Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o preventivku

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Uživatelský avatar
BacilX
Návštěvník
Návštěvník
Příspěvky: 65
Registrován: 19 zář 2007 11:12

Prosím o preventivku

#1 Příspěvek od BacilX »

Logfile of random's system information tool 1.10 (written by random/random)
Run by Admin at 2019-06-08 14:59:41
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 38 GB (36%) free of 105 GB
Total RAM: 8136 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:59:41, on 8.6.2019
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe
C:\Program Files\trend micro\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [IseUI] C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook64.dll/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{15601C4F-0785-412A-BDC7-0069DA945582}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{15601C4F-0785-412A-BDC7-0069DA945582}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{15601C4F-0785-412A-BDC7-0069DA945582}: NameServer = 156.154.70.25,156.154.71.25
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (CmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: isesrv - COMODO - C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 5455 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe" -service
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\AVAST Software\Avast\aswidsagent.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -f "C:\ProgramData\NVIDIA\DisplaySessionContainer%d.log" -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\Session" -r -l 3 -p 30000 -c
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files\COMODO\COMODO Internet Security\cis.exe" --cistrayUI
"C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe"
AvastUI.exe /nogui
"C:\Program Files\COMODO\COMODO Internet Security\cis.exe" --alertsUI
C:\Windows\system32\wbem\wmiprvse.exe

taskeng.exe {B712F722-97C9-4406-8C4F-E8E50B42EC8A}
"C:\Users\Admin\Desktop\RSITx64.exe"

=========Mozilla firefox=========

ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\imtd495u.default

prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 32.0.0.192 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_192.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 32.0.0.192 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_192.dll


C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
QuickTimePlugin.class

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\imtd495u.default\searchplugins\
Google.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2013-11-04 7204568]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2019-05-26 262024]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2019-04-16 13065408]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IseUI"=C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [2019-01-29 4187856]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2019-06-08 14:59:41 ----D---- C:\rsit
2019-05-26 19:05:16 ----A---- C:\Windows\system32\aswBoot.exe
2019-05-25 09:50:33 ----HD---- C:\$AV_ASW
2019-05-14 23:45:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-05-14 23:45:34 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-05-14 23:45:34 ----A---- C:\Windows\SYSWOW64\wow32.dll
2019-05-14 23:45:34 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2019-05-14 23:45:34 ----A---- C:\Windows\SYSWOW64\user.exe
2019-05-14 23:45:34 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2019-05-14 23:45:34 ----A---- C:\Windows\system32\KernelBase.dll
2019-05-14 23:45:34 ----A---- C:\Windows\system32\kernel32.dll
2019-05-14 23:45:34 ----A---- C:\Windows\system32\drivers\amdppm.sys
2019-05-14 23:45:34 ----A---- C:\Windows\system32\appidsvc.dll
2019-05-14 23:45:33 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2019-05-14 23:45:33 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2019-05-14 23:45:33 ----A---- C:\Windows\SYSWOW64\schannel.dll
2019-05-14 23:45:33 ----A---- C:\Windows\SYSWOW64\secur32.dll
2019-05-14 23:45:33 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2019-05-14 23:45:33 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2019-05-14 23:45:33 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2019-05-14 23:45:33 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2019-05-14 23:45:33 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2019-05-14 23:45:33 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2019-05-14 23:45:33 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2019-05-14 23:45:33 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2019-05-14 23:45:33 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2019-05-14 23:45:33 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2019-05-14 23:45:33 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2019-05-14 23:45:33 ----A---- C:\Windows\system32\wow64cpu.dll
2019-05-14 23:45:33 ----A---- C:\Windows\system32\wow64.dll
2019-05-14 23:45:33 ----A---- C:\Windows\system32\TSpkg.dll
2019-05-14 23:45:33 ----A---- C:\Windows\system32\sspisrv.dll
2019-05-14 23:45:33 ----A---- C:\Windows\system32\smss.exe
2019-05-14 23:45:33 ----A---- C:\Windows\system32\secur32.dll
2019-05-14 23:45:33 ----A---- C:\Windows\system32\rpchttp.dll
2019-05-14 23:45:33 ----A---- C:\Windows\system32\ntdll.dll
2019-05-14 23:45:33 ----A---- C:\Windows\system32\msv1_0.dll
2019-05-14 23:45:33 ----A---- C:\Windows\system32\hal.dll
2019-05-14 23:45:33 ----A---- C:\Windows\system32\drivers\videoprt.sys
2019-05-14 23:45:33 ----A---- C:\Windows\system32\drivers\processr.sys
2019-05-14 23:45:33 ----A---- C:\Windows\system32\drivers\npfs.sys
2019-05-14 23:45:33 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2019-05-14 23:45:33 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2019-05-14 23:45:33 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2019-05-14 23:45:33 ----A---- C:\Windows\system32\drivers\intelppm.sys
2019-05-14 23:45:33 ----A---- C:\Windows\system32\drivers\appid.sys
2019-05-14 23:45:33 ----A---- C:\Windows\system32\drivers\amdk8.sys
2019-05-14 23:45:33 ----A---- C:\Windows\system32\csrsrv.dll
2019-05-14 23:45:33 ----A---- C:\Windows\system32\appidapi.dll
2019-05-14 23:45:33 ----A---- C:\Windows\system32\apisetschema.dll
2019-05-14 23:45:32 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2019-05-14 23:45:32 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2019-05-14 23:45:32 ----A---- C:\Windows\SYSWOW64\ole32.dll
2019-05-14 23:45:32 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2019-05-14 23:45:32 ----A---- C:\Windows\system32\sspicli.dll
2019-05-14 23:45:32 ----A---- C:\Windows\system32\rpcss.dll
2019-05-14 23:45:32 ----A---- C:\Windows\system32\rpcrt4.dll
2019-05-14 23:45:32 ----A---- C:\Windows\system32\oleaut32.dll
2019-05-14 23:45:32 ----A---- C:\Windows\system32\ntoskrnl.exe
2019-05-14 23:45:32 ----A---- C:\Windows\system32\lsass.exe
2019-05-14 23:45:32 ----A---- C:\Windows\system32\lsasrv.dll
2019-05-14 23:45:32 ----A---- C:\Windows\system32\kerberos.dll
2019-05-14 23:45:32 ----A---- C:\Windows\system32\gdi32.dll
2019-05-14 23:45:32 ----A---- C:\Windows\system32\drivers\srvnet.sys
2019-05-14 23:45:32 ----A---- C:\Windows\system32\drivers\srv2.sys
2019-05-14 23:45:32 ----A---- C:\Windows\system32\drivers\srv.sys
2019-05-14 23:45:32 ----A---- C:\Windows\system32\advapi32.dll
2019-05-14 23:45:31 ----A---- C:\Windows\system32\ole32.dll
2019-05-14 23:45:31 ----A---- C:\Windows\system32\mshtml.dll
2019-05-14 23:45:30 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2019-05-14 23:45:30 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2019-05-14 23:45:30 ----A---- C:\Windows\SYSWOW64\certcli.dll
2019-05-14 23:45:30 ----A---- C:\Windows\system32\winsrv.dll
2019-05-14 23:45:30 ----A---- C:\Windows\system32\wdigest.dll
2019-05-14 23:45:30 ----A---- C:\Windows\system32\sscore.dll
2019-05-14 23:45:30 ----A---- C:\Windows\system32\srcore.dll
2019-05-14 23:45:30 ----A---- C:\Windows\system32\srclient.dll
2019-05-14 23:45:30 ----A---- C:\Windows\system32\schannel.dll
2019-05-14 23:45:30 ----A---- C:\Windows\system32\setbcdlocale.dll
2019-05-14 23:45:30 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2019-05-14 23:45:30 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2019-05-14 23:45:30 ----A---- C:\Windows\system32\cryptdll.dll
2019-05-14 23:45:30 ----A---- C:\Windows\system32\cryptbase.dll
2019-05-14 23:45:30 ----A---- C:\Windows\system32\certcli.dll
2019-05-14 23:45:30 ----A---- C:\Windows\system32\bcrypt.dll
2019-05-14 23:45:29 ----A---- C:\Windows\SYSWOW64\sscore.dll
2019-05-14 23:45:29 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2019-05-14 23:45:29 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2019-05-14 23:45:29 ----A---- C:\Windows\system32\wow64win.dll
2019-05-14 23:45:29 ----A---- C:\Windows\system32\srvsvc.dll
2019-05-14 23:45:29 ----A---- C:\Windows\system32\ncrypt.dll
2019-05-14 23:45:29 ----A---- C:\Windows\system32\ieframe.dll
2019-05-14 23:45:29 ----A---- C:\Windows\system32\conhost.exe
2019-05-14 23:45:28 ----A---- C:\Windows\SYSWOW64\wininet.dll
2019-05-14 23:45:28 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2019-05-14 23:45:28 ----A---- C:\Windows\system32\wininet.dll
2019-05-14 23:45:28 ----A---- C:\Windows\system32\wercplsupport.dll
2019-05-14 23:45:28 ----A---- C:\Windows\system32\werconcpl.dll
2019-05-14 23:45:28 ----A---- C:\Windows\system32\rstrui.exe
2019-05-14 23:45:28 ----A---- C:\Windows\system32\ntvdm64.dll
2019-05-14 23:45:28 ----A---- C:\Windows\system32\jscript9.dll
2019-05-14 23:45:27 ----A---- C:\Windows\SYSWOW64\werui.dll
2019-05-14 23:45:27 ----A---- C:\Windows\SYSWOW64\wer.dll
2019-05-14 23:45:27 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2019-05-14 23:45:27 ----A---- C:\Windows\SYSWOW64\usp10.dll
2019-05-14 23:45:27 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2019-05-14 23:45:27 ----A---- C:\Windows\SYSWOW64\srclient.dll
2019-05-14 23:45:27 ----A---- C:\Windows\SYSWOW64\shell32.dll
2019-05-14 23:45:27 ----A---- C:\Windows\SYSWOW64\msrd3x40.dll
2019-05-14 23:45:27 ----A---- C:\Windows\SYSWOW64\mspbde40.dll
2019-05-14 23:45:27 ----A---- C:\Windows\SYSWOW64\msjet40.dll
2019-05-14 23:45:27 ----A---- C:\Windows\SYSWOW64\msexcl40.dll
2019-05-14 23:45:27 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2019-05-14 23:45:27 ----A---- C:\Windows\SYSWOW64\jscript.dll
2019-05-14 23:45:27 ----A---- C:\Windows\SYSWOW64\instnm.exe
2019-05-14 23:45:27 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2019-05-14 23:45:27 ----A---- C:\Windows\SYSWOW64\cryptdll.dll
2019-05-14 23:45:27 ----A---- C:\Windows\SYSWOW64\credssp.dll
2019-05-14 23:45:27 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2019-05-14 23:45:27 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2019-05-14 23:45:27 ----A---- C:\Windows\system32\winload.exe
2019-05-14 23:45:27 ----A---- C:\Windows\system32\werui.dll
2019-05-14 23:45:27 ----A---- C:\Windows\system32\wer.dll
2019-05-14 23:45:27 ----A---- C:\Windows\system32\vbscript.dll
2019-05-14 23:45:27 ----A---- C:\Windows\system32\usp10.dll
2019-05-14 23:45:27 ----A---- C:\Windows\system32\urlmon.dll
2019-05-14 23:45:27 ----A---- C:\Windows\system32\shell32.dll
2019-05-14 23:45:27 ----A---- C:\Windows\system32\nltest.exe
2019-05-14 23:45:27 ----A---- C:\Windows\system32\msaudite.dll
2019-05-14 23:45:27 ----A---- C:\Windows\system32\jscript.dll
2019-05-14 23:45:27 ----A---- C:\Windows\system32\iertutil.dll
2019-05-14 23:45:27 ----A---- C:\Windows\system32\auditpol.exe
2019-05-14 23:45:27 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2019-05-14 23:45:27 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2019-05-14 23:45:27 ----A---- C:\Windows\system32\adtschema.dll
2019-05-14 23:45:26 ----A---- C:\Windows\SYSWOW64\wmdrmsdk.dll
2019-05-14 23:45:26 ----A---- C:\Windows\SYSWOW64\t2embed.dll
2019-05-14 23:45:26 ----A---- C:\Windows\SYSWOW64\setup16.exe
2019-05-14 23:45:26 ----A---- C:\Windows\SYSWOW64\oleres.dll
2019-05-14 23:45:26 ----A---- C:\Windows\SYSWOW64\msscp.dll
2019-05-14 23:45:26 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2019-05-14 23:45:26 ----A---- C:\Windows\SYSWOW64\msnetobj.dll
2019-05-14 23:45:26 ----A---- C:\Windows\SYSWOW64\msltus40.dll
2019-05-14 23:45:26 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2019-05-14 23:45:26 ----A---- C:\Windows\SYSWOW64\mf.dll
2019-05-14 23:45:26 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2019-05-14 23:45:26 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2019-05-14 23:45:26 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2019-05-14 23:45:26 ----A---- C:\Windows\SYSWOW64\drmv2clt.dll
2019-05-14 23:45:26 ----A---- C:\Windows\SYSWOW64\comcat.dll
2019-05-14 23:45:26 ----A---- C:\Windows\SYSWOW64\blackbox.dll
2019-05-14 23:45:26 ----A---- C:\Windows\SYSWOW64\AUDIOKSE.dll
2019-05-14 23:45:26 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2019-05-14 23:45:26 ----A---- C:\Windows\system32\wmdrmsdk.dll
2019-05-14 23:45:26 ----A---- C:\Windows\system32\t2embed.dll
2019-05-14 23:45:26 ----A---- C:\Windows\system32\streamci.dll
2019-05-14 23:45:26 ----A---- C:\Windows\system32\oleres.dll
2019-05-14 23:45:26 ----A---- C:\Windows\system32\msscp.dll
2019-05-14 23:45:26 ----A---- C:\Windows\system32\msobjs.dll
2019-05-14 23:45:26 ----A---- C:\Windows\system32\msnetobj.dll
2019-05-14 23:45:26 ----A---- C:\Windows\system32\mshtmlmedia.dll
2019-05-14 23:45:26 ----A---- C:\Windows\system32\msfeeds.dll
2019-05-14 23:45:26 ----A---- C:\Windows\system32\mf.dll
2019-05-14 23:45:26 ----A---- C:\Windows\system32\iedkcs32.dll
2019-05-14 23:45:26 ----A---- C:\Windows\system32\fontsub.dll
2019-05-14 23:45:26 ----A---- C:\Windows\system32\drmv2clt.dll
2019-05-14 23:45:26 ----A---- C:\Windows\system32\drmmgrtn.dll
2019-05-14 23:45:26 ----A---- C:\Windows\system32\drivers\volmgr.sys
2019-05-14 23:45:26 ----A---- C:\Windows\system32\drivers\vdrvroot.sys
2019-05-14 23:45:26 ----A---- C:\Windows\system32\drivers\ULIAGPKX.SYS
2019-05-14 23:45:26 ----A---- C:\Windows\system32\drivers\termdd.sys
2019-05-14 23:45:26 ----A---- C:\Windows\system32\drivers\swenum.sys
2019-05-14 23:45:26 ----A---- C:\Windows\system32\drivers\PEAuth.sys
2019-05-14 23:45:26 ----A---- C:\Windows\system32\drivers\pci.sys
2019-05-14 23:45:26 ----A---- C:\Windows\system32\drivers\NV_AGP.SYS
2019-05-14 23:45:26 ----A---- C:\Windows\system32\drivers\mssmbios.sys
2019-05-14 23:45:26 ----A---- C:\Windows\system32\drivers\msisadrv.sys
2019-05-14 23:45:26 ----A---- C:\Windows\system32\drivers\mountmgr.sys
2019-05-14 23:45:26 ----A---- C:\Windows\system32\drivers\isapnp.sys
2019-05-14 23:45:26 ----A---- C:\Windows\system32\drivers\AGP440.sys
2019-05-14 23:45:26 ----A---- C:\Windows\system32\credssp.dll
2019-05-14 23:45:26 ----A---- C:\Windows\system32\comcat.dll
2019-05-14 23:45:26 ----A---- C:\Windows\system32\blackbox.dll
2019-05-14 23:45:26 ----A---- C:\Windows\system32\AUDIOKSE.dll
2019-05-14 23:45:26 ----A---- C:\Windows\system32\atmfd.dll
2019-05-14 23:45:25 ----A---- C:\Windows\SYSWOW64\wermgr.exe
2019-05-14 23:45:25 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2019-05-14 23:45:25 ----A---- C:\Windows\SYSWOW64\rrinstaller.exe
2019-05-14 23:45:25 ----A---- C:\Windows\SYSWOW64\quartz.dll
2019-05-14 23:45:25 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2019-05-14 23:45:25 ----A---- C:\Windows\SYSWOW64\occache.dll
2019-05-14 23:45:25 ----A---- C:\Windows\SYSWOW64\msrating.dll
2019-05-14 23:45:25 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2019-05-14 23:45:25 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2019-05-14 23:45:25 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2019-05-14 23:45:25 ----A---- C:\Windows\SYSWOW64\mfps.dll
2019-05-14 23:45:25 ----A---- C:\Windows\SYSWOW64\mfpmp.exe
2019-05-14 23:45:25 ----A---- C:\Windows\SYSWOW64\mfplat.dll
2019-05-14 23:45:25 ----A---- C:\Windows\SYSWOW64\lpk.dll
2019-05-14 23:45:25 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2019-05-14 23:45:25 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2019-05-14 23:45:25 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2019-05-14 23:45:25 ----A---- C:\Windows\SYSWOW64\inseng.dll
2019-05-14 23:45:25 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2019-05-14 23:45:25 ----A---- C:\Windows\SYSWOW64\ieui.dll
2019-05-14 23:45:25 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2019-05-14 23:45:25 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2019-05-14 23:45:25 ----A---- C:\Windows\SYSWOW64\ExplorerFrame.dll
2019-05-14 23:45:25 ----A---- C:\Windows\SYSWOW64\evr.dll
2019-05-14 23:45:25 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2019-05-14 23:45:25 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2019-05-14 23:45:25 ----A---- C:\Windows\SYSWOW64\drmmgrtn.dll
2019-05-14 23:45:25 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2019-05-14 23:45:25 ----A---- C:\Windows\SYSWOW64\cryptui.dll
2019-05-14 23:45:25 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2019-05-14 23:45:25 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2019-05-14 23:45:25 ----A---- C:\Windows\SYSWOW64\AudioSes.dll
2019-05-14 23:45:25 ----A---- C:\Windows\SYSWOW64\AudioEng.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\wintrust.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\wermgr.exe
2019-05-14 23:45:25 ----A---- C:\Windows\system32\webcheck.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\rrinstaller.exe
2019-05-14 23:45:25 ----A---- C:\Windows\system32\quartz.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\qdvd.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\pcawrk.exe
2019-05-14 23:45:25 ----A---- C:\Windows\system32\pcasvc.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\pcalua.exe
2019-05-14 23:45:25 ----A---- C:\Windows\system32\pcadm.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\occache.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2019-05-14 23:45:25 ----A---- C:\Windows\system32\msrating.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\mshtmled.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\MshtmlDac.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\mfps.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\mfpmp.exe
2019-05-14 23:45:25 ----A---- C:\Windows\system32\mfplat.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\lpk.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\jsproxy.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\jscript9diag.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\inseng.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\ieUnatt.exe
2019-05-14 23:45:25 ----A---- C:\Windows\system32\ieui.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\iesetup.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\iernonce.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\ieetwproxystub.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\ieetwcollector.exe
2019-05-14 23:45:25 ----A---- C:\Windows\system32\ieapfltr.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\ie4uinit.exe
2019-05-14 23:45:25 ----A---- C:\Windows\system32\ExplorerFrame.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\evr.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\dxtrans.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\dxtmsft.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\dciman32.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\cryptui.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\cryptsvc.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\cryptnet.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\crypt32.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\audiosrv.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\AudioSes.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\AudioEng.dll
2019-05-14 23:45:25 ----A---- C:\Windows\system32\audiodg.exe
2019-05-14 23:45:24 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2019-05-14 23:45:24 ----A---- C:\Windows\SYSWOW64\werdiagcontroller.dll
2019-05-14 23:45:24 ----A---- C:\Windows\SYSWOW64\mssign32.dll
2019-05-14 23:45:24 ----A---- C:\Windows\SYSWOW64\mferror.dll
2019-05-14 23:45:24 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2019-05-14 23:45:24 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2019-05-14 23:45:24 ----A---- C:\Windows\SYSWOW64\cryptsp.dll
2019-05-14 23:45:24 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2019-05-14 23:45:24 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2019-05-14 23:45:24 ----A---- C:\Windows\system32\werdiagcontroller.dll
2019-05-14 23:45:24 ----A---- C:\Windows\system32\pcaevts.dll
2019-05-14 23:45:24 ----A---- C:\Windows\system32\mssign32.dll
2019-05-14 23:45:24 ----A---- C:\Windows\system32\msmmsp.dll
2019-05-14 23:45:24 ----A---- C:\Windows\system32\mferror.dll
2019-05-14 23:45:24 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2019-05-14 23:45:24 ----A---- C:\Windows\system32\EncDump.dll
2019-05-14 23:45:24 ----A---- C:\Windows\system32\cryptsp.dll
2019-05-14 23:45:24 ----A---- C:\Windows\system32\atmlib.dll

======List of files/folders modified in the last 1 month======

2019-06-08 14:59:41 ----D---- C:\Program Files\trend micro
2019-06-08 14:59:23 ----D---- C:\Windows\Temp
2019-06-08 14:55:08 ----D---- C:\Windows\system32\config
2019-06-08 14:54:01 ----D---- C:\Windows\system32\drivers\etc
2019-06-08 14:49:24 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2019-06-08 14:49:24 ----D---- C:\Program Files (x86)\Mozilla Firefox
2019-06-08 14:46:58 ----D---- C:\Hry
2019-06-08 14:45:25 ----D---- C:\ProgramData\NVIDIA
2019-06-08 10:43:40 ----D---- C:\Windows\System32
2019-06-08 10:43:40 ----D---- C:\Windows\inf
2019-06-08 10:43:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2019-06-08 10:39:16 ----D---- C:\Windows
2019-06-07 21:00:01 ----D---- C:\Windows\system32\LogFiles
2019-06-07 19:27:55 ----D---- C:\Windows\SoftwareDistribution
2019-06-07 19:25:11 ----D---- C:\Windows\system32\Tasks
2019-06-06 15:03:40 ----D---- C:\Windows\system32\drivers
2019-06-01 18:50:45 ----SHD---- C:\System Volume Information
2019-05-25 09:50:29 ----D---- C:\Users\Admin\AppData\Roaming\FiraxisLive
2019-05-25 00:28:36 ----D---- C:\Program Files (x86)\JDownloader v2.0
2019-05-19 13:49:31 ----D---- C:\Windows\rescache
2019-05-19 08:26:59 ----D---- C:\Windows\Microsoft.NET
2019-05-19 07:51:01 ----D---- C:\Windows\SYSWOW64\LogFiles
2019-05-19 07:51:00 ----D---- C:\Windows\Logs
2019-05-19 07:51:00 ----D---- C:\Windows\debug
2019-05-19 07:47:40 ----D---- C:\Windows\winsxs
2019-05-19 07:47:31 ----D---- C:\Windows\system32\catroot2
2019-05-16 18:28:49 ----RSD---- C:\Windows\assembly
2019-05-15 16:57:00 ----SHD---- C:\Windows\Installer
2019-05-15 16:56:37 ----D---- C:\Windows\SysWOW64
2019-05-15 16:41:41 ----SHD---- C:\Boot
2019-05-15 16:40:28 ----D---- C:\Windows\SYSWOW64\en-US
2019-05-15 16:40:28 ----D---- C:\Windows\SYSWOW64\Dism
2019-05-15 16:40:28 ----D---- C:\Windows\SYSWOW64\cs-CZ
2019-05-15 16:40:28 ----D---- C:\Windows\system32\drivers\en-US
2019-05-15 16:40:28 ----D---- C:\Program Files\Internet Explorer
2019-05-15 16:40:28 ----D---- C:\Program Files (x86)\Internet Explorer
2019-05-15 16:40:27 ----RSD---- C:\Windows\Fonts
2019-05-15 16:40:27 ----D---- C:\Windows\system32\en-US
2019-05-15 16:40:27 ----D---- C:\Windows\system32\Dism
2019-05-15 16:40:27 ----D---- C:\Windows\system32\cs-CZ
2019-05-15 16:40:27 ----D---- C:\Windows\AppPatch
2019-05-15 16:40:26 ----D---- C:\Windows\system32\Boot
2019-05-15 16:40:25 ----D---- C:\Windows\system32\DriverStore
2019-05-15 00:23:20 ----D---- C:\Windows\system32\MRT
2019-05-15 00:21:43 ----AC---- C:\Windows\system32\MRT.exe
2019-05-15 00:20:11 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2019-05-15 00:07:18 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2019-05-15 00:07:17 ----D---- C:\Windows\system32\Macromed
2019-05-15 00:07:16 ----D---- C:\Windows\SYSWOW64\Macromed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswArDisk;aswArDisk; C:\Windows\system32\drivers\aswArDisk.sys [2019-05-26 37104]
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsh.sys [2019-05-26 205848]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniv.sys [2019-05-26 61472]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2019-05-26 87944]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2019-05-30 385880]
R0 iaStorA;iaStorA; C:\Windows\system32\drivers\iaStorA.sys [2013-08-01 644968]
R0 iaStorF;iaStorF; C:\Windows\system32\drivers\iaStorF.sys [2013-08-01 28008]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\drivers\iusb3hcs.sys [2013-04-26 20464]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 213736]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2015-06-06 381608]
R1 aswArPot;aswArPot; C:\Windows\system32\drivers\aswArPot.sys [2019-05-26 207448]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriver.sys [2019-05-26 262496]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2019-05-26 42288]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2019-05-26 112312]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2019-05-26 1030784]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2019-05-26 477584]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\Windows\System32\DRIVERS\cmderd.sys [2019-03-15 34280]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\system32\DRIVERS\cmdguard.sys [2019-03-15 867864]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2019-03-15 59096]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2019-03-15 126680]
R1 isedrv;Internet Security Essentials; C:\Windows\system32\drivers\isedrv.sys [2019-01-29 51368]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2009-09-23 66304]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2009-09-23 359552]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2019-06-06 167872]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2019-06-03 225608]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-11-05 3707864]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2013-04-26 368112]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2013-04-26 786416]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2013-03-12 64624]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2018-04-13 235432]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2013-10-28 884952]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2009-09-23 187904]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2009-09-23 95232]
R3 XtuAcpiDriver;Intel(R) Extreme Tuning Utility Device Service; C:\Windows\system32\DRIVERS\XtuAcpiDriver.sys [2017-04-18 54168]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2019-02-07 95232]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2018-12-14 30264]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus; C:\Windows\system32\DRIVERS\dtliteusbbus.sys [2018-12-14 47672]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [2013-05-30 64280]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver; C:\Windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys []
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2016-04-14 56384]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-21 109056]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2012-08-23 29696]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 WinUsb;WinUsb; C:\Windows\system32\drivers\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-12-16 83984]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2019-05-26 409224]
R2 CmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2019-04-16 11401312]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 isesrv;isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [2019-01-29 1044176]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2018-03-24 464272]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [2019-05-28 6844776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2018-03-26 107592]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2018-03-26 128584]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-05-15 335416]
S3 cmdvirth;COMODO Virtual Service Manager; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2019-04-11 2651840]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2019-04-25 116224]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-02-25 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2018-03-26 52832]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2019-06-08 238544]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2018-03-26 136288]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2018-03-26 136288]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2018-03-26 136288]

-----------------EOF-----------------
Vyrostl jsem v tak chudé rodině, že kdybych se nenarodil jako chlapeček, tak bych si neměl s čím hrát.

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o preventivku

#2 Příspěvek od Conder »

Ahoj :)

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
  • Nechaj zaskrtnute vsetky nalezy
  • Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
  • Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
  • Otvori sa log, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Uživatelský avatar
BacilX
Návštěvník
Návštěvník
Příspěvky: 65
Registrován: 19 zář 2007 11:12

Re: Prosím o preventivku

#3 Příspěvek od BacilX »

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-05-27.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-09-2019
# Duration: 00:00:00
# OS: Windows 7 Home Premium
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1257 octets] - [09/06/2019 10:05:46]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Vyrostl jsem v tak chudé rodině, že kdybych se nenarodil jako chlapeček, tak bych si neměl s čím hrát.

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o preventivku

#4 Příspěvek od Conder »

:arrow: Poprosim o obidva logy z FRST (FRST.txt a Addition.txt) podla tohto navodu: https://forum.viry.cz/viewtopic.php?f=13&t=154679
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Uživatelský avatar
BacilX
Návštěvník
Návštěvník
Příspěvky: 65
Registrován: 19 zář 2007 11:12

Re: Prosím o preventivku

#5 Příspěvek od BacilX »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-06-2019 01
Ran by Admin (administrator) on TRILINE (ATComputers TRILINE PROFI I108) (12-06-2019 07:28:23)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin & Robin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [262024 2019-05-26] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [13065408 2019-04-16] (Comodo Security Solutions, Inc. -> COMODO)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [4187856 2019-01-29] (Comodo Security Solutions, Inc. -> COMODO)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2023A75E-B369-4C59-A969-5FFBD0A54E5F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {32497A94-DF03-4A04-996E-5FDD5F981B63} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {36A02D00-AF38-4CA6-A009-4908055D499C} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5737152 2019-04-16] (Comodo Security Solutions, Inc. -> COMODO)
Task: {481DDD29-1126-4F82-A675-A85D9E0CEAF2} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2934152 2019-05-26] (AVAST Software s.r.o. -> AVAST Software)
Task: {4AF44E30-E709-40E3-84D8-B1CD63C0ABF3} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5737152 2019-04-16] (Comodo Security Solutions, Inc. -> COMODO)
Task: {665238B0-5734-4583-B5C2-9A9445CB03E3} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5737152 2019-04-16] (Comodo Security Solutions, Inc. -> COMODO)
Task: {8A45F4D7-DAA6-4F5D-AFDE-6692BE2F0A84} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2281944 2019-06-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {9095FB20-3B22-4DFE-9CDB-6DC1BDE9DF91} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [13065408 2019-04-16] (Comodo Security Solutions, Inc. -> COMODO)
Task: {93909114-678F-4B12-9CA1-A3918CDDEB9B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-05-15] (Adobe Inc. -> Adobe)
Task: {9EE0FE29-E88B-42A5-98A9-55DDC1AD7956} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_192_Plugin.exe [1457208 2019-05-15] (Adobe Inc. -> Adobe)
Task: {A7FFF6BC-E472-4F42-A199-8395CF0249B5} - System32\Tasks\Norton Security Scan for Admin => C:\Program Files (x86)\NORTON~2\Engine\461~1.175\Nss.exe
Task: {A8218425-C548-40B0-ACB1-48D426220ED6} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [13065408 2019-04-16] (Comodo Security Solutions, Inc. -> COMODO)
Task: {D0978751-11B2-4C49-A758-ECBE603F109F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{15601C4F-0785-412A-BDC7-0069DA945582}: [NameServer] 156.154.70.25,156.154.71.25
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,10.40.128.1,-1]

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2485784249-3341709608-829223016-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

FireFox:
========
FF DefaultProfile: imtd495u.default
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\imtd495u.default [2019-06-12]
FF Homepage: Mozilla\Firefox\Profiles\imtd495u.default -> hxxps://www.seznam.cz/
FF Extension: (uBlock Origin) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\imtd495u.default\Extensions\uBlock0@raymondhill.net.xpi [2019-02-05]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_192.dll [2019-05-15] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_192.dll [2019-05-15] (Adobe Inc. -> )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6844776 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [409224 2019-05-26] (AVAST Software s.r.o. -> AVAST Software)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [11401312 2019-04-16] (Comodo Security Solutions, Inc. -> COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2651840 2019-04-11] (Comodo Security Solutions, Inc. -> COMODO)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [1044176 2019-01-29] (Comodo Security Solutions, Inc. -> COMODO)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37104 2019-05-26] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [207448 2019-05-26] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [262496 2019-05-26] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [205848 2019-05-26] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [61472 2019-05-26] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2019-05-26] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [167872 2019-06-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112312 2019-05-26] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87944 2019-05-26] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1030784 2019-05-26] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [477584 2019-05-26] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [225608 2019-06-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [385880 2019-05-30] (AVAST Software s.r.o. -> AVAST Software)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [34280 2019-03-15] (Comodo Security Solutions, Inc. -> COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [867864 2019-03-15] (Comodo Security Solutions, Inc. -> COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [59096 2019-03-15] (Comodo Security Solutions, Inc. -> COMODO)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2018-12-14] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2018-12-14] (Disc Soft Ltd -> Disc Soft Ltd)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-01] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [126680 2019-03-15] (Comodo Security Solutions, Inc. -> COMODO)
R1 isedrv; C:\Windows\system32\drivers\isedrv.sys [51368 2019-01-29] (Comodo Security Solutions, Inc. -> COMODO)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech -> Logitech Inc.)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation -> NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-06-06] (Disc Soft Ltd -> Duplex Secure Ltd.)
R3 XtuAcpiDriver; C:\Windows\System32\DRIVERS\XtuAcpiDriver.sys [54168 2017-04-18] (Intel Corporation -> Intel Corporation)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-12 07:28 - 2019-06-12 07:28 - 000014043 _____ C:\Users\Admin\Desktop\FRST.txt
2019-06-12 07:21 - 2019-06-11 08:25 - 002418688 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2019-06-08 14:59 - 2019-06-08 14:59 - 000000000 ____D C:\rsit
2019-06-08 14:52 - 2019-06-08 14:52 - 001222144 _____ C:\Users\Admin\Desktop\RSITx64.exe
2019-05-26 19:05 - 2019-05-26 19:05 - 000363400 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-05-25 09:50 - 2019-05-25 09:50 - 000000000 ___HD C:\$AV_ASW
2019-05-14 23:45 - 2019-04-30 21:28 - 000397112 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-05-14 23:45 - 2019-04-30 20:37 - 000348984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-05-14 23:45 - 2019-04-30 02:51 - 000578560 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-05-14 23:45 - 2019-04-30 02:51 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-05-14 23:45 - 2019-04-25 06:01 - 025730560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-05-14 23:45 - 2019-04-25 05:52 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-05-14 23:45 - 2019-04-25 05:52 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-05-14 23:45 - 2019-04-25 05:40 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-05-14 23:45 - 2019-04-25 05:38 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-05-14 23:45 - 2019-04-25 05:38 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-05-14 23:45 - 2019-04-25 05:38 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-05-14 23:45 - 2019-04-25 05:37 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-05-14 23:45 - 2019-04-25 05:31 - 020279296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-05-14 23:45 - 2019-04-25 05:31 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-05-14 23:45 - 2019-04-25 05:30 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-05-14 23:45 - 2019-04-25 05:28 - 005775360 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-05-14 23:45 - 2019-04-25 05:28 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-05-14 23:45 - 2019-04-25 05:26 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-05-14 23:45 - 2019-04-25 05:26 - 000790528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-05-14 23:45 - 2019-04-25 05:26 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-05-14 23:45 - 2019-04-25 05:26 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-05-14 23:45 - 2019-04-25 05:24 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2019-05-14 23:45 - 2019-04-25 05:19 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-05-14 23:45 - 2019-04-25 05:16 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-05-14 23:45 - 2019-04-25 05:12 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2019-05-14 23:45 - 2019-04-25 05:12 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2019-05-14 23:45 - 2019-04-25 05:11 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2019-05-14 23:45 - 2019-04-25 05:11 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2019-05-14 23:45 - 2019-04-25 05:09 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-05-14 23:45 - 2019-04-25 05:09 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-05-14 23:45 - 2019-04-25 05:09 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-05-14 23:45 - 2019-04-25 05:08 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-05-14 23:45 - 2019-04-25 05:06 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2019-05-14 23:45 - 2019-04-25 05:05 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-05-14 23:45 - 2019-04-25 05:05 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-05-14 23:45 - 2019-04-25 05:05 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2019-05-14 23:45 - 2019-04-25 05:04 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2019-05-14 23:45 - 2019-04-25 05:03 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-05-14 23:45 - 2019-04-25 05:03 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-05-14 23:45 - 2019-04-25 05:02 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-05-14 23:45 - 2019-04-25 05:02 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2019-05-14 23:45 - 2019-04-25 05:01 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-05-14 23:45 - 2019-04-25 04:54 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2019-05-14 23:45 - 2019-04-25 04:52 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-05-14 23:45 - 2019-04-25 04:50 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-05-14 23:45 - 2019-04-25 04:50 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-05-14 23:45 - 2019-04-25 04:50 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2019-05-14 23:45 - 2019-04-25 04:49 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2019-05-14 23:45 - 2019-04-25 04:49 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2019-05-14 23:45 - 2019-04-25 04:48 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-05-14 23:45 - 2019-04-25 04:47 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-05-14 23:45 - 2019-04-25 04:47 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2019-05-14 23:45 - 2019-04-25 04:46 - 015285248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-05-14 23:45 - 2019-04-25 04:46 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2019-05-14 23:45 - 2019-04-25 04:45 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2019-05-14 23:45 - 2019-04-25 04:43 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2019-05-14 23:45 - 2019-04-25 04:40 - 004493312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-05-14 23:45 - 2019-04-25 04:38 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2019-05-14 23:45 - 2019-04-25 04:37 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-05-14 23:45 - 2019-04-25 04:36 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-05-14 23:45 - 2019-04-25 04:35 - 013682176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-05-14 23:45 - 2019-04-25 04:35 - 005303808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-05-14 23:45 - 2019-04-25 04:35 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2019-05-14 23:45 - 2019-04-25 04:24 - 001557504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-05-14 23:45 - 2019-04-25 04:18 - 004831232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-05-14 23:45 - 2019-04-25 04:14 - 001323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-05-14 23:45 - 2019-04-25 04:14 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-05-14 23:45 - 2019-04-25 04:12 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-05-14 23:45 - 2019-04-19 04:54 - 004057320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-05-14 23:45 - 2019-04-19 04:53 - 003963624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-05-14 23:45 - 2019-04-19 04:53 - 001314104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-05-14 23:45 - 2019-04-19 04:51 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-05-14 23:45 - 2019-04-19 04:51 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-05-14 23:45 - 2019-04-19 04:51 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-05-14 23:45 - 2019-04-19 04:51 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-05-14 23:45 - 2019-04-19 04:51 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-05-14 23:45 - 2019-04-19 04:51 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-05-14 23:45 - 2019-04-19 04:51 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2019-05-14 23:45 - 2019-04-19 04:51 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2019-05-14 23:45 - 2019-04-19 04:51 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2019-05-14 23:45 - 2019-04-19 04:51 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2019-05-14 23:45 - 2019-04-19 04:51 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-05-14 23:45 - 2019-04-19 04:51 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2019-05-14 23:45 - 2019-04-19 04:51 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2019-05-14 23:45 - 2019-04-19 04:51 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2019-05-14 23:45 - 2019-04-19 04:51 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2019-05-14 23:45 - 2019-04-19 04:51 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-05-14 23:45 - 2019-04-19 04:51 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2019-05-14 23:45 - 2019-04-19 04:50 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2019-05-14 23:45 - 2019-04-19 04:50 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2019-05-14 23:45 - 2019-04-19 04:50 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-05-14 23:45 - 2019-04-19 04:50 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2019-05-14 23:45 - 2019-04-19 04:50 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2019-05-14 23:45 - 2019-04-19 04:50 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-05-14 23:45 - 2019-04-19 04:50 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:50 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:44 - 000185064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2019-05-14 23:45 - 2019-04-19 04:44 - 000095456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-05-14 23:45 - 2019-04-19 04:43 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-05-14 23:45 - 2019-04-19 04:43 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-05-14 23:45 - 2019-04-19 04:43 - 000153832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-05-14 23:45 - 2019-04-19 04:43 - 000064232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
2019-05-14 23:45 - 2019-04-19 04:43 - 000063208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
2019-05-14 23:45 - 2019-04-19 04:43 - 000060648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
2019-05-14 23:45 - 2019-04-19 04:43 - 000031976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys
2019-05-14 23:45 - 2019-04-19 04:43 - 000023784 _____ (Microsoft Corporation) C:\Windows\system32\streamci.dll
2019-05-14 23:45 - 2019-04-19 04:43 - 000020200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
2019-05-14 23:45 - 2019-04-19 04:42 - 005552864 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-05-14 23:45 - 2019-04-19 04:42 - 001664360 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-05-14 23:45 - 2019-04-19 04:42 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-05-14 23:45 - 2019-04-19 04:42 - 000122600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
2019-05-14 23:45 - 2019-04-19 04:42 - 000068328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2019-05-14 23:45 - 2019-04-19 04:42 - 000036064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
2019-05-14 23:45 - 2019-04-19 04:42 - 000015080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
2019-05-14 23:45 - 2019-04-19 04:42 - 000012136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys
2019-05-14 23:45 - 2019-04-19 04:40 - 001211392 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-05-14 23:45 - 2019-04-19 04:40 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-05-14 23:45 - 2019-04-19 04:40 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2019-05-14 23:45 - 2019-04-19 04:40 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-05-14 23:45 - 2019-04-19 04:40 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-05-14 23:45 - 2019-04-19 04:40 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-05-14 23:45 - 2019-04-19 04:40 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-05-14 23:45 - 2019-04-19 04:40 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-05-14 23:45 - 2019-04-19 04:40 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-05-14 23:45 - 2019-04-19 04:40 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-05-14 23:45 - 2019-04-19 04:40 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-05-14 23:45 - 2019-04-19 04:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-05-14 23:45 - 2019-04-19 04:40 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-05-14 23:45 - 2019-04-19 04:40 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-05-14 23:45 - 2019-04-19 04:40 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-05-14 23:45 - 2019-04-19 04:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-05-14 23:45 - 2019-04-19 04:40 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-05-14 23:45 - 2019-04-19 04:40 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-05-14 23:45 - 2019-04-19 04:40 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-05-14 23:45 - 2019-04-19 04:40 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2019-05-14 23:45 - 2019-04-19 04:40 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2019-05-14 23:45 - 2019-04-19 04:40 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 001162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:39 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:27 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2019-05-14 23:45 - 2019-04-19 04:26 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2019-05-14 23:45 - 2019-04-19 04:20 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2019-05-14 23:45 - 2019-04-19 04:20 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2019-05-14 23:45 - 2019-04-19 04:20 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2019-05-14 23:45 - 2019-04-19 04:20 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2019-05-14 23:45 - 2019-04-19 04:19 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2019-05-14 23:45 - 2019-04-19 04:18 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2019-05-14 23:45 - 2019-04-19 04:15 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-05-14 23:45 - 2019-04-19 04:15 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-05-14 23:45 - 2019-04-19 04:15 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-05-14 23:45 - 2019-04-19 04:14 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-05-14 23:45 - 2019-04-19 04:12 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-05-14 23:45 - 2019-04-19 04:11 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-05-14 23:45 - 2019-04-19 04:11 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-05-14 23:45 - 2019-04-19 04:08 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-05-14 23:45 - 2019-04-19 04:08 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-05-14 23:45 - 2019-04-19 04:08 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-05-14 23:45 - 2019-04-19 04:08 - 000169472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-05-14 23:45 - 2019-04-19 04:08 - 000160768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-05-14 23:45 - 2019-04-19 04:08 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-05-14 23:45 - 2019-04-19 04:07 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-05-14 23:45 - 2019-04-19 04:07 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-05-14 23:45 - 2019-04-19 04:07 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-05-14 23:45 - 2019-04-19 04:07 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-05-14 23:45 - 2019-04-19 04:07 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-05-14 23:45 - 2019-04-19 04:07 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-05-14 23:45 - 2019-04-19 04:07 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-05-14 23:45 - 2019-04-16 17:17 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2019-05-14 23:45 - 2019-04-16 17:17 - 001425920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2019-05-14 23:45 - 2019-04-16 17:17 - 000628224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2019-05-14 23:45 - 2019-04-16 17:17 - 000583680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2019-05-14 23:45 - 2019-04-16 17:17 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2019-05-14 23:45 - 2019-04-16 17:17 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2019-05-14 23:45 - 2019-04-16 17:16 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2019-05-14 23:45 - 2019-04-16 17:05 - 014184448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2019-05-14 23:45 - 2019-04-16 17:05 - 002072576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2019-05-14 23:45 - 2019-04-16 17:05 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2019-05-14 23:45 - 2019-04-16 17:05 - 000878080 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-05-14 23:45 - 2019-04-16 17:05 - 000806400 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2019-05-14 23:45 - 2019-04-16 17:05 - 000516096 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-05-14 23:45 - 2019-04-16 17:05 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2019-05-14 23:45 - 2019-04-16 17:05 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2019-05-14 23:45 - 2019-04-16 17:05 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2019-05-14 23:45 - 2019-04-16 16:55 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2019-05-14 23:45 - 2019-04-16 15:15 - 000419648 _____ C:\Windows\SysWOW64\locale.nls
2019-05-14 23:45 - 2019-04-16 15:15 - 000419648 _____ C:\Windows\system32\locale.nls
2019-05-14 23:45 - 2019-04-14 07:42 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2019-05-14 23:45 - 2019-04-14 07:40 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2019-05-14 23:45 - 2019-04-14 07:40 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2019-05-14 23:45 - 2019-04-14 07:39 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2019-05-14 23:45 - 2019-04-14 07:39 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2019-05-14 23:45 - 2019-04-14 07:28 - 000383720 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2019-05-14 23:45 - 2019-04-14 07:26 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2019-05-14 23:45 - 2019-04-14 07:26 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2019-05-14 23:45 - 2019-04-14 07:26 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2019-05-14 23:45 - 2019-04-14 07:26 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2019-05-14 23:45 - 2019-04-14 07:26 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2019-05-14 23:45 - 2019-04-14 07:12 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2019-05-14 23:45 - 2019-04-07 17:17 - 000617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2019-05-14 23:45 - 2019-04-07 17:17 - 000382976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2019-05-14 23:45 - 2019-04-07 17:17 - 000179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2019-05-14 23:45 - 2019-04-07 17:17 - 000160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2019-05-14 23:45 - 2019-04-07 17:16 - 003207168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2019-05-14 23:45 - 2019-04-07 17:16 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2019-05-14 23:45 - 2019-04-07 17:16 - 000519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2019-05-14 23:45 - 2019-04-07 17:16 - 000504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2019-05-14 23:45 - 2019-04-07 17:16 - 000442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2019-05-14 23:45 - 2019-04-07 17:16 - 000354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2019-05-14 23:45 - 2019-04-07 17:16 - 000265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2019-05-14 23:45 - 2019-04-07 17:16 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2019-05-14 23:45 - 2019-04-07 17:16 - 000046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssign32.dll
2019-05-14 23:45 - 2019-04-07 17:16 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2019-05-14 23:45 - 2019-04-07 17:15 - 001177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2019-05-14 23:45 - 2019-04-07 17:15 - 001005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2019-05-14 23:45 - 2019-04-07 17:15 - 000988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2019-05-14 23:45 - 2019-04-07 17:15 - 000744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2019-05-14 23:45 - 2019-04-07 17:15 - 000489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2019-05-14 23:45 - 2019-04-07 17:15 - 000406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2019-05-14 23:45 - 2019-04-07 17:15 - 000373248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-05-14 23:45 - 2019-04-07 17:15 - 000195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-05-14 23:45 - 2019-04-07 17:15 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2019-05-14 23:45 - 2019-04-07 17:15 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2019-05-14 23:45 - 2019-04-07 17:15 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2019-05-14 23:45 - 2019-04-07 17:05 - 000094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2019-05-14 23:45 - 2019-04-07 17:03 - 001574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2019-05-14 23:45 - 2019-04-07 17:03 - 001281536 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2019-05-14 23:45 - 2019-04-07 17:03 - 000782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2019-05-14 23:45 - 2019-04-07 17:03 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2019-05-14 23:45 - 2019-04-07 17:03 - 000486400 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2019-05-14 23:45 - 2019-04-07 17:03 - 000371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2019-05-14 23:45 - 2019-04-07 17:03 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2019-05-14 23:45 - 2019-04-07 17:03 - 000187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2019-05-14 23:45 - 2019-04-07 17:03 - 000174080 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2019-05-14 23:45 - 2019-04-07 17:03 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll
2019-05-14 23:45 - 2019-04-07 17:03 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2019-05-14 23:45 - 2019-04-07 17:03 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2019-05-14 23:45 - 2019-04-07 17:03 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2019-05-14 23:45 - 2019-04-07 17:02 - 004120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2019-05-14 23:45 - 2019-04-07 17:02 - 001484800 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2019-05-14 23:45 - 2019-04-07 17:02 - 001202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2019-05-14 23:45 - 2019-04-07 17:02 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2019-05-14 23:45 - 2019-04-07 17:02 - 000842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2019-05-14 23:45 - 2019-04-07 17:02 - 000680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-05-14 23:45 - 2019-04-07 17:02 - 000641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2019-05-14 23:45 - 2019-04-07 17:02 - 000632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2019-05-14 23:45 - 2019-04-07 17:02 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2019-05-14 23:45 - 2019-04-07 17:02 - 000438784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-05-14 23:45 - 2019-04-07 17:02 - 000433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2019-05-14 23:45 - 2019-04-07 17:02 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2019-05-14 23:45 - 2019-04-07 17:02 - 000295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-05-14 23:45 - 2019-04-07 17:02 - 000284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2019-05-14 23:45 - 2019-04-07 17:02 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2019-05-14 23:45 - 2019-04-07 17:02 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2019-05-14 23:45 - 2019-04-07 17:02 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2019-05-14 23:45 - 2019-04-07 17:02 - 000081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2019-05-14 23:45 - 2019-04-07 17:02 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\mssign32.dll
2019-05-14 23:45 - 2019-04-07 17:02 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2019-05-14 23:45 - 2019-04-07 17:02 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2019-05-14 23:45 - 2019-04-07 17:01 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2019-05-14 23:45 - 2019-04-07 17:01 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2019-05-14 23:45 - 2019-04-07 16:57 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2019-05-14 23:45 - 2019-04-07 16:49 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2019-05-14 23:45 - 2019-04-07 16:48 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2019-05-14 23:45 - 2019-04-07 16:45 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-05-14 23:45 - 2019-04-07 16:45 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2019-05-14 23:45 - 2019-04-07 16:45 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2019-05-14 23:45 - 2019-04-07 16:42 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-05-14 23:45 - 2019-04-07 16:42 - 000376320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2019-05-14 23:45 - 2019-04-07 16:42 - 000353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-05-14 23:45 - 2019-04-07 16:42 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2019-05-14 23:45 - 2019-04-07 16:42 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2019-05-14 23:45 - 2019-04-07 16:38 - 000407040 _____ (Microsoft Corporation) C:\Windows\system32\nltest.exe
2019-05-14 23:45 - 2019-04-07 16:35 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2019-05-14 23:45 - 2019-04-07 16:33 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2019-05-14 23:45 - 2019-04-07 16:33 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2019-05-14 23:45 - 2019-04-07 15:05 - 000634312 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-05-14 23:45 - 2019-04-05 02:34 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\cryptdll.dll
2019-05-14 23:45 - 2019-04-05 02:23 - 000057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdll.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-12 07:28 - 2018-09-16 12:29 - 000000000 ____D C:\FRST
2019-06-12 07:27 - 2016-12-14 21:22 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla
2019-06-12 07:26 - 2010-11-21 11:27 - 000670334 _____ C:\Windows\system32\perfh005.dat
2019-06-12 07:26 - 2010-11-21 11:27 - 000141946 _____ C:\Windows\system32\perfc005.dat
2019-06-12 07:26 - 2009-07-14 07:13 - 001583226 _____ C:\Windows\system32\PerfStringBackup.INI
2019-06-12 07:26 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2019-06-12 07:23 - 2017-08-12 10:16 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-06-12 07:21 - 2018-12-14 20:51 - 000090066 _____ C:\Windows\system32\Drivers\fvstore.dat
2019-06-12 07:20 - 2014-02-21 16:59 - 000000000 ____D C:\ProgramData\NVIDIA
2019-06-12 07:20 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-06-12 00:00 - 2016-11-18 01:09 - 000000000 ____D C:\Users\Robin\AppData\LocalLow\Mozilla
2019-06-11 10:27 - 2009-07-14 06:45 - 000017152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-06-11 10:27 - 2009-07-14 06:45 - 000017152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-06-11 10:21 - 2019-01-25 20:01 - 000004526 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-06-11 10:21 - 2018-12-09 00:55 - 000004206 _____ C:\Windows\System32\Tasks\Norton Security Scan for Admin
2019-06-11 10:21 - 2017-12-16 14:38 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-06-11 10:21 - 2017-12-06 17:11 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2019-06-11 10:21 - 2015-05-18 21:16 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2019-06-09 18:41 - 2019-03-24 11:35 - 000000000 ____D C:\Users\Robin\AppData\Local\CrashDumps
2019-06-09 08:53 - 2017-04-20 20:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-06-09 08:53 - 2014-02-26 17:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-06-08 15:05 - 2019-01-25 20:01 - 000004410 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-06-08 14:59 - 2014-08-12 16:19 - 000000000 ____D C:\Program Files\trend micro
2019-06-08 14:53 - 2014-12-20 14:16 - 000000000 ____D C:\Users\Admin\Desktop\stažené soubory
2019-06-08 14:46 - 2014-02-26 19:52 - 000000000 ____D C:\Hry
2019-06-06 15:03 - 2017-12-16 14:22 - 000167872 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-06-03 16:01 - 2017-12-16 14:22 - 000225608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-05-30 21:43 - 2017-12-16 14:22 - 000385880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-05-30 07:43 - 2009-07-14 07:08 - 000032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-05-26 19:05 - 2019-01-14 16:57 - 000262496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-05-26 19:05 - 2019-01-06 19:38 - 000205848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-05-26 19:05 - 2019-01-06 19:38 - 000061472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-05-26 19:05 - 2019-01-06 19:38 - 000037104 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-05-26 19:05 - 2018-10-21 07:57 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-05-26 19:05 - 2017-12-16 14:22 - 001030784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-05-26 19:05 - 2017-12-16 14:22 - 000477584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-05-26 19:05 - 2017-12-16 14:22 - 000207448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-05-26 19:05 - 2017-12-16 14:22 - 000112312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-05-26 19:05 - 2017-12-16 14:22 - 000087944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-05-25 09:50 - 2019-04-05 09:44 - 000000000 ____D C:\Users\Admin\Documents\My Games
2019-05-25 09:50 - 2019-04-05 09:44 - 000000000 ____D C:\Users\Admin\AppData\Roaming\FiraxisLive
2019-05-25 09:38 - 2018-01-30 23:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2019-05-25 00:28 - 2014-03-04 22:31 - 000000000 ____D C:\Program Files (x86)\JDownloader v2.0
2019-05-19 13:49 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\rescache
2019-05-19 07:19 - 2015-09-03 21:38 - 000000000 ___RD C:\Users\Admin\Virtual Machines
2019-05-15 16:56 - 2015-05-18 21:16 - 000002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-05-15 16:42 - 2015-08-13 15:18 - 000000000 ___RD C:\Users\Robin\Virtual Machines
2019-05-15 16:41 - 2009-07-14 06:45 - 000345024 _____ C:\Windows\system32\FNTCACHE.DAT
2019-05-15 16:40 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\SysWOW64\Dism
2019-05-15 16:40 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\Dism
2019-05-15 00:23 - 2014-02-25 16:05 - 000000000 ____D C:\Windows\system32\MRT
2019-05-15 00:21 - 2014-02-25 16:05 - 132445408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-05-15 00:20 - 2014-02-21 16:56 - 001561672 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-05-15 00:07 - 2014-02-25 16:25 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-05-15 00:07 - 2014-02-25 16:25 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-05-15 00:07 - 2014-02-25 16:25 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-05-15 00:07 - 2014-02-25 16:25 - 000000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories ================

2019-01-20 13:05 - 2019-02-23 10:24 - 000000038 _____ () C:\Users\Admin\AppData\Roaming\~SiMPLEX.ini

==================== FLock ================

2019-06-08 22:31 C:\System Volume Information

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-06-03 20:05
==================== End of FRST.txt ============================
Vyrostl jsem v tak chudé rodině, že kdybych se nenarodil jako chlapeček, tak bych si neměl s čím hrát.

Uživatelský avatar
BacilX
Návštěvník
Návštěvník
Příspěvky: 65
Registrován: 19 zář 2007 11:12

Re: Prosím o preventivku

#6 Příspěvek od BacilX »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-06-2019 01
Ran by Admin (12-06-2019 07:28:59)
Running from C:\Users\Admin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-02-25 13:28:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-2485784249-3341709608-829223016-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2485784249-3341709608-829223016-500 - Administrator - Disabled)
Guest (S-1-5-21-2485784249-3341709608-829223016-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2485784249-3341709608-829223016-1003 - Limited - Enabled)
Robin (S-1-5-21-2485784249-3341709608-829223016-1004 - Limited - Enabled) => C:\Users\Robin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: COMODO Advanced Protection (Enabled - Up to date) {255FE707-DEDA-33CA-1986-80AAD408CE05}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: COMODO Firewall (Enabled) {A60587C6-B28F-3D1C-0869-12ED515CC3C3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.012.20034 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.192 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.192 - Adobe)
Aegisub 3.2.0 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.0 - Aegisub Team)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
Ant Renamer (HKLM-x32\...\Ant Renamer 2_is1) (Version: 2.12.0 - Ant Software)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.5.2378 - AVAST Software)
calibre (HKLM-x32\...\{0B374B2C-FE04-4741-B0B2-B14D84CEDAFF}) (Version: 3.35.0 - Kovid Goyal)
CBR Reader (HKLM-x32\...\{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1) (Version: - cbrreader.com)
CCleaner (HKLM\...\CCleaner) (Version: 5.47 - Piriform)
COMODO Firewall (HKLM\...\{785D9670-B355-487D-8B6A-6B28490AF489}) (Version: 12.0.0.6818 - COMODO Security Solutions Inc.) Hidden
COMODO Firewall (HKLM\...\COMODO Internet Security) (Version: 12.0.0.6818 - COMODO Security Solutions Inc.)
Darkest Dungeon The Color of Madness (HKLM-x32\...\Darkest Dungeon The Color of Madness_is1) (Version: - )
FormatFactory 3.3.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.1.0 - Format Factory)
Galactic Civilizations II - Ultimate Edition (HKLM-x32\...\Galactic Civilizations II - Ultimate Edition) (Version: - Kalypso Media)
Gremlins vs Automatons (HKLM-x32\...\Gremlins vs Automatons_is1) (Version: - )
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.6.472587.185 - Comodo)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Microsoft .NET Framework 4.7.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 67.0.1 (x64 cs) (HKLM\...\Mozilla Firefox 67.0.1 (x64 cs)) (Version: 67.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 67.0.1.7088 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 cs)) (Version: 45.8.0 - Mozilla)
Mp3tag v2.75 (HKLM-x32\...\Mp3tag) (Version: v2.75 - Florian Heidenreich)
nGlide 1.05 (HKLM-x32\...\nGlide) (Version: 1.05 - Zeus Software)
NVIDIA Ovladač 3D Vision 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Ovládací panel NVIDIA 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 391.35 - NVIDIA Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.2.0 - pdfforge GmbH)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Shareaza 2.7.10.2 (HKLM\...\Shareaza_is1) (Version: 2.7.10.2 - Shareaza Development Team)
SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM-x32\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group)
Spellcross (DOSBox 0.74 emulace) (HKLM-x32\...\Spellcross (DOSBox 0.74 emulace)) (Version: - )
Stellaris MegaCorp (HKLM-x32\...\Stellaris MegaCorp_is1) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
XCOM 2 Digital Deluxe Edition MULTi11 - ElAmigos version 1.0 u11 (HKLM-x32\...\{5B33B979-8F2B-4A3A-AAF6-76C0C216321D}_is1) (Version: 1.0 u11 - 2K)
XnView 2.13 (HKLM-x32\...\XnView_is1) (Version: 2.13 - Gougelet Pierre-e)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-26] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-26] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-26] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2019-04-16] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2019-04-16] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-26] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-26] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2019-04-16] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) ==============

2003-03-18 23:23 - 2003-03-18 23:23 - 000024576 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\1029\mdmui.dll
2006-10-26 14:40 - 2006-10-26 14:40 - 000335872 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
2018-09-16 13:23 - 2018-03-24 01:05 - 000343728 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll
2018-04-13 20:06 - 2018-04-13 20:06 - 000117248 _____ (pdfforge GmbH) [File not signed] C:\Windows\System32\pdfcmon.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Admin\Downloads:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Robin\Downloads:Shareaza.GUID [16]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2019-06-08 14:54 - 000000033 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Calibre2\
HKU\S-1-5-21-2485784249-3341709608-829223016-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 156.154.70.25 - 156.154.71.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\Services: MozillaMaintenance => 3

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B49E75B1-A3B8-44ED-AE11-B46785FD2E67}] => (Allow) %SystemRoot%\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{EDE61EF5-D8FF-4FAE-B94D-C935A3344EB1}] => (Allow) %SystemRoot%\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0A6187EB-8DC1-4C89-88D9-3E9928F6940F}] => (Allow) %SystemRoot%\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{04FBBF19-723A-49A9-AAAE-FA93DA9005C4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{74B21F8B-7609-4F49-9022-9B9197B09F4C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A5991C55-B6A8-460F-B8E7-E41EF986D8D0}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech -> Logitech Inc.)
FirewallRules: [{D37F2FA0-711E-4A01-BD05-8DCD73EC9E95}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech -> Logitech Inc.)
FirewallRules: [TCP Query User{24316309-A1F6-468B-B10A-EEB36BCC0F08}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{78ED4724-0F7A-4A6F-8FE4-0DAB928BD5F0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{29CC7501-9030-44DC-B16D-E5266489C60F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EA322048-9FB3-4A42-B9AC-99A91E28237E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D7896EF1-9C27-4124-96F8-39635717B3FF}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech -> Logitech Inc.)
FirewallRules: [{46CF13F4-2BD8-4081-8F97-BF13859745E3}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech -> Logitech Inc.)
FirewallRules: [{A529DF2B-238B-491B-9907-FD9809D729BB}] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0E3D52A3-3A30-4DE1-A4DA-67A5865674A6}] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9FC710FC-3CBA-41DA-ADB2-950EF7C0FE2B}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech -> Logitech Inc.)
FirewallRules: [{5C8CD737-8AF7-4D9D-AA37-F09E661E52E6}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech -> Logitech Inc.)
FirewallRules: [TCP Query User{3D336B23-9B4C-4844-B932-F44616F083E1}C:\program files (x86)\jdownloader v2.0\jdownloader2.exe] => (Block) C:\program files (x86)\jdownloader v2.0\jdownloader2.exe (AppWork GmbH -> AppWork GmbH)
FirewallRules: [UDP Query User{D23197A2-1D5F-4111-94A0-91826E46E1F3}C:\program files (x86)\jdownloader v2.0\jdownloader2.exe] => (Block) C:\program files (x86)\jdownloader v2.0\jdownloader2.exe (AppWork GmbH -> AppWork GmbH)
FirewallRules: [{9CEAC37D-CBD9-4A1C-A0F1-2D04EBF1CA17}] => (Allow) C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) [File not signed]
FirewallRules: [{F82FC33E-8CD6-4738-AC2B-3F2986F9AB82}] => (Allow) C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) [File not signed]
FirewallRules: [TCP Query User{1EF79CD8-B7D3-4D2B-A4EA-3612AE214118}C:\program files\shareaza\shareaza.exe] => (Block) C:\program files\shareaza\shareaza.exe (Shareaza Development Team) [File not signed]
FirewallRules: [UDP Query User{94A7B34A-6184-4880-85D4-B0DE38B56AEF}C:\program files\shareaza\shareaza.exe] => (Block) C:\program files\shareaza\shareaza.exe (Shareaza Development Team) [File not signed]
FirewallRules: [{5B933F2E-4FEB-4F87-B391-06BB22E5D9B9}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{E9F64EBA-BEC0-40FE-8430-12A9BC0F78AE}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)

==================== Restore Points =========================

08-06-2019 19:52:09 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/12/2019 07:21:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program FRST64.exe verze 10.6.2019.1 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: f34

Čas spuštění: 01d520dea5539602

Čas ukončení: 0

Cesta k aplikaci: C:\Users\Admin\Desktop\FRST64.exe

ID hlášení: eee617e4-8cd1-11e9-b9ec-d43d7effa8c6

Error: (06/12/2019 07:20:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/11/2019 08:13:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/10/2019 07:29:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/09/2019 06:41:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/09/2019 10:06:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/09/2019 10:04:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/09/2019 10:02:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: XCom2.exe, verze: 1.0.0.38128, časové razítko: 0x5824efd6
Název chybujícího modulu: tbbmalloc.dll, verze: 1.0.2009.325, časové razítko: 0x49ca2113
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000013a3
ID chybujícího procesu: 0x9f8
Čas spuštění chybující aplikace: 0x01d51e97f0bb277a
Cesta k chybující aplikaci: E:\Hry\XCOM 2\Binaries\Win64\XCom2.exe
Cesta k chybujícímu modulu: E:\Hry\XCOM 2\Binaries\Win64\tbbmalloc.dll
ID zprávy: efccbf2c-8a8c-11e9-a78b-d43d7effa8c6


System errors:
=============
Error: (06/12/2019 07:20:37 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
cdrom

Error: (06/11/2019 08:13:23 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
cdrom

Error: (06/11/2019 08:13:22 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Publikování prostředků rozpoznávání funkcí byla ukončena s následující chybou:
%%-2147014847 = Požadovaná adresa není v tomto kontextu platná.

Error: (06/10/2019 07:44:24 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 20.

Error: (06/10/2019 07:29:23 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
cdrom

Error: (06/09/2019 06:41:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
cdrom

Error: (06/09/2019 06:41:53 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (18:41:15, ‎9.‎6.‎2019) bylo neočekávané.

Error: (06/09/2019 10:06:36 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
cdrom


CodeIntegrity:
===================================

Date: 2014-08-15 16:18:13.943
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-15 16:18:13.904
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-15 16:18:13.864
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-15 16:18:13.825
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-14 10:09:27.234
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-14 10:09:27.197
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. V1.1 01/20/2014
Motherboard: MSI H81M-P33 (MS-7817)
Processor: Intel(R) Core(TM) i3-4330 CPU @ 3.50GHz
Percentage of memory in use: 41%
Total physical RAM: 8136.02 MB
Available physical RAM: 4720.05 MB
Total Virtual: 13134.16 MB
Available Virtual: 9561.96 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:103 GB) (Free:38.26 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (Data) (Fixed) (Total:931.51 GB) (Free:76.65 GB) NTFS
Drive f: (Filmy) (Fixed) (Total:1863.01 GB) (Free:29.12 GB) NTFS

\\?\Volume{4e7be4a2-9b09-11e3-b7a6-d43d7effa8c6}\ (WinRE-ATC) (Fixed) (Total:8.79 GB) (Free:1.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 5A4EEB50)
Partition 1: (Active) - (Size=103 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=8.8 GB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 795381E7)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 45DB875B)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Vyrostl jsem v tak chudé rodině, že kdybych se nenarodil jako chlapeček, tak bych si neměl s čím hrát.

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o preventivku

#7 Příspěvek od Conder »

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
    File: C:\Program Files\Microsoft Security Client\MpCmdRun.exe
    ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ALG
    ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt
    
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-2485784249-3341709608-829223016-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    2019-06-08 14:59 - 2019-06-08 14:59 - 000000000 ____D C:\rsit
    2019-06-08 14:52 - 2019-06-08 14:52 - 001222144 _____ C:\Users\Admin\Desktop\RSITx64.exe
    2019-06-08 14:59 - 2014-08-12 16:19 - 000000000 ____D C:\Program Files\trend micro
    2019-01-20 13:05 - 2019-02-23 10:24 - 000000038 _____ () C:\Users\Admin\AppData\Roaming\~SiMPLEX.ini
    AlternateDataStreams: C:\Users\Admin\Downloads:Shareaza.GUID [16]
    AlternateDataStreams: C:\Users\Robin\Downloads:Shareaza.GUID [16]
    
    DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ALG
    CMD: sc config ALG start= demand
    DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AppIDSvc
    CMD: sc config AppIDSvc start= demand
    
    Hosts:
    EmptyTemp:
    End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Uživatelský avatar
BacilX
Návštěvník
Návštěvník
Příspěvky: 65
Registrován: 19 zář 2007 11:12

Re: Prosím o preventivku

#8 Příspěvek od BacilX »

Fix result of Farbar Recovery Scan Tool (x64) Version: 10-06-2019 01
Ran by Admin (13-06-2019 09:16:23) Run:2
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin & Robin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Program Files\Microsoft Security Client\MpCmdRun.exe
ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ALG
ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2485784249-3341709608-829223016-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
2019-06-08 14:59 - 2019-06-08 14:59 - 000000000 ____D C:\rsit
2019-06-08 14:52 - 2019-06-08 14:52 - 001222144 _____ C:\Users\Admin\Desktop\RSITx64.exe
2019-06-08 14:59 - 2014-08-12 16:19 - 000000000 ____D C:\Program Files\trend micro
2019-01-20 13:05 - 2019-02-23 10:24 - 000000038 _____ () C:\Users\Admin\AppData\Roaming\~SiMPLEX.ini
AlternateDataStreams: C:\Users\Admin\Downloads:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Robin\Downloads:Shareaza.GUID [16]

DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ALG
CMD: sc config ALG start= demand
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AppIDSvc
CMD: sc config AppIDSvc start= demand

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 26
Average :
Sum : 285170615
Maximum :
Minimum :
Property : Length


========= End of Powershell: =========


========================= File: C:\Program Files\Microsoft Security Client\MpCmdRun.exe ========================

"C:\Program Files\Microsoft Security Client\MpCmdRun.exe" => not found
====== End of File: ======

================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ALG]
"DisplayName"="@%SystemRoot%\system32\Alg.exe,-112"
"ImagePath"="%SystemRoot%\System32\alg.exe"
"Description"="@%SystemRoot%\system32\Alg.exe,-113"
"ObjectName"="NT AUTHORITY\LocalService"
"ErrorControl"="1"
"Start"="4"
"Type"="16"
"ServiceSidType"="1"
"RequiredPrivileges"="SeChangeNotifyPrivilege*SeCreateGlobalPrivilege*SeImpersonatePrivilege"
"FailureActions"="840300000000000000000000030000001400000001000000c0d4010001000000e09304000000000000000000"

=== End of ExportKey ===
================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt]
"ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs"
[HKLM\SYSTEM\CurrentControlSet\Services\AppMgmt\Parameters]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

=== End of ExportKey ===
"HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page" => removed successfully
HKU\S-1-5-21-2485784249-3341709608-829223016-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\System\CurrentControlSet\Services\MBAMSwissArmy => removed successfully
MBAMSwissArmy => service removed successfully
C:\rsit => moved successfully
C:\Users\Admin\Desktop\RSITx64.exe => moved successfully
C:\Program Files\trend micro => moved successfully
C:\Users\Admin\AppData\Roaming\~SiMPLEX.ini => moved successfully
C:\Users\Admin\Downloads => ":Shareaza.GUID" ADS could not remove.
C:\Users\Robin\Downloads => ":Shareaza.GUID" ADS could not remove.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ALG => removed successfully

========= sc config ALG start= demand =========

[SC] ChangeServiceConfig ŁspŘch

========= End of CMD: =========

HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AppIDSvc => removed successfully

========= sc config AppIDSvc start= demand =========

[SC] ChangeServiceConfig ŁspŘch

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3112531 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 6688 B
Edge => 0 B
Chrome => 0 B
Firefox => 80037697 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 0 B
UpdatusUser => 0 B
Admin => 6489734 B
Robin => 378553005 B

RecycleBin => 323588 B
EmptyTemp: => 454.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:17:00 ====
Vyrostl jsem v tak chudé rodině, že kdybych se nenarodil jako chlapeček, tak bych si neměl s čím hrát.

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o preventivku

#9 Příspěvek od Conder »

:arrow: Vyzera to OK. Su nejake problemy s PC?
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Uživatelský avatar
BacilX
Návštěvník
Návštěvník
Příspěvky: 65
Registrován: 19 zář 2007 11:12

Re: Prosím o preventivku

#10 Příspěvek od BacilX »

pc je v pohodě....šlo jen o prevenci...díky za kontrolu
Vyrostl jsem v tak chudé rodině, že kdybych se nenarodil jako chlapeček, tak bych si neměl s čím hrát.

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o preventivku

#11 Příspěvek od Conder »

:arrow: Tak este upraceme po pouzitych nastrojoch:
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Odpovědět