VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Preventivní kontrola logu - tmczech

https://forum.viry.cz:443/viewtopic.php?t=154909

Stránka 1 z 2

Preventivní kontrola logu - tmczech

Napsal: 27 zář 2018 17:41
od tmczech
Dobrý den, prosím o kontrolu logu.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Admin at 2018-09-27 18:33:10
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 18 GB (16%) free of 114 GB
Total RAM: 8091 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:33:13, on 27.9.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19130)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [Application Restart #2] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --user-data-dir="C:\ProgramData\ESET\ESET Smart Security\OPP\S-1-5-21-3455737578-2053105143-1757345281-1000\\EsetOPPChromeProfile" --flag-switches-begin --flag-switches-end --restore-last-session http://eset.com/BPPRedirector/ESET-Safe ... 9b99cebe7e
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Poslat do aplikace OneNote.lnk = C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: (no name) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: ASGT - Unknown owner - C:\Windows\SysWOW64\ASGT.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HuaweiHiSuiteService64.exe - Unknown owner - C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9656 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
"C:\Program Files\ESET\ESET Smart Security\ekrn.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
atieclxx
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"taskhost.exe"
C:\Windows\SysWOW64\ASGT.exe
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe" -/service
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2076
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-f69a5a2d-8761-4194-a716-44874ec38e06 -SystemEventPortName:HostProcess-d55460c5-dfdf-4c89-ae57-cbd866c80b8d -IoCancelEventPortName:HostProcess-0f3ff491-d2ba-483e-899d-4bdb4fb939f9 -NonStateChangingEventPortName:HostProcess-c8ec06ef-5b1d-47c7-9aa5-e034996dacd2 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:648743a7-60c4-481b-b715-172999ee8a81 -DeviceGroupId:WpdFsGroup
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming
"C:\Program Files (x86)\Samsung\Kies\Kies.exe" /preload
"C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide
KHALMNPR.EXE /API
"C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe atlogon
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 536 540 548 65536 544
"C:\Program Files\CCleaner\CCleaner64.exe" /monitor
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Admin\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
SteadyVideoBHO Class - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13 81024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}]
Logitech SetPoint - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-02-21 436464]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
SteadyVideoBHO Class - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-13 69760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}]
Logitech SetPoint - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-02-21 367344]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2012-08-07 6827664]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2013-02-21 2991856]
"Logitech Download Assistant"=C:\Windows\System32\LogiLDA.dll [2016-10-14 1841496]
"egui"=C:\Program Files\ESET\ESET Smart Security\ecmds.exe [2018-09-18 177928]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"=C:\Program Files (x86)\Samsung\Kies\Kies.exe [2013-04-23 1561968]
""=C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2013-04-23 844144]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2017-09-20 9856176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart #2"=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2018-09-15 1469784]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"KiesTrayAgent"=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2013-04-23 311152]

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Poslat do aplikace OneNote.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2013-02-08 68848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2018-09-27 18:33:10 ----D---- C:\rsit
2018-09-12 17:11:05 ----A---- C:\Windows\system32\mshtml.dll
2018-09-12 17:11:05 ----A---- C:\Windows\system32\drivers\ks.sys
2018-09-12 17:11:04 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2018-09-12 17:11:04 ----A---- C:\Windows\system32\jscript9.dll
2018-09-12 17:11:03 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2018-09-12 17:11:03 ----A---- C:\Windows\SYSWOW64\shell32.dll
2018-09-12 17:11:03 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2018-09-12 17:11:03 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2018-09-12 17:11:03 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2018-09-12 17:11:03 ----A---- C:\Windows\system32\urlmon.dll
2018-09-12 17:11:03 ----A---- C:\Windows\system32\shell32.dll
2018-09-12 17:11:03 ----A---- C:\Windows\system32\msxml6.dll
2018-09-12 17:11:03 ----A---- C:\Windows\system32\msxml3.dll
2018-09-12 17:11:03 ----A---- C:\Windows\system32\drivers\tcpip.sys
2018-09-12 17:11:02 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2018-09-12 17:11:02 ----A---- C:\Windows\SYSWOW64\t2embed.dll
2018-09-12 17:11:02 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2018-09-12 17:11:02 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2018-09-12 17:11:02 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2018-09-12 17:11:02 ----A---- C:\Windows\SYSWOW64\msjet40.dll
2018-09-12 17:11:02 ----A---- C:\Windows\SYSWOW64\msexcl40.dll
2018-09-12 17:11:02 ----A---- C:\Windows\SYSWOW64\mf3216.dll
2018-09-12 17:11:02 ----A---- C:\Windows\SYSWOW64\jscript.dll
2018-09-12 17:11:02 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2018-09-12 17:11:02 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2018-09-12 17:11:02 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2018-09-12 17:11:02 ----A---- C:\Windows\system32\WindowsCodecs.dll
2018-09-12 17:11:02 ----A---- C:\Windows\system32\t2embed.dll
2018-09-12 17:11:02 ----A---- C:\Windows\system32\schedsvc.dll
2018-09-12 17:11:02 ----A---- C:\Windows\system32\ntoskrnl.exe
2018-09-12 17:11:02 ----A---- C:\Windows\system32\ntdll.dll
2018-09-12 17:11:02 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2018-09-12 17:11:02 ----A---- C:\Windows\system32\mf3216.dll
2018-09-12 17:11:02 ----A---- C:\Windows\system32\iedkcs32.dll
2018-09-12 17:11:02 ----A---- C:\Windows\system32\gdi32.dll
2018-09-12 17:11:02 ----A---- C:\Windows\system32\drivers\netio.sys
2018-09-12 17:11:02 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2018-09-12 17:11:02 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2018-09-12 17:11:02 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2018-09-12 17:11:02 ----A---- C:\Windows\system32\drivers\bowser.sys
2018-09-12 17:11:02 ----A---- C:\Windows\system32\atmfd.dll
2018-09-12 17:11:01 ----A---- C:\Windows\SYSWOW64\wininet.dll
2018-09-12 17:11:01 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2018-09-12 17:11:01 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2018-09-12 17:11:01 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2018-09-12 17:11:01 ----A---- C:\Windows\SYSWOW64\schannel.dll
2018-09-12 17:11:01 ----A---- C:\Windows\SYSWOW64\setup16.exe
2018-09-12 17:11:01 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2018-09-12 17:11:01 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2018-09-12 17:11:01 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2018-09-12 17:11:01 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2018-09-12 17:11:01 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2018-09-12 17:11:01 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2018-09-12 17:11:01 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2018-09-12 17:11:01 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2018-09-12 17:11:01 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2018-09-12 17:11:01 ----A---- C:\Windows\SYSWOW64\certcli.dll
2018-09-12 17:11:01 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2018-09-12 17:11:01 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2018-09-12 17:11:01 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2018-09-12 17:11:01 ----A---- C:\Windows\system32\wow64win.dll
2018-09-12 17:11:01 ----A---- C:\Windows\system32\winsrv.dll
2018-09-12 17:11:01 ----A---- C:\Windows\system32\wininet.dll
2018-09-12 17:11:01 ----A---- C:\Windows\system32\wdigest.dll
2018-09-12 17:11:01 ----A---- C:\Windows\system32\TSpkg.dll
2018-09-12 17:11:01 ----A---- C:\Windows\system32\sspicli.dll
2018-09-12 17:11:01 ----A---- C:\Windows\system32\srcore.dll
2018-09-12 17:11:01 ----A---- C:\Windows\system32\smss.exe
2018-09-12 17:11:01 ----A---- C:\Windows\system32\schannel.dll
2018-09-12 17:11:01 ----A---- C:\Windows\system32\rstrui.exe
2018-09-12 17:11:01 ----A---- C:\Windows\system32\rpchttp.dll
2018-09-12 17:11:01 ----A---- C:\Windows\system32\rpcrt4.dll
2018-09-12 17:11:01 ----A---- C:\Windows\system32\ntvdm64.dll
2018-09-12 17:11:01 ----A---- C:\Windows\system32\ncrypt.dll
2018-09-12 17:11:01 ----A---- C:\Windows\system32\msv1_0.dll
2018-09-12 17:11:01 ----A---- C:\Windows\system32\mshtmlmedia.dll
2018-09-12 17:11:01 ----A---- C:\Windows\system32\lsasrv.dll
2018-09-12 17:11:01 ----A---- C:\Windows\system32\KernelBase.dll
2018-09-12 17:11:01 ----A---- C:\Windows\system32\kernel32.dll
2018-09-12 17:11:01 ----A---- C:\Windows\system32\kerberos.dll
2018-09-12 17:11:01 ----A---- C:\Windows\system32\ieframe.dll
2018-09-12 17:11:01 ----A---- C:\Windows\system32\hal.dll
2018-09-12 17:11:01 ----A---- C:\Windows\system32\drivers\videoprt.sys
2018-09-12 17:11:01 ----A---- C:\Windows\system32\drivers\processr.sys
2018-09-12 17:11:01 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2018-09-12 17:11:01 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2018-09-12 17:11:01 ----A---- C:\Windows\system32\drivers\mpsdrv.sys
2018-09-12 17:11:01 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2018-09-12 17:11:01 ----A---- C:\Windows\system32\drivers\intelppm.sys
2018-09-12 17:11:01 ----A---- C:\Windows\system32\drivers\amdppm.sys
2018-09-12 17:11:01 ----A---- C:\Windows\system32\drivers\amdk8.sys
2018-09-12 17:11:01 ----A---- C:\Windows\system32\csrsrv.dll
2018-09-12 17:11:01 ----A---- C:\Windows\system32\conhost.exe
2018-09-12 17:11:01 ----A---- C:\Windows\system32\certcli.dll
2018-09-12 17:11:01 ----A---- C:\Windows\system32\bcrypt.dll
2018-09-12 17:11:01 ----A---- C:\Windows\system32\auditpol.exe
2018-09-12 17:11:01 ----A---- C:\Windows\system32\appidsvc.dll
2018-09-12 17:11:01 ----A---- C:\Windows\system32\appidapi.dll
2018-09-12 17:11:01 ----A---- C:\Windows\system32\advapi32.dll
2018-09-12 17:11:00 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2018-09-12 17:11:00 ----A---- C:\Windows\SYSWOW64\srclient.dll
2018-09-12 17:11:00 ----A---- C:\Windows\SYSWOW64\secur32.dll
2018-09-12 17:11:00 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2018-09-12 17:11:00 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2018-09-12 17:11:00 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2018-09-12 17:11:00 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2018-09-12 17:11:00 ----A---- C:\Windows\SYSWOW64\credssp.dll
2018-09-12 17:11:00 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2018-09-12 17:11:00 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2018-09-12 17:11:00 ----A---- C:\Windows\system32\wow64cpu.dll
2018-09-12 17:11:00 ----A---- C:\Windows\system32\wow64.dll
2018-09-12 17:11:00 ----A---- C:\Windows\system32\webcheck.dll
2018-09-12 17:11:00 ----A---- C:\Windows\system32\vbscript.dll
2018-09-12 17:11:00 ----A---- C:\Windows\system32\sspisrv.dll
2018-09-12 17:11:00 ----A---- C:\Windows\system32\srclient.dll
2018-09-12 17:11:00 ----A---- C:\Windows\system32\setbcdlocale.dll
2018-09-12 17:11:00 ----A---- C:\Windows\system32\secur32.dll
2018-09-12 17:11:00 ----A---- C:\Windows\system32\mshtmled.dll
2018-09-12 17:11:00 ----A---- C:\Windows\system32\msfeeds.dll
2018-09-12 17:11:00 ----A---- C:\Windows\system32\lsass.exe
2018-09-12 17:11:00 ----A---- C:\Windows\system32\jscript.dll
2018-09-12 17:11:00 ----A---- C:\Windows\system32\ieui.dll
2018-09-12 17:11:00 ----A---- C:\Windows\system32\iertutil.dll
2018-09-12 17:11:00 ----A---- C:\Windows\system32\ieapfltr.dll
2018-09-12 17:11:00 ----A---- C:\Windows\system32\dxtrans.dll
2018-09-12 17:11:00 ----A---- C:\Windows\system32\dxtmsft.dll
2018-09-12 17:11:00 ----A---- C:\Windows\system32\drivers\appid.sys
2018-09-12 17:11:00 ----A---- C:\Windows\system32\cryptbase.dll
2018-09-12 17:11:00 ----A---- C:\Windows\system32\credssp.dll
2018-09-12 17:11:00 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2018-09-12 17:11:00 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2018-09-12 17:11:00 ----A---- C:\Windows\system32\apisetschema.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-09-12 17:10:59 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-09-12 17:10:59 ----A---- C:\Windows\SYSWOW64\wow32.dll
2018-09-12 17:10:59 ----A---- C:\Windows\SYSWOW64\wfapigp.dll
2018-09-12 17:10:59 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2018-09-12 17:10:59 ----A---- C:\Windows\SYSWOW64\user.exe
2018-09-12 17:10:59 ----A---- C:\Windows\SYSWOW64\occache.dll
2018-09-12 17:10:59 ----A---- C:\Windows\SYSWOW64\netevent.dll
2018-09-12 17:10:59 ----A---- C:\Windows\SYSWOW64\msrating.dll
2018-09-12 17:10:59 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2018-09-12 17:10:59 ----A---- C:\Windows\SYSWOW64\msimg32.dll
2018-09-12 17:10:59 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2018-09-12 17:10:59 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2018-09-12 17:10:59 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2018-09-12 17:10:59 ----A---- C:\Windows\SYSWOW64\lpk.dll
2018-09-12 17:10:59 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2018-09-12 17:10:59 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2018-09-12 17:10:59 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2018-09-12 17:10:59 ----A---- C:\Windows\SYSWOW64\instnm.exe
2018-09-12 17:10:59 ----A---- C:\Windows\SYSWOW64\inseng.dll
2018-09-12 17:10:59 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2018-09-12 17:10:59 ----A---- C:\Windows\SYSWOW64\ieui.dll
2018-09-12 17:10:59 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2018-09-12 17:10:59 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2018-09-12 17:10:59 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2018-09-12 17:10:59 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2018-09-12 17:10:59 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2018-09-12 17:10:59 ----A---- C:\Windows\SYSWOW64\FirewallAPI.dll
2018-09-12 17:10:59 ----A---- C:\Windows\SYSWOW64\ExplorerFrame.dll
2018-09-12 17:10:59 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2018-09-12 17:10:59 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2018-09-12 17:10:59 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2018-09-12 17:10:59 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2018-09-12 17:10:59 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2018-09-12 17:10:59 ----A---- C:\Windows\system32\wfapigp.dll
2018-09-12 17:10:59 ----A---- C:\Windows\system32\occache.dll
2018-09-12 17:10:59 ----A---- C:\Windows\system32\netevent.dll
2018-09-12 17:10:59 ----A---- C:\Windows\system32\msrating.dll
2018-09-12 17:10:59 ----A---- C:\Windows\system32\msobjs.dll
2018-09-12 17:10:59 ----A---- C:\Windows\system32\msimg32.dll
2018-09-12 17:10:59 ----A---- C:\Windows\system32\MshtmlDac.dll
2018-09-12 17:10:59 ----A---- C:\Windows\system32\msaudite.dll
2018-09-12 17:10:59 ----A---- C:\Windows\system32\MPSSVC.dll
2018-09-12 17:10:59 ----A---- C:\Windows\system32\lpk.dll
2018-09-12 17:10:59 ----A---- C:\Windows\system32\jsproxy.dll
2018-09-12 17:10:59 ----A---- C:\Windows\system32\jscript9diag.dll
2018-09-12 17:10:59 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-09-12 17:10:59 ----A---- C:\Windows\system32\inseng.dll
2018-09-12 17:10:59 ----A---- C:\Windows\system32\ieUnatt.exe
2018-09-12 17:10:59 ----A---- C:\Windows\system32\iesetup.dll
2018-09-12 17:10:59 ----A---- C:\Windows\system32\iernonce.dll
2018-09-12 17:10:59 ----A---- C:\Windows\system32\ieetwproxystub.dll
2018-09-12 17:10:59 ----A---- C:\Windows\system32\ieetwcollector.exe
2018-09-12 17:10:59 ----A---- C:\Windows\system32\ie4uinit.exe
2018-09-12 17:10:59 ----A---- C:\Windows\system32\icfupgd.dll
2018-09-12 17:10:59 ----A---- C:\Windows\system32\fontsub.dll
2018-09-12 17:10:59 ----A---- C:\Windows\system32\FirewallAPI.dll
2018-09-12 17:10:59 ----A---- C:\Windows\system32\ExplorerFrame.dll
2018-09-12 17:10:59 ----A---- C:\Windows\system32\dciman32.dll
2018-09-12 17:10:59 ----A---- C:\Windows\system32\atmlib.dll
2018-09-12 17:10:59 ----A---- C:\Windows\system32\adtschema.dll
2018-09-12 17:10:58 ----A---- C:\Windows\SYSWOW64\msxml6r.dll
2018-09-12 17:10:58 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2018-09-12 17:10:58 ----A---- C:\Windows\system32\msxml6r.dll
2018-09-12 17:10:58 ----A---- C:\Windows\system32\msxml3r.dll
2018-09-12 17:10:58 ----A---- C:\Windows\system32\ieetwcollectorres.dll

======List of files/folders modified in the last 1 month======

2018-09-27 18:33:13 ----D---- C:\Program Files\trend micro
2018-09-27 18:32:13 ----D---- C:\Windows\inf
2018-09-27 18:32:12 ----D---- C:\Windows\Temp
2018-09-27 18:32:12 ----D---- C:\Windows
2018-09-27 17:10:46 ----D---- C:\Windows\system32\config
2018-09-27 17:02:40 ----D---- C:\Windows\System32
2018-09-27 17:02:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-09-26 17:38:28 ----D---- C:\Users\Admin\AppData\Roaming\vlc
2018-09-25 12:51:39 ----SHD---- C:\System Volume Information
2018-09-25 12:51:34 ----D---- C:\Windows\rescache
2018-09-23 15:47:55 ----D---- C:\Windows\system32\FxsTmp
2018-09-22 12:29:45 ----SHD---- C:\Windows\Installer
2018-09-22 12:29:45 ----D---- C:\Windows\system32\Tasks
2018-09-22 12:29:34 ----D---- C:\Windows\SysWOW64
2018-09-18 20:58:42 ----D---- C:\Windows\system32\DriverStore
2018-09-16 14:13:38 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2018-09-16 14:13:36 ----D---- C:\Windows\system32\Macromed
2018-09-16 14:13:31 ----D---- C:\Windows\SYSWOW64\Macromed
2018-09-13 21:26:14 ----D---- C:\Windows\Microsoft.NET
2018-09-12 19:53:06 ----RSD---- C:\Windows\assembly
2018-09-12 18:28:56 ----D---- C:\Windows\debug
2018-09-12 17:45:38 ----D---- C:\Windows\winsxs
2018-09-12 17:44:16 ----D---- C:\Program Files\Internet Explorer
2018-09-12 17:44:15 ----D---- C:\Windows\SYSWOW64\en-US
2018-09-12 17:44:15 ----D---- C:\Windows\SYSWOW64\cs-CZ
2018-09-12 17:44:15 ----D---- C:\Windows\system32\en-US
2018-09-12 17:44:15 ----D---- C:\Windows\system32\drivers
2018-09-12 17:44:15 ----D---- C:\Windows\system32\cs-CZ
2018-09-12 17:44:15 ----D---- C:\Program Files (x86)\Internet Explorer
2018-09-12 17:44:14 ----D---- C:\Windows\system32\Boot
2018-09-12 17:44:14 ----D---- C:\Windows\AppPatch
2018-09-12 17:29:22 ----D---- C:\ProgramData\Microsoft Help
2018-09-12 17:29:04 ----D---- C:\Windows\system32\MRT
2018-09-12 17:26:43 ----AC---- C:\Windows\system32\MRT.exe
2018-09-12 17:26:20 ----D---- C:\Windows\system32\catroot2
2018-09-12 17:24:00 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2018-09-10 20:18:40 ----RSD---- C:\Windows\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2012-04-11 82560]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2012-04-11 42624]
R0 asahci64;asahci64; C:\Windows\system32\DRIVERS\asahci64.sys [2012-01-06 49760]
R0 edevmon;edevmon; C:\Windows\system32\DRIVERS\edevmon.sys [2018-09-18 109232]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 213736]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2014-08-31 386680]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2018-09-18 141512]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2018-09-18 188824]
R1 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2018-09-18 82304]
R1 EpfwLWF;ESET Personal Firewall; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2018-09-18 61016]
R1 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2018-09-18 109864]
R2 AODDriver4.1;AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 ekbdflt;ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [2018-09-18 50144]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2017-04-25 36549512]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2017-04-25 520072]
R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]
R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2016-12-20 96256]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-08-07 4102928]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter; C:\Windows\system32\DRIVERS\LEqdUsb.Sys [2013-01-03 79240]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter; C:\Windows\system32\DRIVERS\LHidEqd.Sys [2013-01-03 15752]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2013-01-03 77192]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2013-01-03 61832]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys [2014-12-10 797400]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2012-08-28 58536]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2016-04-25 129152]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-06-12 726160]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2016-01-08 169288]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2016-01-08 21320]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2016-01-08 188232]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2016-04-25 221824]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-08-14 83984]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2017-04-25 543112]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]
R2 ASGT;ASGT; C:\Windows\SysWOW64\ASGT.exe [2012-01-17 55296]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2018-09-18 2260144]
R2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [2016-11-25 192200]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [2016-01-08 754784]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2018-03-26 107592]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2018-03-26 128584]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30 144200]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-09-16 335872]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2018-03-26 52832]
S3 BEService;BattlEye Service; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2017-01-28 1486344]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30 144200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2018-08-24 116224]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2013-02-08 359664]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2017-03-05 209104]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2015-02-24 5132888]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2018-06-09 1673504]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-06-02 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2018-03-26 136288]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2018-03-26 136288]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2018-03-26 136288]

-----------------EOF-----------------

Re: Preventivní kontrola logu - tmczech

Napsal: 27 zář 2018 22:24
od Conder
Ahoj :)

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
  • Nechaj zaskrtnute vsetky nalezy
  • Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
  • Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
  • Otvori sa log, jeho obsah sem skopiruj

Re: Preventivní kontrola logu - tmczech

Napsal: 28 zář 2018 12:30
od tmczech
# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-09-24.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-28-2018
# Duration: 00:00:00
# OS: Windows 7 Home Premium
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1257 octets] - [28/09/2018 13:25:38]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Re: Preventivní kontrola logu - tmczech

Napsal: 28 zář 2018 18:08
od Conder
:arrow: Poprosim o logy FRST podla tohto navodu: https://forum.viry.cz/viewtopic.php?f=13&t=154679

Re: Preventivní kontrola logu - tmczech

Napsal: 29 zář 2018 11:11
od tmczech
Chrome mi blokuje stažení FRST. Předpokládám, že to mám ignorovat.

Re: Preventivní kontrola logu - tmczech

Napsal: 29 zář 2018 16:54
od Conder
Ano, ak naozaj stahujes FRST zo stranky https://www.bleepingcomputer.com/downlo ... scan-tool/ tak to bude falosna detekcia.

Re: Preventivní kontrola logu - tmczech

Napsal: 30 zář 2018 11:48
od tmczech
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28.09.2018
Ran by Admin (administrator) on H-ADMIN-PC (30-09-2018 12:27:42)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Windows\SysWOW64\ASGT.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Farbar) C:\Users\Admin\Desktop\FRST64 (1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-21] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\ecmds.exe [177928 2018-09-18] (ESET)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3455737578-2053105143-1757345281-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung)
HKU\S-1-5-21-3455737578-2053105143-1757345281-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-04-23] (Samsung)
HKU\S-1-5-21-3455737578-2053105143-1757345281-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-3455737578-2053105143-1757345281-1000\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1469784 2018-09-15] (Google Inc.)
HKU\S-1-5-21-3455737578-2053105143-1757345281-1000\...\MountPoints2: {4e614866-1249-11e7-96a7-60a44c639dd7} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3455737578-2053105143-1757345281-1000\...\MountPoints2: {a1b59bc0-3117-11e4-8054-806e6f6e6963} - L:\setup.exe
HKU\S-1-5-21-3455737578-2053105143-1757345281-1000\...\MountPoints2: {cf249540-d699-11e6-898c-60a44c639dd7} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3455737578-2053105143-1757345281-1000\...\MountPoints2: {e84df15b-cb29-11e2-8bbf-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk [2016-12-18]
ShortcutTarget: Poslat do aplikace OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F2CA8B5C-752E-4DCA-8263-D4824911D05A}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-02-21] (Logitech, Inc.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-02-21] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-06-04] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2018-09-30]
CHR Extension: (AdBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-09-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-20]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\System Profile [2018-09-29]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-06-04]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-06-11] (Advanced Micro Devices, Inc.) [File not signed]
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1486344 2017-01-28] ()
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2260144 2018-09-18] (ESET)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2016-11-25] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [141512 2018-09-18] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [109232 2018-09-18] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [188824 2018-09-18] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [50144 2018-09-18] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [82304 2018-09-18] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61016 2018-09-18] (ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [109864 2018-09-18] (ESET)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-11-25] (Huawei Technologies Co., Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-08-31] (Duplex Secure Ltd.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-30 12:27 - 2018-09-30 12:28 - 000012636 _____ C:\Users\Admin\Desktop\FRST.txt
2018-09-30 12:27 - 2018-09-30 12:27 - 000000000 ____D C:\FRST
2018-09-29 12:08 - 2018-09-29 12:08 - 002414080 _____ (Farbar) C:\Users\Admin\Desktop\FRST64 (1).exe
2018-09-28 13:25 - 2018-09-28 13:25 - 000000000 ____D C:\AdwCleaner
2018-09-28 13:24 - 2018-09-28 13:24 - 007592144 _____ (Malwarebytes) C:\Users\Admin\Desktop\adwcleaner_7.2.4.0.exe
2018-09-27 18:33 - 2018-09-27 18:33 - 000000000 ____D C:\rsit
2018-09-27 18:32 - 2018-09-27 18:32 - 000017994 _____ C:\Users\Admin\Documents\cc_20180927_183237.reg
2018-09-27 18:31 - 2018-09-27 18:31 - 001222144 _____ C:\Users\Admin\Desktop\RSITx64.exe
2018-09-15 13:16 - 2018-09-15 13:16 - 000015466 _____ C:\Users\Admin\Desktop\01400718Q2S.xlsx
2018-09-15 13:13 - 2018-09-15 13:13 - 000095911 _____ C:\Users\Admin\Desktop\01400718Q2-NG.xlsx
2018-09-15 13:13 - 2018-09-15 13:13 - 000011431 _____ C:\Users\Admin\Desktop\01400718Q2-N.xlsx
2018-09-12 20:41 - 2018-09-12 20:41 - 000971889 _____ C:\Users\Admin\Downloads\EXFO_spec_sheet_LFD_200_v10_en.pdf
2018-09-12 17:11 - 2018-08-31 17:08 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2018-09-12 17:11 - 2018-08-31 17:08 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2018-09-12 17:11 - 2018-08-30 03:47 - 001230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2018-09-12 17:11 - 2018-08-30 03:10 - 001424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2018-09-12 17:11 - 2018-08-28 07:50 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2018-09-12 17:11 - 2018-08-24 21:47 - 000398424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-09-12 17:11 - 2018-08-24 20:47 - 000350296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-09-12 17:11 - 2018-08-24 01:05 - 025736704 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-09-12 17:11 - 2018-08-24 00:45 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-09-12 17:11 - 2018-08-24 00:43 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-09-12 17:11 - 2018-08-24 00:43 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-09-12 17:11 - 2018-08-24 00:34 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-09-12 17:11 - 2018-08-24 00:34 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-09-12 17:11 - 2018-08-24 00:33 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-09-12 17:11 - 2018-08-24 00:27 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-09-12 17:11 - 2018-08-24 00:24 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-09-12 17:11 - 2018-08-24 00:15 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-09-12 17:11 - 2018-08-24 00:13 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-09-12 17:11 - 2018-08-24 00:03 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-09-12 17:11 - 2018-08-24 00:01 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-09-12 17:11 - 2018-08-24 00:00 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-09-12 17:11 - 2018-08-23 23:59 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-09-12 17:11 - 2018-08-23 23:59 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-09-12 17:11 - 2018-08-23 23:52 - 004510720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-09-12 17:11 - 2018-08-23 23:40 - 001555456 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-09-12 17:11 - 2018-08-23 23:28 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-09-12 17:11 - 2018-08-23 23:27 - 020279296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-09-12 17:11 - 2018-08-23 23:15 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-09-12 17:11 - 2018-08-23 23:12 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-09-12 17:11 - 2018-08-23 23:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-09-12 17:11 - 2018-08-23 22:51 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-09-12 17:11 - 2018-08-23 22:48 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-09-12 17:11 - 2018-08-23 22:44 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-09-12 17:11 - 2018-08-23 22:44 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-09-12 17:11 - 2018-08-23 22:44 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-09-12 17:11 - 2018-08-23 22:30 - 004037632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-09-12 17:11 - 2018-08-23 22:27 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-09-12 17:11 - 2018-08-13 17:54 - 014183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-09-12 17:11 - 2018-08-13 17:54 - 002004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-09-12 17:11 - 2018-08-13 17:54 - 001888768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-09-12 17:11 - 2018-08-13 17:54 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2018-09-12 17:11 - 2018-08-13 17:53 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-09-12 17:11 - 2018-08-13 17:41 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2018-09-12 17:11 - 2018-08-13 17:40 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-09-12 17:11 - 2018-08-13 17:40 - 001390080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-09-12 17:11 - 2018-08-13 17:40 - 001241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2018-09-12 17:11 - 2018-08-13 17:40 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2018-09-12 17:11 - 2018-08-12 22:32 - 000378464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-09-12 17:11 - 2018-08-12 22:31 - 001894496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-09-12 17:11 - 2018-08-12 22:31 - 000289376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-09-12 17:11 - 2018-08-10 17:59 - 005552816 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-09-12 17:11 - 2018-08-10 17:59 - 000154800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-09-12 17:11 - 2018-08-10 17:58 - 000385120 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-09-12 17:11 - 2018-08-10 17:58 - 000263776 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-09-12 17:11 - 2018-08-10 17:58 - 000096864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-09-12 17:11 - 2018-08-10 17:57 - 000708272 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-09-12 17:11 - 2018-08-10 17:57 - 000631624 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-09-12 17:11 - 2018-08-10 17:56 - 001664296 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-09-12 17:11 - 2018-08-10 17:55 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-09-12 17:11 - 2018-08-10 17:55 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-09-12 17:11 - 2018-08-10 17:55 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-09-12 17:11 - 2018-08-10 17:55 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-09-12 17:11 - 2018-08-10 17:55 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-09-12 17:11 - 2018-08-10 17:55 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-09-12 17:11 - 2018-08-10 17:55 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-09-12 17:11 - 2018-08-10 17:55 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-09-12 17:11 - 2018-08-10 17:55 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-09-12 17:11 - 2018-08-10 17:55 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-09-12 17:11 - 2018-08-10 17:55 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-09-12 17:11 - 2018-08-10 17:54 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-09-12 17:11 - 2018-08-10 17:54 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-09-12 17:11 - 2018-08-10 17:54 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-09-12 17:11 - 2018-08-10 17:54 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-09-12 17:11 - 2018-08-10 17:54 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-09-12 17:11 - 2018-08-10 17:54 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-09-12 17:11 - 2018-08-10 17:54 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-09-12 17:11 - 2018-08-10 17:54 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-09-12 17:11 - 2018-08-10 17:54 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-09-12 17:11 - 2018-08-10 17:54 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-09-12 17:11 - 2018-08-10 17:54 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-09-12 17:11 - 2018-08-10 17:54 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-09-12 17:11 - 2018-08-10 17:53 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-09-12 17:11 - 2018-08-10 17:53 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-09-12 17:11 - 2018-08-10 17:53 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-09-12 17:11 - 2018-08-10 17:53 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-09-12 17:11 - 2018-08-10 17:53 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-09-12 17:11 - 2018-08-10 17:53 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-09-12 17:11 - 2018-08-10 17:53 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-09-12 17:11 - 2018-08-10 17:53 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-09-12 17:11 - 2018-08-10 17:53 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-09-12 17:11 - 2018-08-10 17:45 - 004054192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-09-12 17:11 - 2018-08-10 17:45 - 000309424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-09-12 17:11 - 2018-08-10 17:44 - 003961440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-09-12 17:11 - 2018-08-10 17:42 - 001315512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-09-12 17:11 - 2018-08-10 17:41 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-09-12 17:11 - 2018-08-10 17:41 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-09-12 17:11 - 2018-08-10 17:41 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-09-12 17:11 - 2018-08-10 17:41 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-09-12 17:11 - 2018-08-10 17:41 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-09-12 17:11 - 2018-08-10 17:41 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-09-12 17:11 - 2018-08-10 17:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-09-12 17:11 - 2018-08-10 17:41 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-09-12 17:11 - 2018-08-10 17:41 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-09-12 17:11 - 2018-08-10 17:41 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-09-12 17:11 - 2018-08-10 17:41 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-09-12 17:11 - 2018-08-10 17:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-09-12 17:11 - 2018-08-10 17:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-09-12 17:11 - 2018-08-10 17:41 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-09-12 17:11 - 2018-08-10 17:40 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-09-12 17:11 - 2018-08-10 17:40 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-09-12 17:11 - 2018-08-10 17:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-09-12 17:11 - 2018-08-10 17:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-09-12 17:11 - 2018-08-10 17:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-09-12 17:11 - 2018-08-10 17:39 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-09-12 17:11 - 2018-08-10 17:27 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-09-12 17:11 - 2018-08-10 17:22 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-09-12 17:11 - 2018-08-10 17:22 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-09-12 17:11 - 2018-08-10 17:22 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-09-12 17:11 - 2018-08-10 17:21 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-09-12 17:11 - 2018-08-10 17:17 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-09-12 17:11 - 2018-08-10 17:17 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-09-12 17:11 - 2018-08-10 17:17 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-09-12 17:11 - 2018-08-10 17:15 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-09-12 17:11 - 2018-08-10 17:13 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-09-12 17:11 - 2018-08-10 17:13 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-09-12 17:11 - 2018-08-10 17:13 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-09-12 17:11 - 2018-08-10 17:12 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-09-12 17:11 - 2018-08-10 17:12 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-09-12 17:11 - 2018-08-10 17:12 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-09-12 17:11 - 2018-08-10 17:12 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-09-12 17:11 - 2018-08-10 17:12 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-09-12 17:11 - 2018-08-10 17:12 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-09-12 17:11 - 2018-08-10 17:10 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-09-12 17:11 - 2018-08-10 17:10 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-09-12 17:11 - 2018-08-10 17:09 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-09-12 17:11 - 2018-07-29 17:55 - 001110528 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-09-12 17:11 - 2018-07-18 17:18 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2018-09-12 17:10 - 2018-08-24 00:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-09-12 17:10 - 2018-08-24 00:56 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-09-12 17:10 - 2018-08-24 00:44 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-09-12 17:10 - 2018-08-24 00:43 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-09-12 17:10 - 2018-08-24 00:43 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-09-12 17:10 - 2018-08-24 00:37 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-09-12 17:10 - 2018-08-24 00:36 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-09-12 17:10 - 2018-08-24 00:33 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-09-12 17:10 - 2018-08-24 00:33 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-09-12 17:10 - 2018-08-24 00:33 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-09-12 17:10 - 2018-08-24 00:19 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-09-12 17:10 - 2018-08-24 00:18 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-09-12 17:10 - 2018-08-24 00:17 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-09-12 17:10 - 2018-08-24 00:15 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-09-12 17:10 - 2018-08-24 00:12 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-09-12 17:10 - 2018-08-24 00:01 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-09-12 17:10 - 2018-08-23 23:25 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-09-12 17:10 - 2018-08-23 23:14 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-09-12 17:10 - 2018-08-23 23:14 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-09-12 17:10 - 2018-08-23 23:14 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-09-12 17:10 - 2018-08-23 23:13 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-09-12 17:10 - 2018-08-23 23:09 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-09-12 17:10 - 2018-08-23 23:09 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-09-12 17:10 - 2018-08-23 23:07 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-09-12 17:10 - 2018-08-23 23:06 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-09-12 17:10 - 2018-08-23 23:06 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-09-12 17:10 - 2018-08-23 23:00 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-09-12 17:10 - 2018-08-23 22:56 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-09-12 17:10 - 2018-08-23 22:56 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-09-12 17:10 - 2018-08-23 22:55 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-09-12 17:10 - 2018-08-23 22:54 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-09-12 17:10 - 2018-08-23 22:53 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-09-12 17:10 - 2018-08-23 22:52 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-09-12 17:10 - 2018-08-23 22:51 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-09-12 17:10 - 2018-08-23 22:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-09-12 17:10 - 2018-08-23 22:24 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-09-12 17:10 - 2018-08-13 17:54 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2018-09-12 17:10 - 2018-08-13 17:54 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-09-12 17:10 - 2018-08-13 17:54 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2018-09-12 17:10 - 2018-08-13 17:53 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-09-12 17:10 - 2018-08-13 17:40 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2018-09-12 17:10 - 2018-08-13 17:40 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll
2018-09-12 17:10 - 2018-08-13 17:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2018-09-12 17:10 - 2018-08-13 17:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2018-09-12 17:10 - 2018-08-12 22:28 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2018-09-12 17:10 - 2018-08-12 22:14 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2018-09-12 17:10 - 2018-08-10 17:55 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-09-12 17:10 - 2018-08-10 17:54 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-09-12 17:10 - 2018-08-10 17:54 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-09-12 17:10 - 2018-08-10 17:54 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-09-12 17:10 - 2018-08-10 17:54 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-09-12 17:10 - 2018-08-10 17:54 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-09-12 17:10 - 2018-08-10 17:54 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-09-12 17:10 - 2018-08-10 17:54 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-09-12 17:10 - 2018-08-10 17:53 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-09-12 17:10 - 2018-08-10 17:53 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-09-12 17:10 - 2018-08-10 17:53 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-09-12 17:10 - 2018-08-10 17:53 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:53 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:53 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:53 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-09-12 17:10 - 2018-08-10 17:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-09-12 17:10 - 2018-08-10 17:41 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-09-12 17:10 - 2018-08-10 17:41 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-09-12 17:10 - 2018-08-10 17:40 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2018-09-12 17:10 - 2018-08-10 17:40 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-09-12 17:10 - 2018-08-10 17:40 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-09-12 17:10 - 2018-08-10 17:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:39 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-09-12 17:10 - 2018-08-10 17:20 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2018-09-12 17:10 - 2018-08-10 17:13 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-09-12 17:10 - 2018-08-10 17:10 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-09-12 17:10 - 2018-08-10 17:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-09-12 17:10 - 2018-08-10 17:09 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-09-12 17:10 - 2018-08-10 17:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-09-12 17:10 - 2018-06-27 15:20 - 000419648 _____ C:\Windows\SysWOW64\locale.nls
2018-09-12 17:10 - 2018-06-27 15:19 - 000419648 _____ C:\Windows\system32\locale.nls

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-30 12:24 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-09-30 11:52 - 2016-10-07 20:51 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-09-30 11:52 - 2013-06-17 20:39 - 000000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2018-09-30 11:01 - 2009-07-14 06:45 - 000029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-09-30 11:01 - 2009-07-14 06:45 - 000029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-09-30 10:53 - 2011-04-12 10:34 - 000668866 _____ C:\Windows\system32\perfh005.dat
2018-09-30 10:53 - 2011-04-12 10:34 - 000141526 _____ C:\Windows\system32\perfc005.dat
2018-09-30 10:53 - 2009-07-14 07:13 - 001584554 _____ C:\Windows\system32\PerfStringBackup.INI
2018-09-30 10:53 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-09-28 13:22 - 2009-07-14 07:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-09-27 18:33 - 2014-05-02 21:56 - 000000000 ____D C:\Program Files\trend micro
2018-09-25 12:51 - 2017-03-18 13:29 - 000000000 ____D C:\Windows\rescache
2018-09-22 12:29 - 2015-11-14 14:37 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-09-22 12:29 - 2014-12-25 12:40 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-09-18 21:13 - 2014-01-18 18:06 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-18 20:58 - 2017-01-17 09:15 - 000109232 _____ (ESET) C:\Windows\system32\Drivers\edevmon.sys
2018-09-18 20:58 - 2016-11-16 18:31 - 000050144 _____ (ESET) C:\Windows\system32\Drivers\ekbdflt.sys
2018-09-18 20:58 - 2016-08-26 16:07 - 000061016 _____ (ESET) C:\Windows\system32\Drivers\EpfwLWF.sys
2018-09-18 20:58 - 2015-11-20 14:21 - 000188824 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2018-09-18 20:58 - 2015-11-20 14:21 - 000141512 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2018-09-18 20:58 - 2015-11-20 14:21 - 000109864 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys
2018-09-18 20:58 - 2015-11-20 14:21 - 000082304 _____ (ESET) C:\Windows\system32\Drivers\epfw.sys
2018-09-16 14:13 - 2016-12-28 21:36 - 000004532 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-09-16 14:13 - 2013-12-19 17:42 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-09-16 14:13 - 2013-12-19 17:42 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-09-16 14:13 - 2013-12-19 17:42 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-09-16 14:13 - 2013-12-19 17:42 - 000000000 ____D C:\Windows\system32\Macromed
2018-09-16 14:13 - 2013-06-02 14:58 - 000000000 ____D C:\Users\Admin\AppData\Local\Adobe
2018-09-12 17:45 - 2009-07-14 06:45 - 000435920 _____ C:\Windows\system32\FNTCACHE.DAT
2018-09-12 17:29 - 2013-07-10 22:18 - 000000000 ____D C:\Windows\system32\MRT
2018-09-12 17:26 - 2013-06-02 13:01 - 139184408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-09-12 17:24 - 2013-06-01 22:47 - 001559268 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-09-11 21:47 - 2013-06-01 22:35 - 000111448 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2018-09-04 19:48 - 2009-07-14 07:08 - 000032568 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2015-02-22 18:25 - 2015-03-28 14:32 - 000000034 _____ () C:\Users\Admin\AppData\Roaming\AdobeWLCMCache.dat
2016-08-14 15:53 - 2016-08-14 15:53 - 000031194 _____ () C:\Users\Admin\AppData\Local\recently-used.xbel
2013-06-02 15:46 - 2013-11-25 23:05 - 000007599 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2015-10-04 15:49 - 2015-10-04 15:54 - 000000000 _____ () C:\Users\Admin\AppData\Local\{1CC62C8B-8478-4129-832B-C3272A9CCAB8}
2015-10-04 15:49 - 2015-10-04 15:54 - 000000000 _____ () C:\Users\Admin\AppData\Local\{43642610-3635-40E8-A766-B52E9DF771ED}
2015-08-30 23:31 - 2015-08-30 23:39 - 000000000 _____ () C:\Users\Admin\AppData\Local\{D91E40E1-5C28-48AC-830B-9E5F8CD70587}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-09-25 12:44

==================== End of FRST.txt ============================







Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28.09.2018
Ran by Admin (30-09-2018 12:28:15)
Running from C:\Users\Admin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-06-01 20:19:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3455737578-2053105143-1757345281-500 - Administrator - Disabled)
Guest (S-1-5-21-3455737578-2053105143-1757345281-501 - Limited - Disabled)
Admin (S-1-5-21-3455737578-2053105143-1757345281-1000 - Administrator - Enabled) => C:\Users\Admin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 18.011.20063 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
ASUS GPU Tweak (HKLM-x32\...\{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.2.8.1 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.2.8.1 - ASUSTek COMPUTER INC.)
Catalyst Control Center Next Localization BR (HKLM\...\{D6823E97-B396-927D-D651-AFB82BE03523}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{BF26ACAF-6D09-023B-5FB7-8A848874A724}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{9DB37D05-F855-5D7D-08C2-25E00E2CCDBC}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{87250370-0A99-4ED9-DCE4-970DAC325FA5}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{1F815C78-D31E-53FD-C8BF-3215E4F022A3}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{79F58747-D616-4CDB-7D8B-4BC580D99153}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{02E80355-64BF-6C1E-B0B7-76857D62A86D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{77158555-E271-A561-ECDA-611639388B5C}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{97673BD1-8CA0-53EF-C4E7-282CD8748F1C}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{4B01C6D5-4693-6CA8-ECF7-A0F9E7FEC6DB}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{50DBC6DD-C2A2-2C38-FE37-A48208474155}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{F1AD64B3-4114-8EF7-407C-F9F9122EDA68}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED28D75F-557C-39C9-5004-F8F17C8BC279}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{41268A73-D680-48C5-DE5E-CF67C05CBBBB}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{9655DE76-0987-9159-5A7E-FCE18409D004}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{CD73EC8B-9F04-5EA1-8FD4-AEE4DAC51267}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{397C2EE5-B514-0CC5-53C3-2FBE46CE6EDF}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{45FA39D2-8AEB-AFF8-2FA6-96891732CB80}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{B3EA6CCB-F44C-DC35-94F5-1B9CC18FE598}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{AEE4C0AE-CDAF-5D37-2DA3-A2B3FDFE6E81}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{BE064737-1F2C-ECDD-916C-798E3D18C263}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
CPUID HWMonitor 1.22 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
eReg (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Security (HKLM\...\{3EB22EED-2263-4174-9F36-09BD15A7AEF8}) (Version: 11.0.159.5 - ESET, spol. s r.o.)
EViews 7 (HKLM-x32\...\{B68FC32E-D58F-4B74-A838-B265BF40A445}) (Version: - )
Fotogalerie (HKLM-x32\...\{F37D360D-9308-4BB1-8515-DC6B637B9486}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Geeks3D.com FurMark 1.10.6 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Logitech SetPoint 6.52 (HKLM\...\sp6) (Version: 6.52.74 - Logitech)
Microsoft .NET Framework 4.7.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Office 2010 pro studenty a domácnosti (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3455737578-2053105143-1757345281-1000\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft Power BI Desktop (x64) (HKLM\...\{89A52314-C097-401F-A45B-14C8B67702FA}) (Version: 2.56.5023.942 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{3D2CF65C-B544-4308-B996-700D3E5F6C4C}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0405-0000-0000000FF1CE}) (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-2) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1-2) (Version: 1.0.39.1 - LunarG, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Zoner Photo Studio 14 (HKLM\...\ZonerPhotoStudio14_CZ_is1) (Version: 14.0.1.7 - ZONER software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2018-09-18] (ESET)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2018-09-18] (ESET)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-04-24] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2018-09-18] (ESET)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-06-09] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {12C8B45B-3203-4BF3-8E89-EFEBEA1C766E} - System32\Tasks\GoogleUpdateTaskMachineCore1d0412d4fb7764e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {3F540679-74E8-4AB3-837E-1003E732B12A} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-04-24] (Advanced Micro Devices, Inc.)
Task: {69BBB208-0D19-4FA8-8C39-45D97A4FD6FF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {75BBE0B3-880A-47BB-9704-2988D8EBF08E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-09-16] (Adobe Systems Incorporated)
Task: {7F93C3E7-F89C-4D9C-B206-ECB337F4D70C} - System32\Tasks\Vypnout => C:\Windows\System32\shutdown.exe [2009-07-14] (Microsoft Corporation)
Task: {CF843C30-336E-4D42-87E5-B109B920633B} - System32\Tasks\GoogleUpdateTaskMachineUA1d0412d4fd1192e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {DBC462E7-01C2-4CEE-9B46-EC8D67E69E1C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)
Task: {E9643DB2-9E2E-4B57-A8CA-9BECA7C5CDB0} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_108_pepper.exe [2018-09-16] (Adobe Systems Incorporated)
Task: {FEBA3B8B-AE4C-4CD5-9F76-4A5E6CC634A9} - System32\Tasks\{9DEA5E79-EAC7-4E94-AA8D-FDEB99A29D25} => J:\Hry\H&D2\hd2.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2013-06-04 11:27 - 2012-09-18 15:27 - 000192512 _____ () C:\Windows\System32\zlhp1020.dll
2013-06-04 11:27 - 2012-09-18 15:27 - 000065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll
2012-06-11 13:12 - 2012-06-11 13:12 - 000212480 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-03-05 16:03 - 2012-03-05 16:03 - 000677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-02-16 14:53 - 2012-02-16 14:53 - 003642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2012-01-17 11:24 - 2012-01-17 11:24 - 000055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2016-11-25 08:16 - 2016-11-25 08:16 - 000192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3455737578-2053105143-1757345281-1000\...\sharepoint.com -> hxxps://vse.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2017-10-27 20:22 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3455737578-2053105143-1757345281-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5C01400A-ABB1-4EFC-B049-B0E1A514FF8A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B1E70062-10CD-4BA5-9D2D-D338D7542524}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3C41ADC2-740A-41D5-8CC5-2A8B7892E82D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2440A78F-C694-44B3-8942-3B2A6CB62C06}] => (Allow) LPort=2869
FirewallRules: [{676D6A35-8F2B-4EA5-86D6-7173A9B20B18}] => (Allow) LPort=1900
FirewallRules: [{B482BABB-74FD-4319-B1C1-7334ED5D47E8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{00159940-E141-46A3-8CA0-9E68954ADAA2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{ECAC9C6A-391E-411F-BD22-7B57968AD59B}] => (Allow) J:\Hry\ARMA_3\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{41B9C104-0392-4442-BB08-051DC5391E10}] => (Allow) J:\Hry\ARMA_3\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{00B8E42D-F3E9-4DA9-8AFC-FB8C582CF147}] => (Allow) J:\Hry\ARMA_3\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{F57872F7-7100-4B62-B5E7-8C4F31A073C0}] => (Allow) J:\Hry\ARMA_3\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{2CF44039-931E-4D59-BC71-6B024B8F9BAC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0DCDBB26-A419-4591-887D-C467A4FFAB0A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{6C3ECDC2-3FAA-4DEC-9CAF-325CB97BFF75}J:\hry\aoe2\age2_x1.exe] => (Allow) J:\hry\aoe2\age2_x1.exe
FirewallRules: [UDP Query User{CAF2737A-ADB7-4829-9713-6C74DF36F03D}J:\hry\aoe2\age2_x1.exe] => (Allow) J:\hry\aoe2\age2_x1.exe
FirewallRules: [{74CE327F-1A0C-44D0-90B2-0145EBB7FE41}] => (Block) J:\hry\aoe2\age2_x1.exe
FirewallRules: [{21338E53-338B-4822-9CCA-A313F9A06BD0}] => (Block) J:\hry\aoe2\age2_x1.exe
FirewallRules: [TCP Query User{C32DEB6C-0238-4DD0-A696-513E6A201698}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{4EEF4D06-1A8F-4AA8-98A6-3BD5868FAE5F}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{81E94D75-AD43-4D3A-B588-5CDB43D17BEC}] => (Allow) C:\Program Files\Microsoft Power BI Desktop\bin\msmdsrv.exe
FirewallRules: [{AC7E49BF-3D7D-450D-9AEE-914B3C163EF3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

10-09-2018 20:18:18 Windows Update
12-09-2018 17:20:04 Windows Update
25-09-2018 12:51:25 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/30/2018 12:25:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/30/2018 11:52:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Fuel.Service.exe, verze: 1.0.0.0, časové razítko: 0x4fd626ed
Název chybujícího modulu: Device.dll, verze: 4.1.0.0, časové razítko: 0x4f55e10b
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000033c1
ID chybujícího procesu: 0x630
Čas spuštění chybující aplikace: 0x01d4589a6b127dc5
Cesta k chybující aplikaci: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Cesta k chybujícímu modulu: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
ID zprávy: 987a4da9-c496-11e8-a2ef-60a44c639dd7

Error: (09/30/2018 10:50:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/29/2018 07:53:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Fuel.Service.exe, verze: 1.0.0.0, časové razítko: 0x4fd626ed
Název chybujícího modulu: Device.dll, verze: 4.1.0.0, časové razítko: 0x4f55e10b
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000033c1
ID chybujícího procesu: 0x628
Čas spuštění chybující aplikace: 0x01d4580714e2386d
Cesta k chybující aplikaci: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Cesta k chybujícímu modulu: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
ID zprávy: a4411592-c410-11e8-b816-60a44c639dd7

Error: (09/29/2018 05:15:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/29/2018 04:40:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Fuel.Service.exe, verze: 1.0.0.0, časové razítko: 0x4fd626ed
Název chybujícího modulu: Device.dll, verze: 4.1.0.0, časové razítko: 0x4f55e10b
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000033c1
ID chybujícího procesu: 0x624
Čas spuštění chybující aplikace: 0x01d457cfdfccb5c5
Cesta k chybující aplikaci: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Cesta k chybujícímu modulu: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
ID zprávy: a81186bc-c3f5-11e8-a02d-60a44c639dd7

Error: (09/29/2018 10:40:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/28/2018 10:11:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Fuel.Service.exe, verze: 1.0.0.0, časové razítko: 0x4fd626ed
Název chybujícího modulu: Device.dll, verze: 4.1.0.0, časové razítko: 0x4f55e10b
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000033c1
ID chybujícího procesu: 0x744
Čas spuštění chybující aplikace: 0x01d4574d0a682b2d
Cesta k chybující aplikaci: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Cesta k chybujícímu modulu: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
ID zprávy: ad6ddaf2-c35a-11e8-a867-60a44c639dd7


System errors:
=============
Error: (09/30/2018 11:52:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD FUEL Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/29/2018 07:54:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD FUEL Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/29/2018 04:40:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD FUEL Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/28/2018 10:11:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD FUEL Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/28/2018 04:16:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD FUEL Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/28/2018 01:27:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Office Source Engine byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/28/2018 01:27:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Live ID Sign-in Assistant byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (09/28/2018 01:27:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba SAMSUNG Mobile Connectivity Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


Windows Defender:
===================================
Date: 2017-10-27 20:15:08.449
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{BBEF5AA7-3860-4D2C-8A0E-7D596DDF7566}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:H-Admin-PC\Admin

==================== Memory info ===========================

Processor: AMD FX(tm)-8320 Eight-Core Processor
Percentage of memory in use: 28%
Total physical RAM: 8090.95 MB
Available physical RAM: 5801.66 MB
Total Virtual: 16180.04 MB
Available Virtual: 14199.2 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.79 GB) (Free:16.68 GB) NTFS
Drive i: (RECOVERY) (Fixed) (Total:48.83 GB) (Free:34.75 GB) NTFS
Drive j: (DATA) (Fixed) (Total:882.58 GB) (Free:471.66 GB) NTFS

\\?\Volume{e84df157-cb29-11e2-8bbf-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 9BCB0B1B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=882.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 9BCB0B13)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Re: Preventivní kontrola logu - tmczech

Napsal: 30 zář 2018 21:51
od Conder
:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\ProgramData\Logitech\LogiSmoothChromeExt.crx
File: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
File: C:\Windows\SysWOW64\ASGT.exe
File: C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

HKU\S-1-5-21-3455737578-2053105143-1757345281-1000\...\MountPoints2: {4e614866-1249-11e7-96a7-60a44c639dd7} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3455737578-2053105143-1757345281-1000\...\MountPoints2: {a1b59bc0-3117-11e4-8054-806e6f6e6963} - L:\setup.exe
HKU\S-1-5-21-3455737578-2053105143-1757345281-1000\...\MountPoints2: {cf249540-d699-11e6-898c-60a44c639dd7} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3455737578-2053105143-1757345281-1000\...\MountPoints2: {e84df15b-cb29-11e2-8bbf-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk [2016-12-18]
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
2018-09-27 18:33 - 2018-09-27 18:33 - 000000000 ____D C:\rsit
2018-09-27 18:31 - 2018-09-27 18:31 - 001222144 _____ C:\Users\Admin\Desktop\RSITx64.exe
2018-09-27 18:33 - 2014-05-02 21:56 - 000000000 ____D C:\Program Files\trend micro
2015-10-04 15:49 - 2015-10-04 15:54 - 000000000 _____ () C:\Users\Admin\AppData\Local\{1CC62C8B-8478-4129-832B-C3272A9CCAB8}
2015-10-04 15:49 - 2015-10-04 15:54 - 000000000 _____ () C:\Users\Admin\AppData\Local\{43642610-3635-40E8-A766-B52E9DF771ED}
2015-08-30 23:31 - 2015-08-30 23:39 - 000000000 _____ () C:\Users\Admin\AppData\Local\{D91E40E1-5C28-48AC-830B-9E5F8CD70587}
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
Task: {FEBA3B8B-AE4C-4CD5-9F76-4A5E6CC634A9} - System32\Tasks\{9DEA5E79-EAC7-4E94-AA8D-FDEB99A29D25} => J:\Hry\H&D2\hd2.exe

Hosts:
EmptyTemp:
End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Re: Preventivní kontrola logu - tmczech

Napsal: 02 říj 2018 20:29
od tmczech
Fix result of Farbar Recovery Scan Tool (x64) Version: 28.09.2018
Ran by Admin (02-10-2018 21:25:03) Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\ProgramData\Logitech\LogiSmoothChromeExt.crx
File: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
File: C:\Windows\SysWOW64\ASGT.exe
File: C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

HKU\S-1-5-21-3455737578-2053105143-1757345281-1000\...\MountPoints2: {4e614866-1249-11e7-96a7-60a44c639dd7} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3455737578-2053105143-1757345281-1000\...\MountPoints2: {a1b59bc0-3117-11e4-8054-806e6f6e6963} - L:\setup.exe
HKU\S-1-5-21-3455737578-2053105143-1757345281-1000\...\MountPoints2: {cf249540-d699-11e6-898c-60a44c639dd7} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3455737578-2053105143-1757345281-1000\...\MountPoints2: {e84df15b-cb29-11e2-8bbf-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk [2016-12-18]
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
2018-09-27 18:33 - 2018-09-27 18:33 - 000000000 ____D C:\rsit
2018-09-27 18:31 - 2018-09-27 18:31 - 001222144 _____ C:\Users\Admin\Desktop\RSITx64.exe
2018-09-27 18:33 - 2014-05-02 21:56 - 000000000 ____D C:\Program Files\trend micro
2015-10-04 15:49 - 2015-10-04 15:54 - 000000000 _____ () C:\Users\Admin\AppData\Local\{1CC62C8B-8478-4129-832B-C3272A9CCAB8}
2015-10-04 15:49 - 2015-10-04 15:54 - 000000000 _____ () C:\Users\Admin\AppData\Local\{43642610-3635-40E8-A766-B52E9DF771ED}
2015-08-30 23:31 - 2015-08-30 23:39 - 000000000 _____ () C:\Users\Admin\AppData\Local\{D91E40E1-5C28-48AC-830B-9E5F8CD70587}
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
Task: {FEBA3B8B-AE4C-4CD5-9F76-4A5E6CC634A9} - System32\Tasks\{9DEA5E79-EAC7-4E94-AA8D-FDEB99A29D25} => J:\Hry\H&D2\hd2.exe

Hosts:
EmptyTemp:
End

*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 93
Average :
Sum : 174127944
Maximum :
Minimum :
Property : Length


========= End of Powershell: =========


========================= File: C:\ProgramData\Logitech\LogiSmoothChromeExt.crx ========================

C:\ProgramData\Logitech\LogiSmoothChromeExt.crx
File not signed
MD5: 5EA1E773FDE698AE81EC9FED93546F6A
Creation and modification date: 2013-06-04 21:45 - 2013-02-21 03:59
Size: 000011667
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/file/84bf243 ... 370414365/

====== End of File: ======


========================= File: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe ========================

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
File not signed
MD5: 1A468DCA65D7807F7CCD3E879EBD3E4E
Creation and modification date: 2012-06-11 13:12 - 2012-06-11 13:12
Size: 000361984
Attributes: ----A
Company Name: Advanced Micro Devices, Inc.
Internal Name: Fuel
Original Name: Fuel.Service.exe
Product: AMD Fuel Service
Description: AMD Fuel Service
File Version: 1.0.0.0
Product Version: 1.0.0.0
Copyright: Copyright © 2009-2010 Advanced Micro Devices, Inc. All Rights Reserved
VirusTotal: https://www.virustotal.com/file/6902e4e ... 448101031/

====== End of File: ======


========================= File: C:\Windows\SysWOW64\ASGT.exe ========================

C:\Windows\SysWOW64\ASGT.exe
File not signed
MD5: E536856E96A7605EBF580D62A868E5FE
Creation and modification date: 2012-01-17 11:24 - 2012-01-17 11:24
Size: 000055296
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/file/70d0f6e ... 537585149/

====== End of File: ======


========================= File: C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe ========================

C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
File not signed
MD5: 1CF03C69B49ACB70C722DF92755C0C8C
Creation and modification date: 2005-04-04 00:41 - 2005-04-04 00:41
Size: 000069632
Attributes: ----A
Company Name: Macrovision Corporation
Internal Name: IDriverT
Original Name: IDriverT.exe
Product: InstallShield (R)
Description: IDriverT Module
File Version: 11.00.28844
Product Version: 11.00
Copyright: Copyright (C) 2005 Macrovision Corporation
VirusTotal: https://www.virustotal.com/file/c227850 ... 538499020/

====== End of File: ======

"HKU\S-1-5-21-3455737578-2053105143-1757345281-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e614866-1249-11e7-96a7-60a44c639dd7}" => removed successfully
HKLM\Software\Classes\CLSID\{4e614866-1249-11e7-96a7-60a44c639dd7} => not found
"HKU\S-1-5-21-3455737578-2053105143-1757345281-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1b59bc0-3117-11e4-8054-806e6f6e6963}" => removed successfully
HKLM\Software\Classes\CLSID\{a1b59bc0-3117-11e4-8054-806e6f6e6963} => not found
"HKU\S-1-5-21-3455737578-2053105143-1757345281-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf249540-d699-11e6-898c-60a44c639dd7}" => removed successfully
HKLM\Software\Classes\CLSID\{cf249540-d699-11e6-898c-60a44c639dd7} => not found
"HKU\S-1-5-21-3455737578-2053105143-1757345281-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e84df15b-cb29-11e2-8bbf-806e6f6e6963}" => removed successfully
HKLM\Software\Classes\CLSID\{e84df15b-cb29-11e2-8bbf-806e6f6e6963} => not found
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk => moved successfully
"HKLM\Software\Classes\PROTOCOLS\Handler\ms-help" => removed successfully
HKLM\Software\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294} => not found
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
C:\rsit => moved successfully
C:\Users\Admin\Desktop\RSITx64.exe => moved successfully
C:\Program Files\trend micro => moved successfully
C:\Users\Admin\AppData\Local\{1CC62C8B-8478-4129-832B-C3272A9CCAB8} => moved successfully
C:\Users\Admin\AppData\Local\{43642610-3635-40E8-A766-B52E9DF771ED} => moved successfully
C:\Users\Admin\AppData\Local\{D91E40E1-5C28-48AC-830B-9E5F8CD70587} => moved successfully
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files" => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files" => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FEBA3B8B-AE4C-4CD5-9F76-4A5E6CC634A9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEBA3B8B-AE4C-4CD5-9F76-4A5E6CC634A9}" => removed successfully
C:\Windows\System32\Tasks\{9DEA5E79-EAC7-4E94-AA8D-FDEB99A29D25} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9DEA5E79-EAC7-4E94-AA8D-FDEB99A29D25}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6300878 B
Java, Flash, Steam htmlcache => 34518927 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 31310050 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Admin => 21103643 B

RecycleBin => 0 B
EmptyTemp: => 100.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:25:35 ====

Re: Preventivní kontrola logu - tmczech

Napsal: 02 říj 2018 21:42
od Conder
:arrow: Ako to vyzera s PC? Nastala nejaka zmena alebo su este nejake problemy?

Re: Preventivní kontrola logu - tmczech

Napsal: 03 říj 2018 17:04
od tmczech
Vše běžní normálně bez změny. Předtím jsem žádné problémy nedetekoval. Jen preventivní kontrola.

Re: Preventivní kontrola logu - tmczech

Napsal: 03 říj 2018 17:31
od Conder
:arrow: Tak este upraceme po pouzitych nastrojoch:

Re: Preventivní kontrola logu - tmczech

Napsal: 03 říj 2018 17:47
od tmczech
# DelFix v1.013 - Logfile created 03/10/2018 at 18:46:03
# Updated 17/04/2016 by Xplode
# Username : Admin - H-ADMIN-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Admin\Desktop\Addition.txt
Deleted : C:\Users\Admin\Desktop\adwcleaner_7.2.4.0.exe
Deleted : C:\Users\Admin\Desktop\Fixlog.txt
Deleted : C:\Users\Admin\Desktop\FRST.txt
Deleted : C:\Users\Admin\Desktop\FRST64 (1).exe
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

########## - EOF - ##########

Re: Preventivní kontrola logu - tmczech

Napsal: 04 říj 2018 21:07
od Conder
Toto je OK.

Re: Preventivní kontrola logu - tmczech

Napsal: 05 říj 2018 16:32
od tmczech
Pochopil jsem, že vše bylo čisté, že?
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz