problem s mail.ru ve firefoxu

[copus]

Dobrý den.
Prosím o pomoc.Po spuštění exe souboru z ruské stránky (firmware na tablet) se mi v PC usadila havěť.
Po boji se mi vAntimalware podařilo odstranit :
Soubory: 2
Spyware.InfoStealer, C:\Users\lada\AppData\Local\Temp\Pi4unOeGEWEE.exe, Do karantény, [04176fb6d6c40432465f6483e21f50b0],
Spyware.InfoStealer, C:\Users\lada\AppData\Local\Temp\jGYNQ6DAiclb.exe, Do karantény, [8a91df46c8d271c59015ae39fd04de22],

Bohužel mi zůstáva nastavená stránka ve firefoxu a nejde změnit.Už nevím co s tím,zkoušel jsem mraky návodů,různé reg cleanry,přepis registrů ale nic nepomáhá.Poradíte?Děkuji.

Logfile of random's system information tool 1.10 (written by random/random)
Run by lada at 2016-07-18 09:45:17
Microsoft Windows 10 Home
System drive C: has 157 GB (66%) free of 238 GB
Total RAM: 5581 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:45:23, on 18.07.2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0494)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Seznam.cz\bin\postak.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\lada.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ru/cnt/10445?gp=811013
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: MRSearchPlugin - {8E8F97CD-60B5-456F-A201-73065652D099} - C:\Users\lada\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files (x86)\Seznam.cz\core.3.dll (file missing)
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\lada\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files (x86)\Seznam.cz\bin\postak.exe" -s
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9799 bytes

======Listing Processes======








C:\Windows\system32\lsass.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\atiesrxx.exe
atieclxx
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
C:\Windows\system32\svchost.exe -k appmodel

"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
C:\Windows\system32\svchost.exe -k imgsvc
dashost.exe {708f7a06-7785-483e-8a7eef0adaa3cce0}
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
sihost.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
C:\Windows\Explorer.EXE
"C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files (x86)\Seznam.cz\bin\postak.exe" -s

"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files\Windows Defender\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey 499D62AD-207E-5D53-AB25-B3D4CE4DCC97 -Reinvoke
C:\Windows\system32\svchost.exe -k UnistackSvcGroup
C:\Windows\system32\ApplicationFrameHost.exe -Embedding
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Windows\system32\SearchFilterHost.exe" 0 612 616 624 8192 620
C:\Windows\system32\wbem\wmiprvse.exe

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Users\lada\Downloads\RSITx64.exe"
"fontdrvhost.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\lada\AppData\Roaming\Mozilla\Firefox\Profiles\30fd6y3d.default

prefs.js - "browser.search.useDBForOrder" - false
prefs.js - "browser.startup.homepage" - "https://mail.ru/cnt/11956636?fr=ffhp1.0.2&gp=811009"
prefs.js - "keyword.URL" - "http://go.mail.ru/distib/ep/?product_id ... &gp=811010"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 22.0.0.209 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon My Image Garden
"Path"=C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 22.0.0.209 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll


C:\Users\lada\AppData\Roaming\Mozilla\Firefox\Profiles\30fd6y3d.default\extensions\
homepage@mail.ru
search@mail.ru
{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}

C:\Users\lada\AppData\Roaming\Mozilla\Firefox\Profiles\30fd6y3d.default\searchplugins\
mailru.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23 209504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23 176736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099}]
Ďîčńę@Mail.Ru - C:\Users\lada\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll [2016-07-17 2551000]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files (x86)\Seznam.cz\core.3.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23 6141528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23 4445272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2015-11-10 1804616]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\lada\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-06-07 554184]
"Seznam Postak"=C:\Program Files (x86)\Seznam.cz\bin\postak.exe [2012-01-10 491040]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-05-17 53123712]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"CanonQuickMenu"=C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [2015-04-20 1298456]
"IJNetworkScannerSelectorEX"=C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [2013-02-19 453736]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-11-04 767176]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-24 1022152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-07-18 09:45:18 ----D---- C:\Program Files\trend micro
2016-07-18 09:45:17 ----D---- C:\rsit
2016-07-18 09:30:27 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-18 09:30:24 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-07-17 21:41:03 ----A---- C:\Windows\Reimage.ini
2016-07-17 21:38:07 ----D---- C:\Program Files (x86)\RegCleaner
2016-07-17 20:58:40 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2016-07-17 20:57:55 ----D---- C:\ProgramData\Malwarebytes
2016-07-17 20:57:55 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-17 20:57:55 ----A---- C:\Windows\system32\drivers\mwac.sys
2016-07-17 20:57:55 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2016-07-17 20:57:55 ----A---- C:\Windows\system32\drivers\mbam.sys
2016-07-17 20:36:05 ----D---- C:\Program Files (x86)\Mail.Ru
2016-07-17 20:32:59 ----D---- C:\Users\lada\AppData\Roaming\MailProducts
2016-07-17 20:32:53 ----D---- C:\ProgramData\Mail.Ru
2016-07-13 19:24:20 ----SHD---- C:\Config.Msi
2016-07-13 19:18:20 ----A---- C:\Windows\SYSWOW64\MosStorage.dll
2016-07-13 19:18:19 ----A---- C:\Windows\SYSWOW64\NMAA.dll
2016-07-13 19:18:19 ----A---- C:\Windows\SYSWOW64\MosHostClient.dll
2016-07-13 19:18:19 ----A---- C:\Windows\SYSWOW64\MapsBtSvc.dll
2016-07-13 19:18:19 ----A---- C:\Windows\SYSWOW64\MapControlCore.dll
2016-07-13 19:18:19 ----A---- C:\Windows\SYSWOW64\MapConfiguration.dll
2016-07-13 19:18:19 ----A---- C:\Windows\SYSWOW64\JpMapControl.dll
2016-07-13 19:18:19 ----A---- C:\Windows\SYSWOW64\BingMaps.dll
2016-07-13 19:18:18 ----A---- C:\Windows\SYSWOW64\Windows.UI.Xaml.dll
2016-07-13 19:18:18 ----A---- C:\Windows\SYSWOW64\mos.dll
2016-07-13 19:18:17 ----A---- C:\Windows\SYSWOW64\edgehtml.dll
2016-07-13 19:18:15 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2016-07-13 19:18:14 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2016-07-13 19:18:14 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2016-07-13 19:18:14 ----A---- C:\Windows\system32\MFMediaEngine.dll
2016-07-13 19:18:13 ----A---- C:\Windows\SYSWOW64\Chakra.dll
2016-07-13 19:18:13 ----A---- C:\Windows\system32\jscript9.dll
2016-07-13 19:18:13 ----A---- C:\Windows\system32\d2d1.dll
2016-07-13 19:18:12 ----A---- C:\Windows\system32\ieframe.dll
2016-07-13 19:18:12 ----A---- C:\Windows\system32\edgehtml.dll
2016-07-13 19:18:12 ----A---- C:\Windows\system32\dxgi.dll
2016-07-13 19:18:11 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-07-13 19:18:11 ----A---- C:\Windows\system32\Chakradiag.dll
2016-07-13 19:18:11 ----A---- C:\Windows\system32\Chakra.dll
2016-07-13 19:18:10 ----A---- C:\Windows\system32\win32kfull.sys
2016-07-13 19:18:10 ----A---- C:\Windows\system32\vbscript.dll
2016-07-13 19:18:10 ----A---- C:\Windows\system32\ole32.dll
2016-07-13 19:18:09 ----A---- C:\Windows\system32\win32kbase.sys
2016-07-13 19:18:09 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2016-07-13 19:18:09 ----A---- C:\Windows\system32\d3d11.dll
2016-07-13 19:18:09 ----A---- C:\Windows\system32\cdd.dll
2016-07-13 19:18:08 ----A---- C:\Windows\system32\mshtml.dll
2016-07-13 19:18:06 ----A---- C:\Windows\system32\wmp.dll
2016-07-13 19:18:05 ----A---- C:\Windows\SYSWOW64\wmp.dll
2016-07-13 19:18:05 ----A---- C:\Windows\system32\Windows.UI.Immersive.dll
2016-07-13 19:18:04 ----A---- C:\Windows\SYSWOW64\windows.storage.dll
2016-07-13 19:18:04 ----A---- C:\Windows\system32\sppobjs.dll
2016-07-13 19:18:03 ----A---- C:\Windows\system32\Windows.Media.dll
2016-07-13 19:18:03 ----A---- C:\Windows\system32\mfplat.dll
2016-07-13 19:18:03 ----A---- C:\Windows\system32\drivers\dxgmms2.sys
2016-07-13 19:18:02 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2016-07-13 19:18:02 ----A---- C:\Windows\system32\msftedit.dll
2016-07-13 19:18:02 ----A---- C:\Windows\system32\msfeeds.dll
2016-07-13 19:18:01 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2016-07-13 19:18:00 ----A---- C:\Windows\system32\provhandlers.dll
2016-07-13 19:18:00 ----A---- C:\Windows\system32\provengine.dll
2016-07-13 19:18:00 ----A---- C:\Windows\system32\mfnetsrc.dll
2016-07-13 19:18:00 ----A---- C:\Windows\system32\localspl.dll
2016-07-13 19:18:00 ----A---- C:\Windows\system32\authui.dll
2016-07-13 19:17:59 ----A---- C:\Windows\system32\provisioningcsp.dll
2016-07-13 19:17:59 ----A---- C:\Windows\system32\mfsvr.dll
2016-07-13 19:17:59 ----A---- C:\Windows\system32\DeviceCensus.exe
2016-07-13 19:17:59 ----A---- C:\Windows\system32\aadtb.dll
2016-07-13 19:17:58 ----A---- C:\Windows\SYSWOW64\PlayToManager.dll
2016-07-13 19:17:58 ----A---- C:\Windows\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-07-13 19:17:58 ----A---- C:\Windows\system32\TokenBroker.dll
2016-07-13 19:17:58 ----A---- C:\Windows\system32\MFCaptureEngine.dll
2016-07-13 19:17:58 ----A---- C:\Windows\system32\d3d9.dll
2016-07-13 19:17:57 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2016-07-13 19:17:57 ----A---- C:\Windows\system32\wuuhext.dll
2016-07-13 19:17:57 ----A---- C:\Windows\system32\winmde.dll
2016-07-13 19:17:57 ----A---- C:\Windows\system32\sppwinob.dll
2016-07-13 19:17:57 ----A---- C:\Windows\system32\provops.dll
2016-07-13 19:17:57 ----A---- C:\Windows\system32\NFCProvisioningPlugin.dll
2016-07-13 19:17:56 ----A---- C:\Windows\system32\win32spl.dll
2016-07-13 19:17:56 ----A---- C:\Windows\system32\propsys.dll
2016-07-13 19:17:55 ----A---- C:\Windows\system32\twinapi.dll
2016-07-13 19:17:55 ----A---- C:\Windows\system32\GdiPlus.dll
2016-07-13 19:17:55 ----A---- C:\Windows\system32\dui70.dll
2016-07-13 19:17:55 ----A---- C:\Windows\system32\D3DCompiler_47.dll
2016-07-13 19:17:54 ----A---- C:\Windows\SYSWOW64\xpsservices.dll
2016-07-13 19:17:54 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2016-07-13 19:17:54 ----A---- C:\Windows\system32\wpdshext.dll
2016-07-13 19:17:54 ----A---- C:\Windows\system32\Windows.Storage.ApplicationData.dll
2016-07-13 19:17:54 ----A---- C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2016-07-13 19:17:54 ----A---- C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2016-07-13 19:17:54 ----A---- C:\Windows\system32\Windows.AccountsControl.dll
2016-07-13 19:17:53 ----A---- C:\Windows\SYSWOW64\Windows.Security.Authentication.OnlineId.dll
2016-07-13 19:17:53 ----A---- C:\Windows\system32\wmpps.dll
2016-07-13 19:17:53 ----A---- C:\Windows\system32\Windows.Media.Editing.dll
2016-07-13 19:17:53 ----A---- C:\Windows\system32\Windows.Devices.SmartCards.dll
2016-07-13 19:17:53 ----A---- C:\Windows\system32\comdlg32.dll
2016-07-13 19:17:52 ----A---- C:\Windows\SYSWOW64\TokenBroker.dll
2016-07-13 19:17:52 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2016-07-13 19:17:52 ----A---- C:\Windows\system32\webio.dll
2016-07-13 19:17:52 ----A---- C:\Windows\system32\StikyNot.exe
2016-07-13 19:17:52 ----A---- C:\Windows\system32\SHCore.dll
2016-07-13 19:17:52 ----A---- C:\Windows\system32\dxtrans.dll
2016-07-13 19:17:52 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2016-07-13 19:17:51 ----A---- C:\Windows\SYSWOW64\Windows.Security.Authentication.Web.Core.dll
2016-07-13 19:17:51 ----A---- C:\Windows\SYSWOW64\webio.dll
2016-07-13 19:17:51 ----A---- C:\Windows\SYSWOW64\rdpcore.dll
2016-07-13 19:17:51 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2016-07-13 19:17:51 ----A---- C:\Windows\SYSWOW64\ActionCenterCPL.dll
2016-07-13 19:17:51 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2016-07-13 19:17:51 ----A---- C:\Windows\system32\inetpp.dll
2016-07-13 19:17:50 ----A---- C:\Windows\SYSWOW64\wlanui.dll
2016-07-13 19:17:50 ----A---- C:\Windows\SYSWOW64\usercpl.dll
2016-07-13 19:17:50 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2016-07-13 19:17:50 ----A---- C:\Windows\system32\ntprint.dll
2016-07-13 19:17:50 ----A---- C:\Windows\system32\ieapfltr.dll
2016-07-13 19:17:50 ----A---- C:\Windows\system32\duser.dll
2016-07-13 19:17:50 ----A---- C:\Windows\system32\d3d10.dll
2016-07-13 19:17:49 ----A---- C:\Windows\SYSWOW64\wpdshext.dll
2016-07-13 19:17:49 ----A---- C:\Windows\SYSWOW64\rasgcw.dll
2016-07-13 19:17:49 ----A---- C:\Windows\SYSWOW64\netplwiz.dll
2016-07-13 19:17:49 ----A---- C:\Windows\SYSWOW64\netcenter.dll
2016-07-13 19:17:49 ----A---- C:\Windows\system32\winsrv.dll
2016-07-13 19:17:49 ----A---- C:\Windows\system32\webcheck.dll
2016-07-13 19:17:49 ----A---- C:\Windows\system32\FntCache.dll
2016-07-13 19:17:49 ----A---- C:\Windows\system32\aadcloudap.dll
2016-07-13 19:17:48 ----A---- C:\Windows\SYSWOW64\Windows.Devices.SmartCards.dll
2016-07-13 19:17:48 ----A---- C:\Windows\SYSWOW64\Windows.Devices.Picker.dll
2016-07-13 19:17:48 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2016-07-13 19:17:48 ----A---- C:\Windows\SYSWOW64\dot3ui.dll
2016-07-13 19:17:48 ----A---- C:\Windows\system32\RADCUI.dll
2016-07-13 19:17:48 ----A---- C:\Windows\system32\d3d10_1.dll
2016-07-13 19:17:47 ----A---- C:\Windows\SYSWOW64\WPDShServiceObj.dll
2016-07-13 19:17:47 ----A---- C:\Windows\SYSWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-07-13 19:17:47 ----A---- C:\Windows\SYSWOW64\PlayToReceiver.dll
2016-07-13 19:17:47 ----A---- C:\Windows\system32\AzureSettingSyncProvider.dll
2016-07-13 19:17:45 ----A---- C:\Windows\system32\Windows.UI.Logon.dll
2016-07-13 19:17:45 ----A---- C:\Windows\system32\Windows.Internal.Shell.Broker.dll
2016-07-13 19:17:45 ----A---- C:\Windows\system32\SharedStartModel.dll
2016-07-13 19:17:45 ----A---- C:\Windows\system32\RDXTaskFactory.dll
2016-07-13 19:17:45 ----A---- C:\Windows\system32\RDXService.dll
2016-07-13 19:17:44 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2016-07-13 19:17:44 ----A---- C:\Windows\system32\Windows.UI.Shell.dll
2016-07-13 19:17:44 ----A---- C:\Windows\system32\urlmon.dll
2016-07-13 19:17:43 ----A---- C:\Windows\SYSWOW64\WWAHost.exe
2016-07-13 19:17:43 ----A---- C:\Windows\system32\wininet.dll
2016-07-13 19:17:43 ----A---- C:\Windows\system32\SettingsHandlers_nt.dll
2016-07-13 19:17:43 ----A---- C:\Windows\system32\iertutil.dll
2016-07-13 19:17:42 ----A---- C:\Windows\system32\WWAHost.exe
2016-07-13 19:17:42 ----A---- C:\Windows\system32\twinui.dll
2016-07-13 19:17:42 ----A---- C:\Windows\system32\LockAppHost.exe
2016-07-13 19:17:42 ----A---- C:\Windows\explorer.exe
2016-07-13 19:17:41 ----A---- C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-07-13 19:17:41 ----A---- C:\Windows\system32\NetworkMobileSettings.dll
2016-07-13 19:17:40 ----A---- C:\Windows\system32\drivers\pci.sys
2016-07-13 19:17:40 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-07-13 19:17:40 ----A---- C:\Windows\system32\drivers\cng.sys
2016-07-13 19:17:40 ----A---- C:\Windows\system32\bisrv.dll
2016-07-13 19:17:39 ----A---- C:\Windows\SYSWOW64\ExplorerFrame.dll
2016-07-13 19:17:39 ----A---- C:\Windows\system32\dwmcore.dll
2016-07-13 19:17:38 ----A---- C:\Windows\SYSWOW64\Windows.Media.Speech.dll
2016-07-13 19:17:38 ----A---- C:\Windows\system32\Wpc.dll
2016-07-13 19:17:38 ----A---- C:\Windows\system32\PlayToManager.dll
2016-07-13 19:17:38 ----A---- C:\Windows\system32\enterprisecsps.dll
2016-07-13 19:17:38 ----A---- C:\Windows\system32\audiosrv.dll
2016-07-13 19:17:37 ----A---- C:\Windows\SYSWOW64\Wpc.dll
2016-07-13 19:17:37 ----A---- C:\Windows\SYSWOW64\tquery.dll
2016-07-13 19:17:37 ----A---- C:\Windows\system32\SettingsHandlers_Bluetooth.dll
2016-07-13 19:17:37 ----A---- C:\Windows\system32\crypt32.dll
2016-07-13 19:17:36 ----A---- C:\Windows\system32\WpcMon.exe
2016-07-13 19:17:36 ----A---- C:\Windows\system32\samsrv.dll
2016-07-13 19:17:36 ----A---- C:\Windows\system32\msxml3.dll
2016-07-13 19:17:36 ----A---- C:\Windows\system32\dcomp.dll
2016-07-13 19:17:35 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2016-07-13 19:17:35 ----A---- C:\Windows\system32\WpcWebSync.dll
2016-07-13 19:17:35 ----A---- C:\Windows\system32\wmpmde.dll
2016-07-13 19:17:35 ----A---- C:\Windows\system32\Windows.UI.Cred.dll
2016-07-13 19:17:35 ----A---- C:\Windows\system32\Windows.StateRepository.dll
2016-07-13 19:17:35 ----A---- C:\Windows\system32\Windows.Media.Speech.dll
2016-07-13 19:17:35 ----A---- C:\Windows\system32\drivers\nwifi.sys
2016-07-13 19:17:34 ----A---- C:\Windows\SYSWOW64\winmde.dll
2016-07-13 19:17:34 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2016-07-13 19:17:34 ----A---- C:\Windows\SYSWOW64\MbaeApiPublic.dll
2016-07-13 19:17:34 ----A---- C:\Windows\system32\wwanconn.dll
2016-07-13 19:17:34 ----A---- C:\Windows\system32\SettingsHandlers_Maps.dll
2016-07-13 19:17:34 ----A---- C:\Windows\system32\LockAppBroker.dll
2016-07-13 19:17:34 ----A---- C:\Windows\system32\dmcsps.dll
2016-07-13 19:17:33 ----A---- C:\Windows\system32\WLanConn.dll
2016-07-13 19:17:33 ----A---- C:\Windows\system32\winipcsecproc.dll
2016-07-13 19:17:33 ----A---- C:\Windows\system32\SystemSettings.Handlers.dll
2016-07-13 19:17:33 ----A---- C:\Windows\system32\shutdownux.dll
2016-07-13 19:17:33 ----A---- C:\Windows\system32\gameux.dll
2016-07-13 19:17:33 ----A---- C:\Windows\system32\DMRServer.dll
2016-07-13 19:17:32 ----A---- C:\Windows\system32\winipcfile.dll
2016-07-13 19:17:32 ----A---- C:\Windows\system32\cdpsvc.dll
2016-07-13 19:17:32 ----A---- C:\Windows\system32\ApplicationFrame.dll
2016-07-13 19:17:31 ----A---- C:\Windows\SYSWOW64\Windows.Graphics.Printing.3D.dll
2016-07-13 19:17:31 ----A---- C:\Windows\system32\wcnwiz.dll
2016-07-13 19:17:31 ----A---- C:\Windows\system32\SystemSettingsAdminFlows.exe
2016-07-13 19:17:31 ----A---- C:\Windows\system32\SyncCenter.dll
2016-07-13 19:17:31 ----A---- C:\Windows\system32\OneBackupHandler.dll
2016-07-13 19:17:31 ----A---- C:\Windows\system32\musdialoghandlers.dll
2016-07-13 19:17:31 ----A---- C:\Windows\system32\MiracastReceiver.dll
2016-07-13 19:17:31 ----A---- C:\Windows\system32\hgcpl.dll
2016-07-13 19:17:30 ----A---- C:\Windows\SYSWOW64\Windows.Graphics.dll
2016-07-13 19:17:30 ----A---- C:\Windows\system32\wwanmm.dll
2016-07-13 19:17:30 ----A---- C:\Windows\system32\WlanMediaManager.dll
2016-07-13 19:17:30 ----A---- C:\Windows\system32\themecpl.dll
2016-07-13 19:17:30 ----A---- C:\Windows\system32\SystemSettings.UserAccountsHandlers.dll
2016-07-13 19:17:30 ----A---- C:\Windows\system32\NetworkDesktopSettings.dll
2016-07-13 19:17:30 ----A---- C:\Windows\system32\DevicePairing.dll
2016-07-13 19:17:30 ----A---- C:\Windows\system32\DataSenseHandlers.dll
2016-07-13 19:17:29 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2016-07-13 19:17:29 ----A---- C:\Windows\SYSWOW64\D3DCompiler_47.dll
2016-07-13 19:17:29 ----A---- C:\Windows\system32\Windows.UI.BioFeedback.dll
2016-07-13 19:17:29 ----A---- C:\Windows\system32\Windows.Cortana.OneCore.dll
2016-07-13 19:17:29 ----A---- C:\Windows\system32\LogonController.dll
2016-07-13 19:17:29 ----A---- C:\Windows\system32\efswrt.dll
2016-07-13 19:17:29 ----A---- C:\Windows\system32\Display.dll
2016-07-13 19:17:28 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll
2016-07-13 19:17:28 ----A---- C:\Windows\SYSWOW64\UserLanguagesCpl.dll
2016-07-13 19:17:28 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2016-07-13 19:17:28 ----A---- C:\Windows\SYSWOW64\mssph.dll
2016-07-13 19:17:28 ----A---- C:\Windows\system32\zipfldr.dll
2016-07-13 19:17:28 ----A---- C:\Windows\system32\Windows.UI.BlockedShutdown.dll
2016-07-13 19:17:28 ----A---- C:\Windows\system32\PlayToDevice.dll
2016-07-13 19:17:28 ----A---- C:\Windows\system32\credprovs.dll
2016-07-13 19:17:27 ----A---- C:\Windows\SYSWOW64\sbe.dll
2016-07-13 19:17:27 ----A---- C:\Windows\SYSWOW64\mbsmsapi.dll
2016-07-13 19:17:27 ----A---- C:\Windows\system32\WmpDui.dll
2016-07-13 19:17:27 ----A---- C:\Windows\system32\wlanui.dll
2016-07-13 19:17:27 ----A---- C:\Windows\system32\Windows.StateRepositoryClient.dll
2016-07-13 19:17:27 ----A---- C:\Windows\system32\sud.dll
2016-07-13 19:17:27 ----A---- C:\Windows\system32\msieftp.dll
2016-07-13 19:17:27 ----A---- C:\Windows\system32\ListSvc.dll
2016-07-13 19:17:27 ----A---- C:\Windows\system32\IdCtrls.dll
2016-07-13 19:17:26 ----A---- C:\Windows\SYSWOW64\ntprint.dll
2016-07-13 19:17:26 ----A---- C:\Windows\SYSWOW64\certcli.dll
2016-07-13 19:17:26 ----A---- C:\Windows\system32\Windows.UI.PicturePassword.dll
2016-07-13 19:17:25 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2016-07-13 19:17:25 ----A---- C:\Windows\SYSWOW64\Search.ProtocolHandler.MAPI2.dll
2016-07-13 19:17:25 ----A---- C:\Windows\SYSWOW64\comdlg32.dll
2016-07-13 19:17:25 ----A---- C:\Windows\system32\winmsipc.dll
2016-07-13 19:17:25 ----A---- C:\Windows\system32\Windows.StateRepositoryBroker.dll
2016-07-13 19:17:25 ----A---- C:\Windows\system32\SettingsHandlers_StorageSense.dll
2016-07-13 19:17:25 ----A---- C:\Windows\system32\qdvd.dll
2016-07-13 19:17:25 ----A---- C:\Windows\system32\PlayToReceiver.dll
2016-07-13 19:17:25 ----A---- C:\Windows\system32\mspaint.exe
2016-07-13 19:17:24 ----A---- C:\Windows\SYSWOW64\WpcWebFilter.dll
2016-07-13 19:17:24 ----A---- C:\Windows\SYSWOW64\msscntrs.dll
2016-07-13 19:17:24 ----A---- C:\Windows\SYSWOW64\GamePanel.exe
2016-07-13 19:17:24 ----A---- C:\Windows\system32\WpcWebFilter.dll
2016-07-13 19:17:24 ----A---- C:\Windows\system32\FingerprintEnrollment.dll
2016-07-13 19:17:23 ----A---- C:\Windows\SYSWOW64\IconCodecService.dll
2016-07-13 19:17:23 ----A---- C:\Windows\SYSWOW64\bcastdvr.exe
2016-07-13 19:17:23 ----A---- C:\Windows\SYSWOW64\AppCapture.dll
2016-07-13 19:17:23 ----A---- C:\Windows\system32\werui.dll
2016-07-13 19:17:23 ----A---- C:\Windows\system32\PsmServiceExtHost.dll
2016-07-13 19:17:23 ----A---- C:\Windows\system32\cdpreference.exe
2016-07-13 19:17:22 ----A---- C:\Windows\SYSWOW64\AzureSettingSyncProvider.dll
2016-07-13 19:17:22 ----A---- C:\Windows\system32\IKEEXT.DLL
2016-07-13 19:17:20 ----A---- C:\Windows\SYSWOW64\Windows.UI.Immersive.dll
2016-07-13 19:17:20 ----A---- C:\Windows\SYSWOW64\twinui.dll
2016-07-13 19:17:20 ----A---- C:\Windows\SYSWOW64\LockAppHost.exe
2016-07-13 19:17:20 ----A---- C:\Windows\SYSWOW64\explorer.exe
2016-07-13 19:17:20 ----A---- C:\Windows\system32\MapConfiguration.dll
2016-07-13 19:17:19 ----A---- C:\Windows\SYSWOW64\Windows.Data.Pdf.dll
2016-07-13 19:17:19 ----A---- C:\Windows\system32\NMAA.dll
2016-07-13 19:17:19 ----A---- C:\Windows\system32\MapsStore.dll
2016-07-13 19:17:19 ----A---- C:\Windows\system32\MapControlCore.dll
2016-07-13 19:17:19 ----A---- C:\Windows\system32\JpMapControl.dll
2016-07-13 19:17:18 ----A---- C:\Windows\system32\Windows.Data.Pdf.dll
2016-07-13 19:17:18 ----A---- C:\Windows\system32\mos.dll
2016-07-13 19:17:18 ----A---- C:\Windows\system32\BingMaps.dll
2016-07-13 19:17:17 ----A---- C:\Windows\system32\Windows.UI.Search.dll
2016-07-13 19:17:17 ----A---- C:\Windows\system32\SRHInproc.dll
2016-07-13 19:17:17 ----A---- C:\Windows\system32\AppXDeploymentServer.dll
2016-07-13 19:17:17 ----A---- C:\Windows\system32\AppXDeploymentExtensions.dll
2016-07-13 19:17:16 ----A---- C:\Windows\SYSWOW64\Windows.UI.Logon.dll
2016-07-13 19:17:16 ----A---- C:\Windows\system32\tquery.dll
2016-07-13 19:17:16 ----A---- C:\Windows\system32\SRH.dll
2016-07-13 19:17:15 ----A---- C:\Windows\SYSWOW64\msftedit.dll
2016-07-13 19:17:15 ----A---- C:\Windows\SYSWOW64\CertEnroll.dll
2016-07-13 19:17:15 ----A---- C:\Windows\system32\AppCapture.dll
2016-07-13 19:17:14 ----A---- C:\Windows\SYSWOW64\CredProvDataModel.dll
2016-07-13 19:17:14 ----A---- C:\Windows\system32\MosHostClient.dll
2016-07-13 19:17:14 ----A---- C:\Windows\system32\mapsupdatetask.dll
2016-07-13 19:17:14 ----A---- C:\Windows\system32\MapsBtSvc.dll
2016-07-13 19:17:14 ----A---- C:\Windows\system32\generaltel.dll
2016-07-13 19:17:14 ----A---- C:\Windows\system32\bcastdvr.exe
2016-07-13 19:17:13 ----A---- C:\Windows\SYSWOW64\CoreUIComponents.dll
2016-07-13 19:17:13 ----A---- C:\Windows\SYSWOW64\authui.dll
2016-07-13 19:17:13 ----A---- C:\Windows\system32\mssrch.dll
2016-07-13 19:17:13 ----A---- C:\Windows\system32\MosStorage.dll
2016-07-13 19:17:13 ----A---- C:\Windows\system32\moshostcore.dll
2016-07-13 19:17:13 ----A---- C:\Windows\system32\moshost.dll
2016-07-13 19:17:13 ----A---- C:\Windows\system32\MapsCSP.dll
2016-07-13 19:17:13 ----A---- C:\Windows\system32\dosvc.dll
2016-07-13 19:17:12 ----A---- C:\Windows\SYSWOW64\SettingSyncCore.dll
2016-07-13 19:17:12 ----A---- C:\Windows\system32\SpeechPal.dll
2016-07-13 19:17:12 ----A---- C:\Windows\system32\SettingSyncHost.exe
2016-07-13 19:17:11 ----A---- C:\Windows\SYSWOW64\SettingSync.dll
2016-07-13 19:17:11 ----A---- C:\Windows\SYSWOW64\d3d9.dll
2016-07-13 19:17:11 ----A---- C:\Windows\system32\wpncore.dll
2016-07-13 19:17:11 ----A---- C:\Windows\system32\Windows.Graphics.Printing.3D.dll
2016-07-13 19:17:11 ----A---- C:\Windows\system32\SettingSyncCore.dll
2016-07-13 19:17:11 ----A---- C:\Windows\system32\SearchIndexer.exe
2016-07-13 19:17:11 ----A---- C:\Windows\system32\diagperf.dll
2016-07-13 19:17:10 ----A---- C:\Windows\SYSWOW64\propsys.dll
2016-07-13 19:17:10 ----A---- C:\Windows\SYSWOW64\dbgeng.dll
2016-07-13 19:17:10 ----A---- C:\Windows\system32\ShareHost.dll
2016-07-13 19:17:10 ----A---- C:\Windows\system32\mf.dll
2016-07-13 19:17:10 ----A---- C:\Windows\system32\MbaeApiPublic.dll
2016-07-13 19:17:09 ----A---- C:\Windows\SYSWOW64\twinapi.dll
2016-07-13 19:17:09 ----A---- C:\Windows\SYSWOW64\SmartcardCredentialProvider.dll
2016-07-13 19:17:09 ----A---- C:\Windows\SYSWOW64\ShareHost.dll
2016-07-13 19:17:09 ----A---- C:\Windows\system32\Windows.Media.Streaming.dll
2016-07-13 19:17:09 ----A---- C:\Windows\system32\Taskmgr.exe
2016-07-13 19:17:09 ----A---- C:\Windows\system32\NotificationController.dll
2016-07-13 19:17:09 ----A---- C:\Windows\system32\MsSpellCheckingFacility.dll
2016-07-13 19:17:08 ----A---- C:\Windows\SYSWOW64\Windows.UI.Cred.dll
2016-07-13 19:17:08 ----A---- C:\Windows\SYSWOW64\LockAppBroker.dll
2016-07-13 19:17:08 ----A---- C:\Windows\SYSWOW64\GdiPlus.dll
2016-07-13 19:17:08 ----A---- C:\Windows\SYSWOW64\gameux.dll
2016-07-13 19:17:08 ----A---- C:\Windows\system32\SettingSync.dll
2016-07-13 19:17:07 ----A---- C:\Windows\SYSWOW64\SettingSyncHost.exe
2016-07-13 19:17:07 ----A---- C:\Windows\system32\WSShared.dll
2016-07-13 19:17:07 ----A---- C:\Windows\system32\rdpcore.dll
2016-07-13 19:17:07 ----A---- C:\Windows\system32\APHostService.dll
2016-07-13 19:17:06 ----A---- C:\Windows\SYSWOW64\Windows.Graphics.Printing.dll
2016-07-13 19:17:06 ----A---- C:\Windows\system32\wldp.dll
2016-07-13 19:17:06 ----A---- C:\Windows\system32\Windows.Internal.Bluetooth.dll
2016-07-13 19:17:06 ----A---- C:\Windows\system32\SearchFolder.dll
2016-07-13 19:17:06 ----A---- C:\Windows\system32\OneDriveSettingSyncProvider.dll
2016-07-13 19:17:06 ----A---- C:\Windows\system32\mssphtb.dll
2016-07-13 19:17:06 ----A---- C:\Windows\system32\ClipUp.exe
2016-07-13 19:17:05 ----A---- C:\Windows\SYSWOW64\winipcsecproc.dll
2016-07-13 19:17:05 ----A---- C:\Windows\SYSWOW64\SyncCenter.dll
2016-07-13 19:17:05 ----A---- C:\Windows\system32\Windows.Media.MediaControl.dll
2016-07-13 19:17:05 ----A---- C:\Windows\system32\TpmTasks.dll
2016-07-13 19:17:05 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2016-07-13 19:17:05 ----A---- C:\Windows\system32\phoneactivate.exe
2016-07-13 19:17:05 ----A---- C:\Windows\system32\fhcfg.dll
2016-07-13 19:17:05 ----A---- C:\Windows\system32\CertEnroll.dll
2016-07-13 19:17:04 ----A---- C:\Windows\SYSWOW64\Clipc.dll
2016-07-13 19:17:04 ----A---- C:\Windows\system32\WSService.dll
2016-07-13 19:17:04 ----A---- C:\Windows\system32\Windows.Cortana.Desktop.dll
2016-07-13 19:17:04 ----A---- C:\Windows\system32\systemreset.exe
2016-07-13 19:17:04 ----A---- C:\Windows\system32\SettingMonitor.dll
2016-07-13 19:17:04 ----A---- C:\Windows\system32\sbe.dll
2016-07-13 19:17:04 ----A---- C:\Windows\system32\mfpmp.exe
2016-07-13 19:17:04 ----A---- C:\Windows\system32\edputil.dll
2016-07-13 19:17:04 ----A---- C:\Windows\system32\apprepapi.dll
2016-07-13 19:17:03 ----A---- C:\Windows\SYSWOW64\wiaaut.dll
2016-07-13 19:17:03 ----A---- C:\Windows\SYSWOW64\themecpl.dll
2016-07-13 19:17:03 ----A---- C:\Windows\SYSWOW64\hgcpl.dll
2016-07-13 19:17:03 ----A---- C:\Windows\system32\Search.ProtocolHandler.MAPI2.dll
2016-07-13 19:17:03 ----A---- C:\Windows\system32\mbsmsapi.dll
2016-07-13 19:17:03 ----A---- C:\Windows\HelpPane.exe
2016-07-13 19:17:02 ----A---- C:\Windows\SYSWOW64\winipcfile.dll
2016-07-13 19:17:02 ----A---- C:\Windows\SYSWOW64\sud.dll
2016-07-13 19:17:02 ----A---- C:\Windows\SYSWOW64\SettingMonitor.dll
2016-07-13 19:17:02 ----A---- C:\Windows\SYSWOW64\OneDriveSettingSyncProvider.dll
2016-07-13 19:17:02 ----A---- C:\Windows\SYSWOW64\licensingdiag.exe
2016-07-13 19:17:02 ----A---- C:\Windows\system32\WSSync.dll
2016-07-13 19:17:02 ----A---- C:\Windows\system32\WSClient.dll
2016-07-13 19:17:02 ----A---- C:\Windows\system32\WMPhoto.dll
2016-07-13 19:17:02 ----A---- C:\Windows\system32\fhsettingsprovider.dll
2016-07-13 19:17:01 ----A---- C:\Windows\SYSWOW64\Windows.UI.BlockedShutdown.dll
2016-07-13 19:17:01 ----A---- C:\Windows\SYSWOW64\Windows.UI.BioFeedback.dll
2016-07-13 19:17:01 ----A---- C:\Windows\SYSWOW64\themeui.dll
2016-07-13 19:17:01 ----A---- C:\Windows\SYSWOW64\IdCtrls.dll
2016-07-13 19:17:01 ----A---- C:\Windows\system32\Windows.Shell.Search.UriHandler.dll
2016-07-13 19:17:01 ----A---- C:\Windows\system32\GamePanel.exe
2016-07-13 19:17:01 ----A---- C:\Windows\system32\fhengine.dll
2016-07-13 19:17:01 ----A---- C:\Windows\system32\ActivationManager.dll
2016-07-13 19:17:00 ----A---- C:\Windows\SYSWOW64\zipfldr.dll
2016-07-13 19:17:00 ----A---- C:\Windows\SYSWOW64\Windows.Devices.WiFiDirect.dll
2016-07-13 19:17:00 ----A---- C:\Windows\SYSWOW64\oemlicense.dll
2016-07-13 19:17:00 ----A---- C:\Windows\SYSWOW64\msieftp.dll
2016-07-13 19:17:00 ----A---- C:\Windows\SYSWOW64\Display.dll
2016-07-13 19:17:00 ----A---- C:\Windows\system32\WUDFPlatform.dll
2016-07-13 19:17:00 ----A---- C:\Windows\system32\mssph.dll
2016-07-13 19:17:00 ----A---- C:\Windows\system32\easwrt.dll
2016-07-13 19:16:59 ----A---- C:\Windows\SYSWOW64\WmpDui.dll
2016-07-13 19:16:59 ----A---- C:\Windows\SYSWOW64\mspaint.exe
2016-07-13 19:16:59 ----A---- C:\Windows\SYSWOW64\DevicePairing.dll
2016-07-13 19:16:59 ----A---- C:\Windows\system32\Windows.Speech.Pal.dll
2016-07-13 19:16:59 ----A---- C:\Windows\system32\SearchFilterHost.exe
2016-07-13 19:16:59 ----A---- C:\Windows\system32\msscntrs.dll
2016-07-13 19:16:58 ----A---- C:\Windows\SYSWOW64\winmsipc.dll
2016-07-13 19:16:58 ----A---- C:\Windows\system32\reseteng.dll
2016-07-13 19:16:58 ----A---- C:\Windows\system32\domgmt.dll
2016-07-13 19:16:58 ----A---- C:\Windows\system32\diagtrack_win.dll
2016-07-13 19:16:58 ----A---- C:\Windows\system32\apprepsync.dll
2016-07-13 19:16:56 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2016-07-13 19:16:55 ----A---- C:\Windows\SYSWOW64\wininet.dll
2016-07-13 19:16:55 ----A---- C:\Windows\system32\wuaueng.dll
2016-07-13 19:16:54 ----A---- C:\Windows\SYSWOW64\dxgi.dll
2016-07-13 19:16:54 ----A---- C:\Windows\system32\mstscax.dll
2016-07-13 19:16:53 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2016-07-13 19:16:53 ----A---- C:\Windows\SYSWOW64\olepro32.dll
2016-07-13 19:16:53 ----A---- C:\Windows\SYSWOW64\d3d11.dll
2016-07-13 19:16:52 ----A---- C:\Windows\SYSWOW64\shell32.dll
2016-07-13 19:16:51 ----A---- C:\Windows\SYSWOW64\SRHInproc.dll
2016-07-13 19:16:51 ----A---- C:\Windows\SYSWOW64\SRH.dll
2016-07-13 19:16:51 ----A---- C:\Windows\SYSWOW64\mfplat.dll
2016-07-13 19:16:51 ----A---- C:\Windows\SYSWOW64\MFMediaEngine.dll
2016-07-13 19:16:50 ----A---- C:\Windows\SYSWOW64\Windows.Media.dll
2016-07-13 19:16:50 ----A---- C:\Windows\SYSWOW64\mfnetsrc.dll
2016-07-13 19:16:50 ----A---- C:\Windows\SYSWOW64\dwmcore.dll
2016-07-13 19:16:50 ----A---- C:\Windows\system32\twinui.appcore.dll
2016-07-13 19:16:50 ----A---- C:\Windows\system32\MusUpdateHandlers.dll
2016-07-13 19:16:49 ----A---- C:\Windows\SYSWOW64\WMPDMC.exe
2016-07-13 19:16:49 ----A---- C:\Windows\SYSWOW64\mfsvr.dll
2016-07-13 19:16:49 ----A---- C:\Windows\SYSWOW64\dcomp.dll
2016-07-13 19:16:49 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2016-07-13 19:16:49 ----A---- C:\Windows\system32\UIRibbon.dll
2016-07-13 19:16:48 ----A---- C:\Windows\SYSWOW64\Windows.StateRepository.dll
2016-07-13 19:16:48 ----A---- C:\Windows\SYSWOW64\UIRibbon.dll
2016-07-13 19:16:48 ----A---- C:\Windows\SYSWOW64\MsSpellCheckingFacility.dll
2016-07-13 19:16:48 ----A---- C:\Windows\system32\xpsrchvw.exe
2016-07-13 19:16:48 ----A---- C:\Windows\system32\Windows.Globalization.dll
2016-07-13 19:16:48 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2016-07-13 19:16:47 ----A---- C:\Windows\SYSWOW64\Taskmgr.exe
2016-07-13 19:16:47 ----A---- C:\Windows\system32\workfolderssvc.dll
2016-07-13 19:16:47 ----A---- C:\Windows\system32\rdpcorets.dll
2016-07-13 19:16:47 ----A---- C:\Windows\system32\eappcfg.dll
2016-07-13 19:16:47 ----A---- C:\Windows\system32\diagtrack.dll
2016-07-13 19:16:46 ----A---- C:\Windows\SYSWOW64\xpsrchvw.exe
2016-07-13 19:16:46 ----A---- C:\Windows\system32\WindowsCodecsRaw.dll
2016-07-13 19:16:46 ----A---- C:\Windows\system32\pnidui.dll
2016-07-13 19:16:45 ----A---- C:\Windows\system32\wuauclt.exe
2016-07-13 19:16:44 ----A---- C:\Windows\SYSWOW64\WindowsCodecsRaw.dll
2016-07-13 19:16:43 ----A---- C:\Windows\SYSWOW64\SimCfg.dll
2016-07-13 19:16:43 ----A---- C:\Windows\system32\Windows.Graphics.Printing.dll
2016-07-13 19:16:43 ----A---- C:\Windows\system32\SimCfg.dll
2016-07-13 19:16:43 ----A---- C:\Windows\system32\rasapi32.dll
2016-07-13 19:16:42 ----A---- C:\Windows\SYSWOW64\Windows.Storage.ApplicationData.dll
2016-07-13 19:16:42 ----A---- C:\Windows\SYSWOW64\netshell.dll
2016-07-13 19:16:42 ----A---- C:\Windows\system32\usercpl.dll
2016-07-13 19:16:42 ----A---- C:\Windows\system32\SimAuth.dll
2016-07-13 19:16:42 ----A---- C:\Windows\system32\schtasks.exe
2016-07-13 19:16:42 ----A---- C:\Windows\system32\KernelBase.dll
2016-07-13 19:16:42 ----A---- C:\Windows\system32\certcli.dll
2016-07-13 19:16:41 ----A---- C:\Windows\SYSWOW64\WSShared.dll
2016-07-13 19:16:41 ----A---- C:\Windows\SYSWOW64\taskeng.exe
2016-07-13 19:16:41 ----A---- C:\Windows\SYSWOW64\SHCore.dll
2016-07-13 19:16:41 ----A---- C:\Windows\system32\UIRibbonRes.dll
2016-07-13 19:16:41 ----A---- C:\Windows\system32\netshell.dll
2016-07-13 19:16:41 ----A---- C:\Windows\system32\eapp3hst.dll
2016-07-13 19:16:40 ----A---- C:\Windows\SYSWOW64\wldp.dll
2016-07-13 19:16:40 ----A---- C:\Windows\SYSWOW64\Windows.Media.Streaming.dll
2016-07-13 19:16:40 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2016-07-13 19:16:40 ----A---- C:\Windows\SYSWOW64\eappcfg.dll
2016-07-13 19:16:40 ----A---- C:\Windows\system32\tzautoupdate.dll
2016-07-13 19:16:40 ----A---- C:\Windows\system32\ExecModelClient.dll
2016-07-13 19:16:40 ----A---- C:\Windows\system32\ClipSVC.dll
2016-07-13 19:16:40 ----A---- C:\Windows\system32\Clipc.dll
2016-07-13 19:16:39 ----A---- C:\Windows\SYSWOW64\taskcomp.dll
2016-07-13 19:16:39 ----A---- C:\Windows\SYSWOW64\SimAuth.dll
2016-07-13 19:16:39 ----A---- C:\Windows\SYSWOW64\schtasks.exe
2016-07-13 19:16:39 ----A---- C:\Windows\SYSWOW64\ntshrui.dll
2016-07-13 19:16:39 ----A---- C:\Windows\SYSWOW64\MFCaptureEngine.dll
2016-07-13 19:16:39 ----A---- C:\Windows\system32\WebcamUi.dll
2016-07-13 19:16:39 ----A---- C:\Windows\system32\themeui.dll
2016-07-13 19:16:39 ----A---- C:\Windows\system32\modernexecserver.dll
2016-07-13 19:16:38 ----A---- C:\Windows\SYSWOW64\WindowsCodecsExt.dll
2016-07-13 19:16:38 ----A---- C:\Windows\SYSWOW64\Windows.Networking.BackgroundTransfer.dll
2016-07-13 19:16:38 ----A---- C:\Windows\SYSWOW64\Windows.Media.Editing.dll
2016-07-13 19:16:38 ----A---- C:\Windows\system32\Windows.Devices.WiFiDirect.dll
2016-07-13 19:16:38 ----A---- C:\Windows\system32\licensingdiag.exe
2016-07-13 19:16:38 ----A---- C:\Windows\system32\eappgnui.dll
2016-07-13 19:16:38 ----A---- C:\Windows\system32\dmdskmgr.dll
2016-07-13 19:16:38 ----A---- C:\Windows\system32\ActionCenterCPL.dll
2016-07-13 19:16:37 ----A---- C:\Windows\SYSWOW64\PrintDialogs.dll
2016-07-13 19:16:37 ----A---- C:\Windows\SYSWOW64\apprepapi.dll
2016-07-13 19:16:37 ----A---- C:\Windows\system32\Windows.Storage.Search.dll
2016-07-13 19:16:37 ----A---- C:\Windows\system32\netplwiz.dll
2016-07-13 19:16:36 ----A---- C:\Windows\SYSWOW64\WSSync.dll
2016-07-13 19:16:36 ----A---- C:\Windows\SYSWOW64\Windows.StateRepositoryClient.dll
2016-07-13 19:16:36 ----A---- C:\Windows\SYSWOW64\Windows.Speech.Pal.dll
2016-07-13 19:16:36 ----A---- C:\Windows\SYSWOW64\WebcamUi.dll
2016-07-13 19:16:36 ----A---- C:\Windows\SYSWOW64\eappprxy.dll
2016-07-13 19:16:36 ----A---- C:\Windows\SYSWOW64\dlnashext.dll
2016-07-13 19:16:36 ----A---- C:\Windows\system32\Windows.Devices.Picker.dll
2016-07-13 19:16:36 ----A---- C:\Windows\system32\rdpudd.dll
2016-07-13 19:16:36 ----A---- C:\Windows\system32\oemlicense.dll
2016-07-13 19:16:35 ----A---- C:\Windows\SYSWOW64\Windows.AccountsControl.dll
2016-07-13 19:16:35 ----A---- C:\Windows\SYSWOW64\eapphost.dll
2016-07-13 19:16:35 ----A---- C:\Windows\system32\Windows.ApplicationModel.Store.dll
2016-07-13 19:16:35 ----A---- C:\Windows\system32\PhotoScreensaver.scr
2016-07-13 19:16:35 ----A---- C:\Windows\system32\ieui.dll
2016-07-13 19:16:35 ----A---- C:\Windows\system32\IconCodecService.dll
2016-07-13 19:16:35 ----A---- C:\Windows\system32\eappprxy.dll
2016-07-13 19:16:35 ----A---- C:\Windows\system32\eapphost.dll
2016-07-13 19:16:34 ----A---- C:\Windows\SYSWOW64\WSClient.dll
2016-07-13 19:16:34 ----A---- C:\Windows\SYSWOW64\Windows.StateRepositoryBroker.dll
2016-07-13 19:16:34 ----A---- C:\Windows\SYSWOW64\edputil.dll
2016-07-13 19:16:34 ----A---- C:\Windows\SYSWOW64\eappgnui.dll
2016-07-13 19:16:34 ----A---- C:\Windows\SYSWOW64\eapp3hst.dll
2016-07-13 19:16:34 ----A---- C:\Windows\system32\GlobCollationHost.dll
2016-07-13 19:16:33 ----A---- C:\Windows\SYSWOW64\UIRibbonRes.dll
2016-07-13 19:16:33 ----A---- C:\Windows\SYSWOW64\ieui.dll
2016-07-13 19:16:33 ----A---- C:\Windows\SYSWOW64\apprepsync.dll
2016-07-13 19:16:33 ----A---- C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-07-13 19:16:31 ----A---- C:\Windows\system32\invagent.dll
2016-07-13 19:16:31 ----A---- C:\Windows\system32\devinv.dll
2016-07-13 19:16:30 ----A---- C:\Windows\system32\CompatTelRunner.exe
2016-07-13 19:16:30 ----A---- C:\Windows\system32\aeinv.dll
2016-07-13 19:16:30 ----A---- C:\Windows\system32\acmigration.dll
2016-07-13 19:16:29 ----A---- C:\Windows\system32\CredProvDataModel.dll
2016-07-13 19:16:28 ----A---- C:\Windows\system32\browserbroker.dll
2016-07-13 19:16:28 ----A---- C:\Windows\system32\appraiser.dll
2016-07-13 19:16:27 ----A---- C:\Windows\system32\shell32.dll
2016-07-13 19:16:22 ----A---- C:\Windows\system32\Windows.UI.Xaml.dll
2016-07-13 19:16:22 ----A---- C:\Windows\system32\sppsvc.exe
2016-07-13 19:16:21 ----A---- C:\Windows\system32\windows.storage.dll
2016-07-13 19:16:20 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2016-07-13 19:16:20 ----A---- C:\Windows\SYSWOW64\ole32.dll
2016-07-13 19:16:20 ----A---- C:\Windows\system32\drivers\tcpip.sys
2016-07-13 19:16:19 ----A---- C:\Windows\SYSWOW64\twinui.appcore.dll
2016-07-13 19:16:19 ----A---- C:\Windows\system32\ExplorerFrame.dll
2016-07-13 19:16:19 ----A---- C:\Windows\system32\CoreUIComponents.dll
2016-07-13 19:16:18 ----A---- C:\Windows\system32\usocore.dll
2016-07-13 19:16:18 ----A---- C:\Windows\system32\MusNotification.exe
2016-07-13 19:16:17 ----A---- C:\Windows\SYSWOW64\Windows.UI.Search.dll
2016-07-13 19:16:17 ----A---- C:\Windows\system32\schedsvc.dll
2016-07-13 19:16:16 ----A---- C:\Windows\system32\dbgeng.dll
2016-07-13 19:16:16 ----A---- C:\Windows\system32\aepic.dll
2016-07-13 19:16:15 ----A---- C:\Windows\system32\WindowsCodecs.dll
2016-07-13 19:16:15 ----A---- C:\Windows\system32\PrintDialogs3D.dll
2016-07-13 19:16:15 ----A---- C:\Windows\system32\DWrite.dll
2016-07-13 19:16:14 ----A---- C:\Windows\SYSWOW64\mf.dll
2016-07-13 19:16:14 ----A---- C:\Windows\system32\xpsservices.dll
2016-07-13 19:16:14 ----A---- C:\Windows\system32\twinapi.appcore.dll
2016-07-13 19:16:14 ----A---- C:\Windows\system32\AppReadiness.dll
2016-07-13 19:16:13 ----A---- C:\Windows\SYSWOW64\Windows.Globalization.dll
2016-07-13 19:16:13 ----A---- C:\Windows\SYSWOW64\twinapi.appcore.dll
2016-07-13 19:16:13 ----A---- C:\Windows\system32\WMPDMC.exe
2016-07-13 19:16:13 ----A---- C:\Windows\system32\werconcpl.dll
2016-07-13 19:16:13 ----A---- C:\Windows\system32\updatehandlers.dll
2016-07-13 19:16:13 ----A---- C:\Windows\system32\uDWM.dll
2016-07-13 19:16:12 ----A---- C:\Windows\SYSWOW64\LogonController.dll
2016-07-13 19:16:12 ----A---- C:\Windows\SYSWOW64\dui70.dll
2016-07-13 19:16:12 ----A---- C:\Windows\system32\wmicmiplugin.dll
2016-07-13 19:16:12 ----A---- C:\Windows\system32\taskeng.exe
2016-07-13 19:16:12 ----A---- C:\Windows\system32\EnterpriseAppMgmtSvc.dll
2016-07-13 19:16:12 ----A---- C:\Windows\system32\dlnashext.dll
2016-07-13 19:16:11 ----A---- C:\Windows\SYSWOW64\SearchFolder.dll
2016-07-13 19:16:11 ----A---- C:\Windows\system32\winload.exe
2016-07-13 19:16:11 ----A---- C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2016-07-13 19:16:11 ----A---- C:\Windows\system32\Windows.Graphics.dll
2016-07-13 19:16:11 ----A---- C:\Windows\system32\UserLanguagesCpl.dll
2016-07-13 19:16:11 ----A---- C:\Windows\system32\ntshrui.dll
2016-07-13 19:16:11 ----A---- C:\Windows\system32\netcenter.dll
2016-07-13 19:16:11 ----A---- C:\Windows\system32\MusNotificationUx.exe
2016-07-13 19:16:10 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2016-07-13 19:16:10 ----A---- C:\Windows\SYSWOW64\mfpmp.exe
2016-07-13 19:16:10 ----A---- C:\Windows\SYSWOW64\dmdskmgr.dll
2016-07-13 19:16:10 ----A---- C:\Windows\system32\winresume.exe
2016-07-13 19:16:10 ----A---- C:\Windows\system32\drivers\sdbus.sys
2016-07-13 19:16:09 ----A---- C:\Windows\SYSWOW64\ProximityCommon.dll
2016-07-13 19:16:09 ----A---- C:\Windows\SYSWOW64\ExecModelClient.dll
2016-07-13 19:16:09 ----A---- C:\Windows\system32\taskcomp.dll
2016-07-13 19:16:09 ----A---- C:\Windows\system32\sdengin2.dll
2016-07-13 19:16:09 ----A---- C:\Windows\system32\rasgcw.dll
2016-07-13 19:16:09 ----A---- C:\Windows\system32\PrintDialogs.dll
2016-07-13 19:16:09 ----A---- C:\Windows\system32\dot3ui.dll
2016-07-13 19:16:08 ----A---- C:\Windows\SYSWOW64\Windows.Storage.Search.dll
2016-07-13 19:16:08 ----A---- C:\Windows\SYSWOW64\duser.dll
2016-07-13 19:16:08 ----A---- C:\Windows\SYSWOW64\credprovs.dll
2016-07-13 19:16:08 ----A---- C:\Windows\system32\Windows.UI.dll
2016-07-13 19:16:08 ----A---- C:\Windows\system32\LegacyNetUXHost.exe
2016-07-13 19:16:08 ----A---- C:\Windows\system32\LegacyNetUX.dll
2016-07-13 19:16:07 ----A---- C:\Windows\SYSWOW64\WLanConn.dll
2016-07-13 19:16:07 ----A---- C:\Windows\SYSWOW64\wcnwiz.dll
2016-07-13 19:16:07 ----A---- C:\Windows\SYSWOW64\efswrt.dll
2016-07-13 19:16:07 ----A---- C:\Windows\system32\sdrsvc.dll
2016-07-13 19:16:07 ----A---- C:\Windows\system32\deviceaccess.dll
2016-07-13 19:16:06 ----A---- C:\Windows\SYSWOW64\Windows.Shell.Search.UriHandler.dll
2016-07-13 19:16:06 ----A---- C:\Windows\SYSWOW64\GlobCollationHost.dll
2016-07-13 19:16:06 ----A---- C:\Windows\system32\wiaaut.dll
2016-07-13 19:16:06 ----A---- C:\Windows\system32\sdshext.dll
2016-07-13 19:16:06 ----A---- C:\Windows\system32\PackageStateRoaming.dll
2016-07-13 19:16:06 ----A---- C:\Windows\system32\actxprxy.dll
2016-07-10 11:50:40 ----A---- C:\Windows\SYSWOW64\libAvcAvi.dll
2016-07-10 11:50:39 ----A---- C:\Windows\SYSWOW64\swscale-2.5.801.dll
2016-07-10 11:50:39 ----A---- C:\Windows\SYSWOW64\avutil-52.49.800.dll
2016-07-10 11:50:39 ----A---- C:\Windows\SYSWOW64\avformat-55.21.800.dll
2016-07-10 11:50:39 ----A---- C:\Windows\SYSWOW64\avcodec-55.40.801.dll
2016-07-10 11:50:38 ----A---- C:\Windows\SYSWOW64\Deinterlace.dll
2016-07-10 11:50:32 ----A---- C:\Windows\SYSWOW64\AVC_RTSP.dll
2016-07-10 11:50:32 ----A---- C:\Windows\SYSWOW64\AVC_PB.dll
2016-07-10 11:50:32 ----A---- C:\Windows\SYSWOW64\AVC_NATT.dll
2016-07-10 11:50:32 ----A---- C:\Windows\SYSWOW64\AVC_MPEG4.dll
2016-07-10 11:50:32 ----A---- C:\Windows\SYSWOW64\AVC_LIVE_DLL.dll
2016-07-10 11:50:32 ----A---- C:\Windows\SYSWOW64\AVC_JPEG.dll
2016-07-10 11:50:32 ----A---- C:\Windows\SYSWOW64\AVC_H264.dll
2016-07-10 11:47:01 ----N---- C:\Windows\SYSWOW64\XY_gdiplus.dll
2016-07-10 11:47:00 ----N---- C:\Windows\SYSWOW64\XY_quartz.dll
2016-07-10 11:47:00 ----N---- C:\Windows\SYSWOW64\XY_qedit.dll
2016-07-10 11:46:07 ----D---- C:\Program Files (x86)\VideoViewer
2016-07-10 11:45:23 ----A---- C:\psapi.dll
2016-07-10 11:45:21 ----A---- C:\Windows\SYSWOW64\msvcr71.dll
2016-07-10 11:45:21 ----A---- C:\Windows\SYSWOW64\msvcp71.dll
2016-07-10 11:45:21 ----A---- C:\Windows\SYSWOW64\MFC71.dll
2016-07-10 11:45:19 ----A---- C:\Windows\SYSWOW64\swscale-2.5.101.dll
2016-07-10 11:45:19 ----A---- C:\Windows\SYSWOW64\avutil-52.49.100.dll
2016-07-10 11:45:18 ----A---- C:\Windows\SYSWOW64\avformat-55.21.100.dll
2016-07-10 11:45:18 ----A---- C:\Windows\SYSWOW64\avcodec-55.40.101.dll
2016-07-10 11:45:17 ----A---- C:\Windows\SYSWOW64\msvcr71d.dll
2016-07-10 11:45:17 ----A---- C:\Windows\SYSWOW64\msvcp71d.dll
2016-07-10 11:45:16 ----A---- C:\Windows\SYSWOW64\ijl20.dll
2016-06-26 09:27:17 ----AD---- C:\Program Files (x86)\MetaTrader DEMO
2016-06-22 11:16:24 ----HD---- C:\ProgramData\CanonIJMIG
2016-06-22 11:15:45 ----HD---- C:\ProgramData\CanonIJScan

======List of files/folders modified in the last 1 month======

2016-07-18 09:45:18 ----RD---- C:\Program Files
2016-07-18 09:45:11 ----D---- C:\Windows\Prefetch
2016-07-18 09:45:02 ----D---- C:\Users\lada\AppData\Roaming\Skype
2016-07-18 09:33:27 ----D---- C:\Windows\System32
2016-07-18 09:33:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-07-18 09:33:26 ----D---- C:\Windows\INF
2016-07-18 09:30:27 ----RD---- C:\Program Files (x86)
2016-07-18 09:29:08 ----D---- C:\Windows\Temp
2016-07-18 09:28:56 ----D---- C:\ProgramData\NVIDIA
2016-07-18 09:28:37 ----D---- C:\Windows\system32\sru
2016-07-18 07:54:30 ----HD---- C:\ProgramData
2016-07-18 07:54:28 ----D---- C:\Windows\system32\Tasks
2016-07-17 21:41:03 ----D---- C:\Windows
2016-07-17 21:12:55 ----SHD---- C:\System Volume Information
2016-07-17 21:06:37 ----D---- C:\Windows\tracing
2016-07-17 21:06:37 ----D---- C:\Windows\system32\drivers
2016-07-17 20:53:41 ----D---- C:\Windows\Logs
2016-07-17 20:32:55 ----D---- C:\Windows\SYSWOW64\GroupPolicy
2016-07-17 16:51:36 ----D---- C:\Users\lada\AppData\Roaming\vlc
2016-07-17 13:06:28 ----D---- C:\Windows\AppReadiness
2016-07-17 11:31:00 ----D---- C:\Windows\Microsoft.NET
2016-07-16 14:14:13 ----D---- C:\Windows\rescache
2016-07-16 12:58:15 ----D---- C:\Windows\system32\config
2016-07-16 12:50:52 ----HD---- C:\Program Files\WindowsApps
2016-07-15 09:21:27 ----RD---- C:\Windows\assembly
2016-07-15 09:19:59 ----D---- C:\Windows\WinSxS
2016-07-15 09:17:36 ----D---- C:\Windows\system32\catroot2
2016-07-14 19:05:07 ----D---- C:\Windows\system32\DriverStore
2016-07-13 21:21:46 ----D---- C:\Windows\SYSWOW64\migration
2016-07-13 21:21:46 ----D---- C:\Windows\SYSWOW64\cs-CZ
2016-07-13 21:21:46 ----D---- C:\Windows\SysWOW64
2016-07-13 21:21:46 ----D---- C:\Windows\system32\wbem
2016-07-13 21:21:46 ----D---- C:\Windows\system32\oobe
2016-07-13 21:21:46 ----D---- C:\Windows\system32\migration
2016-07-13 21:21:46 ----D---- C:\Windows\system32\en-US
2016-07-13 21:21:46 ----D---- C:\Windows\system32\drivers\cs-CZ
2016-07-13 21:21:46 ----D---- C:\Windows\system32\cs-CZ
2016-07-13 21:21:46 ----D---- C:\Windows\system32\appraiser
2016-07-13 21:21:45 ----RD---- C:\Windows\PrintDialog
2016-07-13 21:21:45 ----D---- C:\Windows\Provisioning
2016-07-13 21:21:45 ----D---- C:\Windows\PolicyDefinitions
2016-07-13 21:21:44 ----RD---- C:\Windows\ImmersiveControlPanel
2016-07-13 21:21:44 ----RD---- C:\Windows\DevicesFlow
2016-07-13 21:21:44 ----D---- C:\Windows\bcastdvr
2016-07-13 21:21:44 ----D---- C:\Windows\AppPatch
2016-07-13 21:21:44 ----D---- C:\Program Files\Windows Photo Viewer
2016-07-13 21:21:44 ----D---- C:\Program Files\Windows Mail
2016-07-13 21:21:44 ----D---- C:\Program Files\Windows Journal
2016-07-13 21:21:44 ----D---- C:\Program Files\Windows Defender
2016-07-13 21:21:44 ----D---- C:\Program Files\Internet Explorer
2016-07-13 21:21:44 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2016-07-13 21:21:44 ----D---- C:\Program Files (x86)\Windows Mail
2016-07-13 21:21:44 ----D---- C:\Program Files (x86)\Windows Defender
2016-07-13 21:21:44 ----D---- C:\Program Files (x86)\Internet Explorer
2016-07-13 19:24:42 ----D---- C:\Windows\CbsTemp
2016-07-13 19:24:36 ----SHD---- C:\Windows\Installer
2016-07-13 19:24:35 ----D---- C:\ProgramData\Microsoft Help
2016-07-13 19:21:57 ----D---- C:\Windows\system32\MRT
2016-07-13 19:19:30 ----D---- C:\Windows\system32\Macromed
2016-07-13 19:19:19 ----D---- C:\Windows\SYSWOW64\Macromed
2016-07-13 19:19:15 ----A---- C:\Windows\system32\MRT.exe
2016-07-10 12:53:04 ----D---- C:\ProgramData\CanonIJPLM
2016-07-07 02:39:37 ----N---- C:\Windows\system32\MpSigStub.exe
2016-07-02 06:37:58 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-07-01 07:05:16 ----A---- C:\Windows\SYSWOW64\PrintConfig.dll
2016-06-27 19:21:13 ----AD---- C:\Program Files (x86)\Microsoft Office
2016-06-26 09:50:17 ----D---- C:\ProgramData\Adobe
2016-06-26 09:50:12 ----D---- C:\Program Files (x86)\Adobe
2016-06-26 09:50:11 ----D---- C:\Users\lada\AppData\Roaming\Adobe
2016-06-26 09:46:48 ----D---- C:\Program Files\Common Files\Adobe
2016-06-26 09:21:52 ----D---- C:\Program Files (x86)\Common Files
2016-06-22 11:16:22 ----D---- C:\Users\lada\AppData\Roaming\Canon

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\Windows\system32\drivers\filecrypt.sys [2016-04-23 87552]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\Windows\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R2 AODDriver4.3;AODDriver4.3; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2014-02-11 59616]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\Windows\system32\drivers\mmcss.sys [2015-10-30 47616]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\Windows\system32\drivers\storqosflt.sys [2015-10-30 78848]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2015-12-16 21648880]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2015-12-16 674288]
R3 AtiHDAudioService;@oem6.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdWT6.sys [2016-02-11 111120]
R3 E100B;@netefe3e.inf,%e100bnt.Service.DispName%;Intel(R) PRO Adapter Driver; C:\Windows\System32\drivers\efe5b32e.sys [2015-10-30 182656]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2016-03-10 27008]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2016-07-18 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2016-03-10 65408]
R3 NVHDA;@oem4.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2015-11-10 214168]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2015-11-10 11227280]
R3 usbaudio;@wdma_usb.inf,%USBAudio.SvcDesc%;Ovladač zvuků USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2015-10-30 131584]
S0 LSI_SAS2i;LSI_SAS2i; C:\Windows\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S0 LSI_SAS3i;LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S0 percsas2i;percsas2i; C:\Windows\System32\drivers\percsas2i.sys [2015-10-30 58208]
S0 percsas3i;percsas3i; C:\Windows\System32\drivers\percsas3i.sys [2015-10-30 58720]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\Windows\System32\drivers\storufs.sys [2015-10-30 34144]
S3 bcmfn;@bcmfn.inf,%bcmfn.SVCDESC%;bcmfn Service; C:\Windows\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\Windows\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\Windows\System32\drivers\capimg.sys [2015-11-22 117248]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\Windows\System32\drivers\genericusbfn.sys [2015-10-30 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\Windows\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\Windows\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\Windows\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 IoQos;@%SystemRoot%\system32\drivers\ioqos.sys,-100; C:\Windows\system32\drivers\ioqos.sys [2015-10-30 26624]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\Windows\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\Windows\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 ReFSv1;ReFSv1; C:\Windows\system32\drivers\ReFSv1.sys [2015-10-30 930656]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension; C:\Windows\System32\Drivers\UcmCx.sys [2016-04-23 63488]
S3 UcmUcsi;@UcmUcsi.inf,%UcmUcsi.ServiceName%;USB Connector Manager UCSI Client; C:\Windows\System32\drivers\UcmUcsi.sys [2015-10-30 46592]
S3 UdeCx;USB Device Emulation Support Library; C:\Windows\system32\drivers\udecx.sys [2015-10-30 45056]
S3 Ufx01000;USB Function Class Extension; C:\Windows\system32\drivers\ufx01000.sys [2016-05-28 258912]
S3 UfxChipidea;@ufxchipidea.inf,%UfxChipidea.ServiceName%;USB Chipidea Controller; C:\Windows\System32\drivers\UfxChipidea.sys [2015-10-30 94048]
S3 ufxsynopsys;@ufxsynopsys.inf,%ufxsynopsys.ServiceName%;USB Synopsys Controller; C:\Windows\System32\drivers\ufxsynopsys.sys [2016-04-23 131424]
S3 UrsCx01000;USB Role-Switch Support Library; C:\Windows\system32\drivers\urscx01000.sys [2015-10-30 57696]
S3 UrsChipidea;@urschipidea.inf,%UrsChipidea.ServiceName%;Chipidea USB Role-Switch Driver; C:\Windows\System32\drivers\urschipidea.sys [2015-10-30 28512]
S3 UrsSynopsys;@urssynopsys.inf,%UrsSynopsys.ServiceName%;Synopsys USB Role-Switch Driver; C:\Windows\System32\drivers\urssynopsys.sys [2015-10-30 27488]
S3 usbser;@usbser.inf,%UsbSerial.DriverDesc%;Microsoft USB Serial Driver; C:\Windows\System32\drivers\usbser.sys [2016-04-23 67072]
S3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2015-10-30 221184]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-09-24 81088]
R2 AGSService;Adobe Genuine Software Integrity Service; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016-04-05 2021592]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2015-12-16 255472]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2015-11-04 351944]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\Windows\system32\svchost.exe [2015-10-30 43944]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\Windows\System32\svchost.exe [2015-10-30 43944]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2013-05-14 140936]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-03-10 1136608]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-03-10 1514464]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-11-05 938616]
R2 OneSyncSvc_2b4d2;Hostitel synchronizace_2b4d2; C:\Windows\system32\svchost.exe [2015-10-30 43944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-11-05 417400]
R2 TeamViewer;TeamViewer 11; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2016-05-12 7032080]
R2 tiledatamodelsvc;@%SystemRoot%\system32\tileobjserver.dll,-1; C:\Windows\system32\svchost.exe [2015-10-30 43944]
R2 UserManager;@%systemroot%\system32\usermgr.dll,-100; C:\Windows\system32\svchost.exe [2015-10-30 43944]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\Windows\system32\svchost.exe [2015-10-30 43944]
R3 UsoSvc;@%systemroot%\system32\usocore.dll,-102; C:\Windows\system32\svchost.exe [2015-10-30 43944]
S2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\Windows\system32\svchost.exe [2015-10-30 43944]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\Windows\System32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\Windows\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_210fe;Hostitel synchronizace_210fe; C:\Windows\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_78d7fa1;Hostitel synchronizace_78d7fa1; C:\Windows\system32\svchost.exe [2015-10-30 43944]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-03-23 327808]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-13 270016]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\Windows\system32\svchost.exe [2015-10-30 43944]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2015-10-30 43944]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\Windows\System32\svchost.exe [2015-10-30 43944]
S3 DcpSvc;@%SystemRoot%\system32\dcpsvc.dll,-3001; C:\Windows\System32\svchost.exe [2015-10-30 43944]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\Windows\system32\svchost.exe [2015-10-30 43944]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\Windows\system32\svchost.exe [2015-10-30 43944]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\Windows\system32\svchost.exe [2015-10-30 43944]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\Windows\System32\svchost.exe [2015-10-30 43944]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-200; C:\Windows\System32\svchost.exe [2015-10-30 43944]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\Windows\system32\svchost.exe [2015-10-30 43944]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2015-10-23 43696]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\Windows\system32\svchost.exe [2015-10-30 43944]
S3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\Windows\System32\svchost.exe [2015-10-30 43944]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\Windows\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_210fe;Služba zasílání zpráv_210fe; C:\Windows\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_2b4d2;Služba zasílání zpráv_2b4d2; C:\Windows\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_78d7fa1;Služba zasílání zpráv_78d7fa1; C:\Windows\system32\svchost.exe [2015-10-30 43944]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-06-24 146888]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\Windows\System32\svchost.exe [2015-10-30 43944]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\Windows\system32\svchost.exe [2015-10-30 43944]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\Windows\system32\svchost.exe [2015-10-30 43944]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\Windows\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\Windows\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_210fe;Data kontaktů_210fe; C:\Windows\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_2b4d2;Data kontaktů_2b4d2; C:\Windows\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_78d7fa1;Data kontaktů_78d7fa1; C:\Windows\system32\svchost.exe [2015-10-30 43944]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\Windows\System32\svchost.exe [2015-10-30 43944]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\Windows\System32\SensorDataService.exe [2015-10-30 1297408]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\Windows\system32\svchost.exe [2015-10-30 43944]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\Windows\system32\svchost.exe [2015-10-30 43944]
S3 TieringEngineService;@%SystemRoot%\system32\TieringEngineService.exe,-702; C:\Windows\system32\TieringEngineService.exe [2015-10-30 290304]
S3 UnistoreSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-10003; C:\Windows\System32\svchost.exe [2015-10-30 43944]
S3 UnistoreSvc_210fe;Úložiště uživatelských dat_210fe; C:\Windows\System32\svchost.exe [2015-10-30 43944]
S3 UnistoreSvc_2b4d2;Úložiště uživatelských dat_2b4d2; C:\Windows\System32\svchost.exe [2015-10-30 43944]
S3 UnistoreSvc_78d7fa1;Úložiště uživatelských dat_78d7fa1; C:\Windows\System32\svchost.exe [2015-10-30 43944]
S3 UserDataSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-14001; C:\Windows\system32\svchost.exe [2015-10-30 43944]
S3 UserDataSvc_210fe;Přístup k uživatelským datům_210fe; C:\Windows\system32\svchost.exe [2015-10-30 43944]
S3 UserDataSvc_2b4d2;Přístup k uživatelským datům_2b4d2; C:\Windows\system32\svchost.exe [2015-10-30 43944]
S3 UserDataSvc_78d7fa1;Přístup k uživatelským datům_78d7fa1; C:\Windows\system32\svchost.exe [2015-10-30 43944]
S4 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\Windows\system32\svchost.exe [2015-10-30 43944]
S4 tzautoupdate;@%SystemRoot%\system32\tzautoupdate.dll,-200; C:\Windows\system32\svchost.exe [2015-10-30 43944]

-----------------EOF-----------------

[Rudy]

Zdravím!
Proveďte následující skeny:

1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

[copus]

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by lada on 18.07.2016 at 21:24:36,55.
Microsoft Windows 10 Home 10.0.10586 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\lada\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

18.07.2016 21:25:14 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\Mail.Ru deleted successfully
C:\PROGRA~3\Canon IJ Network Tool deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\lada\AppData\Local\ActiveSync deleted successfully
C:\Users\lada\AppData\Local\fupdate deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1469562133-85510252-2142767313-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA837F48-5AD1-443E-AE34-FFE03CBF3099} deleted successfully
HKEY_USERS\S-1-5-21-1469562133-85510252-2142767313-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA837F48-5AD1-443E-AE34-FFE03CBF3099} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EA837F48-5AD1-443E-AE34-FFE03CBF3099} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\lada\AppData\Roaming\Mozilla\Firefox\Profiles\30fd6y3d.default\prefs.js:
user_pref("browser.startup.homepage", "https://mail.ru/cnt/11956636?fr=ffhp1.0.2&gp=811009");
user_pref("browser.search.defaultenginename", "Поиск@Mail.Ru");
user_pref("browser.search.selectedEngine", "Поиск@Mail.Ru");
user_pref("keyword.URL", "http://go.mail.ru/distib/ep/?product_id ... &gp=811010");
user_pref("browser.search.useDBForOrder", false);

Added to C:\Users\lada\AppData\Roaming\Mozilla\Firefox\Profiles\30fd6y3d.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Mail.Ru not found
C:\Users\lada\AppData\Local\Mail.Ru deleted
C:\Users\lada\AppData\Roaming\WhatsApp deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\lada\AppData\Local\Unity deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\lada\AppData\LocalLow\Unity deleted
C:\Windows\Reimage.ini deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\lada\AppData\Roaming\Mozilla\Firefox\Profiles\30fd6y3d.default\extensions\homepage@mail.ru deleted
C:\Users\lada\AppData\Roaming\Mozilla\Firefox\Profiles\30fd6y3d.default\extensions\search@mail.ru deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\lada\AppData\Roaming\Mozilla\Firefox\Profiles\30fd6y3d.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\lada\AppData\Roaming\Mozilla\Firefox\Profiles\30fd6y3d.default
- @Mail.Ru - %ProfilePath%\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}
- S3.Google Translator - %ProfilePath%\extensions\s3google@translator.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\lada\AppData\Roaming\Mozilla\Firefox\Profiles\30fd6y3d.default
62D98B286C805E193568037B70D936D2 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll - Shockwave Flash


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\lada\AppData\Local\Google\Chrome deleted

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://mail.ru/cnt/10445?gp=811013"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://mail.ru/cnt/10445?gp=811013"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IESR02
HKCU\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} - http://go.mail.ru/distib/ep/?q={SearchT ... &gp=811014

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1469562133-85510252-2142767313-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E8F97CD-60B5-456F-A201-73065652D099} deleted successfully
HKEY_USERS\S-1-5-21-1469562133-85510252-2142767313-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E8F97CD-60B5-456F-A201-73065652D099} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1469562133-85510252-2142767313-1001\SOFTWARE\Microsoft\Internet Explorer\Approved Extensions\{8E8F97CD-60B5-456F-A201-73065652D099} deleted successfully

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\lada\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\lada\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\lada\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\lada\AppData\Local\Microsoft\Windows\INetCache\IE\FRXUMPEL will be deleted at reboot
C:\Users\lada\AppData\Local\Microsoft\Windows\INetCache\IE\JHKKSJM4 will be deleted at reboot
C:\Users\lada\AppData\Local\Microsoft\Windows\INetCache\IE\YUMF0DJT will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\lada\AppData\Local\Mozilla\Firefox\Profiles\30fd6y3d.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome Cache found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=102 folders=74 59171040 bytes)

==== Empty Temp Folders ======================

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\lada\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\lada\AppData\Local\Microsoft\Windows\INetCache\IE\FRXUMPEL" not found
"C:\Users\lada\AppData\Local\Microsoft\Windows\INetCache\IE\JHKKSJM4" not found
"C:\Users\lada\AppData\Local\Microsoft\Windows\INetCache\IE\YUMF0DJT" not found

==== EOF on 18.07.2016 at 21:42:53,64 ======================
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Home x64
Ran by lada (Administrator) on 18.07.2016 at 21:45:11,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 3

Successfully deleted: C:\Users\lada\AppData\Roaming\mailproducts (Folder)
Successfully deleted: C:\Users\lada\AppData\Roaming\Mozilla\Firefox\Profiles\30fd6y3d.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} (Folder)
Successfully deleted: C:\Users\lada\AppData\Roaming\Mozilla\Firefox\Profiles\30fd6y3d.default\searchplugins\mailru.xml (File)

Deleted the following from C:\Users\lada\AppData\Roaming\Mozilla\Firefox\Profiles\30fd6y3d.default\prefs.js
user_pref(extensions.{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}.go_metric_url, hxxp://go.mail.ru/distib/mark/?product_id=%7B0AB6B177-4464-41F8-B9D0-8D9D627939AF%7D&install_id=%
user_pref(extensions.{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}.mrds_metric_url, hxxp://mrds.mail.ru/update/2/version.txt?type=product_online_metric&product_id=%7B0AB6B177-4464
user_pref(extensions.homepage@mail.ru.go_metric_url, hxxp://go.mail.ru/distib/mark/?product_id=%7B7E2AA986-CB20-436B-9024-22F4E32B873C%7D&install_id=%7B52B8BA62-EF33-4CEA-B
user_pref(extensions.homepage@mail.ru.install_id, {52B8BA62-EF33-4CEA-B3A9-D6B9E35870F7});
user_pref(extensions.homepage@mail.ru.lastHomepage, about:home);
user_pref(extensions.homepage@mail.ru.lastPageType, 1);
user_pref(extensions.homepage@mail.ru.metric_state_go_metric, {\lastDayNumber\:2,\lastDayDate\:\2016-07-18T00:00:00.000Z\});
user_pref(extensions.homepage@mail.ru.metric_state_installPartnerMetric, {\wasSent\:true});
user_pref(extensions.homepage@mail.ru.metric_state_mrds_metric, {\lastDayNumber\:2,\lastDayDate\:\2016-07-18T00:00:00.000Z\});
user_pref(extensions.homepage@mail.ru.mrds_metric_url, hxxp://mrds.mail.ru/update/2/version.txt?type=product_online_metric&product_id=%7B7E2AA986-CB20-436B-9024-22F4E32B873
user_pref(extensions.homepage@mail.ru.partner_product_online_url, hxxp://gmnqmaslecsyim.yeahpleasure.ru/affect?hetag=ea64a6ebbcda84a4c0441798c3a04d9c&guid={guid}&did=251046
user_pref(extensions.homepage@mail.ru.product_id, {7E2AA986-CB20-436B-9024-22F4E32B873C});
user_pref(extensions.homepage@mail.ru.product_type, ff_xtnhp);
user_pref(extensions.homepage@mail.ru.rfr, 811009);
user_pref(extensions.search@mail.ru.go_metric_url, hxxp://go.mail.ru/distib/mark/?product_id=%7BC8494179-EA6C-4F4D-9B82-7CAB63B68F39%7D&install_id=%7B52B8BA62-EF33-4CEA-B3A
user_pref(extensions.search@mail.ru.install_id, {52B8BA62-EF33-4CEA-B3A9-D6B9E35870F7});
user_pref(extensions.search@mail.ru.metric_state_go_metric, {\lastDayNumber\:2,\lastDayDate\:\2016-07-18T00:00:00.000Z\});
user_pref(extensions.search@mail.ru.metric_state_installPartnerMetric, {\wasSent\:true});
user_pref(extensions.search@mail.ru.metric_state_mrds_metric, {\lastDayNumber\:2,\lastDayDate\:\2016-07-18T00:00:00.000Z\});
user_pref(extensions.search@mail.ru.mrds_metric_url, hxxp://mrds.mail.ru/update/2/version.txt?type=product_online_metric&product_id=%7BC8494179-EA6C-4F4D-9B82-7CAB63B68F39%
user_pref(extensions.search@mail.ru.partner_product_online_url, hxxp://gmnqmaslecsyim.yeahpleasure.ru/affect?hetag=ea64a6ebbcda84a4c0441798c3a04d9c&guid={guid}&did=25104644
user_pref(extensions.search@mail.ru.product_id, {C8494179-EA6C-4F4D-9B82-7CAB63B68F39});
user_pref(extensions.search@mail.ru.product_type, ff_xtndse);
user_pref(extensions.search@mail.ru.rfr, 811010);
user_pref(extensions.xpiState, {\app-profile\:{\homepage@mail.ru\:{\d\:\C:\\\\Users\\\\lada\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\30fd6y3d.defau



Registry: 3

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.07.2016 at 21:46:08,29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[copus]

Už to nedělá,děkuji moc.

[Rudy]

To jsem rád. Nemáte zač!