Avast nefunguje

Zpráva

Hank · #1 Příspěvek od **Hank** » 17 črc 2017 14:11

Dobrý den,
nejde mi spustit Avast
Obrázek

Po kliknutí na "RESTART SERVICE" se PC zasekne.

Počítač je celkově zpomalený.

Log:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Administrator at 2017-07-17 15:01:13
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 15 GB (19%) free of 75 GB
Total RAM: 3072 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:01:26, on 17.7.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18427)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkI ... id=UE12DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: adobe.com
O1 - Hosts: http://www.adobe.com
O1 - Hosts: http://www.get.adobe.com
O1 - Hosts: get.adobe.com
O1 - Hosts: https://get.adobe.com
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2757460864-126524720-2486629684-1000\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" (User 'education')
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Program Files\TightVNC\tvnserver.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8672 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
ctfmon.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files\AVAST Software\Avast\AvastUI.exe"
taskmgr.exe /2
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" --type=renderer --disable-gpu-compositing --disable-pinch --no-sandbox --primordial-pipe-token=A1E32ACC005F703ADE9753FC62A8B10C --lang=en-US --lang=en-US --log-file="C:\Users\education\AppData\Roaming\AVAST Software\Avast\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.3.2987.1601 Safari/537.36 Avastium (17.5.2302)" --proxy-auto-detect --disable-webaudio --mute-audio --force-wave-audio --disable-gpu --disable-software-rasterizer --no-sandbox --disable-webgl --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --allow-file-access-from-files=1 --pack_loading_disabled=1 --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=A1E32ACC005F703ADE9753FC62A8B10C --renderer-client-id=4 --mojo-platform-channel-handle=1416 /prefetch:1
C:\Windows\system32\wbem\wmiprvse.exe
"D:\Users\education\Desktop\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

=========Mozilla firefox=========

ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\4ny6wqyw.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 26.0.0.137 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 26.0.0.137 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-07-15 896048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-07-15 774440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení k účtu Microsoft - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"tvncontrol"=C:\Program Files\TightVNC\tvnserver.exe [2013-07-19 2179056]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-05-02 2398776]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-07-15 213832]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"*WerKernelReporting"=C:\Windows\SYSTEM32\WerFault.exe [2009-07-14 415232]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-12-20 27250144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-07-17 08:39:33 ----A---- C:\Windows\ntbtlog.txt
2017-07-15 21:13:03 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2017-07-15 21:13:03 ----A---- C:\Windows\system32\poqexec.exe
2017-07-15 20:15:10 ----A---- C:\Windows\system32\aswBoot.exe
2017-06-29 14:20:14 ----D---- C:\Users\Administrator\AppData\Roaming\Skype

======List of files/folders modified in the last 1 month======

2017-07-17 15:01:24 ----D---- C:\Program Files\trend micro
2017-07-17 14:48:58 ----D---- C:\Windows\Temp
2017-07-17 14:21:49 ----D---- C:\Windows\Prefetch
2017-07-17 14:18:08 ----D---- C:\Windows\system32\config
2017-07-17 14:17:40 ----D---- C:\Windows\winsxs
2017-07-17 13:43:31 ----D---- C:\Windows\SysWOW64
2017-07-17 13:43:31 ----D---- C:\Windows\System32
2017-07-17 13:42:05 ----SHD---- C:\System Volume Information
2017-07-17 13:36:16 ----D---- C:\ProgramData\NVIDIA
2017-07-17 13:33:11 ----D---- C:\Windows
2017-07-17 08:43:42 ----D---- C:\Windows\SYSWOW64\cs-CZ
2017-07-17 08:43:42 ----D---- C:\Windows\system32\drivers\cs-CZ
2017-07-17 08:43:42 ----D---- C:\Windows\system32\drivers
2017-07-17 08:43:42 ----D---- C:\Windows\system32\cs-CZ
2017-07-17 08:43:42 ----D---- C:\Windows\cs-CZ
2017-07-17 08:43:38 ----D---- C:\Program Files\Windows Media Player
2017-07-17 08:43:38 ----D---- C:\Program Files\Internet Explorer
2017-07-17 08:43:38 ----D---- C:\Program Files\DVD Maker
2017-07-17 08:43:37 ----D---- C:\Windows\SYSWOW64\migwiz
2017-07-17 08:43:37 ----D---- C:\Windows\SYSWOW64\migration
2017-07-17 08:43:37 ----D---- C:\Windows\SYSWOW64\Dism
2017-07-17 08:43:36 ----D---- C:\Windows\SYSWOW64\en-US
2017-07-17 08:43:35 ----D---- C:\Windows\system32\migwiz
2017-07-17 08:43:35 ----D---- C:\Windows\system32\migration
2017-07-17 08:43:35 ----D---- C:\Windows\system32\en-US
2017-07-17 08:43:35 ----D---- C:\Windows\system32\Dism
2017-07-17 08:43:35 ----D---- C:\Windows\PolicyDefinitions
2017-07-17 08:43:34 ----D---- C:\Windows\system32\Boot
2017-07-17 08:43:34 ----D---- C:\Windows\AppPatch
2017-07-17 08:43:34 ----D---- C:\Program Files (x86)\Windows Media Player
2017-07-17 08:43:34 ----D---- C:\Program Files (x86)\Internet Explorer
2017-07-17 08:43:33 ----SD---- C:\Windows\system32\CompatTel
2017-07-17 08:43:33 ----D---- C:\Windows\system32\appraiser
2017-07-17 08:43:30 ----D---- C:\Windows\system32\DriverStore
2017-07-16 09:26:15 ----SHD---- C:\Windows\Installer
2017-07-16 09:26:15 ----D---- C:\ProgramData\Microsoft Help
2017-07-16 09:14:31 ----A---- C:\Windows\win.ini
2017-07-16 08:55:18 ----D---- C:\Windows\Logs
2017-07-16 08:39:05 ----D---- C:\Windows\system32\Tasks
2017-07-16 08:37:21 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-16 08:37:21 ----D---- C:\Program Files (x86)\Mozilla Firefox
2017-07-15 23:18:33 ----HD---- C:\ProgramData
2017-07-15 20:57:34 ----D---- C:\Windows\Tasks
2017-07-15 20:57:34 ----D---- C:\Windows\system32\wfp
2017-07-15 20:57:33 ----D---- C:\Windows\system32\drivers\UMDF
2017-07-15 20:57:33 ----D---- C:\Windows\system32\drivers\etc
2017-07-15 20:57:33 ----D---- C:\Windows\inf
2017-07-15 20:57:00 ----D---- C:\Windows\system32\wbem
2017-07-15 20:57:00 ----D---- C:\Windows\registration
2017-07-15 20:56:19 ----D---- C:\ProgramData\AVAST Software
2017-07-15 20:54:25 ----RHD---- C:\MSOCache
2017-07-15 20:53:29 ----D---- C:\Windows\system32\catroot2
2017-07-15 20:04:23 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2017-07-15 20:04:16 ----D---- C:\Windows\system32\Macromed
2017-07-15 20:04:15 ----D---- C:\Windows\SYSWOW64\Macromed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2009-02-03 75384]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 14192]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2007-02-08 107384]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-07-15 41800]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-07-15 110352]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2017-07-15 198944]
S0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2017-07-15 343264]
S0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2017-07-15 57704]
S0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-07-15 84392]
S0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-07-15 361336]
S1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2017-07-15 319984]
S1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-07-15 1015848]
S1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-07-15 585608]
S2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-07-15 146664]
S2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-07-15 198768]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-07-15 46984]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys []
S3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2016-05-10 205456]
S3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-05-02 28216]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2016-04-14 56384]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 161280]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2014-08-16 54784]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2017-04-25 83056]
S2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-07-15 263312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-05 125112]
S2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-05-02 1165368]
S2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-05-02 1881144]
S2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-05-02 2522680]
S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2016-05-10 1201600]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-09-20 324224]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-05-10 426040]
S2 tvnserver;TightVNC Server; C:\Program Files\TightVNC\tvnserver.exe [2013-07-19 2179056]
S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-15 272384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-07-15 7430992]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-08-02 114688]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-07-15 175560]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-05-02 3634232]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-03-08 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-11-05 51376]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 17 črc 2017 16:41

Zdravím!
Zkuste Avast přeinstalovat pomocí čisté instalace. Nejprve Avast regulérně odinstalujte poocí utility: https://www.avast.com/cs-cz/uninstall-utility . Pak ho znovu nainstalujte ze staženého instalátoru.

Hank · #3 Příspěvek od **Hank** » 17 črc 2017 21:10

Avast jsem přeinstaloval, jak jste napsal.
Nyní již funguje.

Provedl jsem úplný test systému.
Byly nalezeny 2 viry:
Obrázek

Dal jsem automaticky vyčistit.
Oba soubory byly pravděpodobně smazány
Obrázek

#4 Příspěvek od **Rudy** » 17 črc 2017 21:14

OK, to jsem rád. PC je stále zpomalen?

Hank · #5 Příspěvek od **Hank** » 17 črc 2017 21:16

#6 Příspěvek od **Rudy** » 18 črc 2017 17:01

Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Hank · #7 Příspěvek od **Hank** » 20 črc 2017 11:27

Byly tam 2 logy:
první:
# AdwCleaner 7.0.0.0 - Logfile created on Thu Jul 20 10:12:01 2017
# Updated on 2017/17/07 by Malwarebytes
# Database: 07-19-2017.5
# Running on Windows 7 Professional (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy, C:\Users\Guest\AppData\Local\torch
PUP.Optional.Chromatic, C:\Users\Guest\AppData\Local\Chromatic Browser

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{038e4452-7271-41bd-b8f9-858313463c27}
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{146d0cf6-f35b-47fd-93a7-d328192a75b8}
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{17cf391a-aa4c-46cf-9711-dab2a014d242}
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2543cb57-d8ac-4546-b64e-e6fda9db70cb}
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4eb53bb5-c0e3-4dc5-9b29-0712f701a368}
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93ae9682-5d9e-4901-b6cd-46bad6b88771}
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9d0dcf7b-c8bb-4cea-99f4-032bd11970ae}
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9fa28836-270d-482f-81af-43543e3aa15c}
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b0bbe1da-ebb0-4921-bc79-d085c11b0ccb}
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c7cfc13c-0c67-458f-ab96-e599e0cc59ee}
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ee082214-cce5-46c0-9dd4-599542ede1eb}
PUP.Adware.Heuristic, [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{174F40B7-9279-45B9-B7FF-D4FDBBD88E70}
PUP.Adware.Heuristic, [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30C4B9C8-3E1A-4959-9E13-AB4030366525}
PUP.Adware.Heuristic, [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4A1CEF85-1ABF-48C7-85C3-387FB99236E}
PUP.Adware.Heuristic, [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5D573A31-BE49-48F5-9A7C-D1327D86112}
PUP.Adware.Heuristic, [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62FA09FC-5A91-42FB-B148-F796E773DE}
PUP.Adware.Heuristic, [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B5B466-AC78-4E98-8495-BDD52198D911}
PUP.Adware.Heuristic, [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6DB5BEFE-4B5F-49AD-826-278A801C7F9A}
PUP.Adware.Heuristic, [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E93F0D5-6929-43BF-9D20-39A7B79BDA2A}
PUP.Adware.Heuristic, [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70B087D4-C586-4EC8-97DF-FDAF6C9C5FBA}
PUP.Adware.Heuristic, [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76A38454-C174-4418-BFE7-CBF1C732B6CA}
PUP.Adware.Heuristic, [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{918A9353-54CD-4076-876E-E0731DE58946}
PUP.Adware.Heuristic, [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95F059B5-6FB8-46D6-A69E-A623A2DAA335}
PUP.Adware.Heuristic, [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F7189AC-52C0-4233-8EB0-C6863A8623A2}
PUP.Adware.Heuristic, [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5EA33DD-F210-471A-8A85-84A1D03E21AE}
PUP.Adware.Heuristic, [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A99D25-BFEE-40F5-AE8B-148F44D6601}
PUP.Adware.Heuristic, [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AD8BEDE4-F70B-4C8F-9A6E-1FA6D624D7EC}
PUP.Adware.Heuristic, [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B3FDC77A-1EB0-4DCC-882A-BBB298A0DBFD}
PUP.Adware.Heuristic, [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B708F50C-4060-4AD5-BCC2-5EE39DEBE272}
PUP.Adware.Heuristic, [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C52479D-FB03-470C-98ED-C1998271779C}
PUP.Adware.Heuristic, [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C5B11BE9-FDF8-4077-8ACE-B1F50C43252}
PUP.Adware.Heuristic, [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C6BA49CB-E539-495D-9512-16B8739360E2}
PUP.Adware.Heuristic, [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DBB7B99F-37C6-4008-8DD4-E41D45A89D19}
PUP.Adware.Heuristic, [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DCA3149E-B584-4AC9-BAB6-7232C14B1FC3}
PUP.Adware.Heuristic, [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E165DB8F-27A4-4AFA-9EAB-D89D5EED4F3}
PUP.Adware.Heuristic, [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ECA99211-4409-4E0C-AE8E-7BEB761CEA96}
PUP.Adware.Heuristic, [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED23C64D-16EE-440D-B2BD-163F6EFE678E}
PUP.Adware.Heuristic, [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0EA2A4D-B6CD-44A3-A9DA-4AC5FE453181}
PUP.Adware.Heuristic, [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FDB7E5B5-7D0C-4AD6-9C92-2586564A442}

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

a druhý:
# AdwCleaner 7.0.0.0 - Logfile created on Thu Jul 20 10:13:15 2017
# Updated on 2017/17/07 by Malwarebytes
# Running on Windows 7 Professional (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\Guest\AppData\Local\torch
Deleted: C:\Users\Guest\AppData\Local\Chromatic Browser

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{038e4452-7271-41bd-b8f9-858313463c27}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{146d0cf6-f35b-47fd-93a7-d328192a75b8}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{17cf391a-aa4c-46cf-9711-dab2a014d242}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2543cb57-d8ac-4546-b64e-e6fda9db70cb}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4eb53bb5-c0e3-4dc5-9b29-0712f701a368}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93ae9682-5d9e-4901-b6cd-46bad6b88771}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9d0dcf7b-c8bb-4cea-99f4-032bd11970ae}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9fa28836-270d-482f-81af-43543e3aa15c}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b0bbe1da-ebb0-4921-bc79-d085c11b0ccb}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c7cfc13c-0c67-458f-ab96-e599e0cc59ee}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ee082214-cce5-46c0-9dd4-599542ede1eb}
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{174F40B7-9279-45B9-B7FF-D4FDBBD88E70}
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30C4B9C8-3E1A-4959-9E13-AB4030366525}
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4A1CEF85-1ABF-48C7-85C3-387FB99236E}
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5D573A31-BE49-48F5-9A7C-D1327D86112}
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62FA09FC-5A91-42FB-B148-F796E773DE}
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B5B466-AC78-4E98-8495-BDD52198D911}
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6DB5BEFE-4B5F-49AD-826-278A801C7F9A}
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E93F0D5-6929-43BF-9D20-39A7B79BDA2A}
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70B087D4-C586-4EC8-97DF-FDAF6C9C5FBA}
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76A38454-C174-4418-BFE7-CBF1C732B6CA}
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{918A9353-54CD-4076-876E-E0731DE58946}
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95F059B5-6FB8-46D6-A69E-A623A2DAA335}
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F7189AC-52C0-4233-8EB0-C6863A8623A2}
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5EA33DD-F210-471A-8A85-84A1D03E21AE}
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A99D25-BFEE-40F5-AE8B-148F44D6601}
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AD8BEDE4-F70B-4C8F-9A6E-1FA6D624D7EC}
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B3FDC77A-1EB0-4DCC-882A-BBB298A0DBFD}
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B708F50C-4060-4AD5-BCC2-5EE39DEBE272}
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C52479D-FB03-470C-98ED-C1998271779C}
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C5B11BE9-FDF8-4077-8ACE-B1F50C43252}
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C6BA49CB-E539-495D-9512-16B8739360E2}
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DBB7B99F-37C6-4008-8DD4-E41D45A89D19}
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DCA3149E-B584-4AC9-BAB6-7232C14B1FC3}
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E165DB8F-27A4-4AFA-9EAB-D89D5EED4F3}
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ECA99211-4409-4E0C-AE8E-7BEB761CEA96}
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED23C64D-16EE-440D-B2BD-163F6EFE678E}
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0EA2A4D-B6CD-44A3-A9DA-4AC5FE453181}
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FDB7E5B5-7D0C-4AD6-9C92-2586564A442}

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [6653 B] - [2017/7/20 10:12:1]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

#8 Příspěvek od **Rudy** » 20 črc 2017 15:58

Dejte nový log RSIT.

Hank · #9 Příspěvek od **Hank** » 20 črc 2017 19:02

Logfile of random's system information tool 1.10 (written by random/random)
Run by Administrator at 2017-07-20 19:59:29
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 17 GB (22%) free of 75 GB
Total RAM: 3072 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:59:34, on 20.7.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18739)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\AVAST Software\Avast\AvLaunch.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkI ... id=UE12DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: adobe.com
O1 - Hosts: http://www.adobe.com
O1 - Hosts: http://www.get.adobe.com
O1 - Hosts: get.adobe.com
O1 - Hosts: https://get.adobe.com
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\RunOnce: [Report] C:\AdwCleaner\AdwCleaner[C0].txt
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2757460864-126524720-2486629684-1000\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" (User 'education')
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Program Files\TightVNC\tvnserver.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8845 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe"
"C:\Program Files\TightVNC\tvnserver.exe" -service
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1724
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"taskhost.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe" serviceapp
"C:\Windows\system32\Dwm.exe"
\??\C:\Windows\system32\conhost.exe "19683216109957043541003469722-1460073535-2062127126-281698402-1735462263-589151124
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
"C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
AvastUI.exe /nogui

C:\Windows\system32\wbem\wmiprvse.exe
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"D:\Users\education\Desktop\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

=========Mozilla firefox=========

ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\4ny6wqyw.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 26.0.0.137 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 26.0.0.137 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-07-17 896048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-07-17 774440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení k účtu Microsoft - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"tvncontrol"=C:\Program Files\TightVNC\tvnserver.exe [2013-07-19 2179056]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-05-02 2398776]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-07-20 213832]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"*WerKernelReporting"=C:\Windows\SYSTEM32\WerFault.exe [2009-07-14 415232]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-12-20 27250144]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Report"=C:\AdwCleaner\AdwCleaner[C0].txt [2017-07-20 6277]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-07-20 19:59:15 ----D---- C:\ProgramData\SWCUTemp
2017-07-20 12:05:25 ----D---- C:\AdwCleaner
2017-07-20 11:09:02 ----A---- C:\Windows\system32\aswBoot.exe
2017-07-17 18:58:03 ----D---- C:\Users\Administrator\AppData\Roaming\AVAST Software
2017-07-17 18:57:25 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2017-07-17 18:57:25 ----A---- C:\Windows\system32\drivers\aswStm.sys
2017-07-17 18:57:25 ----A---- C:\Windows\system32\drivers\aswSP.sys
2017-07-17 18:57:24 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2017-07-17 18:57:24 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2017-07-17 18:57:24 ----A---- C:\Windows\system32\drivers\aswmonflt.sys
2017-07-17 18:57:24 ----A---- C:\Windows\system32\drivers\aswHwid.sys
2017-07-17 18:57:23 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2017-07-17 18:57:23 ----A---- C:\Windows\system32\drivers\aswbuniva.sys
2017-07-17 18:57:23 ----A---- C:\Windows\system32\drivers\aswbloga.sys
2017-07-17 18:57:22 ----A---- C:\Windows\system32\drivers\aswbidsha.sys
2017-07-17 18:57:22 ----A---- C:\Windows\system32\drivers\aswbidsdrivera.sys
2017-07-17 18:54:29 ----D---- C:\Program Files\AVAST Software
2017-07-17 08:39:33 ----A---- C:\Windows\ntbtlog.txt
2017-07-15 21:19:09 ----A---- C:\Windows\SYSWOW64\olepro32.dll
2017-07-15 21:18:18 ----A---- C:\Windows\system32\invagent.dll
2017-07-15 21:18:18 ----A---- C:\Windows\system32\generaltel.dll
2017-07-15 21:18:18 ----A---- C:\Windows\system32\devinv.dll
2017-07-15 21:18:18 ----A---- C:\Windows\system32\CompatTelRunner.exe
2017-07-15 21:18:18 ----A---- C:\Windows\system32\centel.dll
2017-07-15 21:18:18 ----A---- C:\Windows\system32\appraiser.dll
2017-07-15 21:18:18 ----A---- C:\Windows\system32\aitstatic.exe
2017-07-15 21:18:18 ----A---- C:\Windows\system32\aepic.dll
2017-07-15 21:18:18 ----A---- C:\Windows\system32\aeinv.dll
2017-07-15 21:18:18 ----A---- C:\Windows\system32\acmigration.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l2-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-07-15 21:17:47 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2017-07-15 21:17:47 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2017-07-15 21:17:47 ----A---- C:\Windows\SYSWOW64\ucrtbase.dll
2017-07-15 21:17:47 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2017-07-15 21:17:47 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2017-07-15 21:17:47 ----A---- C:\Windows\SYSWOW64\inseng.dll
2017-07-15 21:17:47 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2017-07-15 21:17:47 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-07-15 21:17:47 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-07-15 21:17:47 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-07-15 21:17:47 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-2-0.dll
2017-07-15 21:17:47 ----A---- C:\Windows\system32\ucrtbase.dll
2017-07-15 21:17:47 ----A---- C:\Windows\system32\iernonce.dll
2017-07-15 21:17:47 ----A---- C:\Windows\system32\ieetwproxystub.dll
2017-07-15 21:17:47 ----A---- C:\Windows\system32\ieetwcollector.exe
2017-07-15 21:17:47 ----A---- C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-07-15 21:17:47 ----A---- C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-07-15 21:17:46 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2017-07-15 21:17:46 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2017-07-15 21:17:46 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2017-07-15 21:17:46 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2017-07-15 21:17:46 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2017-07-15 21:17:46 ----A---- C:\Windows\system32\wudriver.dll
2017-07-15 21:17:46 ----A---- C:\Windows\system32\UtcResources.dll
2017-07-15 21:17:46 ----A---- C:\Windows\system32\inseng.dll
2017-07-15 21:17:46 ----A---- C:\Windows\system32\ie4uinit.exe
2017-07-15 21:17:45 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2017-07-15 21:17:45 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2017-07-15 21:17:45 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2017-07-15 21:17:45 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-07-15 21:17:43 ----A---- C:\Windows\SYSWOW64\jscript.dll
2017-07-15 21:17:43 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2017-07-15 21:17:43 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2017-07-15 21:17:43 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2017-07-15 21:17:43 ----A---- C:\Windows\system32\urlmon.dll
2017-07-15 21:17:43 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2017-07-15 21:17:43 ----A---- C:\Windows\system32\iedkcs32.dll
2017-07-15 21:17:42 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2017-07-15 21:17:42 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2017-07-15 21:17:42 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2017-07-15 21:17:42 ----A---- C:\Windows\SYSWOW64\D3DCompiler_47.dll
2017-07-15 21:17:42 ----A---- C:\Windows\system32\wuwebv.dll
2017-07-15 21:17:42 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll
2017-07-15 21:17:42 ----A---- C:\Windows\system32\diagtrack.dll
2017-07-15 21:17:41 ----A---- C:\Windows\SYSWOW64\ieui.dll
2017-07-15 21:17:41 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2017-07-15 21:17:41 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2017-07-15 21:17:41 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2017-07-15 21:17:41 ----A---- C:\Windows\system32\msfeeds.dll
2017-07-15 21:17:41 ----A---- C:\Windows\system32\dxtrans.dll
2017-07-15 21:17:40 ----A---- C:\Windows\system32\iesetup.dll
2017-07-15 21:17:39 ----A---- C:\Windows\system32\ieapfltr.dll
2017-07-15 21:17:37 ----A---- C:\Windows\system32\iertutil.dll
2017-07-15 21:17:36 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2017-07-15 21:17:35 ----A---- C:\Windows\SYSWOW64\wininet.dll
2017-07-15 21:17:35 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2017-07-15 21:17:35 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2017-07-15 21:17:35 ----A---- C:\Windows\system32\vbscript.dll
2017-07-15 21:17:34 ----A---- C:\Windows\SYSWOW64\msrating.dll
2017-07-15 21:17:34 ----A---- C:\Windows\system32\jsproxy.dll
2017-07-15 21:17:34 ----A---- C:\Windows\system32\ieUnatt.exe
2017-07-15 21:17:34 ----A---- C:\Windows\system32\D3DCompiler_47.dll
2017-07-15 21:17:33 ----A---- C:\Windows\system32\wuaueng.dll
2017-07-15 21:17:33 ----A---- C:\Windows\system32\rdpcorets.dll
2017-07-15 21:17:32 ----A---- C:\Windows\system32\rdpudd.dll
2017-07-15 21:17:31 ----A---- C:\Windows\system32\ieui.dll
2017-07-15 21:17:31 ----A---- C:\Windows\system32\dxtmsft.dll
2017-07-15 21:17:30 ----A---- C:\Windows\system32\ieframe.dll
2017-07-15 21:17:29 ----A---- C:\Windows\system32\mshtmlmedia.dll
2017-07-15 21:17:29 ----A---- C:\Windows\system32\mshtmled.dll
2017-07-15 21:17:28 ----A---- C:\Windows\system32\webcheck.dll
2017-07-15 21:17:28 ----A---- C:\Windows\system32\jscript.dll
2017-07-15 21:17:27 ----A---- C:\Windows\system32\jscript9diag.dll
2017-07-15 21:17:27 ----A---- C:\Windows\system32\jscript9.dll
2017-07-15 21:17:26 ----A---- C:\Windows\system32\wininet.dll
2017-07-15 21:17:24 ----A---- C:\Windows\system32\msrating.dll
2017-07-15 21:17:24 ----A---- C:\Windows\system32\MshtmlDac.dll
2017-07-15 21:17:23 ----A---- C:\Windows\system32\mshtml.dll
2017-07-15 21:17:20 ----A---- C:\Windows\system32\wmp.dll
2017-07-15 21:17:18 ----A---- C:\Windows\SYSWOW64\wmp.dll
2017-07-15 21:17:17 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2017-07-15 21:17:17 ----A---- C:\Windows\system32\wuauclt.exe
2017-07-15 21:17:17 ----A---- C:\Windows\system32\wuapp.exe
2017-07-15 21:17:16 ----A---- C:\Windows\SYSWOW64\occache.dll
2017-07-15 21:17:16 ----A---- C:\Windows\system32\wucltux.dll
2017-07-15 21:17:16 ----A---- C:\Windows\system32\wuapi.dll
2017-07-15 21:17:16 ----A---- C:\Windows\system32\WinSetupUI.dll
2017-07-15 21:17:16 ----A---- C:\Windows\system32\occache.dll
2017-07-15 21:17:15 ----A---- C:\Windows\system32\shell32.dll
2017-07-15 21:17:15 ----A---- C:\Windows\system32\ntoskrnl.exe
2017-07-15 21:17:13 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2017-07-15 21:17:13 ----A---- C:\Windows\system32\mf.dll
2017-07-15 21:17:13 ----A---- C:\Windows\system32\FntCache.dll
2017-07-15 21:17:13 ----A---- C:\Windows\system32\DWrite.dll
2017-07-15 21:17:12 ----A---- C:\Windows\SYSWOW64\shell32.dll
2017-07-15 21:17:11 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2017-07-15 21:17:11 ----A---- C:\Windows\SYSWOW64\mf.dll
2017-07-15 21:17:11 ----A---- C:\Windows\system32\ole32.dll
2017-07-15 21:17:11 ----A---- C:\Windows\system32\blackbox.dll
2017-07-15 21:17:09 ----A---- C:\Windows\system32\wups2.dll
2017-07-15 21:17:09 ----A---- C:\Windows\system32\wups.dll
2017-07-15 21:17:09 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2017-07-15 21:17:09 ----A---- C:\Windows\system32\MSVidCtl.dll
2017-07-15 21:17:08 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2017-07-15 21:17:08 ----A---- C:\Windows\SYSWOW64\blackbox.dll
2017-07-15 21:17:08 ----A---- C:\Windows\system32\drmv2clt.dll
2017-07-15 21:17:07 ----A---- C:\Windows\system32\WsmSvc.dll
2017-07-15 21:17:07 ----A---- C:\Windows\system32\win32k.sys
2017-07-15 21:17:06 ----A---- C:\Windows\SYSWOW64\drmv2clt.dll
2017-07-15 21:17:06 ----A---- C:\Windows\system32\msxml3.dll
2017-07-15 21:17:06 ----A---- C:\Windows\system32\msi.dll
2017-07-15 21:17:06 ----A---- C:\Windows\system32\drivers\tcpip.sys
2017-07-15 21:17:05 ----A---- C:\Windows\SYSWOW64\WsmSvc.dll
2017-07-15 21:17:05 ----A---- C:\Windows\SYSWOW64\msi.dll
2017-07-15 21:17:05 ----A---- C:\Windows\system32\ntdll.dll
2017-07-15 21:17:04 ----A---- C:\Windows\SYSWOW64\MSVidCtl.dll
2017-07-15 21:17:03 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2017-07-15 21:17:03 ----A---- C:\Windows\system32\crypt32.dll
2017-07-15 21:17:02 ----A---- C:\Windows\SYSWOW64\ole32.dll
2017-07-15 21:17:02 ----A---- C:\Windows\system32\tquery.dll
2017-07-15 21:17:01 ----A---- C:\Windows\system32\scavengeui.dll
2017-07-15 21:17:01 ----A---- C:\Windows\system32\quartz.dll
2017-07-15 21:17:01 ----A---- C:\Windows\system32\lsasrv.dll
2017-07-15 21:17:00 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2017-07-15 21:17:00 ----A---- C:\Windows\system32\wmdrmsdk.dll
2017-07-15 21:17:00 ----A---- C:\Windows\system32\rpcrt4.dll
2017-07-15 21:16:59 ----A---- C:\Windows\SYSWOW64\wmdrmsdk.dll
2017-07-15 21:16:59 ----A---- C:\Windows\SYSWOW64\quartz.dll
2017-07-15 21:16:59 ----A---- C:\Windows\system32\Query.dll
2017-07-15 21:16:59 ----A---- C:\Windows\system32\oleaut32.dll
2017-07-15 21:16:59 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2017-07-15 21:16:58 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2017-07-15 21:16:58 ----A---- C:\Windows\system32\localspl.dll
2017-07-15 21:16:58 ----A---- C:\Windows\system32\advapi32.dll
2017-07-15 21:16:57 ----A---- C:\Windows\system32\winload.exe
2017-07-15 21:16:57 ----A---- C:\Windows\system32\kernel32.dll
2017-07-15 21:16:56 ----A---- C:\Windows\system32\samsrv.dll
2017-07-15 21:16:55 ----A---- C:\Windows\system32\rpcss.dll
2017-07-15 21:16:55 ----A---- C:\Windows\system32\mssrch.dll
2017-07-15 21:16:55 ----A---- C:\Windows\system32\msctf.dll
2017-07-15 21:16:54 ----A---- C:\Windows\system32\win32spl.dll
2017-07-15 21:16:54 ----A---- C:\Windows\system32\drivers\srv.sys
2017-07-15 21:16:54 ----A---- C:\Windows\system32\audiosrv.dll
2017-07-15 21:16:53 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2017-07-15 21:16:53 ----A---- C:\Windows\SYSWOW64\UIAnimation.dll
2017-07-15 21:16:53 ----A---- C:\Windows\system32\UIAnimation.dll
2017-07-15 21:16:53 ----A---- C:\Windows\system32\schannel.dll
2017-07-15 21:16:53 ----A---- C:\Windows\system32\kerberos.dll
2017-07-15 21:16:53 ----A---- C:\Windows\system32\inetcomm.dll
2017-07-15 21:16:53 ----A---- C:\Windows\system32\drivers\srv2.sys
2017-07-15 21:16:53 ----A---- C:\Windows\system32\authui.dll
2017-07-15 21:16:53 ----A---- C:\Windows\HelpPane.exe
2017-07-15 21:16:52 ----A---- C:\Windows\SYSWOW64\msctf.dll
2017-07-15 21:16:52 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2017-07-15 21:16:52 ----A---- C:\Windows\SYSWOW64\evr.dll
2017-07-15 21:16:52 ----A---- C:\Windows\SYSWOW64\authui.dll
2017-07-15 21:16:52 ----A---- C:\Windows\system32\KernelBase.dll
2017-07-15 21:16:52 ----A---- C:\Windows\system32\AUDIOKSE.dll
2017-07-15 21:16:51 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2017-07-15 21:16:51 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2017-07-15 21:16:51 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2017-07-15 21:16:51 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2017-07-15 21:16:51 ----A---- C:\Windows\system32\WebClnt.dll
2017-07-15 21:16:51 ----A---- C:\Windows\system32\usp10.dll
2017-07-15 21:16:51 ----A---- C:\Windows\system32\IMJP10K.DLL
2017-07-15 21:16:51 ----A---- C:\Windows\system32\evr.dll
2017-07-15 21:16:51 ----A---- C:\Windows\system32\drivers\afd.sys
2017-07-15 21:16:51 ----A---- C:\Windows\system32\atmfd.dll
2017-07-15 21:16:50 ----A---- C:\Windows\SYSWOW64\WebClnt.dll
2017-07-15 21:16:50 ----A---- C:\Windows\SYSWOW64\tquery.dll
2017-07-15 21:16:50 ----A---- C:\Windows\SYSWOW64\Query.dll
2017-07-15 21:16:50 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2017-07-15 21:16:50 ----A---- C:\Windows\SYSWOW64\IMJP10K.DLL
2017-07-15 21:16:50 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2017-07-15 21:16:50 ----A---- C:\Windows\system32\drmmgrtn.dll
2017-07-15 21:16:50 ----A---- C:\Windows\system32\cdosys.dll
2017-07-15 21:16:49 ----A---- C:\Windows\SYSWOW64\schannel.dll
2017-07-15 21:16:49 ----A---- C:\Windows\SYSWOW64\drmmgrtn.dll
2017-07-15 21:16:49 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2017-07-15 21:16:49 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2017-07-15 21:16:49 ----A---- C:\Windows\system32\WsmWmiPl.dll
2017-07-15 21:16:49 ----A---- C:\Windows\system32\wintrust.dll
2017-07-15 21:16:49 ----A---- C:\Windows\system32\user32.dll
2017-07-15 21:16:49 ----A---- C:\Windows\system32\pla.dll
2017-07-15 21:16:49 ----A---- C:\Windows\system32\msv1_0.dll
2017-07-15 21:16:49 ----A---- C:\Windows\system32\gdi32.dll
2017-07-15 21:16:49 ----A---- C:\Windows\system32\drivers\PEAuth.sys
2017-07-15 21:16:49 ----A---- C:\Windows\system32\cryptsvc.dll
2017-07-15 21:16:48 ----A---- C:\Windows\SYSWOW64\WSManMigrationPlugin.dll
2017-07-15 21:16:48 ----A---- C:\Windows\SYSWOW64\usp10.dll
2017-07-15 21:16:48 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2017-07-15 21:16:48 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2017-07-15 21:16:48 ----A---- C:\Windows\SYSWOW64\AUDIOKSE.dll
2017-07-15 21:16:48 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
2017-07-15 21:16:48 ----A---- C:\Windows\system32\wow64win.dll
2017-07-15 21:16:48 ----A---- C:\Windows\system32\srcore.dll
2017-07-15 21:16:48 ----A---- C:\Windows\system32\qdvd.dll
2017-07-15 21:16:48 ----A---- C:\Windows\system32\cryptui.dll
2017-07-15 21:16:48 ----A---- C:\Windows\system32\AudioEng.dll
2017-07-15 21:16:47 ----A---- C:\Windows\SYSWOW64\WsmWmiPl.dll
2017-07-15 21:16:47 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2017-07-15 21:16:47 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2017-07-15 21:16:47 ----A---- C:\Windows\system32\SearchIndexer.exe
2017-07-15 21:16:47 ----A---- C:\Windows\system32\ExplorerFrame.dll
2017-07-15 21:16:47 ----A---- C:\Windows\system32\drivers\ntfs.sys
2017-07-15 21:16:47 ----A---- C:\Windows\system32\drivers\cng.sys
2017-07-15 21:16:47 ----A---- C:\Windows\system32\conhost.exe
2017-07-15 21:16:46 ----A---- C:\Windows\SYSWOW64\WSManHTTPConfig.exe
2017-07-15 21:16:46 ----A---- C:\Windows\SYSWOW64\user32.dll
2017-07-15 21:16:46 ----A---- C:\Windows\SYSWOW64\msihnd.dll
2017-07-15 21:16:46 ----A---- C:\Windows\SYSWOW64\mfplat.dll
2017-07-15 21:16:46 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2017-07-15 21:16:46 ----A---- C:\Windows\SYSWOW64\cryptui.dll
2017-07-15 21:16:46 ----A---- C:\Windows\SYSWOW64\AudioEng.dll
2017-07-15 21:16:46 ----A---- C:\Windows\system32\mfplat.dll
2017-07-15 21:16:46 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2017-07-15 21:16:46 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2017-07-15 21:16:46 ----A---- C:\Windows\system32\davclnt.dll
2017-07-15 21:16:46 ----A---- C:\Windows\system32\clfs.sys
2017-07-15 21:16:46 ----A---- C:\Windows\system32\AudioSes.dll
2017-07-15 21:16:46 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2017-07-15 21:16:45 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2017-07-15 21:16:45 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2017-07-15 21:16:45 ----A---- C:\Windows\SYSWOW64\davclnt.dll
2017-07-15 21:16:45 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2017-07-15 21:16:45 ----A---- C:\Windows\SYSWOW64\AudioSes.dll
2017-07-15 21:16:45 ----A---- C:\Windows\system32\WsmAuto.dll
2017-07-15 21:16:45 ----A---- C:\Windows\system32\rpchttp.dll
2017-07-15 21:16:45 ----A---- C:\Windows\system32\pcasvc.dll
2017-07-15 21:16:45 ----A---- C:\Windows\system32\drivers\tdx.sys
2017-07-15 21:16:45 ----A---- C:\Windows\system32\drivers\srvnet.sys
2017-07-15 21:16:45 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2017-07-15 21:16:45 ----A---- C:\Windows\system32\drivers\dfsc.sys
2017-07-15 21:16:45 ----A---- C:\Windows\system32\cryptnet.dll
2017-07-15 21:16:44 ----A---- C:\Windows\SYSWOW64\WsmAuto.dll
2017-07-15 21:16:44 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2017-07-15 21:16:44 ----A---- C:\Windows\SYSWOW64\pla.dll
2017-07-15 21:16:44 ----A---- C:\Windows\system32\Wldap32.dll
2017-07-15 21:16:44 ----A---- C:\Windows\system32\winsrv.dll
2017-07-15 21:16:44 ----A---- C:\Windows\system32\ncrypt.dll
2017-07-15 21:16:44 ----A---- C:\Windows\system32\msiexec.exe
2017-07-15 21:16:44 ----A---- C:\Windows\system32\EncDump.dll
2017-07-15 21:16:44 ----A---- C:\Windows\system32\drivers\mountmgr.sys
2017-07-15 21:16:43 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2017-07-15 21:16:43 ----A---- C:\Windows\system32\mscms.dll
2017-07-15 21:16:43 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2017-07-15 21:16:43 ----A---- C:\Windows\system32\drivers\fastfat.sys
2017-07-15 21:16:43 ----A---- C:\Windows\system32\drivers\exfat.sys
2017-07-15 21:16:43 ----A---- C:\Windows\system32\consent.exe
2017-07-15 21:16:42 ----A---- C:\Windows\SYSWOW64\ExplorerFrame.dll
2017-07-15 21:16:42 ----A---- C:\Windows\system32\drivers\netio.sys
2017-07-15 21:16:42 ----A---- C:\Windows\system32\certcli.dll
2017-07-15 21:16:42 ----A---- C:\Windows\system32\bcdedit.exe
2017-07-15 21:16:41 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2017-07-15 21:16:41 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2017-07-15 21:16:41 ----A---- C:\Windows\system32\wow64.dll
2017-07-15 21:16:41 ----A---- C:\Windows\system32\wmploc.DLL
2017-07-15 21:16:41 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2017-07-15 21:16:41 ----A---- C:\Windows\system32\adtschema.dll
2017-07-15 21:16:40 ----A---- C:\Windows\SYSWOW64\Wldap32.dll
2017-07-15 21:16:40 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2017-07-15 21:16:40 ----A---- C:\Windows\system32\pdh.dll
2017-07-15 21:16:40 ----A---- C:\Windows\system32\mssph.dll
2017-07-15 21:16:40 ----A---- C:\Windows\system32\msinfo32.exe
2017-07-15 21:16:40 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2017-07-15 21:16:40 ----A---- C:\Windows\system32\drivers\bowser.sys
2017-07-15 21:16:40 ----A---- C:\Windows\system32\audiodg.exe
2017-07-15 21:16:39 ----A---- C:\Windows\SYSWOW64\wups.dll
2017-07-15 21:16:39 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2017-07-15 21:16:39 ----A---- C:\Windows\SYSWOW64\pdh.dll
2017-07-15 21:16:39 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2017-07-15 21:16:39 ----A---- C:\Windows\system32\mssvp.dll
2017-07-15 21:16:39 ----A---- C:\Windows\system32\mfps.dll
2017-07-15 21:16:39 ----A---- C:\Windows\system32\cryptsp.dll
2017-07-15 21:16:39 ----A---- C:\Windows\system32\appidsvc.dll
2017-07-15 21:16:38 ----A---- C:\Windows\SYSWOW64\cryptsp.dll
2017-07-15 21:16:38 ----A---- C:\Windows\SYSWOW64\adsmsext.dll
2017-07-15 21:16:38 ----A---- C:\Windows\system32\wdigest.dll
2017-07-15 21:16:38 ----A---- C:\Windows\system32\wdc.dll
2017-07-15 21:16:38 ----A---- C:\Windows\system32\TSpkg.dll
2017-07-15 21:16:38 ----A---- C:\Windows\system32\drivers\http.sys
2017-07-15 21:16:38 ----A---- C:\Windows\system32\drivers\appid.sys
2017-07-15 21:16:38 ----A---- C:\Windows\system32\appinfo.dll
2017-07-15 21:16:38 ----A---- C:\Windows\system32\appidapi.dll
2017-07-15 21:16:38 ----A---- C:\Windows\system32\adsmsext.dll
2017-07-15 21:16:37 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2017-07-15 21:16:37 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2017-07-15 21:16:37 ----A---- C:\Windows\SYSWOW64\mssph.dll
2017-07-15 21:16:37 ----A---- C:\Windows\SYSWOW64\MigAutoPlay.exe
2017-07-15 21:16:37 ----A---- C:\Windows\SYSWOW64\certcli.dll
2017-07-15 21:16:37 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2017-07-15 21:16:37 ----A---- C:\Windows\system32\smss.exe
2017-07-15 21:16:37 ----A---- C:\Windows\system32\mssphtb.dll
2017-07-15 21:16:37 ----A---- C:\Windows\system32\MigAutoPlay.exe
2017-07-15 21:16:37 ----A---- C:\Windows\system32\input.dll
2017-07-15 21:16:37 ----A---- C:\Windows\system32\icm32.dll
2017-07-15 21:16:37 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2017-07-15 21:16:37 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2017-07-15 21:16:37 ----A---- C:\Windows\system32\bcrypt.dll
2017-07-15 21:16:37 ----A---- C:\Windows\system32\asycfilt.dll
2017-07-15 21:16:36 ----A---- C:\Windows\SYSWOW64\wdc.dll
2017-07-15 21:16:36 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2017-07-15 21:16:36 ----A---- C:\Windows\SYSWOW64\rundll32.exe
2017-07-15 21:16:36 ----A---- C:\Windows\SYSWOW64\msinfo32.exe
2017-07-15 21:16:36 ----A---- C:\Windows\SYSWOW64\mscms.dll
2017-07-15 21:16:36 ----A---- C:\Windows\SYSWOW64\mfps.dll
2017-07-15 21:16:36 ----A---- C:\Windows\SYSWOW64\input.dll
2017-07-15 21:16:36 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2017-07-15 21:16:36 ----A---- C:\Windows\SYSWOW64\asycfilt.dll
2017-07-15 21:16:36 ----A---- C:\Windows\system32\SearchFilterHost.exe
2017-07-15 21:16:36 ----A---- C:\Windows\system32\PrintBrmUi.exe
2017-07-15 21:16:36 ----A---- C:\Windows\system32\pdhui.dll
2017-07-15 21:16:36 ----A---- C:\Windows\system32\csrsrv.dll
2017-07-15 21:16:35 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2017-07-15 21:16:35 ----A---- C:\Windows\SYSWOW64\pdhui.dll
2017-07-15 21:16:35 ----A---- C:\Windows\SYSWOW64\msiexec.exe
2017-07-15 21:16:35 ----A---- C:\Windows\SYSWOW64\mfmjpegdec.dll
2017-07-15 21:16:35 ----A---- C:\Windows\SYSWOW64\icm32.dll
2017-07-15 21:16:35 ----A---- C:\Windows\SYSWOW64\hlink.dll
2017-07-15 21:16:35 ----A---- C:\Windows\system32\wvc.dll
2017-07-15 21:16:35 ----A---- C:\Windows\system32\samlib.dll
2017-07-15 21:16:35 ----A---- C:\Windows\system32\rundll32.exe
2017-07-15 21:16:35 ----A---- C:\Windows\system32\msscp.dll
2017-07-15 21:16:35 ----A---- C:\Windows\system32\msscntrs.dll
2017-07-15 21:16:35 ----A---- C:\Windows\system32\mfmjpegdec.dll
2017-07-15 21:16:35 ----A---- C:\Windows\system32\hlink.dll
2017-07-15 21:16:35 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2017-07-15 21:16:34 ----A---- C:\Windows\SYSWOW64\oleres.dll
2017-07-15 21:16:34 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2017-07-15 21:16:34 ----A---- C:\Windows\SYSWOW64\nlsbres.dll
2017-07-15 21:16:34 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2017-07-15 21:16:34 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2017-07-15 21:16:34 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2017-07-15 21:16:34 ----A---- C:\Windows\system32\rstrui.exe
2017-07-15 21:16:34 ----A---- C:\Windows\system32\oleres.dll
2017-07-15 21:16:34 ----A---- C:\Windows\system32\nlsbres.dll
2017-07-15 21:16:34 ----A---- C:\Windows\system32\msihnd.dll
2017-07-15 21:16:34 ----A---- C:\Windows\system32\cryptbase.dll
2017-07-15 21:16:33 ----A---- C:\Windows\SYSWOW64\WcsPlugInService.dll
2017-07-15 21:16:33 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2017-07-15 21:16:33 ----A---- C:\Windows\SYSWOW64\samlib.dll
2017-07-15 21:16:33 ----A---- C:\Windows\SYSWOW64\msscp.dll
2017-07-15 21:16:33 ----A---- C:\Windows\SYSWOW64\msscntrs.dll
2017-07-15 21:16:33 ----A---- C:\Windows\SYSWOW64\msnetobj.dll
2017-07-15 21:16:33 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2017-07-15 21:16:33 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2017-07-15 21:16:33 ----A---- C:\Windows\system32\WcsPlugInService.dll
2017-07-15 21:16:33 ----A---- C:\Windows\system32\sspicli.dll
2017-07-15 21:16:33 ----A---- C:\Windows\system32\srclient.dll
2017-07-15 21:16:33 ----A---- C:\Windows\system32\secur32.dll
2017-07-15 21:16:33 ----A---- C:\Windows\system32\ntvdm64.dll
2017-07-15 21:16:33 ----A---- C:\Windows\system32\msnetobj.dll
2017-07-15 21:16:33 ----A---- C:\Windows\system32\msaudite.dll
2017-07-15 21:16:33 ----A---- C:\Windows\system32\lsass.exe
2017-07-15 21:16:33 ----A---- C:\Windows\system32\auditpol.exe
2017-07-15 21:16:32 ----A---- C:\Windows\SYSWOW64\wvc.dll
2017-07-15 21:16:32 ----A---- C:\Windows\SYSWOW64\srclient.dll
2017-07-15 21:16:32 ----A---- C:\Windows\SYSWOW64\setup16.exe
2017-07-15 21:16:32 ----A---- C:\Windows\SYSWOW64\secur32.dll
2017-07-15 21:16:32 ----A---- C:\Windows\SYSWOW64\rrinstaller.exe
2017-07-15 21:16:32 ----A---- C:\Windows\SYSWOW64\perfmon.exe
2017-07-15 21:16:32 ----A---- C:\Windows\SYSWOW64\mssitlb.dll
2017-07-15 21:16:32 ----A---- C:\Windows\SYSWOW64\mfpmp.exe
2017-07-15 21:16:32 ----A---- C:\Windows\SYSWOW64\credssp.dll
2017-07-15 21:16:32 ----A---- C:\Windows\system32\setbcdlocale.dll
2017-07-15 21:16:32 ----A---- C:\Windows\system32\rrinstaller.exe
2017-07-15 21:16:32 ----A---- C:\Windows\system32\perfmon.exe
2017-07-15 21:16:32 ----A---- C:\Windows\system32\pcadm.dll
2017-07-15 21:16:32 ----A---- C:\Windows\system32\mssitlb.dll
2017-07-15 21:16:32 ----A---- C:\Windows\system32\mfpmp.exe
2017-07-15 21:16:32 ----A---- C:\Windows\system32\credssp.dll
2017-07-15 21:16:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-07-15 21:16:31 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-07-15 21:16:31 ----A---- C:\Windows\SYSWOW64\wsmprovhost.exe
2017-07-15 21:16:31 ----A---- C:\Windows\SYSWOW64\wsmplpxy.dll
2017-07-15 21:16:31 ----A---- C:\Windows\SYSWOW64\resmon.exe
2017-07-15 21:16:31 ----A---- C:\Windows\SYSWOW64\mssprxy.dll
2017-07-15 21:16:31 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2017-07-15 21:16:31 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2017-07-15 21:16:31 ----A---- C:\Windows\system32\wsmprovhost.exe
2017-07-15 21:16:31 ----A---- C:\Windows\system32\wsmplpxy.dll
2017-07-15 21:16:31 ----A---- C:\Windows\system32\sspisrv.dll
2017-07-15 21:16:31 ----A---- C:\Windows\system32\resmon.exe
2017-07-15 21:16:31 ----A---- C:\Windows\system32\pcawrk.exe
2017-07-15 21:16:31 ----A---- C:\Windows\system32\pcalua.exe
2017-07-15 21:16:31 ----A---- C:\Windows\system32\mssprxy.dll
2017-07-15 21:16:31 ----A---- C:\Windows\system32\msshooks.dll
2017-07-15 21:16:31 ----A---- C:\Windows\system32\msmmsp.dll
2017-07-15 21:16:31 ----A---- C:\Windows\system32\lpk.dll
2017-07-15 21:16:31 ----A---- C:\Windows\system32\dciman32.dll
2017-07-15 21:16:31 ----A---- C:\Windows\system32\cdd.dll
2017-07-15 21:16:31 ----A---- C:\Windows\system32\atmlib.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-07-15 21:16:30 ----A---- C:\Windows\SYSWOW64\wow32.dll
2017-07-15 21:16:30 ----A---- C:\Windows\SYSWOW64\spwmp.dll
2017-07-15 21:16:30 ----A---- C:\Windows\SYSWOW64\msshooks.dll
2017-07-15 21:16:30 ----A---- C:\Windows\SYSWOW64\lpk.dll
2017-07-15 21:16:30 ----A---- C:\Windows\SYSWOW64\instnm.exe
2017-07-15 21:16:30 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2017-07-15 21:16:30 ----A---- C:\Windows\SYSWOW64\comcat.dll
2017-07-15 21:16:30 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2017-07-15 21:16:30 ----A---- C:\Windows\system32\wow64cpu.dll
2017-07-15 21:16:30 ----A---- C:\Windows\system32\spwmp.dll
2017-07-15 21:16:30 ----A---- C:\Windows\system32\plasrv.exe
2017-07-15 21:16:30 ----A---- C:\Windows\system32\fontsub.dll
2017-07-15 21:16:30 ----A---- C:\Windows\system32\dxmasf.dll
2017-07-15 21:16:30 ----A---- C:\Windows\system32\comcat.dll
2017-07-15 21:16:30 ----A---- C:\Windows\system32\apisetschema.dll
2017-07-15 21:16:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2017-07-15 21:16:29 ----A---- C:\Windows\SYSWOW64\WsmRes.dll
2017-07-15 21:16:29 ----A---- C:\Windows\SYSWOW64\user.exe
2017-07-15 21:16:29 ----A---- C:\Windows\SYSWOW64\tzres.dll
2017-07-15 21:16:29 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2017-07-15 21:16:29 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2017-07-15 21:16:29 ----A---- C:\Windows\SYSWOW64\msimsg.dll
2017-07-15 21:16:29 ----A---- C:\Windows\SYSWOW64\mferror.dll
2017-07-15 21:16:29 ----A---- C:\Windows\SYSWOW64\INETRES.dll
2017-07-15 21:16:29 ----A---- C:\Windows\SYSWOW64\dxmasf.dll
2017-07-15 21:16:29 ----A---- C:\Windows\system32\WsmRes.dll
2017-07-15 21:16:29 ----A---- C:\Windows\system32\tzres.dll
2017-07-15 21:16:29 ----A---- C:\Windows\system32\pcaevts.dll
2017-07-15 21:16:29 ----A---- C:\Windows\system32\msxml3r.dll
2017-07-15 21:16:29 ----A---- C:\Windows\system32\msobjs.dll
2017-07-15 21:16:29 ----A---- C:\Windows\system32\msimsg.dll
2017-07-15 21:16:29 ----A---- C:\Windows\system32\mferror.dll
2017-07-15 21:16:29 ----A---- C:\Windows\system32\INETRES.dll
2017-07-15 21:13:20 ----A---- C:\Windows\system32\drivers\tcpipreg.sys
2017-07-15 21:13:18 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2017-07-15 21:13:18 ----A---- C:\Windows\system32\drivers\usbport.sys
2017-07-15 21:13:18 ----A---- C:\Windows\system32\drivers\usbohci.sys
2017-07-15 21:13:18 ----A---- C:\Windows\system32\drivers\usbhub.sys
2017-07-15 21:13:18 ----A---- C:\Windows\system32\drivers\usbehci.sys
2017-07-15 21:13:18 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2017-07-15 21:13:17 ----A---- C:\Windows\system32\drivers\usbd.sys
2017-07-15 21:13:11 ----A---- C:\Windows\SYSWOW64\explorer.exe
2017-07-15 21:13:11 ----A---- C:\Windows\explorer.exe
2017-07-15 21:13:03 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2017-07-15 21:13:03 ----A---- C:\Windows\system32\poqexec.exe
2017-06-29 14:20:14 ----D---- C:\Users\Administrator\AppData\Roaming\Skype

======List of files/folders modified in the last 1 month======

2017-07-20 19:59:34 ----D---- C:\Windows\Prefetch
2017-07-20 19:59:33 ----D---- C:\Program Files\trend micro
2017-07-20 19:59:29 ----D---- C:\Windows\Temp
2017-07-20 19:59:15 ----HD---- C:\ProgramData
2017-07-20 18:11:35 ----D---- C:\Windows\system32\config
2017-07-20 17:29:05 ----D---- C:\Windows\System32
2017-07-20 17:29:05 ----D---- C:\Windows\inf
2017-07-20 17:29:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-07-20 17:22:10 ----D---- C:\ProgramData\NVIDIA
2017-07-20 11:56:33 ----D---- C:\Windows\system32\drivers
2017-07-20 11:41:52 ----D---- C:\Windows\Microsoft.NET
2017-07-20 11:29:17 ----SHD---- C:\System Volume Information
2017-07-20 11:20:30 ----D---- C:\Windows\system32\MRT
2017-07-20 11:20:30 ----D---- C:\Windows\debug
2017-07-20 11:18:50 ----AC---- C:\Windows\system32\MRT.exe
2017-07-20 11:18:33 ----SHD---- C:\Windows\Installer
2017-07-20 11:13:10 ----D---- C:\Windows\SysWOW64
2017-07-20 11:13:10 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2017-07-20 11:09:47 ----D---- C:\Windows\system32\Tasks
2017-07-20 08:51:02 ----D---- C:\Windows\rescache
2017-07-20 08:21:26 ----RSD---- C:\Windows\assembly
2017-07-20 08:18:41 ----D---- C:\Windows\winsxs
2017-07-17 23:59:22 ----RD---- C:\Program Files
2017-07-17 23:59:22 ----D---- C:\Windows\system32\cs-CZ
2017-07-17 23:59:21 ----SD---- C:\Windows\system32\CompatTel
2017-07-17 23:59:20 ----D---- C:\Windows\system32\appraiser
2017-07-17 23:59:20 ----D---- C:\Windows\AppPatch
2017-07-17 23:59:10 ----D---- C:\Program Files\Internet Explorer
2017-07-17 23:59:10 ----D---- C:\Program Files\DVD Maker
2017-07-17 23:59:09 ----D---- C:\Program Files\Windows Media Player
2017-07-17 23:59:09 ----D---- C:\Program Files (x86)\Internet Explorer
2017-07-17 23:59:08 ----D---- C:\Windows\SYSWOW64\migwiz
2017-07-17 23:59:08 ----D---- C:\Windows\SYSWOW64\migration
2017-07-17 23:59:08 ----D---- C:\Program Files (x86)\Windows Media Player
2017-07-17 23:59:07 ----D---- C:\Windows\SYSWOW64\Dism
2017-07-17 23:59:07 ----D---- C:\Windows\SYSWOW64\cs-CZ
2017-07-17 23:59:05 ----D---- C:\Windows\SYSWOW64\en-US
2017-07-17 23:58:56 ----D---- C:\Windows\PolicyDefinitions
2017-07-17 23:58:55 ----D---- C:\Windows\system32\migwiz
2017-07-17 23:58:55 ----D---- C:\Windows\system32\migration
2017-07-17 23:58:54 ----D---- C:\Windows\system32\Dism
2017-07-17 23:58:48 ----D---- C:\Windows\system32\en-US
2017-07-17 23:58:37 ----D---- C:\Windows
2017-07-17 23:58:35 ----D---- C:\Windows\system32\Boot
2017-07-17 23:58:33 ----D---- C:\Windows\system32\drivers\cs-CZ
2017-07-17 23:58:29 ----D---- C:\Windows\cs-CZ
2017-07-17 23:58:16 ----D---- C:\Windows\system32\DriverStore
2017-07-17 18:51:17 ----D---- C:\ProgramData\AVAST Software
2017-07-17 18:49:32 ----D---- C:\Program Files\Common Files\AV
2017-07-16 09:26:15 ----D---- C:\ProgramData\Microsoft Help
2017-07-16 09:14:31 ----A---- C:\Windows\win.ini
2017-07-16 08:55:18 ----D---- C:\Windows\Logs
2017-07-16 08:37:21 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-16 08:37:21 ----D---- C:\Program Files (x86)\Mozilla Firefox
2017-07-15 20:57:34 ----D---- C:\Windows\Tasks
2017-07-15 20:57:34 ----D---- C:\Windows\system32\wfp
2017-07-15 20:57:33 ----D---- C:\Windows\system32\drivers\UMDF
2017-07-15 20:57:33 ----D---- C:\Windows\system32\drivers\etc
2017-07-15 20:57:00 ----D---- C:\Windows\system32\wbem
2017-07-15 20:57:00 ----D---- C:\Windows\registration
2017-07-15 20:54:25 ----RHD---- C:\MSOCache
2017-07-15 20:53:29 ----D---- C:\Windows\system32\catroot2
2017-07-15 20:04:23 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2017-07-15 20:04:16 ----D---- C:\Windows\system32\Macromed
2017-07-15 20:04:15 ----D---- C:\Windows\SYSWOW64\Macromed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2017-07-20 198976]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2017-07-20 343288]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2017-07-20 57728]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-07-17 84392]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-07-17 361336]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2009-02-03 75384]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 14192]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2007-02-08 107384]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2017-07-20 320008]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-07-17 110352]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-07-17 1015848]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-07-17 585608]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-07-20 146696]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-07-17 198768]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2016-05-10 205456]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-05-02 28216]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2016-04-14 56384]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-07-17 46984]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 161280]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2014-08-16 54784]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2017-04-25 83056]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-07-20 263312]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-05-02 1165368]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-05-02 1881144]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-05-02 2522680]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2016-05-10 1201600]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-05-10 426040]
R2 tvnserver;TightVNC Server; C:\Program Files\TightVNC\tvnserver.exe [2013-07-19 2179056]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-05-02 3634232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-04-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-04-21 128648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-09-20 324224]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-15 272384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-07-20 7430992]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-06-29 116224]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-07-15 175560]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-03-08 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-04-21 52856]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]

-----------------EOF-----------------

#10 Příspěvek od **Rudy** » 20 črc 2017 19:12

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:commands
[Purity]
[Emptytemp]
[Emptyflash]
[Resethosts]

a klikněte na >MoveIt!<. Před skenem vypněte antivir a po něm restartujte PC. Dejte nový log RSIT.

Hank · #11 Příspěvek od **Hank** » 28 črc 2017 18:23

Logfile of random's system information tool 1.10 (written by random/random)
Run by Administrator at 2017-07-28 19:22:15
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 16 GB (21%) free of 75 GB
Total RAM: 3072 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:22:21, on 28.7.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18739)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkI ... id=UE12DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O4 - HKLM\..\RunOnce: [OTM] "D:\Users\education\Desktop\OTM.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2757460864-126524720-2486629684-1000\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" (User 'education')
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Program Files\TightVNC\tvnserver.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8713 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
taskeng.exe {B3585D9F-7DC6-4B82-90FA-5D095496D106}
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\TightVNC\tvnserver.exe" -service
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2476
"C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe"
"taskhost.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe" serviceapp
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
\??\C:\Windows\system32\conhost.exe "1900629080-1609979196743121218153469377221196258931542755790318120811852200044
"C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
AvastUI.exe /nogui
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1"
C:\Windows\system32\sppsvc.exe
"D:\Users\education\Desktop\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

=========Mozilla firefox=========

ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\4ny6wqyw.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 26.0.0.137 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 26.0.0.137 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-07-17 896048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-07-17 774440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení k účtu Microsoft - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"tvncontrol"=C:\Program Files\TightVNC\tvnserver.exe [2013-07-19 2179056]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-05-02 2398776]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-07-20 213832]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"*WerKernelReporting"=C:\Windows\SYSTEM32\WerFault.exe [2009-07-14 415232]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-12-20 27250144]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"OTM"=D:\Users\education\Desktop\OTM.exe [2017-07-28 522240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-07-20 12:05:25 ----D---- C:\AdwCleaner
2017-07-20 11:09:02 ----A---- C:\Windows\system32\aswBoot.exe
2017-07-17 18:58:03 ----D---- C:\Users\Administrator\AppData\Roaming\AVAST Software
2017-07-17 18:57:25 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2017-07-17 18:57:25 ----A---- C:\Windows\system32\drivers\aswStm.sys
2017-07-17 18:57:25 ----A---- C:\Windows\system32\drivers\aswSP.sys
2017-07-17 18:57:24 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2017-07-17 18:57:24 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2017-07-17 18:57:24 ----A---- C:\Windows\system32\drivers\aswmonflt.sys
2017-07-17 18:57:24 ----A---- C:\Windows\system32\drivers\aswHwid.sys
2017-07-17 18:57:23 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2017-07-17 18:57:23 ----A---- C:\Windows\system32\drivers\aswbuniva.sys
2017-07-17 18:57:23 ----A---- C:\Windows\system32\drivers\aswbloga.sys
2017-07-17 18:57:22 ----A---- C:\Windows\system32\drivers\aswbidsha.sys
2017-07-17 18:57:22 ----A---- C:\Windows\system32\drivers\aswbidsdrivera.sys
2017-07-17 18:54:29 ----D---- C:\Program Files\AVAST Software
2017-07-17 08:39:33 ----A---- C:\Windows\ntbtlog.txt
2017-07-15 21:19:09 ----A---- C:\Windows\SYSWOW64\olepro32.dll
2017-07-15 21:18:18 ----A---- C:\Windows\system32\invagent.dll
2017-07-15 21:18:18 ----A---- C:\Windows\system32\generaltel.dll
2017-07-15 21:18:18 ----A---- C:\Windows\system32\devinv.dll
2017-07-15 21:18:18 ----A---- C:\Windows\system32\CompatTelRunner.exe
2017-07-15 21:18:18 ----A---- C:\Windows\system32\centel.dll
2017-07-15 21:18:18 ----A---- C:\Windows\system32\appraiser.dll
2017-07-15 21:18:18 ----A---- C:\Windows\system32\aitstatic.exe
2017-07-15 21:18:18 ----A---- C:\Windows\system32\aepic.dll
2017-07-15 21:18:18 ----A---- C:\Windows\system32\aeinv.dll
2017-07-15 21:18:18 ----A---- C:\Windows\system32\acmigration.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l2-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-07-15 21:17:48 ----A---- C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-07-15 21:17:47 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2017-07-15 21:17:47 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2017-07-15 21:17:47 ----A---- C:\Windows\SYSWOW64\ucrtbase.dll
2017-07-15 21:17:47 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2017-07-15 21:17:47 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2017-07-15 21:17:47 ----A---- C:\Windows\SYSWOW64\inseng.dll
2017-07-15 21:17:47 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2017-07-15 21:17:47 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-07-15 21:17:47 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-07-15 21:17:47 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-07-15 21:17:47 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-2-0.dll
2017-07-15 21:17:47 ----A---- C:\Windows\system32\ucrtbase.dll
2017-07-15 21:17:47 ----A---- C:\Windows\system32\iernonce.dll
2017-07-15 21:17:47 ----A---- C:\Windows\system32\ieetwproxystub.dll
2017-07-15 21:17:47 ----A---- C:\Windows\system32\ieetwcollector.exe
2017-07-15 21:17:47 ----A---- C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-07-15 21:17:47 ----A---- C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-07-15 21:17:46 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2017-07-15 21:17:46 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2017-07-15 21:17:46 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2017-07-15 21:17:46 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2017-07-15 21:17:46 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2017-07-15 21:17:46 ----A---- C:\Windows\system32\wudriver.dll
2017-07-15 21:17:46 ----A---- C:\Windows\system32\UtcResources.dll
2017-07-15 21:17:46 ----A---- C:\Windows\system32\inseng.dll
2017-07-15 21:17:46 ----A---- C:\Windows\system32\ie4uinit.exe
2017-07-15 21:17:45 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2017-07-15 21:17:45 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2017-07-15 21:17:45 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2017-07-15 21:17:45 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-07-15 21:17:43 ----A---- C:\Windows\SYSWOW64\jscript.dll
2017-07-15 21:17:43 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2017-07-15 21:17:43 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2017-07-15 21:17:43 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2017-07-15 21:17:43 ----A---- C:\Windows\system32\urlmon.dll
2017-07-15 21:17:43 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2017-07-15 21:17:43 ----A---- C:\Windows\system32\iedkcs32.dll
2017-07-15 21:17:42 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2017-07-15 21:17:42 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2017-07-15 21:17:42 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2017-07-15 21:17:42 ----A---- C:\Windows\SYSWOW64\D3DCompiler_47.dll
2017-07-15 21:17:42 ----A---- C:\Windows\system32\wuwebv.dll
2017-07-15 21:17:42 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll
2017-07-15 21:17:42 ----A---- C:\Windows\system32\diagtrack.dll
2017-07-15 21:17:41 ----A---- C:\Windows\SYSWOW64\ieui.dll
2017-07-15 21:17:41 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2017-07-15 21:17:41 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2017-07-15 21:17:41 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2017-07-15 21:17:41 ----A---- C:\Windows\system32\msfeeds.dll
2017-07-15 21:17:41 ----A---- C:\Windows\system32\dxtrans.dll
2017-07-15 21:17:40 ----A---- C:\Windows\system32\iesetup.dll
2017-07-15 21:17:39 ----A---- C:\Windows\system32\ieapfltr.dll
2017-07-15 21:17:37 ----A---- C:\Windows\system32\iertutil.dll
2017-07-15 21:17:36 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2017-07-15 21:17:35 ----A---- C:\Windows\SYSWOW64\wininet.dll
2017-07-15 21:17:35 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2017-07-15 21:17:35 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2017-07-15 21:17:35 ----A---- C:\Windows\system32\vbscript.dll
2017-07-15 21:17:34 ----A---- C:\Windows\SYSWOW64\msrating.dll
2017-07-15 21:17:34 ----A---- C:\Windows\system32\jsproxy.dll
2017-07-15 21:17:34 ----A---- C:\Windows\system32\ieUnatt.exe
2017-07-15 21:17:34 ----A---- C:\Windows\system32\D3DCompiler_47.dll
2017-07-15 21:17:33 ----A---- C:\Windows\system32\wuaueng.dll
2017-07-15 21:17:33 ----A---- C:\Windows\system32\rdpcorets.dll
2017-07-15 21:17:32 ----A---- C:\Windows\system32\rdpudd.dll
2017-07-15 21:17:31 ----A---- C:\Windows\system32\ieui.dll
2017-07-15 21:17:31 ----A---- C:\Windows\system32\dxtmsft.dll
2017-07-15 21:17:30 ----A---- C:\Windows\system32\ieframe.dll
2017-07-15 21:17:29 ----A---- C:\Windows\system32\mshtmlmedia.dll
2017-07-15 21:17:29 ----A---- C:\Windows\system32\mshtmled.dll
2017-07-15 21:17:28 ----A---- C:\Windows\system32\webcheck.dll
2017-07-15 21:17:28 ----A---- C:\Windows\system32\jscript.dll
2017-07-15 21:17:27 ----A---- C:\Windows\system32\jscript9diag.dll
2017-07-15 21:17:27 ----A---- C:\Windows\system32\jscript9.dll
2017-07-15 21:17:26 ----A---- C:\Windows\system32\wininet.dll
2017-07-15 21:17:24 ----A---- C:\Windows\system32\msrating.dll
2017-07-15 21:17:24 ----A---- C:\Windows\system32\MshtmlDac.dll
2017-07-15 21:17:23 ----A---- C:\Windows\system32\mshtml.dll
2017-07-15 21:17:20 ----A---- C:\Windows\system32\wmp.dll
2017-07-15 21:17:18 ----A---- C:\Windows\SYSWOW64\wmp.dll
2017-07-15 21:17:17 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2017-07-15 21:17:17 ----A---- C:\Windows\system32\wuauclt.exe
2017-07-15 21:17:17 ----A---- C:\Windows\system32\wuapp.exe
2017-07-15 21:17:16 ----A---- C:\Windows\SYSWOW64\occache.dll
2017-07-15 21:17:16 ----A---- C:\Windows\system32\wucltux.dll
2017-07-15 21:17:16 ----A---- C:\Windows\system32\wuapi.dll
2017-07-15 21:17:16 ----A---- C:\Windows\system32\WinSetupUI.dll
2017-07-15 21:17:16 ----A---- C:\Windows\system32\occache.dll
2017-07-15 21:17:15 ----A---- C:\Windows\system32\shell32.dll
2017-07-15 21:17:15 ----A---- C:\Windows\system32\ntoskrnl.exe
2017-07-15 21:17:13 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2017-07-15 21:17:13 ----A---- C:\Windows\system32\mf.dll
2017-07-15 21:17:13 ----A---- C:\Windows\system32\FntCache.dll
2017-07-15 21:17:13 ----A---- C:\Windows\system32\DWrite.dll
2017-07-15 21:17:12 ----A---- C:\Windows\SYSWOW64\shell32.dll
2017-07-15 21:17:11 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2017-07-15 21:17:11 ----A---- C:\Windows\SYSWOW64\mf.dll
2017-07-15 21:17:11 ----A---- C:\Windows\system32\ole32.dll
2017-07-15 21:17:11 ----A---- C:\Windows\system32\blackbox.dll
2017-07-15 21:17:09 ----A---- C:\Windows\system32\wups2.dll
2017-07-15 21:17:09 ----A---- C:\Windows\system32\wups.dll
2017-07-15 21:17:09 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2017-07-15 21:17:09 ----A---- C:\Windows\system32\MSVidCtl.dll
2017-07-15 21:17:08 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2017-07-15 21:17:08 ----A---- C:\Windows\SYSWOW64\blackbox.dll
2017-07-15 21:17:08 ----A---- C:\Windows\system32\drmv2clt.dll
2017-07-15 21:17:07 ----A---- C:\Windows\system32\WsmSvc.dll
2017-07-15 21:17:07 ----A---- C:\Windows\system32\win32k.sys
2017-07-15 21:17:06 ----A---- C:\Windows\SYSWOW64\drmv2clt.dll
2017-07-15 21:17:06 ----A---- C:\Windows\system32\msxml3.dll
2017-07-15 21:17:06 ----A---- C:\Windows\system32\msi.dll
2017-07-15 21:17:06 ----A---- C:\Windows\system32\drivers\tcpip.sys
2017-07-15 21:17:05 ----A---- C:\Windows\SYSWOW64\WsmSvc.dll
2017-07-15 21:17:05 ----A---- C:\Windows\SYSWOW64\msi.dll
2017-07-15 21:17:05 ----A---- C:\Windows\system32\ntdll.dll
2017-07-15 21:17:04 ----A---- C:\Windows\SYSWOW64\MSVidCtl.dll
2017-07-15 21:17:03 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2017-07-15 21:17:03 ----A---- C:\Windows\system32\crypt32.dll
2017-07-15 21:17:02 ----A---- C:\Windows\SYSWOW64\ole32.dll
2017-07-15 21:17:02 ----A---- C:\Windows\system32\tquery.dll
2017-07-15 21:17:01 ----A---- C:\Windows\system32\scavengeui.dll
2017-07-15 21:17:01 ----A---- C:\Windows\system32\quartz.dll
2017-07-15 21:17:01 ----A---- C:\Windows\system32\lsasrv.dll
2017-07-15 21:17:00 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2017-07-15 21:17:00 ----A---- C:\Windows\system32\wmdrmsdk.dll
2017-07-15 21:17:00 ----A---- C:\Windows\system32\rpcrt4.dll
2017-07-15 21:16:59 ----A---- C:\Windows\SYSWOW64\wmdrmsdk.dll
2017-07-15 21:16:59 ----A---- C:\Windows\SYSWOW64\quartz.dll
2017-07-15 21:16:59 ----A---- C:\Windows\system32\Query.dll
2017-07-15 21:16:59 ----A---- C:\Windows\system32\oleaut32.dll
2017-07-15 21:16:59 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2017-07-15 21:16:58 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2017-07-15 21:16:58 ----A---- C:\Windows\system32\localspl.dll
2017-07-15 21:16:58 ----A---- C:\Windows\system32\advapi32.dll
2017-07-15 21:16:57 ----A---- C:\Windows\system32\winload.exe
2017-07-15 21:16:57 ----A---- C:\Windows\system32\kernel32.dll
2017-07-15 21:16:56 ----A---- C:\Windows\system32\samsrv.dll
2017-07-15 21:16:55 ----A---- C:\Windows\system32\rpcss.dll
2017-07-15 21:16:55 ----A---- C:\Windows\system32\mssrch.dll
2017-07-15 21:16:55 ----A---- C:\Windows\system32\msctf.dll
2017-07-15 21:16:54 ----A---- C:\Windows\system32\win32spl.dll
2017-07-15 21:16:54 ----A---- C:\Windows\system32\drivers\srv.sys
2017-07-15 21:16:54 ----A---- C:\Windows\system32\audiosrv.dll
2017-07-15 21:16:53 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2017-07-15 21:16:53 ----A---- C:\Windows\SYSWOW64\UIAnimation.dll
2017-07-15 21:16:53 ----A---- C:\Windows\system32\UIAnimation.dll
2017-07-15 21:16:53 ----A---- C:\Windows\system32\schannel.dll
2017-07-15 21:16:53 ----A---- C:\Windows\system32\kerberos.dll
2017-07-15 21:16:53 ----A---- C:\Windows\system32\inetcomm.dll
2017-07-15 21:16:53 ----A---- C:\Windows\system32\drivers\srv2.sys
2017-07-15 21:16:53 ----A---- C:\Windows\system32\authui.dll
2017-07-15 21:16:53 ----A---- C:\Windows\HelpPane.exe
2017-07-15 21:16:52 ----A---- C:\Windows\SYSWOW64\msctf.dll
2017-07-15 21:16:52 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2017-07-15 21:16:52 ----A---- C:\Windows\SYSWOW64\evr.dll
2017-07-15 21:16:52 ----A---- C:\Windows\SYSWOW64\authui.dll
2017-07-15 21:16:52 ----A---- C:\Windows\system32\KernelBase.dll
2017-07-15 21:16:52 ----A---- C:\Windows\system32\AUDIOKSE.dll
2017-07-15 21:16:51 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2017-07-15 21:16:51 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2017-07-15 21:16:51 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2017-07-15 21:16:51 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2017-07-15 21:16:51 ----A---- C:\Windows\system32\WebClnt.dll
2017-07-15 21:16:51 ----A---- C:\Windows\system32\usp10.dll
2017-07-15 21:16:51 ----A---- C:\Windows\system32\IMJP10K.DLL
2017-07-15 21:16:51 ----A---- C:\Windows\system32\evr.dll
2017-07-15 21:16:51 ----A---- C:\Windows\system32\drivers\afd.sys
2017-07-15 21:16:51 ----A---- C:\Windows\system32\atmfd.dll
2017-07-15 21:16:50 ----A---- C:\Windows\SYSWOW64\WebClnt.dll
2017-07-15 21:16:50 ----A---- C:\Windows\SYSWOW64\tquery.dll
2017-07-15 21:16:50 ----A---- C:\Windows\SYSWOW64\Query.dll
2017-07-15 21:16:50 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2017-07-15 21:16:50 ----A---- C:\Windows\SYSWOW64\IMJP10K.DLL
2017-07-15 21:16:50 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2017-07-15 21:16:50 ----A---- C:\Windows\system32\drmmgrtn.dll
2017-07-15 21:16:50 ----A---- C:\Windows\system32\cdosys.dll
2017-07-15 21:16:49 ----A---- C:\Windows\SYSWOW64\schannel.dll
2017-07-15 21:16:49 ----A---- C:\Windows\SYSWOW64\drmmgrtn.dll
2017-07-15 21:16:49 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2017-07-15 21:16:49 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2017-07-15 21:16:49 ----A---- C:\Windows\system32\WsmWmiPl.dll
2017-07-15 21:16:49 ----A---- C:\Windows\system32\wintrust.dll
2017-07-15 21:16:49 ----A---- C:\Windows\system32\user32.dll
2017-07-15 21:16:49 ----A---- C:\Windows\system32\pla.dll
2017-07-15 21:16:49 ----A---- C:\Windows\system32\msv1_0.dll
2017-07-15 21:16:49 ----A---- C:\Windows\system32\gdi32.dll
2017-07-15 21:16:49 ----A---- C:\Windows\system32\drivers\PEAuth.sys
2017-07-15 21:16:49 ----A---- C:\Windows\system32\cryptsvc.dll
2017-07-15 21:16:48 ----A---- C:\Windows\SYSWOW64\WSManMigrationPlugin.dll
2017-07-15 21:16:48 ----A---- C:\Windows\SYSWOW64\usp10.dll
2017-07-15 21:16:48 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2017-07-15 21:16:48 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2017-07-15 21:16:48 ----A---- C:\Windows\SYSWOW64\AUDIOKSE.dll
2017-07-15 21:16:48 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
2017-07-15 21:16:48 ----A---- C:\Windows\system32\wow64win.dll
2017-07-15 21:16:48 ----A---- C:\Windows\system32\srcore.dll
2017-07-15 21:16:48 ----A---- C:\Windows\system32\qdvd.dll
2017-07-15 21:16:48 ----A---- C:\Windows\system32\cryptui.dll
2017-07-15 21:16:48 ----A---- C:\Windows\system32\AudioEng.dll
2017-07-15 21:16:47 ----A---- C:\Windows\SYSWOW64\WsmWmiPl.dll
2017-07-15 21:16:47 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2017-07-15 21:16:47 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2017-07-15 21:16:47 ----A---- C:\Windows\system32\SearchIndexer.exe
2017-07-15 21:16:47 ----A---- C:\Windows\system32\ExplorerFrame.dll
2017-07-15 21:16:47 ----A---- C:\Windows\system32\drivers\ntfs.sys
2017-07-15 21:16:47 ----A---- C:\Windows\system32\drivers\cng.sys
2017-07-15 21:16:47 ----A---- C:\Windows\system32\conhost.exe
2017-07-15 21:16:46 ----A---- C:\Windows\SYSWOW64\WSManHTTPConfig.exe
2017-07-15 21:16:46 ----A---- C:\Windows\SYSWOW64\user32.dll
2017-07-15 21:16:46 ----A---- C:\Windows\SYSWOW64\msihnd.dll
2017-07-15 21:16:46 ----A---- C:\Windows\SYSWOW64\mfplat.dll
2017-07-15 21:16:46 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2017-07-15 21:16:46 ----A---- C:\Windows\SYSWOW64\cryptui.dll
2017-07-15 21:16:46 ----A---- C:\Windows\SYSWOW64\AudioEng.dll
2017-07-15 21:16:46 ----A---- C:\Windows\system32\mfplat.dll
2017-07-15 21:16:46 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2017-07-15 21:16:46 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2017-07-15 21:16:46 ----A---- C:\Windows\system32\davclnt.dll
2017-07-15 21:16:46 ----A---- C:\Windows\system32\clfs.sys
2017-07-15 21:16:46 ----A---- C:\Windows\system32\AudioSes.dll
2017-07-15 21:16:46 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2017-07-15 21:16:45 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2017-07-15 21:16:45 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2017-07-15 21:16:45 ----A---- C:\Windows\SYSWOW64\davclnt.dll
2017-07-15 21:16:45 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2017-07-15 21:16:45 ----A---- C:\Windows\SYSWOW64\AudioSes.dll
2017-07-15 21:16:45 ----A---- C:\Windows\system32\WsmAuto.dll
2017-07-15 21:16:45 ----A---- C:\Windows\system32\rpchttp.dll
2017-07-15 21:16:45 ----A---- C:\Windows\system32\pcasvc.dll
2017-07-15 21:16:45 ----A---- C:\Windows\system32\drivers\tdx.sys
2017-07-15 21:16:45 ----A---- C:\Windows\system32\drivers\srvnet.sys
2017-07-15 21:16:45 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2017-07-15 21:16:45 ----A---- C:\Windows\system32\drivers\dfsc.sys
2017-07-15 21:16:45 ----A---- C:\Windows\system32\cryptnet.dll
2017-07-15 21:16:44 ----A---- C:\Windows\SYSWOW64\WsmAuto.dll
2017-07-15 21:16:44 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2017-07-15 21:16:44 ----A---- C:\Windows\SYSWOW64\pla.dll
2017-07-15 21:16:44 ----A---- C:\Windows\system32\Wldap32.dll
2017-07-15 21:16:44 ----A---- C:\Windows\system32\winsrv.dll
2017-07-15 21:16:44 ----A---- C:\Windows\system32\ncrypt.dll
2017-07-15 21:16:44 ----A---- C:\Windows\system32\msiexec.exe
2017-07-15 21:16:44 ----A---- C:\Windows\system32\EncDump.dll
2017-07-15 21:16:44 ----A---- C:\Windows\system32\drivers\mountmgr.sys
2017-07-15 21:16:43 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2017-07-15 21:16:43 ----A---- C:\Windows\system32\mscms.dll
2017-07-15 21:16:43 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2017-07-15 21:16:43 ----A---- C:\Windows\system32\drivers\fastfat.sys
2017-07-15 21:16:43 ----A---- C:\Windows\system32\drivers\exfat.sys
2017-07-15 21:16:43 ----A---- C:\Windows\system32\consent.exe
2017-07-15 21:16:42 ----A---- C:\Windows\SYSWOW64\ExplorerFrame.dll
2017-07-15 21:16:42 ----A---- C:\Windows\system32\drivers\netio.sys
2017-07-15 21:16:42 ----A---- C:\Windows\system32\certcli.dll
2017-07-15 21:16:42 ----A---- C:\Windows\system32\bcdedit.exe
2017-07-15 21:16:41 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2017-07-15 21:16:41 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2017-07-15 21:16:41 ----A---- C:\Windows\system32\wow64.dll
2017-07-15 21:16:41 ----A---- C:\Windows\system32\wmploc.DLL
2017-07-15 21:16:41 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2017-07-15 21:16:41 ----A---- C:\Windows\system32\adtschema.dll
2017-07-15 21:16:40 ----A---- C:\Windows\SYSWOW64\Wldap32.dll
2017-07-15 21:16:40 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2017-07-15 21:16:40 ----A---- C:\Windows\system32\pdh.dll
2017-07-15 21:16:40 ----A---- C:\Windows\system32\mssph.dll
2017-07-15 21:16:40 ----A---- C:\Windows\system32\msinfo32.exe
2017-07-15 21:16:40 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2017-07-15 21:16:40 ----A---- C:\Windows\system32\drivers\bowser.sys
2017-07-15 21:16:40 ----A---- C:\Windows\system32\audiodg.exe
2017-07-15 21:16:39 ----A---- C:\Windows\SYSWOW64\wups.dll
2017-07-15 21:16:39 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2017-07-15 21:16:39 ----A---- C:\Windows\SYSWOW64\pdh.dll
2017-07-15 21:16:39 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2017-07-15 21:16:39 ----A---- C:\Windows\system32\mssvp.dll
2017-07-15 21:16:39 ----A---- C:\Windows\system32\mfps.dll
2017-07-15 21:16:39 ----A---- C:\Windows\system32\cryptsp.dll
2017-07-15 21:16:39 ----A---- C:\Windows\system32\appidsvc.dll
2017-07-15 21:16:38 ----A---- C:\Windows\SYSWOW64\cryptsp.dll
2017-07-15 21:16:38 ----A---- C:\Windows\SYSWOW64\adsmsext.dll
2017-07-15 21:16:38 ----A---- C:\Windows\system32\wdigest.dll
2017-07-15 21:16:38 ----A---- C:\Windows\system32\wdc.dll
2017-07-15 21:16:38 ----A---- C:\Windows\system32\TSpkg.dll
2017-07-15 21:16:38 ----A---- C:\Windows\system32\drivers\http.sys
2017-07-15 21:16:38 ----A---- C:\Windows\system32\drivers\appid.sys
2017-07-15 21:16:38 ----A---- C:\Windows\system32\appinfo.dll
2017-07-15 21:16:38 ----A---- C:\Windows\system32\appidapi.dll
2017-07-15 21:16:38 ----A---- C:\Windows\system32\adsmsext.dll
2017-07-15 21:16:37 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2017-07-15 21:16:37 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2017-07-15 21:16:37 ----A---- C:\Windows\SYSWOW64\mssph.dll
2017-07-15 21:16:37 ----A---- C:\Windows\SYSWOW64\MigAutoPlay.exe
2017-07-15 21:16:37 ----A---- C:\Windows\SYSWOW64\certcli.dll
2017-07-15 21:16:37 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2017-07-15 21:16:37 ----A---- C:\Windows\system32\smss.exe
2017-07-15 21:16:37 ----A---- C:\Windows\system32\mssphtb.dll
2017-07-15 21:16:37 ----A---- C:\Windows\system32\MigAutoPlay.exe
2017-07-15 21:16:37 ----A---- C:\Windows\system32\input.dll
2017-07-15 21:16:37 ----A---- C:\Windows\system32\icm32.dll
2017-07-15 21:16:37 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2017-07-15 21:16:37 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2017-07-15 21:16:37 ----A---- C:\Windows\system32\bcrypt.dll
2017-07-15 21:16:37 ----A---- C:\Windows\system32\asycfilt.dll
2017-07-15 21:16:36 ----A---- C:\Windows\SYSWOW64\wdc.dll
2017-07-15 21:16:36 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2017-07-15 21:16:36 ----A---- C:\Windows\SYSWOW64\rundll32.exe
2017-07-15 21:16:36 ----A---- C:\Windows\SYSWOW64\msinfo32.exe
2017-07-15 21:16:36 ----A---- C:\Windows\SYSWOW64\mscms.dll
2017-07-15 21:16:36 ----A---- C:\Windows\SYSWOW64\mfps.dll
2017-07-15 21:16:36 ----A---- C:\Windows\SYSWOW64\input.dll
2017-07-15 21:16:36 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2017-07-15 21:16:36 ----A---- C:\Windows\SYSWOW64\asycfilt.dll
2017-07-15 21:16:36 ----A---- C:\Windows\system32\SearchFilterHost.exe
2017-07-15 21:16:36 ----A---- C:\Windows\system32\PrintBrmUi.exe
2017-07-15 21:16:36 ----A---- C:\Windows\system32\pdhui.dll
2017-07-15 21:16:36 ----A---- C:\Windows\system32\csrsrv.dll
2017-07-15 21:16:35 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2017-07-15 21:16:35 ----A---- C:\Windows\SYSWOW64\pdhui.dll
2017-07-15 21:16:35 ----A---- C:\Windows\SYSWOW64\msiexec.exe
2017-07-15 21:16:35 ----A---- C:\Windows\SYSWOW64\mfmjpegdec.dll
2017-07-15 21:16:35 ----A---- C:\Windows\SYSWOW64\icm32.dll
2017-07-15 21:16:35 ----A---- C:\Windows\SYSWOW64\hlink.dll
2017-07-15 21:16:35 ----A---- C:\Windows\system32\wvc.dll
2017-07-15 21:16:35 ----A---- C:\Windows\system32\samlib.dll
2017-07-15 21:16:35 ----A---- C:\Windows\system32\rundll32.exe
2017-07-15 21:16:35 ----A---- C:\Windows\system32\msscp.dll
2017-07-15 21:16:35 ----A---- C:\Windows\system32\msscntrs.dll
2017-07-15 21:16:35 ----A---- C:\Windows\system32\mfmjpegdec.dll
2017-07-15 21:16:35 ----A---- C:\Windows\system32\hlink.dll
2017-07-15 21:16:35 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2017-07-15 21:16:34 ----A---- C:\Windows\SYSWOW64\oleres.dll
2017-07-15 21:16:34 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2017-07-15 21:16:34 ----A---- C:\Windows\SYSWOW64\nlsbres.dll
2017-07-15 21:16:34 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2017-07-15 21:16:34 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2017-07-15 21:16:34 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2017-07-15 21:16:34 ----A---- C:\Windows\system32\rstrui.exe
2017-07-15 21:16:34 ----A---- C:\Windows\system32\oleres.dll
2017-07-15 21:16:34 ----A---- C:\Windows\system32\nlsbres.dll
2017-07-15 21:16:34 ----A---- C:\Windows\system32\msihnd.dll
2017-07-15 21:16:34 ----A---- C:\Windows\system32\cryptbase.dll
2017-07-15 21:16:33 ----A---- C:\Windows\SYSWOW64\WcsPlugInService.dll
2017-07-15 21:16:33 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2017-07-15 21:16:33 ----A---- C:\Windows\SYSWOW64\samlib.dll
2017-07-15 21:16:33 ----A---- C:\Windows\SYSWOW64\msscp.dll
2017-07-15 21:16:33 ----A---- C:\Windows\SYSWOW64\msscntrs.dll
2017-07-15 21:16:33 ----A---- C:\Windows\SYSWOW64\msnetobj.dll
2017-07-15 21:16:33 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2017-07-15 21:16:33 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2017-07-15 21:16:33 ----A---- C:\Windows\system32\WcsPlugInService.dll
2017-07-15 21:16:33 ----A---- C:\Windows\system32\sspicli.dll
2017-07-15 21:16:33 ----A---- C:\Windows\system32\srclient.dll
2017-07-15 21:16:33 ----A---- C:\Windows\system32\secur32.dll
2017-07-15 21:16:33 ----A---- C:\Windows\system32\ntvdm64.dll
2017-07-15 21:16:33 ----A---- C:\Windows\system32\msnetobj.dll
2017-07-15 21:16:33 ----A---- C:\Windows\system32\msaudite.dll
2017-07-15 21:16:33 ----A---- C:\Windows\system32\lsass.exe
2017-07-15 21:16:33 ----A---- C:\Windows\system32\auditpol.exe
2017-07-15 21:16:32 ----A---- C:\Windows\SYSWOW64\wvc.dll
2017-07-15 21:16:32 ----A---- C:\Windows\SYSWOW64\srclient.dll
2017-07-15 21:16:32 ----A---- C:\Windows\SYSWOW64\setup16.exe
2017-07-15 21:16:32 ----A---- C:\Windows\SYSWOW64\secur32.dll
2017-07-15 21:16:32 ----A---- C:\Windows\SYSWOW64\rrinstaller.exe
2017-07-15 21:16:32 ----A---- C:\Windows\SYSWOW64\perfmon.exe
2017-07-15 21:16:32 ----A---- C:\Windows\SYSWOW64\mssitlb.dll
2017-07-15 21:16:32 ----A---- C:\Windows\SYSWOW64\mfpmp.exe
2017-07-15 21:16:32 ----A---- C:\Windows\SYSWOW64\credssp.dll
2017-07-15 21:16:32 ----A---- C:\Windows\system32\setbcdlocale.dll
2017-07-15 21:16:32 ----A---- C:\Windows\system32\rrinstaller.exe
2017-07-15 21:16:32 ----A---- C:\Windows\system32\perfmon.exe
2017-07-15 21:16:32 ----A---- C:\Windows\system32\pcadm.dll
2017-07-15 21:16:32 ----A---- C:\Windows\system32\mssitlb.dll
2017-07-15 21:16:32 ----A---- C:\Windows\system32\mfpmp.exe
2017-07-15 21:16:32 ----A---- C:\Windows\system32\credssp.dll
2017-07-15 21:16:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-07-15 21:16:31 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-07-15 21:16:31 ----A---- C:\Windows\SYSWOW64\wsmprovhost.exe
2017-07-15 21:16:31 ----A---- C:\Windows\SYSWOW64\wsmplpxy.dll
2017-07-15 21:16:31 ----A---- C:\Windows\SYSWOW64\resmon.exe
2017-07-15 21:16:31 ----A---- C:\Windows\SYSWOW64\mssprxy.dll
2017-07-15 21:16:31 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2017-07-15 21:16:31 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2017-07-15 21:16:31 ----A---- C:\Windows\system32\wsmprovhost.exe
2017-07-15 21:16:31 ----A---- C:\Windows\system32\wsmplpxy.dll
2017-07-15 21:16:31 ----A---- C:\Windows\system32\sspisrv.dll
2017-07-15 21:16:31 ----A---- C:\Windows\system32\resmon.exe
2017-07-15 21:16:31 ----A---- C:\Windows\system32\pcawrk.exe
2017-07-15 21:16:31 ----A---- C:\Windows\system32\pcalua.exe
2017-07-15 21:16:31 ----A---- C:\Windows\system32\mssprxy.dll
2017-07-15 21:16:31 ----A---- C:\Windows\system32\msshooks.dll
2017-07-15 21:16:31 ----A---- C:\Windows\system32\msmmsp.dll
2017-07-15 21:16:31 ----A---- C:\Windows\system32\lpk.dll
2017-07-15 21:16:31 ----A---- C:\Windows\system32\dciman32.dll
2017-07-15 21:16:31 ----A---- C:\Windows\system32\cdd.dll
2017-07-15 21:16:31 ----A---- C:\Windows\system32\atmlib.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-07-15 21:16:30 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-07-15 21:16:30 ----A---- C:\Windows\SYSWOW64\wow32.dll
2017-07-15 21:16:30 ----A---- C:\Windows\SYSWOW64\spwmp.dll
2017-07-15 21:16:30 ----A---- C:\Windows\SYSWOW64\msshooks.dll
2017-07-15 21:16:30 ----A---- C:\Windows\SYSWOW64\lpk.dll
2017-07-15 21:16:30 ----A---- C:\Windows\SYSWOW64\instnm.exe
2017-07-15 21:16:30 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2017-07-15 21:16:30 ----A---- C:\Windows\SYSWOW64\comcat.dll
2017-07-15 21:16:30 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2017-07-15 21:16:30 ----A---- C:\Windows\system32\wow64cpu.dll
2017-07-15 21:16:30 ----A---- C:\Windows\system32\spwmp.dll
2017-07-15 21:16:30 ----A---- C:\Windows\system32\plasrv.exe
2017-07-15 21:16:30 ----A---- C:\Windows\system32\fontsub.dll
2017-07-15 21:16:30 ----A---- C:\Windows\system32\dxmasf.dll
2017-07-15 21:16:30 ----A---- C:\Windows\system32\comcat.dll
2017-07-15 21:16:30 ----A---- C:\Windows\system32\apisetschema.dll
2017-07-15 21:16:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2017-07-15 21:16:29 ----A---- C:\Windows\SYSWOW64\WsmRes.dll
2017-07-15 21:16:29 ----A---- C:\Windows\SYSWOW64\user.exe
2017-07-15 21:16:29 ----A---- C:\Windows\SYSWOW64\tzres.dll
2017-07-15 21:16:29 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2017-07-15 21:16:29 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2017-07-15 21:16:29 ----A---- C:\Windows\SYSWOW64\msimsg.dll
2017-07-15 21:16:29 ----A---- C:\Windows\SYSWOW64\mferror.dll
2017-07-15 21:16:29 ----A---- C:\Windows\SYSWOW64\INETRES.dll
2017-07-15 21:16:29 ----A---- C:\Windows\SYSWOW64\dxmasf.dll
2017-07-15 21:16:29 ----A---- C:\Windows\system32\WsmRes.dll
2017-07-15 21:16:29 ----A---- C:\Windows\system32\tzres.dll
2017-07-15 21:16:29 ----A---- C:\Windows\system32\pcaevts.dll
2017-07-15 21:16:29 ----A---- C:\Windows\system32\msxml3r.dll
2017-07-15 21:16:29 ----A---- C:\Windows\system32\msobjs.dll
2017-07-15 21:16:29 ----A---- C:\Windows\system32\msimsg.dll
2017-07-15 21:16:29 ----A---- C:\Windows\system32\mferror.dll
2017-07-15 21:16:29 ----A---- C:\Windows\system32\INETRES.dll
2017-07-15 21:13:20 ----A---- C:\Windows\system32\drivers\tcpipreg.sys
2017-07-15 21:13:18 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2017-07-15 21:13:18 ----A---- C:\Windows\system32\drivers\usbport.sys
2017-07-15 21:13:18 ----A---- C:\Windows\system32\drivers\usbohci.sys
2017-07-15 21:13:18 ----A---- C:\Windows\system32\drivers\usbhub.sys
2017-07-15 21:13:18 ----A---- C:\Windows\system32\drivers\usbehci.sys
2017-07-15 21:13:18 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2017-07-15 21:13:17 ----A---- C:\Windows\system32\drivers\usbd.sys
2017-07-15 21:13:11 ----A---- C:\Windows\SYSWOW64\explorer.exe
2017-07-15 21:13:11 ----A---- C:\Windows\explorer.exe
2017-07-15 21:13:03 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2017-07-15 21:13:03 ----A---- C:\Windows\system32\poqexec.exe
2017-06-29 14:20:14 ----D---- C:\Users\Administrator\AppData\Roaming\Skype

======List of files/folders modified in the last 1 month======

2017-07-28 19:22:20 ----D---- C:\Program Files\trend micro
2017-07-28 19:21:12 ----D---- C:\Windows\Temp
2017-07-28 19:17:56 ----D---- C:\ProgramData\NVIDIA
2017-07-28 19:17:08 ----HD---- C:\ProgramData
2017-07-28 19:17:06 ----D---- C:\Windows\system32\config
2017-07-28 19:16:50 ----D---- C:\Windows\system32\drivers\etc
2017-07-28 19:11:48 ----D---- C:\Windows\Prefetch
2017-07-28 19:03:07 ----D---- C:\Windows\system32\drivers
2017-07-24 16:08:05 ----D---- C:\Windows\Minidump
2017-07-24 16:08:05 ----D---- C:\Windows
2017-07-22 07:45:06 ----SHD---- C:\Windows\Installer
2017-07-22 07:44:52 ----D---- C:\Windows\SysWOW64
2017-07-22 07:44:52 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2017-07-22 07:44:25 ----D---- C:\Windows\inf
2017-07-22 07:44:20 ----D---- C:\Windows\System32
2017-07-22 07:44:20 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-07-22 07:40:56 ----SHD---- C:\System Volume Information
2017-07-20 11:41:52 ----D---- C:\Windows\Microsoft.NET
2017-07-20 11:26:05 ----D---- C:\Windows\system32\MRT
2017-07-20 11:20:30 ----D---- C:\Windows\debug
2017-07-20 11:18:50 ----AC---- C:\Windows\system32\MRT.exe
2017-07-20 11:09:47 ----D---- C:\Windows\system32\Tasks
2017-07-20 08:51:02 ----D---- C:\Windows\rescache
2017-07-20 08:21:26 ----RSD---- C:\Windows\assembly
2017-07-20 08:18:41 ----D---- C:\Windows\winsxs
2017-07-17 23:59:22 ----RD---- C:\Program Files
2017-07-17 23:59:22 ----D---- C:\Windows\system32\cs-CZ
2017-07-17 23:59:21 ----SD---- C:\Windows\system32\CompatTel
2017-07-17 23:59:20 ----D---- C:\Windows\system32\appraiser
2017-07-17 23:59:20 ----D---- C:\Windows\AppPatch
2017-07-17 23:59:10 ----D---- C:\Program Files\Internet Explorer
2017-07-17 23:59:10 ----D---- C:\Program Files\DVD Maker
2017-07-17 23:59:09 ----D---- C:\Program Files\Windows Media Player
2017-07-17 23:59:09 ----D---- C:\Program Files (x86)\Internet Explorer
2017-07-17 23:59:08 ----D---- C:\Windows\SYSWOW64\migwiz
2017-07-17 23:59:08 ----D---- C:\Windows\SYSWOW64\migration
2017-07-17 23:59:08 ----D---- C:\Program Files (x86)\Windows Media Player
2017-07-17 23:59:07 ----D---- C:\Windows\SYSWOW64\Dism
2017-07-17 23:59:07 ----D---- C:\Windows\SYSWOW64\cs-CZ
2017-07-17 23:59:05 ----D---- C:\Windows\SYSWOW64\en-US
2017-07-17 23:58:56 ----D---- C:\Windows\PolicyDefinitions
2017-07-17 23:58:55 ----D---- C:\Windows\system32\migwiz
2017-07-17 23:58:55 ----D---- C:\Windows\system32\migration
2017-07-17 23:58:54 ----D---- C:\Windows\system32\Dism
2017-07-17 23:58:48 ----D---- C:\Windows\system32\en-US
2017-07-17 23:58:35 ----D---- C:\Windows\system32\Boot
2017-07-17 23:58:33 ----D---- C:\Windows\system32\drivers\cs-CZ
2017-07-17 23:58:29 ----D---- C:\Windows\cs-CZ
2017-07-17 23:58:16 ----D---- C:\Windows\system32\DriverStore
2017-07-17 18:51:17 ----D---- C:\ProgramData\AVAST Software
2017-07-17 18:49:32 ----D---- C:\Program Files\Common Files\AV
2017-07-16 09:26:15 ----D---- C:\ProgramData\Microsoft Help
2017-07-16 09:14:31 ----A---- C:\Windows\win.ini
2017-07-16 08:55:18 ----D---- C:\Windows\Logs
2017-07-16 08:37:21 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-16 08:37:21 ----D---- C:\Program Files (x86)\Mozilla Firefox
2017-07-15 20:57:34 ----D---- C:\Windows\Tasks
2017-07-15 20:57:34 ----D---- C:\Windows\system32\wfp
2017-07-15 20:57:33 ----D---- C:\Windows\system32\drivers\UMDF
2017-07-15 20:57:00 ----D---- C:\Windows\system32\wbem
2017-07-15 20:57:00 ----D---- C:\Windows\registration
2017-07-15 20:54:25 ----RHD---- C:\MSOCache
2017-07-15 20:53:29 ----D---- C:\Windows\system32\catroot2
2017-07-15 20:04:23 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2017-07-15 20:04:16 ----D---- C:\Windows\system32\Macromed
2017-07-15 20:04:15 ----D---- C:\Windows\SYSWOW64\Macromed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2017-07-20 198976]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2017-07-20 343288]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2017-07-20 57728]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-07-17 84392]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-07-17 361336]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2009-02-03 75384]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 14192]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2007-02-08 107384]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2017-07-20 320008]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-07-17 110352]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-07-17 1015848]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-07-17 585608]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-07-20 146696]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-07-17 198768]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2016-05-10 205456]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-05-02 28216]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2016-04-14 56384]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-07-17 46984]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 161280]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2014-08-16 54784]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2017-04-25 83056]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-07-20 263312]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-05-02 1165368]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-05-02 1881144]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-05-02 2522680]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2016-05-10 1201600]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-05-10 426040]
R2 tvnserver;TightVNC Server; C:\Program Files\TightVNC\tvnserver.exe [2013-07-19 2179056]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-07-20 7430992]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-05-02 3634232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-04-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-04-21 128648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-09-20 324224]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-15 272384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-06-29 116224]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-07-15 175560]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-03-08 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-04-21 52856]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]

-----------------EOF-----------------

#12 Příspěvek od **Rudy** » 28 črc 2017 18:58

OK. Nastala nějaká změna?

Hank · #13 Příspěvek od **Hank** » 28 črc 2017 21:03

Už je to v podstatě stejně rychlé, co to bývalo.
Jste frajer!

#14 Příspěvek od **Rudy** » 28 črc 2017 21:08

Tak to jsem rád!

Hank · #15 Příspěvek od **Hank** » 29 črc 2017 22:01

Mockrát Vám děkuji!

VIRY.CZ

Avast nefunguje

Avast nefunguje

Re: Avast nefunguje

Avast funguje, nalezeny 2 viry

Re: Avast nefunguje

Re: Avast nefunguje

Re: Avast nefunguje

Re: Avast nefunguje

Re: Avast nefunguje

Re: Avast nefunguje

Re: Avast nefunguje

Nový RSIT log

Re: Avast nefunguje

Re: Avast nefunguje

Re: Avast nefunguje

Re: Avast nefunguje