - 2020-05-08 22:18 - 4048428894 _____ C:\Users\Mimic\Downloads\The.Forest.v1.12.rar
2020-05-02 19:40 - 2020-05-02 19:40 - 000000000 ____D C:\Users\Mimic\Twitch
2020-05-02 19:30 - 2020-05-02 19:30 - 005215150 _____ C:\Users\Mimic\Downloads\OptiFine_1.14.4_HD_U_F5.jar
2020-05-02 19:24 - 2020-02-01 02:14 - 005713091 _____ (Shiginima) C:\Users\Mimic\Desktop\Shiginima Launcher SE v4400.exe
2020-05-02 19:22 - 2020-05-02 19:22 - 010044779 _____ C:\Users\Mimic\Downloads\ShiginimaSE_v4400.zip
2020-05-01 17:50 - 2020-05-08 21:43 - 000000000 ___RD C:\Users\Mimic\iCloudDrive
2020-05-01 17:49 - 2020-05-09 01:00 - 000002828 _____ C:\WINDOWS\system32\Tasks\Apple Diagnostics
2020-05-01 16:55 - 2020-05-01 16:55 - 000000000 ____D C:\ProgramData\Apple Inc
2020-05-01 14:40 - 2020-05-01 14:40 - 000000000 ____C C:\Users\Mimic\Desktop\Nový rastrový obrázek.bmp
2020-05-01 13:08 - 2020-05-09 01:08 - 000000000 ____D C:\Users\Mimic\AppData\Roaming\discord
2020-05-01 13:08 - 2020-05-01 13:08 - 062620472 _____ (Discord Inc.) C:\Users\Mimic\Downloads\DiscordSetup.exe
2020-05-01 13:08 - 2020-05-01 13:08 - 000002237 ____C C:\Users\Mimic\Desktop\Discord.lnk
2020-05-01 13:08 - 2020-05-01 13:08 - 000000000 ____D C:\Users\Mimic\AppData\Local\Discord
2020-04-25 16:17 - 2020-04-25 16:19 - 3678108314 _____ C:\Users\Mimic\Downloads\en-GB(1).rar
2020-04-24 02:35 - 2020-04-22 02:34 - 000337048 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2020-04-22 18:25 - 2020-05-09 01:07 - 000003848 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-04-22 18:25 - 2020-05-09 01:00 - 000003488 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater
2020-04-22 18:14 - 2020-04-22 19:46 - 1023029880 _____ C:\Users\Mimic\Downloads\Ledové kralovství 2 CZ-dabing.avi
2020-04-22 02:34 - 2020-04-22 02:34 - 000500960 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2020-04-22 02:34 - 2020-04-22 02:34 - 000235696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2020-04-22 02:34 - 2020-04-22 02:34 - 000175920 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2020-04-18 22:50 - 2020-04-18 22:50 - 000001511 _____ C:\Users\Public\Desktop\Legends of Runeterra.lnk
2020-04-18 22:50 - 2020-04-18 22:50 - 000001511 _____ C:\ProgramData\Desktop\Legends of Runeterra.lnk
2020-04-18 22:50 - 2020-04-18 22:50 - 000000000 ___DC C:\Users\Mimic\AppData\LocalLow\Riot Games
2020-04-18 22:49 - 2020-04-18 22:49 - 068510896 _____ (Riot Games, Inc.) C:\Users\Mimic\Downloads\Legends_Of_Runeterra_Installer.exe
2020-04-18 00:59 - 2020-04-18 05:03 - 196128422 _____ C:\Users\Mimic\Downloads\Městečko Záhad 1 Serie.rar
2020-04-18 00:26 - 2020-04-18 00:26 - 000053484 _____ C:\Users\Mimic\Downloads\[CzT]Mestecko_zahad_Gravity_Falls_1_2_serie_CZ_.torrent
2020-04-16 00:44 - 2020-04-16 00:44 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 022636544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 018027520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 014818816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 008013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 007756800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 007017472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 006523048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 005910016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 004611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 004129624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 003742544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 003512320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 002951832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe
2020-04-16 00:44 - 2020-04-16 00:44 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-04-16 00:44 - 2020-04-16 00:44 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 002369576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 002188600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 002180408 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 001870408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 001665216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 001659408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 001545216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2020-04-16 00:44 - 2020-04-16 00:44 - 001495864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 001484384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 001477112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 001397576 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-04-16 00:44 - 2020-04-16 00:44 - 001386296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 001310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2020-04-16 00:44 - 2020-04-16 00:44 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 001077064 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-04-16 00:44 - 2020-04-16 00:44 - 001055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 001013000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 001009152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 001008128 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000993280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000912896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-04-16 00:44 - 2020-04-16 00:44 - 000775696 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-04-16 00:44 - 2020-04-16 00:44 - 000768528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000744960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2013CustomActions.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000673704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000673464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-04-16 00:44 - 2020-04-16 00:44 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000628616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2020-04-16 00:44 - 2020-04-16 00:44 - 000538160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2020-04-16 00:44 - 2020-04-16 00:44 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000507152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000491008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000487784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2020-04-16 00:44 - 2020-04-16 00:44 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2020-04-16 00:44 - 2020-04-16 00:44 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000420152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000415760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\es.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-04-16 00:44 - 2020-04-16 00:44 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbadmin.exe
2020-04-16 00:44 - 2020-04-16 00:44 - 000277864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2020-04-16 00:44 - 2020-04-16 00:44 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000268008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrad.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000190048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrad.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000185952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000123952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2020-04-16 00:44 - 2020-04-16 00:44 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000093712 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000089336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3api.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3msm.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasacct.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2020-04-16 00:44 - 2020-04-16 00:44 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000066624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasacct.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumapi.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumapi.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000050544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2020-04-16 00:44 - 2020-04-16 00:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\iaspolcy.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2010CustomActions.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iaspolcy.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2010CustomActions.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ias.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2020-04-16 00:44 - 2020-04-16 00:44 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ias.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000021520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wksprtPS.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsunattend.exe
2020-04-16 00:44 - 2020-04-16 00:44 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2020-04-16 00:44 - 2020-04-16 00:44 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-04-16 00:44 - 2020-04-16 00:44 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-04-16 00:44 - 2020-04-16 00:44 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-04-16 00:44 - 2020-04-16 00:44 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-04-16 00:44 - 2020-04-16 00:44 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-04-16 00:44 - 2020-04-16 00:44 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-04-16 00:44 - 2020-04-16 00:44 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-04-16 00:44 - 2020-04-16 00:44 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-04-16 00:44 - 2020-04-16 00:44 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-04-16 00:44 - 2020-04-16 00:44 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-04-16 00:44 - 2020-04-16 00:44 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-04-16 00:44 - 2020-04-16 00:44 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-04-16 00:43 - 2020-04-16 00:43 - 017790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 009930552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-04-16 00:43 - 2020-04-16 00:43 - 007849216 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 006168064 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 004563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-04-16 00:43 - 2020-04-16 00:43 - 003980800 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 003802624 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 003753472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-04-16 00:43 - 2020-04-16 00:43 - 003708928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 003587384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-04-16 00:43 - 2020-04-16 00:43 - 003547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 003109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 002986808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-04-16 00:43 - 2020-04-16 00:43 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2020-04-16 00:43 - 2020-04-16 00:43 - 002767928 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 002717184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-04-16 00:43 - 2020-04-16 00:43 - 002453504 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 002131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 002126144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 002114560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 002086656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 001999960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 001960448 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 001945600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 001918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 001764336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 001762816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 001757096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-04-16 00:43 - 2020-04-16 00:43 - 001726264 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 001656904 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 001646048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 001612800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 001603584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 001512832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-04-16 00:43 - 2020-04-16 00:43 - 001497600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 001480192 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-04-16 00:43 - 2020-04-16 00:43 - 001427456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 001413704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 001378528 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 001300280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2020-04-16 00:43 - 2020-04-16 00:43 - 001263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2020-04-16 00:43 - 2020-04-16 00:43 - 001261808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 001243648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 001153024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 001136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 001127424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 001083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 001071616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 001011200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000982840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000974336 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000915192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000879616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-04-16 00:43 - 2020-04-16 00:43 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2020-04-16 00:43 - 2020-04-16 00:43 - 000811320 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2020-04-16 00:43 - 2020-04-16 00:43 - 000759272 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000684560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000638480 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000637240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2020-04-16 00:43 - 2020-04-16 00:43 - 000618296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-04-16 00:43 - 2020-04-16 00:43 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000589384 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2020-04-16 00:43 - 2020-04-16 00:43 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-04-16 00:43 - 2020-04-16 00:43 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-04-16 00:43 - 2020-04-16 00:43 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2020-04-16 00:43 - 2020-04-16 00:43 - 000515600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000513576 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000510792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-04-16 00:43 - 2020-04-16 00:43 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000459688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2020-04-16 00:43 - 2020-04-16 00:43 - 000456504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-04-16 00:43 - 2020-04-16 00:43 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-04-16 00:43 - 2020-04-16 00:43 - 000437560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2020-04-16 00:43 - 2020-04-16 00:43 - 000416016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\es.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcApi.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
2020-04-16 00:43 - 2020-04-16 00:43 - 000339304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2020-04-16 00:43 - 2020-04-16 00:43 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000297272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2020-04-16 00:43 - 2020-04-16 00:43 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2020-04-16 00:43 - 2020-04-16 00:43 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000259776 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000251704 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2020-04-16 00:43 - 2020-04-16 00:43 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000231912 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000193848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2020-04-16 00:43 - 2020-04-16 00:43 - 000182784 ___SH C:\Users\Mimic\AppData\Roaming\baieaav
2020-04-16 00:43 - 2020-04-16 00:43 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000178192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2020-04-16 00:43 - 2020-04-16 00:43 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
2020-04-16 00:43 - 2020-04-16 00:43 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2020-04-16 00:43 - 2020-04-16 00:43 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000152408 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000151352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2020-04-16 00:43 - 2020-04-16 00:43 - 000147696 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2020-04-16 00:43 - 2020-04-16 00:43 - 000142544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2020-04-16 00:43 - 2020-04-16 00:43 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcDecoderHost.exe
2020-04-16 00:43 - 2020-04-16 00:43 - 000127280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000115120 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2020-04-16 00:43 - 2020-04-16 00:43 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000102216 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2020-04-16 00:43 - 2020-04-16 00:43 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000089912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2020-04-16 00:43 - 2020-04-16 00:43 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2020-04-16 00:43 - 2020-04-16 00:43 - 000088352 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2020-04-16 00:43 - 2020-04-16 00:43 - 000059192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2020-04-16 00:43 - 2020-04-16 00:43 - 000058880 _____ C:\WINDOWS\system32\runexehelper.exe
2020-04-16 00:43 - 2020-04-16 00:43 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2020-04-16 00:43 - 2020-04-16 00:43 - 000047000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2020-04-16 00:43 - 2020-04-16 00:43 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.Common.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2020-04-16 00:43 - 2020-04-16 00:43 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcProxyStubs.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2020-04-16 00:43 - 2020-04-16 00:43 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2020-04-16 00:43 - 2020-04-16 00:43 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000033080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hwpolicy.sys
2020-04-16 00:43 - 2020-04-16 00:43 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprtPS.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
2020-04-16 00:43 - 2020-04-16 00:43 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys
2020-04-16 00:43 - 2020-04-16 00:43 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbservicetrigger.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys
2020-04-16 00:43 - 2020-04-16 00:43 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2020-04-16 00:43 - 2020-04-16 00:43 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2020-04-16 00:43 - 2020-04-16 00:43 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2020-04-16 00:31 - 2020-04-16 00:31 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-04-16 00:31 - 2020-04-16 00:31 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-04-15 22:19 - 2020-04-15 22:19 - 000000000 ___DC C:\Users\Mimic\Documents\BioWare
2020-04-15 20:56 - 2020-04-15 20:56 - 000000000 ____D C:\Users\Mimic\AppData\Local\Electronic Arts
2020-04-15 20:41 - 2020-04-27 15:46 - 000000000 ____D C:\Program Files (x86)\Origin Games
2020-04-15 20:37 - 2020-04-30 23:43 - 000000000 ____D C:\Program Files (x86)\Origin
2020-04-15 20:37 - 2020-04-15 22:15 - 000000000 ____D C:\ProgramData\Electronic Arts
2020-04-15 20:37 - 2020-04-15 20:37 - 000001066 _____ C:\Users\Public\Desktop\Origin.lnk
2020-04-15 20:37 - 2020-04-15 20:37 - 000001066 _____ C:\ProgramData\Desktop\Origin.lnk
2020-04-15 20:37 - 2020-04-15 20:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2020-04-15 20:36 - 2020-05-09 01:06 - 000000000 ____D C:\Users\Mimic\AppData\Local\Origin
2020-04-15 20:36 - 2020-04-27 20:22 - 000000000 ____D C:\Users\Mimic\AppData\Roaming\Origin
2020-04-15 20:36 - 2020-04-15 20:36 - 063648072 _____ (Electronic Arts) C:\Users\Mimic\Downloads\OriginThinSetup.exe
2020-04-15 20:36 - 2020-04-15 20:36 - 000000000 ____D C:\Users\Mimic\.Origin
2020-04-15 20:33 - 2020-04-15 20:33 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2020-04-15 20:32 - 2020-05-09 01:06 - 000000000 ____D C:\ProgramData\Origin
2020-04-15 13:22 - 2020-04-15 13:23 - 000001299 ____C C:\Users\Mimic\Desktop\Pokračovat v instalaci SevenZip.lnk
2020-04-15 13:22 - 2020-04-15 13:22 - 003060800 _____ ( ) C:\Users\Mimic\Downloads\setup_Anthem Downloader_3494804987 (1).exe
2020-04-15 13:21 - 2020-04-15 13:21 - 003060800 _____ ( ) C:\Users\Mimic\Downloads\setup_Anthem Downloader_3494804987.exe
2020-04-14 16:05 - 2020-04-14 16:05 - 000000899 ____C C:\Users\Mimic\Desktop\Outlast 2.lnk
2020-04-14 16:05 - 2020-04-14 16:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlast 2
2020-04-14 11:29 - 2020-04-14 11:29 - 004677968 _____ (BitTorrent Inc.) C:\Users\Mimic\Downloads\uTorrent (3).exe
2020-04-14 10:19 - 2020-04-14 10:20 - 004677968 _____ (BitTorrent Inc.) C:\Users\Mimic\Downloads\uTorrent (2).exe
2020-04-13 22:40 - 2020-04-13 22:40 - 004677968 _____ (BitTorrent Inc.) C:\Users\Mimic\Downloads\uTorrent (1).exe
2020-04-11 12:59 - 2020-04-11 12:59 - 000020210 _____ C:\Users\Mimic\Downloads\[CzT]2_ocky_2_Broke_Girls_1_serie_CZ_720p_.torrent
2020-04-11 12:57 - 2020-04-11 12:57 - 000144191 _____ C:\Users\Mimic\Downloads\[CzT]2_ocky_2_Broke_Girls_1_4_Serie_CZ_TVRip_.torrent
2020-04-11 12:57 - 2020-04-11 12:57 - 000144191 _____ C:\Users\Mimic\Downloads\[CzT]2_ocky_2_Broke_Girls_1_4_Serie_CZ_TVRip_ (1).torrent
2020-04-11 12:54 - 2020-05-09 01:06 - 000000000 ____D C:\Users\Mimic\AppData\Local\BitTorrentHelper
2020-04-11 12:54 - 2020-04-11 12:54 - 000000876 ____C C:\Users\Mimic\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2020-04-11 12:54 - 2020-04-11 12:54 - 000000000 ____D C:\Users\Mimic\AppData\Roaming\Lavasoft
2020-04-11 12:54 - 2020-04-11 12:54 - 000000000 ____D C:\Users\Mimic\AppData\Local\Lavasoft
2020-04-11 12:54 - 2020-04-11 12:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2020-04-11 12:54 - 2020-04-11 12:54 - 000000000 ____D C:\ProgramData\Lavasoft
2020-04-11 12:54 - 2020-04-11 12:54 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2020-04-11 12:53 - 2020-04-11 12:53 - 004677968 _____ (BitTorrent Inc.) C:\Users\Mimic\Downloads\uTorrent.exe
2020-04-11 12:53 - 2020-04-11 12:53 - 002478328 _____ (Opera Software) C:\Users\Mimic\Downloads\OperaSetup.exe
2020-04-09 12:41 - 2020-04-09 12:41 - 000001344 _____ C:\Users\Public\Desktop\TSMApplication.lnk
2020-04-09 12:41 - 2020-04-09 12:41 - 000001344 _____ C:\ProgramData\Desktop\TSMApplication.lnk
2020-04-09 12:41 - 2020-04-09 12:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeSkillMaster Application
2020-04-09 12:40 - 2020-04-09 12:40 - 012642478 _____ (TradeSkillMaster ) C:\Users\Mimic\Downloads\setup (2).exe
2020-04-09 12:38 - 2018-07-28 23:41 - 000000000 ____D C:\Users\Mimic\Desktop\TradeSkillMaster_AppHelper
2020-04-09 12:27 - 2020-04-09 12:27 - 012642478 _____ (TradeSkillMaster ) C:\Users\Mimic\Downloads\setup (1).exe
2020-04-09 12:24 - 2020-04-09 12:24 - 000001726 _____ C:\Users\Mimic\Downloads\TradeSkillMaster_AppHelper.zip
2020-04-09 12:23 - 2020-04-09 12:23 - 000000000 ____D C:\Users\Mimic\AppData\Roaming\TradeSkillMaster
2020-04-09 12:21 - 2020-04-09 12:41 - 000000000 ____D C:\Program Files (x86)\TradeSkillMaster Application
2020-04-09 12:21 - 2020-04-09 12:21 - 012642478 _____ (TradeSkillMaster ) C:\Users\Mimic\Downloads\setup.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-09 01:17 - 2019-03-19 06:50 - 000000000 ____D C:\WINDOWS\INF
2020-05-09 01:11 - 2019-10-16 19:25 - 000488808 _____ C:\WINDOWS\system32\perfh011.dat
2020-05-09 01:11 - 2019-10-16 19:25 - 000133986 _____ C:\WINDOWS\system32\perfc011.dat
2020-05-09 01:11 - 2019-10-16 19:23 - 000719846 _____ C:\WINDOWS\system32\perfh005.dat
2020-05-09 01:11 - 2019-10-16 19:23 - 000146332 _____ C:\WINDOWS\system32\perfc005.dat
2020-05-09 01:11 - 2019-10-16 09:54 - 002311632 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-05-09 01:08 - 2018-12-24 16:57 - 000000000 ____D C:\ProgramData\NVIDIA
2020-05-09 01:06 - 2019-01-06 00:56 - 000000000 ___DC C:\Users\Mimic\AppData\Roaming\uTorrent
2020-05-09 01:05 - 2019-10-16 09:52 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-05-09 01:05 - 2019-10-16 09:46 - 000000000 ____D C:\Users\Administrator
2020-05-09 01:05 - 2019-03-19 06:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-05-09 01:05 - 2019-03-19 06:37 - 018087936 _____ C:\WINDOWS\system32\config\BCD00000000
2020-05-09 01:05 - 2019-03-19 06:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-05-09 01:05 - 2018-12-25 12:26 - 000000000 ___DC C:\Users\Mimic\AppData\Local\CrashDumps
2020-05-09 01:04 - 2019-10-16 09:46 - 000000000 ____D C:\Users\Mimic
2020-05-09 01:04 - 2019-03-19 06:37 - 018161664 _____ C:\WINDOWS\system32\C_3389.NLS
2020-05-09 01:00 - 2019-10-16 09:52 - 000003402 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-05-09 01:00 - 2019-10-16 09:52 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-05-09 01:00 - 2019-10-16 09:52 - 000003196 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-05-09 01:00 - 2019-10-16 09:52 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-05-09 01:00 - 2019-10-16 09:52 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-05-09 01:00 - 2019-10-16 09:52 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-05-09 01:00 - 2019-10-16 09:52 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-05-09 01:00 - 2019-10-16 09:52 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-05-09 01:00 - 2019-10-16 09:52 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-05-09 01:00 - 2019-10-16 09:52 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-05-09 01:00 - 2019-10-16 09:52 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-05-09 01:00 - 2019-10-16 09:52 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2020-05-08 22:53 - 2018-11-05 21:36 - 000000000 ___DC C:\Users\Mimic\Documents\SKIDROW
2020-05-08 22:51 - 2018-12-28 23:59 - 000000000 ___DC C:\Users\Mimic\AppData\Roaming\.minecraft
2020-05-08 21:43 - 2019-09-14 07:23 - 000000000 ___DC C:\Users\Mimic\AppData\Roaming\Twitch
2020-05-08 17:07 - 2019-10-16 09:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-05-08 09:13 - 2019-03-19 06:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-05-08 09:13 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-05-08 07:58 - 2018-03-29 22:46 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-05-08 07:58 - 2018-03-29 22:46 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-05-08 07:58 - 2018-03-29 22:46 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-05-01 22:42 - 2019-02-27 12:04 - 000000000 ___DC C:\Users\Mimic\AppData\Roaming\TS3Client
2020-05-01 16:55 - 2019-12-08 19:02 - 000000000 ____D C:\ProgramData\Apple
2020-05-01 13:20 - 2018-12-24 23:24 - 000000000 ___DC C:\Users\Mimic\AppData\Local\D3DSCache
2020-05-01 13:08 - 2019-04-06 17:23 - 000000000 ___DC C:\Users\Mimic\AppData\Local\SquirrelTemp
2020-05-01 13:08 - 2018-09-08 19:16 - 000000000 ___DC C:\Users\Mimic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2020-04-30 20:02 - 2019-10-16 09:52 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2020-04-27 20:20 - 2018-12-26 02:13 - 000000000 ____D C:\ProgramData\AVAST Software
2020-04-24 22:21 - 2018-12-26 02:17 - 000002088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2020-04-24 22:21 - 2018-12-26 02:17 - 000002076 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2020-04-24 22:21 - 2018-12-26 02:17 - 000002076 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2020-04-24 02:35 - 2019-03-19 06:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-04-22 19:02 - 2019-11-14 21:01 - 000000000 ____D C:\Users\Mimic\AppData\Local\Adobe
2020-04-22 18:25 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-04-22 18:25 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-04-22 02:34 - 2019-01-14 23:20 - 000234776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2020-04-22 02:34 - 2019-01-08 16:39 - 000178968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2020-04-22 02:34 - 2019-01-08 16:39 - 000060696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2020-04-22 02:34 - 2019-01-08 16:39 - 000037856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2020-04-22 02:34 - 2018-12-26 02:15 - 000851808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2020-04-22 02:34 - 2018-12-26 02:15 - 000459408 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2020-04-22 02:34 - 2018-12-26 02:15 - 000317280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2020-04-22 02:34 - 2018-12-26 02:15 - 000206120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2020-04-22 02:34 - 2018-12-26 02:15 - 000109480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2020-04-22 02:34 - 2018-12-26 02:15 - 000085056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2020-04-22 02:34 - 2018-12-26 02:15 - 000042984 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2020-04-18 22:50 - 2019-11-02 16:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2020-04-18 22:50 - 2019-10-11 17:33 - 000000000 ___DC C:\Users\Mimic\AppData\Local\Riot Games
2020-04-16 23:53 - 2020-03-13 00:08 - 000000000 ____D C:\Users\Mimic\AppData\Local\Battle.net
2020-04-16 20:02 - 2020-03-04 17:43 - 000000320 ____C C:\Users\Mimic\Desktop\NT chat prodej.txt
2020-04-16 12:07 - 2019-10-16 09:42 - 000307520 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-04-16 12:07 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-04-16 12:06 - 2019-03-19 08:23 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-04-16 12:06 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2020-04-16 12:06 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-04-16 12:06 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-04-16 12:06 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\Provisioning
2020-04-16 12:06 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-04-16 12:06 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-04-16 00:47 - 2019-03-19 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-04-15 23:43 - 2018-12-24 17:17 - 000000000 ___DC C:\Users\Mimic\AppData\Local\NVIDIA Corporation
2020-04-15 22:39 - 2019-11-18 21:32 - 000000000 ___DC C:\Users\Mimic\Documents\The Witcher 3
2020-04-15 20:33 - 2018-12-24 17:17 - 000000000 ____D C:\ProgramData\Package Cache
2020-04-15 16:37 - 2019-08-02 12:31 - 000000000 ___DC C:\Users\Mimic\AppData\Roaming\RenPy
2020-04-14 16:46 - 2019-01-06 09:57 - 000000000 ___DC C:\Users\Mimic\Documents\My Games
2020-04-11 12:54 - 2019-01-06 00:56 - 000000896 ____C C:\Users\Mimic\Desktop\µTorrent.lnk

==================== Files in the root of some directories ========

2020-05-09 01:04 - 2020-05-09 01:04 - 012747776 _____ () C:\Users\Mimic\jawdutxb.exe
2020-04-16 00:43 - 2020-04-16 00:43 - 000182784 ___SH () C:\Users\Mimic\AppData\Roaming\baieaav
2019-10-21 19:28 - 2019-10-21 19:28 - 000000033 _____ () C:\Users\Mimic\AppData\Local\Nox_crash.log
2019-10-16 07:54 - 2019-10-16 07:54 - 000000017 ____C () C:\Users\Mimic\AppData\Local\resmon.resmoncfg
2019-11-09 12:15 - 2020-01-26 13:07 - 000000071 _____ () C:\Users\Mimic\AppData\Local\update_progress.txt

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Re: Prosím o kontrolu

Napsal: 09 kvě 2020 00:26
od verunka1242a
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-05-2020
Ran by Mimic (09-05-2020 01:19:57)
Running from C:\Users\Mimic\Downloads
Windows 10 Pro Version 1903 18362.778 (X64) (2019-10-16 07:52:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1235492812-2151765122-4279266773-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1235492812-2151765122-4279266773-503 - Limited - Disabled)
Guest (S-1-5-21-1235492812-2151765122-4279266773-501 - Limited - Disabled)
MALUS (S-1-5-21-1235492812-2151765122-4279266773-1003 - Limited - Disabled)
Mimic (S-1-5-21-1235492812-2151765122-4279266773-1002 - Administrator - Enabled) => C:\Users\Mimic
WDAGUtilityAccount (S-1-5-21-1235492812-2151765122-4279266773-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Disabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1235492812-2151765122-4279266773-1002\...\uTorrent) (Version: 3.5.5.45449 - BitTorrent Inc.)
4game (HKLM-x32\...\4game2.0) (Version: 1.0.0.161-p - Innova Co. SARL)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 32.0.0.125 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.363 - Adobe)
Aktualizace NVIDIA 38.0.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 38.0.4.0 - NVIDIA Corporation) Hidden
Anthem™ (HKLM-x32\...\{57b4eaa0-f1f5-407e-afbd-2db397381ad8}) (Version: 1.0.64.28115 - Electronic Arts)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.2.2401 - Avast Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Booking (HKLM-x32\...\{13D4CD54-EA09-4FDB-B979-8B2BC0F020CA}_is1) (Version: 2.0.701 - Booking)
Discord (HKU\S-1-5-21-1235492812-2151765122-4279266773-1002\...\Discord) (Version: 0.0.306 - Discord Inc.)
DiskFixer version 1.0 (HKLM-x32\...\DiskFixer_is1) (Version: 1.0 - MyAppsLand) <==== ATTENTION
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 417.35 - NVIDIA Corporation) Hidden
DreamTrips version 2.12 (HKLM-x32\...\{13E374E4-E610-4F9E-ACC4-E461DA17D869}_is1) (Version: 2.12 - DreamTrips Inc)
Gameforge Client (HKLM-x32\...\{d3b2a0c1-f0d0-4888-ae0b-1c5e1febdafb}_is1) (Version: 2.0.54.131 - Gameforge)
Gameforge Login MS2 (HKLM-x32\...\{703bd6d7-79c0-4005-8cd7-89522a05a546}_is1) (Version: 1.3.39 - Gameforge)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.138 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
iCloud Outlook (HKLM\...\{A8C64C2A-BD34-464F-BA61-A969BA46FC2B}) (Version: 10.9.3.62 - Apple Inc.)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
League of Legends PBE (HKU\S-1-5-21-1235492812-2151765122-4279266773-1002\...\Riot Game league_of_legends.pbe) (Version: - Riot Games, Inc)
Legends of Runeterra (HKU\S-1-5-21-1235492812-2151765122-4279266773-1002\...\Riot Game bacon.live) (Version: - Riot Games, Inc)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.92 - McAfee, LLC.)
Microsoft OneDrive (HKU\S-1-5-21-1235492812-2151765122-4279266773-1002\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
NirSoft WebBrowserPassView (HKLM-x32\...\NirSoft WebBrowserPassView) (Version: - )
NosTale (HKLM-x32\...\{dd4e22d6-00d1-44b9-8126-d8b40e0cd7c9}) (Version: - Gameforge)
NosTale (HKLM-x32\...\Nostale(CZ)_is1) (Version: - Gameforge 4D GmbH)
NosTale cs-CZ (HKLM-x32\...\{dd4e22d6-00d1-44b9-8126-d8b40e0cd7c9.cs-CZ}) (Version: - Gameforge)
Nox APP Player (HKLM-x32\...\Nox) (Version: 6.3.0.8 - Duodian Technology Co. Ltd.)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.2.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.2.34 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.38.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.16 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 432.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 432.00 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
Opera Stable 65.0.3467.78 (HKU\S-1-5-21-1235492812-2151765122-4279266773-1002\...\Opera 65.0.3467.78) (Version: 65.0.3467.78 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.69.40136 - Electronic Arts, Inc.)
Outlast 2 (HKLM-x32\...\Outlast 2_is1) (Version: - )
Outlook Express Backup V6.5 (HKLM-x32\...\EditPlus Text Editor_is1) (Version: 4.60.2181.23 - GOM & Company)
Ovládací panel NVIDIA 432.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 432.00 - NVIDIA Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8302 - Realtek Semiconductor Corp.)
Robin Morningwood Adventure version 1.9 (HKLM-x32\...\{90438DFC-FAF8-4125-8D8A-959003C55B2B}_is1) (Version: 1.9 - GrizzlyGamerStudio)
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.17.0 - Samsung Electronics Co., Ltd.)
ScrSnap (HKLM-x32\...\ScrSnap) (Version: - )
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.19114.7 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.19114.7 - Samsung Electronics Co., Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-1235492812-2151765122-4279266773-1002\...\TeamSpeak 3 Client) (Version: 3.2.3 - TeamSpeak Systems GmbH)
The Elder Scrolls: Skyrim - Special Edition (HKLM-x32\...\The Elder Scrolls: Skyrim - Special Edition_is1) (Version: - )
The Witcher 3 - Wild Hunt (HKLM-x32\...\1495134320_is1) (Version: 2.0.0.51 - GOG.com)
TradeSkillMaster Application version 1.0 (HKLM-x32\...\{c44da794-b956-4d50-8733-346d56ae63c7}_is1) (Version: 1.0 - TradeSkillMaster)
Twitch (HKU\S-1-5-21-1235492812-2151765122-4279266773-1002\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{F49D6A65-1AB6-4728-9FDA-DB5BAB631CF6}) (Version: 1.23.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Vortex (HKLM\...\57979c68-f490-55b8-8fed-8b017a5af2fe) (Version: 0.16.15 - Black Tree Gaming Ltd.)
WeakAuras Companion 2.0.4 (HKU\S-1-5-21-1235492812-2151765122-4279266773-1002\...\{574e4d1e-05f6-5376-9898-b829d00eef2e}) (Version: 2.0.4 - Buds)
Web Companion (HKLM-x32\...\{0131c9e9-9470-4c8d-8f42-fe2c08c4ed3c}) (Version: 4.10.2225.4082 - Lavasoft)
WeMod (HKU\S-1-5-21-1235492812-2151765122-4279266773-1002\...\WeMod) (Version: 6.2.16 - WeMod)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
World of Warcraft Classic (HKLM-x32\...\World of Warcraft Classic) (Version: - Blizzard Entertainment)

Packages:
=========
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.2.169.0_x64__rz1tebttyb220 [2020-04-19] (Dolby Laboratories)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-04] (Microsoft Corporation)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2018-12-24] (Fitbit)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_10.9.62.0_x86__nzyj5cx40ttqa [2020-04-10] (Apple Inc.) [Startup Task]
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12106.2.48003.0_x64__nzyj5cx40ttqa [2020-04-17] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-25] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-26] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-02] (Microsoft Studios) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-26] (Microsoft Corporation) [MS Ad]
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_3.9.1.0_x64__nfy108tqq3p12 [2020-04-19] (Thumbmunkeys Ltd) [MS Ad]
PlayList Downloader from Youtube -> C:\Program Files\WindowsApps\299OMANSAK.PlayListDownloaderfromYoutube_1.5.5.0_x64__zratab4wdvxjg [2020-04-08] (OMANSAK) [MS Ad]
State of Decay 2 -> C:\Program Files\WindowsApps\Microsoft.Dayton_2.384.54.2_x64__8wekyb3d8bbwe [2020-03-14] (Microsoft Studios)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1235492812-2151765122-4279266773-1002_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1235492812-2151765122-4279266773-1002_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1235492812-2151765122-4279266773-1002_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1235492812-2151765122-4279266773-1002_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1235492812-2151765122-4279266773-1002_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1235492812-2151765122-4279266773-1002_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1235492812-2151765122-4279266773-1002_Classes\CLSID\{7000EBEA-9341-4C5A-8297-B3541E8D3474} -> [iCloud Drive] => C:\Users\Mimic\iCloudDrive [2020-05-01 17:50]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-04-22] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-04-22] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-04-22] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-04-22] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Mimic\Desktop\facebook.lnk -> C:\Users\Mimic\AppData\Local\Programs\Opera\launcher.exe (Opera Software) -> www.facebook.com
ShortcutWithArgument: C:\Users\Mimic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Vysor.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=gidgenkbbabolejbgbpnhbimgjbffefm
ShortcutWithArgument: C:\Users\Mimic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Vzdálená plocha Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp

==================== Loaded Modules (Whitelisted) =============

2020-05-09 01:06 - 2020-05-09 01:06 - 001045504 _____ () [File not signed] C:\Users\Mimic\AppData\Local\Temp\is-OGHS3.tmp\2lvgbbzvbr4.tmp
2020-05-09 01:06 - 2008-07-23 20:37 - 000203264 _____ () [File not signed] C:\Users\Mimic\AppData\Local\Temp\is-P3GKA.tmp\itdownload.dll
2020-05-08 22:49 - 2019-09-15 00:29 - 000201728 _____ () [File not signed] D:\The.Forest.v1.12\steam_api64.dll
2019-10-07 07:57 - 2019-10-07 07:56 - 001743360 ____T (bookingDesktopApp.) [File not signed] C:\Program Files (x86)\bookingDesktopApp\Update\1.3.99.0\bookingDesktopApppdate.dll
2020-05-08 22:50 - 2019-09-15 00:30 - 001673216 _____ (Firelight Technologies) [File not signed] D:\The.Forest.v1.12\TheForest_Data\Plugins\fmod.dll
2020-05-08 22:50 - 2019-09-15 00:30 - 001812480 _____ (Firelight Technologies) [File not signed] D:\The.Forest.v1.12\TheForest_Data\Plugins\fmodstudio.dll
2020-05-09 01:06 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Mimic\AppData\Local\Temp\is-P3GKA.tmp\idp.dll
2020-05-08 22:50 - 2019-09-15 00:30 - 000135680 _____ (Riley Labrecque) [File not signed] D:\The.Forest.v1.12\TheForest_Data\Plugins\CSteamworks.dll
2020-04-15 20:37 - 2020-04-15 20:37 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2020-04-15 20:37 - 2020-04-15 20:37 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2020-04-15 20:37 - 2020-04-15 20:37 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2020-04-30 23:43 - 2020-04-15 20:37 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2020-04-30 23:43 - 2020-04-15 20:37 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2020-04-30 23:43 - 2020-04-15 20:37 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2020-04-30 23:43 - 2020-04-15 20:37 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2020-04-30 23:43 - 2020-04-15 20:37 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2020-04-30 23:43 - 2020-04-15 20:37 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
2020-05-09 01:06 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Mimic\AppData\Local\Temp\is-P3GKA.tmp\psvince.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Mimic:.repos [590]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1235492812-2151765122-4279266773-1002\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1235492812-2151765122-4279266773-1002\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-12-25 01:47 - 2019-01-04 15:21 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1235492812-2151765122-4279266773-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1235492812-2151765122-4279266773-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 213.46.172.37 - 213.46.172.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{03C80138-2E04-4CA2-9F50-8D3C69DA694D}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe (Nox Limited -> BigNox Corporation)
FirewallRules: [{C2F9CCC3-37D0-4D96-AFB2-72190C0840D8}] => (Allow) D:\Program Files\Nox\bin\Nox.exe (Nox Limited -> Duodian Technology Co. Ltd.)
FirewallRules: [{24A71FA6-A2D2-4CCD-A9DC-6FB7647919FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe No File
FirewallRules: [{AA76C0BF-9353-4167-A094-24B7E97EF6B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe No File
FirewallRules: [UDP Query User{8029EC52-9BFB-4A4A-BD3D-6ECFE32E4B1A}D:\classic offik\world of warcraft\_classic_\utils\wowvoiceproxy.exe] => (Allow) D:\classic offik\world of warcraft\_classic_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{935771FD-1959-42EC-97E3-E980641C7D79}D:\classic offik\world of warcraft\_classic_\utils\wowvoiceproxy.exe] => (Allow) D:\classic offik\world of warcraft\_classic_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{B992D716-4AD0-4D6C-A2E9-A06BAAA54320}D:\league of legends\game\league of legends.exe] => (Allow) D:\league of legends\game\league of legends.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query User{12B8A14D-5D5C-4942-A64D-30D9A383EE92}D:\league of legends\game\league of legends.exe] => (Allow) D:\league of legends\game\league of legends.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{ACAF409C-1C07-4B86-8EDC-9F1025144CFA}] => (Allow) C:\Users\Mimic\Downloads\BlackDesert_Downloader.exe No File
FirewallRules: [{A81BA1FA-F357-4EED-9E49-4116FAEECBFF}] => (Allow) C:\Users\Mimic\Downloads\BlackDesert_Launcher.exe No File
FirewallRules: [{561315A9-3D87-40C2-834A-132D4623018F}] => (Allow) C:\Users\Mimic\Downloads\bin64\BlackDesert64.exe No File
FirewallRules: [{42841A18-F645-4105-BAFB-B943366E2C86}] => (Allow) C:\Users\Mimic\Downloads\bin\BlackDesert32.exe No File
FirewallRules: [UDP Query User{D2F8A587-E1E3-4844-9A3B-9A0F98FA1BEB}D:\league of legends\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{A6165E2F-2EC3-4431-89B3-ACC062060849}D:\league of legends\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{67B94190-5FE1-4D54-9AD4-B3351E543231}D:\league of legends\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{1B11AED1-44F6-49B8-9E25-73A93B1F668A}D:\league of legends\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{1511F20F-9F9C-46B6-B585-8775AE8926EC}D:\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{BE6C583F-3D5C-4DE3-BEA1-D3A4E4EFACBC}D:\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{2136E8B7-405B-4681-96A9-69E18EFB1DDB}D:\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{B897E717-C6A6-4D72-AFC2-6D19C5D37A6C}D:\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{D7454C61-EC00-4D57-8699-8896A0E8031C}D:\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{1B1BEF2C-0088-4866-A7E8-C63739194F78}D:\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{CD6B6B07-0AB4-4DD6-91AA-42182240325D}D:\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{A8C5B25F-4631-40E8-8E9D-EBD325800452}D:\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{EFFDE2AB-6369-4A2F-BF72-8F753AD4BCFE}D:\league of legends\rads\projects\league_client\releases\0.0.0.193\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.193\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{52E9227D-F6D3-4DD5-8918-3FED9C1CDF1A}D:\league of legends\rads\projects\league_client\releases\0.0.0.193\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.193\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{F81CC3BA-00DE-4E55-AAE2-DD2C1B2ACA6E}D:\league of legends\rads\projects\league_client\releases\0.0.0.190\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.190\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{FAA3116E-B54A-4459-AFB3-6F95E098DAF0}D:\league of legends\rads\projects\league_client\releases\0.0.0.190\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.190\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{755B8356-49CA-436E-9471-928AF271B9A1}D:\league of legends\rads\projects\league_client\releases\0.0.0.189\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.189\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{727B4094-01C8-4932-AF25-3861D758D55C}D:\league of legends\rads\projects\league_client\releases\0.0.0.189\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.189\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{158AEE44-E4C1-4607-928E-F52EA9DE72F1}D:\league of legends\rads\projects\league_client\releases\0.0.0.184\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.184\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{DE11E38C-873F-4DFB-A407-5E74CC5A4E3F}D:\league of legends\rads\projects\league_client\releases\0.0.0.184\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.184\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{096F6BA9-15D6-468B-897D-4F53D145DB11}D:\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{28AC4DF0-3506-452A-A759-0F57D88DA92D}D:\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{53702A04-72DC-45A9-B0EE-29EDE2B99C79}D:\league of legends\rads\projects\league_client\releases\0.0.0.181\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.181\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{8BBBD486-4A49-4125-A2BD-B256BECE799E}D:\league of legends\rads\projects\league_client\releases\0.0.0.181\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.181\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{BF3C59EB-F68C-4DA6-9D8F-78D50FDC4618}D:\league of legends\rads\projects\league_client\releases\0.0.0.180\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.180\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{36DCFA73-5BD8-4EFC-B05A-4E8908FF7813}D:\league of legends\rads\projects\league_client\releases\0.0.0.180\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.180\deploy\leagueclient.exe No File
FirewallRules: [{56827E1D-1E07-4185-A265-766CCF6AD374}] => (Block) D:\Games\The Elder Scrolls - Skyrim - Special Edition\SkyrimSELauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{6E115B2C-A092-4405-8143-2BD0ACA487FF}] => (Block) D:\Games\The Elder Scrolls - Skyrim - Special Edition\SkyrimSE.exe (Bethesda Softworks) [File not signed]
FirewallRules: [UDP Query User{BD3B6BD9-1B82-476F-9D13-ED3068005548}D:\league of legends\rads\projects\league_client\releases\0.0.0.179\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.179\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{82209BD8-10CA-4701-BFD8-23531BB80AD3}D:\league of legends\rads\projects\league_client\releases\0.0.0.179\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.179\deploy\leagueclient.exe No File
FirewallRules: [{8E4CCCE1-80C4-4846-9897-65BC24ABEE7C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe No File
FirewallRules: [{F2E670F2-BFF1-44D8-92FB-35F41C0DADE4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe No File
FirewallRules: [UDP Query User{90A56B86-9E30-4FEC-AA1D-543104C4AB71}D:\heroes of the storm\versions\base71138\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base71138\heroesofthestorm_x64.exe No File
FirewallRules: [TCP Query User{DA3E68ED-FECA-4505-B936-BF1B3BB215FC}D:\heroes of the storm\versions\base71138\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base71138\heroesofthestorm_x64.exe No File
FirewallRules: [UDP Query User{2B92B0F6-CA02-41B3-82BE-CABAEEF959B4}C:\users\mimic\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\mimic\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{8FABF57D-244A-48E1-B363-78329F468E96}C:\users\mimic\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\mimic\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{21501777-8FF9-40CB-9D27-6CAA70583216}C:\riot games\pbe\rads\projects\league_client\releases\0.0.2.78\deploy\leagueclient.exe] => (Allow) C:\riot games\pbe\rads\projects\league_client\releases\0.0.2.78\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{F07B8AB7-9F3D-4D88-B3C4-0735D2F0959B}C:\riot games\pbe\rads\projects\league_client\releases\0.0.2.78\deploy\leagueclient.exe] => (Allow) C:\riot games\pbe\rads\projects\league_client\releases\0.0.2.78\deploy\leagueclient.exe No File
FirewallRules: [{EB52B047-F494-42B9-A5DB-7B09B7369C18}] => (Allow) D:\Vendetta Gaming Network\NosTale Vendetta\patcher.exe No File
FirewallRules: [UDP Query User{F7554FAB-3AAD-453E-BA62-6AC05A36623E}C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe
FirewallRules: [TCP Query User{B3C4F9DE-EAEB-4BA3-8BEB-5970D5F786D3}C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe
FirewallRules: [{996B30DC-3954-4276-94FD-ED50B20C3916}] => (Allow) C:\Program Files (x86)\(GF26)Don't Starve Together\bin\dontstarve_steam.exe No File
FirewallRules: [{D8244336-5AD6-404F-8BD2-4C63DFC573B1}] => (Allow) C:\Program Files (x86)\(GF26)Don't Starve Together\bin\dontstarve_steam.exe No File
FirewallRules: [{CFAC7C1E-5C2E-4645-AEF1-BB6F002FDFC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe No File
FirewallRules: [{11365570-912C-4B9B-B3E4-E2BDCA707AB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe No File
FirewallRules: [UDP Query User{95396641-5016-4A2F-9BE9-2E3F445A887D}D:\counter-strike 1.6\hl.exe] => (Allow) D:\counter-strike 1.6\hl.exe No File
FirewallRules: [TCP Query User{D914467A-8A65-45C6-992A-98F68486032A}D:\counter-strike 1.6\hl.exe] => (Allow) D:\counter-strike 1.6\hl.exe No File
FirewallRules: [{73E6D535-0CB2-44FB-9900-47151BFA918D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{ED892C48-4E71-4D95-A90F-F6C8E4252F7C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{80BFEDFA-69BB-4D87-8CC6-A40A8AE12D92}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{621B4183-6B32-4C3E-BF18-80FEE17A4546}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{0B58D1CE-5F7B-4CC2-BB89-962CF449D6A5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A3603895-6D9A-4409-927E-BC09D6A1DCC0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [UDP Query User{7F054086-0750-480F-A761-B25574282C98}D:\league of legends\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{FD615BA5-CDA3-4BE1-BD74-DD068A777B36}D:\league of legends\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe No File
FirewallRules: [{ECDFA95B-63D5-4926-9793-E07C8A62ACFA}] => (Allow) D:\Counter-Strike 1.6 GO\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{7C134238-8120-4EB9-9CCA-66F1889DA322}] => (Allow) D:\Counter-Strike 1.6 GO\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [TCP Query User{8BD3491B-407E-48E2-9AFE-26B00082653F}D:\riot games\league of legends (pbe)\game\league of legends.exe] => (Allow) D:\riot games\league of legends (pbe)\game\league of legends.exe (Riot Games, Inc. -> )
FirewallRules: [UDP Query User{CC37225C-E063-4E7C-87BD-B4504106C6EC}D:\riot games\league of legends (pbe)\game\league of legends.exe] => (Allow) D:\riot games\league of legends (pbe)\game\league of legends.exe (Riot Games, Inc. -> )
FirewallRules: [{BEAEBB63-C931-414D-926C-1D584D8BCEC7}] => (Allow) C:\Users\Mimic\AppData\Local\Programs\Opera\65.0.3467.72\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{31013513-4995-43ED-8CE9-31C0F173BD93}] => (Allow) D:\Counter-Strike 1.6 GO\steamapps\common\BombTag\BombTag.exe () [File not signed]
FirewallRules: [{C0A4F349-E66B-40F2-B338-B04768B6D080}] => (Allow) D:\Counter-Strike 1.6 GO\steamapps\common\BombTag\BombTag.exe () [File not signed]
FirewallRules: [{8C73E130-FF27-4B58-8D89-7B7336593365}] => (Allow) D:\Counter-Strike 1.6 GO\steamapps\common\Brawlhalla\Brawlhalla.exe () [File not signed]
FirewallRules: [{068F0BBC-A4C4-45FE-98E7-379FA531023C}] => (Allow) D:\Counter-Strike 1.6 GO\steamapps\common\Brawlhalla\Brawlhalla.exe () [File not signed]
FirewallRules: [{EDAD65BC-FAB0-4772-83AC-530EAFDA050B}] => (Allow) C:\Users\Mimic\AppData\Local\Programs\Opera\65.0.3467.78\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{F3F17166-4CCF-4B73-A1DB-88C25B27D447}D:\classic offik\world of warcraft\_retail_\utils\wowvoiceproxy.exe] => (Block) D:\classic offik\world of warcraft\_retail_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{C5B0D094-E644-4B45-96B1-9ED7BAF19760}D:\classic offik\world of warcraft\_retail_\utils\wowvoiceproxy.exe] => (Block) D:\classic offik\world of warcraft\_retail_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{F171E666-2735-4DC2-A55A-4AFE6041FD26}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{980581DD-B0AD-4FDA-B8F8-FF6E368C6D9C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A4F705B1-4C4C-46FA-A237-C521B28DF216}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7817E14A-7C5F-4F3E-9608-8FADC57FDC0A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{1A386DA8-BB9C-4F23-867A-3408BE412FCF}] => (Allow) D:\Counter-Strike 1.6 GO\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{CD0EB855-7DD4-46E0-9505-1ACE30BF189C}] => (Allow) D:\Counter-Strike 1.6 GO\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{E9CFCBEC-961B-49E2-B3F2-7C0507ACAC80}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe No File
FirewallRules: [{DEBC685A-0DEC-4F59-9EB3-2E73AD5129FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe No File
FirewallRules: [{090EDC91-0A93-4D16-AE08-A5B7C320B217}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe No File
FirewallRules: [{8B0E738C-8FD7-464D-B2B7-842AD6B97FB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe No File
FirewallRules: [TCP Query User{600834BD-4ADE-4F38-9475-62B66FE6874F}D:\heroes of the storm\versions\base78725\heroesofthestorm_x64.exe] => (Block) D:\heroes of the storm\versions\base78725\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [UDP Query User{5C2FE8F3-9A14-450C-8A9E-071F647CDC9F}D:\heroes of the storm\versions\base78725\heroesofthestorm_x64.exe] => (Block) D:\heroes of the storm\versions\base78725\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [{215354C0-76C2-4636-B2E5-5E86AEB05DFA}] => (Allow) C:\Users\Mimic\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{02AAF38C-CD4E-49C9-9255-3D2791C41CE1}] => (Allow) C:\Users\Mimic\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{2C7FD055-0E95-43EB-8E53-06EED82AE80C}D:\games\outlast 2\binaries\win64\outlast2.exe] => (Allow) D:\games\outlast 2\binaries\win64\outlast2.exe (Red Barrels Inc.) [File not signed]
FirewallRules: [UDP Query User{72603C6B-0B21-415B-9035-D72FA9D526A7}D:\games\outlast 2\binaries\win64\outlast2.exe] => (Allow) D:\games\outlast 2\binaries\win64\outlast2.exe (Red Barrels Inc.) [File not signed]
FirewallRules: [{7F93D4D9-CE47-4444-9DFE-84B58696F12B}] => (Allow) D:\Anthem\Anthem\AnthemTrial.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{396E3DD0-69B2-4BF3-912A-8A9E51AE5048}] => (Allow) D:\Anthem\Anthem\AnthemTrial.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{27D9DD25-3B62-4AC9-94CF-2714482765A4}] => (Allow) D:\Anthem\Anthem\Anthem.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{4369BD5D-7FA0-4265-AE83-7A736561D927}] => (Allow) D:\Anthem\Anthem\Anthem.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{EB9D5BF6-FC61-4220-9FBC-A84532C6590E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12106.2.48003.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4E030515-2D49-408E-AFD0-45772A87DBC3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12106.2.48003.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{22BB9CB9-7CFC-43FB-AD76-4E4AC4F9AC00}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12106.2.48003.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E908B8D5-1C91-48CD-91A1-D065411D0AC0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12106.2.48003.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D855C73C-0B77-456D-B309-E2757AC46A09}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12106.2.48003.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B8165DDD-D695-4FFB-A613-BC2542BF28C4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12106.2.48003.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C1B71D93-1041-449B-BC83-254C613DD8EF}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12106.2.48003.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BBF22A65-CC99-464C-BDC2-1B4BE6C631EF}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12106.2.48003.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{524A7336-5E55-4F98-8669-441052FFD714}C:\users\mimic\appdata\roaming\twitch\bin\electron\twitchui.exe] => (Allow) C:\users\mimic\appdata\roaming\twitch\bin\electron\twitchui.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.)
FirewallRules: [UDP Query User{54735A18-A5B6-4B5E-A85C-C8AA885F95D1}C:\users\mimic\appdata\roaming\twitch\bin\electron\twitchui.exe] => (Allow) C:\users\mimic\appdata\roaming\twitch\bin\electron\twitchui.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.)
FirewallRules: [TCP Query User{4A848F37-B344-412D-A37D-D323EDCFFC0D}C:\program files\java\jre1.8.0_161\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_161\bin\javaw.exe
FirewallRules: [UDP Query User{013B8A78-4D65-44C3-90DE-BF6345702C82}C:\program files\java\jre1.8.0_161\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_161\bin\javaw.exe
FirewallRules: [{0A76B535-8FCC-4DD7-BD9B-CE9F0526C05B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:111.25 GB) (Free:29.12 GB) (26%)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/09/2020 01:13:00 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (5332,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (05/09/2020 01:06:05 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0x8007232B
Argument příkazového řádku:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/09/2020 01:06:00 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0x8007232B
Argument příkazového řádku:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (05/09/2020 01:04:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: wyfdggcc.exe, verze: 1.0.0.1, časové razítko: 0x5eb58a35
Název chybujícího modulu: ntdll.dll, verze: 10.0.18362.778, časové razítko: 0x3dcfaabb
Kód výjimky: 0xc0000005
Posun chyby: 0x0003ae65
ID chybujícího procesu: 0x4f50
Čas spuštění chybující aplikace: 0x01d6258d07ca9055
Cesta k chybující aplikaci: C:\Users\Mimic\AppData\Local\Temp\fdveipnh50p\wyfdggcc.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: 1bb42639-3c2a-403c-8c77-bf60aedf40ca
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (05/09/2020 01:04:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: 5DBD.tmp.exe, verze: 1.0.5.1, časové razítko: 0x5e6d29ac
Název chybujícího modulu: 5DBD.tmp.exe, verze: 1.0.5.1, časové razítko: 0x5e6d29ac
Kód výjimky: 0xc0000005
Posun chyby: 0x0000b711
ID chybujícího procesu: 0x24f8
Čas spuštění chybující aplikace: 0x01d6258d150bc199
Cesta k chybující aplikaci: C:\Users\Mimic\AppData\Local\Temp\5DBD.tmp.exe
Cesta k chybujícímu modulu: C:\Users\Mimic\AppData\Local\Temp\5DBD.tmp.exe
ID zprávy: 93c7e854-a859-4225-81ec-d24a82c9ee7f
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (05/09/2020 01:04:45 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: DESKTOP-0G63EDE)
Description: Aplikaci nebo službu Discord nelze ukončit.

Error: (05/09/2020 01:04:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: 4esv3idtggw.exe, verze: 1.0.5.1, časové razítko: 0x5e6f3cde
Název chybujícího modulu: 4esv3idtggw.exe, verze: 1.0.5.1, časové razítko: 0x5e6f3cde
Kód výjimky: 0xc0000005
Posun chyby: 0x00001823
ID chybujícího procesu: 0x16c
Čas spuštění chybující aplikace: 0x01d6258d05355c0e
Cesta k chybující aplikaci: C:\Users\Mimic\AppData\Local\Temp\saibcakfy4c\4esv3idtggw.exe
Cesta k chybujícímu modulu: C:\Users\Mimic\AppData\Local\Temp\saibcakfy4c\4esv3idtggw.exe
ID zprávy: 7f318d66-9541-4da7-a4e5-1c7eaa5cce64
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (05/09/2020 01:02:01 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8064,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).


System errors:
=============
Error: (05/09/2020 01:15:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba bookingDesktopApp Update Service (bookingdesktopapp) byla neočekávaně ukončena. Tento stav nastal již 2krát.

Error: (05/09/2020 01:08:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba bookingDesktopApp Update Service (bookingdesktopapp) byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (05/09/2020 01:07:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba gupdate neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (05/09/2020 01:05:39 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (12:34:29 AM, ‎5/‎9/‎2020) bylo neočekávané.

Error: (05/09/2020 12:49:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Steam Client Service neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (05/09/2020 12:49:26 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Steam Client Service bylo dosaženo časového limitu (30000 ms).

Error: (05/09/2020 12:45:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba bookingDesktopApp Update Service (bookingdesktopapp) byla neočekávaně ukončena. Tento stav nastal již 20krát.

Error: (05/09/2020 12:31:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Uživatelská služba nabízených oznámení Windows_8185f3a byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.


Windows Defender:
===================================
Date: 2019-10-20 09:57:33.067
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno pred dokoncením.
ID prohledávání: {2C93FBD5-A97B-4952-96D7-42FE3B86E0FF}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-10-16 12:41:55.285
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálne nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Netpass
ID: 2147605535
Závažnost: High
Kategorie: Tool
Cesta: file:_C:\Program Files (x86)\NirSoft\WebBrowserPassView\WebBrowserPassView.exe; file:_C:\Users\Mimic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft WebBrowserPassView\WebBrowserPassView.lnk; startup:_C:\Users\Mimic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft WebBrowserPassView\WebBrowserPassView.lnk
Puvod detekce: Místní pocítac
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném case
Uživatel: DESKTOP-0G63EDE\Mimic
Název procesu: C:\Windows\System32\RuntimeBroker.exe
Verze bezpecnostních informací: AV: 1.303.1818.0, AS: 1.303.1818.0, NIS: 1.303.1818.0
Verze modulu: AM: 1.1.16400.2, NIS: 1.1.16400.2

Date: 2019-10-16 12:41:29.005
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálne nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Netpass
ID: 2147605535
Závažnost: High
Kategorie: Tool
Cesta: file:_C:\Program Files (x86)\NirSoft\WebBrowserPassView\WebBrowserPassView.exe
Puvod detekce: Místní pocítac
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném case
Uživatel: DESKTOP-0G63EDE\Mimic
Název procesu: C:\Windows\System32\RuntimeBroker.exe
Verze bezpecnostních informací: AV: 1.303.1818.0, AS: 1.303.1818.0, NIS: 1.303.1818.0
Verze modulu: AM: 1.1.16400.2, NIS: 1.1.16400.2

CodeIntegrity:
===================================

Date: 2020-05-09 01:17:52.619
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\PROGRAM FILES\AVAST SOFTWARE\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-09 01:17:52.609
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-09 01:17:52.198
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\PROGRAM FILES\AVAST SOFTWARE\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-09 01:17:52.186
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-09 01:16:55.193
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\PROGRAM FILES\AVAST SOFTWARE\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-09 01:16:55.190
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-09 01:16:53.149
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\PROGRAM FILES\AVAST SOFTWARE\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-09 01:16:53.146
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\PROGRAM FILES\AVAST SOFTWARE\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. F22b 02/13/2018
Motherboard: Gigabyte Technology Co., Ltd. AB350-Gaming 3-CF
Processor: AMD Ryzen 5 1600 Six-Core Processor
Percentage of memory in use: 90%
Total physical RAM: 8143.28 MB
Available physical RAM: 736.58 MB
Total Virtual: 16847.28 MB
Available Virtual: 4153.33 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.25 GB) (Free:29.12 GB) NTFS
Drive d: () (Fixed) (Total:931.5 GB) (Free:111.44 GB) NTFS

\\?\Volume{d933678a-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.54 GB) (Free:0.1 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: D933678A)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Re: Prosím o kontrolu

Napsal: 09 kvě 2020 14:13
od JaRon
Ahoj,
no mss to krasne naskrz zavirene
Vycisti PC s Avptool, ak by bol problem v normal, spust s nudzovom rezime

Re: Prosím o kontrolu

Napsal: 10 kvě 2020 00:19
od verunka1242a
Hotovo .. vyčistěno :) snad .. :D co teď?

Re: Prosím o kontrolu

Napsal: 10 kvě 2020 08:32
od JaRon
Kedze to bolo velmi zavirene doporucujem este vycistit PC s MBAM a ADWCleanerom
Vsetko najdene nechaj zmazat a vloz po akcii logy FRST, v pondelok skontrolujem

Re: Prosím o kontrolu

Napsal: 22 kvě 2020 22:59
od verunka1242a
dívám se na MBAM a když tam máte obrázky tak je nevidím ...

Re: Prosím o kontrolu

Napsal: 22 kvě 2020 23:16
od verunka1242a
***** [ Folders ] *****

Deleted C:\Program Files (x86)\DreamTrips
Deleted C:\Users\Mimic\AppData\Roaming\Tencent

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\DreamTrips
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\warthunder.com
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{993F5746-4C15-42BC-99C1-064A1764271B}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|SysHelper
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\PRODUCTSETUP
Deleted HKCU\Software\csastats
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|DiskFixer
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{13E374E4-E610-4F9E-ACC4-E461DA17D869}_is1
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.SamsungSmartSwitch File C:\Users\Mimic\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Smart Switch.lnk
Deleted Preinstalled.SamsungSmartSwitch File C:\Users\Public\Desktop\Smart Switch.lnk
Deleted Preinstalled.SamsungSmartSwitch Folder C:\Program Files (x86)\SAMSUNG\SMART SWITCH PC
Deleted Preinstalled.SamsungSmartSwitch Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAMSUNG\SMART SWITCH PC
Deleted Preinstalled.SamsungSmartSwitch Folder C:\Users\Mimic\AppData\Roaming\SAMSUNG\SMART SWITCH PC
Deleted Preinstalled.SamsungSmartSwitch Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}
Deleted Preinstalled.SamsungSmartSwitch Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3795 octets] - [23/05/2020 00:13:20]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Re: Prosím o kontrolu

Napsal: 22 kvě 2020 23:19
od verunka1242a
nemůžu otevřít frst64.exe prej - nedostatečná oprávnění .. a přitom to minule šlo

Re: Prosím o kontrolu

Napsal: 23 kvě 2020 17:21
od JaRon
Este ten MBAM, aj ked obrazky nevidis, stiahni a spust, su tam dva funkcne linky
Vsetko najdene daj zmazat, log sem

Re: Prosím o kontrolu

Napsal: 23 kvě 2020 21:42
od verunka1242a
Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 23.05.20
Čas skenování: 22:11
Logovací soubor: 8feae3b4-9d31-11ea-9850-e0d55e2cf5cb.json

-Informace o softwaru-
Verze: 4.1.0.56
Verze komponentů: 1.0.920
Aktualizovat verzi balíku komponent: 1.0.24326
Licence: Zkušební

-Systémová informace-
OS: Windows 10 (Build 18362.778)
CPU: x64
Systém souborů: NTFS
Uživatel: DESKTOP-0G63EDE\Mimic

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 313870
Zjištěné hrozby: 1
Hrozby umístěné do karantény: 1
Uplynulý čas: 7 min, 7 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 1
Trojan.Downloader.E, HKU\S-1-5-21-1235492812-2151765122-4279266773-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\STARTUPAPPROVED\RUN|1959965, V karanténě, 2856, 451404, 1.0.24326, , ame,

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

Re: Prosím o kontrolu

Napsal: 23 kvě 2020 22:00
od JaRon
Super, su este nejake problemy ?

Re: Prosím o kontrolu

Napsal: 23 kvě 2020 23:19
od verunka1242a
no mám tam trojana né? :D nebo už né?

Re: Prosím o kontrolu

Napsal: 24 kvě 2020 08:28
od JaRon
Podla logu bol umiestneny do karanteny, cize OK
Vycisti PC CCleanerom, vcetne registrov a napis, ci su nejake problemy ?

Re: Prosím o kontrolu

Napsal: 18 srp 2020 14:33
od verunka1242a
Zdravím potřebovala bych kontrolu logů :) ntb je nějak pomalejší a nevím čím to je :(

Re: Prosím o kontrolu

Napsal: 19 srp 2020 08:12
od JaRon
ahoj,
vloz log FRST do prispevku - ten rar mi nejde otvorit
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz