Publicité
Publicité
Format du document : text/plain
Prévisualisation
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25.04.2018
Ran by valeu (26-04-2018 15:18:12)
Running from C:\Users\valeu\Downloads
Windows 10 Home Version 1709 16299.371 (X64) (2018-01-19 18:19:55)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2911689879-524526275-566669397-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2911689879-524526275-566669397-503 - Limited - Disabled)
Guest (S-1-5-21-2911689879-524526275-566669397-501 - Limited - Disabled)
luana (S-1-5-21-2911689879-524526275-566669397-1003 - Limited - Enabled) => C:\Users\luana
valeu (S-1-5-21-2911689879-524526275-566669397-1001 - Administrator - Enabled) => C:\Users\valeu
WDAGUtilityAccount (S-1-5-21-2911689879-524526275-566669397-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
CCleaner (HKLM\...\CCleaner) (Version: 5.42 - Piriform)
Croc (HKLM-x32\...\Croc) (Version: - )
Discord (HKU\S-1-5-21-2911689879-524526275-566669397-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4836 - Intel Corporation)
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9177.0 - Waves Audio Ltd.) Hidden
Microsoft OneDrive (HKU\S-1-5-21-2911689879-524526275-566669397-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 390.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 390.65 - NVIDIA Corporation)
NVIDIA Graphics Driver 390.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 390.65 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 21.0.1 - OBS Project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8142 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.12.3 (HKLM\...\SteelSeries Engine 3) (Version: 3.12.3 - SteelSeries ApS)
Tibia (HKU\S-1-5-21-2911689879-524526275-566669397-1001\...\Tibia) (Version: - CipSoft GmbH)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2911689879-524526275-566669397-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Audio Ltd)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki125170.inf_amd64_b4d72b8af850c069\igfxDTCM.dll [2017-11-07] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-01-03] (NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0A8AD6F0-FECD-4B44-A367-D67DEE3F105B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MpCmdRun.exe [2018-04-13] (Microsoft Corporation)
Task: {270F6151-A1D2-48A2-9B28-43427DBD7A91} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MpCmdRun.exe [2018-04-13] (Microsoft Corporation)
Task: {2A94A17A-5FA5-40E9-970C-33DAC2282AEE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-20] (Google Inc.)
Task: {37E55446-BCE5-48F1-9950-2C3FC42B2E7C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-20] (Google Inc.)
Task: {414BDB5D-715F-47BF-B98F-83A6D1CD27F5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MpCmdRun.exe [2018-04-13] (Microsoft Corporation)
Task: {78BBA904-88BC-4404-A041-26C1A5E1E953} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-04-12] (Piriform Ltd)
Task: {9841C810-A5CD-46A2-9A5D-23152AE014E5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MpCmdRun.exe [2018-04-13] (Microsoft Corporation)
Task: {9E4C8D85-2E5B-400C-9E6E-89558DAA0333} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-04-12] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-09-29 06:41 - 2017-09-29 06:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-03-13 13:42 - 2018-02-21 17:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-13 13:42 - 2018-02-21 17:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-04-24 10:54 - 2018-04-24 10:57 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-04-24 10:54 - 2018-04-24 10:57 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-04-24 10:54 - 2018-04-24 10:57 - 022320128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-04-24 10:54 - 2018-04-24 10:57 - 002603008 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\skypert.dll
2018-04-24 10:54 - 2018-04-24 10:57 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-04-12 13:15 - 2018-04-12 13:15 - 000092096 _____ () C:\Program Files\CCleaner\lang\lang-1046.dll
2018-01-30 05:37 - 2017-12-10 09:14 - 004890112 _____ () C:\WINDOWS\Window.exe
2018-03-20 15:38 - 2018-03-19 23:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-03-20 15:38 - 2018-03-19 23:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaspie.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-01-19 09:45 - 2018-01-19 09:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2911689879-524526275-566669397-1001\Control Panel\Desktop\\Wallpaper -> C:\Binho\screenshot\stretched-1920-1080-560306.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKU\S-1-5-21-2911689879-524526275-566669397-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2911689879-524526275-566669397-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2911689879-524526275-566669397-1001\...\StartupApproved\Run: => "Steam"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{21F13C6E-8A28-4AE8-8F92-9A950B817021}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1A2D0698-E7D6-42F5-AFAA-A1B939D2266B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{955F360B-C80C-4716-8249-3F6C8656E0B0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{87FD9920-5067-4C3C-9379-A6F588DCB79F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{12257AC3-7449-4333-BFFD-F9B03AB80E93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6EEC3BF8-B730-4DCE-87AA-F8983366CC5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{687D7EC9-0893-433F-B1E4-1BBAB5F74AFC}C:\windows\window.exe] => (Allow) C:\windows\window.exe
FirewallRules: [UDP Query User{EEDD7129-C7A1-46A6-B70E-A9A8DD1A3FA6}C:\windows\window.exe] => (Allow) C:\windows\window.exe
FirewallRules: [{E4ABE880-3D12-4398-8463-D742CD11B09C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{2DC896F7-8949-40F0-9FE1-A15B331D327F}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe
FirewallRules: [UDP Query User{D63A76AC-58AC-435D-8EC7-05571BEBEFFD}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe
FirewallRules: [{AAA2AE7E-C979-4EC4-9A68-F81612E9063B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.78.999.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{8F4F61D0-7BF6-4472-B240-D81EC9E74DB1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.78.999.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{F552FBD4-3BF2-4BA8-B037-5F19D0ED224B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.78.999.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{3509A784-3151-44AE-82FE-9C065622E22E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.78.999.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{4FF3BEB6-FEB9-48F1-801E-666CF01D10A9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.78.999.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{4F8C8411-ED6D-4140-89F2-36F7A7DB88E4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.78.999.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{6B33B5D4-8EBA-42C6-8141-C1E1C096F909}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.78.999.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{2803B991-C666-4586-811C-3E2E81B51D82}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.78.999.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{CAB329BB-53ED-4915-80EA-1DFF82BD958E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.78.999.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{379C71C0-E938-45CA-8223-630AB824AFAC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.78.999.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [TCP Query User{14C7E40C-27E5-447B-ABB5-2AF9F1C7D4DD}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe
FirewallRules: [UDP Query User{EF1AF11F-96D7-4534-BA0C-DFCDA0B341E5}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe
FirewallRules: [{61F4B197-61A7-4B12-B514-20983A8B3F0B}] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe
FirewallRules: [{123B665E-9E54-4BAA-B703-1C4BCBC254EE}] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe
==================== Restore Points =========================
16-04-2018 11:58:17 Scheduled Checkpoint
24-04-2018 14:35:46 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/26/2018 03:18:16 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-05-23T21:50:16Z. Error Code: 0x80041315.
Error: (04/26/2018 03:17:46 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-05-23T21:50:46Z. Error Code: 0x80041315.
Error: (04/26/2018 03:17:16 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-05-23T21:50:16Z. Error Code: 0x80041315.
Error: (04/26/2018 03:16:46 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-05-23T21:50:46Z. Error Code: 0x80041315.
Error: (04/26/2018 03:16:16 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-05-23T21:50:16Z. Error Code: 0x80041315.
Error: (04/26/2018 03:15:46 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-05-23T21:50:46Z. Error Code: 0x80041315.
Error: (04/26/2018 03:15:16 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-05-23T21:50:16Z. Error Code: 0x80041315.
Error: (04/26/2018 03:14:46 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-05-23T21:50:46Z. Error Code: 0x80041315.
System errors:
=============
Error: (04/26/2018 02:23:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Sync Host_3601f service terminated with the following error:
There are no more endpoints available from the endpoint mapper.
Error: (04/26/2018 02:22:58 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {C41B1461-3F8C-4666-B512-6DF24DE566D1} did not register with DCOM within the required timeout.
Error: (04/26/2018 02:21:18 PM) (Source: DCOM) (EventID: 10016) (User: FABIOSILVEIRA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user FABIOSILVEIRA\valeu SID (S-1-5-21-2911689879-524526275-566669397-1001) from address LocalHost (Using LRPC) running in the application container SpotifyAB.SpotifyMusic_1.78.999.0_x86__zpdnekdrzrea0 SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (04/26/2018 02:21:17 PM) (Source: DCOM) (EventID: 10016) (User: FABIOSILVEIRA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user FABIOSILVEIRA\valeu SID (S-1-5-21-2911689879-524526275-566669397-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (04/26/2018 02:20:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (04/26/2018 02:20:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (04/26/2018 02:20:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (04/26/2018 02:20:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Windows Defender:
===================================
Date: 2018-04-24 15:36:15.070
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS!rfn&threatid=2147692752&enterprise=0
Name: HackTool:Win32/AutoKMS!rfn
ID: 2147692752
Severity: High
Category: Tool
Path: file:_C:\WINDOWS\SECOH-QAD.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.267.303.0, AS: 1.267.303.0, NIS: 1.267.303.0
Engine Version: AM: 1.1.14800.3, NIS: 1.1.14800.3
Date: 2018-04-24 15:23:56.831
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS!rfn&threatid=2147692752&enterprise=0
Name: HackTool:Win32/AutoKMS!rfn
ID: 2147692752
Severity: High
Category: Tool
Path: file:_C:\WINDOWS\SECOH-QAD.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Signature Version: AV: 1.267.303.0, AS: 1.267.303.0, NIS: 1.267.303.0
Engine Version: AM: 1.1.14800.3, NIS: 1.1.14800.3
Date: 2018-04-24 13:28:14.504
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {2B0D9AB9-BF73-4DCC-AB1F-ACDC1D6C2271}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-04-24 13:15:55.424
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {926429DD-CB37-4D07-85E9-FE544CE06D94}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-04-24 12:48:29.256
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {4A909844-9F0B-4288-87E5-485A6B5636BC}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-04-02 21:26:42.725
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.1737.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2018-04-02 21:26:42.725
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 119.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2018-04-02 21:26:42.720
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.1737.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2018-04-02 21:26:42.720
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.1737.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2018-04-02 21:26:42.720
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.1737.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-7300HQ CPU @ 2.50GHz
Percentage of memory in use: 30%
Total physical RAM: 8058.45 MB
Available physical RAM: 5619.83 MB
Total Virtual: 9338.45 MB
Available Virtual: 6930.09 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:236.6 GB) (Free:166.36 GB) NTFS
\\?\Volume{03a274ea-ae90-4c7f-8488-207ae7819bec}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
\\?\Volume{433b1e26-b181-40b5-800d-c04615f6cb5b}\ (Windows RE tools) (Fixed) (Total:1.76 GB) (Free:1.37 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: C681FC25)
Partition: GPT.
==================== End of Addition.txt ============================
Ran by valeu (26-04-2018 15:18:12)
Running from C:\Users\valeu\Downloads
Windows 10 Home Version 1709 16299.371 (X64) (2018-01-19 18:19:55)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2911689879-524526275-566669397-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2911689879-524526275-566669397-503 - Limited - Disabled)
Guest (S-1-5-21-2911689879-524526275-566669397-501 - Limited - Disabled)
luana (S-1-5-21-2911689879-524526275-566669397-1003 - Limited - Enabled) => C:\Users\luana
valeu (S-1-5-21-2911689879-524526275-566669397-1001 - Administrator - Enabled) => C:\Users\valeu
WDAGUtilityAccount (S-1-5-21-2911689879-524526275-566669397-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
CCleaner (HKLM\...\CCleaner) (Version: 5.42 - Piriform)
Croc (HKLM-x32\...\Croc) (Version: - )
Discord (HKU\S-1-5-21-2911689879-524526275-566669397-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4836 - Intel Corporation)
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9177.0 - Waves Audio Ltd.) Hidden
Microsoft OneDrive (HKU\S-1-5-21-2911689879-524526275-566669397-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 390.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 390.65 - NVIDIA Corporation)
NVIDIA Graphics Driver 390.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 390.65 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 21.0.1 - OBS Project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8142 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.12.3 (HKLM\...\SteelSeries Engine 3) (Version: 3.12.3 - SteelSeries ApS)
Tibia (HKU\S-1-5-21-2911689879-524526275-566669397-1001\...\Tibia) (Version: - CipSoft GmbH)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2911689879-524526275-566669397-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Audio Ltd)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki125170.inf_amd64_b4d72b8af850c069\igfxDTCM.dll [2017-11-07] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-01-03] (NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0A8AD6F0-FECD-4B44-A367-D67DEE3F105B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MpCmdRun.exe [2018-04-13] (Microsoft Corporation)
Task: {270F6151-A1D2-48A2-9B28-43427DBD7A91} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MpCmdRun.exe [2018-04-13] (Microsoft Corporation)
Task: {2A94A17A-5FA5-40E9-970C-33DAC2282AEE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-20] (Google Inc.)
Task: {37E55446-BCE5-48F1-9950-2C3FC42B2E7C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-20] (Google Inc.)
Task: {414BDB5D-715F-47BF-B98F-83A6D1CD27F5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MpCmdRun.exe [2018-04-13] (Microsoft Corporation)
Task: {78BBA904-88BC-4404-A041-26C1A5E1E953} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-04-12] (Piriform Ltd)
Task: {9841C810-A5CD-46A2-9A5D-23152AE014E5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MpCmdRun.exe [2018-04-13] (Microsoft Corporation)
Task: {9E4C8D85-2E5B-400C-9E6E-89558DAA0333} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-04-12] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-09-29 06:41 - 2017-09-29 06:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-03-13 13:42 - 2018-02-21 17:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-13 13:42 - 2018-02-21 17:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-04-24 10:54 - 2018-04-24 10:57 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-04-24 10:54 - 2018-04-24 10:57 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-04-24 10:54 - 2018-04-24 10:57 - 022320128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-04-24 10:54 - 2018-04-24 10:57 - 002603008 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\skypert.dll
2018-04-24 10:54 - 2018-04-24 10:57 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-04-12 13:15 - 2018-04-12 13:15 - 000092096 _____ () C:\Program Files\CCleaner\lang\lang-1046.dll
2018-01-30 05:37 - 2017-12-10 09:14 - 004890112 _____ () C:\WINDOWS\Window.exe
2018-03-20 15:38 - 2018-03-19 23:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-03-20 15:38 - 2018-03-19 23:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaspie.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-01-19 09:45 - 2018-01-19 09:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2911689879-524526275-566669397-1001\Control Panel\Desktop\\Wallpaper -> C:\Binho\screenshot\stretched-1920-1080-560306.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKU\S-1-5-21-2911689879-524526275-566669397-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2911689879-524526275-566669397-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2911689879-524526275-566669397-1001\...\StartupApproved\Run: => "Steam"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{21F13C6E-8A28-4AE8-8F92-9A950B817021}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1A2D0698-E7D6-42F5-AFAA-A1B939D2266B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{955F360B-C80C-4716-8249-3F6C8656E0B0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{87FD9920-5067-4C3C-9379-A6F588DCB79F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{12257AC3-7449-4333-BFFD-F9B03AB80E93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6EEC3BF8-B730-4DCE-87AA-F8983366CC5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{687D7EC9-0893-433F-B1E4-1BBAB5F74AFC}C:\windows\window.exe] => (Allow) C:\windows\window.exe
FirewallRules: [UDP Query User{EEDD7129-C7A1-46A6-B70E-A9A8DD1A3FA6}C:\windows\window.exe] => (Allow) C:\windows\window.exe
FirewallRules: [{E4ABE880-3D12-4398-8463-D742CD11B09C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{2DC896F7-8949-40F0-9FE1-A15B331D327F}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe
FirewallRules: [UDP Query User{D63A76AC-58AC-435D-8EC7-05571BEBEFFD}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe
FirewallRules: [{AAA2AE7E-C979-4EC4-9A68-F81612E9063B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.78.999.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{8F4F61D0-7BF6-4472-B240-D81EC9E74DB1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.78.999.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{F552FBD4-3BF2-4BA8-B037-5F19D0ED224B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.78.999.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{3509A784-3151-44AE-82FE-9C065622E22E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.78.999.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{4FF3BEB6-FEB9-48F1-801E-666CF01D10A9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.78.999.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{4F8C8411-ED6D-4140-89F2-36F7A7DB88E4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.78.999.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{6B33B5D4-8EBA-42C6-8141-C1E1C096F909}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.78.999.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{2803B991-C666-4586-811C-3E2E81B51D82}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.78.999.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{CAB329BB-53ED-4915-80EA-1DFF82BD958E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.78.999.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{379C71C0-E938-45CA-8223-630AB824AFAC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.78.999.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [TCP Query User{14C7E40C-27E5-447B-ABB5-2AF9F1C7D4DD}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe
FirewallRules: [UDP Query User{EF1AF11F-96D7-4534-BA0C-DFCDA0B341E5}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe
FirewallRules: [{61F4B197-61A7-4B12-B514-20983A8B3F0B}] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe
FirewallRules: [{123B665E-9E54-4BAA-B703-1C4BCBC254EE}] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe
==================== Restore Points =========================
16-04-2018 11:58:17 Scheduled Checkpoint
24-04-2018 14:35:46 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/26/2018 03:18:16 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-05-23T21:50:16Z. Error Code: 0x80041315.
Error: (04/26/2018 03:17:46 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-05-23T21:50:46Z. Error Code: 0x80041315.
Error: (04/26/2018 03:17:16 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-05-23T21:50:16Z. Error Code: 0x80041315.
Error: (04/26/2018 03:16:46 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-05-23T21:50:46Z. Error Code: 0x80041315.
Error: (04/26/2018 03:16:16 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-05-23T21:50:16Z. Error Code: 0x80041315.
Error: (04/26/2018 03:15:46 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-05-23T21:50:46Z. Error Code: 0x80041315.
Error: (04/26/2018 03:15:16 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-05-23T21:50:16Z. Error Code: 0x80041315.
Error: (04/26/2018 03:14:46 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-05-23T21:50:46Z. Error Code: 0x80041315.
System errors:
=============
Error: (04/26/2018 02:23:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Sync Host_3601f service terminated with the following error:
There are no more endpoints available from the endpoint mapper.
Error: (04/26/2018 02:22:58 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {C41B1461-3F8C-4666-B512-6DF24DE566D1} did not register with DCOM within the required timeout.
Error: (04/26/2018 02:21:18 PM) (Source: DCOM) (EventID: 10016) (User: FABIOSILVEIRA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user FABIOSILVEIRA\valeu SID (S-1-5-21-2911689879-524526275-566669397-1001) from address LocalHost (Using LRPC) running in the application container SpotifyAB.SpotifyMusic_1.78.999.0_x86__zpdnekdrzrea0 SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (04/26/2018 02:21:17 PM) (Source: DCOM) (EventID: 10016) (User: FABIOSILVEIRA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user FABIOSILVEIRA\valeu SID (S-1-5-21-2911689879-524526275-566669397-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (04/26/2018 02:20:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (04/26/2018 02:20:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (04/26/2018 02:20:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (04/26/2018 02:20:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Windows Defender:
===================================
Date: 2018-04-24 15:36:15.070
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS!rfn&threatid=2147692752&enterprise=0
Name: HackTool:Win32/AutoKMS!rfn
ID: 2147692752
Severity: High
Category: Tool
Path: file:_C:\WINDOWS\SECOH-QAD.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.267.303.0, AS: 1.267.303.0, NIS: 1.267.303.0
Engine Version: AM: 1.1.14800.3, NIS: 1.1.14800.3
Date: 2018-04-24 15:23:56.831
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS!rfn&threatid=2147692752&enterprise=0
Name: HackTool:Win32/AutoKMS!rfn
ID: 2147692752
Severity: High
Category: Tool
Path: file:_C:\WINDOWS\SECOH-QAD.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Signature Version: AV: 1.267.303.0, AS: 1.267.303.0, NIS: 1.267.303.0
Engine Version: AM: 1.1.14800.3, NIS: 1.1.14800.3
Date: 2018-04-24 13:28:14.504
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {2B0D9AB9-BF73-4DCC-AB1F-ACDC1D6C2271}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-04-24 13:15:55.424
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {926429DD-CB37-4D07-85E9-FE544CE06D94}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-04-24 12:48:29.256
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {4A909844-9F0B-4288-87E5-485A6B5636BC}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-04-02 21:26:42.725
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.1737.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2018-04-02 21:26:42.725
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 119.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2018-04-02 21:26:42.720
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.1737.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2018-04-02 21:26:42.720
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.1737.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2018-04-02 21:26:42.720
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.1737.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-7300HQ CPU @ 2.50GHz
Percentage of memory in use: 30%
Total physical RAM: 8058.45 MB
Available physical RAM: 5619.83 MB
Total Virtual: 9338.45 MB
Available Virtual: 6930.09 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:236.6 GB) (Free:166.36 GB) NTFS
\\?\Volume{03a274ea-ae90-4c7f-8488-207ae7819bec}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
\\?\Volume{433b1e26-b181-40b5-800d-c04615f6cb5b}\ (Windows RE tools) (Fixed) (Total:1.76 GB) (Free:1.37 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: C681FC25)
Partition: GPT.
==================== End of Addition.txt ============================