Prosím o kontrolu logu

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Uživatelský avatar
actionboy
Level 4
Level 4
Příspěvky: 1248
Registrován: listopad 07
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod actionboy » 07 led 2018 20:47

zoek ještě zkusim v tom nouzovém režimu.

aswMBR mi pokaždé skončil modrou smrtí...ale těsně před ní to myslím skončilo s výsledkem hrozeb...nebo co tam bylo napsáno - všiml jsem si jen té nuly

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
Ran by jan_u (administrator) on LAPTOP-MSKMH8EU (07-01-2018 20:37:36)
Running from C:\Users\jan_u\Downloads
Loaded Profiles: jan_u (Available Profiles: jan_u)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(www.ext2fsd.com) C:\Program Files\Ext2Fsd\Ext2Srv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Nitro Software, Inc.) C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5x64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe
(Ext2Fsd Group (www.ext2fsd.com)) C:\Program Files\Ext2Fsd\Ext2Mgr.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
() C:\OEM\Preload\FubTracking\FubTracking.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16152792 2015-07-17] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKU\S-1-5-21-1299869826-3957874853-2790533589-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-04-24] (Disc Soft Ltd)
HKU\S-1-5-21-1299869826-3957874853-2790533589-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-1299869826-3957874853-2790533589-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-1299869826-3957874853-2790533589-1001\...\Policies\Explorer: []

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 217.196.124.1 192.168.0.1
Tcpip\..\Interfaces\{421142d8-50da-4006-8ad3-0059eff3b255}: [DhcpNameServer] 217.196.124.1 192.168.0.1
Tcpip\..\Interfaces\{d3aeb9ce-fb8a-4c93-887e-df4685ab01df}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKU\S-1-5-21-1299869826-3957874853-2790533589-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-09-05] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-09-05] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-08-15] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-09-05] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: zpd4zow9.default
FF ProfilePath: C:\Users\jan_u\AppData\Roaming\Mozilla\Firefox\Profiles\zpd4zow9.default [2018-01-07]
FF Homepage: Mozilla\Firefox\Profiles\zpd4zow9.default -> about:home
FF NewTab: Mozilla\Firefox\Profiles\zpd4zow9.default -> about:newtab
FF NetworkProxy: Mozilla\Firefox\Profiles\zpd4zow9.default -> type", 0
FF Extension: (Flash Video Downloader) - C:\Users\jan_u\AppData\Roaming\Mozilla\Firefox\Profiles\zpd4zow9.default\Extensions\artur.dubovoy@gmail.com.xpi [2017-12-29]
FF Extension: (YouTube mp3) - C:\Users\jan_u\AppData\Roaming\Mozilla\Firefox\Profiles\zpd4zow9.default\Extensions\info@youtube-mp3.org.xpi [2017-01-24] [Legacy]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\jan_u\AppData\Roaming\Mozilla\Firefox\Profiles\zpd4zow9.default\Extensions\langpack-cs@firefox.mozilla.org.xpi [2017-11-15] [Legacy]
FF Extension: (S3.Translator) - C:\Users\jan_u\AppData\Roaming\Mozilla\Firefox\Profiles\zpd4zow9.default\Extensions\s3google@translator.xpi [2017-12-23]
FF Extension: (Adblock Plus) - C:\Users\jan_u\AppData\Roaming\Mozilla\Firefox\Profiles\zpd4zow9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-12]
FF Extension: (Disable JavaScript Shared Memory) - C:\Users\jan_u\AppData\Roaming\Mozilla\Firefox\Profiles\zpd4zow9.default\features\{94103d1d-74df-488b-a1bc-63d79bd7dcf7}\disable-js-shared-memory@mozilla.org.xpi [2018-01-06] [Legacy]
FF Extension: (Amazon 1Button App for Firefox) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\abb@amazon.com [2017-01-27] [Legacy] [not signed]
FF Extension: (Czech (CZ) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-cs@firefox.mozilla.org [2017-01-27] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-12] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-01-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2017-01-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 5\npnitromozilla.dll [2016-08-02] (Nitro PDF)

Opera:
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-06-30] (Windows (R) Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2278616 2017-03-20] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058416 2017-09-05] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-04-24] (Disc Soft Ltd)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573568 2015-05-14] (Acer Incorporated)
R2 Ext2Srv; C:\Program Files\Ext2Fsd\Ext2Srv.exe [34816 2017-02-22] (www.ext2fsd.com)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
S3 mracsvc; C:\WINDOWS\System32\mracsvc.exe [7409368 2017-12-25] (LLC Mail.Ru)
R2 NitroReaderDriverReadSpool5; C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5x64.exe [327328 2016-08-02] (Nitro Software, Inc.)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [395616 2015-07-18] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [450400 2015-07-18] (Acer Incorporated)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [247040 2015-05-27] (acer)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-08] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-08] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0319312.inf_amd64_1bd7dae294b3987b\atikmdag.sys [36566432 2017-10-24] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0319312.inf_amd64_1bd7dae294b3987b\atikmpag.sys [537504 2017-10-24] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [97672 2017-05-16] (Advanced Micro Devices, Inc.)
R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110088 2017-03-31] (Advanced Micro Devices)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-06-10] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-06-10] (Disc Soft Ltd)
R2 Ext2Fsd; C:\WINDOWS\system32\Drivers\Ext2Fsd.sys [814080 2017-02-22] (www.ext2fsd.com)
S3 IT9135BDA; C:\WINDOWS\System32\Drivers\IT9135BDA.sys [188280 2017-09-23] (ITE )
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21344 2015-07-18] (Acer Incorporated)
R1 MpKsl9c5b5c69; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{61D58017-7F69-4939-92DF-B78274EA6CF3}\MpKsl9c5b5c69.sys [58120 2018-01-07] (Microsoft Corporation)
R1 MpKsld4786bdf; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5781008F-3945-48DF-BEB0-9618E0C558F6}\MpKsld4786bdf.sys [58120 2018-01-07] (Microsoft Corporation)
R1 MpKsld9fc1917; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{843076B2-11C9-4CD6-BC12-34ABEE9E045D}\MpKsld9fc1917.sys [58120 2018-01-07] (Microsoft Corporation)
S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv.sys [6637344 2017-12-25] (LLC Mail.Ru)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14688 2015-07-18] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-15] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [753368 2015-06-15] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [47784 2015-07-29] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2017-12-08] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2017-12-08] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-08] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2018-01-03] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-01-03] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-07 20:37 - 2018-01-07 20:38 - 000013748 _____ C:\Users\jan_u\Downloads\FRST.txt
2018-01-07 20:37 - 2018-01-07 20:37 - 000000000 ____D C:\FRST
2018-01-07 20:25 - 2018-01-07 20:25 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-01-07 20:14 - 2018-01-07 20:25 - 000000000 ____D C:\WINDOWS\Minidump
2018-01-07 20:01 - 2018-01-07 20:01 - 002393088 _____ (Farbar) C:\Users\jan_u\Downloads\FRST64.exe
2018-01-07 20:00 - 2018-01-07 20:01 - 005200384 _____ (AVAST Software) C:\Users\jan_u\Downloads\aswmbr.exe
2018-01-06 09:20 - 2018-01-06 09:20 - 000000000 ___HD C:\OneDriveTemp
2018-01-05 18:31 - 2018-01-01 13:51 - 001055128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-01-05 18:31 - 2018-01-01 13:51 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-01-05 18:31 - 2018-01-01 13:49 - 008605080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-01-05 18:31 - 2018-01-01 13:48 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-01-05 18:31 - 2018-01-01 13:48 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-01-05 18:31 - 2018-01-01 13:47 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-01-05 18:31 - 2018-01-01 13:46 - 002709704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-01-05 18:31 - 2018-01-01 13:46 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-01-05 18:31 - 2018-01-01 13:45 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-01-05 18:31 - 2018-01-01 13:45 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-01-05 18:31 - 2018-01-01 13:45 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-01-05 18:31 - 2018-01-01 13:42 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-01-05 18:31 - 2018-01-01 13:40 - 001206680 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-01-05 18:31 - 2018-01-01 13:39 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-05 18:31 - 2018-01-01 13:39 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-01-05 18:31 - 2018-01-01 13:39 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-01-05 18:31 - 2018-01-01 13:37 - 001426664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-01-05 18:31 - 2018-01-01 13:36 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-01-05 18:31 - 2018-01-01 13:35 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-01-05 18:31 - 2018-01-01 13:34 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-01-05 18:31 - 2018-01-01 13:33 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-01-05 18:31 - 2018-01-01 13:32 - 004481240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-01-05 18:31 - 2018-01-01 13:27 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-01-05 18:31 - 2018-01-01 13:26 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-01-05 18:31 - 2018-01-01 13:25 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-01-05 18:31 - 2018-01-01 13:25 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-01-05 18:31 - 2018-01-01 12:53 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-01-05 18:31 - 2018-01-01 12:45 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-01-05 18:31 - 2018-01-01 12:45 - 002192624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-01-05 18:31 - 2018-01-01 12:42 - 006479552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-05 18:31 - 2018-01-01 12:42 - 004644912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-01-05 18:31 - 2018-01-01 12:42 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-01-05 18:31 - 2018-01-01 12:42 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-01-05 18:31 - 2018-01-01 12:37 - 025247232 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-01-05 18:31 - 2018-01-01 12:34 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-05 18:31 - 2018-01-01 12:25 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-01-05 18:31 - 2018-01-01 12:25 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-01-05 18:31 - 2018-01-01 12:24 - 003668480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-01-05 18:31 - 2018-01-01 12:24 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-01-05 18:31 - 2018-01-01 12:23 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-01-05 18:31 - 2018-01-01 12:23 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-01-05 18:31 - 2018-01-01 12:21 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-01-05 18:31 - 2018-01-01 12:20 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-01-05 18:31 - 2018-01-01 12:20 - 018917888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-01-05 18:31 - 2018-01-01 12:19 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-01-05 18:31 - 2018-01-01 12:19 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-01-05 18:31 - 2018-01-01 12:19 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-01-05 18:31 - 2018-01-01 12:19 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-01-05 18:31 - 2018-01-01 12:18 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-01-05 18:31 - 2018-01-01 12:18 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-01-05 18:31 - 2018-01-01 12:18 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-01-05 18:31 - 2018-01-01 12:17 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-01-05 18:31 - 2018-01-01 12:17 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-01-05 18:31 - 2018-01-01 12:17 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-01-05 18:31 - 2018-01-01 12:17 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-01-05 18:31 - 2018-01-01 12:16 - 003676672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-01-05 18:31 - 2018-01-01 12:16 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-01-05 18:31 - 2018-01-01 12:16 - 000812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-01-05 18:31 - 2018-01-01 12:16 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-05 18:31 - 2018-01-01 12:16 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-05 18:31 - 2018-01-01 12:16 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-05 18:31 - 2018-01-01 12:15 - 006029312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-01-05 18:31 - 2018-01-01 12:15 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-05 18:31 - 2018-01-01 12:14 - 023655936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-01-05 18:31 - 2018-01-01 12:14 - 002465280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-01-05 18:31 - 2018-01-01 12:13 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-01-05 18:31 - 2018-01-01 12:13 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-01-05 18:31 - 2018-01-01 12:12 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-01-05 18:31 - 2018-01-01 12:12 - 001547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-01-05 18:31 - 2018-01-01 12:12 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-01-05 18:31 - 2018-01-01 12:11 - 008108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-01-05 18:31 - 2018-01-01 12:11 - 004748288 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-01-05 18:31 - 2018-01-01 12:11 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-01-05 18:31 - 2018-01-01 12:11 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-01-05 18:31 - 2018-01-01 12:11 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-05 18:31 - 2018-01-01 12:09 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-01-05 18:31 - 2018-01-01 12:09 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-01-05 18:31 - 2018-01-01 12:08 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-01-05 18:31 - 2018-01-01 12:08 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-01-05 18:30 - 2018-01-01 18:15 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-01-05 18:30 - 2018-01-01 13:50 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-01-05 18:30 - 2018-01-01 13:50 - 000780464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-01-05 18:30 - 2018-01-01 13:49 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-01-05 18:30 - 2018-01-01 13:42 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-01-05 18:30 - 2018-01-01 13:41 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-01-05 18:30 - 2018-01-01 13:39 - 000677784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-01-05 18:30 - 2018-01-01 13:38 - 003904808 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-01-05 18:30 - 2018-01-01 13:23 - 021352144 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-01-05 18:30 - 2018-01-01 13:03 - 000650328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-01-05 18:30 - 2018-01-01 13:03 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-01-05 18:30 - 2018-01-01 12:46 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-01-05 18:30 - 2018-01-01 12:45 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-01-05 18:30 - 2018-01-01 12:43 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-01-05 18:30 - 2018-01-01 12:25 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-01-05 18:30 - 2018-01-01 12:25 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2018-01-05 18:30 - 2018-01-01 12:23 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-01-05 18:30 - 2018-01-01 12:19 - 008014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-01-05 18:30 - 2018-01-01 12:19 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-01-05 18:30 - 2018-01-01 12:17 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-01-05 18:30 - 2018-01-01 12:16 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-01-05 18:30 - 2018-01-01 12:14 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-01-05 18:30 - 2018-01-01 12:13 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-05 18:30 - 2018-01-01 12:13 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-01-05 18:30 - 2018-01-01 12:12 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-01-05 18:30 - 2018-01-01 12:11 - 003165696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-01-05 18:30 - 2018-01-01 12:11 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-01-05 18:30 - 2018-01-01 12:11 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-05 18:30 - 2018-01-01 12:08 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-05 18:30 - 2018-01-01 12:05 - 002510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-01-05 18:30 - 2018-01-01 12:05 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-01-05 18:29 - 2018-01-01 13:54 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-01-05 18:29 - 2018-01-01 13:53 - 001090984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-01-05 18:29 - 2018-01-01 13:52 - 000066712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-01-05 18:29 - 2018-01-01 13:51 - 001414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-01-05 18:29 - 2018-01-01 13:51 - 001209240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-01-05 18:29 - 2018-01-01 13:51 - 000191816 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-01-05 18:29 - 2018-01-01 13:50 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-01-05 18:29 - 2018-01-01 13:50 - 000077208 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-01-05 18:29 - 2018-01-01 13:49 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-01-05 18:29 - 2018-01-01 13:49 - 000292376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-01-05 18:29 - 2018-01-01 13:48 - 000382360 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-01-05 18:29 - 2018-01-01 13:47 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-01-05 18:29 - 2018-01-01 13:46 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-01-05 18:29 - 2018-01-01 13:46 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-01-05 18:29 - 2018-01-01 13:43 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-01-05 18:29 - 2018-01-01 13:43 - 000367336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-01-05 18:29 - 2018-01-01 13:43 - 000062872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-01-05 18:29 - 2018-01-01 13:42 - 001029016 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-01-05 18:29 - 2018-01-01 13:42 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-01-05 18:29 - 2018-01-01 13:42 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-01-05 18:29 - 2018-01-01 13:41 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-01-05 18:29 - 2018-01-01 13:41 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-01-05 18:29 - 2018-01-01 13:39 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-01-05 18:29 - 2018-01-01 13:38 - 000727448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-01-05 18:29 - 2018-01-01 13:38 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-01-05 18:29 - 2018-01-01 13:38 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-01-05 18:29 - 2018-01-01 13:38 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2018-01-05 18:29 - 2018-01-01 13:37 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-01-05 18:29 - 2018-01-01 13:36 - 000413888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-01-05 18:29 - 2018-01-01 13:36 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-01-05 18:29 - 2018-01-01 13:36 - 000113560 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-01-05 18:29 - 2018-01-01 13:36 - 000057752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-01-05 18:29 - 2018-01-01 13:35 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-01-05 18:29 - 2018-01-01 13:34 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-01-05 18:29 - 2018-01-01 13:34 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-01-05 18:29 - 2018-01-01 13:34 - 000087384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-01-05 18:29 - 2018-01-01 13:33 - 002773400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-01-05 18:29 - 2018-01-01 13:32 - 000617304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-01-05 18:29 - 2018-01-01 13:27 - 000163736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-01-05 18:29 - 2018-01-01 13:26 - 000081304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-01-05 18:29 - 2018-01-01 13:21 - 001103768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-01-05 18:29 - 2018-01-01 13:21 - 000614296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-01-05 18:29 - 2018-01-01 13:06 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-01-05 18:29 - 2018-01-01 13:03 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-01-05 18:29 - 2018-01-01 13:03 - 000566664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-01-05 18:29 - 2018-01-01 12:49 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-01-05 18:29 - 2018-01-01 12:49 - 000258808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2018-01-05 18:29 - 2018-01-01 12:46 - 000289816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-05 18:29 - 2018-01-01 12:45 - 000450928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-01-05 18:29 - 2018-01-01 12:42 - 001003152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-01-05 18:29 - 2018-01-01 12:42 - 000386424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-01-05 18:29 - 2018-01-01 12:42 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-01-05 18:29 - 2018-01-01 12:42 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-01-05 18:29 - 2018-01-01 12:25 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-01-05 18:29 - 2018-01-01 12:24 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll
2018-01-05 18:29 - 2018-01-01 12:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-01-05 18:29 - 2018-01-01 12:24 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-01-05 18:29 - 2018-01-01 12:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-01-05 18:29 - 2018-01-01 12:23 - 000385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-01-05 18:29 - 2018-01-01 12:23 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-01-05 18:29 - 2018-01-01 12:23 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-01-05 18:29 - 2018-01-01 12:23 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-01-05 18:29 - 2018-01-01 12:23 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-01-05 18:29 - 2018-01-01 12:22 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-01-05 18:29 - 2018-01-01 12:22 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-01-05 18:29 - 2018-01-01 12:22 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-01-05 18:29 - 2018-01-01 12:21 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-01-05 18:29 - 2018-01-01 12:21 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2018-01-05 18:29 - 2018-01-01 12:21 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2018-01-05 18:29 - 2018-01-01 12:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-01-05 18:29 - 2018-01-01 12:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
2018-01-05 18:29 - 2018-01-01 12:21 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-01-05 18:29 - 2018-01-01 12:21 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-01-05 18:29 - 2018-01-01 12:20 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-01-05 18:29 - 2018-01-01 12:20 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-01-05 18:29 - 2018-01-01 12:20 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-01-05 18:29 - 2018-01-01 12:20 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-01-05 18:29 - 2018-01-01 12:20 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-01-05 18:29 - 2018-01-01 12:20 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-01-05 18:29 - 2018-01-01 12:20 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-01-05 18:29 - 2018-01-01 12:20 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-01-05 18:29 - 2018-01-01 12:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-01-05 18:29 - 2018-01-01 12:20 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-01-05 18:29 - 2018-01-01 12:20 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-01-05 18:29 - 2018-01-01 12:20 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2018-01-05 18:29 - 2018-01-01 12:20 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-01-05 18:29 - 2018-01-01 12:20 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-01-05 18:29 - 2018-01-01 12:20 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2018-01-05 18:29 - 2018-01-01 12:19 - 000795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-01-05 18:29 - 2018-01-01 12:19 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-01-05 18:29 - 2018-01-01 12:19 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-05 18:29 - 2018-01-01 12:19 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-01-05 18:29 - 2018-01-01 12:19 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-01-05 18:29 - 2018-01-01 12:19 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-01-05 18:29 - 2018-01-01 12:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-01-05 18:29 - 2018-01-01 12:19 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2018-01-05 18:29 - 2018-01-01 12:19 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-01-05 18:29 - 2018-01-01 12:19 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-01-05 18:29 - 2018-01-01 12:19 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-01-05 18:29 - 2018-01-01 12:19 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll
2018-01-05 18:29 - 2018-01-01 12:19 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-01-05 18:29 - 2018-01-01 12:19 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-01-05 18:29 - 2018-01-01 12:19 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-01-05 18:29 - 2018-01-01 12:19 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-01-05 18:29 - 2018-01-01 12:19 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-01-05 18:29 - 2018-01-01 12:18 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-01-05 18:29 - 2018-01-01 12:18 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-01-05 18:29 - 2018-01-01 12:18 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-01-05 18:29 - 2018-01-01 12:18 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-01-05 18:29 - 2018-01-01 12:18 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-01-05 18:29 - 2018-01-01 12:18 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-01-05 18:29 - 2018-01-01 12:18 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-01-05 18:29 - 2018-01-01 12:18 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-01-05 18:29 - 2018-01-01 12:18 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-01-05 18:29 - 2018-01-01 12:18 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2018-01-05 18:29 - 2018-01-01 12:18 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-01-05 18:29 - 2018-01-01 12:18 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-01-05 18:29 - 2018-01-01 12:18 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-01-05 18:29 - 2018-01-01 12:18 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-01-05 18:29 - 2018-01-01 12:18 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-01-05 18:29 - 2018-01-01 12:18 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-01-05 18:29 - 2018-01-01 12:18 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-01-05 18:29 - 2018-01-01 12:18 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2018-01-05 18:29 - 2018-01-01 12:17 - 006564864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-01-05 18:29 - 2018-01-01 12:17 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-01-05 18:29 - 2018-01-01 12:17 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-01-05 18:29 - 2018-01-01 12:17 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-01-05 18:29 - 2018-01-01 12:17 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-01-05 18:29 - 2018-01-01 12:17 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-01-05 18:29 - 2018-01-01 12:17 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-01-05 18:29 - 2018-01-01 12:17 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-01-05 18:29 - 2018-01-01 12:17 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-01-05 18:29 - 2018-01-01 12:17 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-01-05 18:29 - 2018-01-01 12:17 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
2018-01-05 18:29 - 2018-01-01 12:16 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-01-05 18:29 - 2018-01-01 12:16 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-01-05 18:29 - 2018-01-01 12:16 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-01-05 18:29 - 2018-01-01 12:16 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-01-05 18:29 - 2018-01-01 12:16 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-01-05 18:29 - 2018-01-01 12:16 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-01-05 18:29 - 2018-01-01 12:16 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-01-05 18:29 - 2018-01-01 12:16 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-01-05 18:29 - 2018-01-01 12:16 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-01-05 18:29 - 2018-01-01 12:16 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-01-05 18:29 - 2018-01-01 12:16 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-01-05 18:29 - 2018-01-01 12:15 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-01-05 18:29 - 2018-01-01 12:15 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-01-05 18:29 - 2018-01-01 12:15 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-01-05 18:29 - 2018-01-01 12:15 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-01-05 18:29 - 2018-01-01 12:15 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-01-05 18:29 - 2018-01-01 12:15 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-01-05 18:29 - 2018-01-01 12:15 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2018-01-05 18:29 - 2018-01-01 12:15 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-01-05 18:29 - 2018-01-01 12:15 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-01-05 18:29 - 2018-01-01 12:14 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-01-05 18:29 - 2018-01-01 12:14 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-01-05 18:29 - 2018-01-01 12:14 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-01-05 18:29 - 2018-01-01 12:14 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-01-05 18:29 - 2018-01-01 12:14 - 000870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-01-05 18:29 - 2018-01-01 12:13 - 002013184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-01-05 18:29 - 2018-01-01 12:13 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-01-05 18:29 - 2018-01-01 12:13 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-01-05 18:29 - 2018-01-01 12:12 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-01-05 18:29 - 2018-01-01 12:12 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-01-05 18:29 - 2018-01-01 12:12 - 000464384 _____ (Microsoft Corporation)
AMD Phenom II 955 BE, CM hyper 212 plus; Gigabyte MA770-T-UD3P; 2x2GB RAM Kingstone Hyper X DDR3 1600MHz; nVIDIA GeForce GT730

Reklama
Uživatelský avatar
actionboy
Level 4
Level 4
Příspěvky: 1248
Registrován: listopad 07
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod actionboy » 07 led 2018 20:47

C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-01-05 18:29 - 2018-01-01 12:11 - 002082304 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-01-05 18:29 - 2018-01-01 12:11 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-01-05 18:29 - 2018-01-01 12:11 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-01-05 18:29 - 2018-01-01 12:11 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-01-05 18:29 - 2018-01-01 12:11 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-01-05 18:29 - 2018-01-01 12:11 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-01-05 18:29 - 2018-01-01 12:10 - 003126272 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-01-05 18:29 - 2018-01-01 12:10 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-01-05 18:29 - 2018-01-01 12:10 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
2018-01-05 18:29 - 2018-01-01 12:09 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-01-05 18:29 - 2018-01-01 12:09 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-01-05 18:29 - 2018-01-01 12:08 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-01-05 18:29 - 2018-01-01 12:08 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-01-05 18:29 - 2018-01-01 12:06 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2018-01-05 18:29 - 2018-01-01 12:05 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-01-03 20:50 - 2018-01-03 20:50 - 000000000 ____D C:\Users\jan_u\Downloads\backups
2018-01-03 18:58 - 2018-01-07 20:37 - 000074713 _____ C:\WINDOWS\ZAM.krnl.trace
2018-01-03 18:58 - 2018-01-07 20:37 - 000037762 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-01-03 18:57 - 2018-01-03 18:57 - 006625600 _____ (Zemana Ltd. ) C:\Users\jan_u\Downloads\Zemana.AntiMalware.Setup.exe
2018-01-03 18:57 - 2018-01-03 18:57 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2018-01-03 18:57 - 2018-01-03 18:57 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2018-01-03 18:57 - 2018-01-03 18:57 - 000001225 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2018-01-03 18:57 - 2018-01-03 18:57 - 000000000 ____D C:\Users\jan_u\AppData\Local\Zemana
2018-01-03 18:57 - 2018-01-03 18:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-01-03 18:57 - 2018-01-03 18:57 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-01-03 17:13 - 2018-01-03 17:17 - 000000566 _____ C:\runcheck.txt
2018-01-03 17:10 - 2018-01-03 17:11 - 001272801 _____ C:\Users\jan_u\Downloads\post-59994-0-95427900-1376928641.ipb
2018-01-02 16:44 - 2018-01-02 16:45 - 026894408 _____ (Adlice Software) C:\Users\jan_u\Downloads\RogueKiller_portable64.exe
2018-01-01 13:06 - 2018-01-02 17:06 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-01-01 13:03 - 2018-01-02 16:43 - 000000000 ____D C:\ProgramData\RogueKiller
2018-01-01 13:01 - 2018-01-01 13:02 - 026888264 _____ (Adlice Software) C:\Users\jan_u\Desktop\RogueKiller_portable64.exe
2017-12-31 16:55 - 2017-06-16 04:59 - 000119018 ____T C:\Users\jan_u\Desktop\Zaměstnanec_Osobní_Čislo_1674_Výplatní_páska_za_období_201704.pdf
2017-12-31 14:39 - 2017-12-31 14:40 - 001790024 _____ (Malwarebytes) C:\Users\jan_u\Downloads\JRT.exe
2017-12-31 09:27 - 2017-12-31 09:27 - 008198432 _____ (Malwarebytes) C:\Users\jan_u\Downloads\adwcleaner_7.0.6.0.exe
2017-12-31 09:26 - 2018-01-01 12:37 - 000000000 ____D C:\AdwCleaner
2017-12-30 08:20 - 2017-12-30 08:20 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-12-30 08:20 - 2017-12-30 08:20 - 000000000 ____D C:\ProgramData\Sophos
2017-12-30 08:20 - 2017-12-30 08:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-12-30 08:20 - 2017-12-30 08:20 - 000000000 ____D C:\Program Files (x86)\Sophos
2017-12-30 08:17 - 2017-12-30 08:17 - 000050688 _____ (Atribune.org) C:\Users\jan_u\Downloads\ATF-Cleaner.exe
2017-12-30 08:14 - 2017-12-30 08:14 - 008172032 _____ (Malwarebytes) C:\Users\jan_u\Downloads\AdwCleaner.exe
2017-12-30 08:14 - 2017-12-30 08:14 - 000448512 _____ (OldTimer Tools) C:\Users\jan_u\Downloads\TFC.exe
2017-12-30 08:13 - 2017-12-30 08:17 - 186127456 _____ (Sophos Limited) C:\Users\jan_u\Downloads\Sophos Virus Removal Tool.exe
2017-12-29 19:34 - 2017-12-29 19:34 - 000388608 _____ (Trend Micro Inc.) C:\Users\jan_u\Downloads\HijackThis.exe
2017-12-29 18:06 - 2017-12-29 18:06 - 000029802 _____ C:\Users\jan_u\Downloads\Vikings.S05E06.720p.HDTV.x264-KILLERS.srt
2017-12-28 16:25 - 2017-12-29 13:14 - 000000000 ____D C:\Users\jan_u\AppData\Local\ESET
2017-12-28 16:25 - 2017-12-28 16:25 - 006967928 _____ (ESET spol. s r.o.) C:\Users\jan_u\Downloads\esetonlinescanner_csy.exe
2017-12-25 23:31 - 2017-12-25 23:31 - 001092952 _____ C:\Users\jan_u\Downloads\[PiratePC.Net] DigiDNA iMazing _ Only.zip
2017-12-25 23:31 - 2017-12-25 23:31 - 000000000 ____D C:\Users\jan_u\Downloads\[PiratePC.Net] DigiDNA iMazing _ Only
2017-12-25 23:12 - 2017-12-25 23:17 - 032396304 _____ (Shenzhen iMyFone Technology Co., Ltd. ) C:\Users\jan_u\Downloads\iMyfone-ios-system-recovery_setup.exe
2017-12-25 23:09 - 2017-12-25 23:09 - 000000000 ____D C:\Program Files (x86)\Oio
2017-12-25 23:05 - 2017-12-25 23:05 - 000702573 _____ C:\Users\jan_u\Downloads\digidna-imazing-2.4.zip
2017-12-25 22:11 - 2017-12-29 18:31 - 000000000 ____D C:\Users\jan_u\AppData\Roaming\iMazing
2017-12-25 22:11 - 2017-12-25 22:11 - 000001865 _____ C:\Users\Public\Desktop\iMazing.lnk
2017-12-25 22:11 - 2017-12-25 22:11 - 000000000 ____D C:\Users\jan_u\AppData\Local\DigiDNA
2017-12-25 22:11 - 2017-12-25 22:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMazing
2017-12-25 22:11 - 2017-12-25 22:11 - 000000000 ____D C:\ProgramData\DigiDNA
2017-12-25 22:10 - 2017-12-25 22:10 - 000000000 ____D C:\Program Files\DigiDNA
2017-12-25 21:52 - 2017-12-25 22:06 - 091706128 _____ (DigiDNA ) C:\Users\jan_u\Downloads\iMazing2forWindows.exe
2017-12-25 19:39 - 2017-12-25 22:50 - 2606754958 _____ C:\Users\jan_u\Downloads\iPhone_4.0_64bit_11.0_15A372_Restore.ipsw
2017-12-25 16:18 - 2017-12-25 16:18 - 000001820 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-12-25 16:18 - 2017-12-25 16:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-12-25 16:18 - 2017-12-25 16:18 - 000000000 ____D C:\Program Files\iPod
2017-12-25 16:16 - 2017-12-25 16:18 - 000000000 ____D C:\Program Files\iTunes
2017-12-25 16:12 - 2017-12-25 16:12 - 000002535 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-12-25 16:12 - 2017-12-25 16:12 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-12-25 16:12 - 2017-12-25 16:12 - 000000000 ____D C:\Program Files\Bonjour
2017-12-25 16:12 - 2017-12-25 16:12 - 000000000 ____D C:\Program Files (x86)\Bonjour
2017-12-25 16:12 - 2017-12-25 16:12 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-12-25 16:11 - 2017-12-25 16:12 - 000000000 ____D C:\Program Files\Common Files\Apple
2017-12-25 15:53 - 2017-12-25 16:06 - 264339784 _____ (Apple Inc.) C:\Users\jan_u\Downloads\iTunes64Setup(1).exe
2017-12-25 13:20 - 2017-12-25 13:20 - 006637344 _____ (LLC Mail.Ru) C:\WINDOWS\system32\Drivers\mracdrv.sys
2017-12-25 13:20 - 2017-12-25 13:20 - 000000000 ____D C:\Users\jan_u\AppData\Local\CrashRpt
2017-12-25 13:19 - 2017-12-25 13:19 - 007409368 _____ (LLC Mail.Ru) C:\WINDOWS\system32\mracsvc.exe
2017-12-25 09:29 - 2017-12-25 09:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-24 14:47 - 2017-12-24 15:54 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2017-12-24 14:47 - 2017-12-24 14:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2017-12-24 12:37 - 2017-12-24 12:37 - 000000000 ____D C:\Games
2017-12-23 17:24 - 2017-12-23 17:24 - 000000222 _____ C:\Users\jan_u\Desktop\Warface.url
2017-12-23 17:24 - 2017-12-23 17:24 - 000000000 ____D C:\Users\jan_u\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-12-23 17:00 - 2017-12-25 16:18 - 000000000 ____D C:\Program Files (x86)\Steam
2017-12-23 17:00 - 2017-12-23 17:00 - 000001040 _____ C:\Users\Public\Desktop\Steam.lnk
2017-12-23 17:00 - 2017-12-23 17:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-12-23 16:59 - 2017-12-23 16:59 - 001446792 _____ C:\Users\jan_u\Downloads\SteamSetup(1).exe
2017-12-23 14:04 - 2017-12-23 14:14 - 000000000 ____D C:\Users\jan_u\Downloads\Sniper Ghost Warrior 3 by xatab
2017-12-22 18:14 - 2017-12-22 18:14 - 000025882 _____ C:\Users\jan_u\Downloads\Vikings.S05E05.The.Prisoner.720p.AMZN.WEB-DL.DDP5.1.H.264-NTb (+WEBRip-RARBG+CONVOY).srt
2017-12-18 05:55 - 2017-12-18 05:55 - 000000000 ___RD C:\Users\jan_u\Documents\Scanned Documents
2017-12-18 05:55 - 2017-12-18 05:55 - 000000000 ____D C:\Users\jan_u\Documents\Fax
2017-12-13 01:12 - 2017-12-13 01:12 - 000000000 ____D C:\WINDOWS\Panther
2017-12-12 19:59 - 2017-12-08 07:52 - 000666112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2017-12-12 19:59 - 2017-12-08 00:34 - 001925296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-12-12 19:59 - 2017-12-08 00:34 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-12-12 19:59 - 2017-12-08 00:28 - 000710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-12-12 19:59 - 2017-12-08 00:28 - 000630752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2017-12-12 19:59 - 2017-12-08 00:26 - 000525208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2017-12-12 19:59 - 2017-12-08 00:24 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2017-12-12 19:59 - 2017-12-08 00:24 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-12-12 19:59 - 2017-12-08 00:24 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-12-12 19:59 - 2017-12-08 00:22 - 001003104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-12-12 19:59 - 2017-12-08 00:22 - 000979352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-12-12 19:59 - 2017-12-08 00:16 - 001776272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-12-12 19:59 - 2017-12-08 00:15 - 000721592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-12-12 19:59 - 2017-12-07 23:56 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-12-12 19:59 - 2017-12-07 23:55 - 001490328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-12-12 19:59 - 2017-12-07 23:37 - 001145104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-12-12 19:59 - 2017-12-07 23:36 - 000769096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
2017-12-12 19:59 - 2017-12-07 23:33 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-12-12 19:59 - 2017-12-07 23:33 - 000592280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2017-12-12 19:59 - 2017-12-07 23:31 - 001522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-12-12 19:59 - 2017-12-07 23:10 - 006466048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-12-12 19:59 - 2017-12-07 23:09 - 000136704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gamingtcui.dll
2017-12-12 19:59 - 2017-12-07 23:07 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-12-12 19:59 - 2017-12-07 23:06 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcui.dll
2017-12-12 19:59 - 2017-12-07 23:05 - 000539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2017-12-12 19:59 - 2017-12-07 23:04 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2017-12-12 19:59 - 2017-12-07 23:04 - 001321472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-12-12 19:59 - 2017-12-07 23:03 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2017-12-12 19:59 - 2017-12-07 23:02 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-12-12 19:59 - 2017-12-07 23:02 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-12-12 19:59 - 2017-12-07 23:02 - 002117632 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2017-12-12 19:59 - 2017-12-07 23:01 - 004592640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-12-12 19:59 - 2017-12-07 23:00 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-12-12 19:59 - 2017-12-07 22:59 - 002105856 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-12-12 19:59 - 2017-12-07 22:59 - 001666048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-12-12 19:59 - 2017-12-07 22:59 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-12-12 19:59 - 2017-12-07 22:58 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-12-12 19:59 - 2017-12-07 22:58 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-12-12 19:59 - 2017-12-07 22:58 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-12-12 19:59 - 2017-12-07 22:56 - 001739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-12-12 19:59 - 2017-12-07 22:54 - 001570816 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-12-12 19:58 - 2017-12-08 00:27 - 004504456 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-12-12 19:58 - 2017-12-08 00:22 - 000137544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2017-12-12 19:58 - 2017-12-08 00:12 - 000401304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2017-12-12 19:58 - 2017-12-07 23:55 - 000097144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2017-12-12 19:58 - 2017-12-07 23:12 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2017-12-12 19:58 - 2017-12-07 23:10 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2017-12-12 19:58 - 2017-12-07 23:10 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-12-12 19:58 - 2017-12-07 23:09 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\batmeter.dll
2017-12-12 19:58 - 2017-12-07 23:09 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2017-12-12 19:58 - 2017-12-07 23:09 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2017-12-12 19:58 - 2017-12-07 23:09 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2017-12-12 19:58 - 2017-12-07 23:08 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-12-12 19:58 - 2017-12-07 23:08 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2017-12-12 19:58 - 2017-12-07 23:08 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-12-12 19:58 - 2017-12-07 23:07 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2017-12-12 19:58 - 2017-12-07 23:07 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-12-12 19:58 - 2017-12-07 23:07 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-12 19:58 - 2017-12-07 23:06 - 000676352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-12-12 19:58 - 2017-12-07 23:06 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2017-12-12 19:58 - 2017-12-07 23:05 - 001670656 _____ (Microsoft Corporation) C:\WINDOWS\system32\batmeter.dll
2017-12-12 19:58 - 2017-12-07 23:05 - 000559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-12 19:58 - 2017-12-07 23:05 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2017-12-12 19:58 - 2017-12-07 23:05 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-12-12 19:58 - 2017-12-07 23:05 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2017-12-12 19:58 - 2017-12-07 23:05 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2017-12-12 19:58 - 2017-12-07 23:05 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2017-12-12 19:58 - 2017-12-07 23:05 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2017-12-12 19:58 - 2017-12-07 23:03 - 000841728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-12-12 19:58 - 2017-12-07 23:03 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-12-12 19:58 - 2017-12-07 23:03 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-12-12 19:58 - 2017-12-07 23:03 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hascsp.dll
2017-12-12 19:58 - 2017-12-07 23:02 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2017-12-12 19:58 - 2017-12-07 23:01 - 001980928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-12-12 19:58 - 2017-12-07 23:01 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-12-12 19:58 - 2017-12-07 23:01 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2017-12-12 19:58 - 2017-12-07 22:56 - 002666496 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-12-10 11:00 - 2017-12-10 11:00 - 000434732 _____ C:\Users\jan_u\Downloads\document.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-07 20:32 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-01-07 20:31 - 2017-01-24 18:06 - 000000000 ____D C:\Users\jan_u\AppData\Local\CrashDumps
2018-01-07 20:28 - 2017-01-24 16:08 - 000000000 ___RD C:\Users\jan_u\OneDrive
2018-01-07 20:25 - 2017-12-06 18:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-07 20:25 - 2017-12-06 18:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-07 20:25 - 2017-01-19 07:43 - 000309204 ____N C:\WINDOWS\Minidump\010718-33484-01.dmp
2018-01-07 20:16 - 2017-12-06 18:24 - 000000000 ____D C:\Users\jan_u
2018-01-07 20:16 - 2017-09-29 14:44 - 000000000 ____D C:\WINDOWS\INF
2018-01-07 20:14 - 2017-01-19 07:43 - 000800598 ____N C:\WINDOWS\Minidump\010718-37671-01.dmp
2018-01-07 20:13 - 2017-01-28 08:05 - 000000000 ____D C:\Users\jan_u\AppData\LocalLow\Mozilla
2018-01-07 18:46 - 2017-01-25 17:12 - 000000000 ____D C:\Users\jan_u\AppData\Roaming\uTorrent
2018-01-06 18:18 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-06 09:50 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\rescache
2018-01-06 09:25 - 2017-12-06 18:44 - 001923888 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-06 09:25 - 2017-09-30 15:31 - 000829034 _____ C:\WINDOWS\system32\perfh005.dat
2018-01-06 09:25 - 2017-09-30 15:31 - 000173284 _____ C:\WINDOWS\system32\perfc005.dat
2018-01-06 09:18 - 2017-09-29 09:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-01-06 09:18 - 2017-05-18 22:41 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-01-06 08:32 - 2017-01-24 17:11 - 000000000 ___RD C:\Users\jan_u\3D Objects
2018-01-06 08:32 - 2015-11-17 16:59 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-06 01:13 - 2017-12-06 18:18 - 000482736 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-06 01:11 - 2017-01-27 19:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-01-06 01:11 - 2015-11-17 17:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-06 01:09 - 2017-09-29 14:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-01-06 01:09 - 2017-09-29 14:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-01-06 01:09 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-01-06 01:09 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-01-06 01:09 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-01-06 01:09 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-01-06 01:09 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-01-06 01:09 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-01-06 01:09 - 2017-09-29 09:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-01-05 22:22 - 2017-01-24 22:21 - 000000000 ____D C:\Users\jan_u\AppData\Local\SichboPVR
2018-01-05 20:28 - 2017-12-07 19:38 - 000000000 ____D C:\Users\jan_u\AppData\Local\Deployment
2018-01-05 20:20 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-05 18:57 - 2017-09-29 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-05 18:48 - 2017-09-29 14:41 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-01-05 18:47 - 2017-09-29 14:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-01-05 18:46 - 2017-09-29 14:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-01-05 17:12 - 2017-12-06 18:25 - 000000000 ____D C:\Users\jan_u\AppData\Local\Packages
2018-01-03 19:28 - 2015-11-17 17:16 - 000001060 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2018-01-01 13:57 - 2015-07-10 12:04 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-12-31 10:54 - 2017-11-05 17:21 - 000000000 ____D C:\Program Files\Opera
2017-12-29 19:35 - 2017-01-24 16:02 - 000000000 ____D C:\Users\jan_u\AppData\Local\VirtualStore
2017-12-25 23:12 - 2017-01-24 17:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2017-12-25 23:12 - 2017-01-24 17:08 - 000000000 ____D C:\Program Files\KMSpico
2017-12-25 23:09 - 2017-11-05 17:23 - 000001903 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prоhlížеč Оpеrа.lnk
2017-12-25 23:08 - 2017-11-05 17:23 - 000001891 ____R C:\Users\Public\Desktop\Prоhlížеč Оpеrа.lnk
2017-12-25 16:10 - 2017-06-03 13:34 - 000000000 ____D C:\ProgramData\Apple
2017-12-25 09:29 - 2017-09-10 15:09 - 000001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-24 16:01 - 2017-05-18 22:41 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-22 17:14 - 2017-12-06 18:48 - 000003958 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1509899026
2017-12-19 17:44 - 2017-01-24 16:05 - 000000000 ____D C:\Users\jan_u\AppData\Local\Comms
2017-12-18 06:00 - 2017-09-19 17:15 - 000000000 ____D C:\Users\jan_u\AppData\Roaming\Nitro
2017-12-18 06:00 - 2017-01-28 17:19 - 000000000 ____D C:\Users\jan_u\AppData\Local\ElevatedDiagnostics
2017-12-17 21:14 - 2017-06-10 18:16 - 000000000 ____D C:\Users\jan_u\AppData\Roaming\DAEMON Tools Lite
2017-12-12 20:07 - 2017-01-24 21:38 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-12 20:04 - 2017-10-10 20:18 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-12 20:03 - 2017-01-24 21:38 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-12 18:00 - 2017-12-06 18:48 - 000004470 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-12-12 18:00 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-12 18:00 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\Macromed

==================== Files in the root of some directories =======

2017-06-10 18:18 - 2002-08-29 18:33 - 000319488 ____R () C:\Users\jan_u\AppData\Roaming\MafiaSetup.exe
2017-09-01 16:25 - 2017-10-02 18:23 - 000007590 _____ () C:\Users\jan_u\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2018-01-03 17:13 - 2018-01-03 17:12 - 000476672 _____ () C:\Users\jan_u\AppData\Local\Temp\7za.exe
2018-01-03 17:13 - 2018-01-03 17:12 - 000020480 _____ (E Dev) C:\Users\jan_u\AppData\Local\Temp\DaS_21.exe
2018-01-01 13:03 - 2017-12-06 18:02 - 001954048 _____ (Microsoft Corporation) C:\Users\jan_u\AppData\Local\Temp\dllnt_dump.dll
2018-01-03 17:13 - 2018-01-03 17:12 - 000388608 _____ (Trend Micro Inc.) C:\Users\jan_u\AppData\Local\Temp\hijackthis.exe
2018-01-03 17:13 - 2018-01-03 17:12 - 000030720 _____ (NirSoft) C:\Users\jan_u\AppData\Local\Temp\NirCmd.exe
2018-01-03 17:13 - 2018-01-03 17:12 - 000256512 _____ () C:\Users\jan_u\AppData\Local\Temp\PEVZ.EXE
2018-01-03 17:13 - 2018-01-03 17:12 - 000069632 _____ () C:\Users\jan_u\AppData\Local\Temp\remove.exe
2018-01-03 17:13 - 2018-01-03 17:12 - 000098816 _____ () C:\Users\jan_u\AppData\Local\Temp\sed.exe
2018-01-03 17:13 - 2018-01-03 17:12 - 000057344 _____ (Optimum X) C:\Users\jan_u\AppData\Local\Temp\shortcut.exe
2018-01-03 17:13 - 2018-01-03 17:12 - 000161792 _____ (SteelWerX) C:\Users\jan_u\AppData\Local\Temp\swreg.exe
2018-01-03 17:13 - 2018-01-03 17:12 - 000217088 _____ (SteelWerX) C:\Users\jan_u\AppData\Local\Temp\swxcacls.exe
2018-01-03 17:13 - 2018-01-03 17:12 - 000154232 _____ (Noël Danjou) C:\Users\jan_u\AppData\Local\Temp\wget.exe
2018-01-03 17:13 - 2018-01-03 17:12 - 000024064 _____ () C:\Users\jan_u\AppData\Local\Temp\zoek-delete.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-06 15:27

==================== End of FRST.txt ============================
AMD Phenom II 955 BE, CM hyper 212 plus; Gigabyte MA770-T-UD3P; 2x2GB RAM Kingstone Hyper X DDR3 1600MHz; nVIDIA GeForce GT730

Uživatelský avatar
actionboy
Level 4
Level 4
Příspěvky: 1248
Registrován: listopad 07
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod actionboy » 07 led 2018 20:47

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by jan_u (07-01-2018 20:39:29)
Running from C:\Users\jan_u\Downloads
Windows 10 Home Version 1709 16299.192 (X64) (2017-12-06 17:49:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1299869826-3957874853-2790533589-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1299869826-3957874853-2790533589-503 - Limited - Disabled)
Guest (S-1-5-21-1299869826-3957874853-2790533589-501 - Limited - Disabled)
jan_u (S-1-5-21-1299869826-3957874853-2790533589-1001 - Administrator - Enabled) => C:\Users\jan_u
WDAGUtilityAccount (S-1-5-21-1299869826-3957874853-2790533589-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.03.2003 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 4.00.2001.1 - Acer Incorporated)
ACA & MEP 2017 Object Enabler (HKLM\...\{28B89EEF-0004-0000-5102-CF3F3A09B77D}) (Version: 7.9.45.0 - Autodesk) Hidden
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3001 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2006 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8109 - Acer Incorporated)
Acer Quick Access (HKLM\...\{E3678E72-78E3-4F91-A9FB-913876FF6DA2}) (Version: 2.00.3006 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 2.01.3002 - Acer Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.25.2001.0 - Acer Incorporated)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
AutoCAD 2017 (HKLM\...\{28B89EEF-0001-0000-0102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 Language Pack – Čeština (Czech) (HKLM\...\{28B89EEF-0001-0405-1102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD Mechanical 2017 - Čeština (Czech) (HKLM\...\{28B89EEF-0005-0405-2102-CF3F3A09B77D}) (Version: 21.0.49.0 - Autodesk) Hidden
AutoCAD Mechanical 2017 (HKLM\...\{28B89EEF-0005-0000-0102-CF3F3A09B77D}) (Version: 21.0.49.0 - Autodesk) Hidden
AutoCAD Mechanical 2017 (HKLM\...\{28B89EEF-0005-0000-3102-CF3F3A09B77D}) (Version: 21.0.49.0 - Autodesk) Hidden
AutoCAD Mechanical 2017 Language Pack – Čeština (Czech) (HKLM\...\{28B89EEF-0005-0405-1102-CF3F3A09B77D}) (Version: 21.0.49.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2017 (HKLM-x32\...\{8ED2ED41-4455-449D-993C-751C039089B9}) (Version: 15.11.3.0 - Autodesk)
Autodesk AutoCAD Mechanical 2017 - Čeština (Czech) (HKLM\...\AutoCAD Mechanical 2017 - Čeština (Czech)) (Version: 21.0.49.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.5 (HKLM-x32\...\{8600F844-9AA5-412E-B6F2-F9C6CBCFD268}) (Version: 1.2.5.0 - Autodesk)
Autodesk License Service (x64) - 3.1 (HKLM\...\{EB6FE58F-8576-4272-BB9C-6B47D9EDFA4D}) (Version: 3.1.26.0 - Autodesk)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Call Of Duty World At War version 1.7.1263.0 (HKLM-x32\...\Call Of Duty World At War_is1) (Version: 1.7.1263.0 - Mr DJ)
Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3029 - Acer Incorporated)
Catalyst Control Center Next Localization BR (HKLM\...\{A16E186C-58C4-3BDC-5CCE-714EFEF5F27F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{62098A5F-E03B-31A3-5F9C-51A7F7D25744}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1757AD9B-0E3C-05F9-FE43-4343BED7DA85}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{66B06F29-EE4F-9130-D96A-754826093FEA}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{821D0A0E-F246-BE40-0D68-93883C14C410}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{88BD74C4-23AB-4554-915C-6E1F0C81F6CD}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A48E2AB0-0866-7783-9657-E1709EB18D02}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{E61CEF9A-BAC3-EAEE-F735-E257D2354DF2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{DA0326BB-657D-AAFC-752C-363E8FA33755}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{E42911E5-48F8-8557-ED20-D72AD1907D25}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B4C30EF4-B2C5-1395-B534-7B63BCB6E8E4}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{B873A1FB-5EA0-EE5F-A861-1E38880AD08E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{EC9DF9FF-9D75-4CDD-1D58-A2E887B0A42E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{7ABACA7E-6E59-0EF9-8FA3-6B32E5F58127}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3E196AAF-F81C-B384-E2AB-28EE2398FE5F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DAEFFE0C-CD05-1355-6AFC-7B3D4106A820}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{E392A425-53A7-DF90-96A0-E287A75DD3B2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{D6F47BB4-700A-F612-0671-5F69EA311BB7}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{01FD9A26-3F61-9236-B360-BE5D043D82C0}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{64D4CCC3-63DF-252D-D29D-03491670225D}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{8DF90937-B869-9F76-5D45-5A8BDA0A33B6}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
Cossacks 3 Days of Brilliance (HKLM-x32\...\Cossacks 3 Days of Brilliance_is1) (Version: - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0232 - Disc Soft Ltd)
EAX Unified (HKLM-x32\...\EAX Unified) (Version: - )
Ext2Fsd 0.69.1039-02.22 (HKLM\...\Ext2Fsd_is1) (Version: 0.69.1039-02.22 - Matt Wu)
HD Tune Pro 5.70 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
iMazing 2.4.2.0 (HKLM\...\iMazing_is1) (Version: 2.4.2.0 - DigiDNA)
iTunes (HKLM\...\{412595B6-5162-4792-8DEE-2766FBC6C1EC}) (Version: 12.7.2.60 - Apple Inc.)
Knihovna TurboFLOORPLANu (HKLM-x32\...\TurboFloorPlan-1.0.0) (Version: 1.0 - Špinar software s.r.o.)
Knihovna TurboFLOORPLANu (HKLM-x32\...\TurboFloorPlan-2.0.0) (Version: 2.0 - Špinar software s.r.o.)
Knihovna TurboFLOORPLANu (HKLM-x32\...\TurboFloorPlan-3.0.0) (Version: 3.0 - Špinar software s.r.o.)
Knihovna TurboFLOORPLANu (HKLM-x32\...\TurboFloorPlan-5.0.0) (Version: 5.0 - Špinar software s.r.o.)
Knihovna TurboFLOORPLANu (HKLM-x32\...\TurboFloorPlan-9.0.0) (Version: 9.0 - Špinar software s.r.o.)
Malwarebytes verze 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft Office Professional Plus 2013 - cs-cz (HKLM\...\ProPlusRetail - cs-cz) (Version: 15.0.4981.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1299869826-3957874853-2790533589-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 57.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.4 (x64 en-US)) (Version: 57.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.4.6577 - Mozilla)
Nitro Reader 5 (HKLM\...\{42BEF461-E91D-4C9E-94A2-790D973CE971}) (Version: 5.5.9.2 - Nitro)
NVIDIA PhysX (HKLM-x32\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{60499BF0-C3D1-40CC-8600-8A7246534466}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4981.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4981.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0405-0000-0000000FF1CE}) (Version: 15.0.4981.1001 - Microsoft Corporation) Hidden
Oio 1.00 (HKLM-x32\...\Oio 1.00) (Version: 1.00 - Oio)
Opera Stable 49.0.2725.64 (HKLM-x32\...\Opera 49.0.2725.64) (Version: 49.0.2725.64 - Opera Software)
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Potplayer-64 bit (HKLM\...\PotPlayer64) (Version: - Kakao Corp.)
ProgDVB x64 x64 (HKLM\...\ProgDVB) (Version: 7.x - Prog)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.1 - Qualcomm Atheros)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.55 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10143.21278 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7564 - Realtek Semiconductor Corp.)
SichboPVR (HKU\S-1-5-21-1299869826-3957874853-2790533589-1001\...\7c6b090ee13ed70a) (Version: 3.0.0.166 - Sichbo Interactive)
Sniper Ghost Warrior 3 v.1.0.1 (HKLM-x32\...\Sniper Ghost Warrior 3_is1) (Version: - )
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TurboFloorPlan 3D Home and Landscape Pro 2015 (HKLM-x32\...\{0BD6EB74-8B4F-4D3A-89B6-3F6CDEB024E0}) (Version: 17.5.5 - IMSI Design, LLC)
TurboFLOORPLAN Dum & Interiér & Zahrada PRO (HKLM-x32\...\InstallShield_{949815AB-D269-4DD3-AB1A-539432BAFC1E}) (Version: 15.1 - IMSIDesign)
WhatsApp (HKU\S-1-5-21-1299869826-3957874853-2790533589-1001\...\WhatsApp) (Version: 0.2.6968 - WhatsApp)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
XnView 2.40 (HKLM-x32\...\XnView_is1) (Version: 2.40 - Gougelet Pierre-e)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2016-02-07] (Autodesk, Inc.)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-01-03] ()
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2016-02-07] (Autodesk)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-09-22] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-01-03] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E972659-81EA-46A6-9E65-99E85F915CA8} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2015-05-14] (Acer Incorporated)
Task: {254837AE-9B9E-4B0B-B3DD-6688FF1EE08A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {2D2833DF-80BE-4FDE-A0F8-E9528C255BE5} - System32\Tasks\Opera scheduled Autoupdate 1509899026 => C:\Program Files\Opera\launcher.exe [2017-12-18] (Opera Software)
Task: {2F8B1CC0-29F5-434D-9827-CB8C1ED84AB0} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2017-05-24] ()
Task: {4B1D1E04-E82A-4CFF-A9FD-343A509DD8B6} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2017-05-24] ()
Task: {4BC88C77-DC9C-46F3-B314-F1ED63FD036C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-08] (Microsoft Corporation)
Task: {4F43BB81-7951-408C-901B-02BAB6C6AF1C} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2015-07-10] (Acer Incorporated)
Task: {5F4BB2D1-2ADD-4422-9494-6AD434251EA1} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-09-22] (Advanced Micro Devices, Inc.)
Task: {6ACB4503-B848-418D-9804-9116CCC9C4DF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)
Task: {6F51AA1F-29EC-4F38-988E-87CFA78AC535} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-12] (Adobe Systems Incorporated)
Task: {828268C8-C5B7-40F0-855F-71FD51B92EDC} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2017-03-20] (Acer Incorporated)
Task: {B492AFDE-74D2-433D-A15F-43BD0DE83411} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-08] (Microsoft Corporation)
Task: {B7954832-B7FE-4512-A715-E655E1D1CC1B} - System32\Tasks\FUBTrackingByPLD => C:\OEM\Preload\FubTracking\FubTracking.exe [2015-05-14] ()
Task: {BBBFDF22-F857-4E89-9BB3-BB342FF4AAD0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-08] (Microsoft Corporation)
Task: {BF340413-16C9-4E04-9F8E-0543A552737A} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2017-10-02] (Acer)
Task: {C18D18CE-23D2-4F8F-9CA9-6BE5C535CE4E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {C37F1D5D-5232-4AAE-835F-F248AD300FEB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-08] (Microsoft Corporation)
Task: {C3D21DEC-D873-4086-BF41-B211C2759B0F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {CE92C4A7-A51D-407D-B27E-1A34450E591F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {D187649D-2237-4B65-9192-EED17F5BFA66} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {DDE3F718-3CC7-4129-B10A-D253953B898A} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2015-07-10] ()
Task: {E8645334-E39C-474F-8904-76B8BCAA7BA2} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-13] (TODO: <Company name>)
Task: {FA748F19-F43E-4E1F-8079-1B632C2895A7} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2015-07-18] (Acer Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\jan_u\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation) <==== Cyrillic
Shortcut: C:\Users\jan_u\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Prоhlížеč Оpеrа.lnk -> C:\Program Files (x86)\Opera\launcher.bat (No File)
Shortcut: C:\Users\jan_u\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Prоhlížеč Оpеrа.lnk -> C:\Program Files\Opera\launcher.bat (No File)
Shortcut: C:\Users\jan_u\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) <==== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prоhlížеč Оpеrа.lnk -> C:\Program Files (x86)\Opera\launcher.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) <==== Cyrillic
Shortcut: C:\Users\Public\Desktop\Prоhlížеč Оpеrа.lnk -> C:\Program Files (x86)\Opera\launcher.bat (No File)

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-05-25 18:38 - 2012-09-18 14:27 - 000192512 _____ () C:\WINDOWS\System32\zlhp1020.dll
2017-05-25 18:38 - 2012-09-18 14:27 - 000065024 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\pphp1020.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-24 16:14 - 2017-01-17 03:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-11-17 18:09 - 2015-05-08 19:41 - 000111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2017-12-06 18:02 - 2017-12-06 18:02 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-06 18:02 - 2017-12-06 18:02 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-17 02:13 - 2015-05-14 08:10 - 000030976 _____ () C:\OEM\Preload\FubTracking\FubTracking.exe
2017-05-24 19:11 - 2017-05-24 19:11 - 004645168 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
2018-01-03 17:02 - 2018-01-03 17:06 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-03 17:02 - 2018-01-03 17:06 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-03 17:02 - 2018-01-03 17:06 - 024670720 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-03 17:02 - 2018-01-03 17:06 - 002550272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-03 17:02 - 2018-01-03 17:06 - 000667648 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-12-07 18:55 - 2017-12-07 18:55 - 000102088 _____ () C:\Users\jan_u\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\UpdateRingSettings.dll
2017-09-22 15:14 - 2017-09-22 15:14 - 000202528 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2017-09-22 15:17 - 2017-09-22 15:17 - 000641312 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2017-09-22 15:17 - 2017-09-22 15:17 - 000654072 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2017-09-22 15:16 - 2017-09-22 15:16 - 000119072 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2017-12-06 18:27 - 2017-12-06 18:27 - 000015064 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2017-03-20 14:24 - 2017-03-20 14:24 - 000013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2017-03-20 14:21 - 2017-03-20 14:21 - 000277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:66BB1E73 [147]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 12:04 - 2018-01-03 17:16 - 000000753 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1299869826-3957874853-2790533589-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 217.196.124.1 - 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App"
HKLM\...\StartupApproved\Run32: => "IR_SERVER"
HKLM\...\StartupApproved\Run32: => "Malwarebytes TrayApp"
HKU\S-1-5-21-1299869826-3957874853-2790533589-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-1299869826-3957874853-2790533589-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1299869826-3957874853-2790533589-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1299869826-3957874853-2790533589-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C1BF302E-1B2D-46B3-B9B8-ED51809CC9AC}] => (Allow) C:\Program Files\Opera\49.0.2725.47\opera.exe
FirewallRules: [{E089CB5F-1C23-4B3C-A003-E22E8D6AE625}] => (Allow) C:\Users\jan_u\AppData\Roaming\uTorrent\utorrent.exe
FirewallRules: [{CD42F532-C1A2-40CE-829E-CCC0ED716912}] => (Allow) C:\Users\jan_u\AppData\Roaming\uTorrent\utorrent.exe
FirewallRules: [UDP Query User{17C2A434-F66B-4E53-AFD5-F1907ECB61DB}C:\users\jan_u\appdata\local\apps\2.0\202n0nn0.m9q\d4jjw9bq.ce6\sich..tion_dd8fea481d87ab9c_0003.0000_d7234a5a5ac46b11\sichbopvr.exe] => (Allow) C:\users\jan_u\appdata\local\apps\2.0\202n0nn0.m9q\d4jjw9bq.ce6\sich..tion_dd8fea481d87ab9c_0003.0000_d7234a5a5ac46b11\sichbopvr.exe
FirewallRules: [TCP Query User{B1882D29-98C7-490B-A415-219EEE17AD31}C:\users\jan_u\appdata\local\apps\2.0\202n0nn0.m9q\d4jjw9bq.ce6\sich..tion_dd8fea481d87ab9c_0003.0000_d7234a5a5ac46b11\sichbopvr.exe] => (Allow) C:\users\jan_u\appdata\local\apps\2.0\202n0nn0.m9q\d4jjw9bq.ce6\sich..tion_dd8fea481d87ab9c_0003.0000_d7234a5a5ac46b11\sichbopvr.exe
FirewallRules: [UDP Query User{6339DC8C-73FC-4E64-9949-B49E1759DFCC}C:\users\jan_u\appdata\local\apps\2.0\202n0nn0.m9q\d4jjw9bq.ce6\sich..tion_dd8fea481d87ab9c_0003.0000_d7234a5a5ac46b11\sichbopvr.exe] => (Allow) C:\users\jan_u\appdata\local\apps\2.0\202n0nn0.m9q\d4jjw9bq.ce6\sich..tion_dd8fea481d87ab9c_0003.0000_d7234a5a5ac46b11\sichbopvr.exe
FirewallRules: [TCP Query User{D786D238-2BD1-45F3-A86B-A91559D62FFB}C:\users\jan_u\appdata\local\apps\2.0\202n0nn0.m9q\d4jjw9bq.ce6\sich..tion_dd8fea481d87ab9c_0003.0000_d7234a5a5ac46b11\sichbopvr.exe] => (Allow) C:\users\jan_u\appdata\local\apps\2.0\202n0nn0.m9q\d4jjw9bq.ce6\sich..tion_dd8fea481d87ab9c_0003.0000_d7234a5a5ac46b11\sichbopvr.exe
FirewallRules: [{CB0C5A1F-55FC-49E5-8E05-51C73A9DCB25}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{706F59B2-1B7A-4DE2-BFBC-6E3DA9F2F60D}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{C1CFEB81-4299-49C5-AA30-2829DFAEAC52}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{E33B6F90-968A-4489-8BE4-0487A0846D12}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{BFDDFE7F-DF6C-4336-9245-547EA1743DDB}] => (Allow) C:\Program Files (x86)\Mr DJ\Call Of Duty World At War\CoDWaW.exe
FirewallRules: [{B707870F-3AD4-4F19-80D5-1BDEFA48B785}] => (Allow) C:\Program Files (x86)\Mr DJ\Call Of Duty World At War\CoDWaW.exe
FirewallRules: [{3857163F-598B-45CA-9F96-DD77DAB04147}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{CFEB7863-E6C1-463A-9191-A2B4D4222988}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{A2287B31-8619-4D2F-81FB-0AF7639A863A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{F1B80601-40A5-4A97-85DC-5B5A16CD0CA9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{79CFC7FA-A487-4E20-A92C-36E70071FBFE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{D97AF081-063E-466E-8599-16FDBAEA186F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C142F127-0073-4C18-A45C-DD041CBC3A8D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A93D3858-A17B-4A82-8A99-ACA12EC88022}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{1A3B0B55-6EBD-400E-AF85-EA1ADEE14FFC}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{2E60118A-1CB6-4B7A-99EB-A6CC205A9F54}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{82E5C656-3374-40BA-8579-F6FA698DCA6F}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{823EE6EC-DF96-478D-A63E-D5BECFC17C05}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{D6159C04-32BD-4EE9-BE9E-792073CE3CCC}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [TCP Query User{06848932-DC0B-47D2-8429-380A7725A204}C:\users\jan_u\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jan_u\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{D1DD9E88-B2E7-4A58-8C34-A3962A4ACE02}C:\users\jan_u\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jan_u\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{8D984B89-41C6-4B42-9BD9-7023165F3D44}C:\users\jan_u\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jan_u\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{4DC67B66-B33B-40CF-9EF7-D7C3D52D0120}C:\users\jan_u\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jan_u\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{35E6752D-9AC6-4A36-883F-F374FDA6C9A9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{0D1781B8-F9E2-41E0-BE74-63257F9BC8B9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{DD822B28-27AA-451F-BCAD-A5B90AEBD0EB}] => (Allow) C:\Program Files\Opera\49.0.2725.64\opera.exe
FirewallRules: [{5DAF5DA4-B3C4-44B9-9CED-AC0B162E3FCC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4FD0BE56-7464-4B91-A8F7-4172FB1B6B30}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7C92CDC2-6FF8-4673-99B0-D01CD97ECD5C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6291A020-785A-4B1A-B5DF-357943540935}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{353D548A-DB44-4840-8FC8-E8260B7FCD04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\WarfaceMycomSteamLoader.exe
FirewallRules: [{52C5CD53-BEE9-4E45-ADC0-0B9FD703AE8D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\WarfaceMycomSteamLoader.exe
FirewallRules: [TCP Query User{4D4077FB-ACAA-4E4D-B37C-A83FC4A2CFE4}C:\program files (x86)\steam\steamapps\common\warface\mycomgames\mycomgames.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warface\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{803D9927-7F26-42D3-877B-DC8061D28C54}C:\program files (x86)\steam\steamapps\common\warface\mycomgames\mycomgames.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warface\mycomgames\mycomgames.exe
FirewallRules: [TCP Query User{45495333-1159-4CCE-A687-319160CCBD9C}C:\games\sniper ghost warrior 3\win_x64\sgw3.exe] => (Allow) C:\games\sniper ghost warrior 3\win_x64\sgw3.exe
FirewallRules: [UDP Query User{73A85F2B-3CB4-448A-9146-C4A35F7122CA}C:\games\sniper ghost warrior 3\win_x64\sgw3.exe] => (Allow) C:\games\sniper ghost warrior 3\win_x64\sgw3.exe
FirewallRules: [TCP Query User{38F2DB55-6071-4333-8BF2-BA7F763F50B2}C:\program files (x86)\mr dj\call of duty world at war\codwaw.exe] => (Allow) C:\program files (x86)\mr dj\call of duty world at war\codwaw.exe
FirewallRules: [UDP Query User{0CC7228B-3ECE-46C0-914D-A2379AA12232}C:\program files (x86)\mr dj\call of duty world at war\codwaw.exe] => (Allow) C:\program files (x86)\mr dj\call of duty world at war\codwaw.exe
FirewallRules: [{55C2B3B1-490F-49F9-99DD-76910E3A6005}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{D93D1527-50A5-45B8-BBF2-2345F2435461}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B531E2A8-37F9-4AAD-9443-FEABA02C253D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ED69C560-F278-411D-81E8-E3117019D0EC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FA177FBF-EA97-44FA-B919-68C1D7B86EA4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{25F92764-603E-499F-9317-5B5E6E87F5ED}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{695C5F76-5B04-4B76-A7AA-CF9CB04649C4}C:\games\sniper ghost warrior 3\win_x64\sgw3.exe] => (Allow) C:\games\sniper ghost warrior 3\win_x64\sgw3.exe
FirewallRules: [UDP Query User{4D98DB79-1DF2-41A9-9185-FC3107FA7758}C:\games\sniper ghost warrior 3\win_x64\sgw3.exe] => (Allow) C:\games\sniper ghost warrior 3\win_x64\sgw3.exe

==================== Restore Points =========================

25-12-2017 16:12:56 Installed iTunes
30-12-2017 08:18:47 Installed Sophos Virus Removal Tool.
31-12-2017 14:40:46 JRT Pre-Junkware Removal
05-01-2018 18:26:14 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/07/2018 08:32:44 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu BITS v knihovně DLL C:\Windows\System32\bitsperf.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (01/07/2018 08:30:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: RadeonSettings.exe, verze: 10.1.1.1680, časové razítko: 0x59c5791c
Název chybujícího modulu: atiadlxx.dll, verze: 22.19.163.2560, časové razítko: 0x59d471c0
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000084817
ID chybujícího procesu: 0x2324
Čas spuštění chybující aplikace: 0x01d387edcbec4da6
Cesta k chybující aplikaci: C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\atiadlxx.dll
ID zprávy: 7ce40ad9-c149-4ef1-899f-8e793dcbc0fe
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/07/2018 08:19:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: RadeonSettings.exe, verze: 10.1.1.1680, časové razítko: 0x59c5791c
Název chybujícího modulu: atiadlxx.dll, verze: 22.19.163.2560, časové razítko: 0x59d471c0
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000084817
ID chybujícího procesu: 0x1848
Čas spuštění chybující aplikace: 0x01d387ec5dc056cb
Cesta k chybující aplikaci: C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\atiadlxx.dll
ID zprávy: 3d716477-1033-4750-8968-789e1dd755d2
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/07/2018 07:47:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP-MSKMH8EU)
Description: Balíček microsoft.windowscommunicationsapps_17.8730.21725.0_x64__8wekyb3d8bbwe+microsoft.windowslive.mail se ukončil, protože jeho pozastavování trvalo moc dlouho.

Error: (01/07/2018 06:46:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.16299.15, časové razítko: 0xbf7b6630
Kód výjimky: 0xc000041d
Posun chyby: 0x00005b36
ID chybujícího procesu: 0x4c0
Čas spuštění chybující aplikace: 0x01d38789b71d2839
Cesta k chybující aplikaci: C:\Users\jan_u\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\GDI32.dll
ID zprávy: a08e78a6-e509-4af9-adef-15681577daf2
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/06/2018 09:25:35 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu BITS v knihovně DLL C:\Windows\System32\bitsperf.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (01/06/2018 09:22:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: RadeonSettings.exe, verze: 10.1.1.1680, časové razítko: 0x59c5791c
Název chybujícího modulu: atiadlxx.dll, verze: 22.19.163.2560, časové razítko: 0x59d471c0
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000084817
ID chybujícího procesu: 0x21ec
Čas spuštění chybující aplikace: 0x01d386c760ee1bb7
Cesta k chybující aplikaci: C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\atiadlxx.dll
ID zprávy: 84128c51-27e4-4699-afc3-ee16ae4c0afa
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/06/2018 09:15:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SearchUI.exe, verze: 10.0.16299.98, časové razítko: 0x5a1aada9
Název chybujícího modulu: aticfx64.dll, verze: 22.19.163.2560, časové razítko: 0x59d47315
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000047a8e
ID chybujícího procesu: 0x1728
Čas spuštění chybující aplikace: 0x01d386c3ddecdf57
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\DriverStore\FileRepository\c0319312.inf_amd64_1bd7dae294b3987b\aticfx64.dll
ID zprávy: fca927a7-0b48-4cb4-b363-677ec5657dcc
Úplný název chybujícího balíčku: Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: CortanaUI

Error: (01/06/2018 08:56:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SearchUI.exe, verze: 10.0.16299.98, časové razítko: 0x5a1aada9
Název chybujícího modulu: aticfx64.dll, verze: 22.19.163.2560, časové razítko: 0x59d47315
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000047a8e
ID chybujícího procesu: 0x224c
Čas spuštění chybující aplikace: 0x01d386c0a5c44c72
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\DriverStore\FileRepository\c0319312.inf_amd64_1bd7dae294b3987b\aticfx64.dll
ID zprávy: 2a482834-3ac1-4096-afb5-2c6b156a9529
Úplný název chybujícího balíčku: Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: CortanaUI

Error: (01/06/2018 08:37:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: RadeonSettings.exe, verze: 10.1.1.1680, časové razítko: 0x59c5791c
Název chybujícího modulu: atiadlxx.dll, verze: 22.19.163.2560, časové razítko: 0x59d471c0
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000084817
ID chybujícího procesu: 0x25a0
Čas spuštění chybující aplikace: 0x01d386c0fb362732
Cesta k chybující aplikaci: C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\atiadlxx.dll
ID zprávy: 678c583b-714d-44e2-a036-09f64f57b8f2
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (01/07/2018 08:35:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/07/2018 08:30:07 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-MSKMH8EU)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli LAPTOP-MSKMH8EU\jan_u (SID: S-1-5-21-1299869826-3957874853-2790533589-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/07/2018 08:26:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/07/2018 08:26:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/07/2018 08:25:17 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: Počítač byl restartován z procesu kontroly chyb. Kontrola chyb: 0x000000d1 (0xfffff80390a4c010, 0x00000000000000ff, 0x0000000000000000, 0xfffff800d74a95ae). Výpis byl uložen do: C:\WINDOWS\Minidump\010718-33484-01.dmp. ID hlášení: 75be0297-d9ca-47e0-941a-a4c52b6a44e4

Error: (01/07/2018 08:25:16 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (20:14:30, ‎07.‎01.‎2018) bylo neočekávané.

Error: (01/07/2018 08:16:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/07/2018 08:16:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/07/2018 08:14:30 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: Počítač byl restartován z procesu kontroly chyb. Kontrola chyb: 0x000000d1 (0xfffff803bde4c010, 0x00000000000000ff, 0x0000000000000000, 0xfffff801aef395ae). Výpis byl uložen do: C:\WINDOWS\Minidump\010718-37671-01.dmp. ID hlášení: 1f080aa8-71d0-47b9-b89c-3a2b51c13faa

Error: (01/07/2018 08:14:30 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (20:08:28, ‎07.‎01.‎2018) bylo neočekávané.


CodeIntegrity:
===================================
Date: 2018-01-07 20:35:49.071
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-07 20:35:49.069
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-07 20:35:46.574
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-07 20:35:46.571
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-07 20:32:36.658
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-07 20:32:36.656
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-07 20:31:08.213
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-07 20:31:08.211
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-07 20:31:06.327
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-07 20:31:06.324
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: AMD A10-7300 Radeon R6, 10 Compute Cores 4C+6G
Percentage of memory in use: 28%
Total physical RAM: 7114.26 MB
Available physical RAM: 5082.96 MB
Total Virtual: 7562.26 MB
Available Virtual: 5527 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:930.4 GB) (Free:550.41 GB) NTFS
Drive f: () (Fixed) (Total:627.83 GB) (Free:229.68 GB) EXT4

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 3B3956D6)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 59F8496D)
Partition 1: (Active) - (Size=100 GB) - (Type=83)
Partition 2: (Not Active) - (Size=3.7 GB) - (Type=05)
Partition 3: (Not Active) - (Size=627.8 GB) - (Type=83)
Partition 4: (Not Active) - (Size=200 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
AMD Phenom II 955 BE, CM hyper 212 plus; Gigabyte MA770-T-UD3P; 2x2GB RAM Kingstone Hyper X DDR3 1600MHz; nVIDIA GeForce GT730

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 07 led 2018 21:55

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
HKU\S-1-5-21-1299869826-3957874853-2790533589-1001\...\Policies\Explorer: []
S3 mracsvc; C:\WINDOWS\System32\mracsvc.exe [7409368 2017-12-25] (LLC Mail.Ru)
S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv.sys [6637344 2017-12-25] (LLC Mail.Ru)
C:\Users\jan_u\AppData\Local\Resmon.ResmonCfg
2018-01-03 17:13 - 2018-01-03 17:12 - 000476672 _____ () C:\Users\jan_u\AppData\Local\Temp\7za.exe
2018-01-03 17:13 - 2018-01-03 17:12 - 000020480 _____ (E Dev) C:\Users\jan_u\AppData\Local\Temp\DaS_21.exe
2018-01-01 13:03 - 2017-12-06 18:02 - 001954048 _____ (Microsoft Corporation) C:\Users\jan_u\AppData\Local\Temp\dllnt_dump.dll
2018-01-03 17:13 - 2018-01-03 17:12 - 000388608 _____ (Trend Micro Inc.) C:\Users\jan_u\AppData\Local\Temp\hijackthis.exe
2018-01-03 17:13 - 2018-01-03 17:12 - 000030720 _____ (NirSoft) C:\Users\jan_u\AppData\Local\Temp\NirCmd.exe
2018-01-03 17:13 - 2018-01-03 17:12 - 000256512 _____ () C:\Users\jan_u\AppData\Local\Temp\PEVZ.EXE
2018-01-03 17:13 - 2018-01-03 17:12 - 000069632 _____ () C:\Users\jan_u\AppData\Local\Temp\remove.exe
2018-01-03 17:13 - 2018-01-03 17:12 - 000098816 _____ () C:\Users\jan_u\AppData\Local\Temp\sed.exe
2018-01-03 17:13 - 2018-01-03 17:12 - 000057344 _____ (Optimum X) C:\Users\jan_u\AppData\Local\Temp\shortcut.exe
2018-01-03 17:13 - 2018-01-03 17:12 - 000161792 _____ (SteelWerX) C:\Users\jan_u\AppData\Local\Temp\swreg.exe
2018-01-03 17:13 - 2018-01-03 17:12 - 000217088 _____ (SteelWerX) C:\Users\jan_u\AppData\Local\Temp\swxcacls.exe
2018-01-03 17:13 - 2018-01-03 17:12 - 000154232 _____ (Noël Danjou) C:\Users\jan_u\AppData\Local\Temp\wget.exe
2018-01-03 17:13 - 2018-01-03 17:12 - 000024064 _____ () C:\Users\jan_u\AppData\Local\Temp\zoek-delete.exe
Shortcut: C:\Users\jan_u\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation) <==== Cyrillic
Shortcut: C:\Users\jan_u\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Prоhlížеč Оpеrа.lnk -> C:\Program Files (x86)\Opera\launcher.bat (No File)
Shortcut: C:\Users\jan_u\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Prоhlížеč Оpеrа.lnk -> C:\Program Files\Opera\launcher.bat (No File)
Shortcut: C:\Users\jan_u\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) <==== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prоhlížеč Оpеrа.lnk -> C:\Program Files (x86)\Opera\launcher.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) <==== Cyrillic
Shortcut: C:\Users\Public\Desktop\Prоhlížеč Оpеrа.lnk -> C:\Program Files (x86)\Opera\launcher.bat (No File)

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

C:\Program Files (x86)\Oio co je to za program víš?

Stáhni si a nainstaluj WhoCrashed
otevři ho a klikni na Analyze.
Program vytvoří zprávu , zkopíruj celou a vlož prosím sem.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
actionboy
Level 4
Level 4
Příspěvky: 1248
Registrován: listopad 07
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod actionboy » 07 led 2018 22:43

Když jsem dal FRST na plochu a spustil s fixlistem vedle, třikrát mi to napsalo tu hlášku o neautorizovaných změnách (i přesto že jsem to spustil jako správce) na konci procesu se pc restartoval, fixlist.txt zmizel, fixlog se neobjevil a zmizel zastupce opery. - Původně (ten první sken)jsem spouštěl ze stažených souborů,ted nevím jestli mohu se stejným fixlistem udělat znovu

Program Oio nevím co by mohlo být,ale složka je prázdná

Crash Dump Analysis
--------------------------------------------------------------------------------

Crash dumps are enabled on your computer. This system is not configured for complete or automatic crash dumps. For best results, configure your system to write out complete or automatic crash dumps. Select Tools->Crash Dump Configuration from the main menu to configure your system to write out complete memory dumps.

Crash dump directories:
C:\WINDOWS
C:\WINDOWS\Minidump

On Sun 07.01.2018 20:24:18 your computer crashed or a problem was reported
crash dump file: C:\WINDOWS\Minidump\010718-33484-01.dmp
This was probably caused by the following module: aswmbr.sys (0xFFFFF800D74A95AE)
Bugcheck code: 0xD1 (0xFFFFF80390A4C010, 0xFF, 0x0, 0xFFFFF800D74A95AE)
Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
This bug check belongs to the crash dump test that you have performed with WhoCrashed or other software. It means that a crash dump file was properly written out.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: aswmbr.sys .
Google query: aswmbr.sys DRIVER_IRQL_NOT_LESS_OR_EQUAL



On Sun 07.01.2018 20:13:26 your computer crashed or a problem was reported
crash dump file: C:\WINDOWS\Minidump\010718-37671-01.dmp
This was probably caused by the following module: aswmbr.sys (0xFFFFF801AEF395AE)
Bugcheck code: 0xD1 (0xFFFFF803BDE4C010, 0xFF, 0x0, 0xFFFFF801AEF395AE)
Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
This bug check belongs to the crash dump test that you have performed with WhoCrashed or other software. It means that a crash dump file was properly written out.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: aswmbr.sys .
Google query: aswmbr.sys DRIVER_IRQL_NOT_LESS_OR_EQUAL





--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

2 crash dumps have been found and analyzed. A third party driver has been identified to be causing system crashes on your computer. It is strongly suggested that you check for updates for these drivers on their company websites. Click on the links below to search with Google for updates for these drivers:

aswmbr.sys

If no updates for these drivers are available, try searching with Google on the names of these drivers in combination with the errors that have been reported for these drivers. Include the brand and model name of your computer as well in the query. This often yields interesting results from discussions on the web by users who have been experiencing similar problems.


Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.
AMD Phenom II 955 BE, CM hyper 212 plus; Gigabyte MA770-T-UD3P; 2x2GB RAM Kingstone Hyper X DDR3 1600MHz; nVIDIA GeForce GT730

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 08 led 2018 09:55

C:\Program Files (x86)\Oio složku smaž.

Je třeba vše spouštět z plochy.
fixlist udělej znovu a vlož log z něho.

BSOD se týká pouze aswMBR , ten program má nějaké chyby.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
actionboy
Level 4
Level 4
Příspěvky: 1248
Registrován: listopad 07
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod actionboy » 08 led 2018 16:36

Při spuštění z plochy se mi log nevytvoří, nebo vytvoří a hned smaže...
AMD Phenom II 955 BE, CM hyper 212 plus; Gigabyte MA770-T-UD3P; 2x2GB RAM Kingstone Hyper X DDR3 1600MHz; nVIDIA GeForce GT730

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 08 led 2018 17:59

Najdi tady:
C:\FRST\Logs
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 9 hostů