Kontrola logu hijack Vyřešeno

[Amurex]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:35:50 PM, on 10/20/2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.1715)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
C:\Users\Amurex\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
C:\Users\Amurex\Desktop\HijackThis (2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Amurex\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
O23 - Service: AsusFanControlService - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.28\AsusFanControlService.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\WINDOWS\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Wireless Controller Service - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) Extreme Tuning Utility Service (XTU3SERVICE) - Intel(R) Corporation - C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

--
End of file - 10743 bytes

[Reklama]

[Amurex]

Sophos našel jeden PUP, který jsem smazal. Zatím to teď vypadá že to frčí. Pokud shledám nejaký problém, tak dám vědět. V opačném případě téma do 2 dnů uzavřu. Mockrát děkuji. Not all heroes wear capes :)

[jaro3]

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt
Další odkazy:
http://ccm.net/download/download-24087-delfix
https://www.bleepingcomputer.com/download/delfix/

Ok , dej vědět.

[Amurex]

# DelFix v1.013 - Logfile created 20/10/2017 at 21:35:05
# Updated 17/04/2016 by Xplode
# Username : Amurex - DESKTOP-A2KAN9O
# Operating System : Windows 10 Pro (64 bits)

~ Removing disinfection tools ...

Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\Users\Amurex\Desktop\HijackThis (2).exe
Deleted : C:\Users\Amurex\Desktop\hijackthis.log
Deleted : C:\Users\Amurex\Downloads\AdwCleaner.exe
Deleted : C:\Users\Amurex\Downloads\JRT.exe
Deleted : C:\Users\Amurex\Downloads\hijackthis (1).exe
Deleted : C:\Users\Amurex\Downloads\HijackThis (2).exe
Deleted : C:\Users\Amurex\Downloads\hijackthis.exe
Deleted : C:\Users\Amurex\Downloads\RogueKiller_portable64.exe
Deleted : C:\Users\Amurex\Downloads\TFC.exe
Deleted : C:\Users\Amurex\Downloads\zoek.rar
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #1 [zoek.exe restore point | 10/20/2017 13:13:02]

New restore point created !

########## - EOF - ##########

[Amurex]

Většina problémů zmizela, akorát facebook chat mi občas odešle 2 zprávy místo jedné :/

[jaro3]

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

[Amurex]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-10-2017
Ran by Amurex (administrator) on DESKTOP-A2KAN9O (20-10-2017 22:39:00)
Running from C:\Users\Amurex\Desktop
Loaded Profiles: Amurex (Available Profiles: Amurex)
Platform: Windows 10 Pro Version 1607 14393.1770 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.28\AsusFanControlService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
() C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.30.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8783616 2015-12-25] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-10-05] (AVAST Software)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [555832 2014-03-05] (ASUSTek Computer Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3537257292-1073640026-2814993478-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4557504 2016-10-06] (Disc Soft Ltd)
HKU\S-1-5-21-3537257292-1073640026-2814993478-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-3537257292-1073640026-2814993478-1001\...\MountPoints2: {70031b54-a34b-11e6-9bcc-708bcd9ef6a4} - "F:\setup.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{c9953a8d-bc86-41c7-ad6a-1eedc9a7b467}: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{dcc1169a-bcb0-489e-864f-7b581e1cfdeb}: [DhcpNameServer] 213.46.172.37 213.46.172.36

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3537257292-1073640026-2814993478-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 2013\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 2013\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 2013\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 2013\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Amurex\AppData\Local\Google\Chrome\User Data\Default [2017-10-20]
CHR Extension: (Prezentace) - C:\Users\Amurex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-20]
CHR Extension: (Dokumenty) - C:\Users\Amurex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-20]
CHR Extension: (Disk Google) - C:\Users\Amurex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-20]
CHR Extension: (YouTube) - C:\Users\Amurex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-20]
CHR Extension: (Avast SafePrice) - C:\Users\Amurex\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-10-20]
CHR Extension: (Tabulky) - C:\Users\Amurex\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-20]
CHR Extension: (Dokumenty Google offline) - C:\Users\Amurex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-20]
CHR Extension: (Avast Online Security) - C:\Users\Amurex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Amurex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-20]
CHR Extension: (Gmail) - C:\Users\Amurex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-20]
CHR Extension: (Chrome Media Router) - C:\Users\Amurex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-20]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2015-05-08] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2015-05-08] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.28\AsusFanControlService.exe [398648 2015-08-20] (ASUSTeK Computer Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7446024 2017-10-05] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-10-05] (AVAST Software)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [383016 2017-07-20] (EasyAntiCheat Ltd)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457272 2016-09-30] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457272 2016-09-30] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-09-30] (NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2017-08-08] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-08-08] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [19192 2015-09-22] (Intel(R) Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-23] (ASUSTek Computer Inc.)
R3 AndroidAFD; C:\Windows\SysWow64\drivers\AndroidAFDx64.sys [28600 2015-08-28] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2015-05-08] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-25] ()
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [321032 2017-10-05] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-10-05] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343288 2017-10-05] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57736 2017-10-05] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [47008 2017-10-05] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [147776 2017-10-05] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110376 2017-10-05] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84416 2017-10-05] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1020536 2017-10-05] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [587168 2017-10-05] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [201352 2017-10-05] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [363440 2017-10-05] (AVAST Software)
R3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-10-19] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-11-05] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-11-05] (Disc Soft Ltd)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-09-22] (Intel Corporation)
R4 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [24824 2015-08-20] (ASUSTeK Computer Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-10-20] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-09-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2016-09-30] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-15] (Realtek )
S3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [5195776 2016-07-16] (Realtek Semiconductor Corporation )
R3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-10-19] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-10-20] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-10-20] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

[Amurex]

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-20 22:39 - 2017-10-20 22:39 - 000016756 _____ C:\Users\Amurex\Desktop\FRST.txt
2017-10-20 22:38 - 2017-10-20 22:39 - 000000000 ____D C:\FRST
2017-10-20 22:38 - 2017-10-20 22:38 - 002402816 _____ (Farbar) C:\Users\Amurex\Downloads\FRST64.exe
2017-10-20 22:38 - 2017-10-20 22:38 - 002402816 _____ (Farbar) C:\Users\Amurex\Desktop\FRST64.exe
2017-10-20 21:35 - 2017-10-20 21:35 - 000001068 _____ C:\DelFix.txt
2017-10-20 21:34 - 2017-10-20 21:34 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-10-20 21:33 - 2017-10-20 21:33 - 000797760 _____ C:\Users\Amurex\Downloads\delfix_1.013.exe
2017-10-20 15:27 - 2017-10-20 22:39 - 000086053 _____ C:\WINDOWS\ZAM.krnl.trace
2017-10-20 15:27 - 2017-10-20 22:39 - 000056396 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-10-20 15:27 - 2017-10-20 15:27 - 006625600 _____ (Zemana Ltd. ) C:\Users\Amurex\Downloads\Zemana.AntiMalware.Setup.exe
2017-10-20 15:27 - 2017-10-20 15:27 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-10-20 15:27 - 2017-10-20 15:27 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-10-20 15:27 - 2017-10-20 15:27 - 000000000 ____D C:\Users\Amurex\AppData\Local\Zemana
2017-10-20 15:27 - 2017-10-20 15:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-10-20 15:27 - 2017-10-20 15:27 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-10-20 15:26 - 2017-10-20 15:26 - 000000000 ____D C:\WINDOWS\Panther
2017-10-20 15:25 - 2017-10-20 15:12 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2017-10-19 16:15 - 2017-10-19 16:15 - 001006284 _____ C:\Users\Amurex\Downloads\zaverecna_prace (2).pdf
2017-10-19 13:52 - 2017-10-20 14:51 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-10-19 13:51 - 2017-10-19 17:23 - 000000000 ____D C:\ProgramData\RogueKiller
2017-10-19 13:24 - 2017-10-19 13:24 - 000000000 ____D C:\ProgramData\Sophos
2017-10-19 13:24 - 2017-10-19 13:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-10-19 13:24 - 2017-10-19 13:24 - 000000000 ____D C:\Program Files (x86)\Sophos
2017-10-19 13:22 - 2017-10-19 13:23 - 178184296 _____ (Sophos Limited) C:\Users\Amurex\Downloads\Sophos Virus Removal Tool.exe
2017-10-18 14:14 - 2017-10-20 15:35 - 000000000 ____D C:\Users\Amurex\Desktop\cleaning
2017-10-18 14:14 - 2017-10-18 14:14 - 000050688 _____ (Atribune.org) C:\Users\Amurex\Downloads\ATF-Cleaner.exe
2017-10-17 22:53 - 2017-10-20 22:36 - 000002550 _____ C:\WINDOWS\System32\Tasks\AutoPico Daily Restart
2017-10-17 18:59 - 2017-10-17 18:59 - 000008766 _____ C:\Users\Amurex\Desktop\jidelak.xlsx
2017-10-16 22:46 - 2017-10-16 22:46 - 000002367 _____ C:\Users\Public\Desktop\Shadow Of Mordor.lnk
2017-10-16 22:46 - 2017-10-16 22:46 - 000000000 ____D C:\Users\Amurex\Documents\WB Games
2017-10-16 22:46 - 2017-10-16 22:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shadow Of Mordor
2017-10-16 20:43 - 2017-10-16 20:43 - 000000000 ____D C:\Program Files (x86)\R.G. Freedom
2017-10-16 20:15 - 2017-10-16 20:15 - 000112922 _____ C:\Users\Amurex\Downloads\[CzT]Middle_Earth_Shadow_of_Mordor_Ultimate_Edition_2014_CZ_ (1).torrent
2017-10-16 20:14 - 2017-10-16 20:14 - 000112921 _____ C:\Users\Amurex\Downloads\[CzT]Middle_Earth_Shadow_of_Mordor_Ultimate_Edition_2014_CZ_.torrent
2017-10-16 16:10 - 2017-10-16 16:10 - 000262935 _____ C:\Users\Amurex\Downloads\Zadání na cvičení 3 - 5 (1).pdf
2017-10-16 16:10 - 2017-10-16 16:10 - 000124493 _____ C:\Users\Amurex\Downloads\Zadání na cvičení č. 5.pdf
2017-10-16 16:01 - 2017-10-16 16:01 - 000262935 _____ C:\Users\Amurex\Downloads\Zadání na cvičení 3 - 5.pdf
2017-10-16 15:46 - 2017-10-17 22:37 - 000000000 ____D C:\AmericasCardroom
2017-10-16 15:46 - 2017-10-16 15:46 - 000001599 _____ C:\Users\Public\Desktop\AmericasCardroom.lnk
2017-10-16 15:46 - 2017-10-16 15:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmericasCardroom
2017-10-16 15:45 - 2017-10-16 15:46 - 089033176 _____ C:\Users\Amurex\Downloads\americascardroom_com.exe
2017-10-16 15:03 - 2017-10-16 15:03 - 000000000 ____D C:\Users\Amurex\AppData\Local\Jivaro ehf
2017-10-16 15:03 - 2017-10-16 15:03 - 000000000 ____D C:\Users\Amurex\AppData\Local\Jivaro
2017-10-16 15:02 - 2017-10-16 15:02 - 036599808 _____ C:\Users\Amurex\Downloads\Jivaro.msi
2017-10-12 14:12 - 2015-11-19 21:31 - 000000000 ____D C:\Users\Amurex\Desktop\KMSpico 10.1.8 FINAL + Portable (Office and Windows 10 Activator) [TechTools.net]
2017-10-12 14:11 - 2017-10-12 14:11 - 000002704 _____ C:\Users\Amurex\Downloads\[CzT]KMSpico_v10_1_8_Final_Portable_Aktivator_Windows_a_Office_2015_.torrent
2017-10-12 13:50 - 2017-10-20 15:26 - 000000008 __RSH C:\ProgramData\ntuser.pol
2017-10-12 13:50 - 2017-10-12 13:50 - 000565000 _____ ( ) C:\Users\Amurex\Downloads\Windows_10_Activator_Loader_Full_Download.exe
2017-10-12 13:50 - 2017-10-12 13:50 - 000565000 _____ ( ) C:\Users\Amurex\Downloads\Windows_10_Activator_Loader_Full_Download (1).exe
2017-10-11 10:01 - 2017-10-11 10:01 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-10-11 10:00 - 2017-09-18 05:27 - 001651552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll
2017-10-11 10:00 - 2017-09-18 05:27 - 000218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-10-11 10:00 - 2017-09-18 05:22 - 001470816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-10-11 10:00 - 2017-09-18 05:09 - 007780192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-10-11 10:00 - 2017-09-18 05:09 - 002213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-10-11 10:00 - 2017-09-18 05:09 - 000646688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-10-11 10:00 - 2017-09-18 05:09 - 000133984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-10-11 10:00 - 2017-09-18 05:08 - 000998920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-10-11 10:00 - 2017-09-18 05:05 - 001177688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2017-10-11 10:00 - 2017-09-18 05:05 - 000497424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-10-11 10:00 - 2017-09-18 05:05 - 000172536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-10-11 10:00 - 2017-09-18 05:04 - 001706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-10-11 10:00 - 2017-09-18 05:04 - 000918304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-10-11 10:00 - 2017-09-18 05:03 - 000791272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-10-11 10:00 - 2017-09-18 05:02 - 007213464 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-10-11 10:00 - 2017-09-18 05:02 - 001860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-10-11 10:00 - 2017-09-18 05:01 - 000431456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-10-11 10:00 - 2017-09-18 05:01 - 000223072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-10-11 10:00 - 2017-09-18 05:00 - 001072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-10-11 10:00 - 2017-09-18 04:59 - 022220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-10-11 10:00 - 2017-09-18 04:59 - 008173672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-10-11 10:00 - 2017-09-18 04:59 - 004260072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-10-11 10:00 - 2017-09-18 04:59 - 001983408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-10-11 10:00 - 2017-09-18 04:59 - 001702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-10-11 10:00 - 2017-09-18 04:59 - 000341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-10-11 10:00 - 2017-09-18 04:59 - 000241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-10-11 10:00 - 2017-09-18 04:56 - 000057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-10-11 10:00 - 2017-09-18 04:55 - 005722320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-10-11 10:00 - 2017-09-18 04:55 - 001431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-10-11 10:00 - 2017-09-18 04:54 - 001980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-10-11 10:00 - 2017-09-18 04:52 - 020967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-10-11 10:00 - 2017-09-18 04:52 - 006672680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-10-11 10:00 - 2017-09-18 04:52 - 004023560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-10-11 10:00 - 2017-09-18 04:52 - 001845512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-10-11 10:00 - 2017-09-18 04:52 - 001360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-10-11 10:00 - 2017-09-18 04:52 - 001277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-10-11 10:00 - 2017-09-18 04:52 - 000981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-10-11 10:00 - 2017-09-18 04:51 - 000178016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-10-11 10:00 - 2017-09-18 04:49 - 001435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-10-11 10:00 - 2017-09-18 04:49 - 001412128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-10-11 10:00 - 2017-09-18 04:49 - 001260784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-10-11 10:00 - 2017-09-18 04:48 - 000117792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-10-11 10:00 - 2017-09-18 04:36 - 022570496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-10-11 10:00 - 2017-09-18 04:35 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-10-11 10:00 - 2017-09-18 04:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-10-11 10:00 - 2017-09-18 04:33 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-10-11 10:00 - 2017-09-18 04:33 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-10-11 10:00 - 2017-09-18 04:33 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransliterationRanker.dll
2017-10-11 10:00 - 2017-09-18 04:32 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpninputrouter.dll
2017-10-11 10:00 - 2017-09-18 04:32 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmojiDS.dll
2017-10-11 10:00 - 2017-09-18 04:32 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-10-11 10:00 - 2017-09-18 04:32 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-10-11 10:00 - 2017-09-18 04:31 - 006288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-10-11 10:00 - 2017-09-18 04:31 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-10-11 10:00 - 2017-09-18 04:31 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-10-11 10:00 - 2017-09-18 04:31 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2017-10-11 10:00 - 2017-09-18 04:31 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-10-11 10:00 - 2017-09-18 04:31 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\RuleBasedDS.dll
2017-10-11 10:00 - 2017-09-18 04:30 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpnranker.dll
2017-10-11 10:00 - 2017-09-18 04:30 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-10-11 10:00 - 2017-09-18 04:30 - 000174592 _____ C:\WINDOWS\system32\IHDS.dll
2017-10-11 10:00 - 2017-09-18 04:30 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-10-11 10:00 - 2017-09-18 04:30 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\VocabRoamingHandler.dll
2017-10-11 10:00 - 2017-09-18 04:30 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\StaticDictDS.dll
2017-10-11 10:00 - 2017-09-18 04:30 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\chxranker.dll
2017-10-11 10:00 - 2017-09-18 04:29 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChsStrokeDS.dll
2017-10-11 10:00 - 2017-09-18 04:29 - 000411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-10-11 10:00 - 2017-09-18 04:29 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2017-10-11 10:00 - 2017-09-18 04:29 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-10-11 10:00 - 2017-09-18 04:29 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-10-11 10:00 - 2017-09-18 04:28 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-10-11 10:00 - 2017-09-18 04:28 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtHkStrokeDS.dll
2017-10-11 10:00 - 2017-09-18 04:28 - 000406016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-10-11 10:00 - 2017-09-18 04:28 - 000335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChsPinyinRanker.dll
2017-10-11 10:00 - 2017-09-18 04:28 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\MtfDecoder.dll
2017-10-11 10:00 - 2017-09-18 04:28 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-10-11 10:00 - 2017-09-18 04:28 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2017-10-11 10:00 - 2017-09-18 04:28 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-10-11 10:00 - 2017-09-18 04:27 - 004615168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-10-11 10:00 - 2017-09-18 04:27 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-10-11 10:00 - 2017-09-18 04:27 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-10-11 10:00 - 2017-09-18 04:27 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-10-11 10:00 - 2017-09-18 04:27 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChxAPDS.dll
2017-10-11 10:00 - 2017-09-18 04:27 - 000480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimeChsPinyinMainDS.dll
2017-10-11 10:00 - 2017-09-18 04:27 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChxHAPDS.dll
2017-10-11 10:00 - 2017-09-18 04:27 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-10-11 10:00 - 2017-09-18 04:27 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtCangjieDS.dll
2017-10-11 10:00 - 2017-09-18 04:27 - 000410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtQuickDS.dll
2017-10-11 10:00 - 2017-09-18 04:27 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-10-11 10:00 - 2017-09-18 04:27 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpndecoder.dll
2017-10-11 10:00 - 2017-09-18 04:27 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\chxinputrouter.dll
2017-10-11 10:00 - 2017-09-18 04:27 - 000326656 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-10-11 10:00 - 2017-09-18 04:27 - 000310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-10-11 10:00 - 2017-09-18 04:27 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-10-11 10:00 - 2017-09-18 04:26 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-10-11 10:00 - 2017-09-18 04:26 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll
2017-10-11 10:00 - 2017-09-18 04:26 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-10-11 10:00 - 2017-09-18 04:26 - 000396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-10-11 10:00 - 2017-09-18 04:26 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-10-11 10:00 - 2017-09-18 04:26 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-10-11 10:00 - 2017-09-18 04:26 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-10-11 10:00 - 2017-09-18 04:26 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-10-11 10:00 - 2017-09-18 04:26 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-10-11 10:00 - 2017-09-18 04:26 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-10-11 10:00 - 2017-09-18 04:26 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-10-11 10:00 - 2017-09-18 04:25 - 002333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-10-11 10:00 - 2017-09-18 04:25 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2017-10-11 10:00 - 2017-09-18 04:25 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-10-11 10:00 - 2017-09-18 04:24 - 013107712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-10-11 10:00 - 2017-09-18 04:24 - 007626240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-10-11 10:00 - 2017-09-18 04:24 - 002103808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-10-11 10:00 - 2017-09-18 04:24 - 001589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-10-11 10:00 - 2017-09-18 04:24 - 000819200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2017-10-11 10:00 - 2017-09-18 04:24 - 000755200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-10-11 10:00 - 2017-09-18 04:24 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-10-11 10:00 - 2017-09-18 04:24 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-10-11 10:00 - 2017-09-18 04:23 - 000857600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2017-10-11 10:00 - 2017-09-18 04:23 - 000816640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll
2017-10-11 10:00 - 2017-09-18 04:23 - 000636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-10-11 10:00 - 2017-09-18 04:23 - 000442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-10-11 10:00 - 2017-09-18 04:23 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-10-11 10:00 - 2017-09-18 04:23 - 000287744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-10-11 10:00 - 2017-09-18 04:23 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-10-11 10:00 - 2017-09-18 04:22 - 001323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-10-11 10:00 - 2017-09-18 04:22 - 001137664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-10-11 10:00 - 2017-09-18 04:22 - 000198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2017-10-11 10:00 - 2017-09-18 04:21 - 018364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-10-11 10:00 - 2017-09-18 04:20 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-10-11 10:00 - 2017-09-18 04:20 - 019414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-10-11 10:00 - 2017-09-18 04:20 - 002641920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-10-11 10:00 - 2017-09-18 04:20 - 000937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-10-11 10:00 - 2017-09-18 04:20 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-10-11 10:00 - 2017-09-18 04:20 - 000284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-10-11 10:00 - 2017-09-18 04:19 - 002750976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-10-11 10:00 - 2017-09-18 04:19 - 000549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-10-11 10:00 - 2017-09-18 04:19 - 000303616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2017-10-11 10:00 - 2017-09-18 04:19 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-10-11 10:00 - 2017-09-18 04:18 - 012204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-10-11 10:00 - 2017-09-18 04:18 - 008114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-10-11 10:00 - 2017-09-18 04:18 - 008077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-10-11 10:00 - 2017-09-18 04:18 - 007470592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-10-11 10:00 - 2017-09-18 04:18 - 001145344 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-10-11 10:00 - 2017-09-18 04:18 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-10-11 10:00 - 2017-09-18 04:17 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-10-11 10:00 - 2017-09-18 04:17 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-10-11 10:00 - 2017-09-18 04:17 - 000779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2017-10-11 10:00 - 2017-09-18 04:17 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-10-11 10:00 - 2017-09-18 04:16 - 004743168 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-10-11 10:00 - 2017-09-18 04:16 - 004596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-10-11 10:00 - 2017-09-18 04:16 - 003520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2017-10-11 10:00 - 2017-09-18 04:15 - 006065152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-10-11 10:00 - 2017-09-18 04:15 - 003202048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-10-11 10:00 - 2017-09-18 04:15 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2017-10-11 10:00 - 2017-09-18 04:15 - 002538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-10-11 10:00 - 2017-09-18 04:15 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2017-10-11 10:00 - 2017-09-18 04:15 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-10-11 10:00 - 2017-09-18 04:15 - 001231360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-10-11 10:00 - 2017-09-18 04:15 - 000701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2017-10-11 10:00 - 2017-09-18 04:14 - 006474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-10-11 10:00 - 2017-09-18 04:14 - 003663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-10-11 10:00 - 2017-09-18 04:14 - 002997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-10-11 10:00 - 2017-09-18 04:14 - 002897408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-10-11 10:00 - 2017-09-18 04:14 - 002740224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-10-11 10:00 - 2017-09-18 04:14 - 002682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-10-11 10:00 - 2017-09-18 04:14 - 002649600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-10-11 10:00 - 2017-09-18 04:14 - 002483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-10-11 10:00 - 2017-09-18 04:14 - 001988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-10-11 10:00 - 2017-09-18 04:14 - 001599488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-10-11 10:00 - 2017-09-18 04:14 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-10-11 10:00 - 2017-09-18 04:14 - 001518080 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-10-11 10:00 - 2017-09-18 04:14 - 001328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-10-11 10:00 - 2017-09-18 04:14 - 001170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-10-11 10:00 - 2017-09-18 04:14 - 000983552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-10-11 10:00 - 2017-09-18 04:14 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-10-11 10:00 - 2017-09-18 04:14 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-10-11 10:00 - 2017-09-18 04:14 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-10-11 10:00 - 2017-09-18 04:14 - 000903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-10-11 10:00 - 2017-09-18 04:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-10-11 10:00 - 2017-09-18 04:14 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-10-11 10:00 - 2017-09-18 04:14 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-10-11 10:00 - 2017-09-18 04:14 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-10-11 10:00 - 2017-09-18 04:14 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-10-11 10:00 - 2017-09-18 04:14 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-10-11 10:00 - 2017-09-18 04:14 - 000650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-10-11 10:00 - 2017-09-18 04:14 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2017-10-11 10:00 - 2017-09-18 04:14 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-10-11 10:00 - 2017-09-18 04:13 - 001121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-10-11 10:00 - 2017-09-18 04:13 - 001013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-10-11 10:00 - 2017-09-18 04:13 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-10-11 10:00 - 2017-09-18 04:13 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-10-11 10:00 - 2017-09-18 04:13 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-10-11 10:00 - 2017-09-18 04:13 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-10-11 10:00 - 2017-09-18 04:13 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-10-11 10:00 - 2017-09-18 04:13 - 000589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-10-11 10:00 - 2017-09-18 04:13 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netprofm.dll
2017-10-11 10:00 - 2017-09-18 04:12 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-10-11 10:00 - 2017-09-18 04:12 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-10-11 10:00 - 2017-09-18 04:12 - 000439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprt.exe
2017-10-11 10:00 - 2017-09-18 04:11 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-10-11 10:00 - 2017-09-18 04:11 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-10-11 10:00 - 2017-09-18 04:11 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\trie.dll
2017-10-11 10:00 - 2017-09-18 04:11 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MTFFuzzyDS.dll
2017-10-11 10:00 - 2017-09-18 04:11 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MTFSpellcheckDS.dll
2017-10-11 10:00 - 2017-09-15 01:14 - 000119328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-10-11 10:00 - 2017-09-15 01:05 - 001302136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-10-11 10:00 - 2017-09-15 00:59 - 000096064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-10-11 10:00 - 2017-09-15 00:52 - 000136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-10-11 10:00 - 2017-09-15 00:49 - 001202936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-10-11 10:00 - 2017-09-15 00:39 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll
2017-10-11 10:00 - 2017-09-15 00:39 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2010CustomActions.dll
2017-10-11 10:00 - 2017-09-15 00:34 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-10-11 10:00 - 2017-09-15 00:32 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollUI.dll
2017-10-11 10:00 - 2017-09-15 00:32 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-10-11 10:00 - 2017-09-15 00:32 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-10-11 10:00 - 2017-09-15 00:32 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2017-10-11 10:00 - 2017-09-15 00:31 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-10-11 10:00 - 2017-09-15 00:30 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-10-11 10:00 - 2017-09-15 00:30 - 000291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollUI.dll
2017-10-11 10:00 - 2017-09-15 00:30 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSWB7.dll
2017-10-11 10:00 - 2017-09-15 00:30 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-10-11 10:00 - 2017-09-15 00:30 - 000172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-10-11 10:00 - 2017-09-15 00:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2017-10-11 10:00 - 2017-09-15 00:28 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-10-11 10:00 - 2017-09-15 00:28 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-10-11 10:00 - 2017-09-15 00:27 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-10-11 10:00 - 2017-09-15 00:26 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-10-11 10:00 - 2017-09-15 00:26 - 000636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-10-11 10:00 - 2017-09-15 00:26 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certreq.exe
2017-10-11 10:00 - 2017-09-15 00:25 - 000821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\comuid.dll
2017-10-11 10:00 - 2017-09-15 00:25 - 000529920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2017-10-11 10:00 - 2017-09-15 00:24 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2017-10-11 10:00 - 2017-09-15 00:22 - 000987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2017-10-11 10:00 - 2017-09-15 00:22 - 000634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2017-10-11 10:00 - 2017-09-15 00:21 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2017-10-11 10:00 - 2017-09-15 00:20 - 002852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-10-11 10:00 - 2017-09-15 00:18 - 003299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-10-11 10:00 - 2017-09-15 00:18 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\umrdp.dll
2017-10-11 10:00 - 2017-09-15 00:17 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tsusbhub.sys
2017-10-11 10:00 - 2017-09-15 00:16 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2017-10-11 10:00 - 2017-09-15 00:15 - 003106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-10-11 10:00 - 2017-09-14 04:04 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-10-11 10:00 - 2017-09-14 04:04 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-10-11 10:00 - 2017-09-14 04:04 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-10-11 10:00 - 2017-03-04 09:10 - 000360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-10-11 10:00 - 2017-03-04 08:28 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-10-11 10:00 - 2017-03-04 08:25 - 000748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2017-10-11 10:00 - 2017-03-04 08:24 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2017-10-11 10:00 - 2017-03-04 08:23 - 001184256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-10-11 10:00 - 2017-03-04 08:23 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2017-10-11 10:00 - 2017-03-04 08:18 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2017-10-11 10:00 - 2017-03-04 08:16 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-10-11 10:00 - 2017-03-04 08:03 - 000119808 ____R (Microsoft Corporation) C:\WINDOWS\system32\SecureAssessmentHandlers.dll
2017-10-11 10:00 - 2017-03-04 08:00 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-10-11 10:00 - 2017-03-04 08:00 - 000711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-10-11 10:00 - 2016-08-27 07:12 - 000244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-10-11 10:00 - 2016-08-02 10:13 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-10-11 09:59 - 2017-09-18 05:18 - 002414432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll
2017-10-11 09:59 - 2017-09-18 05:17 - 001564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-10-11 09:59 - 2017-09-18 05:17 - 000245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-10-11 09:59 - 2017-09-18 05:17 - 000136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-10-11 09:59 - 2017-09-18 05:14 - 001408352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-10-11 09:59 - 2017-09-18 05:14 - 001054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-10-11 09:59 - 2017-09-18 05:14 - 000992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-10-11 09:59 - 2017-09-18 05:14 - 000813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-10-11 09:59 - 2017-09-18 05:14 - 000779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-10-11 09:59 - 2017-09-18 05:14 - 000766304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-10-11 09:59 - 2017-09-18 05:14 - 000699232 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-10-11 09:59 - 2017-09-18 05:14 - 000513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-10-11 09:59 - 2017-09-18 05:14 - 000412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-10-11 09:59 - 2017-09-18 05:14 - 000076128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2017-10-11 09:59 - 2017-09-18 05:13 - 002170720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-10-11 09:59 - 2017-09-18 05:13 - 001670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-10-11 09:59 - 2017-09-18 05:13 - 000704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-10-11 09:59 - 2017-09-18 05:13 - 000567136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-10-11 09:59 - 2017-09-18 05:13 - 000241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-10-11 09:59 - 2017-09-18 05:13 - 000202592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2017-10-11 09:59 - 2017-09-18 05:08 - 002253664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-10-11 09:59 - 2017-09-18 05:05 - 000168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2017-10-11 09:59 - 2017-09-18 05:04 - 000404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-10-11 09:59 - 2017-09-18 05:01 - 002446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-10-11 09:59 - 2017-09-18 05:01 - 000624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-10-11 09:59 - 2017-09-18 04:58 - 001600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-10-11 09:59 - 2017-09-18 04:58 - 000206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-10-11 09:59 - 2017-09-18 04:57 - 001566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-10-11 09:59 - 2017-09-18 04:57 - 001460696 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-10-11 09:59 - 2017-09-18 04:57 - 001415712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-10-11 09:59 - 2017-09-18 04:32 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-10-11 09:59 - 2017-09-18 04:30 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-10-11 09:59 - 2017-09-18 04:30 - 000196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2017-10-11 09:59 - 2017-09-18 04:30 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2017-10-11 09:59 - 2017-09-18 04:29 - 009129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-10-11 09:59 - 2017-09-18 04:28 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-10-11 09:59 - 2017-09-18 04:28 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-10-11 09:59 - 2017-09-18 04:27 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll
2017-10-11 09:59 - 2017-09-18 04:27 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-10-11 09:59 - 2017-09-18 04:27 - 000407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-10-11 09:59 - 2017-09-18 04:27 - 000379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-10-11 09:59 - 2017-09-18 04:27 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-10-11 09:59 - 2017-09-18 04:27 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-10-11 09:59 - 2017-09-18 04:26 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-10-11 09:59 - 2017-09-18 04:26 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsregcmd.exe
2017-10-11 09:59 - 2017-09-18 04:26 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2017-10-11 09:59 - 2017-09-18 04:26 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-10-11 09:59 - 2017-09-18 04:26 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-10-11 09:59 - 2017-09-18 04:25 - 001914368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-10-11 09:59 - 2017-09-18 04:25 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2017-10-11 09:59 - 2017-09-18 04:25 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-10-11 09:59 - 2017-09-18 04:24 - 001584640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-10-11 09:59 - 2017-09-18 04:22 - 004749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-10-11 09:59 - 2017-09-18 04:22 - 003291648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-10-11 09:59 - 2017-09-18 04:22 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-10-11 09:59 - 2017-09-18 04:22 - 000352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2017-10-11 09:59 - 2017-09-18 04:19 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2017-10-11 09:59 - 2017-09-18 04:19 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2017-10-11 09:59 - 2017-09-18 04:18 - 001010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-10-11 09:59 - 2017-09-18 04:18 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-10-11 09:59 - 2017-09-18 04:18 - 000932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-10-11 09:59 - 2017-09-18 04:17 - 002279424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-10-11 09:59 - 2017-09-18 04:16 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-10-11 09:59 - 2017-09-18 04:15 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-10-11 09:59 - 2017-09-18 04:15 - 001692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-10-11 09:59 - 2017-09-18 04:15 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-10-11 09:59 - 2017-09-18 04:14 - 003615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-10-11 09:59 - 2017-09-18 04:14 - 002321408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-10-11 09:59 - 2017-09-18 04:14 - 001040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2017-10-11 09:59 - 2017-09-18 04:14 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-10-11 09:59 - 2017-09-18 04:13 - 001726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-10-11 09:59 - 2017-09-18 04:13 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2017-10-11 09:59 - 2017-09-15 00:39 - 002233344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll
2017-10-11 09:59 - 2017-09-15 00:39 - 001227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AgentService.exe
2017-10-11 09:59 - 2017-09-15 00:39 - 001222144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll
2017-10-11 09:59 - 2017-09-15 00:39 - 001165824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe
2017-10-11 09:59 - 2017-09-15 00:39 - 000768512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.PrinterCustomActions.dll
2017-10-11 09:59 - 2017-09-15 00:39 - 000744960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2013CustomActions.dll
2017-10-11 09:59 - 2017-09-15 00:39 - 000419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CscUnpinTool.exe
2017-10-11 09:59 - 2017-09-15 00:39 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ConfigWrapper.dll
2017-10-11 09:59 - 2017-09-15 00:38 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2010CustomActions.dll
2017-10-11 09:59 - 2017-09-15 00:32 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSWB7.dll
2017-10-11 09:59 - 2017-09-15 00:31 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-10-11 09:59 - 2017-09-15 00:31 - 000280576 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-10-11 09:59 - 2017-09-15 00:29 - 000352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-10-11 09:59 - 2017-09-15 00:25 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2017-10-11 09:59 - 2017-09-15 00:24 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\certreq.exe
2017-10-11 09:59 - 2017-09-15 00:23 - 000560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-10-11 09:59 - 2017-09-15 00:22 - 000820736 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-10-11 09:59 - 2017-09-15 00:19 - 001421824 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-10-11 09:59 - 2017-09-15 00:19 - 000928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-10-11 09:59 - 2017-03-04 08:11 - 001643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-10-11 09:59 - 2017-03-04 08:07 - 001064448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-10-11 09:59 - 2016-08-06 06:16 - 000026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-10-05 12:58 - 2017-10-05 12:58 - 000401488 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-10-03 16:18 - 2017-10-20 20:58 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-10-01 19:36 - 2017-10-13 13:09 - 000000000 ____D C:\Program Files\rempl
2017-09-22 21:54 - 2017-09-22 21:54 - 000034419 _____ C:\Users\Amurex\Downloads\[CzT]Nocni_zvirata_Nocturnal_Animals_2016_CZ_EN_720pHD_.torrent
2017-09-22 20:58 - 2017-09-22 20:58 - 000021200 _____ C:\Users\Amurex\Downloads\[CzT]Pasazeri_Passengers_2016_CZ_.torrent
2017-09-22 12:43 - 2017-09-22 12:43 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.150607700846802.150720113014002
2017-09-20 16:19 - 2017-09-20 16:23 - 000008209 _____ C:\Users\Amurex\Desktop\Knihy.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-20 22:36 - 2017-08-08 14:37 - 000003312 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C4F1051A-6830-4399-B26D-191AA81892DA}
2017-10-20 22:36 - 2017-07-27 10:56 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3537257292-1073640026-2814993478-1001
2017-10-20 22:36 - 2017-02-17 10:28 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-10-20 22:36 - 2017-01-05 09:46 - 000004050 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-A2KAN9O-Amurex DESKTOP-A2KAN9O
2017-10-20 22:36 - 2017-01-04 15:13 - 000002818 _____ C:\WINDOWS\System32\Tasks\Trigger KMS Activation
2017-10-20 22:36 - 2016-12-28 00:23 - 000002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-10-20 22:36 - 2016-10-26 09:33 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-10-20 22:36 - 2016-10-26 09:33 - 000003142 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-20 22:36 - 2016-10-26 09:33 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-10-20 22:36 - 2016-10-26 09:33 - 000003114 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-20 22:36 - 2016-10-26 09:33 - 000002962 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-20 22:36 - 2016-10-26 09:33 - 000002942 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-20 22:36 - 2016-10-26 09:33 - 000002852 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-20 22:36 - 2016-10-26 09:33 - 000002826 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2017-10-20 22:36 - 2016-10-26 09:33 - 000002810 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-20 22:13 - 2017-03-13 20:59 - 000000000 ____D C:\Users\Amurex\AppData\Roaming\TS3Client
2017-10-20 20:32 - 2016-10-26 09:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-20 15:42 - 2016-10-26 09:31 - 000000000 ____D C:\Users\Amurex
2017-10-20 15:40 - 2016-10-19 23:59 - 001819942 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-20 15:34 - 2016-10-26 09:33 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-20 15:34 - 2016-10-26 09:31 - 000000000 ____D C:\ProgramData\NVIDIA
2017-10-20 15:34 - 2016-07-16 08:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-10-20 15:24 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-10-20 15:24 - 2015-07-10 13:04 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-10-20 15:15 - 2016-10-19 18:36 - 000000000 ____D C:\Users\Amurex\AppData\Local\CrashDumps
2017-10-19 12:44 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-18 10:05 - 2016-07-16 13:45 - 000000000 ____D C:\WINDOWS\INF
2017-10-18 09:25 - 2016-07-16 13:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-17 22:38 - 2016-07-16 13:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-17 19:00 - 2017-06-14 22:48 - 000000000 ____D C:\Program Files (x86)\TigerGaming
2017-10-17 17:57 - 2016-10-20 00:00 - 000000000 ____D C:\Users\Amurex\AppData\Local\Packages
2017-10-17 17:40 - 2017-01-23 15:27 - 000000000 ____D C:\Users\Amurex\Desktop\plocha
2017-10-17 17:39 - 2016-11-05 16:28 - 000000000 ____D C:\Users\Amurex\AppData\Roaming\DAEMON Tools Lite
2017-10-17 17:39 - 2016-11-05 14:23 - 000000000 ____D C:\Users\Amurex\AppData\Roaming\uTorrent
2017-10-17 10:17 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-10-16 20:42 - 2016-10-20 00:10 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-10-16 20:18 - 2016-11-05 14:26 - 000000000 ____D C:\Torrenty
2017-10-13 13:28 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\rescache
2017-10-13 00:27 - 2016-07-16 13:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-13 00:27 - 2016-07-16 13:49 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-12 15:28 - 2017-07-14 11:16 - 000000039 _____ C:\Users\Amurex\Desktop\25.7. 10.00.txt
2017-10-12 13:21 - 2016-10-20 00:00 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-12 13:20 - 2016-10-26 09:30 - 000351456 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-11 17:35 - 2016-07-16 13:47 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-10-11 17:35 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-10-11 17:35 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-10-11 10:02 - 2016-10-19 21:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-10-11 10:01 - 2016-10-19 21:43 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-10-09 20:06 - 2016-12-09 15:17 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-10-07 12:23 - 2017-02-13 23:25 - 000000000 ____D C:\Program Files (x86)\Steam
2017-10-05 12:58 - 2017-06-15 08:51 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-10-05 12:58 - 2017-04-22 10:38 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-10-05 12:58 - 2017-04-22 10:38 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-10-05 12:58 - 2017-04-22 10:38 - 000198976 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-10-05 12:58 - 2017-04-22 10:38 - 000057736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-10-05 12:58 - 2017-04-22 10:38 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-10-05 12:58 - 2016-10-19 18:38 - 001020536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-10-05 12:58 - 2016-10-19 18:38 - 000587168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-10-05 12:58 - 2016-10-19 18:38 - 000363440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-10-05 12:58 - 2016-10-19 18:38 - 000201352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-10-05 12:58 - 2016-10-19 18:38 - 000147776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-10-05 12:58 - 2016-10-19 18:38 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-10-05 12:58 - 2016-10-19 18:38 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-10-05 12:58 - 2016-10-19 18:38 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-10-05 12:58 - 2016-10-19 07:52 - 000000000 ____D C:\ProgramData\AVAST Software
2017-09-26 05:53 - 2016-10-20 07:35 - 000002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-26 05:53 - 2016-10-20 07:35 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-22 12:43 - 2016-10-19 18:38 - 000199312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys.150607700984305
2017-09-21 17:04 - 2016-10-20 00:01 - 000000000 ___RD C:\Users\Amurex\OneDrive
2017-09-21 17:04 - 2016-10-19 17:15 - 000002370 _____ C:\Users\Amurex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-20 11:41 - 2017-09-05 09:06 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys

==================== Files in the root of some directories =======

2016-10-26 09:30 - 2016-10-26 09:30 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-16 00:11

==================== End of FRST.txt ============================

[Amurex]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2017
Ran by Amurex (20-10-2017 22:39:29)
Running from C:\Users\Amurex\Desktop
Windows 10 Pro Version 1607 14393.1770 (X64) (2016-10-26 07:35:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3537257292-1073640026-2814993478-500 - Administrator - Disabled)
Amurex (S-1-5-21-3537257292-1073640026-2814993478-1001 - Administrator - Enabled) => C:\Users\Amurex
DefaultAccount (S-1-5-21-3537257292-1073640026-2814993478-503 - Limited - Disabled)
Guest (S-1-5-21-3537257292-1073640026-2814993478-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3537257292-1073640026-2814993478-1001\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
AI Suite 3 (HKLM-x32\...\{CD36E28B-6023-469A-91E7-049A2874EC13}) (Version: 1.01.26 - ASUSTeK Computer Inc.)
AmericasCardroom (HKLM-x32\...\296836EA-EF3A-4C36-8C13-3A6C1DB2D4BE) (Version: 16.6 - IGSoft)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 373.06 - NVIDIA Corporation) Hidden
ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.05.01 - ASUSTeK Computer Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
CPUID HWMonitor 1.30 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0196 - Disc Soft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Hearthstone Deck Tracker (HKU\S-1-5-21-3537257292-1073640026-2814993478-1001\...\HearthstoneDeckTracker) (Version: 1.3.5 - HearthSim)
Intel(R) Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel(R) Corporation) Hidden
KB4023057 (HKLM\...\{0C050BEE-16BE-4998-8959-2A421433DB6E}) (Version: 2.5.0.0 - Microsoft Corporation)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
League of Legends (HKLM-x32\...\{8CE67B9E-3AC8-4ED2-A8EE-28E6FE3D0B51}) (Version: 4.2.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3537257292-1073640026-2814993478-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{51adbf11-493f-431c-a862-967a0fae2944}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 RC Redistributable (x64) - 14.0.22816 (HKLM-x32\...\{e2495eb6-cca8-47aa-91ea-3410ca44d7b7}) (Version: 14.0.22816.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.0.7.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.0.7.34 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 1.0.0.0 - NVIDIA Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7701 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Shadow Of Mordor version Shadow Of Mordor (HKLM-x32\...\Shadow Of Mordor_is1) (Version: Shadow Of Mordor - )
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0320 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.1 - TeamSpeak Systems GmbH)
TigerGaming (HKLM-x32\...\TigerGaming 0) (Version: - )
TP-LINK TL-WN821N Driver (HKLM-x32\...\{03468BE2-4451-416D-B045-60F2101122D4}) (Version: 1.3.1 - TP-LINK)
univcredist (HKLM-x32\...\{2d9d4a60-1d22-46c1-84bb-1de04b4715d7}) (Version: 1.0.0.0 - Motiga)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
XTUPackage (HKLM-x32\...\{84D11A20-6E7F-4FBB-A2FB-117FCF871040}) (Version: 1.0.0 - ASUSTeK COMPUTER INC.)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 2013\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 2013\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 2013\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-05] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-05] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 2013\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 2013\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 2013\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-10-20] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-05] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-05] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-10-20] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-05] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00420283-AE34-4C38-967A-3D0A04690D16} - System32\Tasks\ASUS\Push Notice Server Execute => C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe [2014-05-28] (ASUSTeK Computer Inc.)
Task: {01553C4D-5317-4BA5-9DFA-D5BF91C46B0C} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-09-30] (NVIDIA Corporation)
Task: {2D71B509-39D3-4EBD-9DCE-EBFFAC8CE3E8} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-09-30] (NVIDIA Corporation)
Task: {31115F32-CE4E-4AEB-87C6-0CA2192177DC} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-10-05] (AVAST Software)
Task: {41F4696F-0CA5-477C-889E-A1A4B7D48B82} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 2013\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {49316231-CA7D-4A28-9558-413BA2CAB8B9} - System32\Tasks\Trigger KMS Activation => C:\Program Files\Microsoft Office 2013\Office15\TriggerKMS.exe [2017-01-04] ()
Task: {555AACA2-6670-4957-93CF-297CE491BB2D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {587371B1-CA51-4394-ABA7-EEC572FC063B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-30] (NVIDIA Corporation)
Task: {5DA97FF7-8735-43BE-BFD3-11B0663B74F1} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {6006084A-CC72-4FC6-9B53-2292E837F915} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Amurex\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {6EEE061A-589C-4BD6-84E5-FAAD8C46AEB1} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-A2KAN9O-Amurex DESKTOP-A2KAN9O => C:\Program Files\Microsoft Office 2013\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {7D950080-939B-4B1E-AD44-743176617A52} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-20] (Google Inc.)
Task: {850FF366-6A79-468F-B9F9-C9BE42FA5164} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-30] (NVIDIA Corporation)
Task: {8724EE0A-C2A7-489A-AFFF-D1BF76197EC2} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-30] (NVIDIA Corporation)
Task: {99F579AC-EB99-4D25-8566-34D3A2C7FDB3} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {9AF2131A-7413-4DCF-BEED-919D99E5E180} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {9F999134-7A90-4B10-951F-6E929FA80ADC} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [2015-09-11] ()
Task: {A15D7010-0653-4B7F-942F-8F21D32B616A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 2013\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {B57E41DD-1303-4DB8-8C2D-DD66BEB540D8} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [2015-09-21] ()
Task: {BF41F40E-77E2-463E-A69D-F7769684B2B6} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [2013-07-24] (ASUSTeK Computer Inc.)
Task: {CC03F27C-8246-4A76-BA14-54567671B24E} - System32\Tasks\ASUS\GpuFanHelper => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe [2015-08-20] (TODO: <Company name>)
Task: {CC5AF600-3093-4CE7-AB2D-CCB79FE58867} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-20] (Google Inc.)
Task: {DAE06FC3-E9E6-4323-B2BB-23324A29B872} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-30] (NVIDIA Corporation)
Task: {EB3674F8-EE7C-4CD4-97A7-77EAF5A984F4} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2015-08-07] (ASUSTeK Computer Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-07-16 13:42 - 2016-07-16 13:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-09-13 15:32 - 2017-09-07 08:01 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-26 09:31 - 2016-12-29 14:44 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-10-19 17:53 - 2016-09-30 06:25 - 004490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-19 17:53 - 2016-09-30 06:25 - 001148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-19 17:53 - 2016-09-30 06:25 - 000419896 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2016-10-20 00:57 - 2015-05-08 23:26 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2012-10-01 21:36 - 2012-10-01 21:36 - 006522480 _____ () C:\Program Files\Microsoft Office 2013\Office15\1033\GrooveIntlResource.dll
2017-10-20 15:27 - 2017-10-20 15:27 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2016-10-20 00:58 - 2015-09-11 00:36 - 001459152 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
2016-10-20 00:58 - 2015-09-21 00:44 - 001310720 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
2016-10-26 19:27 - 2016-10-26 19:27 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 09:00 - 2017-03-04 08:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 09:00 - 2017-03-04 08:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 09:00 - 2017-03-04 08:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 09:00 - 2017-03-04 08:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-10-11 10:00 - 2017-09-18 04:14 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-10-11 10:00 - 2017-09-18 04:16 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-08-23 16:31 - 2017-08-23 16:32 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-08-23 16:31 - 2017-08-23 16:32 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-08-23 16:31 - 2017-08-23 16:32 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-08-23 16:31 - 2017-08-23 16:32 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
2016-10-20 00:58 - 2015-05-14 18:18 - 001075712 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
2016-10-20 00:58 - 2014-08-28 19:37 - 000033424 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
2017-10-05 12:58 - 2017-10-05 12:58 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-09-26 05:53 - 2017-09-21 09:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-26 05:53 - 2017-09-21 09:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2017-02-21 11:34 - 2017-08-17 19:59 - 000173848 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll
2016-07-19 14:42 - 2017-08-17 19:59 - 000019736 _____ () C:\Program Files\TeamSpeak 3 Client\libEGL.DLL
2016-07-19 14:42 - 2017-08-17 19:59 - 001980696 _____ () C:\Program Files\TeamSpeak 3 Client\libGLESv2.dll
2017-02-21 11:34 - 2017-08-17 19:59 - 000124696 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2017-02-21 11:34 - 2017-08-17 19:59 - 000149784 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2017-07-15 20:41 - 2017-07-27 19:01 - 000345880 _____ () C:\Users\Amurex\AppData\Roaming\TS3Client\plugins\clientquery_plugin_win64.dll
2017-03-13 20:59 - 2017-07-18 17:02 - 000157696 _____ () C:\Users\Amurex\AppData\Roaming\TS3Client\plugins\gamepad_joystick_win64.dll
2017-09-14 16:20 - 2017-09-14 16:20 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.30.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-10-11 09:43 - 2017-10-11 09:49 - 010634752 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.30.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-10-11 09:43 - 2017-10-11 09:49 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.30.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-09-05 09:05 - 2017-10-09 20:06 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-10-19 18:35 - 2017-10-20 15:34 - 000029480 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2016-10-20 00:57 - 2015-05-08 23:26 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2016-10-20 00:58 - 2015-09-11 01:06 - 000237568 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzULIB.dll
2016-10-20 00:58 - 2014-02-25 02:49 - 000208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\ImageHelper.dll
2016-10-20 00:58 - 2015-08-20 21:41 - 000236544 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4cTDPAction.dll
2016-10-20 00:58 - 2015-08-20 21:41 - 000712192 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2016-10-20 00:58 - 2015-08-20 21:41 - 000863744 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll
2016-10-20 00:58 - 2015-08-20 21:41 - 000803840 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll
2016-10-20 00:58 - 2015-08-20 21:41 - 000815104 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2016-10-20 00:58 - 2015-08-26 23:34 - 000507392 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\AsKeyboardFocusHooker.dll
2016-10-20 00:57 - 2015-06-04 01:17 - 000091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Log4cxxWrapper.dll
2016-10-20 00:57 - 2015-06-04 01:17 - 000147456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2016-10-20 00:58 - 2015-09-22 01:26 - 004677048 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\dip4.dll
2016-10-20 00:58 - 2015-08-20 21:41 - 000091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\Log4cxxWrapper.dll
2016-10-20 00:58 - 2015-05-22 07:57 - 001141248 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll
2016-10-20 00:58 - 2015-06-26 22:50 - 000906240 _____ () C:\Program Files (x86)\ASUS\AI Suite III\LED Control\LEDControl.dll
2016-10-20 00:58 - 2015-08-28 22:48 - 001345024 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Mobo Connect\MoboConnect.dll
2016-10-20 00:57 - 2015-07-24 06:38 - 000838456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Version\Version.dll
2016-10-20 00:58 - 2015-08-20 21:41 - 000053248 _____ () C:\Program Files (x86)\ASUS\VGA COM\1.00.20\Exeio.dll
2016-10-20 00:58 - 2015-08-20 21:41 - 000278528 _____ () C:\Program Files (x86)\ASUS\VGA COM\1.00.20\Vender.dll
2016-10-20 00:57 - 2015-05-08 23:26 - 000662016 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMLib.dll
2016-10-19 17:53 - 2016-09-30 06:25 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-19 17:53 - 2016-09-29 19:20 - 000500792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-19 17:53 - 2016-09-29 19:20 - 000255936 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-19 17:53 - 2016-09-29 19:20 - 002801208 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-19 17:53 - 2016-09-29 19:20 - 000244672 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-19 17:53 - 2016-09-29 19:20 - 000430648 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-19 17:53 - 2016-09-29 19:20 - 000336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-19 17:53 - 2016-09-29 19:20 - 000373696 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-10-20 00:58 - 2013-11-20 19:10 - 000662016 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\aaHMLib.dll
2016-10-20 00:58 - 2013-07-02 19:40 - 000253952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\pngio.dll
2017-10-05 12:58 - 2017-10-05 12:58 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-10-05 12:58 - 2017-10-05 12:58 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-07-11 08:45 - 2017-07-11 08:45 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-10-05 12:58 - 2017-10-05 12:58 - 000217088 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-10-05 12:58 - 2017-10-05 12:58 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-10-05 12:58 - 2017-10-05 12:58 - 000234280 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-10-05 12:58 - 2017-10-05 12:58 - 000700656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 13:04 - 2017-10-20 15:15 - 000000753 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3537257292-1073640026-2814993478-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 213.46.172.37 - 213.46.172.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{678D9751-24DC-4E1D-A941-2567F0FB9961}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{42DDDD2E-3D5C-4BD9-B093-3158DCFECFB2}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{15411BE4-2793-45FB-8EC6-DFFF2D58E220}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5B545533-7662-4D75-9CE8-983C6D3C44AC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{439F4F9F-56A6-421C-AC07-351725D3290B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{60809BE8-EEB3-46C3-B5D2-B2754284996B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{9C6B0B90-9AF1-4557-8CC2-AA0CA69BAE79}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{849188BA-BF3F-4FAE-A9E6-B5335F513436}] => (Allow) C:\Users\Amurex\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AA794433-48B0-4F06-936B-7D712421F1B7}] => (Allow) C:\Users\Amurex\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A0F94BB5-D95F-457E-B0D5-250AFE2CB31A}] => (Allow) C:\Users\Amurex\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1DB297A3-6373-43CA-AF89-C69177D8B316}] => (Allow) C:\Users\Amurex\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{49F2B784-7FB1-472E-AF74-C8A0080E2BED}] => (Allow) C:\Users\Amurex\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C186D3B1-251E-4803-AFB0-C5D128A3CCEF}] => (Allow) C:\Users\Amurex\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2B669320-6844-4E5D-9D21-5BEC1A828012}] => (Allow) C:\Program Files\Microsoft Office 2013\Office15\lync.exe
FirewallRules: [{ACDDEA6D-1789-4C06-B3A8-E8F10E828AB1}] => (Allow) C:\Program Files\Microsoft Office 2013\Office15\lync.exe
FirewallRules: [{F624BD4F-4C13-444F-983E-FE29A1015519}] => (Allow) C:\Program Files\Microsoft Office 2013\Office15\UcMapi.exe
FirewallRules: [{31D5BF97-0CA4-4EB1-A3DD-F8C5266C7C48}] => (Allow) C:\Program Files\Microsoft Office 2013\Office15\UcMapi.exe
FirewallRules: [{6794E31E-DA88-4819-913B-ABFE7C9F147C}] => (Allow) C:\Program Files\Microsoft Office 2013\Office15\outlook.exe
FirewallRules: [{31E2D9B0-A0AD-449A-BF74-8CE840DFBC8D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{48B8A57A-582B-4CA9-9D35-859BD183CE88}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6D11A708-C9DD-4EAC-81B4-ABD9DA714A9F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EE506E61-D5B7-4D76-B12D-D97A7E185D43}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{623BAB01-2D95-4AC8-A32F-C4CF7CFD9CEE}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{B49FFC6D-D0C1-4BB8-AC5C-9ED02125F727}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{F20A8D3C-7D15-4973-A030-4CBC7C9152C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battlerite\Battlerite.exe
FirewallRules: [{03A3E5AE-2D6F-4A36-8B6D-1473313F54A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battlerite\Battlerite.exe
FirewallRules: [{4A8DC286-154E-418C-9ED5-BB6C8CD36D78}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E09516A3-D003-4EFF-83B8-0E6D68C22E35}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
FirewallRules: [{2407CD07-0076-4BED-BF2F-9D21DC861DFA}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe

==================== Restore Points =========================

20-10-2017 21:35:07 End of disinfection

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/20/2017 09:35:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (10/20/2017 03:13:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DaS_21.exe, version: 2.1.0.4, time stamp: 0x540c90b2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ffc26b7326a
Faulting process id: 0x20d8
Faulting application start time: 0x01d349a52dd6d553
Faulting application path: C:\Users\Amurex\AppData\Local\Temp\DaS_21.exe
Faulting module path: unknown
Report Id: 88745217-d0a3-4e88-87ab-27d88ea0787e
Faulting package full name:
Faulting package-relative application ID:

Error: (10/20/2017 03:13:11 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DaS_21.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
at DriverAndServicesOut.GetProcess.GetPathName(System.String)
at DriverAndServicesOut.GetProcess.GetAllServices(System.String)
at DriverAndServicesOut.Program.Main(System.String[])

Error: (10/20/2017 03:13:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Service KMSELDI since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (10/20/2017 03:13:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (10/20/2017 03:05:08 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (10/20/2017 03:05:08 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (10/20/2017 03:05:01 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (10/20/2017 03:05:01 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (10/20/2017 03:04:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 10.0.14393.0, time stamp: 0x57899ab2
Faulting module name: msvcrt.dll, version: 7.0.14393.0, time stamp: 0x57899b47
Exception code: 0xc0000005
Fault offset: 0x000000000005b1bd
Faulting process id: 0x194c
Faulting application start time: 0x01d348cbd22c6a8f
Faulting application path: C:\WINDOWS\system32\wbem\wmiprvse.exe
Faulting module path: C:\WINDOWS\System32\msvcrt.dll
Report Id: d6ee01f5-2ef0-43cd-ba55-2f4a332427a7
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (10/20/2017 03:37:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/20/2017 03:34:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/20/2017 03:27:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/20/2017 03:25:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/20/2017 03:24:01 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/20/2017 03:24:01 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/20/2017 03:24:01 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/20/2017 03:24:00 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/20/2017 03:24:00 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/20/2017 01:41:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
Date: 2017-10-20 15:05:12.768
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-10-19 13:51:53.287
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-10-17 22:54:58.953
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-10-17 22:52:58.037
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-10-17 22:52:49.899
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-10-17 17:53:17.252
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-10-16 15:03:48.748
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-10-15 21:06:42.469
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-10-12 14:11:53.585
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-10-09 22:04:25.752
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz
Percentage of memory in use: 35%
Total physical RAM: 8128.66 MB
Available physical RAM: 5251 MB
Total Virtual: 8640.66 MB
Available Virtual: 5096.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.8 GB) (Free:3.73 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive f: (Shadow of Mordor) (CDROM) (Total:21.91 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or (Size: 119.2 GB) (Disk ID: 2E0F567C)
Partition 1: (Active) - (Size=118.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

[jaro3]

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3537257292-1073640026-2814993478-1001\...\MountPoints2: {70031b54-a34b-11e6-9bcc-708bcd9ef6a4} - "F:\setup.exe"
SearchScopes: HKU\S-1-5-21-3537257292-1073640026-2814993478-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\ProgramData\DP45977C.lfl
Task: {7D950080-939B-4B1E-AD44-743176617A52} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-20] (Google Inc.)

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Drive c: () (Fixed) (Total:118.8 GB) (Free:3.73 GB)

Totální nedostatek volného místa na disku!! Něco odinstaluj , smaž. Máš mít nejméně 15-20% volného místa na syst. disku , pro zajištění bezproblémového chodu windows!!


zítra pokračování..

[Amurex]

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-10-2017
Ran by Amurex (22-10-2017 18:20:44) Run:1
Running from C:\Users\Amurex\Desktop
Loaded Profiles: Amurex (Available Profiles: Amurex)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3537257292-1073640026-2814993478-1001\...\MountPoints2: {70031b54-a34b-11e6-9bcc-708bcd9ef6a4} - "F:\setup.exe"
SearchScopes: HKU\S-1-5-21-3537257292-1073640026-2814993478-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\ProgramData\DP45977C.lfl
Task: {7D950080-939B-4B1E-AD44-743176617A52} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-20] (Google Inc.)

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKU\S-1-5-21-3537257292-1073640026-2814993478-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70031b54-a34b-11e6-9bcc-708bcd9ef6a4} => key removed successfully
HKLM\Software\Classes\CLSID\{70031b54-a34b-11e6-9bcc-708bcd9ef6a4} => key not found.
HKU\S-1-5-21-3537257292-1073640026-2814993478-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} => key removed successfully
HKLM\Software\Classes\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D950080-939B-4B1E-AD44-743176617A52} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D950080-939B-4B1E-AD44-743176617A52} => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22430694 B
Java, Flash, Steam htmlcache => 340973151 B
Windows/system/drivers => 20780 B
Edge => 244914804 B
Chrome => 602180595 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 11482 B
NetworkService => 0 B
Amurex => 25205935 B

RecycleBin => 0 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:20:55 ====

[jaro3]

Drive c: () (Fixed) (Total:118.8 GB) (Free:3.73 GB)

uvolnil sis to místo na disku?

Co problémy?