Ještě jednou bych Vám chtěl poděkovat za trápení se mnou a tady je log z FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-05-2016 02
Ran by Trnda (administrator) on YAN-TRNDA (31-05-2016 20:02:26)
Running from C:\Users\Trnda\Desktop
Loaded Profiles: Trnda (Available Profiles: Trnda)
Platform: Windows 10 Home Version 1511 (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\syswow64\PnkBstrA.exe
() C:\Windows\syswow64\PnkBstrB.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\syswow64\cmd.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareTactXMacroController.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\syswow64\timeout.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-12-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-12-03] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945672 2015-07-16] (Synaptics Incorporated)
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [13840 2013-11-04] (Alienware)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-03-03] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\RunOnce: [AdBlock2] => C:\WINDOWS\AdBlock.exe [304162 2016-05-25] ( )
HKU\S-1-5-21-526843066-1090318809-1319604335-1001\...\Run: [Steam] => "D:\Trnda\program\steam.exe" -silent
HKU\S-1-5-21-526843066-1090318809-1319604335-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-526843066-1090318809-1319604335-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8721624 2016-05-13] (Piriform Ltd)
HKU\S-1-5-21-526843066-1090318809-1319604335-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1477392 2016-05-31] (Lavasoft)
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog9 01 C:\WINDOWS\system32\LavasoftTcpService.dll No File
Winsock: Catalog9 02 C:\WINDOWS\system32\LavasoftTcpService.dll No File
Winsock: Catalog9 03 C:\WINDOWS\system32\LavasoftTcpService.dll No File
Winsock: Catalog9 04 C:\WINDOWS\system32\LavasoftTcpService.dll No File
Winsock: Catalog9 17 C:\WINDOWS\system32\LavasoftTcpService.dll No File
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll No File
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2016-05-31] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2016-05-31] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2016-05-31] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2016-05-31] (Lavasoft Limited)
Winsock: Catalog9-x64 17 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2016-05-31] (Lavasoft Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{892b557f-2386-4a96-8a91-77123a45b9fa}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{a0bcc66c-fa3b-4a4f-96be-1317c1987970}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-526843066-1090318809-1319604335-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=D053116-A60F ... =CT3332038
SearchScopes: HKU\S-1-5-21-526843066-1090318809-1319604335-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D05311 ... earchTerms}
SearchScopes: HKU\S-1-5-21-526843066-1090318809-1319604335-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D05311 ... earchTerms}
BHO: No Name -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> No File
FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-03] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-526843066-1090318809-1319604335-1001: ubisoft.com/uplaypc -> C:\Hry\Settlers 7\Data\Base\_Dbg\Bin\Release\orbit\npuplaypc.dll [2013-02-26] (Ubisoft)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.facebook.com/","hxxp://himym.kinoti ... AXAkA38tBk.."
CHR Profile: C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Beautiful landscape) - C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambfimhigppdidfmelpjmojccbfdoeig [2016-05-27]
CHR Extension: (Disk Google) - C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-27]
CHR Extension: (YouTube) - C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-27]
CHR Extension: (Dokumenty Google offline) - C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-27]
CHR Extension: (AdBlock) - C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-05-27]
CHR Extension: (Auto HD For YouTube™) - C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2016-05-27]
CHR Extension: (Kontrola e-mailu Google) - C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2016-05-27]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-27]
CHR Extension: (Gmail) - C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-27]
CHR HKU\S-1-5-21-526843066-1090318809-1319604335-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-03-03] (NVIDIA Corporation)
S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2016-05-31] (Lavasoft Limited)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-03-03] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-03-03] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-03-03] (NVIDIA Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [66872 2016-03-17] ()
R2 PnkBstrB; C:\WINDOWS\SysWOW64\PnkBstrB.exe [107832 2016-03-17] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-12-03] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-16] (Synaptics Incorporated)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [17168 2016-05-31] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S2 qubyluwizbt; no ImagePath
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7585280 2015-10-30] (Broadcom Corporation)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-10-30] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-10-30] (Microsoft Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
R0 EMSC; C:\Windows\System32\drivers\EMSC.SYS [17720 2012-07-10] ()
R3 Ke2200; C:\Windows\System32\drivers\e22w8x64.sys [174448 2012-12-03] (Qualcomm Atheros, Inc.)
R3 kiox_ff_driver; C:\Windows\System32\drivers\kiox_ff_driver.sys [41456 2015-06-15] (Kionix, Inc.)
S3 ksapi64; C:\WINDOWS\system32\drivers\ksapi64.sys [56680 2016-05-11] (Kingsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-03-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2016-03-03] (NVIDIA Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [42184 2015-07-16] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [42696 2015-07-16] (Synaptics Incorporated)
S3 ST_Accel; C:\Windows\System32\drivers\ST_Accel.sys [83456 2013-08-06] (STMicroelectronics)
R1 UCGuard; C:\Windows\System32\DRIVERS\ucguard.sys [80768 2016-04-25] (Huorong Borui (Beijing) Technology Co., Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-31 20:02 - 2016-05-31 20:02 - 00016818 _____ C:\Users\Trnda\Desktop\FRST.txt
2016-05-31 20:00 - 2016-05-31 20:02 - 00000000 ____D C:\FRST
2016-05-31 19:58 - 2016-05-31 19:59 - 02383872 _____ (Farbar) C:\Users\Trnda\Desktop\FRST64.exe
2016-05-31 18:22 - 2016-05-31 19:43 - 00000000 ____D C:\Users\Trnda\AppData\Roaming\Lavasoft
2016-05-31 18:22 - 2016-05-31 19:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-05-31 18:22 - 2016-05-31 18:57 - 00002968 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2016-05-31 18:22 - 2016-05-31 18:57 - 00002968 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2016-05-31 18:22 - 2016-05-31 18:22 - 00425744 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00000000 ____D C:\Users\Trnda\AppData\Local\Lavasoft
2016-05-31 18:22 - 2016-05-31 18:22 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2016-05-31 18:20 - 2016-05-31 19:43 - 00000000 ____D C:\ProgramData\Lavasoft
2016-05-31 18:16 - 2016-05-31 18:16 - 00002858 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-05-31 18:16 - 2016-05-31 18:16 - 00000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-05-31 18:16 - 2016-05-31 18:16 - 00000000 ____D C:\Program Files\CCleaner
2016-05-27 16:23 - 2016-05-31 19:46 - 00000976 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-27 16:23 - 2016-05-31 19:34 - 00000980 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-27 16:23 - 2016-05-27 16:29 - 00004038 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-27 16:23 - 2016-05-27 16:29 - 00003806 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-27 16:23 - 2016-05-27 16:23 - 00002346 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-27 16:23 - 2016-05-27 16:23 - 00002334 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-27 15:54 - 2016-05-27 15:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-05-27 15:37 - 2016-05-27 15:37 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-05-24 14:20 - 2016-05-24 14:20 - 00000000 ____D C:\Users\Trnda\AppData\Local\UE BOOM
2016-05-21 02:03 - 2016-05-21 02:03 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-21 02:03 - 2016-05-21 02:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-05-11 15:50 - 2016-05-11 15:50 - 00270296 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-11 11:11 - 2016-05-11 11:11 - 00000000 ____D C:\Users\Trnda\AppData\Local\ActiveSync
2016-05-11 10:54 - 2016-05-11 10:54 - 00000000 ____D C:\Users\Default\AppData\Local\Trusteer
2016-05-11 10:54 - 2016-05-11 10:54 - 00000000 ____D C:\Users\Default User\AppData\Local\Trusteer
2016-05-11 00:54 - 2016-05-11 00:54 - 00081768 _____ (Kingsoft Corporation) C:\WINDOWS\system32\Drivers\ksapi.sys
2016-05-11 00:54 - 2016-05-11 00:54 - 00056680 _____ (Kingsoft Corporation) C:\WINDOWS\system32\Drivers\ksapi64.sys
2016-05-11 00:54 - 2016-05-11 00:54 - 00000000 ____D C:\ProgramData\Kingsoft
2016-05-10 22:23 - 2016-04-23 06:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-10 22:23 - 2016-04-23 06:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-10 22:23 - 2016-04-23 06:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-10 22:23 - 2016-04-23 06:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-10 22:23 - 2016-04-23 06:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-10 22:23 - 2016-04-23 06:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-10 22:23 - 2016-04-23 06:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-10 22:23 - 2016-04-23 06:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-10 22:23 - 2016-04-23 06:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-10 22:23 - 2016-04-23 06:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-10 22:23 - 2016-04-23 06:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-10 22:23 - 2016-04-23 06:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-10 22:22 - 2016-05-06 06:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-10 22:22 - 2016-05-06 06:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-10 22:22 - 2016-05-06 06:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-10 22:22 - 2016-05-06 05:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-10 22:22 - 2016-05-06 05:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-10 22:22 - 2016-05-06 05:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-10 22:22 - 2016-05-06 05:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-10 22:22 - 2016-05-06 05:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-10 22:22 - 2016-04-30 08:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-10 22:22 - 2016-04-30 08:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-10 22:22 - 2016-04-23 08:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-10 22:22 - 2016-04-23 08:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-10 22:22 - 2016-04-23 08:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-10 22:22 - 2016-04-23 08:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-10 22:22 - 2016-04-23 08:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-10 22:22 - 2016-04-23 08:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-10 22:22 - 2016-04-23 08:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-10 22:22 - 2016-04-23 08:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-10 22:22 - 2016-04-23 07:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-10 22:22 - 2016-04-23 07:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-10 22:22 - 2016-04-23 07:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-10 22:22 - 2016-04-23 07:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-10 22:22 - 2016-04-23 07:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-10 22:22 - 2016-04-23 07:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-10 22:22 - 2016-04-23 07:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-10 22:22 - 2016-04-23 07:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-10 22:22 - 2016-04-23 07:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-10 22:22 - 2016-04-23 07:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-10 22:22 - 2016-04-23 07:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-10 22:22 - 2016-04-23 07:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-10 22:22 - 2016-04-23 07:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-10 22:22 - 2016-04-23 07:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-10 22:22 - 2016-04-23 07:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-10 22:22 - 2016-04-23 07:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-10 22:22 - 2016-04-23 07:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-10 22:22 - 2016-04-23 07:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-10 22:22 - 2016-04-23 07:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-10 22:22 - 2016-04-23 07:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-10 22:22 - 2016-04-23 07:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-10 22:22 - 2016-04-23 07:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-10 22:22 - 2016-04-23 07:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-10 22:22 - 2016-04-23 07:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-10 22:22 - 2016-04-23 07:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-10 22:22 - 2016-04-23 07:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-10 22:22 - 2016-04-23 07:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-10 22:22 - 2016-04-23 07:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-10 22:22 - 2016-04-23 07:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-10 22:22 - 2016-04-23 07:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-10 22:22 - 2016-04-23 07:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-10 22:22 - 2016-04-23 07:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-10 22:22 - 2016-04-23 07:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-10 22:22 - 2016-04-23 07:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-10 22:22 - 2016-04-23 07:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-10 22:22 - 2016-04-23 07:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-10 22:22 - 2016-04-23 07:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-10 22:22 - 2016-04-23 07:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-10 22:22 - 2016-04-23 07:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-10 22:22 - 2016-04-23 07:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-10 22:22 - 2016-04-23 07:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-10 22:22 - 2016-04-23 07:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-10 22:22 - 2016-04-23 07:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-10 22:22 - 2016-04-23 07:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-10 22:22 - 2016-04-23 07:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-10 22:22 - 2016-04-23 07:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-10 22:22 - 2016-04-23 07:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-10 22:22 - 2016-04-23 07:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-10 22:22 - 2016-04-23 07:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-10 22:22 - 2016-04-23 07:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-10 22:22 - 2016-04-23 07:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-10 22:22 - 2016-04-23 07:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-10 22:22 - 2016-04-23 07:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-10 22:22 - 2016-04-23 07:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-10 22:22 - 2016-04-23 07:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-10 22:22 - 2016-04-23 07:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-10 22:22 - 2016-04-23 07:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-10 22:22 - 2016-04-23 07:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-10 22:22 - 2016-04-23 07:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-10 22:22 - 2016-04-23 07:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-10 22:22 - 2016-04-23 07:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-10 22:22 - 2016-04-23 07:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-10 22:22 - 2016-04-23 06:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-10 22:22 - 2016-04-23 06:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-10 22:22 - 2016-04-23 06:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-10 22:22 - 2016-04-23 06:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-10 22:22 - 2016-04-23 06:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-10 22:22 - 2016-04-23 06:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-10 22:22 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-10 22:22 - 2016-04-23 06:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-10 22:22 - 2016-04-23 06:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-10 22:22 - 2016-04-23 06:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-10 22:22 - 2016-04-23 06:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-10 22:22 - 2016-04-23 06:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-10 22:22 - 2016-04-23 06:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-10 22:22 - 2016-04-23 06:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-10 22:22 - 2016-04-23 06:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-10 22:22 - 2016-04-23 06:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-10 22:22 - 2016-04-23 06:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-10 22:22 - 2016-04-23 06:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-10 22:22 - 2016-04-23 06:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-10 22:22 - 2016-04-23 06:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-10 22:22 - 2016-04-23 06:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-10 22:22 - 2016-04-23 06:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-10 22:22 - 2016-04-23 06:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-10 22:22 - 2016-04-23 06:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-10 22:22 - 2016-04-23 06:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-10 22:22 - 2016-04-23 06:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-10 22:22 - 2016-04-23 06:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-10 22:22 - 2016-04-23 06:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-10 22:22 - 2016-04-23 06:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-10 22:22 - 2016-04-23 06:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-10 22:22 - 2016-04-23 06:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-10 22:22 - 2016-04-23 06:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-10 22:22 - 2016-04-23 06:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-10 22:22 - 2016-04-23 06:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-10 22:22 - 2016-04-23 06:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-10 22:22 - 2016-04-23 06:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-10 22:22 - 2016-04-23 06:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-10 22:22 - 2016-04-23 06:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-10 22:22 - 2016-04-23 06:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-10 22:22 - 2016-04-23 06:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-10 22:22 - 2016-04-23 06:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-10 22:22 - 2016-04-23 06:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-10 22:22 - 2016-04-23 06:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-10 22:22 - 2016-04-23 06:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-10 22:22 - 2016-04-23 06:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-10 22:22 - 2016-04-23 06:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-10 22:22 - 2016-04-23 06:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-10 22:22 - 2016-04-23 06:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-10 22:22 - 2016-04-23 06:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-10 22:22 - 2016-04-23 06:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-10 22:22 - 2016-04-23 06:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-10 22:22 - 2016-04-23 06:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-10 22:22 - 2016-04-23 06:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-10 22:22 - 2016-04-23 06:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-10 22:22 - 2016-04-23 06:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-10 22:22 - 2016-04-23 06:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-10 22:22 - 2016-04-23 06:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-10 22:22 - 2016-04-23 06:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-10 22:22 - 2016-04-23 06:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-10 22:22 - 2016-04-23 06:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-10 22:22 - 2016-04-23 06:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-10 22:22 - 2016-04-23 06:18 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-05-10 22:22 - 2016-04-23 06:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-10 22:22 - 2016-04-23 06:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-10 22:22 - 2016-04-23 06:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-10 22:22 - 2016-04-23 06:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-10 22:22 - 2016-04-23 06:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-10 22:22 - 2016-04-23 06:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-10 22:22 - 2016-04-23 06:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-10 22:22 - 2016-04-23 06:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-10 22:22 - 2016-04-23 06:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-10 22:22 - 2016-04-23 06:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-10 22:22 - 2016-04-23 06:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-10 22:22 - 2016-04-23 06:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-10 22:22 - 2016-04-23 06:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-10 22:22 - 2016-04-23 06:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-10 22:22 - 2016-04-23 06:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-10 22:22 - 2016-04-23 06:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-10 22:22 - 2016-04-23 06:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-10 22:22 - 2016-04-23 06:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-10 22:22 - 2016-04-23 06:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-10 22:22 - 2016-04-23 06:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-10 22:22 - 2016-04-23 06:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-10 22:22 - 2016-04-23 06:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-10 22:22 - 2016-04-23 06:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-10 22:22 - 2016-04-23 06:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-10 22:22 - 2016-04-23 06:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-10 22:22 - 2016-04-23 06:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-10 22:22 - 2016-04-23 06:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-10 22:22 - 2016-04-23 06:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-10 22:22 - 2016-04-23 06:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-10 22:22 - 2016-04-23 06:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-10 22:22 - 2016-04-23 06:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-10 22:22 - 2016-04-23 06:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-10 22:22 - 2016-04-23 06:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-10 22:22 - 2016-04-23 06:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-10 22:22 - 2016-04-23 06:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-10 22:22 - 2016-04-23 06:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-10 22:22 - 2016-04-23 06:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-10 22:22 - 2016-04-23 06:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-10 22:22 - 2016-04-23 06:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-10 22:22 - 2016-04-23 06:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-10 22:22 - 2016-04-23 06:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-10 22:22 - 2016-04-23 06:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-10 22:22 - 2016-04-23 06:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-10 22:22 - 2016-04-23 06:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-10 22:22 - 2016-04-23 06:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-10 22:22 - 2016-04-23 06:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-10 22:22 - 2016-04-23 06:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-10 22:22 - 2016-04-23 06:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-10 22:22 - 2016-04-23 06:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-10 22:22 - 2016-04-23 06:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-10 22:22 - 2016-04-23 06:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-10 22:22 - 2016-04-23 06:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-10 22:22 - 2016-04-23 06:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-10 22:22 - 2016-04-23 06:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-10 22:22 - 2016-04-23 06:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-10 22:22 - 2016-04-23 06:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-10 22:22 - 2016-04-23 06:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-10 22:22 - 2016-04-23 06:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-10 22:22 - 2016-04-23 06:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-10 22:22 - 2016-04-23 06:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-10 22:22 - 2016-04-23 06:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-10 22:22 - 2016-04-23 06:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-10 22:22 - 2016-04-23 06:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-10 22:22 - 2016-04-23 05:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-10 22:22 - 2016-04-23 04:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-10 22:21 - 2016-04-23 06:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-10 22:21 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-10 22:21 - 2016-04-23 06:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-10 22:21 - 2016-04-23 06:30 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-05-10 22:21 - 2016-04-23 06:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-10 22:21 - 2016-04-23 06:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-10 22:21 - 2016-04-23 06:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-10 22:21 - 2016-04-23 06:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-10 22:21 - 2016-04-23 06:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-10 22:21 - 2016-04-23 06:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-10 22:21 - 2016-04-23 06:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-10 22:21 - 2016-04-23 06:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-10 22:21 - 2016-04-23 06:18 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-05-10 22:21 - 2016-04-23 06:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-10 22:21 - 2016-04-23 04:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-10 22:21 - 2016-04-19 00:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-05-10 14:12 - 2016-05-25 02:50 - 00304162 _____ ( ) C:\WINDOWS\AdBlock.exe
2016-05-09 21:51 - 2016-05-09 21:51 - 00000000 ____D C:\Users\Trnda\Tracing
2016-05-09 21:49 - 2016-05-25 13:01 - 00000000 ____D C:\Users\Trnda\AppData\Roaming\Skype
2016-05-09 21:49 - 2016-05-21 02:03 - 00002658 _____ C:\Users\Public\Desktop\Skype.lnk
2016-05-09 21:49 - 2016-05-21 02:03 - 00000000 ____D C:\ProgramData\Skype
2016-05-08 22:31 - 2016-05-08 22:31 - 00000000 ____D C:\Users\Trnda\AppData\Local\Trusteer
2016-05-08 22:30 - 2016-05-08 22:30 - 00000000 ____D C:\ProgramData\Trusteer
2016-05-04 10:51 - 2016-05-04 10:51 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2016-05-04 10:51 - 2016-05-04 10:51 - 00000000 ____D C:\WINDOWS\system32\vbox
2016-05-03 22:36 - 2016-05-27 15:38 - 00000000 ____D C:\AdwCleaner
2016-05-03 22:05 - 2016-05-03 22:05 - 00000000 ____D C:\Program Files\Common Files\AV
2016-05-03 21:48 - 2016-05-31 19:46 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-05-03 21:48 - 2016-05-31 19:45 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-05-03 21:48 - 2016-05-03 21:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-05-03 20:46 - 2016-05-03 20:36 - 00354958 ____N (zdengine) C:\WINDOWS\system32\trz86AF.tmp
2016-05-03 20:43 - 2016-05-03 20:43 - 00000000 ____D C:\Users\Trnda\AppData\Roaming\Macromedia
2016-05-03 20:41 - 2016-05-27 16:01 - 00000000 ____D C:\ProgramData\AVAST Software
2016-05-03 20:39 - 2016-05-15 00:16 - 00000000 ____D C:\Users\Trnda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
2016-05-03 20:37 - 2016-04-25 13:29 - 00080768 _____ (Huorong Borui (Beijing) Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\ucguard.sys
2016-05-03 20:36 - 2016-05-03 21:25 - 00000000 ____D C:\Users\Trnda\AppData\Local\app
2016-05-03 20:36 - 2016-05-03 20:51 - 00000000 ____D C:\ProgramData\Windows Update
2016-05-03 20:36 - 2016-05-03 20:36 - 00132344 _____ (Tencent Technology(Shenzhen) Company Limited) C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys
2016-05-03 20:36 - 2016-05-03 20:36 - 00087800 _____ (电脑管家) C:\WINDOWS\system32\Drivers\TFsFltX64.sys
2016-05-03 20:36 - 2016-05-03 20:36 - 00005120 _____ C:\Users\Trnda\AppData\Roaming\GiftBag.db
2016-05-03 20:36 - 2016-05-03 16:55 - 00306004 _____ ( ) C:\WINDOWS\systwin.exe
2016-05-03 20:36 - 2016-03-04 16:13 - 00046352 _____ (zdengine) C:\WINDOWS\system32\Drivers\zdwfp64.sys
2016-05-03 20:35 - 2016-05-03 20:35 - 00003644 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2016-05-03 20:35 - 2016-05-03 20:35 - 00000000 ____D C:\ProgramData\Thunder Network
2016-05-03 20:34 - 2016-05-03 21:58 - 00000000 ____D C:\Users\Trnda\AppData\Local\Apps\2.0
2016-05-03 20:33 - 2016-05-03 20:31 - 00001006 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2016-05-03 20:31 - 2016-05-03 21:18 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-05-03 20:31 - 2016-05-03 20:31 - 00009076 _____ C:\WINDOWS\System32\Tasks\Nekatynufoch Configuration
2016-05-03 20:31 - 2016-05-03 20:31 - 00000000 ____D C:\Users\Public\Documents\dmp
2016-05-03 20:12 - 2016-05-03 21:24 - 00000000 ____D C:\ProgramData\Electronic Arts
2016-05-03 20:10 - 2016-05-31 19:45 - 00000085 _____ C:\WINDOWS\wininit.ini
2016-05-03 20:10 - 2016-05-03 20:10 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2016-05-03 20:09 - 2016-05-03 20:09 - 00000000 ____D C:\Program Files (x86)\Microsoft WSE
2016-05-03 20:09 - 2008-09-04 20:17 - 00447752 ____R (On2.com) C:\WINDOWS\SysWOW64\vp6vfw.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-31 19:54 - 2016-03-08 19:54 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{336B2C55-E47F-488C-BE08-5B7E380B515C}
2016-05-31 19:53 - 2016-03-08 14:55 - 00000000 ____D C:\Users\Trnda\AppData\Local\CrashDumps
2016-05-31 19:49 - 2016-03-20 23:18 - 00751256 _____ C:\WINDOWS\system32\perfh005.dat
2016-05-31 19:49 - 2016-03-20 23:18 - 00150864 _____ C:\WINDOWS\system32\perfc005.dat
2016-05-31 19:49 - 2016-03-07 09:38 - 01771468 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-31 19:49 - 2016-03-07 08:47 - 00000000 ____D C:\WINDOWS\INF
2016-05-31 19:46 - 2016-03-07 09:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-31 19:46 - 2016-03-07 09:33 - 00000000 ____D C:\ProgramData\NVIDIA
2016-05-31 19:45 - 2016-03-07 08:42 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-05-31 16:58 - 2016-03-07 08:48 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-31 16:58 - 2016-03-07 08:48 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-30 17:13 - 2016-03-15 01:22 - 00000000 ____D C:\Users\Trnda\AppData\Roaming\TS3Client
2016-05-30 12:13 - 2016-03-07 08:48 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-05-27 16:41 - 2016-03-07 08:48 - 00000000 ____D C:\WINDOWS\rescache
2016-05-27 16:23 - 2016-03-07 09:54 - 00000000 ____D C:\Users\Trnda\AppData\Local\Google
2016-05-27 16:23 - 2016-03-07 09:54 - 00000000 ____D C:\Program Files (x86)\Google
2016-05-27 16:10 - 2016-03-07 01:51 - 00007596 _____ C:\Users\Trnda\AppData\Local\Resmon.ResmonCfg
2016-05-27 16:00 - 2016-03-07 09:48 - 00000000 ____D C:\Users\Trnda\AppData\Local\Packages
2016-05-27 15:57 - 2016-03-27 17:47 - 00000000 ____D C:\ProgramData\Apple
2016-05-27 15:42 - 2016-03-07 09:48 - 00000000 ____D C:\Users\Trnda
2016-05-23 00:55 - 2016-03-09 04:25 - 00000000 ____D C:\Users\Trnda\Documents\Settlers7
2016-05-13 22:23 - 2016-03-07 08:44 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-11 21:57 - 2016-03-07 08:48 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 21:57 - 2016-03-07 08:48 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 11:11 - 2016-03-07 08:52 - 00000000 ___DC C:\WINDOWS\Panther
2016-05-11 11:09 - 2016-03-07 09:48 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-11 10:35 - 2016-03-07 08:48 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-11 10:35 - 2016-03-07 08:48 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-11 10:35 - 2016-03-07 08:48 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-11 10:35 - 2016-03-07 08:48 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-11 10:35 - 2016-03-07 08:48 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 10:34 - 2016-03-07 08:48 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-11 04:19 - 2016-03-07 09:54 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 04:14 - 2016-03-07 09:54 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-11 00:24 - 2016-03-27 17:47 - 00000000 ____D C:\Program Files\Bonjour
2016-05-10 23:18 - 2016-03-07 09:48 - 00000000 ____D C:\Users\Trnda\AppData\Local\VirtualStore
2016-05-03 22:39 - 2016-03-08 13:54 - 00000757 _____ C:\Users\Trnda\Desktop\Mafia II.lnk
2016-05-03 20:52 - 2016-03-07 10:00 - 00000000 ____D C:\Users\Trnda\AppData\Roaming\uTorrent
2016-05-03 20:36 - 2016-03-08 14:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-05-03 20:36 - 2016-03-07 10:13 - 00000000 ____D C:\Hry
2016-05-03 20:31 - 2016-03-07 08:48 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-05-03 20:31 - 2016-03-07 08:48 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
==================== Files in the root of some directories =======
2016-05-03 20:36 - 2016-05-03 20:36 - 0005120 _____ () C:\Users\Trnda\AppData\Roaming\GiftBag.db
2016-03-07 01:51 - 2016-05-27 16:10 - 0007596 _____ () C:\Users\Trnda\AppData\Local\Resmon.ResmonCfg
2016-05-27 15:37 - 2016-05-27 15:37 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Trnda\AppData\Local\Temp\dcac43a7-524d-4a10-ace1-584234301725.exe
C:\Users\Trnda\AppData\Local\Temp\libeay32.dll
C:\Users\Trnda\AppData\Local\Temp\msvcr120.dll
C:\Users\Trnda\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-05-25 11:27
==================== End of FRST.txt ============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Pro Motji
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Pro Motji
Zdravím, nemáte tam ještě jeden log? Potřebuju vidět seznam programů, máte tam jeden šmejdskej program. Hledáme něco jako Tencend. Je potřeba ho odinstalovat.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Pro Motji
Jinak ten tencend, jsem se snažil odstranit ale nejde, nemám ho ani v funkce a applikace a nemůžu ho najít ani jako složku (ani jako skrytou složku)
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version:29-05-2016 02
Ran by Trnda (2016-05-31 20:02:51)
Running from C:\Users\Trnda\Desktop
Windows 10 Home Version 1511 (X64) (2016-03-07 07:47:04)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-526843066-1090318809-1319604335-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-526843066-1090318809-1319604335-503 - Limited - Disabled)
Guest (S-1-5-21-526843066-1090318809-1319604335-501 - Limited - Disabled)
Trnda (S-1-5-21-526843066-1090318809-1319604335-1001 - Administrator - Enabled) => C:\Users\Trnda
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Alienware Command Center (HKLM-x32\...\InstallShield_{D4CE21D4-27E5-46DB-9FFE-553A90AD4B9F}) (Version: 3.5.14.0 - Alienware Corp.)
Alienware Command Center (Version: 3.5.14.0 - Alienware Corp.) Hidden
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
Dota 2 (HKLM\...\Steam App 570) (Version: - Valve)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version: - )
Far Cry 2 (HKLM\...\Steam App 19900) (Version: - Ubisoft Montreal)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
NVIDIA 3D Vision Driver 364.47 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.47 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.47 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.47 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
The Settlers 7 - Paths to a Kingdom (HKLM-x32\...\{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}) (Version: 1.12.1396 - Ubisoft)
The Witcher: Enhanced Edition (HKLM\...\Steam App 20900) (Version: - CD PROJEKT RED)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
Web Companion (HKLM-x32\...\{edf78454-e073-4393-8f24-2e9e2cc72f03}) (Version: 2.3.1411.2698 - Lavasoft)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {04A59B06-E06C-46D8-A38C-93861A35522D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-27] (Google Inc.)
Task: {201A0235-F8F0-4940-9CE5-821522093AB0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
Task: {302F1E1B-2295-4F32-8AE4-168243FC4452} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-27] (Google Inc.)
Task: {56302F31-01E9-48B8-A8A1-14B2458C3E0D} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {6E8031FE-4F20-4E4F-BD70-A197A9B43B98} - System32\Tasks\Nekatynufoch Configuration => C:\Program Files (x86)\Nekatynufoch\nekatynufochconfigurationtask.exe <==== ATTENTION
Task: {C4443BDA-5EBD-4A4A-8042-ABE04A08B807} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {F47C7EF5-E593-41F5-8DBC-024C290574C4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-05-13] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-07 09:33 - 2016-03-03 11:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-17 21:32 - 2016-03-17 21:32 - 00066872 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2016-03-17 21:32 - 2016-03-17 21:32 - 00107832 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2016-05-31 18:22 - 2016-05-31 18:22 - 00017168 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2016-05-31 18:22 - 2016-05-31 18:22 - 00008976 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00028944 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2016-04-13 19:12 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 19:12 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-30 18:22 - 2016-04-30 18:22 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-18 21:25 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-10 22:21 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-10 22:22 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-10 22:22 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-10 22:22 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-10 22:22 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-05-13 18:44 - 2016-05-13 18:44 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2016-05-27 16:23 - 2016-05-25 01:24 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.63\libglesv2.dll
2016-05-27 16:23 - 2016-05-25 01:24 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.63\libegl.dll
2016-04-30 18:22 - 2016-04-30 18:22 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-30 18:22 - 2016-04-30 18:22 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-03-08 14:41 - 2016-03-03 14:16 - 00020352 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00121104 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00050448 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Common.Platform.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00010000 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.UpdateComponents.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00295696 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00022288 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AvastWrapper.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00046864 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00012560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00120080 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00029968 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdwfp => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-526843066-1090318809-1319604335-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-526843066-1090318809-1319604335-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-03-07 08:48 - 2016-05-03 20:31 - 00001006 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-526843066-1090318809-1319604335-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "IDSCCOM4ZU"
HKLM\...\StartupApproved\Run: => "IDSCCOMJWL"
HKLM\...\StartupApproved\Run32: => " QQPCTray"
HKU\S-1-5-21-526843066-1090318809-1319604335-1001\...\StartupApproved\Run: => "EA Core"
HKU\S-1-5-21-526843066-1090318809-1319604335-1001\...\StartupApproved\Run: => "Skype"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{EC336A67-D9B7-4938-A849-8A037CA2CCEA}C:\users\trnda\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\trnda\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{85DE5CB3-68A4-4BCD-8D86-101F90934101}C:\users\trnda\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\trnda\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{B191C720-3CE9-4491-80D0-57EB3F44F377}C:\hry\grand theft auto v\gta5.exe] => (Block) C:\hry\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{F5BBCE8F-0C21-4F9F-9E88-171D968C0662}C:\hry\grand theft auto v\gta5.exe] => (Block) C:\hry\grand theft auto v\gta5.exe
FirewallRules: [{5F2053B8-EC1D-4B05-8B9A-CD415DCC3038}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AE9441FD-09FB-41F4-9C5F-A91CE86CEB44}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D669CD62-F87B-48BF-B6EB-CB0842722093}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{70E2BF07-E5F2-4EAB-9791-110E683FE1DF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{BE0CF42A-90EC-419D-A03C-9893EEB6E2E9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{B82B5200-1BD8-4722-945F-3F10CF0F647C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{91F632D5-24EF-4129-A797-CA91725BEA16}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6D3A74F4-4013-497B-B70B-9C2BE2965FA0}] => (Allow) C:\Hry\Settlers 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe
FirewallRules: [{E5B1B87C-6FA2-47FC-930D-B146564FDA0F}] => (Allow) C:\Hry\Settlers 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe
FirewallRules: [{C6477248-013E-41C6-BC0B-23FE3257A55E}] => (Allow) D:\Trnda\program\Steam.exe
FirewallRules: [{066DE121-EDE6-4C21-90E6-B62B5E398A72}] => (Allow) D:\Trnda\program\Steam.exe
FirewallRules: [{DBEA109A-2A5C-4D17-9108-74BCF3A5BBC1}] => (Allow) D:\Trnda\program\bin\steamwebhelper.exe
FirewallRules: [{4F678B36-406F-4AAC-953E-D82BF70537FC}] => (Allow) D:\Trnda\program\bin\steamwebhelper.exe
FirewallRules: [{22905867-2B88-460A-8C4A-888ED2117EC3}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{71C8E302-2637-487F-8D14-00701A03A85E}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{89EC871A-0603-4228-90BD-D7537E90FC01}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{CCC6636D-83FE-4D22-8E86-8725EB9CF063}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{E0A72183-6E95-4007-92A4-FD697493E34F}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{19AD0D75-1302-4903-A4CA-68D0E7BE2EED}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{8CCEFE59-3DCE-4D5C-8FB9-B3B8226A397D}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{53CFDF5D-4F90-4B32-9E34-EA27C57FB420}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{07FBEEF9-9B56-46D2-9068-AFDF91173EED}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\Far Cry 2\bin\FarCry2.exe
FirewallRules: [{4CC7054F-8880-404B-83B4-C316983199C3}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\Far Cry 2\bin\FarCry2.exe
FirewallRules: [{C980B6D9-AE53-4DF9-8B1C-4DF2E7179AB8}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\Far Cry 2\bin\FC2Editor.exe
FirewallRules: [{13043A17-5AD8-4997-86B5-FD3A2004BBA9}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\Far Cry 2\bin\FC2Editor.exe
FirewallRules: [{84266AEE-5254-4202-80AB-51CD7B7DC200}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\Far Cry 2\bin\FC2BenchmarkTool.exe
FirewallRules: [{B17C5DCA-2109-4336-9F39-06042C8112B9}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\Far Cry 2\bin\FC2BenchmarkTool.exe
FirewallRules: [{CB4C2F91-B79D-46EC-A86A-381D02737941}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\Far Cry 2\bin\FC2ServerLauncher.exe
FirewallRules: [{3494D051-026D-4006-ABA3-2A6C9EF0CB10}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\Far Cry 2\bin\FC2ServerLauncher.exe
FirewallRules: [{2F57C1FF-92E4-408D-A18E-FA4315088273}] => (Allow) C:\Windows\syswow64\PnkBstrA.exe
FirewallRules: [{5F8B8F4C-3EE6-45AC-95A6-91192B5D4A49}] => (Allow) C:\Windows\syswow64\PnkBstrA.exe
FirewallRules: [{53C45F13-B47C-412B-A654-A455BF252B1E}] => (Allow) C:\Windows\syswow64\PnkBstrB.exe
FirewallRules: [{5C46D6BA-1E18-4C90-9C5A-B458CF97549D}] => (Allow) C:\Windows\syswow64\PnkBstrB.exe
FirewallRules: [TCP Query User{C97C5D69-9EAC-40D3-AAA2-81AD00C0ED2C}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A254D245-20C0-449A-8EBB-2EF21FCD88DD}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{E5A0B2E5-2E9A-4EBD-99C6-84A8760F4DAD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
29-05-2016 11:46:14 Scheduled Checkpoint
31-05-2016 18:20:35 AA11
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/31/2016 07:53:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SystemSettings.exe, verze: 10.0.10586.11, časové razítko: 0x56457cb1
Název chybujícího modulu: SettingsHandlers_StorageSense.dll, verze: 10.0.10586.0, časové razítko: 0x5632d693
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000176d3
ID chybujícího procesu: 0x1bb0
Čas spuštění chybující aplikace: 0xSystemSettings.exe0
Cesta k chybující aplikaci: SystemSettings.exe1
Cesta k chybujícímu modulu: SystemSettings.exe2
ID zprávy: SystemSettings.exe3
Úplný název chybujícího balíčku: SystemSettings.exe4
ID aplikace související s chybujícím balíčkem: SystemSettings.exe5
Error: (05/31/2016 07:45:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe, verze: 10.0.10586.0, časové razítko: 0x5632d7ba
Název chybujícího modulu: ESENT.dll, verze: 10.0.10586.212, časové razítko: 0x56fa1686
Kód výjimky: 0xc0000602
Posun chyby: 0x000000000022885f
ID chybujícího procesu: 0xa44
Čas spuštění chybující aplikace: 0xsvchost.exe0
Cesta k chybující aplikaci: svchost.exe1
Cesta k chybujícímu modulu: svchost.exe2
ID zprávy: svchost.exe3
Úplný název chybujícího balíčku: svchost.exe4
ID aplikace související s chybujícím balíčkem: svchost.exe5
Error: (05/31/2016 07:45:43 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (2628) Proces se ukončuje kvůli neopravitelnému selhání: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1054(tm.cxx:1630): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS).
Error: (05/31/2016 06:57:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe, verze: 10.0.10586.0, časové razítko: 0x5632d7ba
Název chybujícího modulu: ESENT.dll, verze: 10.0.10586.212, časové razítko: 0x56fa1686
Kód výjimky: 0xc0000602
Posun chyby: 0x000000000022885f
ID chybujícího procesu: 0x94c
Čas spuštění chybující aplikace: 0xsvchost.exe0
Cesta k chybující aplikaci: svchost.exe1
Cesta k chybujícímu modulu: svchost.exe2
ID zprávy: svchost.exe3
Úplný název chybujícího balíčku: svchost.exe4
ID aplikace související s chybujícím balíčkem: svchost.exe5
Error: (05/31/2016 06:57:04 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (2380) Proces se ukončuje kvůli neopravitelnému selhání: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1603(bt.cxx:1768): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS).
Error: (05/31/2016 06:20:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.
Details:
AddWin32ServiceFiles: Unable to back up image of service QQRepair1682 since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (05/31/2016 06:20:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (05/30/2016 05:22:03 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (05/29/2016 11:46:15 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (05/29/2016 04:18:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe, verze: 10.0.10586.0, časové razítko: 0x5632d7ba
Název chybujícího modulu: ESENT.dll, verze: 10.0.10586.212, časové razítko: 0x56fa1686
Kód výjimky: 0xc0000602
Posun chyby: 0x000000000022885f
ID chybujícího procesu: 0x998
Čas spuštění chybující aplikace: 0xsvchost.exe0
Cesta k chybující aplikaci: svchost.exe1
Cesta k chybujícímu modulu: svchost.exe2
ID zprávy: svchost.exe3
Úplný název chybujícího balíčku: svchost.exe4
ID aplikace související s chybujícím balíčkem: svchost.exe5
System errors:
=============
Error: (05/31/2016 07:46:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby NvStreamSvc bylo dosaženo časového limitu (30000 ms).
Error: (05/31/2016 07:46:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba qubyluwizbt neuspěla při spuštění v důsledku následující chyby:
%%3
Error: (05/31/2016 07:45:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x8024001e): Definition Update for Windows Defender - KB2267602 (Definition 1.223.307.0).
Error: (05/31/2016 07:45:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba State Repository byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restart the service.
Error: (05/31/2016 07:45:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Sync Host_66b89 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restart the service.
Error: (05/31/2016 07:45:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (05/31/2016 06:58:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{3185A766-B338-11E4-A71E-12E3F512A338}{7006698D-2974-4091-A424-85DD0B909E23}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)UnavailableUnavailable
Error: (05/31/2016 06:58:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{3185A766-B338-11E4-A71E-12E3F512A338}{7006698D-2974-4091-A424-85DD0B909E23}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)UnavailableUnavailable
Error: (05/31/2016 06:57:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby NvStreamSvc bylo dosaženo časového limitu (30000 ms).
Error: (05/31/2016 06:57:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba qubyluwizbt neuspěla při spuštění v důsledku následující chyby:
%%3
CodeIntegrity:
===================================
Date: 2016-05-27 16:07:21.278
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-05-14 01:06:54.035
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-05-11 17:51:07.746
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-05-11 10:54:51.440
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-05-03 20:44:44.541
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-05-03 20:31:03.195
Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-05-03 20:31:03.184
Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-05-03 20:31:02.690
Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-05-03 20:31:02.680
Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-15 15:46:31.456
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4800MQ CPU @ 2.70GHz
Percentage of memory in use: 10%
Total physical RAM: 32559.02 MB
Available physical RAM: 29095.54 MB
Total Virtual: 37423.02 MB
Available Virtual: 33613.08 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:221.34 GB) (Free:51.11 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:698.63 GB) (Free:512.67 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 4F5CC642)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 223.6 GB) (Disk ID: 48DEC6A0)
Partition: GPT.
==================== End of Addition.txt ============================
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version:29-05-2016 02
Ran by Trnda (2016-05-31 20:02:51)
Running from C:\Users\Trnda\Desktop
Windows 10 Home Version 1511 (X64) (2016-03-07 07:47:04)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-526843066-1090318809-1319604335-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-526843066-1090318809-1319604335-503 - Limited - Disabled)
Guest (S-1-5-21-526843066-1090318809-1319604335-501 - Limited - Disabled)
Trnda (S-1-5-21-526843066-1090318809-1319604335-1001 - Administrator - Enabled) => C:\Users\Trnda
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Alienware Command Center (HKLM-x32\...\InstallShield_{D4CE21D4-27E5-46DB-9FFE-553A90AD4B9F}) (Version: 3.5.14.0 - Alienware Corp.)
Alienware Command Center (Version: 3.5.14.0 - Alienware Corp.) Hidden
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
Dota 2 (HKLM\...\Steam App 570) (Version: - Valve)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version: - )
Far Cry 2 (HKLM\...\Steam App 19900) (Version: - Ubisoft Montreal)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
NVIDIA 3D Vision Driver 364.47 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.47 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.47 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.47 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
The Settlers 7 - Paths to a Kingdom (HKLM-x32\...\{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}) (Version: 1.12.1396 - Ubisoft)
The Witcher: Enhanced Edition (HKLM\...\Steam App 20900) (Version: - CD PROJEKT RED)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
Web Companion (HKLM-x32\...\{edf78454-e073-4393-8f24-2e9e2cc72f03}) (Version: 2.3.1411.2698 - Lavasoft)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {04A59B06-E06C-46D8-A38C-93861A35522D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-27] (Google Inc.)
Task: {201A0235-F8F0-4940-9CE5-821522093AB0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
Task: {302F1E1B-2295-4F32-8AE4-168243FC4452} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-27] (Google Inc.)
Task: {56302F31-01E9-48B8-A8A1-14B2458C3E0D} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {6E8031FE-4F20-4E4F-BD70-A197A9B43B98} - System32\Tasks\Nekatynufoch Configuration => C:\Program Files (x86)\Nekatynufoch\nekatynufochconfigurationtask.exe <==== ATTENTION
Task: {C4443BDA-5EBD-4A4A-8042-ABE04A08B807} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {F47C7EF5-E593-41F5-8DBC-024C290574C4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-05-13] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-07 09:33 - 2016-03-03 11:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-17 21:32 - 2016-03-17 21:32 - 00066872 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2016-03-17 21:32 - 2016-03-17 21:32 - 00107832 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2016-05-31 18:22 - 2016-05-31 18:22 - 00017168 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2016-05-31 18:22 - 2016-05-31 18:22 - 00008976 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00028944 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2016-04-13 19:12 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 19:12 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-30 18:22 - 2016-04-30 18:22 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-18 21:25 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-10 22:21 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-10 22:22 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-10 22:22 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-10 22:22 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-10 22:22 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-05-13 18:44 - 2016-05-13 18:44 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2016-05-27 16:23 - 2016-05-25 01:24 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.63\libglesv2.dll
2016-05-27 16:23 - 2016-05-25 01:24 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.63\libegl.dll
2016-04-30 18:22 - 2016-04-30 18:22 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-30 18:22 - 2016-04-30 18:22 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-03-08 14:41 - 2016-03-03 14:16 - 00020352 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00121104 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00050448 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Common.Platform.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00010000 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.UpdateComponents.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00295696 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00022288 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AvastWrapper.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00046864 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00012560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00120080 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00029968 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdwfp => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-526843066-1090318809-1319604335-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-526843066-1090318809-1319604335-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-03-07 08:48 - 2016-05-03 20:31 - 00001006 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-526843066-1090318809-1319604335-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "IDSCCOM4ZU"
HKLM\...\StartupApproved\Run: => "IDSCCOMJWL"
HKLM\...\StartupApproved\Run32: => " QQPCTray"
HKU\S-1-5-21-526843066-1090318809-1319604335-1001\...\StartupApproved\Run: => "EA Core"
HKU\S-1-5-21-526843066-1090318809-1319604335-1001\...\StartupApproved\Run: => "Skype"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{EC336A67-D9B7-4938-A849-8A037CA2CCEA}C:\users\trnda\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\trnda\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{85DE5CB3-68A4-4BCD-8D86-101F90934101}C:\users\trnda\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\trnda\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{B191C720-3CE9-4491-80D0-57EB3F44F377}C:\hry\grand theft auto v\gta5.exe] => (Block) C:\hry\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{F5BBCE8F-0C21-4F9F-9E88-171D968C0662}C:\hry\grand theft auto v\gta5.exe] => (Block) C:\hry\grand theft auto v\gta5.exe
FirewallRules: [{5F2053B8-EC1D-4B05-8B9A-CD415DCC3038}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AE9441FD-09FB-41F4-9C5F-A91CE86CEB44}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D669CD62-F87B-48BF-B6EB-CB0842722093}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{70E2BF07-E5F2-4EAB-9791-110E683FE1DF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{BE0CF42A-90EC-419D-A03C-9893EEB6E2E9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{B82B5200-1BD8-4722-945F-3F10CF0F647C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{91F632D5-24EF-4129-A797-CA91725BEA16}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6D3A74F4-4013-497B-B70B-9C2BE2965FA0}] => (Allow) C:\Hry\Settlers 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe
FirewallRules: [{E5B1B87C-6FA2-47FC-930D-B146564FDA0F}] => (Allow) C:\Hry\Settlers 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe
FirewallRules: [{C6477248-013E-41C6-BC0B-23FE3257A55E}] => (Allow) D:\Trnda\program\Steam.exe
FirewallRules: [{066DE121-EDE6-4C21-90E6-B62B5E398A72}] => (Allow) D:\Trnda\program\Steam.exe
FirewallRules: [{DBEA109A-2A5C-4D17-9108-74BCF3A5BBC1}] => (Allow) D:\Trnda\program\bin\steamwebhelper.exe
FirewallRules: [{4F678B36-406F-4AAC-953E-D82BF70537FC}] => (Allow) D:\Trnda\program\bin\steamwebhelper.exe
FirewallRules: [{22905867-2B88-460A-8C4A-888ED2117EC3}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{71C8E302-2637-487F-8D14-00701A03A85E}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{89EC871A-0603-4228-90BD-D7537E90FC01}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{CCC6636D-83FE-4D22-8E86-8725EB9CF063}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{E0A72183-6E95-4007-92A4-FD697493E34F}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{19AD0D75-1302-4903-A4CA-68D0E7BE2EED}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{8CCEFE59-3DCE-4D5C-8FB9-B3B8226A397D}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{53CFDF5D-4F90-4B32-9E34-EA27C57FB420}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{07FBEEF9-9B56-46D2-9068-AFDF91173EED}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\Far Cry 2\bin\FarCry2.exe
FirewallRules: [{4CC7054F-8880-404B-83B4-C316983199C3}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\Far Cry 2\bin\FarCry2.exe
FirewallRules: [{C980B6D9-AE53-4DF9-8B1C-4DF2E7179AB8}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\Far Cry 2\bin\FC2Editor.exe
FirewallRules: [{13043A17-5AD8-4997-86B5-FD3A2004BBA9}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\Far Cry 2\bin\FC2Editor.exe
FirewallRules: [{84266AEE-5254-4202-80AB-51CD7B7DC200}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\Far Cry 2\bin\FC2BenchmarkTool.exe
FirewallRules: [{B17C5DCA-2109-4336-9F39-06042C8112B9}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\Far Cry 2\bin\FC2BenchmarkTool.exe
FirewallRules: [{CB4C2F91-B79D-46EC-A86A-381D02737941}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\Far Cry 2\bin\FC2ServerLauncher.exe
FirewallRules: [{3494D051-026D-4006-ABA3-2A6C9EF0CB10}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\Far Cry 2\bin\FC2ServerLauncher.exe
FirewallRules: [{2F57C1FF-92E4-408D-A18E-FA4315088273}] => (Allow) C:\Windows\syswow64\PnkBstrA.exe
FirewallRules: [{5F8B8F4C-3EE6-45AC-95A6-91192B5D4A49}] => (Allow) C:\Windows\syswow64\PnkBstrA.exe
FirewallRules: [{53C45F13-B47C-412B-A654-A455BF252B1E}] => (Allow) C:\Windows\syswow64\PnkBstrB.exe
FirewallRules: [{5C46D6BA-1E18-4C90-9C5A-B458CF97549D}] => (Allow) C:\Windows\syswow64\PnkBstrB.exe
FirewallRules: [TCP Query User{C97C5D69-9EAC-40D3-AAA2-81AD00C0ED2C}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A254D245-20C0-449A-8EBB-2EF21FCD88DD}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{E5A0B2E5-2E9A-4EBD-99C6-84A8760F4DAD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
29-05-2016 11:46:14 Scheduled Checkpoint
31-05-2016 18:20:35 AA11
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/31/2016 07:53:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SystemSettings.exe, verze: 10.0.10586.11, časové razítko: 0x56457cb1
Název chybujícího modulu: SettingsHandlers_StorageSense.dll, verze: 10.0.10586.0, časové razítko: 0x5632d693
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000176d3
ID chybujícího procesu: 0x1bb0
Čas spuštění chybující aplikace: 0xSystemSettings.exe0
Cesta k chybující aplikaci: SystemSettings.exe1
Cesta k chybujícímu modulu: SystemSettings.exe2
ID zprávy: SystemSettings.exe3
Úplný název chybujícího balíčku: SystemSettings.exe4
ID aplikace související s chybujícím balíčkem: SystemSettings.exe5
Error: (05/31/2016 07:45:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe, verze: 10.0.10586.0, časové razítko: 0x5632d7ba
Název chybujícího modulu: ESENT.dll, verze: 10.0.10586.212, časové razítko: 0x56fa1686
Kód výjimky: 0xc0000602
Posun chyby: 0x000000000022885f
ID chybujícího procesu: 0xa44
Čas spuštění chybující aplikace: 0xsvchost.exe0
Cesta k chybující aplikaci: svchost.exe1
Cesta k chybujícímu modulu: svchost.exe2
ID zprávy: svchost.exe3
Úplný název chybujícího balíčku: svchost.exe4
ID aplikace související s chybujícím balíčkem: svchost.exe5
Error: (05/31/2016 07:45:43 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (2628) Proces se ukončuje kvůli neopravitelnému selhání: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1054(tm.cxx:1630): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS).
Error: (05/31/2016 06:57:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe, verze: 10.0.10586.0, časové razítko: 0x5632d7ba
Název chybujícího modulu: ESENT.dll, verze: 10.0.10586.212, časové razítko: 0x56fa1686
Kód výjimky: 0xc0000602
Posun chyby: 0x000000000022885f
ID chybujícího procesu: 0x94c
Čas spuštění chybující aplikace: 0xsvchost.exe0
Cesta k chybující aplikaci: svchost.exe1
Cesta k chybujícímu modulu: svchost.exe2
ID zprávy: svchost.exe3
Úplný název chybujícího balíčku: svchost.exe4
ID aplikace související s chybujícím balíčkem: svchost.exe5
Error: (05/31/2016 06:57:04 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (2380) Proces se ukončuje kvůli neopravitelnému selhání: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1603(bt.cxx:1768): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS).
Error: (05/31/2016 06:20:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.
Details:
AddWin32ServiceFiles: Unable to back up image of service QQRepair1682 since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (05/31/2016 06:20:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (05/30/2016 05:22:03 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (05/29/2016 11:46:15 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (05/29/2016 04:18:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe, verze: 10.0.10586.0, časové razítko: 0x5632d7ba
Název chybujícího modulu: ESENT.dll, verze: 10.0.10586.212, časové razítko: 0x56fa1686
Kód výjimky: 0xc0000602
Posun chyby: 0x000000000022885f
ID chybujícího procesu: 0x998
Čas spuštění chybující aplikace: 0xsvchost.exe0
Cesta k chybující aplikaci: svchost.exe1
Cesta k chybujícímu modulu: svchost.exe2
ID zprávy: svchost.exe3
Úplný název chybujícího balíčku: svchost.exe4
ID aplikace související s chybujícím balíčkem: svchost.exe5
System errors:
=============
Error: (05/31/2016 07:46:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby NvStreamSvc bylo dosaženo časového limitu (30000 ms).
Error: (05/31/2016 07:46:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba qubyluwizbt neuspěla při spuštění v důsledku následující chyby:
%%3
Error: (05/31/2016 07:45:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x8024001e): Definition Update for Windows Defender - KB2267602 (Definition 1.223.307.0).
Error: (05/31/2016 07:45:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba State Repository byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restart the service.
Error: (05/31/2016 07:45:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Sync Host_66b89 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restart the service.
Error: (05/31/2016 07:45:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (05/31/2016 06:58:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{3185A766-B338-11E4-A71E-12E3F512A338}{7006698D-2974-4091-A424-85DD0B909E23}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)UnavailableUnavailable
Error: (05/31/2016 06:58:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{3185A766-B338-11E4-A71E-12E3F512A338}{7006698D-2974-4091-A424-85DD0B909E23}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)UnavailableUnavailable
Error: (05/31/2016 06:57:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby NvStreamSvc bylo dosaženo časového limitu (30000 ms).
Error: (05/31/2016 06:57:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba qubyluwizbt neuspěla při spuštění v důsledku následující chyby:
%%3
CodeIntegrity:
===================================
Date: 2016-05-27 16:07:21.278
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-05-14 01:06:54.035
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-05-11 17:51:07.746
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-05-11 10:54:51.440
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-05-03 20:44:44.541
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-05-03 20:31:03.195
Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-05-03 20:31:03.184
Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-05-03 20:31:02.690
Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-05-03 20:31:02.680
Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-15 15:46:31.456
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4800MQ CPU @ 2.70GHz
Percentage of memory in use: 10%
Total physical RAM: 32559.02 MB
Available physical RAM: 29095.54 MB
Total Virtual: 37423.02 MB
Available Virtual: 33613.08 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:221.34 GB) (Free:51.11 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:698.63 GB) (Free:512.67 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 4F5CC642)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 223.6 GB) (Disk ID: 48DEC6A0)
Partition: GPT.
==================== End of Addition.txt ============================
Re: Pro Motji
Omlouvám se, dnes jsem se k pc vůbec nedostala 
Otevřete poznámkový blok a zkopírujte do něj
=uložte vedle Frstu jako fixlist.txt. Spustte Frst a dejte fix. Pak mi sem zkopírujte log.
spustte mbam, nic nemažte, log zkopírujte zde
http://forum.viry.cz/viewtopic.php?f=29&t=144868
Otevřete poznámkový blok a zkopírujte do něj
Kód: Vybrat vše
2016-05-03 20:36 - 2016-05-03 20:36 - 00132344 _____ (Tencent Technology(Shenzhen) Company Limited) C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys
2016-05-03 20:36 - 2016-05-03 20:36 - 00087800 _____ (电脑管家) C:\WINDOWS\system32\Drivers\TFsFltX64.sys
2016-05-03 20:36 - 2016-05-03 20:36 - 00005120 _____ C:\Users\Trnda\AppData\Roaming\GiftBag.db
2016-05-03 20:36 - 2016-05-03 16:55 - 00306004 _____ ( ) C:\WINDOWS\systwin.exe
2016-05-03 20:36 - 2016-03-04 16:13 - 00046352 _____ (zdengine) C:\WINDOWS\system32\Drivers\zdwfp64.sys
2016-05-03 20:39 - 2016-05-15 00:16 - 00000000 ____D C:\Users\Trnda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
2016-05-03 20:37 - 2016-04-25 13:29 - 00080768 _____ (Huorong Borui (Beijing) Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\ucguard.sys
R1 UCGuard; C:\Windows\System32\DRIVERS\ucguard.sys [80768 2016-04-25] (Huorong Borui (Beijing) Technology Co., Ltd.)
S2 qubyluwizbt; no ImagePath
http://forum.viry.cz/viewtopic.php?f=29&t=144868
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Pro Motji
Přeji pěkný pozdní večer. Já se omlouvám za pozdní reakci dnes.. 
Zde přikládám Fixlog.txt
Fix result of Farbar Recovery Scan Tool (x64) Version:01-06-2016
Ran by Trnda (2016-06-01 22:29:27) Run:1
Running from C:\Users\Trnda\Desktop
Loaded Profiles: Trnda (Available Profiles: Trnda)
Boot Mode: Normal
==============================================
fixlist content:
*****************
2016-05-03 20:36 - 2016-05-03 20:36 - 00132344 _____ (Tencent Technology(Shenzhen) Company Limited) C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys
2016-05-03 20:36 - 2016-05-03 20:36 - 00087800 _____ (????) C:\WINDOWS\system32\Drivers\TFsFltX64.sys
2016-05-03 20:36 - 2016-05-03 20:36 - 00005120 _____ C:\Users\Trnda\AppData\Roaming\GiftBag.db
2016-05-03 20:36 - 2016-05-03 16:55 - 00306004 _____ ( ) C:\WINDOWS\systwin.exe
2016-05-03 20:36 - 2016-03-04 16:13 - 00046352 _____ (zdengine) C:\WINDOWS\system32\Drivers\zdwfp64.sys
2016-05-03 20:39 - 2016-05-15 00:16 - 00000000 ____D C:\Users\Trnda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC???
2016-05-03 20:37 - 2016-04-25 13:29 - 00080768 _____ (Huorong Borui (Beijing) Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\ucguard.sys
R1 UCGuard; C:\Windows\System32\DRIVERS\ucguard.sys [80768 2016-04-25] (Huorong Borui (Beijing) Technology Co., Ltd.)
S2 qubyluwizbt; no ImagePath
*****************
"C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys" => not found.
"C:\WINDOWS\system32\Drivers\TFsFltX64.sys" => not found.
C:\Users\Trnda\AppData\Roaming\GiftBag.db => moved successfully
C:\WINDOWS\systwin.exe => moved successfully
C:\WINDOWS\system32\Drivers\zdwfp64.sys => moved successfully
=========== "C:\Users\Trnda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC???" ==========
not found
========= End -> "C:\Users\Trnda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC???" ========
C:\WINDOWS\system32\Drivers\ucguard.sys => moved successfully
UCGuard => Unable to stop service.
UCGuard => service removed successfully
qubyluwizbt => service removed successfully
The system needed a reboot.
==== End of Fixlog 22:29:32 ====
Zde přikládám Fixlog.txt
Fix result of Farbar Recovery Scan Tool (x64) Version:01-06-2016
Ran by Trnda (2016-06-01 22:29:27) Run:1
Running from C:\Users\Trnda\Desktop
Loaded Profiles: Trnda (Available Profiles: Trnda)
Boot Mode: Normal
==============================================
fixlist content:
*****************
2016-05-03 20:36 - 2016-05-03 20:36 - 00132344 _____ (Tencent Technology(Shenzhen) Company Limited) C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys
2016-05-03 20:36 - 2016-05-03 20:36 - 00087800 _____ (????) C:\WINDOWS\system32\Drivers\TFsFltX64.sys
2016-05-03 20:36 - 2016-05-03 20:36 - 00005120 _____ C:\Users\Trnda\AppData\Roaming\GiftBag.db
2016-05-03 20:36 - 2016-05-03 16:55 - 00306004 _____ ( ) C:\WINDOWS\systwin.exe
2016-05-03 20:36 - 2016-03-04 16:13 - 00046352 _____ (zdengine) C:\WINDOWS\system32\Drivers\zdwfp64.sys
2016-05-03 20:39 - 2016-05-15 00:16 - 00000000 ____D C:\Users\Trnda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC???
2016-05-03 20:37 - 2016-04-25 13:29 - 00080768 _____ (Huorong Borui (Beijing) Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\ucguard.sys
R1 UCGuard; C:\Windows\System32\DRIVERS\ucguard.sys [80768 2016-04-25] (Huorong Borui (Beijing) Technology Co., Ltd.)
S2 qubyluwizbt; no ImagePath
*****************
"C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys" => not found.
"C:\WINDOWS\system32\Drivers\TFsFltX64.sys" => not found.
C:\Users\Trnda\AppData\Roaming\GiftBag.db => moved successfully
C:\WINDOWS\systwin.exe => moved successfully
C:\WINDOWS\system32\Drivers\zdwfp64.sys => moved successfully
=========== "C:\Users\Trnda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC???" ==========
not found
========= End -> "C:\Users\Trnda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC???" ========
C:\WINDOWS\system32\Drivers\ucguard.sys => moved successfully
UCGuard => Unable to stop service.
UCGuard => service removed successfully
qubyluwizbt => service removed successfully
The system needed a reboot.
==== End of Fixlog 22:29:32 ====
Re: Pro Motji
A zde přikládám mbam log
<?xml version="1.0" encoding="UTF-16"?>
-<mbam-log>
-<header>
<date>2016/06/01 22:36:45 +0200</date>
<logfile>mbam-log-2016-06-01 (22-36-41).xml</logfile>
<isadmin>yes</isadmin>
</header>
-<engine>
<version>2.2.1.1043</version>
<malware-database>v2016.06.01.06</malware-database>
<rootkit-database>v2016.05.27.01</rootkit-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
-<system>
<hostname>YAN-TRNDA</hostname>
<ip>192.168.1.133</ip>
<osversion>Windows 10</osversion>
<arch>x64</arch>
<username>Trnda</username>
<filesys>NTFS</filesys>
</system>
-<summary>
<type>threat</type>
<result>completed</result>
<objects>279703</objects>
<time>159</time>
<processes>0</processes>
<modules>0</modules>
<keys>15</keys>
<values>8</values>
<datas>1</datas>
<folders>0</folders>
<files>6</files>
<sectors>0</sectors>
</summary>
-<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
-<items>
-<key>
<path>HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b</path>
<vendor>PUP.Optional.CloudScout</vendor>
<action>success</action>
<hash>5872b6416237f244a5a15556ba491de3</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\MICROSOFT\TRACING\easyhotspot-installer_RASAPI32</path>
<vendor>PUP.Optional.EasyHotSpot</vendor>
<action>success</action>
<hash>6f5bd225b4e5fc3a2f783bacb44fa65a</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\MICROSOFT\TRACING\easyhotspot-installer_RASMANCS</path>
<vendor>PUP.Optional.EasyHotSpot</vendor>
<action>success</action>
<hash>a8228770a7f2e2544c5b4a9d5ba843bd</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\MICROSOFT\TRACING\idscservice_RASAPI32</path>
<vendor>PUP.Optional.IDSCProduct</vendor>
<action>success</action>
<hash>b9117285b0e9a294e3b67471fc075ba5</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\MICROSOFT\TRACING\idscservice_RASMANCS</path>
<vendor>PUP.Optional.IDSCProduct</vendor>
<action>success</action>
<hash>7a50bf384d4c5fd76b2e0bdaac57c63a</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\MICROSOFT\TRACING\otutnetwork_RASAPI32</path>
<vendor>PUP.Optional.Tuto4PC</vendor>
<action>success</action>
<hash>96341bdcf2a75adcc793fce9669d28d8</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\MICROSOFT\TRACING\otutnetwork_RASMANCS</path>
<vendor>PUP.Optional.Tuto4PC</vendor>
<action>success</action>
<hash>5c6eda1de8b1c3731f3bc71e21e233cd</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\MICROSOFT\TRACING\wizzcaster_RASAPI32</path>
<vendor>PUP.Optional.WizzCaster</vendor>
<action>success</action>
<hash>65650fe80f8a82b4c8459e4a0cf7e51b</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\MICROSOFT\TRACING\wizzcaster_RASMANCS</path>
<vendor>PUP.Optional.WizzCaster</vendor>
<action>success</action>
<hash>6e5c1dda1c7d0a2ce924ad3b26dd9868</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6E8031FE-4F20-4E4F-BD70-A197A9B43B98}</path>
<vendor>PUP.Optional.YesSearches</vendor>
<action>delete-on-reboot</action>
<hash>7c4eeb0cb3e69d990959ffe60102dd23</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Nekatynufoch Configuration</path>
<vendor>PUP.Optional.YesSearches</vendor>
<action>delete-on-reboot</action>
<hash>4189cb2c207951e5a3c126bf5ca7a25e</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}</path>
<vendor>PUP.Optional.HohoSearch</vendor>
<action>success</action>
<hash>6c5e33c4f1a84cea7c05c3f2887acc34</hash>
</key>
-<key>
<path>HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SAFEBOOT\NETWORK\zdwfp</path>
<vendor>Rootkit.Komodia.PUA</vendor>
<action>success</action>
<hash>6e5c38bfe1b8231377f707df56addb25</hash>
</key>
-<key>
<path>HKU\S-1-5-21-526843066-1090318809-1319604335-1001\SOFTWARE\INSTALLPATH\STATUS</path>
<vendor>PUP.Optional.Komodia</vendor>
<action>success</action>
<hash>07c35c9bf2a70a2cc8965b7359aa916f</hash>
</key>
-<key>
<path>HKU\S-1-5-21-526843066-1090318809-1319604335-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}</path>
<vendor>PUP.Optional.Conduit</vendor>
<action>success</action>
<hash>29a120d74d4c5adc9667e5a09f649e62</hash>
</key>
-<value>
<path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6E8031FE-4F20-4E4F-BD70-A197A9B43B98}</path>
<valuename>Path</valuename>
<vendor>PUP.Optional.YesSearches</vendor>
<action>delete-on-reboot</action>
<valuedata>\Nekatynufoch Configuration</valuedata>
<hash>7c4eeb0cb3e69d990959ffe60102dd23</hash>
</value>
-<value>
<path>HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}</path>
<valuename>hp</valuename>
<vendor>PUP.Optional.HohoSearch</vendor>
<action>success</action>
<valuedata>http://www.hohosearch.com/?ts=AHEqAXAkA ... /valuedata>
<hash>6c5e33c4f1a84cea7c05c3f2887acc34</hash>
</value>
-<value>
<path>HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}</path>
<valuename>tab</valuename>
<vendor>PUP.Optional.HohoSearch</vendor>
<action>success</action>
<valuedata>http://www.hohosearch.com/?ts=AHEqAXAkA ... /valuedata>
<hash>2d9dfdfa9504c472661b981d8280e51b</hash>
</value>
-<value>
<path>HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}</path>
<valuename>sp</valuename>
<vendor>PUP.Optional.HohoSearch</vendor>
<action>success</action>
<valuedata>http://www.hohosearch.com/chrome.php?ui ... /valuedata>
<hash>3793f9febfdabc7a2958d9dc07fb946c</hash>
</value>
-<value>
<path>HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}</path>
<valuename>surl</valuename>
<vendor>PUP.Optional.HohoSearch</vendor>
<action>success</action>
<valuedata>http://www.hohosearch.com/chrome.php?ui ... /valuedata>
<hash>bc0e01f65247e94d037e1c99f50dbc44</hash>
</value>
-<value>
<path>HKU\S-1-5-21-526843066-1090318809-1319604335-1001\SOFTWARE\INSTALLPATH\STATUS</path>
<valuename>FlowsurfCB</valuename>
<vendor>PUP.Optional.Komodia</vendor>
<action>success</action>
<valuedata>Y</valuedata>
<hash>07c35c9bf2a70a2cc8965b7359aa916f</hash>
</value>
-<value>
<path>HKU\S-1-5-21-526843066-1090318809-1319604335-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</path>
<valuename>URL</valuename>
<vendor>PUP.Optional.Conduit</vendor>
<action>success</action>
<valuedata>http://www.bing.com/search?pc=COSP&ptag ... /valuedata>
<hash>29a120d74d4c5adc9667e5a09f649e62</hash>
</value>
-<value>
<path>HKU\S-1-5-21-526843066-1090318809-1319604335-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</path>
<valuename>TopResultURL</valuename>
<vendor>PUP.Optional.Conduit</vendor>
<action>success</action>
<valuedata>http://www.bing.com/search?pc=COSP&ptag ... /valuedata>
<hash>e1e908ef198062d41edf8401b1524bb5</hash>
</value>
-<data>
<path>HKU\S-1-5-21-526843066-1090318809-1319604335-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path>
<valuename>Start Page</valuename>
<vendor>PUP.Optional.Conduit</vendor>
<action>replaced</action>
<valuedata>http://www.bing.com/?pc=COSP&ptag=D0531 ... /valuedata>
<baddata>http://www.bing.com/?pc=COSP&ptag=D0531 ... 8</baddata>
<gooddata>www.google.com</gooddata>
<hash>2d9d1ddaefaada5c48b5cb8f9a6a748c</hash>
</data>
-<file>
<path>C:\Windows\System32\trz86AF.tmp</path>
<vendor>PUP.Optional.Komodia.WnskRST</vendor>
<action>success</action>
<hash>28a2ac4bd0c9fe38498cdac1ee13ba46</hash>
</file>
-<file>
<path>C:\Users\Trnda\AppData\Local\Apps\2.0\abril.exe</path>
<vendor>PUP.Optional.ProntSpooler</vendor>
<action>success</action>
<hash>daf0ac4b0396b086c76b30b2fc0717e9</hash>
</file>
-<file>
<path>C:\Users\Trnda\AppData\Local\Apps\2.0\abril.InstallLog</path>
<vendor>PUP.Optional.ProntSpooler</vendor>
<action>success</action>
<hash>06c4f8ffc2d780b692a061813fc46f91</hash>
</file>
-<file>
<path>C:\Users\Trnda\AppData\Local\Apps\2.0\abril.InstallState</path>
<vendor>PUP.Optional.ProntSpooler</vendor>
<action>success</action>
<hash>4d7d08ef8d0c2e087ab83aa827dc966a</hash>
</file>
-<file>
<path>C:\Users\Trnda\AppData\Local\Apps\2.0\abril.stt</path>
<vendor>PUP.Optional.ProntSpooler</vendor>
<action>success</action>
<hash>fecc55a23c5dd264092913cf22e15ba5</hash>
</file>
-<file>
<path>C:\Windows\System32\Tasks\Nekatynufoch Configuration</path>
<vendor>PUP.Optional.YesSearches</vendor>
<action>success</action>
<hash>3199e215cfca4bebb6a85b8a0af97e82</hash>
</file>
</items>
</mbam-log>
<?xml version="1.0" encoding="UTF-16"?>
-<mbam-log>
-<header>
<date>2016/06/01 22:36:45 +0200</date>
<logfile>mbam-log-2016-06-01 (22-36-41).xml</logfile>
<isadmin>yes</isadmin>
</header>
-<engine>
<version>2.2.1.1043</version>
<malware-database>v2016.06.01.06</malware-database>
<rootkit-database>v2016.05.27.01</rootkit-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
-<system>
<hostname>YAN-TRNDA</hostname>
<ip>192.168.1.133</ip>
<osversion>Windows 10</osversion>
<arch>x64</arch>
<username>Trnda</username>
<filesys>NTFS</filesys>
</system>
-<summary>
<type>threat</type>
<result>completed</result>
<objects>279703</objects>
<time>159</time>
<processes>0</processes>
<modules>0</modules>
<keys>15</keys>
<values>8</values>
<datas>1</datas>
<folders>0</folders>
<files>6</files>
<sectors>0</sectors>
</summary>
-<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
-<items>
-<key>
<path>HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b</path>
<vendor>PUP.Optional.CloudScout</vendor>
<action>success</action>
<hash>5872b6416237f244a5a15556ba491de3</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\MICROSOFT\TRACING\easyhotspot-installer_RASAPI32</path>
<vendor>PUP.Optional.EasyHotSpot</vendor>
<action>success</action>
<hash>6f5bd225b4e5fc3a2f783bacb44fa65a</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\MICROSOFT\TRACING\easyhotspot-installer_RASMANCS</path>
<vendor>PUP.Optional.EasyHotSpot</vendor>
<action>success</action>
<hash>a8228770a7f2e2544c5b4a9d5ba843bd</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\MICROSOFT\TRACING\idscservice_RASAPI32</path>
<vendor>PUP.Optional.IDSCProduct</vendor>
<action>success</action>
<hash>b9117285b0e9a294e3b67471fc075ba5</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\MICROSOFT\TRACING\idscservice_RASMANCS</path>
<vendor>PUP.Optional.IDSCProduct</vendor>
<action>success</action>
<hash>7a50bf384d4c5fd76b2e0bdaac57c63a</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\MICROSOFT\TRACING\otutnetwork_RASAPI32</path>
<vendor>PUP.Optional.Tuto4PC</vendor>
<action>success</action>
<hash>96341bdcf2a75adcc793fce9669d28d8</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\MICROSOFT\TRACING\otutnetwork_RASMANCS</path>
<vendor>PUP.Optional.Tuto4PC</vendor>
<action>success</action>
<hash>5c6eda1de8b1c3731f3bc71e21e233cd</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\MICROSOFT\TRACING\wizzcaster_RASAPI32</path>
<vendor>PUP.Optional.WizzCaster</vendor>
<action>success</action>
<hash>65650fe80f8a82b4c8459e4a0cf7e51b</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\MICROSOFT\TRACING\wizzcaster_RASMANCS</path>
<vendor>PUP.Optional.WizzCaster</vendor>
<action>success</action>
<hash>6e5c1dda1c7d0a2ce924ad3b26dd9868</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6E8031FE-4F20-4E4F-BD70-A197A9B43B98}</path>
<vendor>PUP.Optional.YesSearches</vendor>
<action>delete-on-reboot</action>
<hash>7c4eeb0cb3e69d990959ffe60102dd23</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Nekatynufoch Configuration</path>
<vendor>PUP.Optional.YesSearches</vendor>
<action>delete-on-reboot</action>
<hash>4189cb2c207951e5a3c126bf5ca7a25e</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}</path>
<vendor>PUP.Optional.HohoSearch</vendor>
<action>success</action>
<hash>6c5e33c4f1a84cea7c05c3f2887acc34</hash>
</key>
-<key>
<path>HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SAFEBOOT\NETWORK\zdwfp</path>
<vendor>Rootkit.Komodia.PUA</vendor>
<action>success</action>
<hash>6e5c38bfe1b8231377f707df56addb25</hash>
</key>
-<key>
<path>HKU\S-1-5-21-526843066-1090318809-1319604335-1001\SOFTWARE\INSTALLPATH\STATUS</path>
<vendor>PUP.Optional.Komodia</vendor>
<action>success</action>
<hash>07c35c9bf2a70a2cc8965b7359aa916f</hash>
</key>
-<key>
<path>HKU\S-1-5-21-526843066-1090318809-1319604335-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}</path>
<vendor>PUP.Optional.Conduit</vendor>
<action>success</action>
<hash>29a120d74d4c5adc9667e5a09f649e62</hash>
</key>
-<value>
<path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6E8031FE-4F20-4E4F-BD70-A197A9B43B98}</path>
<valuename>Path</valuename>
<vendor>PUP.Optional.YesSearches</vendor>
<action>delete-on-reboot</action>
<valuedata>\Nekatynufoch Configuration</valuedata>
<hash>7c4eeb0cb3e69d990959ffe60102dd23</hash>
</value>
-<value>
<path>HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}</path>
<valuename>hp</valuename>
<vendor>PUP.Optional.HohoSearch</vendor>
<action>success</action>
<valuedata>http://www.hohosearch.com/?ts=AHEqAXAkA ... /valuedata>
<hash>6c5e33c4f1a84cea7c05c3f2887acc34</hash>
</value>
-<value>
<path>HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}</path>
<valuename>tab</valuename>
<vendor>PUP.Optional.HohoSearch</vendor>
<action>success</action>
<valuedata>http://www.hohosearch.com/?ts=AHEqAXAkA ... /valuedata>
<hash>2d9dfdfa9504c472661b981d8280e51b</hash>
</value>
-<value>
<path>HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}</path>
<valuename>sp</valuename>
<vendor>PUP.Optional.HohoSearch</vendor>
<action>success</action>
<valuedata>http://www.hohosearch.com/chrome.php?ui ... /valuedata>
<hash>3793f9febfdabc7a2958d9dc07fb946c</hash>
</value>
-<value>
<path>HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}</path>
<valuename>surl</valuename>
<vendor>PUP.Optional.HohoSearch</vendor>
<action>success</action>
<valuedata>http://www.hohosearch.com/chrome.php?ui ... /valuedata>
<hash>bc0e01f65247e94d037e1c99f50dbc44</hash>
</value>
-<value>
<path>HKU\S-1-5-21-526843066-1090318809-1319604335-1001\SOFTWARE\INSTALLPATH\STATUS</path>
<valuename>FlowsurfCB</valuename>
<vendor>PUP.Optional.Komodia</vendor>
<action>success</action>
<valuedata>Y</valuedata>
<hash>07c35c9bf2a70a2cc8965b7359aa916f</hash>
</value>
-<value>
<path>HKU\S-1-5-21-526843066-1090318809-1319604335-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</path>
<valuename>URL</valuename>
<vendor>PUP.Optional.Conduit</vendor>
<action>success</action>
<valuedata>http://www.bing.com/search?pc=COSP&ptag ... /valuedata>
<hash>29a120d74d4c5adc9667e5a09f649e62</hash>
</value>
-<value>
<path>HKU\S-1-5-21-526843066-1090318809-1319604335-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</path>
<valuename>TopResultURL</valuename>
<vendor>PUP.Optional.Conduit</vendor>
<action>success</action>
<valuedata>http://www.bing.com/search?pc=COSP&ptag ... /valuedata>
<hash>e1e908ef198062d41edf8401b1524bb5</hash>
</value>
-<data>
<path>HKU\S-1-5-21-526843066-1090318809-1319604335-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path>
<valuename>Start Page</valuename>
<vendor>PUP.Optional.Conduit</vendor>
<action>replaced</action>
<valuedata>http://www.bing.com/?pc=COSP&ptag=D0531 ... /valuedata>
<baddata>http://www.bing.com/?pc=COSP&ptag=D0531 ... 8</baddata>
<gooddata>www.google.com</gooddata>
<hash>2d9d1ddaefaada5c48b5cb8f9a6a748c</hash>
</data>
-<file>
<path>C:\Windows\System32\trz86AF.tmp</path>
<vendor>PUP.Optional.Komodia.WnskRST</vendor>
<action>success</action>
<hash>28a2ac4bd0c9fe38498cdac1ee13ba46</hash>
</file>
-<file>
<path>C:\Users\Trnda\AppData\Local\Apps\2.0\abril.exe</path>
<vendor>PUP.Optional.ProntSpooler</vendor>
<action>success</action>
<hash>daf0ac4b0396b086c76b30b2fc0717e9</hash>
</file>
-<file>
<path>C:\Users\Trnda\AppData\Local\Apps\2.0\abril.InstallLog</path>
<vendor>PUP.Optional.ProntSpooler</vendor>
<action>success</action>
<hash>06c4f8ffc2d780b692a061813fc46f91</hash>
</file>
-<file>
<path>C:\Users\Trnda\AppData\Local\Apps\2.0\abril.InstallState</path>
<vendor>PUP.Optional.ProntSpooler</vendor>
<action>success</action>
<hash>4d7d08ef8d0c2e087ab83aa827dc966a</hash>
</file>
-<file>
<path>C:\Users\Trnda\AppData\Local\Apps\2.0\abril.stt</path>
<vendor>PUP.Optional.ProntSpooler</vendor>
<action>success</action>
<hash>fecc55a23c5dd264092913cf22e15ba5</hash>
</file>
-<file>
<path>C:\Windows\System32\Tasks\Nekatynufoch Configuration</path>
<vendor>PUP.Optional.YesSearches</vendor>
<action>success</action>
<hash>3199e215cfca4bebb6a85b8a0af97e82</hash>
</file>
</items>
</mbam-log>
Re: Pro Motji
V tomhle logu nic nevyčtu. Tak všechno smažte a poprosím o nový log z frstu a hlavně napište, co pc
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Pro Motji
Jen pro informaci, mám smazat : Addition.txt , Fixlog.txt, FRST.txt a udělat nový scan? v FRST a posléze v malwarebytes? 
Re: Pro Motji
ano
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Pro Motji
Děkuji, tak jsem vše odstranil zde je log
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-06-2016
Ran by Trnda (administrator) on YAN-TRNDA (03-06-2016 12:06:38)
Running from C:\Users\Trnda\Desktop
Loaded Profiles: Trnda (Available Profiles: Trnda)
Platform: Windows 10 Home Version 1511 (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\syswow64\PnkBstrA.exe
() C:\Windows\syswow64\PnkBstrB.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\syswow64\cmd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Valve Corporation) D:\Trnda\program\steam\Steam.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareTactXMacroController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) D:\Trnda\program\steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Valve Corporation) D:\Trnda\program\steam\bin\steamwebhelper.exe
(Valve Corporation) D:\Trnda\program\steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\syswow64\timeout.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-12-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-12-03] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945672 2015-07-16] (Synaptics Incorporated)
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [13840 2013-11-04] (Alienware)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-03-03] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\RunOnce: [AdBlock2] => C:\WINDOWS\AdBlock.exe [304162 2016-05-25] ( )
HKU\S-1-5-21-526843066-1090318809-1319604335-1001\...\Run: [Steam] => D:\Trnda\program\Steam\steam.exe [3077712 2016-04-30] (Valve Corporation)
HKU\S-1-5-21-526843066-1090318809-1319604335-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-526843066-1090318809-1319604335-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8721624 2016-05-13] (Piriform Ltd)
HKU\S-1-5-21-526843066-1090318809-1319604335-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1477392 2016-05-31] (Lavasoft)
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{892b557f-2386-4a96-8a91-77123a45b9fa}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{a0bcc66c-fa3b-4a4f-96be-1317c1987970}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
SearchScopes: HKU\S-1-5-21-526843066-1090318809-1319604335-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> No File
FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-03] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-526843066-1090318809-1319604335-1001: ubisoft.com/uplaypc -> C:\Hry\Settlers 7\Data\Base\_Dbg\Bin\Release\orbit\npuplaypc.dll [2013-02-26] (Ubisoft)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.facebook.com/","hxxp://himym.kinoti ... AXAkA38tBk.."
CHR Profile: C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Beautiful landscape) - C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambfimhigppdidfmelpjmojccbfdoeig [2016-05-27]
CHR Extension: (Disk Google) - C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-27]
CHR Extension: (YouTube) - C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-27]
CHR Extension: (Dokumenty Google offline) - C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-27]
CHR Extension: (AdBlock) - C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-01]
CHR Extension: (Auto HD For YouTube™) - C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2016-05-27]
CHR Extension: (Kontrola e-mailu Google) - C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2016-05-27]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-27]
CHR Extension: (Gmail) - C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-27]
CHR HKU\S-1-5-21-526843066-1090318809-1319604335-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-03-03] (NVIDIA Corporation)
S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2016-05-31] (Lavasoft Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-03-03] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-03-03] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-03-03] (NVIDIA Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [66872 2016-03-17] ()
R2 PnkBstrB; C:\WINDOWS\SysWOW64\PnkBstrB.exe [107832 2016-03-17] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-12-03] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-16] (Synaptics Incorporated)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [17168 2016-05-31] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7585280 2015-10-30] (Broadcom Corporation)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-10-30] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-10-30] (Microsoft Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
R0 EMSC; C:\Windows\System32\drivers\EMSC.SYS [17720 2012-07-10] ()
R3 Ke2200; C:\Windows\System32\drivers\e22w8x64.sys [174448 2012-12-03] (Qualcomm Atheros, Inc.)
R3 kiox_ff_driver; C:\Windows\System32\drivers\kiox_ff_driver.sys [41456 2015-06-15] (Kionix, Inc.)
S3 ksapi64; C:\WINDOWS\system32\drivers\ksapi64.sys [56680 2016-05-11] (Kingsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-03] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-03-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2016-03-03] (NVIDIA Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [42184 2015-07-16] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [42696 2015-07-16] (Synaptics Incorporated)
S3 ST_Accel; C:\Windows\System32\drivers\ST_Accel.sys [83456 2013-08-06] (STMicroelectronics)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-01 22:40 - 2016-06-01 22:42 - 00000080 _____ C:\Users\Trnda\Desktop\uTorrent.lnk
2016-06-01 22:35 - 2016-06-03 11:37 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-01 22:34 - 2016-06-01 22:42 - 00001167 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-01 22:34 - 2016-06-01 22:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-01 22:34 - 2016-06-01 22:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-01 22:34 - 2016-06-01 22:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-01 22:34 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-06-01 22:34 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-06-01 22:34 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-06-01 22:28 - 2016-06-01 22:29 - 00000000 ____D C:\Users\Trnda\Desktop\FRST-OlderVersion
2016-05-31 22:07 - 2016-06-01 22:42 - 00000840 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2016-05-31 22:07 - 2016-06-01 22:42 - 00000790 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2016-05-31 21:56 - 2016-05-31 21:56 - 00000213 _____ C:\Users\Trnda\Desktop\Dota 2.url
2016-05-31 21:51 - 2016-06-01 22:42 - 00000767 _____ C:\Users\Public\Desktop\Steam.lnk
2016-05-31 20:02 - 2016-06-03 12:06 - 00016126 _____ C:\Users\Trnda\Desktop\FRST.txt
2016-05-31 20:00 - 2016-06-03 12:06 - 00000000 ____D C:\FRST
2016-05-31 19:58 - 2016-06-01 22:28 - 02383872 _____ (Farbar) C:\Users\Trnda\Desktop\FRST64.exe
2016-05-31 18:22 - 2016-05-31 19:43 - 00000000 ____D C:\Users\Trnda\AppData\Roaming\Lavasoft
2016-05-31 18:22 - 2016-05-31 19:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-05-31 18:22 - 2016-05-31 18:57 - 00002968 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2016-05-31 18:22 - 2016-05-31 18:57 - 00002968 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2016-05-31 18:22 - 2016-05-31 18:22 - 00425744 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00000000 ____D C:\Users\Trnda\AppData\Local\Lavasoft
2016-05-31 18:22 - 2016-05-31 18:22 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2016-05-31 18:20 - 2016-05-31 19:43 - 00000000 ____D C:\ProgramData\Lavasoft
2016-05-31 18:16 - 2016-06-01 22:42 - 00000903 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-05-31 18:16 - 2016-05-31 18:16 - 00002858 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-05-31 18:16 - 2016-05-31 18:16 - 00000000 ____D C:\Program Files\CCleaner
2016-05-27 16:23 - 2016-06-03 11:34 - 00000980 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-27 16:23 - 2016-06-02 16:34 - 00000976 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-27 16:23 - 2016-06-02 03:34 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-27 16:23 - 2016-06-02 03:34 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-27 16:23 - 2016-05-27 16:29 - 00004038 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-27 16:23 - 2016-05-27 16:29 - 00003806 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-27 15:54 - 2016-05-27 15:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-05-27 15:37 - 2016-05-27 15:37 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-05-24 14:20 - 2016-05-24 14:20 - 00000000 ____D C:\Users\Trnda\AppData\Local\UE BOOM
2016-05-21 02:03 - 2016-05-21 02:03 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-21 02:03 - 2016-05-21 02:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-05-11 15:50 - 2016-05-11 15:50 - 00270296 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-11 11:11 - 2016-05-11 11:11 - 00000000 ____D C:\Users\Trnda\AppData\Local\ActiveSync
2016-05-11 10:54 - 2016-05-11 10:54 - 00000000 ____D C:\Users\Default\AppData\Local\Trusteer
2016-05-11 10:54 - 2016-05-11 10:54 - 00000000 ____D C:\Users\Default User\AppData\Local\Trusteer
2016-05-11 00:54 - 2016-05-11 00:54 - 00081768 _____ (Kingsoft Corporation) C:\WINDOWS\system32\Drivers\ksapi.sys
2016-05-11 00:54 - 2016-05-11 00:54 - 00056680 _____ (Kingsoft Corporation) C:\WINDOWS\system32\Drivers\ksapi64.sys
2016-05-11 00:54 - 2016-05-11 00:54 - 00000000 ____D C:\ProgramData\Kingsoft
2016-05-10 22:23 - 2016-04-23 06:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-10 22:23 - 2016-04-23 06:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-10 22:23 - 2016-04-23 06:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-10 22:23 - 2016-04-23 06:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-10 22:23 - 2016-04-23 06:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-10 22:23 - 2016-04-23 06:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-10 22:23 - 2016-04-23 06:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-10 22:23 - 2016-04-23 06:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-10 22:23 - 2016-04-23 06:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-10 22:23 - 2016-04-23 06:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-10 22:23 - 2016-04-23 06:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-10 22:23 - 2016-04-23 06:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-10 22:22 - 2016-05-06 06:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-10 22:22 - 2016-05-06 06:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-10 22:22 - 2016-05-06 06:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-10 22:22 - 2016-05-06 05:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-10 22:22 - 2016-05-06 05:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-10 22:22 - 2016-05-06 05:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-10 22:22 - 2016-05-06 05:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-10 22:22 - 2016-05-06 05:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-10 22:22 - 2016-04-30 08:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-10 22:22 - 2016-04-30 08:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-10 22:22 - 2016-04-23 08:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-10 22:22 - 2016-04-23 08:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-10 22:22 - 2016-04-23 08:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-10 22:22 - 2016-04-23 08:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-10 22:22 - 2016-04-23 08:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-10 22:22 - 2016-04-23 08:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-10 22:22 - 2016-04-23 08:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-10 22:22 - 2016-04-23 08:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-10 22:22 - 2016-04-23 07:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-10 22:22 - 2016-04-23 07:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-10 22:22 - 2016-04-23 07:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-10 22:22 - 2016-04-23 07:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-10 22:22 - 2016-04-23 07:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-10 22:22 - 2016-04-23 07:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-10 22:22 - 2016-04-23 07:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-10 22:22 - 2016-04-23 07:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-10 22:22 - 2016-04-23 07:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-10 22:22 - 2016-04-23 07:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-10 22:22 - 2016-04-23 07:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-10 22:22 - 2016-04-23 07:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-10 22:22 - 2016-04-23 07:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-10 22:22 - 2016-04-23 07:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-10 22:22 - 2016-04-23 07:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-10 22:22 - 2016-04-23 07:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-10 22:22 - 2016-04-23 07:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-10 22:22 - 2016-04-23 07:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-10 22:22 - 2016-04-23 07:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-10 22:22 - 2016-04-23 07:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-10 22:22 - 2016-04-23 07:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-10 22:22 - 2016-04-23 07:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-10 22:22 - 2016-04-23 07:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-10 22:22 - 2016-04-23 07:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-10 22:22 - 2016-04-23 07:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-10 22:22 - 2016-04-23 07:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-10 22:22 - 2016-04-23 07:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-10 22:22 - 2016-04-23 07:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-10 22:22 - 2016-04-23 07:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-10 22:22 - 2016-04-23 07:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-10 22:22 - 2016-04-23 07:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-10 22:22 - 2016-04-23 07:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-10 22:22 - 2016-04-23 07:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-10 22:22 - 2016-04-23 07:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-10 22:22 - 2016-04-23 07:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-10 22:22 - 2016-04-23 07:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-10 22:22 - 2016-04-23 07:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-10 22:22 - 2016-04-23 07:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-10 22:22 - 2016-04-23 07:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-10 22:22 - 2016-04-23 07:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-10 22:22 - 2016-04-23 07:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-10 22:22 - 2016-04-23 07:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-10 22:22 - 2016-04-23 07:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-10 22:22 - 2016-04-23 07:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-10 22:22 - 2016-04-23 07:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-10 22:22 - 2016-04-23 07:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-10 22:22 - 2016-04-23 07:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-10 22:22 - 2016-04-23 07:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-10 22:22 - 2016-04-23 07:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-10 22:22 - 2016-04-23 07:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-10 22:22 - 2016-04-23 07:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-10 22:22 - 2016-04-23 07:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-10 22:22 - 2016-04-23 07:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-10 22:22 - 2016-04-23 07:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-10 22:22 - 2016-04-23 07:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-10 22:22 - 2016-04-23 07:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-10 22:22 - 2016-04-23 07:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-10 22:22 - 2016-04-23 07:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-10 22:22 - 2016-04-23 07:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-10 22:22 - 2016-04-23 07:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-10 22:22 - 2016-04-23 07:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-10 22:22 - 2016-04-23 07:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-10 22:22 - 2016-04-23 06:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-10 22:22 - 2016-04-23 06:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-10 22:22 - 2016-04-23 06:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-10 22:22 - 2016-04-23 06:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-10 22:22 - 2016-04-23 06:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-10 22:22 - 2016-04-23 06:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-10 22:22 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-10 22:22 - 2016-04-23 06:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-10 22:22 - 2016-04-23 06:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-10 22:22 - 2016-04-23 06:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-10 22:22 - 2016-04-23 06:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-10 22:22 - 2016-04-23 06:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-10 22:22 - 2016-04-23 06:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-10 22:22 - 2016-04-23 06:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-10 22:22 - 2016-04-23 06:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-10 22:22 - 2016-04-23 06:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-10 22:22 - 2016-04-23 06:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-10 22:22 - 2016-04-23 06:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-10 22:22 - 2016-04-23 06:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-10 22:22 - 2016-04-23 06:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-10 22:22 - 2016-04-23 06:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-10 22:22 - 2016-04-23 06:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-10 22:22 - 2016-04-23 06:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-10 22:22 - 2016-04-23 06:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-10 22:22 - 2016-04-23 06:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-10 22:22 - 2016-04-23 06:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-10 22:22 - 2016-04-23 06:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-10 22:22 - 2016-04-23 06:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-10 22:22 - 2016-04-23 06:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-10 22:22 - 2016-04-23 06:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-10 22:22 - 2016-04-23 06:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-10 22:22 - 2016-04-23 06:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-10 22:22 - 2016-04-23 06:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-10 22:22 - 2016-04-23 06:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-10 22:22 - 2016-04-23 06:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-10 22:22 - 2016-04-23 06:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-10 22:22 - 2016-04-23 06:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-10 22:22 - 2016-04-23 06:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-10 22:22 - 2016-04-23 06:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-10 22:22 - 2016-04-23 06:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-10 22:22 - 2016-04-23 06:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-10 22:22 - 2016-04-23 06:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-10 22:22 - 2016-04-23 06:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-10 22:22 - 2016-04-23 06:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-10 22:22 - 2016-04-23 06:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-10 22:22 - 2016-04-23 06:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-10 22:22 - 2016-04-23 06:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-10 22:22 - 2016-04-23 06:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-10 22:22 - 2016-04-23 06:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-10 22:22 - 2016-04-23 06:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-10 22:22 - 2016-04-23 06:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-10 22:22 - 2016-04-23 06:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-10 22:22 - 2016-04-23 06:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-10 22:22 - 2016-04-23 06:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-10 22:22 - 2016-04-23 06:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-10 22:22 - 2016-04-23 06:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-10 22:22 - 2016-04-23 06:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-10 22:22 - 2016-04-23 06:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-10 22:22 - 2016-04-23 06:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-10 22:22 - 2016-04-23 06:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-10 22:22 - 2016-04-23 06:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-10 22:22 - 2016-04-23 06:18 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-05-10 22:22 - 2016-04-23 06:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-10 22:22 - 2016-04-23 06:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-10 22:22 - 2016-04-23 06:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-10 22:22 - 2016-04-23 06:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-10 22:22 - 2016-04-23 06:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-10 22:22 - 2016-04-23 06:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-10 22:22 - 2016-04-23 06:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-10 22:22 - 2016-04-23 06:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-10 22:22 - 2016-04-23 06:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-10 22:22 - 2016-04-23 06:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-10 22:22 - 2016-04-23 06:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-10 22:22 - 2016-04-23 06:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-10 22:22 - 2016-04-23 06:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-10 22:22 - 2016-04-23 06:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-10 22:22 - 2016-04-23 06:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-10 22:22 - 2016-04-23 06:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-10 22:22 - 2016-04-23 06:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-10 22:22 - 2016-04-23 06:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-10 22:22 - 2016-04-23 06:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-10 22:22 - 2016-04-23 06:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-10 22:22 - 2016-04-23 06:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-10 22:22 - 2016-04-23 06:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-10 22:22 - 2016-04-23 06:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-10 22:22 - 2016-04-23 06:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-10 22:22 - 2016-04-23 06:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-10 22:22 - 2016-04-23 06:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-10 22:22 - 2016-04-23 06:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-10 22:22 - 2016-04-23 06:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-10 22:22 - 2016-04-23 06:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-10 22:22 - 2016-04-23 06:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-10 22:22 - 2016-04-23 06:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-10 22:22 - 2016-04-23 06:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-10 22:22 - 2016-04-23 06:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-10 22:22 - 2016-04-23 06:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-10 22:22 - 2016-04-23 06:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-10 22:22 - 2016-04-23 06:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-10 22:22 - 2016-04-23 06:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-10 22:22 - 2016-04-23 06:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-10 22:22 - 2016-04-23 06:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-10 22:22 - 2016-04-23 06:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-10 22:22 - 2016-04-23 06:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-10 22:22 - 2016-04-23 06:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-10 22:22 - 2016-04-23 06:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-10 22:22 - 2016-04-23 06:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-10 22:22 - 2016-04-23 06:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-10 22:22 - 2016-04-23 06:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-10 22:22 - 2016-04-23 06:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-10 22:22 - 2016-04-23 06:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-10 22:22 - 2016-04-23 06:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-10 22:22 - 2016-04-23 06:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-10 22:22 - 2016-04-23 06:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-10 22:22 - 2016-04-23 06:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-10 22:22 - 2016-04-23 06:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-10 22:22 - 2016-04-23 06:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-10 22:22 - 2016-04-23 06:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-10 22:22 - 2016-04-23 06:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-10 22:22 - 2016-04-23 06:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-10 22:22 - 2016-04-23 06:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-10 22:22 - 2016-04-23 06:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-10 22:22 - 2016-04-23 06:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-10 22:22 - 2016-04-23 06:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-10 22:22 - 2016-04-23 06:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-10 22:22 - 2016-04-23 06:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-10 22:22 - 2016-04-23 05:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-10 22:22 - 2016-04-23 04:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-10 22:21 - 2016-04-23 06:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-10 22:21 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-10 22:21 - 2016-04-23 06:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-10 22:21 - 2016-04-23 06:30 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-05-10 22:21 - 2016-04-23 06:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-10 22:21 - 2016-04-23 06:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-10 22:21 - 2016-04-23 06:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-10 22:21 - 2016-04-23 06:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-10 22:21 - 2016-04-23 06:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-10 22:21 - 2016-04-23 06:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-10 22:21 - 2016-04-23 06:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-10 22:21 - 2016-04-23 06:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-10 22:21 - 2016-04-23 06:18 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-05-10 22:21 - 2016-04-23 06:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-10 22:21 - 2016-04-23 04:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-10 22:21 - 2016-04-19 00:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-05-10 14:12 - 2016-05-25 02:50 - 00304162 _____ ( ) C:\WINDOWS\AdBlock.exe
2016-05-09 21:51 - 2016-05-09 21:51 - 00000000 ____D C:\Users\Trnda\Tracing
2016-05-09 21:49 - 2016-06-01 22:42 - 00002652 _____ C:\Users\Public\Desktop\Skype.lnk
2016-05-09 21:49 - 2016-05-25 13:01 - 00000000 ____D C:\Users\Trnda\AppData\Roaming\Skype
2016-05-09 21:49 - 2016-05-21 02:03 - 00000000 ____D C:\ProgramData\Skype
2016-05-08 22:31 - 2016-05-08 22:31 - 00000000 ____D C:\Users\Trnda\AppData\Local\Trusteer
2016-05-04 10:51 - 2016-05-04 10:51 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2016-05-04 10:51 - 2016-05-04 10:51 - 00000000 ____D C:\WINDOWS\system32\vbox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-03 11:24 - 2016-03-07 08:48 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-03 11:24 - 2016-03-07 08:48 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-03 11:22 - 2016-03-08 19:54 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{336B2C55-E47F-488C-BE08-5B7E380B515C}
2016-06-02 19:45 - 2016-03-15 01:22 - 00000000 ____D C:\Users\Trnda\AppData\Roaming\TS3Client
2016-06-01 22:46 - 2016-03-20 23:18 - 00751256 _____ C:\WINDOWS\system32\perfh005.dat
2016-06-01 22:46 - 2016-03-20 23:18 - 00150864 _____ C:\WINDOWS\system32\perfc005.dat
2016-06-01 22:46 - 2016-03-07 09:38 - 01771468 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-01 22:46 - 2016-03-07 08:47 - 00000000 ____D C:\WINDOWS\INF
2016-06-01 22:42 - 2016-03-27 17:47 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-06-01 22:42 - 2016-03-14 22:26 - 00000988 _____ C:\Users\Trnda\Desktop\Wow - Shortcut.lnk
2016-06-01 22:42 - 2016-03-14 18:52 - 00000786 _____ C:\Users\Trnda\Desktop\Fallout 4.lnk
2016-06-01 22:42 - 2016-03-14 17:11 - 00001165 _____ C:\Users\Trnda\Desktop\The Settlers7 - Shortcut.lnk
2016-06-01 22:42 - 2016-03-09 04:17 - 00001276 _____ C:\Users\Trnda\Desktop\Uplay.lnk
2016-06-01 22:42 - 2016-03-08 14:34 - 00001926 _____ C:\Users\Public\Desktop\Alienware Command Center.lnk
2016-06-01 22:42 - 2016-03-08 13:54 - 00000757 _____ C:\Users\Trnda\Desktop\Mafia II.lnk
2016-06-01 22:42 - 2016-03-07 20:13 - 00000599 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grand Theft Auto V.lnk
2016-06-01 22:42 - 2016-03-07 20:13 - 00000581 _____ C:\Users\Public\Desktop\Grand Theft Auto V.lnk
2016-06-01 22:42 - 2016-03-07 09:57 - 00000420 _____ C:\Users\Trnda\Desktop\Šarlotka.lnk
2016-06-01 22:42 - 2016-03-07 09:50 - 00002336 _____ C:\Users\Trnda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-06-01 22:42 - 2016-03-07 09:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-01 22:42 - 2016-03-07 09:33 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-01 22:42 - 2016-03-07 08:42 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-06-01 22:42 - 2015-10-30 09:19 - 00002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
2016-06-01 22:42 - 2015-10-30 09:19 - 00002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk
2016-06-01 22:42 - 2015-10-30 09:19 - 00002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devices Flow.lnk
2016-06-01 22:42 - 2015-10-30 09:18 - 00001590 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
2016-06-01 22:42 - 2015-10-30 09:18 - 00000853 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk
2016-06-01 22:42 - 2015-10-30 09:17 - 00002325 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk
2016-06-01 22:40 - 2016-05-03 20:34 - 00000000 ____D C:\Users\Trnda\AppData\Local\Apps\2.0
2016-06-01 22:40 - 2016-03-07 10:00 - 00000000 ____D C:\Users\Trnda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2016-05-31 19:53 - 2016-03-08 14:55 - 00000000 ____D C:\Users\Trnda\AppData\Local\CrashDumps
2016-05-31 19:45 - 2016-05-03 20:10 - 00000085 _____ C:\WINDOWS\wininit.ini
2016-05-30 12:13 - 2016-03-07 08:48 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-05-27 16:41 - 2016-03-07 08:48 - 00000000 ____D C:\WINDOWS\rescache
2016-05-27 16:23 - 2016-03-07 09:54 - 00000000 ____D C:\Users\Trnda\AppData\Local\Google
2016-05-27 16:23 - 2016-03-07 09:54 - 00000000 ____D C:\Program Files (x86)\Google
2016-05-27 16:10 - 2016-03-07 01:51 - 00007596 _____ C:\Users\Trnda\AppData\Local\Resmon.ResmonCfg
2016-05-27 16:01 - 2016-05-03 20:41 - 00000000 ____D C:\ProgramData\AVAST Software
2016-05-27 16:00 - 2016-03-07 09:48 - 00000000 ____D C:\Users\Trnda\AppData\Local\Packages
2016-05-27 15:42 - 2016-03-07 09:48 - 00000000 ____D C:\Users\Trnda
2016-05-23 00:55 - 2016-03-09 04:25 - 00000000 ____D C:\Users\Trnda\Documents\Settlers7
2016-05-15 00:16 - 2016-05-03 20:39 - 00000000 ____D C:\Users\Trnda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
2016-05-13 22:23 - 2016-03-07 08:44 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-11 21:57 - 2016-03-07 08:48 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 21:57 - 2016-03-07 08:48 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 11:11 - 2016-03-07 08:52 - 00000000 ___DC C:\WINDOWS\Panther
2016-05-11 11:09 - 2016-03-07 09:48 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-11 10:35 - 2016-03-07 08:48 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-11 10:35 - 2016-03-07 08:48 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-11 10:35 - 2016-03-07 08:48 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-11 10:35 - 2016-03-07 08:48 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-11 10:35 - 2016-03-07 08:48 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 10:34 - 2016-03-07 08:48 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-11 04:19 - 2016-03-07 09:54 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 04:14 - 2016-03-07 09:54 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-10 23:18 - 2016-03-07 09:48 - 00000000 ____D C:\Users\Trnda\AppData\Local\VirtualStore
==================== Files in the root of some directories =======
2016-03-07 01:51 - 2016-05-27 16:10 - 0007596 _____ () C:\Users\Trnda\AppData\Local\Resmon.ResmonCfg
2016-05-27 15:37 - 2016-05-27 15:37 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Trnda\AppData\Local\Temp\dcac43a7-524d-4a10-ace1-584234301725.exe
C:\Users\Trnda\AppData\Local\Temp\libeay32.dll
C:\Users\Trnda\AppData\Local\Temp\msvcr120.dll
C:\Users\Trnda\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-05-25 11:27
==================== End of FRST.txt ============================
a zde je log addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version:01-06-2016
Ran by Trnda (2016-06-03 12:06:57)
Running from C:\Users\Trnda\Desktop
Windows 10 Home Version 1511 (X64) (2016-03-07 07:47:04)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-526843066-1090318809-1319604335-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-526843066-1090318809-1319604335-503 - Limited - Disabled)
Guest (S-1-5-21-526843066-1090318809-1319604335-501 - Limited - Disabled)
Trnda (S-1-5-21-526843066-1090318809-1319604335-1001 - Administrator - Enabled) => C:\Users\Trnda
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Alienware Command Center (HKLM-x32\...\InstallShield_{D4CE21D4-27E5-46DB-9FFE-553A90AD4B9F}) (Version: 3.5.14.0 - Alienware Corp.)
Alienware Command Center (Version: 3.5.14.0 - Alienware Corp.) Hidden
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
Dota 2 (HKLM\...\Steam App 570) (Version: - Valve)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version: - )
Far Cry 2 (HKLM\...\Steam App 19900) (Version: - Ubisoft Montreal)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.79 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - )
Malwarebytes Anti-Malware verze 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
NVIDIA 3D Vision Driver 364.47 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.47 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.47 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.47 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
The Settlers 7 - Paths to a Kingdom (HKLM-x32\...\{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}) (Version: 1.12.1396 - Ubisoft)
The Witcher: Enhanced Edition (HKLM\...\Steam App 20900) (Version: - CD PROJEKT RED)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
Web Companion (HKLM-x32\...\{edf78454-e073-4393-8f24-2e9e2cc72f03}) (Version: 2.3.1411.2698 - Lavasoft)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {04A59B06-E06C-46D8-A38C-93861A35522D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-27] (Google Inc.)
Task: {201A0235-F8F0-4940-9CE5-821522093AB0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
Task: {302F1E1B-2295-4F32-8AE4-168243FC4452} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-27] (Google Inc.)
Task: {56302F31-01E9-48B8-A8A1-14B2458C3E0D} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {C4443BDA-5EBD-4A4A-8042-ABE04A08B807} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {F47C7EF5-E593-41F5-8DBC-024C290574C4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-05-13] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-07 09:33 - 2016-03-03 11:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-17 21:32 - 2016-03-17 21:32 - 00066872 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2016-03-17 21:32 - 2016-03-17 21:32 - 00107832 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2016-05-31 18:22 - 2016-05-31 18:22 - 00017168 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2016-05-31 18:22 - 2016-05-31 18:22 - 00008976 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00028944 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2016-04-13 19:12 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 19:12 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-30 18:22 - 2016-04-30 18:22 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-18 21:25 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-10 22:21 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-10 22:21 - 2016-04-23 06:25 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-05-10 22:22 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-10 22:22 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-10 22:22 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-10 22:22 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-05-13 18:44 - 2016-05-13 18:44 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2016-05-27 16:23 - 2016-05-25 01:24 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.63\libglesv2.dll
2016-05-27 16:23 - 2016-05-25 01:24 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.63\libegl.dll
2016-04-30 18:22 - 2016-04-30 18:22 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-30 18:22 - 2016-04-30 18:22 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-03-08 14:41 - 2016-03-03 14:16 - 00020352 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-05-31 21:52 - 2016-04-29 22:10 - 00785920 _____ () D:\Trnda\program\steam\SDL2.dll
2016-05-31 21:52 - 2015-07-03 18:12 - 04962816 _____ () D:\Trnda\program\steam\v8.dll
2016-05-31 21:52 - 2016-04-30 02:10 - 02549840 _____ () D:\Trnda\program\steam\video.dll
2016-05-31 21:52 - 2015-07-03 18:12 - 01556992 _____ () D:\Trnda\program\steam\icui18n.dll
2016-05-31 21:52 - 2015-07-03 18:12 - 01187840 _____ () D:\Trnda\program\steam\icuuc.dll
2016-05-31 21:52 - 2016-02-09 01:14 - 02549760 _____ () D:\Trnda\program\steam\libavcodec-56.dll
2016-05-31 21:52 - 2016-02-09 01:14 - 00491008 _____ () D:\Trnda\program\steam\libavformat-56.dll
2016-05-31 21:52 - 2016-02-09 01:14 - 00332800 _____ () D:\Trnda\program\steam\libavresample-2.dll
2016-05-31 21:52 - 2016-02-09 01:14 - 00442880 _____ () D:\Trnda\program\steam\libavutil-54.dll
2016-05-31 21:52 - 2016-02-09 01:14 - 00485888 _____ () D:\Trnda\program\steam\libswscale-3.dll
2016-05-31 21:52 - 2016-04-30 02:10 - 00829008 _____ () D:\Trnda\program\steam\bin\chromehtml.DLL
2016-05-31 21:52 - 2016-02-18 00:25 - 00281088 _____ () D:\Trnda\program\steam\openvr_api.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00121104 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00050448 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Common.Platform.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00010000 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.UpdateComponents.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00295696 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00022288 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AvastWrapper.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00046864 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00012560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00120080 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00029968 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00036112 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
2016-05-31 21:52 - 2016-04-28 03:00 - 49825056 _____ () D:\Trnda\program\steam\bin\libcef.dll
2016-05-31 21:52 - 2015-09-25 01:56 - 00119208 _____ () D:\Trnda\program\steam\winh264.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-526843066-1090318809-1319604335-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-526843066-1090318809-1319604335-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-03-07 08:48 - 2016-05-03 20:31 - 00001006 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-526843066-1090318809-1319604335-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "IDSCCOM4ZU"
HKLM\...\StartupApproved\Run: => "IDSCCOMJWL"
HKLM\...\StartupApproved\Run32: => " QQPCTray"
HKU\S-1-5-21-526843066-1090318809-1319604335-1001\...\StartupApproved\Run: => "EA Core"
HKU\S-1-5-21-526843066-1090318809-1319604335-1001\...\StartupApproved\Run: => "Skype"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{EC336A67-D9B7-4938-A849-8A037CA2CCEA}C:\users\trnda\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\trnda\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{85DE5CB3-68A4-4BCD-8D86-101F90934101}C:\users\trnda\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\trnda\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{B191C720-3CE9-4491-80D0-57EB3F44F377}C:\hry\grand theft auto v\gta5.exe] => (Block) C:\hry\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{F5BBCE8F-0C21-4F9F-9E88-171D968C0662}C:\hry\grand theft auto v\gta5.exe] => (Block) C:\hry\grand theft auto v\gta5.exe
FirewallRules: [{5F2053B8-EC1D-4B05-8B9A-CD415DCC3038}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AE9441FD-09FB-41F4-9C5F-A91CE86CEB44}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D669CD62-F87B-48BF-B6EB-CB0842722093}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{70E2BF07-E5F2-4EAB-9791-110E683FE1DF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{BE0CF42A-90EC-419D-A03C-9893EEB6E2E9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{B82B5200-1BD8-4722-945F-3F10CF0F647C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{91F632D5-24EF-4129-A797-CA91725BEA16}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6D3A74F4-4013-497B-B70B-9C2BE2965FA0}] => (Allow) C:\Hry\Settlers 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe
FirewallRules: [{E5B1B87C-6FA2-47FC-930D-B146564FDA0F}] => (Allow) C:\Hry\Settlers 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe
FirewallRules: [{C6477248-013E-41C6-BC0B-23FE3257A55E}] => (Allow) D:\Trnda\program\Steam.exe
FirewallRules: [{066DE121-EDE6-4C21-90E6-B62B5E398A72}] => (Allow) D:\Trnda\program\Steam.exe
FirewallRules: [{DBEA109A-2A5C-4D17-9108-74BCF3A5BBC1}] => (Allow) D:\Trnda\program\bin\steamwebhelper.exe
FirewallRules: [{4F678B36-406F-4AAC-953E-D82BF70537FC}] => (Allow) D:\Trnda\program\bin\steamwebhelper.exe
FirewallRules: [{22905867-2B88-460A-8C4A-888ED2117EC3}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{71C8E302-2637-487F-8D14-00701A03A85E}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{89EC871A-0603-4228-90BD-D7537E90FC01}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{CCC6636D-83FE-4D22-8E86-8725EB9CF063}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{E0A72183-6E95-4007-92A4-FD697493E34F}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{19AD0D75-1302-4903-A4CA-68D0E7BE2EED}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{8CCEFE59-3DCE-4D5C-8FB9-B3B8226A397D}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{53CFDF5D-4F90-4B32-9E34-EA27C57FB420}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{07FBEEF9-9B56-46D2-9068-AFDF91173EED}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\Far Cry 2\bin\FarCry2.exe
FirewallRules: [{4CC7054F-8880-404B-83B4-C316983199C3}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\Far Cry 2\bin\FarCry2.exe
FirewallRules: [{C980B6D9-AE53-4DF9-8B1C-4DF2E7179AB8}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\Far Cry 2\bin\FC2Editor.exe
FirewallRules: [{13043A17-5AD8-4997-86B5-FD3A2004BBA9}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\Far Cry 2\bin\FC2Editor.exe
FirewallRules: [{84266AEE-5254-4202-80AB-51CD7B7DC200}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\Far Cry 2\bin\FC2BenchmarkTool.exe
FirewallRules: [{B17C5DCA-2109-4336-9F39-06042C8112B9}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\Far Cry 2\bin\FC2BenchmarkTool.exe
FirewallRules: [{CB4C2F91-B79D-46EC-A86A-381D02737941}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\Far Cry 2\bin\FC2ServerLauncher.exe
FirewallRules: [{3494D051-026D-4006-ABA3-2A6C9EF0CB10}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\Far Cry 2\bin\FC2ServerLauncher.exe
FirewallRules: [{2F57C1FF-92E4-408D-A18E-FA4315088273}] => (Allow) C:\Windows\syswow64\PnkBstrA.exe
FirewallRules: [{5F8B8F4C-3EE6-45AC-95A6-91192B5D4A49}] => (Allow) C:\Windows\syswow64\PnkBstrA.exe
FirewallRules: [{53C45F13-B47C-412B-A654-A455BF252B1E}] => (Allow) C:\Windows\syswow64\PnkBstrB.exe
FirewallRules: [{5C46D6BA-1E18-4C90-9C5A-B458CF97549D}] => (Allow) C:\Windows\syswow64\PnkBstrB.exe
FirewallRules: [TCP Query User{C97C5D69-9EAC-40D3-AAA2-81AD00C0ED2C}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A254D245-20C0-449A-8EBB-2EF21FCD88DD}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{261DCAAD-DE9E-4AE5-AB3E-D9C436B2E310}] => (Allow) D:\Trnda\program\steam\Steam.exe
FirewallRules: [{A0B9198B-7826-4E1E-BE88-F5853DABE78B}] => (Allow) D:\Trnda\program\steam\Steam.exe
FirewallRules: [{BC76EF3F-114C-4A82-B4AD-59C1C6ECC316}] => (Allow) D:\Trnda\program\steam\bin\steamwebhelper.exe
FirewallRules: [{AEC74C1B-82B4-4F02-AA3B-DF5334F9F8A9}] => (Allow) D:\Trnda\program\steam\bin\steamwebhelper.exe
FirewallRules: [{463E7A1A-E56B-4877-A3CC-D469F8B793EA}] => (Allow) D:\Trnda\program\steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0024E549-53D0-4310-91CD-0DDB3A51BBDB}] => (Allow) D:\Trnda\program\steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8E3AB3C9-3B82-4C5F-AACF-1A66E6C43770}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
29-05-2016 11:46:14 Scheduled Checkpoint
31-05-2016 18:20:35 AA11
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/01/2016 10:42:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe, verze: 10.0.10586.0, časové razítko: 0x5632d7ba
Název chybujícího modulu: ESENT.dll, verze: 10.0.10586.212, časové razítko: 0x56fa1686
Kód výjimky: 0xc0000602
Posun chyby: 0x000000000022885f
ID chybujícího procesu: 0x9ec
Čas spuštění chybující aplikace: 0xsvchost.exe0
Cesta k chybující aplikaci: svchost.exe1
Cesta k chybujícímu modulu: svchost.exe2
ID zprávy: svchost.exe3
Úplný název chybujícího balíčku: svchost.exe4
ID aplikace související s chybujícím balíčkem: svchost.exe5
Error: (06/01/2016 10:42:13 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (2540) Proces se ukončuje kvůli neopravitelnému selhání: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1603(fucb.cxx:359): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS).
Error: (05/31/2016 07:53:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SystemSettings.exe, verze: 10.0.10586.11, časové razítko: 0x56457cb1
Název chybujícího modulu: SettingsHandlers_StorageSense.dll, verze: 10.0.10586.0, časové razítko: 0x5632d693
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000176d3
ID chybujícího procesu: 0x1bb0
Čas spuštění chybující aplikace: 0xSystemSettings.exe0
Cesta k chybující aplikaci: SystemSettings.exe1
Cesta k chybujícímu modulu: SystemSettings.exe2
ID zprávy: SystemSettings.exe3
Úplný název chybujícího balíčku: SystemSettings.exe4
ID aplikace související s chybujícím balíčkem: SystemSettings.exe5
Error: (05/31/2016 07:45:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe, verze: 10.0.10586.0, časové razítko: 0x5632d7ba
Název chybujícího modulu: ESENT.dll, verze: 10.0.10586.212, časové razítko: 0x56fa1686
Kód výjimky: 0xc0000602
Posun chyby: 0x000000000022885f
ID chybujícího procesu: 0xa44
Čas spuštění chybující aplikace: 0xsvchost.exe0
Cesta k chybující aplikaci: svchost.exe1
Cesta k chybujícímu modulu: svchost.exe2
ID zprávy: svchost.exe3
Úplný název chybujícího balíčku: svchost.exe4
ID aplikace související s chybujícím balíčkem: svchost.exe5
Error: (05/31/2016 07:45:43 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (2628) Proces se ukončuje kvůli neopravitelnému selhání: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1054(tm.cxx:1630): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS).
Error: (05/31/2016 06:57:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe, verze: 10.0.10586.0, časové razítko: 0x5632d7ba
Název chybujícího modulu: ESENT.dll, verze: 10.0.10586.212, časové razítko: 0x56fa1686
Kód výjimky: 0xc0000602
Posun chyby: 0x000000000022885f
ID chybujícího procesu: 0x94c
Čas spuštění chybující aplikace: 0xsvchost.exe0
Cesta k chybující aplikaci: svchost.exe1
Cesta k chybujícímu modulu: svchost.exe2
ID zprávy: svchost.exe3
Úplný název chybujícího balíčku: svchost.exe4
ID aplikace související s chybujícím balíčkem: svchost.exe5
Error: (05/31/2016 06:57:04 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (2380) Proces se ukončuje kvůli neopravitelnému selhání: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1603(bt.cxx:1768): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS).
Error: (05/31/2016 06:20:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.
Details:
AddWin32ServiceFiles: Unable to back up image of service QQRepair1682 since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (05/31/2016 06:20:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (05/30/2016 05:22:03 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
System errors:
=============
Error: (06/03/2016 03:07:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (06/02/2016 03:53:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (06/01/2016 10:42:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby NvStreamSvc bylo dosaženo časového limitu (30000 ms).
Error: (06/01/2016 10:42:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba State Repository Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restart the service.
Error: (06/01/2016 10:42:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (06/01/2016 10:41:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby NvStreamSvc bylo dosaženo časového limitu (30000 ms).
Error: (06/01/2016 10:41:45 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Službě Plánovač úloh se při spuštění nepodařilo načíst úlohy. Další údaje: Hodnota chyby: 2147942402
Error: (06/01/2016 10:41:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Sync Host_4a657 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restart the service.
Error: (06/01/2016 10:41:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (06/01/2016 10:30:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby NvStreamSvc bylo dosaženo časového limitu (30000 ms).
CodeIntegrity:
===================================
Date: 2016-05-27 16:07:21.278
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-05-14 01:06:54.035
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-05-11 17:51:07.746
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-05-11 10:54:51.440
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-05-03 20:44:44.541
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-05-03 20:31:03.195
Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-05-03 20:31:03.184
Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-05-03 20:31:02.690
Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-05-03 20:31:02.680
Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-15 15:46:31.456
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4800MQ CPU @ 2.70GHz
Percentage of memory in use: 8%
Total physical RAM: 32559.02 MB
Available physical RAM: 29696.33 MB
Total Virtual: 37423.02 MB
Available Virtual: 34111.63 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:221.34 GB) (Free:49.87 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:698.63 GB) (Free:497.98 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 4F5CC642)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 223.6 GB) (Disk ID: 48DEC6A0)
Partition: GPT.
==================== End of Addition.txt ============================
Ten Malwarebytes nenašel žádnou chybu ani hrozbu.
Jinak ještě na Váš dodaz, PC stále každých cca 30 minut zapne prhlížeš a naskakují mi tam ty stránky (s reklamami) Dobrej tah hackeru na peníze..
Znovu Vám mnohokrát děkuji za čas strávený se mnou
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-06-2016
Ran by Trnda (administrator) on YAN-TRNDA (03-06-2016 12:06:38)
Running from C:\Users\Trnda\Desktop
Loaded Profiles: Trnda (Available Profiles: Trnda)
Platform: Windows 10 Home Version 1511 (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\syswow64\PnkBstrA.exe
() C:\Windows\syswow64\PnkBstrB.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\syswow64\cmd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Valve Corporation) D:\Trnda\program\steam\Steam.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareTactXMacroController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) D:\Trnda\program\steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Valve Corporation) D:\Trnda\program\steam\bin\steamwebhelper.exe
(Valve Corporation) D:\Trnda\program\steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\syswow64\timeout.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-12-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-12-03] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945672 2015-07-16] (Synaptics Incorporated)
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [13840 2013-11-04] (Alienware)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-03-03] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\RunOnce: [AdBlock2] => C:\WINDOWS\AdBlock.exe [304162 2016-05-25] ( )
HKU\S-1-5-21-526843066-1090318809-1319604335-1001\...\Run: [Steam] => D:\Trnda\program\Steam\steam.exe [3077712 2016-04-30] (Valve Corporation)
HKU\S-1-5-21-526843066-1090318809-1319604335-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-526843066-1090318809-1319604335-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8721624 2016-05-13] (Piriform Ltd)
HKU\S-1-5-21-526843066-1090318809-1319604335-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1477392 2016-05-31] (Lavasoft)
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{892b557f-2386-4a96-8a91-77123a45b9fa}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{a0bcc66c-fa3b-4a4f-96be-1317c1987970}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
SearchScopes: HKU\S-1-5-21-526843066-1090318809-1319604335-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> No File
FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-03] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-526843066-1090318809-1319604335-1001: ubisoft.com/uplaypc -> C:\Hry\Settlers 7\Data\Base\_Dbg\Bin\Release\orbit\npuplaypc.dll [2013-02-26] (Ubisoft)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.facebook.com/","hxxp://himym.kinoti ... AXAkA38tBk.."
CHR Profile: C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Beautiful landscape) - C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambfimhigppdidfmelpjmojccbfdoeig [2016-05-27]
CHR Extension: (Disk Google) - C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-27]
CHR Extension: (YouTube) - C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-27]
CHR Extension: (Dokumenty Google offline) - C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-27]
CHR Extension: (AdBlock) - C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-01]
CHR Extension: (Auto HD For YouTube™) - C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2016-05-27]
CHR Extension: (Kontrola e-mailu Google) - C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2016-05-27]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-27]
CHR Extension: (Gmail) - C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-27]
CHR HKU\S-1-5-21-526843066-1090318809-1319604335-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-03-03] (NVIDIA Corporation)
S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2016-05-31] (Lavasoft Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-03-03] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-03-03] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-03-03] (NVIDIA Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [66872 2016-03-17] ()
R2 PnkBstrB; C:\WINDOWS\SysWOW64\PnkBstrB.exe [107832 2016-03-17] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-12-03] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-16] (Synaptics Incorporated)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [17168 2016-05-31] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7585280 2015-10-30] (Broadcom Corporation)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-10-30] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-10-30] (Microsoft Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
R0 EMSC; C:\Windows\System32\drivers\EMSC.SYS [17720 2012-07-10] ()
R3 Ke2200; C:\Windows\System32\drivers\e22w8x64.sys [174448 2012-12-03] (Qualcomm Atheros, Inc.)
R3 kiox_ff_driver; C:\Windows\System32\drivers\kiox_ff_driver.sys [41456 2015-06-15] (Kionix, Inc.)
S3 ksapi64; C:\WINDOWS\system32\drivers\ksapi64.sys [56680 2016-05-11] (Kingsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-03] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-03-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2016-03-03] (NVIDIA Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [42184 2015-07-16] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [42696 2015-07-16] (Synaptics Incorporated)
S3 ST_Accel; C:\Windows\System32\drivers\ST_Accel.sys [83456 2013-08-06] (STMicroelectronics)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-01 22:40 - 2016-06-01 22:42 - 00000080 _____ C:\Users\Trnda\Desktop\uTorrent.lnk
2016-06-01 22:35 - 2016-06-03 11:37 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-01 22:34 - 2016-06-01 22:42 - 00001167 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-01 22:34 - 2016-06-01 22:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-01 22:34 - 2016-06-01 22:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-01 22:34 - 2016-06-01 22:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-01 22:34 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-06-01 22:34 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-06-01 22:34 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-06-01 22:28 - 2016-06-01 22:29 - 00000000 ____D C:\Users\Trnda\Desktop\FRST-OlderVersion
2016-05-31 22:07 - 2016-06-01 22:42 - 00000840 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2016-05-31 22:07 - 2016-06-01 22:42 - 00000790 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2016-05-31 21:56 - 2016-05-31 21:56 - 00000213 _____ C:\Users\Trnda\Desktop\Dota 2.url
2016-05-31 21:51 - 2016-06-01 22:42 - 00000767 _____ C:\Users\Public\Desktop\Steam.lnk
2016-05-31 20:02 - 2016-06-03 12:06 - 00016126 _____ C:\Users\Trnda\Desktop\FRST.txt
2016-05-31 20:00 - 2016-06-03 12:06 - 00000000 ____D C:\FRST
2016-05-31 19:58 - 2016-06-01 22:28 - 02383872 _____ (Farbar) C:\Users\Trnda\Desktop\FRST64.exe
2016-05-31 18:22 - 2016-05-31 19:43 - 00000000 ____D C:\Users\Trnda\AppData\Roaming\Lavasoft
2016-05-31 18:22 - 2016-05-31 19:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-05-31 18:22 - 2016-05-31 18:57 - 00002968 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2016-05-31 18:22 - 2016-05-31 18:57 - 00002968 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2016-05-31 18:22 - 2016-05-31 18:22 - 00425744 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00000000 ____D C:\Users\Trnda\AppData\Local\Lavasoft
2016-05-31 18:22 - 2016-05-31 18:22 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2016-05-31 18:20 - 2016-05-31 19:43 - 00000000 ____D C:\ProgramData\Lavasoft
2016-05-31 18:16 - 2016-06-01 22:42 - 00000903 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-05-31 18:16 - 2016-05-31 18:16 - 00002858 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-05-31 18:16 - 2016-05-31 18:16 - 00000000 ____D C:\Program Files\CCleaner
2016-05-27 16:23 - 2016-06-03 11:34 - 00000980 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-27 16:23 - 2016-06-02 16:34 - 00000976 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-27 16:23 - 2016-06-02 03:34 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-27 16:23 - 2016-06-02 03:34 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-27 16:23 - 2016-05-27 16:29 - 00004038 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-27 16:23 - 2016-05-27 16:29 - 00003806 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-27 15:54 - 2016-05-27 15:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-05-27 15:37 - 2016-05-27 15:37 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-05-24 14:20 - 2016-05-24 14:20 - 00000000 ____D C:\Users\Trnda\AppData\Local\UE BOOM
2016-05-21 02:03 - 2016-05-21 02:03 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-21 02:03 - 2016-05-21 02:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-05-11 15:50 - 2016-05-11 15:50 - 00270296 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-11 11:11 - 2016-05-11 11:11 - 00000000 ____D C:\Users\Trnda\AppData\Local\ActiveSync
2016-05-11 10:54 - 2016-05-11 10:54 - 00000000 ____D C:\Users\Default\AppData\Local\Trusteer
2016-05-11 10:54 - 2016-05-11 10:54 - 00000000 ____D C:\Users\Default User\AppData\Local\Trusteer
2016-05-11 00:54 - 2016-05-11 00:54 - 00081768 _____ (Kingsoft Corporation) C:\WINDOWS\system32\Drivers\ksapi.sys
2016-05-11 00:54 - 2016-05-11 00:54 - 00056680 _____ (Kingsoft Corporation) C:\WINDOWS\system32\Drivers\ksapi64.sys
2016-05-11 00:54 - 2016-05-11 00:54 - 00000000 ____D C:\ProgramData\Kingsoft
2016-05-10 22:23 - 2016-04-23 06:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-10 22:23 - 2016-04-23 06:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-10 22:23 - 2016-04-23 06:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-10 22:23 - 2016-04-23 06:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-10 22:23 - 2016-04-23 06:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-10 22:23 - 2016-04-23 06:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-10 22:23 - 2016-04-23 06:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-10 22:23 - 2016-04-23 06:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-10 22:23 - 2016-04-23 06:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-10 22:23 - 2016-04-23 06:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-10 22:23 - 2016-04-23 06:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-10 22:23 - 2016-04-23 06:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-10 22:22 - 2016-05-06 06:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-10 22:22 - 2016-05-06 06:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-10 22:22 - 2016-05-06 06:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-10 22:22 - 2016-05-06 05:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-10 22:22 - 2016-05-06 05:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-10 22:22 - 2016-05-06 05:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-10 22:22 - 2016-05-06 05:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-10 22:22 - 2016-05-06 05:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-10 22:22 - 2016-04-30 08:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-10 22:22 - 2016-04-30 08:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-10 22:22 - 2016-04-23 08:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-10 22:22 - 2016-04-23 08:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-10 22:22 - 2016-04-23 08:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-10 22:22 - 2016-04-23 08:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-10 22:22 - 2016-04-23 08:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-10 22:22 - 2016-04-23 08:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-10 22:22 - 2016-04-23 08:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-10 22:22 - 2016-04-23 08:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-10 22:22 - 2016-04-23 07:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-10 22:22 - 2016-04-23 07:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-10 22:22 - 2016-04-23 07:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-10 22:22 - 2016-04-23 07:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-10 22:22 - 2016-04-23 07:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-10 22:22 - 2016-04-23 07:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-10 22:22 - 2016-04-23 07:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-10 22:22 - 2016-04-23 07:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-10 22:22 - 2016-04-23 07:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-10 22:22 - 2016-04-23 07:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-10 22:22 - 2016-04-23 07:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-10 22:22 - 2016-04-23 07:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-10 22:22 - 2016-04-23 07:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-10 22:22 - 2016-04-23 07:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-10 22:22 - 2016-04-23 07:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-10 22:22 - 2016-04-23 07:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-10 22:22 - 2016-04-23 07:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-10 22:22 - 2016-04-23 07:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-10 22:22 - 2016-04-23 07:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-10 22:22 - 2016-04-23 07:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-10 22:22 - 2016-04-23 07:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-10 22:22 - 2016-04-23 07:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-10 22:22 - 2016-04-23 07:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-10 22:22 - 2016-04-23 07:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-10 22:22 - 2016-04-23 07:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-10 22:22 - 2016-04-23 07:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-10 22:22 - 2016-04-23 07:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-10 22:22 - 2016-04-23 07:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-10 22:22 - 2016-04-23 07:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-10 22:22 - 2016-04-23 07:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-10 22:22 - 2016-04-23 07:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-10 22:22 - 2016-04-23 07:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-10 22:22 - 2016-04-23 07:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-10 22:22 - 2016-04-23 07:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-10 22:22 - 2016-04-23 07:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-10 22:22 - 2016-04-23 07:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-10 22:22 - 2016-04-23 07:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-10 22:22 - 2016-04-23 07:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-10 22:22 - 2016-04-23 07:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-10 22:22 - 2016-04-23 07:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-10 22:22 - 2016-04-23 07:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-10 22:22 - 2016-04-23 07:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-10 22:22 - 2016-04-23 07:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-10 22:22 - 2016-04-23 07:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-10 22:22 - 2016-04-23 07:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-10 22:22 - 2016-04-23 07:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-10 22:22 - 2016-04-23 07:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-10 22:22 - 2016-04-23 07:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-10 22:22 - 2016-04-23 07:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-10 22:22 - 2016-04-23 07:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-10 22:22 - 2016-04-23 07:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-10 22:22 - 2016-04-23 07:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-10 22:22 - 2016-04-23 07:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-10 22:22 - 2016-04-23 07:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-10 22:22 - 2016-04-23 07:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-10 22:22 - 2016-04-23 07:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-10 22:22 - 2016-04-23 07:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-10 22:22 - 2016-04-23 07:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-10 22:22 - 2016-04-23 07:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-10 22:22 - 2016-04-23 07:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-10 22:22 - 2016-04-23 07:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-10 22:22 - 2016-04-23 07:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-10 22:22 - 2016-04-23 06:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-10 22:22 - 2016-04-23 06:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-10 22:22 - 2016-04-23 06:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-10 22:22 - 2016-04-23 06:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-10 22:22 - 2016-04-23 06:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-10 22:22 - 2016-04-23 06:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-10 22:22 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-10 22:22 - 2016-04-23 06:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-10 22:22 - 2016-04-23 06:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-10 22:22 - 2016-04-23 06:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-10 22:22 - 2016-04-23 06:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-10 22:22 - 2016-04-23 06:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-10 22:22 - 2016-04-23 06:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-10 22:22 - 2016-04-23 06:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-10 22:22 - 2016-04-23 06:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-10 22:22 - 2016-04-23 06:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-10 22:22 - 2016-04-23 06:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-10 22:22 - 2016-04-23 06:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-10 22:22 - 2016-04-23 06:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-10 22:22 - 2016-04-23 06:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-10 22:22 - 2016-04-23 06:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-10 22:22 - 2016-04-23 06:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-10 22:22 - 2016-04-23 06:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-10 22:22 - 2016-04-23 06:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-10 22:22 - 2016-04-23 06:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-10 22:22 - 2016-04-23 06:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-10 22:22 - 2016-04-23 06:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-10 22:22 - 2016-04-23 06:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-10 22:22 - 2016-04-23 06:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-10 22:22 - 2016-04-23 06:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-10 22:22 - 2016-04-23 06:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-10 22:22 - 2016-04-23 06:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-10 22:22 - 2016-04-23 06:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-10 22:22 - 2016-04-23 06:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-10 22:22 - 2016-04-23 06:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-10 22:22 - 2016-04-23 06:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-10 22:22 - 2016-04-23 06:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-10 22:22 - 2016-04-23 06:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-10 22:22 - 2016-04-23 06:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-10 22:22 - 2016-04-23 06:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-10 22:22 - 2016-04-23 06:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-10 22:22 - 2016-04-23 06:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-10 22:22 - 2016-04-23 06:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-10 22:22 - 2016-04-23 06:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-10 22:22 - 2016-04-23 06:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-10 22:22 - 2016-04-23 06:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-10 22:22 - 2016-04-23 06:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-10 22:22 - 2016-04-23 06:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-10 22:22 - 2016-04-23 06:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-10 22:22 - 2016-04-23 06:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-10 22:22 - 2016-04-23 06:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-10 22:22 - 2016-04-23 06:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-10 22:22 - 2016-04-23 06:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-10 22:22 - 2016-04-23 06:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-10 22:22 - 2016-04-23 06:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-10 22:22 - 2016-04-23 06:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-10 22:22 - 2016-04-23 06:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-10 22:22 - 2016-04-23 06:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-10 22:22 - 2016-04-23 06:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-10 22:22 - 2016-04-23 06:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-10 22:22 - 2016-04-23 06:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-10 22:22 - 2016-04-23 06:18 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-05-10 22:22 - 2016-04-23 06:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-10 22:22 - 2016-04-23 06:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-10 22:22 - 2016-04-23 06:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-10 22:22 - 2016-04-23 06:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-10 22:22 - 2016-04-23 06:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-10 22:22 - 2016-04-23 06:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-10 22:22 - 2016-04-23 06:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-10 22:22 - 2016-04-23 06:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-10 22:22 - 2016-04-23 06:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-10 22:22 - 2016-04-23 06:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-10 22:22 - 2016-04-23 06:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-10 22:22 - 2016-04-23 06:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-10 22:22 - 2016-04-23 06:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-10 22:22 - 2016-04-23 06:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-10 22:22 - 2016-04-23 06:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-10 22:22 - 2016-04-23 06:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-10 22:22 - 2016-04-23 06:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-10 22:22 - 2016-04-23 06:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-10 22:22 - 2016-04-23 06:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-10 22:22 - 2016-04-23 06:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-10 22:22 - 2016-04-23 06:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-10 22:22 - 2016-04-23 06:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-10 22:22 - 2016-04-23 06:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-10 22:22 - 2016-04-23 06:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-10 22:22 - 2016-04-23 06:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-10 22:22 - 2016-04-23 06:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-10 22:22 - 2016-04-23 06:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-10 22:22 - 2016-04-23 06:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-10 22:22 - 2016-04-23 06:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-10 22:22 - 2016-04-23 06:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-10 22:22 - 2016-04-23 06:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-10 22:22 - 2016-04-23 06:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-10 22:22 - 2016-04-23 06:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-10 22:22 - 2016-04-23 06:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-10 22:22 - 2016-04-23 06:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-10 22:22 - 2016-04-23 06:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-10 22:22 - 2016-04-23 06:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-10 22:22 - 2016-04-23 06:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-10 22:22 - 2016-04-23 06:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-10 22:22 - 2016-04-23 06:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-10 22:22 - 2016-04-23 06:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-10 22:22 - 2016-04-23 06:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-10 22:22 - 2016-04-23 06:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-10 22:22 - 2016-04-23 06:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-10 22:22 - 2016-04-23 06:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-10 22:22 - 2016-04-23 06:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-10 22:22 - 2016-04-23 06:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-10 22:22 - 2016-04-23 06:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-10 22:22 - 2016-04-23 06:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-10 22:22 - 2016-04-23 06:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-10 22:22 - 2016-04-23 06:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-10 22:22 - 2016-04-23 06:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-10 22:22 - 2016-04-23 06:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-10 22:22 - 2016-04-23 06:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-10 22:22 - 2016-04-23 06:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-10 22:22 - 2016-04-23 06:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-10 22:22 - 2016-04-23 06:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-10 22:22 - 2016-04-23 06:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-10 22:22 - 2016-04-23 06:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-10 22:22 - 2016-04-23 06:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-10 22:22 - 2016-04-23 06:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-10 22:22 - 2016-04-23 06:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-10 22:22 - 2016-04-23 06:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-10 22:22 - 2016-04-23 05:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-10 22:22 - 2016-04-23 04:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-10 22:21 - 2016-04-23 06:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-10 22:21 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-10 22:21 - 2016-04-23 06:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-10 22:21 - 2016-04-23 06:30 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-05-10 22:21 - 2016-04-23 06:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-10 22:21 - 2016-04-23 06:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-10 22:21 - 2016-04-23 06:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-10 22:21 - 2016-04-23 06:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-10 22:21 - 2016-04-23 06:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-10 22:21 - 2016-04-23 06:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-10 22:21 - 2016-04-23 06:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-10 22:21 - 2016-04-23 06:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-10 22:21 - 2016-04-23 06:18 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-05-10 22:21 - 2016-04-23 06:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-10 22:21 - 2016-04-23 04:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-10 22:21 - 2016-04-19 00:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-05-10 14:12 - 2016-05-25 02:50 - 00304162 _____ ( ) C:\WINDOWS\AdBlock.exe
2016-05-09 21:51 - 2016-05-09 21:51 - 00000000 ____D C:\Users\Trnda\Tracing
2016-05-09 21:49 - 2016-06-01 22:42 - 00002652 _____ C:\Users\Public\Desktop\Skype.lnk
2016-05-09 21:49 - 2016-05-25 13:01 - 00000000 ____D C:\Users\Trnda\AppData\Roaming\Skype
2016-05-09 21:49 - 2016-05-21 02:03 - 00000000 ____D C:\ProgramData\Skype
2016-05-08 22:31 - 2016-05-08 22:31 - 00000000 ____D C:\Users\Trnda\AppData\Local\Trusteer
2016-05-04 10:51 - 2016-05-04 10:51 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2016-05-04 10:51 - 2016-05-04 10:51 - 00000000 ____D C:\WINDOWS\system32\vbox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-03 11:24 - 2016-03-07 08:48 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-03 11:24 - 2016-03-07 08:48 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-03 11:22 - 2016-03-08 19:54 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{336B2C55-E47F-488C-BE08-5B7E380B515C}
2016-06-02 19:45 - 2016-03-15 01:22 - 00000000 ____D C:\Users\Trnda\AppData\Roaming\TS3Client
2016-06-01 22:46 - 2016-03-20 23:18 - 00751256 _____ C:\WINDOWS\system32\perfh005.dat
2016-06-01 22:46 - 2016-03-20 23:18 - 00150864 _____ C:\WINDOWS\system32\perfc005.dat
2016-06-01 22:46 - 2016-03-07 09:38 - 01771468 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-01 22:46 - 2016-03-07 08:47 - 00000000 ____D C:\WINDOWS\INF
2016-06-01 22:42 - 2016-03-27 17:47 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-06-01 22:42 - 2016-03-14 22:26 - 00000988 _____ C:\Users\Trnda\Desktop\Wow - Shortcut.lnk
2016-06-01 22:42 - 2016-03-14 18:52 - 00000786 _____ C:\Users\Trnda\Desktop\Fallout 4.lnk
2016-06-01 22:42 - 2016-03-14 17:11 - 00001165 _____ C:\Users\Trnda\Desktop\The Settlers7 - Shortcut.lnk
2016-06-01 22:42 - 2016-03-09 04:17 - 00001276 _____ C:\Users\Trnda\Desktop\Uplay.lnk
2016-06-01 22:42 - 2016-03-08 14:34 - 00001926 _____ C:\Users\Public\Desktop\Alienware Command Center.lnk
2016-06-01 22:42 - 2016-03-08 13:54 - 00000757 _____ C:\Users\Trnda\Desktop\Mafia II.lnk
2016-06-01 22:42 - 2016-03-07 20:13 - 00000599 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grand Theft Auto V.lnk
2016-06-01 22:42 - 2016-03-07 20:13 - 00000581 _____ C:\Users\Public\Desktop\Grand Theft Auto V.lnk
2016-06-01 22:42 - 2016-03-07 09:57 - 00000420 _____ C:\Users\Trnda\Desktop\Šarlotka.lnk
2016-06-01 22:42 - 2016-03-07 09:50 - 00002336 _____ C:\Users\Trnda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-06-01 22:42 - 2016-03-07 09:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-01 22:42 - 2016-03-07 09:33 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-01 22:42 - 2016-03-07 08:42 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-06-01 22:42 - 2015-10-30 09:19 - 00002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
2016-06-01 22:42 - 2015-10-30 09:19 - 00002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk
2016-06-01 22:42 - 2015-10-30 09:19 - 00002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devices Flow.lnk
2016-06-01 22:42 - 2015-10-30 09:18 - 00001590 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
2016-06-01 22:42 - 2015-10-30 09:18 - 00000853 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk
2016-06-01 22:42 - 2015-10-30 09:17 - 00002325 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk
2016-06-01 22:40 - 2016-05-03 20:34 - 00000000 ____D C:\Users\Trnda\AppData\Local\Apps\2.0
2016-06-01 22:40 - 2016-03-07 10:00 - 00000000 ____D C:\Users\Trnda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2016-05-31 19:53 - 2016-03-08 14:55 - 00000000 ____D C:\Users\Trnda\AppData\Local\CrashDumps
2016-05-31 19:45 - 2016-05-03 20:10 - 00000085 _____ C:\WINDOWS\wininit.ini
2016-05-30 12:13 - 2016-03-07 08:48 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-05-27 16:41 - 2016-03-07 08:48 - 00000000 ____D C:\WINDOWS\rescache
2016-05-27 16:23 - 2016-03-07 09:54 - 00000000 ____D C:\Users\Trnda\AppData\Local\Google
2016-05-27 16:23 - 2016-03-07 09:54 - 00000000 ____D C:\Program Files (x86)\Google
2016-05-27 16:10 - 2016-03-07 01:51 - 00007596 _____ C:\Users\Trnda\AppData\Local\Resmon.ResmonCfg
2016-05-27 16:01 - 2016-05-03 20:41 - 00000000 ____D C:\ProgramData\AVAST Software
2016-05-27 16:00 - 2016-03-07 09:48 - 00000000 ____D C:\Users\Trnda\AppData\Local\Packages
2016-05-27 15:42 - 2016-03-07 09:48 - 00000000 ____D C:\Users\Trnda
2016-05-23 00:55 - 2016-03-09 04:25 - 00000000 ____D C:\Users\Trnda\Documents\Settlers7
2016-05-15 00:16 - 2016-05-03 20:39 - 00000000 ____D C:\Users\Trnda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
2016-05-13 22:23 - 2016-03-07 08:44 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-11 21:57 - 2016-03-07 08:48 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 21:57 - 2016-03-07 08:48 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 11:11 - 2016-03-07 08:52 - 00000000 ___DC C:\WINDOWS\Panther
2016-05-11 11:09 - 2016-03-07 09:48 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-11 10:35 - 2016-03-07 08:48 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-11 10:35 - 2016-03-07 08:48 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-11 10:35 - 2016-03-07 08:48 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-11 10:35 - 2016-03-07 08:48 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-11 10:35 - 2016-03-07 08:48 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 10:34 - 2016-03-07 08:48 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-11 04:19 - 2016-03-07 09:54 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 04:14 - 2016-03-07 09:54 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-10 23:18 - 2016-03-07 09:48 - 00000000 ____D C:\Users\Trnda\AppData\Local\VirtualStore
==================== Files in the root of some directories =======
2016-03-07 01:51 - 2016-05-27 16:10 - 0007596 _____ () C:\Users\Trnda\AppData\Local\Resmon.ResmonCfg
2016-05-27 15:37 - 2016-05-27 15:37 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Trnda\AppData\Local\Temp\dcac43a7-524d-4a10-ace1-584234301725.exe
C:\Users\Trnda\AppData\Local\Temp\libeay32.dll
C:\Users\Trnda\AppData\Local\Temp\msvcr120.dll
C:\Users\Trnda\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-05-25 11:27
==================== End of FRST.txt ============================
a zde je log addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version:01-06-2016
Ran by Trnda (2016-06-03 12:06:57)
Running from C:\Users\Trnda\Desktop
Windows 10 Home Version 1511 (X64) (2016-03-07 07:47:04)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-526843066-1090318809-1319604335-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-526843066-1090318809-1319604335-503 - Limited - Disabled)
Guest (S-1-5-21-526843066-1090318809-1319604335-501 - Limited - Disabled)
Trnda (S-1-5-21-526843066-1090318809-1319604335-1001 - Administrator - Enabled) => C:\Users\Trnda
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Alienware Command Center (HKLM-x32\...\InstallShield_{D4CE21D4-27E5-46DB-9FFE-553A90AD4B9F}) (Version: 3.5.14.0 - Alienware Corp.)
Alienware Command Center (Version: 3.5.14.0 - Alienware Corp.) Hidden
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
Dota 2 (HKLM\...\Steam App 570) (Version: - Valve)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version: - )
Far Cry 2 (HKLM\...\Steam App 19900) (Version: - Ubisoft Montreal)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.79 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - )
Malwarebytes Anti-Malware verze 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
NVIDIA 3D Vision Driver 364.47 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.47 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.47 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.47 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
The Settlers 7 - Paths to a Kingdom (HKLM-x32\...\{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}) (Version: 1.12.1396 - Ubisoft)
The Witcher: Enhanced Edition (HKLM\...\Steam App 20900) (Version: - CD PROJEKT RED)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
Web Companion (HKLM-x32\...\{edf78454-e073-4393-8f24-2e9e2cc72f03}) (Version: 2.3.1411.2698 - Lavasoft)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {04A59B06-E06C-46D8-A38C-93861A35522D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-27] (Google Inc.)
Task: {201A0235-F8F0-4940-9CE5-821522093AB0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
Task: {302F1E1B-2295-4F32-8AE4-168243FC4452} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-27] (Google Inc.)
Task: {56302F31-01E9-48B8-A8A1-14B2458C3E0D} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {C4443BDA-5EBD-4A4A-8042-ABE04A08B807} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {F47C7EF5-E593-41F5-8DBC-024C290574C4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-05-13] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-07 09:33 - 2016-03-03 11:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-17 21:32 - 2016-03-17 21:32 - 00066872 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2016-03-17 21:32 - 2016-03-17 21:32 - 00107832 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2016-05-31 18:22 - 2016-05-31 18:22 - 00017168 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2016-05-31 18:22 - 2016-05-31 18:22 - 00008976 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00028944 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2016-04-13 19:12 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 19:12 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-30 18:22 - 2016-04-30 18:22 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-18 21:25 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-10 22:21 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-10 22:21 - 2016-04-23 06:25 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-05-10 22:22 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-10 22:22 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-10 22:22 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-10 22:22 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-05-13 18:44 - 2016-05-13 18:44 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2016-05-27 16:23 - 2016-05-25 01:24 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.63\libglesv2.dll
2016-05-27 16:23 - 2016-05-25 01:24 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.63\libegl.dll
2016-04-30 18:22 - 2016-04-30 18:22 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-30 18:22 - 2016-04-30 18:22 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-03-08 14:41 - 2016-03-03 14:16 - 00020352 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-05-31 21:52 - 2016-04-29 22:10 - 00785920 _____ () D:\Trnda\program\steam\SDL2.dll
2016-05-31 21:52 - 2015-07-03 18:12 - 04962816 _____ () D:\Trnda\program\steam\v8.dll
2016-05-31 21:52 - 2016-04-30 02:10 - 02549840 _____ () D:\Trnda\program\steam\video.dll
2016-05-31 21:52 - 2015-07-03 18:12 - 01556992 _____ () D:\Trnda\program\steam\icui18n.dll
2016-05-31 21:52 - 2015-07-03 18:12 - 01187840 _____ () D:\Trnda\program\steam\icuuc.dll
2016-05-31 21:52 - 2016-02-09 01:14 - 02549760 _____ () D:\Trnda\program\steam\libavcodec-56.dll
2016-05-31 21:52 - 2016-02-09 01:14 - 00491008 _____ () D:\Trnda\program\steam\libavformat-56.dll
2016-05-31 21:52 - 2016-02-09 01:14 - 00332800 _____ () D:\Trnda\program\steam\libavresample-2.dll
2016-05-31 21:52 - 2016-02-09 01:14 - 00442880 _____ () D:\Trnda\program\steam\libavutil-54.dll
2016-05-31 21:52 - 2016-02-09 01:14 - 00485888 _____ () D:\Trnda\program\steam\libswscale-3.dll
2016-05-31 21:52 - 2016-04-30 02:10 - 00829008 _____ () D:\Trnda\program\steam\bin\chromehtml.DLL
2016-05-31 21:52 - 2016-02-18 00:25 - 00281088 _____ () D:\Trnda\program\steam\openvr_api.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00121104 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00050448 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Common.Platform.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00010000 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.UpdateComponents.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00295696 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00022288 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AvastWrapper.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00046864 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00012560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00120080 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00029968 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
2016-05-31 18:22 - 2016-05-31 18:22 - 00036112 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
2016-05-31 21:52 - 2016-04-28 03:00 - 49825056 _____ () D:\Trnda\program\steam\bin\libcef.dll
2016-05-31 21:52 - 2015-09-25 01:56 - 00119208 _____ () D:\Trnda\program\steam\winh264.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-526843066-1090318809-1319604335-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-526843066-1090318809-1319604335-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-03-07 08:48 - 2016-05-03 20:31 - 00001006 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-526843066-1090318809-1319604335-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "IDSCCOM4ZU"
HKLM\...\StartupApproved\Run: => "IDSCCOMJWL"
HKLM\...\StartupApproved\Run32: => " QQPCTray"
HKU\S-1-5-21-526843066-1090318809-1319604335-1001\...\StartupApproved\Run: => "EA Core"
HKU\S-1-5-21-526843066-1090318809-1319604335-1001\...\StartupApproved\Run: => "Skype"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{EC336A67-D9B7-4938-A849-8A037CA2CCEA}C:\users\trnda\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\trnda\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{85DE5CB3-68A4-4BCD-8D86-101F90934101}C:\users\trnda\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\trnda\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{B191C720-3CE9-4491-80D0-57EB3F44F377}C:\hry\grand theft auto v\gta5.exe] => (Block) C:\hry\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{F5BBCE8F-0C21-4F9F-9E88-171D968C0662}C:\hry\grand theft auto v\gta5.exe] => (Block) C:\hry\grand theft auto v\gta5.exe
FirewallRules: [{5F2053B8-EC1D-4B05-8B9A-CD415DCC3038}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AE9441FD-09FB-41F4-9C5F-A91CE86CEB44}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D669CD62-F87B-48BF-B6EB-CB0842722093}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{70E2BF07-E5F2-4EAB-9791-110E683FE1DF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{BE0CF42A-90EC-419D-A03C-9893EEB6E2E9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{B82B5200-1BD8-4722-945F-3F10CF0F647C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{91F632D5-24EF-4129-A797-CA91725BEA16}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6D3A74F4-4013-497B-B70B-9C2BE2965FA0}] => (Allow) C:\Hry\Settlers 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe
FirewallRules: [{E5B1B87C-6FA2-47FC-930D-B146564FDA0F}] => (Allow) C:\Hry\Settlers 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe
FirewallRules: [{C6477248-013E-41C6-BC0B-23FE3257A55E}] => (Allow) D:\Trnda\program\Steam.exe
FirewallRules: [{066DE121-EDE6-4C21-90E6-B62B5E398A72}] => (Allow) D:\Trnda\program\Steam.exe
FirewallRules: [{DBEA109A-2A5C-4D17-9108-74BCF3A5BBC1}] => (Allow) D:\Trnda\program\bin\steamwebhelper.exe
FirewallRules: [{4F678B36-406F-4AAC-953E-D82BF70537FC}] => (Allow) D:\Trnda\program\bin\steamwebhelper.exe
FirewallRules: [{22905867-2B88-460A-8C4A-888ED2117EC3}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{71C8E302-2637-487F-8D14-00701A03A85E}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{89EC871A-0603-4228-90BD-D7537E90FC01}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{CCC6636D-83FE-4D22-8E86-8725EB9CF063}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{E0A72183-6E95-4007-92A4-FD697493E34F}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{19AD0D75-1302-4903-A4CA-68D0E7BE2EED}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{8CCEFE59-3DCE-4D5C-8FB9-B3B8226A397D}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{53CFDF5D-4F90-4B32-9E34-EA27C57FB420}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{07FBEEF9-9B56-46D2-9068-AFDF91173EED}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\Far Cry 2\bin\FarCry2.exe
FirewallRules: [{4CC7054F-8880-404B-83B4-C316983199C3}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\Far Cry 2\bin\FarCry2.exe
FirewallRules: [{C980B6D9-AE53-4DF9-8B1C-4DF2E7179AB8}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\Far Cry 2\bin\FC2Editor.exe
FirewallRules: [{13043A17-5AD8-4997-86B5-FD3A2004BBA9}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\Far Cry 2\bin\FC2Editor.exe
FirewallRules: [{84266AEE-5254-4202-80AB-51CD7B7DC200}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\Far Cry 2\bin\FC2BenchmarkTool.exe
FirewallRules: [{B17C5DCA-2109-4336-9F39-06042C8112B9}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\Far Cry 2\bin\FC2BenchmarkTool.exe
FirewallRules: [{CB4C2F91-B79D-46EC-A86A-381D02737941}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\Far Cry 2\bin\FC2ServerLauncher.exe
FirewallRules: [{3494D051-026D-4006-ABA3-2A6C9EF0CB10}] => (Allow) C:\Hry\SteamLibrary\steamapps\common\Far Cry 2\bin\FC2ServerLauncher.exe
FirewallRules: [{2F57C1FF-92E4-408D-A18E-FA4315088273}] => (Allow) C:\Windows\syswow64\PnkBstrA.exe
FirewallRules: [{5F8B8F4C-3EE6-45AC-95A6-91192B5D4A49}] => (Allow) C:\Windows\syswow64\PnkBstrA.exe
FirewallRules: [{53C45F13-B47C-412B-A654-A455BF252B1E}] => (Allow) C:\Windows\syswow64\PnkBstrB.exe
FirewallRules: [{5C46D6BA-1E18-4C90-9C5A-B458CF97549D}] => (Allow) C:\Windows\syswow64\PnkBstrB.exe
FirewallRules: [TCP Query User{C97C5D69-9EAC-40D3-AAA2-81AD00C0ED2C}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A254D245-20C0-449A-8EBB-2EF21FCD88DD}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{261DCAAD-DE9E-4AE5-AB3E-D9C436B2E310}] => (Allow) D:\Trnda\program\steam\Steam.exe
FirewallRules: [{A0B9198B-7826-4E1E-BE88-F5853DABE78B}] => (Allow) D:\Trnda\program\steam\Steam.exe
FirewallRules: [{BC76EF3F-114C-4A82-B4AD-59C1C6ECC316}] => (Allow) D:\Trnda\program\steam\bin\steamwebhelper.exe
FirewallRules: [{AEC74C1B-82B4-4F02-AA3B-DF5334F9F8A9}] => (Allow) D:\Trnda\program\steam\bin\steamwebhelper.exe
FirewallRules: [{463E7A1A-E56B-4877-A3CC-D469F8B793EA}] => (Allow) D:\Trnda\program\steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0024E549-53D0-4310-91CD-0DDB3A51BBDB}] => (Allow) D:\Trnda\program\steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8E3AB3C9-3B82-4C5F-AACF-1A66E6C43770}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
29-05-2016 11:46:14 Scheduled Checkpoint
31-05-2016 18:20:35 AA11
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/01/2016 10:42:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe, verze: 10.0.10586.0, časové razítko: 0x5632d7ba
Název chybujícího modulu: ESENT.dll, verze: 10.0.10586.212, časové razítko: 0x56fa1686
Kód výjimky: 0xc0000602
Posun chyby: 0x000000000022885f
ID chybujícího procesu: 0x9ec
Čas spuštění chybující aplikace: 0xsvchost.exe0
Cesta k chybující aplikaci: svchost.exe1
Cesta k chybujícímu modulu: svchost.exe2
ID zprávy: svchost.exe3
Úplný název chybujícího balíčku: svchost.exe4
ID aplikace související s chybujícím balíčkem: svchost.exe5
Error: (06/01/2016 10:42:13 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (2540) Proces se ukončuje kvůli neopravitelnému selhání: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1603(fucb.cxx:359): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS).
Error: (05/31/2016 07:53:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SystemSettings.exe, verze: 10.0.10586.11, časové razítko: 0x56457cb1
Název chybujícího modulu: SettingsHandlers_StorageSense.dll, verze: 10.0.10586.0, časové razítko: 0x5632d693
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000176d3
ID chybujícího procesu: 0x1bb0
Čas spuštění chybující aplikace: 0xSystemSettings.exe0
Cesta k chybující aplikaci: SystemSettings.exe1
Cesta k chybujícímu modulu: SystemSettings.exe2
ID zprávy: SystemSettings.exe3
Úplný název chybujícího balíčku: SystemSettings.exe4
ID aplikace související s chybujícím balíčkem: SystemSettings.exe5
Error: (05/31/2016 07:45:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe, verze: 10.0.10586.0, časové razítko: 0x5632d7ba
Název chybujícího modulu: ESENT.dll, verze: 10.0.10586.212, časové razítko: 0x56fa1686
Kód výjimky: 0xc0000602
Posun chyby: 0x000000000022885f
ID chybujícího procesu: 0xa44
Čas spuštění chybující aplikace: 0xsvchost.exe0
Cesta k chybující aplikaci: svchost.exe1
Cesta k chybujícímu modulu: svchost.exe2
ID zprávy: svchost.exe3
Úplný název chybujícího balíčku: svchost.exe4
ID aplikace související s chybujícím balíčkem: svchost.exe5
Error: (05/31/2016 07:45:43 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (2628) Proces se ukončuje kvůli neopravitelnému selhání: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1054(tm.cxx:1630): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS).
Error: (05/31/2016 06:57:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe, verze: 10.0.10586.0, časové razítko: 0x5632d7ba
Název chybujícího modulu: ESENT.dll, verze: 10.0.10586.212, časové razítko: 0x56fa1686
Kód výjimky: 0xc0000602
Posun chyby: 0x000000000022885f
ID chybujícího procesu: 0x94c
Čas spuštění chybující aplikace: 0xsvchost.exe0
Cesta k chybující aplikaci: svchost.exe1
Cesta k chybujícímu modulu: svchost.exe2
ID zprávy: svchost.exe3
Úplný název chybujícího balíčku: svchost.exe4
ID aplikace související s chybujícím balíčkem: svchost.exe5
Error: (05/31/2016 06:57:04 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (2380) Proces se ukončuje kvůli neopravitelnému selhání: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1603(bt.cxx:1768): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS).
Error: (05/31/2016 06:20:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.
Details:
AddWin32ServiceFiles: Unable to back up image of service QQRepair1682 since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (05/31/2016 06:20:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (05/30/2016 05:22:03 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
System errors:
=============
Error: (06/03/2016 03:07:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (06/02/2016 03:53:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (06/01/2016 10:42:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby NvStreamSvc bylo dosaženo časového limitu (30000 ms).
Error: (06/01/2016 10:42:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba State Repository Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restart the service.
Error: (06/01/2016 10:42:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (06/01/2016 10:41:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby NvStreamSvc bylo dosaženo časového limitu (30000 ms).
Error: (06/01/2016 10:41:45 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Službě Plánovač úloh se při spuštění nepodařilo načíst úlohy. Další údaje: Hodnota chyby: 2147942402
Error: (06/01/2016 10:41:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Sync Host_4a657 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restart the service.
Error: (06/01/2016 10:41:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (06/01/2016 10:30:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby NvStreamSvc bylo dosaženo časového limitu (30000 ms).
CodeIntegrity:
===================================
Date: 2016-05-27 16:07:21.278
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-05-14 01:06:54.035
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-05-11 17:51:07.746
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-05-11 10:54:51.440
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-05-03 20:44:44.541
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-05-03 20:31:03.195
Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-05-03 20:31:03.184
Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-05-03 20:31:02.690
Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-05-03 20:31:02.680
Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-15 15:46:31.456
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4800MQ CPU @ 2.70GHz
Percentage of memory in use: 8%
Total physical RAM: 32559.02 MB
Available physical RAM: 29696.33 MB
Total Virtual: 37423.02 MB
Available Virtual: 34111.63 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:221.34 GB) (Free:49.87 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:698.63 GB) (Free:497.98 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 4F5CC642)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 223.6 GB) (Disk ID: 48DEC6A0)
Partition: GPT.
==================== End of Addition.txt ============================
Ten Malwarebytes nenašel žádnou chybu ani hrozbu.
Jinak ještě na Váš dodaz, PC stále každých cca 30 minut zapne prhlížeš a naskakují mi tam ty stránky (s reklamami) Dobrej tah hackeru na peníze..
Znovu Vám mnohokrát děkuji za čas strávený se mnou
Re: Pro Motji
Zkuste najít tento program a smazat C:\Users\Trnda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器.
Dělá to ve všech prohlížečích?
zkuste ještě tohle
https://www.pcrisk.cz/jak-odstranit-spy ... cu-vychozi
Dělá to ve všech prohlížečích?
zkuste ještě tohle
https://www.pcrisk.cz/jak-odstranit-spy ... cu-vychozi
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Pro Motji
Ano, dělá to v každém prohlížeči, který je nastavený jako výchozí.
Smazal jsem vámi popsanou složku a stále to dělá, reinstaloval jsem google chrome, a obnovil Explorer.
Ale stale vyskakují reklamy
Smazal jsem vámi popsanou složku a stále to dělá, reinstaloval jsem google chrome, a obnovil Explorer.
Ale stale vyskakují reklamy
Re: Pro Motji
Stáhněte AdwCleaner http://www.bleepingcomputer.com/download/adwcleaner/
-Uložte program na plochu a ukončete všechny spuštěné programy .
-spusťte AdwCleaner, klikněte na Scan a po dokončení skenu na Clean
- provede se oprava, restartuje se pc - (případně restartujte) a objeví se log C:\AdwCleaner\AdwCleaner.txt , obsah logu zkopírujte zde.
_________________
-Uložte program na plochu a ukončete všechny spuštěné programy .
-spusťte AdwCleaner, klikněte na Scan a po dokončení skenu na Clean
- provede se oprava, restartuje se pc - (případně restartujte) a objeví se log C:\AdwCleaner\AdwCleaner.txt , obsah logu zkopírujte zde.
_________________
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Pro Motji
# AdwCleaner v5.119 - Logfile created 05/06/2016 at 11:33:30
# Updated 30/05/2016 by Xplode
# Database : 2016-06-03.1 [Server]
# Operating system : Windows 10 Home (X64)
# Username : Trnda - YAN-TRNDA
# Running from : C:\Users\Trnda\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum
***** [ Services ] *****
[-] Service Deleted : LavasoftTcpService
[-] Service Deleted : WCAssistantService
***** [ Folders ] *****
[-] Folder Deleted : C:\ProgramData\lavasoft\web companion
[#] Folder Deleted : C:\ProgramData\Application Data\lavasoft\web companion
[-] Folder Deleted : C:\Program Files (x86)\lavasoft\web companion
[-] Folder Deleted : C:\Users\Trnda\AppData\Roaming\lavasoft\web companion
[-] Folder Deleted : C:\Users\Public\Documents\dmp
[-] Folder Deleted : C:\Users\Trnda\AppData\Local\app
***** [ Files ] *****
[-] File Deleted : C:\WINDOWS\AdBlock.exe
[-] File Deleted : C:\WINDOWS\SysWOW64\lavasofttcpservice.dll
[-] File Deleted : C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
[-] File Deleted : C:\WINDOWS\SysNative\LavasoftTcpService64.dll
[-] File Deleted : C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
***** [ DLLs ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Value Deleted : HKLM\SOFTWARE\RegisteredApplications [Yeaplayer]
[-] Key Deleted : HKLM\SOFTWARE\Clients\Media\yeaplayer
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
[-] Key Deleted : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextScan
[-] Key Deleted : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextUninstall
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCMgrRepairIEExtensions
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.3gp
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.aac
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.ac3
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.ape
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.avi
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.f4v
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.flac
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.flv
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.m4v
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.mkv
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.mov
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.mp3
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.mp4
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.mpeg
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.mpg
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.ogg
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.rm
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.rmvb
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.vob
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.wav
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.wma
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.wmv
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}
[-] Key Deleted : HKCU\Software\UCBrowserPID
[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
[-] Key Deleted : HKLM\SOFTWARE\Lavasoft\Web Companion
[-] Key Deleted : HKLM\SOFTWARE\UCBrowserPID
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\2345.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.2345.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\2345.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.2345.com
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
[#] Value Deleted : HKU\S-1-5-21-526843066-1090318809-1319604335-1001\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
[-] Value Deleted : HKU\S-1-5-21-526843066-1090318809-1319604335-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Yeaplayer]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce [AdBlock2]
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpSvc
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
***** [ Web browsers ] *****
[-] [C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : hohosearch
[-] [C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : botanicula.en.softonic.com
[-] [C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.hohosearch.com/?mode=nnnb&ptid=epf1 ... AXAkA38tBk..
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [6278 bytes] - [05/06/2016 11:33:30]
C:\AdwCleaner\AdwCleaner[S1].txt - [6120 bytes] - [05/06/2016 11:32:49]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [6424 bytes] ##########
# Updated 30/05/2016 by Xplode
# Database : 2016-06-03.1 [Server]
# Operating system : Windows 10 Home (X64)
# Username : Trnda - YAN-TRNDA
# Running from : C:\Users\Trnda\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum
***** [ Services ] *****
[-] Service Deleted : LavasoftTcpService
[-] Service Deleted : WCAssistantService
***** [ Folders ] *****
[-] Folder Deleted : C:\ProgramData\lavasoft\web companion
[#] Folder Deleted : C:\ProgramData\Application Data\lavasoft\web companion
[-] Folder Deleted : C:\Program Files (x86)\lavasoft\web companion
[-] Folder Deleted : C:\Users\Trnda\AppData\Roaming\lavasoft\web companion
[-] Folder Deleted : C:\Users\Public\Documents\dmp
[-] Folder Deleted : C:\Users\Trnda\AppData\Local\app
***** [ Files ] *****
[-] File Deleted : C:\WINDOWS\AdBlock.exe
[-] File Deleted : C:\WINDOWS\SysWOW64\lavasofttcpservice.dll
[-] File Deleted : C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
[-] File Deleted : C:\WINDOWS\SysNative\LavasoftTcpService64.dll
[-] File Deleted : C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
***** [ DLLs ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Value Deleted : HKLM\SOFTWARE\RegisteredApplications [Yeaplayer]
[-] Key Deleted : HKLM\SOFTWARE\Clients\Media\yeaplayer
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
[-] Key Deleted : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextScan
[-] Key Deleted : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextUninstall
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCMgrRepairIEExtensions
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.3gp
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.aac
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.ac3
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.ape
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.avi
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.f4v
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.flac
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.flv
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.m4v
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.mkv
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.mov
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.mp3
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.mp4
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.mpeg
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.mpg
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.ogg
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.rm
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.rmvb
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.vob
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.wav
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.wma
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yeaplayer.wmv
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}
[-] Key Deleted : HKCU\Software\UCBrowserPID
[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
[-] Key Deleted : HKLM\SOFTWARE\Lavasoft\Web Companion
[-] Key Deleted : HKLM\SOFTWARE\UCBrowserPID
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\2345.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.2345.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\2345.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.2345.com
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
[#] Value Deleted : HKU\S-1-5-21-526843066-1090318809-1319604335-1001\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
[-] Value Deleted : HKU\S-1-5-21-526843066-1090318809-1319604335-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Yeaplayer]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce [AdBlock2]
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpSvc
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
***** [ Web browsers ] *****
[-] [C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : hohosearch
[-] [C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : botanicula.en.softonic.com
[-] [C:\Users\Trnda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.hohosearch.com/?mode=nnnb&ptid=epf1 ... AXAkA38tBk..
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [6278 bytes] - [05/06/2016 11:33:30]
C:\AdwCleaner\AdwCleaner[S1].txt - [6120 bytes] - [05/06/2016 11:32:49]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [6424 bytes] ##########
Re: Pro Motji
pěkné.Pomohlo to ?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?