Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Preventívna kontrola

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
ferenc77
Návštěvník
Návštěvník
Příspěvky: 235
Registrován: 28 lis 2012 13:21

Preventívna kontrola

#1 Příspěvek od ferenc77 »

Logfile of random's system information tool 1.10 (written by random/random)
Run by Elen at 2018-08-22 14:32:03
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 225 GB (74%) free of 305 GB
Total RAM: 3824 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:32:10, on 22. 8. 2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19101)
Boot mode: Normal

Running processes:
C:\Program Files\trend micro\Elen.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: BHOHOOK - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\TOSHIBA\TFPU\x86\TFPUPWDBankBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\ATService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ESET Firewall Helper (ekrnEpfw) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6572 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files\ESET\ESET Smart Security\ekrn.exe"
winlogon.exe
"C:\Program Files\Fingerprint Sensor\ATService.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k imgsvc
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"taskhost.exe"
"C:\Windows\Explorer.EXE"
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe47_ Global\UsGthrCtrlFltPipeMssGthrPipe47 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 528 532 540 65536 536
"C:\Users\Elen\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
"C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/ ... 170231?v=4 C:\Users\Elen\AppData\Roaming\Mozilla\Firefox\Profiles\yu1a5cmu.default-1515241684207\saved-telemetry-pings\27f671dc-feed-4c03-af3c-0f9641320bdf
\??\C:\Windows\system32\conhost.exe "-275375750-1007003321-1736866361-12069553151179424662478637224-1581629297424942570

=========Mozilla firefox=========

ProfilePath - C:\Users\Elen\AppData\Roaming\Mozilla\Firefox\Profiles\yu1a5cmu.default-1515241684207

prefs.js - "browser.startup.homepage" - "www.google.sk"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 30.0.0.154 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_154.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\ditec.sk/DAsicFac]
"Description"=
"Path"=C:\PROGRA~2\Ditec\DSIGNE~2.NET\NPDITE~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\ditec.sk/DitecZepDViewerFb]
"Description"=
"Path"=C:\PROGRA~2\Ditec\DViewer\NPDITE~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\ditec.sk/DSigMessageContainer]
"Description"=
"Path"=C:\PROGRA~2\Ditec\DSIGNE~2.NET\NPDITE~2.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\ditec.sk/DSigXadesExtender]
"Description"=
"Path"=C:\PROGRA~2\Ditec\DSIGNE~2.NET\NPDITE~3.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\ditec.sk/DSigXadesFb]
"Description"=
"Path"=C:\PROGRA~2\Ditec\DSIGNE~1.NET\NPDITE~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\ditec.sk/XmlDataContainerFb]
"Description"=
"Path"=C:\PROGRA~2\Ditec\DSIGNE~1.NET\NPDITE~2.DLL


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 30.0.0.154 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.181.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.181.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=3.0.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=3.0.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-08-09 582008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-08-09 245112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9}]
TFPUPWDBankBHO Class - C:\Program Files\TOSHIBA\TFPU\x86\TFPUPWDBankBHO.dll [2010-03-02 45488]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-07-28 161304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-07-28 386584]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-07-28 415256]
"egui"=C:\Program Files\ESET\ESET Smart Security\ecmds.exe [2018-07-28 178504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EAC_MW_klient]
C:\Program Files (x86)\EAC MW klient\EAC_MW_klient.exe [2018-07-10 11456064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eIDCertPropagator]
C:\Program Files (x86)\EAC MW klient\eIDCertPropagator.exe [2018-07-03 533504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eID_klient]
C:\Program Files (x86)\eID klient\eID_klient.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2011-04-01 80840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-07-07 601424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFPUPWDBankService]
C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe [2010-03-02 925104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFPUService]
C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe [2010-03-02 793008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Users\Elen\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
C:\PROGRA~2\Toshiba\BLUETO~1\TosBtMng.exe [2014-08-01 2815880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-07-28 271360]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2018-08-15 11:55:01 ----SHD---- C:\Config.Msi
2018-08-14 21:08:10 ----A---- C:\Windows\system32\mshtml.dll
2018-08-14 21:08:10 ----A---- C:\Windows\system32\cscdll.dll
2018-08-14 21:08:10 ----A---- C:\Windows\system32\cscapi.dll
2018-08-14 21:08:09 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2018-08-14 21:08:07 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2018-08-14 21:08:07 ----A---- C:\Windows\system32\ieframe.dll
2018-08-14 21:08:06 ----A---- C:\Windows\SYSWOW64\wininet.dll
2018-08-14 21:08:06 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2018-08-14 21:08:06 ----A---- C:\Windows\system32\wininet.dll
2018-08-14 21:08:06 ----A---- C:\Windows\system32\jscript9.dll
2018-08-14 21:08:05 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2018-08-14 21:08:05 ----A---- C:\Windows\system32\urlmon.dll
2018-08-14 21:08:05 ----A---- C:\Windows\system32\ntoskrnl.exe
2018-08-14 21:08:05 ----A---- C:\Windows\system32\drivers\processr.sys
2018-08-14 21:08:05 ----A---- C:\Windows\system32\drivers\intelppm.sys
2018-08-14 21:08:05 ----A---- C:\Windows\system32\drivers\amdppm.sys
2018-08-14 21:08:05 ----A---- C:\Windows\system32\drivers\amdk8.sys
2018-08-14 21:08:04 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2018-08-14 21:08:04 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2018-08-14 21:08:04 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2018-08-14 21:08:04 ----A---- C:\Windows\system32\win32k.sys
2018-08-14 21:08:04 ----A---- C:\Windows\system32\iertutil.dll
2018-08-14 21:08:03 ----A---- C:\Windows\SYSWOW64\msi.dll
2018-08-14 21:08:03 ----A---- C:\Windows\SYSWOW64\mf3216.dll
2018-08-14 21:08:03 ----A---- C:\Windows\system32\msi.dll
2018-08-14 21:08:03 ----A---- C:\Windows\system32\mf3216.dll
2018-08-14 21:08:02 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2018-08-14 21:08:02 ----A---- C:\Windows\SYSWOW64\StructuredQuery.dll
2018-08-14 21:08:02 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2018-08-14 21:08:02 ----A---- C:\Windows\SYSWOW64\jscript.dll
2018-08-14 21:08:02 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2018-08-14 21:08:02 ----A---- C:\Windows\system32\vbscript.dll
2018-08-14 21:08:02 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2018-08-14 21:08:02 ----A---- C:\Windows\system32\msfeeds.dll
2018-08-14 21:08:02 ----A---- C:\Windows\system32\jscript.dll
2018-08-14 21:08:02 ----A---- C:\Windows\system32\drivers\ndis.sys
2018-08-14 21:08:01 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2018-08-14 21:08:01 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2018-08-14 21:08:01 ----A---- C:\Windows\SYSWOW64\cscdll.dll
2018-08-14 21:08:01 ----A---- C:\Windows\SYSWOW64\cscapi.dll
2018-08-14 21:08:01 ----A---- C:\Windows\system32\StructuredQuery.dll
2018-08-14 21:08:01 ----A---- C:\Windows\system32\ntdll.dll
2018-08-14 21:08:01 ----A---- C:\Windows\system32\msiexec.exe
2018-08-14 21:08:01 ----A---- C:\Windows\system32\iedkcs32.dll
2018-08-14 21:08:01 ----A---- C:\Windows\system32\hal.dll
2018-08-14 21:08:01 ----A---- C:\Windows\system32\fontsub.dll
2018-08-14 21:08:01 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2018-08-14 21:08:01 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2018-08-14 21:08:00 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2018-08-14 21:08:00 ----A---- C:\Windows\SYSWOW64\t2embed.dll
2018-08-14 21:08:00 ----A---- C:\Windows\SYSWOW64\msimg32.dll
2018-08-14 21:08:00 ----A---- C:\Windows\SYSWOW64\msiexec.exe
2018-08-14 21:08:00 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2018-08-14 21:08:00 ----A---- C:\Windows\SYSWOW64\hlink.dll
2018-08-14 21:08:00 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2018-08-14 21:08:00 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2018-08-14 21:08:00 ----A---- C:\Windows\system32\webcheck.dll
2018-08-14 21:08:00 ----A---- C:\Windows\system32\t2embed.dll
2018-08-14 21:08:00 ----A---- C:\Windows\system32\msimg32.dll
2018-08-14 21:08:00 ----A---- C:\Windows\system32\mshtmlmedia.dll
2018-08-14 21:08:00 ----A---- C:\Windows\system32\ieapfltr.dll
2018-08-14 21:08:00 ----A---- C:\Windows\system32\ie4uinit.exe
2018-08-14 21:08:00 ----A---- C:\Windows\system32\hlink.dll
2018-08-14 21:08:00 ----A---- C:\Windows\system32\consent.exe
2018-08-14 21:08:00 ----A---- C:\Windows\system32\atmfd.dll
2018-08-14 21:07:59 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2018-08-14 21:07:59 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2018-08-14 21:07:59 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2018-08-14 21:07:59 ----A---- C:\Windows\SYSWOW64\certcli.dll
2018-08-14 21:07:59 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2018-08-14 21:07:59 ----A---- C:\Windows\system32\winsrv.dll
2018-08-14 21:07:59 ----A---- C:\Windows\system32\wdigest.dll
2018-08-14 21:07:59 ----A---- C:\Windows\system32\TSpkg.dll
2018-08-14 21:07:59 ----A---- C:\Windows\system32\srcore.dll
2018-08-14 21:07:59 ----A---- C:\Windows\system32\smss.exe
2018-08-14 21:07:59 ----A---- C:\Windows\system32\schannel.dll
2018-08-14 21:07:59 ----A---- C:\Windows\system32\rstrui.exe
2018-08-14 21:07:59 ----A---- C:\Windows\system32\rpcrt4.dll
2018-08-14 21:07:59 ----A---- C:\Windows\system32\msv1_0.dll
2018-08-14 21:07:59 ----A---- C:\Windows\system32\lsasrv.dll
2018-08-14 21:07:59 ----A---- C:\Windows\system32\kernel32.dll
2018-08-14 21:07:59 ----A---- C:\Windows\system32\kerberos.dll
2018-08-14 21:07:59 ----A---- C:\Windows\system32\jscript9diag.dll
2018-08-14 21:07:59 ----A---- C:\Windows\system32\conhost.exe
2018-08-14 21:07:59 ----A---- C:\Windows\system32\certcli.dll
2018-08-14 21:07:59 ----A---- C:\Windows\system32\advapi32.dll
2018-08-14 21:07:58 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2018-08-14 21:07:58 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2018-08-14 21:07:58 ----A---- C:\Windows\SYSWOW64\schannel.dll
2018-08-14 21:07:58 ----A---- C:\Windows\SYSWOW64\setup16.exe
2018-08-14 21:07:58 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2018-08-14 21:07:58 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2018-08-14 21:07:58 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2018-08-14 21:07:58 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2018-08-14 21:07:58 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2018-08-14 21:07:58 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2018-08-14 21:07:58 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2018-08-14 21:07:58 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2018-08-14 21:07:58 ----A---- C:\Windows\system32\rpchttp.dll
2018-08-14 21:07:58 ----A---- C:\Windows\system32\ntvdm64.dll
2018-08-14 21:07:58 ----A---- C:\Windows\system32\ncrypt.dll
2018-08-14 21:07:58 ----A---- C:\Windows\system32\KernelBase.dll
2018-08-14 21:07:58 ----A---- C:\Windows\system32\inseng.dll
2018-08-14 21:07:58 ----A---- C:\Windows\system32\drivers\videoprt.sys
2018-08-14 21:07:58 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2018-08-14 21:07:58 ----A---- C:\Windows\system32\csrsrv.dll
2018-08-14 21:07:58 ----A---- C:\Windows\system32\auditpol.exe
2018-08-14 21:07:58 ----A---- C:\Windows\system32\appidsvc.dll
2018-08-14 21:07:58 ----A---- C:\Windows\system32\appidapi.dll
2018-08-14 21:07:57 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2018-08-14 21:07:57 ----A---- C:\Windows\SYSWOW64\srclient.dll
2018-08-14 21:07:57 ----A---- C:\Windows\SYSWOW64\secur32.dll
2018-08-14 21:07:57 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2018-08-14 21:07:57 ----A---- C:\Windows\SYSWOW64\credssp.dll
2018-08-14 21:07:57 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2018-08-14 21:07:57 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2018-08-14 21:07:57 ----A---- C:\Windows\system32\wow64win.dll
2018-08-14 21:07:57 ----A---- C:\Windows\system32\wow64cpu.dll
2018-08-14 21:07:57 ----A---- C:\Windows\system32\wow64.dll
2018-08-14 21:07:57 ----A---- C:\Windows\system32\sspisrv.dll
2018-08-14 21:07:57 ----A---- C:\Windows\system32\sspicli.dll
2018-08-14 21:07:57 ----A---- C:\Windows\system32\srclient.dll
2018-08-14 21:07:57 ----A---- C:\Windows\system32\setbcdlocale.dll
2018-08-14 21:07:57 ----A---- C:\Windows\system32\secur32.dll
2018-08-14 21:07:57 ----A---- C:\Windows\system32\lsass.exe
2018-08-14 21:07:57 ----A---- C:\Windows\system32\ieui.dll
2018-08-14 21:07:57 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2018-08-14 21:07:57 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2018-08-14 21:07:57 ----A---- C:\Windows\system32\drivers\appid.sys
2018-08-14 21:07:57 ----A---- C:\Windows\system32\cryptbase.dll
2018-08-14 21:07:57 ----A---- C:\Windows\system32\credssp.dll
2018-08-14 21:07:57 ----A---- C:\Windows\system32\bcrypt.dll
2018-08-14 21:07:57 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2018-08-14 21:07:57 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2018-08-14 21:07:57 ----A---- C:\Windows\system32\apisetschema.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-08-14 21:07:56 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-08-14 21:07:56 ----A---- C:\Windows\SYSWOW64\wow32.dll
2018-08-14 21:07:56 ----A---- C:\Windows\SYSWOW64\instnm.exe
2018-08-14 21:07:56 ----A---- C:\Windows\system32\mshtmled.dll
2018-08-14 21:07:56 ----A---- C:\Windows\system32\dxtrans.dll
2018-08-14 21:07:56 ----A---- C:\Windows\system32\dxtmsft.dll
2018-08-14 21:07:56 ----A---- C:\Windows\system32\authui.dll
2018-08-14 21:07:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-08-14 21:07:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2018-08-14 21:07:55 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-08-14 21:07:55 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-08-14 21:07:55 ----A---- C:\Windows\SYSWOW64\occache.dll
2018-08-14 21:07:55 ----A---- C:\Windows\SYSWOW64\msrating.dll
2018-08-14 21:07:55 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2018-08-14 21:07:55 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2018-08-14 21:07:55 ----A---- C:\Windows\SYSWOW64\ieui.dll
2018-08-14 21:07:55 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2018-08-14 21:07:55 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2018-08-14 21:07:55 ----A---- C:\Windows\SYSWOW64\authui.dll
2018-08-14 21:07:55 ----A---- C:\Windows\system32\occache.dll
2018-08-14 21:07:55 ----A---- C:\Windows\system32\msrating.dll
2018-08-14 21:07:55 ----A---- C:\Windows\system32\msihnd.dll
2018-08-14 21:07:55 ----A---- C:\Windows\system32\jsproxy.dll
2018-08-14 21:07:55 ----A---- C:\Windows\system32\ieUnatt.exe
2018-08-14 21:07:54 ----A---- C:\Windows\SYSWOW64\user.exe
2018-08-14 21:07:54 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2018-08-14 21:07:54 ----A---- C:\Windows\SYSWOW64\msihnd.dll
2018-08-14 21:07:54 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2018-08-14 21:07:54 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2018-08-14 21:07:54 ----A---- C:\Windows\SYSWOW64\lpk.dll
2018-08-14 21:07:54 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2018-08-14 21:07:54 ----A---- C:\Windows\SYSWOW64\inseng.dll
2018-08-14 21:07:54 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2018-08-14 21:07:54 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2018-08-14 21:07:54 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2018-08-14 21:07:54 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2018-08-14 21:07:54 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2018-08-14 21:07:54 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2018-08-14 21:07:54 ----A---- C:\Windows\system32\msobjs.dll
2018-08-14 21:07:54 ----A---- C:\Windows\system32\MshtmlDac.dll
2018-08-14 21:07:54 ----A---- C:\Windows\system32\msaudite.dll
2018-08-14 21:07:54 ----A---- C:\Windows\system32\lpk.dll
2018-08-14 21:07:54 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-08-14 21:07:54 ----A---- C:\Windows\system32\iesetup.dll
2018-08-14 21:07:54 ----A---- C:\Windows\system32\iernonce.dll
2018-08-14 21:07:54 ----A---- C:\Windows\system32\ieetwproxystub.dll
2018-08-14 21:07:54 ----A---- C:\Windows\system32\ieetwcollector.exe
2018-08-14 21:07:54 ----A---- C:\Windows\system32\dciman32.dll
2018-08-14 21:07:54 ----A---- C:\Windows\system32\appinfo.dll
2018-08-14 21:07:54 ----A---- C:\Windows\system32\adtschema.dll
2018-08-14 21:07:53 ----A---- C:\Windows\SYSWOW64\msimsg.dll
2018-08-14 21:07:53 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2018-08-14 21:07:53 ----A---- C:\Windows\system32\msimsg.dll
2018-08-14 21:07:53 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2018-08-14 21:07:53 ----A---- C:\Windows\system32\atmlib.dll
2018-08-09 21:44:08 ----D---- C:\Users\Elen\AppData\Roaming\Sun
2018-08-09 21:42:50 ----A---- C:\Windows\system32\WindowsAccessBridge-64.dll
2018-08-09 21:42:19 ----D---- C:\ProgramData\Oracle
2018-08-09 21:42:14 ----D---- C:\Program Files\Java
2018-08-09 21:29:56 ----D---- C:\Program Files (x86)\EAC MW klient
2018-08-08 20:44:32 ----D---- C:\ProgramData\Ditec
2018-08-08 20:44:16 ----D---- C:\Program Files (x86)\Ditec
2018-08-08 20:22:30 ----D---- C:\Program Files (x86)\Gemalto
2018-08-08 20:18:39 ----D---- C:\Users\Elen\AppData\Roaming\EAC_MW_klient
2018-08-08 19:49:40 ----D---- C:\Users\Elen\AppData\Roaming\Kastner software
2018-08-08 19:49:24 ----D---- C:\ProgramData\KASTNER software
2018-08-08 19:49:24 ----D---- C:\Program Files (x86)\KASTNER software
2018-08-07 23:36:54 ----D---- C:\Program Files (x86)\Bit4id

======List of files/folders modified in the last 1 month======

2018-08-22 14:32:10 ----D---- C:\Windows\Prefetch
2018-08-22 14:32:08 ----D---- C:\Program Files\trend micro
2018-08-22 14:32:02 ----D---- C:\Windows\Temp
2018-08-22 13:38:46 ----D---- C:\Windows\system32\config
2018-08-22 12:59:42 ----D---- C:\Users\Elen\AppData\Roaming\vlc
2018-08-21 11:02:33 ----D---- C:\Windows\System32
2018-08-21 11:02:33 ----D---- C:\Windows\inf
2018-08-21 11:02:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-08-20 16:49:18 ----SHD---- C:\System Volume Information
2018-08-16 11:09:18 ----D---- C:\Windows\rescache
2018-08-16 10:12:53 ----D---- C:\Windows\Microsoft.NET
2018-08-16 10:12:15 ----RSD---- C:\Windows\assembly
2018-08-15 22:03:18 ----D---- C:\Windows\winsxs
2018-08-15 21:57:17 ----D---- C:\Program Files\Internet Explorer
2018-08-15 21:57:17 ----D---- C:\Program Files (x86)\Internet Explorer
2018-08-15 21:57:16 ----D---- C:\Windows\SYSWOW64\sk-SK
2018-08-15 21:57:16 ----D---- C:\Windows\SYSWOW64\en-US
2018-08-15 21:57:16 ----D---- C:\Windows\SysWOW64
2018-08-15 21:57:14 ----D---- C:\Windows\system32\sk-SK
2018-08-15 21:57:14 ----D---- C:\Windows\system32\en-US
2018-08-15 21:57:14 ----D---- C:\Windows\system32\drivers
2018-08-15 21:57:11 ----D---- C:\Windows\AppPatch
2018-08-15 21:57:10 ----D---- C:\Windows\system32\migration
2018-08-15 21:57:10 ----D---- C:\Windows\system32\Boot
2018-08-15 21:57:09 ----D---- C:\Windows\system32\DriverStore
2018-08-15 12:02:33 ----D---- C:\Windows\system32\MRT
2018-08-15 11:58:59 ----AC---- C:\Windows\system32\MRT.exe
2018-08-15 11:58:50 ----SHD---- C:\Windows\Installer
2018-08-15 11:56:06 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2018-08-15 11:53:39 ----D---- C:\Windows\system32\catroot2
2018-08-14 21:10:39 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2018-08-14 21:10:31 ----D---- C:\Windows\system32\Macromed
2018-08-14 21:10:22 ----D---- C:\Windows\SYSWOW64\Macromed
2018-08-11 13:31:02 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2018-08-11 13:30:04 ----D---- C:\Windows\system32\catroot
2018-08-09 21:44:20 ----D---- C:\Program Files (x86)\Common Files
2018-08-09 21:42:19 ----HD---- C:\ProgramData
2018-08-09 21:42:14 ----RD---- C:\Program Files
2018-08-09 21:36:33 ----D---- C:\ProgramData\boost_interprocess
2018-08-09 21:35:55 ----D---- C:\Program Files\Mozilla Firefox
2018-08-09 21:29:56 ----RD---- C:\Program Files (x86)
2018-08-08 20:44:07 ----D---- C:\ProgramData\Package Cache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 edevmon;edevmon; C:\Windows\system32\DRIVERS\edevmon.sys [2018-07-28 109920]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 213736]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2018-07-28 143624]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2018-07-28 196112]
R1 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2018-07-28 82816]
R1 EpfwLWF;ESET Personal Firewall; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2018-07-28 61552]
R1 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2018-07-28 110376]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2012-06-12 83032]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 rimspci;rimspci; C:\Windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]
R2 risdpcie;risdpcie; C:\Windows\system32\DRIVERS\risdpe64.sys [2009-07-28 81408]
R2 rixdpcie;rixdpcie; C:\Windows\system32\DRIVERS\rixdpe64.sys [2011-04-26 53760]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-09-21 1537024]
R3 ATSwpWDF;AuthenTec TruePrint USB Driver; C:\Windows\System32\Drivers\ATSwpWDF.sys [2010-06-17 770152]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K; C:\Windows\system32\DRIVERS\e1k62x64.sys [2009-09-23 283824]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-07-28 10610400]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2012-07-27 55288]
R3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2014-10-24 309360]
R3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2014-06-21 53624]
R3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2012-08-01 95088]
R3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2014-06-22 95096]
R3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2016-02-05 147904]
S3 AndnetBus;LGE Mobile USB Composite Device; C:\Windows\system32\DRIVERS\lgandnetbus64.sys [2015-05-12 29184]
S3 AndNetDiag;LGE AndroidNet USB Serial Port; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [2015-05-12 30720]
S3 ANDNetModem;LGE AndroidNet USB Modem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [2015-05-12 37376]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files (x86)\MediaCoder\SysInfoX64.sys []
S3 GemCCID;GemCCID; C:\Windows\system32\DRIVERS\GemCCID.sys [2016-10-17 137712]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2010-11-11 50864]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2009-07-24 26472]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2012-05-10 69568]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
S4 ekbdflt;ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [2018-07-28 50144]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-03-21 83984]
R2 ATService;AuthenTec Fingerprint Service; C:\Program Files\Fingerprint Sensor\ATService.exe [2010-06-17 2734912]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2018-07-28 2330224]
R3 ekrnEpfw;ESET Firewall Helper; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2018-07-28 2330224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2018-03-26 107592]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2018-03-26 128584]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-14 335872]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2018-07-19 116224]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-08-09 194512]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2014-11-01 179608]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2017-03-13 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2018-03-26 52832]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2018-03-26 136288]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2018-03-26 136288]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2018-03-26 136288]

-----------------EOF-----------------

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Preventívna kontrola

#2 Příspěvek od Conder »

Ahoj :)

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
  • Nechaj zaskrtnute vsetky nalezy
  • Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
  • Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
  • Otvori sa log, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

ferenc77
Návštěvník
Návštěvník
Příspěvky: 235
Registrován: 28 lis 2012 13:21

Re: Preventívna kontrola

#3 Příspěvek od ferenc77 »

# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build: 07-17-2018
# Database: 2018-08-20.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-22-2018
# Duration: 00:00:03
# OS: Windows 7 Home Premium
# Cleaned: 4
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

Deleted C:\Users\Elen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\csastats
Deleted HKCU\Software\Sunisoft
Deleted HKLM\Software\Wow6432Node\Sunisoft

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1521 octets] - [22/08/2018 21:40:16]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Preventívna kontrola

#4 Příspěvek od Conder »

:arrow: Poprosim o logy z FRST (Farbar Recovery Scan Tool)
  • Stiahni FRST a uloz na plochu: https://www.bleepingcomputer.com/downlo ... scan-tool/
  • Je potrebne stiahnut 32 alebo 64 bitovu verziu podla operacneho systemu; ak si nie si isty, stiahni a vyskusaj obidve (spustit pojde len jedna)
  • Klikni na FRST pravym tlacitkom mysi a vyber Spustit ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Scan a pockaj na dokoncenie
  • Obidva vytvorene logy (FRST.txt a Addition.txt) vloz do nasledujcej odpovede
  • Ak sa logy nezmestia do jednej odpovede, rozdel ich do viac odpovedi, pripadne zabal do archivu ZIP a posli ako prilohu
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

ferenc77
Návštěvník
Návštěvník
Příspěvky: 235
Registrován: 28 lis 2012 13:21

Re: Preventívna kontrola

#5 Příspěvek od ferenc77 »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.08.2018
Ran by Elen (administrator) on ELEN-PC (24-08-2018 20:23:03)
Running from C:\Users\Elen\Desktop
Loaded Profiles: Elen (Available Profiles: Elen)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\ecmds.exe [178504 2018-07-28] (ESET)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
BootExecute: autocheck autochk * avgBoot.exe /M:50c36eb221 /wow /dir:"C:\Program Files\AVG\Antivirus"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{71B4CB1D-D57F-4D10-A7E9-3B8CC2C59BF7}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2020905331-924975909-1311165131-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.sk/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-08-09] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-08-09] (Oracle Corporation)
BHO-x32: TFPUPWDBankBHO Class -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\TFPU\x86\TFPUPWDBankBHO.dll [2010-03-02] (TODO: <Company name>)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: yu1a5cmu.default-1515241684207
FF ProfilePath: C:\Users\Elen\AppData\Roaming\Mozilla\Firefox\Profiles\yu1a5cmu.default-1515241684207 [2018-08-24]
FF Homepage: Mozilla\Firefox\Profiles\yu1a5cmu.default-1515241684207 -> www.google.sk
FF Extension: (Adblock Plus) - C:\Users\Elen\AppData\Roaming\Mozilla\Firefox\Profiles\yu1a5cmu.default-1515241684207\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-07-18]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll [2018-08-22] ()
FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-08-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-08-09] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_154.dll [2018-08-22] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin-x32: ditec.sk/DAsicFac -> C:\PROGRA~2\Ditec\DSIGNE~2.NET\NPDITE~1.DLL [2017-05-12] (Ditec,a.s.)
FF Plugin-x32: ditec.sk/DitecZepDViewerFb -> C:\PROGRA~2\Ditec\DViewer\NPDITE~1.DLL [2018-07-19] (Ditec, a.s.)
FF Plugin-x32: ditec.sk/DSigMessageContainer -> C:\PROGRA~2\Ditec\DSIGNE~2.NET\NPDITE~2.DLL [2016-12-15] (Ditec, a.s.)
FF Plugin-x32: ditec.sk/DSigXadesExtender -> C:\PROGRA~2\Ditec\DSIGNE~2.NET\NPDITE~3.DLL [2016-12-15] (Ditec, a.s.)
FF Plugin-x32: ditec.sk/DSigXadesFb -> C:\PROGRA~2\Ditec\DSIGNE~1.NET\NPDITE~1.DLL [2018-07-19] (Ditec,a.s.)
FF Plugin-x32: ditec.sk/XmlDataContainerFb -> C:\PROGRA~2\Ditec\DSIGNE~1.NET\NPDITE~2.DLL [2018-07-19] (Ditec,a.s.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2330224 2018-07-28] (ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2330224 2018-07-28] (ESET)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus64.sys [29184 2015-05-12] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2015-05-12] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2015-05-12] (LG Electronics Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [143624 2018-07-28] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [109920 2018-07-28] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [196112 2018-07-28] (ESET)
S4 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [50144 2018-07-28] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [82816 2018-07-28] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61552 2018-07-28] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [110376 2018-07-28] (ESET)
S3 GemCCID; C:\Windows\System32\DRIVERS\GemCCID.sys [137712 2016-10-17] (Gemalto)
U3 avgbdisk; no ImagePath
S3 CrystalSysInfo; \??\C:\Program Files (x86)\MediaCoder\SysInfoX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-24 20:23 - 2018-08-24 20:24 - 000007796 _____ C:\Users\Elen\Desktop\FRST.txt
2018-08-24 20:22 - 2018-08-24 20:23 - 000000000 ____D C:\FRST
2018-08-24 20:22 - 2018-08-24 20:22 - 002413056 _____ (Farbar) C:\Users\Elen\Desktop\FRST64.exe
2018-08-22 21:38 - 2018-08-22 21:40 - 000000000 ____D C:\AdwCleaner
2018-08-22 20:37 - 2018-08-22 20:37 - 000002743 _____ C:\Users\Elen\Desktop\Microsoft Office Word 2007.lnk
2018-08-22 19:12 - 2018-08-22 21:38 - 2594627154 _____ C:\Users\Elen\Desktop\Deadpool 2.mkv
2018-08-20 20:17 - 2018-08-20 20:17 - 000878837 _____ C:\Users\Elen\Desktop\letak_A5_strany.pdf
2018-08-18 13:59 - 2018-08-18 14:33 - 1097355358 _____ C:\Users\Elen\Desktop\Psí ostrov.mkv
2018-08-16 20:44 - 2018-08-16 20:45 - 000000000 ____D C:\Users\Elen\Desktop\Francis Lai - A Man And A Woman OST 1966
2018-08-14 21:08 - 2018-08-03 17:55 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2018-08-14 21:08 - 2018-08-03 17:39 - 000084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2018-08-14 21:08 - 2018-08-02 05:20 - 000708272 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-08-14 21:08 - 2018-08-02 05:18 - 000096864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-08-14 21:08 - 2018-08-02 05:07 - 000263776 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-08-14 21:08 - 2018-08-02 05:06 - 000156256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-08-14 21:08 - 2018-08-02 05:05 - 005553760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-08-14 21:08 - 2018-08-02 05:02 - 001665320 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-08-14 21:08 - 2018-08-02 05:00 - 000633080 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-08-14 21:08 - 2018-08-02 04:45 - 004054192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-08-14 21:08 - 2018-08-02 04:45 - 003959984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-08-14 21:08 - 2018-08-02 04:43 - 001315512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-08-14 21:08 - 2018-08-02 04:16 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-08-14 21:08 - 2018-08-02 04:16 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-08-14 21:08 - 2018-08-02 04:16 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-08-14 21:08 - 2018-08-02 04:16 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-08-14 21:08 - 2018-07-20 01:53 - 000396936 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-08-14 21:08 - 2018-07-20 00:58 - 000350272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-08-14 21:08 - 2018-07-19 08:15 - 025745408 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-08-14 21:08 - 2018-07-19 06:35 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-08-14 21:08 - 2018-07-19 06:33 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-08-14 21:08 - 2018-07-19 06:33 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-08-14 21:08 - 2018-07-19 06:30 - 005778432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-08-14 21:08 - 2018-07-19 06:22 - 020286464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-08-14 21:08 - 2018-07-19 06:22 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-08-14 21:08 - 2018-07-19 06:14 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-08-14 21:08 - 2018-07-19 06:05 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-08-14 21:08 - 2018-07-19 06:01 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-08-14 21:08 - 2018-07-19 05:55 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-08-14 21:08 - 2018-07-19 05:47 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-08-14 21:08 - 2018-07-19 05:46 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-08-14 21:08 - 2018-07-19 05:45 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-08-14 21:08 - 2018-07-19 05:45 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-08-14 21:08 - 2018-07-19 05:43 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-08-14 21:08 - 2018-07-19 05:43 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-08-14 21:08 - 2018-07-19 05:32 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-08-14 21:08 - 2018-07-19 05:31 - 004510720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-08-14 21:08 - 2018-07-19 05:30 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-08-14 21:08 - 2018-07-19 05:28 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-08-14 21:08 - 2018-07-19 05:28 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-08-14 21:08 - 2018-07-19 05:28 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-08-14 21:08 - 2018-07-19 05:27 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-08-14 21:08 - 2018-07-19 05:20 - 001554944 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-08-14 21:08 - 2018-07-19 05:09 - 004037632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-08-14 21:08 - 2018-07-19 05:09 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-08-14 21:08 - 2018-07-19 05:06 - 001329152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-08-14 21:08 - 2018-07-19 05:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-08-14 21:08 - 2018-07-08 18:08 - 000383680 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-08-14 21:08 - 2018-07-08 18:02 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-08-14 21:08 - 2018-07-08 18:02 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-08-14 21:08 - 2018-07-08 17:47 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-08-14 21:08 - 2018-07-08 17:42 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-08-14 21:08 - 2018-07-08 17:41 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-08-14 21:08 - 2018-07-07 17:24 - 003226112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-08-14 21:08 - 2018-07-06 18:09 - 000947904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-08-14 21:08 - 2018-07-06 18:03 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2018-08-14 21:08 - 2018-07-06 18:03 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2018-08-14 21:08 - 2018-07-06 17:48 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2018-08-14 21:08 - 2018-07-06 17:48 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll
2018-08-14 21:08 - 2018-06-29 17:55 - 000045568 _____ (Microsoft Corporation) C:\Windows\system32\cscapi.dll
2018-08-14 21:08 - 2018-06-29 17:55 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\cscdll.dll
2018-08-14 21:08 - 2018-06-29 17:40 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscdll.dll
2018-08-14 21:08 - 2018-06-29 17:09 - 000034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscapi.dll
2018-08-14 21:08 - 2018-06-27 18:01 - 000114368 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-08-14 21:08 - 2018-06-27 17:55 - 003246592 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-08-14 21:08 - 2018-06-27 17:55 - 000484864 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2018-08-14 21:08 - 2018-06-27 17:43 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2018-08-14 21:08 - 2018-06-27 17:42 - 002366464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2018-08-14 21:08 - 2018-06-27 17:21 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2018-08-14 21:08 - 2018-06-27 17:16 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2018-08-14 21:07 - 2018-08-02 04:59 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-08-14 21:07 - 2018-08-02 04:59 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-08-14 21:07 - 2018-08-02 04:59 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-08-14 21:07 - 2018-08-02 04:59 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-08-14 21:07 - 2018-08-02 04:59 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-08-14 21:07 - 2018-08-02 04:59 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-08-14 21:07 - 2018-08-02 04:59 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-08-14 21:07 - 2018-08-02 04:59 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-08-14 21:07 - 2018-08-02 04:59 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-08-14 21:07 - 2018-08-02 04:59 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-08-14 21:07 - 2018-08-02 04:59 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-08-14 21:07 - 2018-08-02 04:59 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-08-14 21:07 - 2018-08-02 04:59 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-08-14 21:07 - 2018-08-02 04:59 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-08-14 21:07 - 2018-08-02 04:59 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-08-14 21:07 - 2018-08-02 04:59 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-08-14 21:07 - 2018-08-02 04:59 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-08-14 21:07 - 2018-08-02 04:59 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-08-14 21:07 - 2018-08-02 04:59 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-08-14 21:07 - 2018-08-02 04:59 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-08-14 21:07 - 2018-08-02 04:58 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-08-14 21:07 - 2018-08-02 04:58 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-08-14 21:07 - 2018-08-02 04:58 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-08-14 21:07 - 2018-08-02 04:58 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-08-14 21:07 - 2018-08-02 04:58 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-08-14 21:07 - 2018-08-02 04:58 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-08-14 21:07 - 2018-08-02 04:58 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-08-14 21:07 - 2018-08-02 04:58 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-08-14 21:07 - 2018-08-02 04:57 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-08-14 21:07 - 2018-08-02 04:57 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-08-14 21:07 - 2018-08-02 04:57 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-08-14 21:07 - 2018-08-02 04:57 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-08-14 21:07 - 2018-08-02 04:57 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-08-14 21:07 - 2018-08-02 04:57 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-08-14 21:07 - 2018-08-02 04:57 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:57 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:42 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-08-14 21:07 - 2018-08-02 04:42 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-08-14 21:07 - 2018-08-02 04:42 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-08-14 21:07 - 2018-08-02 04:42 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-08-14 21:07 - 2018-08-02 04:42 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-08-14 21:07 - 2018-08-02 04:42 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-08-14 21:07 - 2018-08-02 04:41 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-08-14 21:07 - 2018-08-02 04:41 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-08-14 21:07 - 2018-08-02 04:41 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-08-14 21:07 - 2018-08-02 04:41 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-08-14 21:07 - 2018-08-02 04:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-08-14 21:07 - 2018-08-02 04:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-08-14 21:07 - 2018-08-02 04:41 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-08-14 21:07 - 2018-08-02 04:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-08-14 21:07 - 2018-08-02 04:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-08-14 21:07 - 2018-08-02 04:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-08-14 21:07 - 2018-08-02 04:41 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-08-14 21:07 - 2018-08-02 04:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-08-14 21:07 - 2018-08-02 04:40 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-08-14 21:07 - 2018-08-02 04:40 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-08-14 21:07 - 2018-08-02 04:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-08-14 21:07 - 2018-08-02 04:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-08-14 21:07 - 2018-08-02 04:40 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-08-14 21:07 - 2018-08-02 04:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:26 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-08-14 21:07 - 2018-08-02 04:26 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-08-14 21:07 - 2018-08-02 04:26 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-08-14 21:07 - 2018-08-02 04:25 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-08-14 21:07 - 2018-08-02 04:22 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-08-14 21:07 - 2018-08-02 04:21 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-08-14 21:07 - 2018-08-02 04:21 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-08-14 21:07 - 2018-08-02 04:17 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-08-14 21:07 - 2018-08-02 04:17 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-08-14 21:07 - 2018-08-02 04:17 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-08-14 21:07 - 2018-08-02 04:16 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-08-14 21:07 - 2018-08-02 04:16 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-08-14 21:07 - 2018-08-02 04:16 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-08-14 21:07 - 2018-08-02 04:11 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-08-14 21:07 - 2018-08-02 04:11 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-08-14 21:07 - 2018-08-02 04:11 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-08-14 21:07 - 2018-08-02 04:11 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-08-14 21:07 - 2018-08-02 04:10 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-08-14 21:07 - 2018-08-02 04:10 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:10 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-08-14 21:07 - 2018-08-02 04:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-08-14 21:07 - 2018-07-19 06:48 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-08-14 21:07 - 2018-07-19 06:47 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-08-14 21:07 - 2018-07-19 06:34 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-08-14 21:07 - 2018-07-19 06:33 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-08-14 21:07 - 2018-07-19 06:32 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-08-14 21:07 - 2018-07-19 06:26 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-08-14 21:07 - 2018-07-19 06:25 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-08-14 21:07 - 2018-07-19 06:23 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-08-14 21:07 - 2018-07-19 06:22 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-08-14 21:07 - 2018-07-19 06:22 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-08-14 21:07 - 2018-07-19 06:21 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-08-14 21:07 - 2018-07-19 06:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-08-14 21:07 - 2018-07-19 06:11 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-08-14 21:07 - 2018-07-19 06:05 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-08-14 21:07 - 2018-07-19 06:04 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-08-14 21:07 - 2018-07-19 06:04 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-08-14 21:07 - 2018-07-19 06:04 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-08-14 21:07 - 2018-07-19 06:04 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-08-14 21:07 - 2018-07-19 06:03 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-08-14 21:07 - 2018-07-19 06:03 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-08-14 21:07 - 2018-07-19 06:00 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-08-14 21:07 - 2018-07-19 06:00 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-08-14 21:07 - 2018-07-19 05:58 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-08-14 21:07 - 2018-07-19 05:58 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-08-14 21:07 - 2018-07-19 05:57 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-08-14 21:07 - 2018-07-19 05:56 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-08-14 21:07 - 2018-07-19 05:56 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-08-14 21:07 - 2018-07-19 05:55 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-08-14 21:07 - 2018-07-19 05:54 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-08-14 21:07 - 2018-07-19 05:46 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-08-14 21:07 - 2018-07-19 05:42 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-08-14 21:07 - 2018-07-19 05:41 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-08-14 21:07 - 2018-07-19 05:41 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-08-14 21:07 - 2018-07-19 05:39 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-08-14 21:07 - 2018-07-19 05:38 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-08-14 21:07 - 2018-07-19 05:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-08-14 21:07 - 2018-07-19 05:35 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-08-14 21:07 - 2018-07-08 18:02 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-08-14 21:07 - 2018-07-08 18:01 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-08-14 21:07 - 2018-07-08 18:01 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-08-14 21:07 - 2018-07-08 17:42 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-08-14 21:07 - 2018-07-08 17:41 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-08-14 21:07 - 2018-07-08 17:13 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-08-14 21:07 - 2018-06-27 17:55 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2018-08-14 21:07 - 2018-06-27 17:55 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2018-08-14 21:07 - 2018-06-27 17:54 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-08-14 21:07 - 2018-06-27 17:54 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-08-14 21:07 - 2018-06-27 17:42 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2018-08-14 21:07 - 2018-06-27 17:42 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2018-08-14 21:07 - 2018-06-27 17:41 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2018-08-09 21:44 - 2018-08-09 21:44 - 000000000 ____D C:\Users\Elen\AppData\Roaming\Sun
2018-08-09 21:44 - 2018-08-09 21:44 - 000000000 ____D C:\Users\Elen\AppData\LocalLow\Sun
2018-08-09 21:42 - 2018-08-09 21:42 - 000110968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2018-08-09 21:42 - 2018-08-09 21:42 - 000000000 ____D C:\ProgramData\Oracle
2018-08-09 21:42 - 2018-08-09 21:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-08-09 21:42 - 2018-08-09 21:42 - 000000000 ____D C:\Program Files\Java
2018-08-09 21:30 - 2018-08-09 21:30 - 000002539 _____ C:\Users\Public\Desktop\Štart eID.lnk
2018-08-09 21:30 - 2018-08-09 21:30 - 000002513 _____ C:\Users\Public\Desktop\eID Certificate Propagator.lnk
2018-08-09 21:30 - 2018-08-09 21:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EAC MW klient
2018-08-09 21:29 - 2018-08-09 21:30 - 000000000 ____D C:\Program Files (x86)\EAC MW klient
2018-08-08 20:44 - 2018-08-09 21:56 - 000000000 ____D C:\ProgramData\Ditec
2018-08-08 20:44 - 2018-08-09 21:56 - 000000000 ____D C:\Program Files (x86)\Ditec
2018-08-08 20:22 - 2018-08-08 20:22 - 000000000 ____D C:\Program Files (x86)\Gemalto
2018-08-08 20:18 - 2018-08-08 20:18 - 000000000 ____D C:\Users\Elen\AppData\Roaming\EAC_MW_klient
2018-08-08 19:49 - 2018-08-08 19:49 - 000000000 ____D C:\Users\Elen\AppData\Roaming\Kastner software
2018-08-08 19:49 - 2018-08-08 19:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FORM studio
2018-08-08 19:49 - 2018-08-08 19:49 - 000000000 ____D C:\ProgramData\KASTNER software
2018-08-08 19:49 - 2018-08-08 19:49 - 000000000 ____D C:\Program Files (x86)\KASTNER software
2018-08-07 23:37 - 2018-08-07 23:37 - 000000000 ____D C:\Users\Elen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bit4id
2018-08-07 23:36 - 2018-08-07 23:36 - 000000000 ____D C:\Program Files (x86)\Bit4id
2018-08-07 22:46 - 2018-08-07 22:46 - 000304665 _____ C:\Users\Elen\Desktop\rozhodnutie.pdf
2018-07-30 17:52 - 2018-08-14 12:43 - 000000000 ____D C:\Users\Elen\Desktop\Fotografie_prevzate_cez_AirDroid

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-24 20:24 - 2009-07-14 06:45 - 000014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-08-24 20:24 - 2009-07-14 06:45 - 000014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-08-24 20:19 - 2018-06-11 18:56 - 000000000 ____D C:\Users\Elen\AppData\Roaming\vlc
2018-08-24 20:17 - 2017-03-11 16:15 - 000000000 ____D C:\Users\Elen\AppData\LocalLow\Mozilla
2018-08-23 20:51 - 2009-07-14 07:13 - 000785942 _____ C:\Windows\system32\PerfStringBackup.INI
2018-08-23 20:51 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-08-23 20:03 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-08-22 21:49 - 2018-03-13 12:34 - 000004458 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-08-22 21:49 - 2017-03-13 23:28 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-08-22 21:49 - 2017-03-13 23:28 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-08-22 21:49 - 2017-03-13 23:28 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-08-22 21:49 - 2017-03-13 23:28 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-08-22 21:49 - 2017-03-13 23:28 - 000000000 ____D C:\Windows\system32\Macromed
2018-08-22 21:49 - 2017-03-12 13:20 - 000000000 ____D C:\Users\Elen\AppData\Local\Adobe
2018-08-22 20:36 - 2018-07-20 17:28 - 000000000 ____D C:\Users\Elen\Desktop\Fotky z plochy
2018-08-22 14:32 - 2017-07-16 20:23 - 000000000 ____D C:\Program Files\trend micro
2018-08-16 11:09 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\rescache
2018-08-15 22:02 - 2009-07-14 06:45 - 000410408 _____ C:\Windows\system32\FNTCACHE.DAT
2018-08-15 12:02 - 2017-03-11 16:09 - 000000000 ____D C:\Windows\system32\MRT
2018-08-15 11:58 - 2017-03-11 16:09 - 137343192 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-08-15 11:56 - 2017-03-13 18:58 - 000770252 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-08-15 11:50 - 2017-03-14 16:56 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-08-11 13:31 - 2018-01-06 14:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-08-09 21:56 - 2018-03-10 15:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ditec
2018-08-09 21:36 - 2017-11-12 17:05 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-08-09 21:35 - 2017-07-16 20:29 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-08-08 20:44 - 2018-03-10 15:46 - 000000000 ____D C:\ProgramData\Package Cache
2018-07-28 16:01 - 2017-01-17 10:15 - 000196112 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2018-07-28 16:01 - 2017-01-17 10:15 - 000143624 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2018-07-28 16:01 - 2017-01-17 10:15 - 000110376 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys
2018-07-28 16:01 - 2017-01-17 10:15 - 000109920 _____ (ESET) C:\Windows\system32\Drivers\edevmon.sys
2018-07-28 16:01 - 2017-01-17 10:15 - 000082816 _____ (ESET) C:\Windows\system32\Drivers\epfw.sys
2018-07-28 16:01 - 2017-01-17 10:15 - 000061552 _____ (ESET) C:\Windows\system32\Drivers\EpfwLWF.sys
2018-07-28 16:01 - 2017-01-17 10:15 - 000050144 _____ (ESET) C:\Windows\system32\Drivers\ekbdflt.sys

==================== Files in the root of some directories =======

2017-12-26 10:38 - 2017-12-26 10:48 - 000003584 _____ () C:\Users\Elen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-03-13 12:28 - 2018-03-13 12:28 - 000029696 _____ () C:\Users\Elen\AppData\Local\MSGBOX.EXE

Some files in TEMP:
====================
2018-05-15 20:03 - 2018-05-15 20:03 - 019064632 _____ (Ellora Assets Corporation ) C:\Users\Elen\AppData\Local\Temp\FreemakeAudioConverterFull.exe
2018-03-19 23:34 - 2018-08-08 19:49 - 035690144 _____ (KASTNER software s.r.o. ) C:\Users\Elen\AppData\Local\Temp\fsstart.exe
2018-06-01 21:01 - 2018-06-01 21:02 - 041465128 _____ () C:\Users\Elen\AppData\Local\Temp\vlc-3.0.3-win64.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-08-16 11:02

==================== End of FRST.txt ============================

ferenc77
Návštěvník
Návštěvník
Příspěvky: 235
Registrován: 28 lis 2012 13:21

Re: Preventívna kontrola

#6 Příspěvek od ferenc77 »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.08.2018
Ran by Elen (24-08-2018 20:25:14)
Running from C:\Users\Elen\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2017-03-11 13:37:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2020905331-924975909-1311165131-500 - Administrator - Disabled)
Elen (S-1-5-21-2020905331-924975909-1311165131-1000 - Administrator - Enabled) => C:\Users\Elen
Guest (S-1-5-21-2020905331-924975909-1311165131-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2020905331-924975909-1311165131-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 18.011.20058 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated)
Aktualizácia Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-041B-0000-0000000FF1CE}_ENTERPRISE_{9A8C39B0-D27F-4F81-BE74-2FECF164707E}) (Version: - Microsoft)
Aktualizácia Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-041B-0000-0000000FF1CE}_ENTERPRISE_{CE23B3DC-18CC-46FC-A309-81D6670F8D3D}) (Version: - Microsoft)
Aktualizácia Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-041B-0000-0000000FF1CE}_ENTERPRISE_{D6DBF512-87C0-4F6A-8FB9-AC3A389D9DE5}) (Version: - Microsoft)
AuthenTec Fingerprint Software (HKLM\...\{5F1DFCC1-595D-4235-A044-E05B706D800A}) (Version: 9.0.8.36 - AuthenTec, Inc.)
Bit4id - miniLector (HKLM-x32\...\Bit4id - miniLector) (Version: 3.7 - Bit4id)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.32(T) - TOSHIBA CORPORATION)
D.Launcher (x86) (HKLM-x32\...\{B9894279-85D2-46E5-9E21-DBE2F4B3BE25}) (Version: 1.1.0.0 - DITEC, a.s.)
D.Signer/XAdES .NET Tools (x86) (HKLM-x32\...\{204DCECA-A325-45BE-BA79-A4881AA6BB3E}) (Version: 4.0.7 - DITEC, a.s.)
D.Signer/XAdES .NET with plugins (x86) (HKLM-x32\...\{ED84C786-75EA-4759-9B57-BFC7BD81B0C5}) (Version: 4.0.8 - DITEC, a.s.)
D.Suite/eIDAS (x86) (HKLM-x32\...\{02e12882-e4ab-41b4-b882-75586556956b}) (Version: 1.0.9 - DITEC, a.s.)
D.Suite/eIDAS (x86) (HKLM-x32\...\{ed233644-a1bc-492b-a276-728f9a8ed2ac}) (Version: 1.0.9 - DITEC, a.s.)
D.Viewer .NET (x86) (HKLM-x32\...\{5B7D82A6-BDC1-4294-907D-941156B90952}) (Version: 4.0.2023 - DITEC, a.s.)
EAC MW klient (HKLM-x32\...\{60EFD318-9F35-46AD-BF30-AFAB9F826828}) (Version: 2.0.2 - Ministerstvo vnútra Slovenskej republiky)
ESET Security (HKLM\...\{925EB551-DEBA-436C-BB93-916AB96DE0AA}) (Version: 11.1.42.0 - ESET, spol. s r.o.)
FORM studio (HKLM-x32\...\FSCZ_is1) (Version: - KASTNER software s.r.o.)
FotoMagica (HKLM-x32\...\FotoMagica_FotoMagica) (Version: - )
GemPcCCID (HKLM\...\{C2C14C20-A217-4FCA-B668-89B6C70B6EFF}) (Version: 2.0.7 - Gemalto)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 14.5 - Intel)
Java 8 Update 181 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
LG Mobile Drivers (HKLM-x32\...\{D8D0327A-72B4-4C79-9883-1B6B6C20ED2B}) (Version: 4.0.3 - LG Electronics)
LG United Mobile Drivers (HKLM-x32\...\{4DE95ED9-0A29-4C4F-8463-35857CF9BA36}) (Version: 3.14.1 - LG Electronics)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26405 (HKLM-x32\...\{ec9c2282-a836-48a6-9e41-c2f0bf8d678b}) (Version: 14.14.26405.0 - Microsoft Corporation)
Mozilla Firefox 61.0.2 (x64 sk) (HKLM\...\Mozilla Firefox 61.0.2 (x64 sk)) (Version: 61.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.4 - Mozilla)
RICOH R5U230 Media Driver ver.2.07.03.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.07.03.02 - RICOH)
TFPU (HKLM\...\{A7760E07-4C23-4766-A99E-F715F298E99C}) (Version: 1.0.0 - TOSHIBA) Hidden
TOSHIBA Fingerprint Utility (HKLM\...\TFPU{A7760E07-4C23-4766-A99E-F715F298E99C}) (Version: 1.0.2.32 - TOSHIBA Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinRAR 5.50 (64-bitová verzia) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [ATFPUOverlayIcon] -> {3239DBC1-B76D-4dc7-8B29-D99CBA3C7336} => C:\Program Files\TOSHIBA\TFPU\TFPUOverlayIcon.dll [2010-03-02] (TOSHIBA)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2018-07-28] (ESET)
ContextMenuHandlers1: [TFPUContextMenu] -> {2E34EBB9-C147-4DF4-938F-90C5B0837B1E} => C:\Program Files\TOSHIBA\TFPU\TFPUFileShellExt.dll [2010-03-02] (TOSHIBA)
ContextMenuHandlers1: [tosBtShllExt] -> {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} => C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll [2014-01-20] (TOSHIBA)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2018-07-28] (ESET)
ContextMenuHandlers4: [tosBtShllExt] -> {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} => C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll [2014-01-20] (TOSHIBA)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-07-28] (Intel Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2018-07-28] (ESET)
ContextMenuHandlers6: [TFPUContextMenu] -> {2E34EBB9-C147-4DF4-938F-90C5B0837B1E} => C:\Program Files\TOSHIBA\TFPU\TFPUFileShellExt.dll [2010-03-02] (TOSHIBA)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {13101DEA-8A6F-451E-A4F8-8DF49AA9BE90} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-22] (Adobe Systems Incorporated)
Task: {8AAFD899-F15D-4808-8307-E73D36B7D11C} - System32\Tasks\{FDF2DFDC-9CE6-4A4B-BB11-58F01A8DFF81} => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Task: {8F6AE424-D903-4088-877C-A2DE6AE56136} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_Plugin.exe [2018-08-22] (Adobe Systems Incorporated)
Task: {C7D0EA92-A90C-4DBE-8358-EFCA9AFAD4C3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2010-08-12 15:20 - 2010-08-12 15:20 - 000364920 _____ () C:\Program Files\TOSHIBA\TFPU\TFPUCommon.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2018-03-14 11:28 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2020905331-924975909-1311165131-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Elen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk => C:\Windows\pss\Bluetooth Manager.lnk.CommonStartup
MSCONFIG\startupreg: EAC_MW_klient => C:\Program Files (x86)\EAC MW klient\EAC_MW_klient.exe
MSCONFIG\startupreg: eIDCertPropagator => C:\Program Files (x86)\EAC MW klient\eIDCertPropagator.exe
MSCONFIG\startupreg: eID_klient => C:\Program Files (x86)\eID klient\eID_klient.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: ITSecMng => %ProgramFiles(x86)%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TFPUPWDBankService => C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe /start
MSCONFIG\startupreg: TFPUService => C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe /start
MSCONFIG\startupreg: uTorrent => "C:\Users\Elen\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B9468FA6-49D4-470B-A7EB-D5066C37CA95}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{0D635702-C007-4A3A-8334-EF629E58240F}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{17461494-4552-401A-A5BA-214314BE519C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{CCEAF0C4-430E-4A63-A7CD-DC9C5C46B1DA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2F4680D2-7BAB-432D-A978-E6523B221331}] => (Allow) C:\Users\Elen\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{62B787A1-DCC5-43AD-8522-10AE235C1CBF}] => (Allow) C:\Users\Elen\AppData\Roaming\uTorrent\uTorrent.exe

==================== Restore Points =========================

15-08-2018 11:46:11 Windows Update
20-08-2018 16:48:58 Windows Update
23-08-2018 20:50:24 Windows Update

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/23/2018 08:51:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (08/23/2018 08:51:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (08/22/2018 09:47:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (08/22/2018 09:47:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (08/22/2018 08:12:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (08/22/2018 08:12:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (08/21/2018 11:02:33 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (08/21/2018 11:02:33 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.


System errors:
=============
Error: (08/22/2018 10:14:28 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (08/22/2018 09:40:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba AuthenTec Fingerprint Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 0 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (08/22/2018 09:40:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Media Player - služba zdieľania v sieti sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 30000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (08/22/2018 09:40:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (08/16/2018 04:16:44 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Počas čakania na odpoveď transakcie od služby BFE bol dosiahnutý časový limit (30000 ms).

Error: (08/15/2018 09:58:42 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba Windows Modules Installer sa po prijatí ovládacieho príkazu pred vypnutím nevypla správne.

Error: (08/11/2018 01:09:30 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Čítač kariet Smart Card Gemalto USB Smart Card Reader 0 odmietol príkaz IOCTL GET_STATE: Zariadenie bolo odstránené.. Ak táto chyba pretrváva, karta Smart Card alebo čítač možno nepracuje správne.

Hlavička príkazu: XX XX XX XX

Error: (08/11/2018 01:09:30 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Čítač kariet Smart Card Gemalto USB Smart Card Reader 0 odmietol príkaz IOCTL GET_STATE: Zariadenie bolo odstránené.. Ak táto chyba pretrváva, karta Smart Card alebo čítač možno nepracuje správne.

Hlavička príkazu: XX XX XX XX


Windows Defender:
===================================
Date: 2018-07-04 08:25:59.095
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:1.271.442.0
Previous Signature Version:1.269.1075.0
Update Source:User
Signature Type:AntiSpyware
Update Type:Delta
Current Engine Version:1.1.15000.2
Previous Engine Version:1.1.14901.4
Error code:0x80070666
Error description:Už je nainštalovaná iná verzia produktu. Inštaláciu tejto verzie nemožno dokončiť. Ak chcete existujúcu verziu produktu nakonfigurovať alebo odstrániť, použite ovládací panel Pridať alebo odstrániť programy.

Date: 2018-07-04 08:25:59.095
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.15000.2
Previous Engine Version:1.1.14901.4
Update Source:User
Error Code:0x80070666
Error description:Už je nainštalovaná iná verzia produktu. Inštaláciu tejto verzie nemožno dokončiť. Ak chcete existujúcu verziu produktu nakonfigurovať alebo odstrániť, použite ovládací panel Pridať alebo odstrániť programy.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 51%
Total physical RAM: 3824.43 MB
Available physical RAM: 1853.63 MB
Total Virtual: 7647 MB
Available Virtual: 5539.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:221.51 GB) NTFS

\\?\Volume{f66b872d-065e-11e7-a52d-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 222167EC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Preventívna kontrola

#7 Příspěvek od Conder »

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
    
    BootExecute: autocheck autochk * avgBoot.exe /M:50c36eb221 /wow /dir:"C:\Program Files\AVG\Antivirus"
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
    U3 avgbdisk; no ImagePath
    S3 CrystalSysInfo; \??\C:\Program Files (x86)\MediaCoder\SysInfoX64.sys [X]
    2018-08-22 14:32 - 2017-07-16 20:23 - 000000000 ____D C:\Program Files\trend micro
    2018-03-13 12:28 - 2018-03-13 12:28 - 000029696 _____ () C:\Users\Elen\AppData\Local\MSGBOX.EXE
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
    
    Hosts:
    EmptyTemp:
    End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

ferenc77
Návštěvník
Návštěvník
Příspěvky: 235
Registrován: 28 lis 2012 13:21

Re: Preventívna kontrola

#8 Příspěvek od ferenc77 »

Fix result of Farbar Recovery Scan Tool (x64) Version: 23.08.2018
Ran by Elen (28-08-2018 11:28:27) Run:1
Running from C:\Users\Elen\Desktop
Loaded Profiles: Elen (Available Profiles: Elen)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum

BootExecute: autocheck autochk * avgBoot.exe /M:50c36eb221 /wow /dir:"C:\Program Files\AVG\Antivirus"
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
U3 avgbdisk; no ImagePath
S3 CrystalSysInfo; \??\C:\Program Files (x86)\MediaCoder\SysInfoX64.sys [X]
2018-08-22 14:32 - 2017-07-16 20:23 - 000000000 ____D C:\Program Files\trend micro
2018-03-13 12:28 - 2018-03-13 12:28 - 000029696 _____ () C:\Users\Elen\AppData\Local\MSGBOX.EXE
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 379
Average :
Sum : 4231578066
Maximum :
Minimum :
Property : Length


========= End of Powershell: =========

HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4" => removed successfully
"HKLM\System\CurrentControlSet\Services\avgbdisk" => removed successfully
avgbdisk => service removed successfully
"HKLM\System\CurrentControlSet\Services\CrystalSysInfo" => removed successfully
CrystalSysInfo => service removed successfully
C:\Program Files\trend micro => moved successfully
C:\Users\Elen\AppData\Local\MSGBOX.EXE => moved successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 24548690 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 152501959 B
Edge => 0 B
Chrome => 0 B
Firefox => 20455242 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 93330 B
Elen => 234186010 B

RecycleBin => 67792 B
EmptyTemp: => 419.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:30:46 ====

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Preventívna kontrola

#9 Příspěvek od Conder »

:arrow: Vyzera to OK. Nastala nejaka zmena alebo su este nejake problemy?

:arrow: Plocha ma cca 4 GB. Presun vsetky subory a zlozky z plochy do dokumentov a na ploche nechaj iba odkazy/zastupcov. Prilis velka velkost plochy moze sposobit spomalenie systemu.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

ferenc77
Návštěvník
Návštěvník
Příspěvky: 235
Registrován: 28 lis 2012 13:21

Re: Preventívna kontrola

#10 Příspěvek od ferenc77 »

Myslím, že v poriadku. Ďakujem pekne :)

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Preventívna kontrola

#11 Příspěvek od Conder »

:arrow: Tak este upraceme po pouzitych nastrojoch:
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

ferenc77
Návštěvník
Návštěvník
Příspěvky: 235
Registrován: 28 lis 2012 13:21

Re: Preventívna kontrola

#12 Příspěvek od ferenc77 »

Ďakujem a prajem pekný zvyšok týždňa.

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Preventívna kontrola

#13 Příspěvek od Conder »

Nie je zaco, rad som pomohol :)
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Odpovědět