Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Adware?

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Matlajs
Návštěvník
Návštěvník
Příspěvky: 11
Registrován: 06 bře 2016 12:43

Adware?

#1 Příspěvek od Matlajs »

Dobrý den. Předevčírem jsem začal mír problémy s malwarem typu DNS Unlocker atp, který mi harašil s prohlížečem. Strávil jsem celý den čtením různých článků a doporučení, zkoušel různé anti-programy. Nakonec mi Malwarebytes dokázal vymazat slušnou většinu toho šmejdu, ale když si zapnu scan na Spyhunteru!bohužel nemam placenou) tak mi stále detekuje bordel typu Money Viking, Adware helper atp, což nejspíš neni v databázi Avastu ani MBAMu , který používám(jejich scany jsou čisté). Zkoušel jsem toho víc: Spybot:searchand destroy, zkoušel jsem Ad Aware antivir, projel jsem to naivně W:defenderem(offline) na flashce. Bitdefender taktéž nic nenašel. Všechen ten šmejd je v registrech, nevim už co použít abych se toho zbavil.
Nahoru
Matlajs
Návštěvník
Návštěvník
Příspěvky: 11
Registrován: 06 bře 2016 12:43

Re: Adware?

#2 Příspěvek od Matlajs »

zde je scan z FRST, nevyznam se v tom tak pokud požadujete ještě něco jiného,řekněte

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Marcus (administrator) on MARCUS-PC (06-03-2016 15:02:14)
Running from C:\Users\Marcus\Desktop
Loaded Profiles: Marcus (Available Profiles: Marcus)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-24] (Avast Software s.r.o.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\MountPoints2: F - F:\autorun.exe
HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\MountPoints2: {447062fc-b944-11e4-8a7a-806e6f6e6963} - D:\Launch.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-02-23] (Microsoft Corporation)
IFEO\CNC3.exe: [Debugger]
IFEO\CNC3EP1.exe: [Debugger] C:\Program Files (x86)\Revora\CNCOnline\cnconline.exe
IFEO\generals.exe: [Debugger]
IFEO\RA3.exe: [Debugger]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-24] (Avast Software s.r.o.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1168840733-3772592448-2830392990-1001] => localhost:8080
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{D23B4B5F-F3A7-4E98-878F-6C2656235529}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-24] (Avast Software s.r.o.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-19] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-24] (Avast Software s.r.o.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-19] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]

Chrome:
=======
CHR Profile: C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-20]
CHR Extension: (Dokumenty Google) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-20]
CHR Extension: (Disk Google) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Vyhledávání Google) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tabulky Google) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-20]
CHR Extension: (Dokumenty Google offline) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (AdBlock) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (Gmail) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Profile: C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Prezentace Google) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-22]
CHR Extension: (Dokumenty Google) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-23]
CHR Extension: (Disk Google) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-23]
CHR Extension: (YouTube) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-23]
CHR Extension: (Vyhledávání Google) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-23]
CHR Extension: (Tabulky Google) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-22]
CHR Extension: (Dokumenty Google offline) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-23]
CHR Extension: (AdBlock) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-24]
CHR Extension: (Avast Online Security) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-22]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-22]
CHR Extension: (Gmail) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-07]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-24] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-06-24] (Avast Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-17] (Electronic Arts)
S4 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1042304 2016-03-05] (Enigma Software Group USA, LLC.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-24] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-24] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-24] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-24] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-24] ()
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [94720 2014-06-21] (Advanced Micro Devices) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-02-22] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2016-03-05] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-05] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-06] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-06-24] (Avast Software)
S3 MSICDSetup; \??\D:\CDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-06 15:02 - 2016-03-06 15:02 - 00015816 _____ C:\Users\Marcus\Desktop\FRST.txt
2016-03-06 15:00 - 2016-03-06 15:00 - 02374144 _____ (Farbar) C:\Users\Marcus\Desktop\FRST64.exe
2016-03-06 14:00 - 2016-03-06 14:56 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2016-03-06 14:00 - 2016-03-06 14:00 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2016-03-06 13:59 - 2016-03-06 14:00 - 00700584 _____ C:\Users\Marcus\Downloads\Adware_Removal_Tool_by_TSA.exe
2016-03-06 13:45 - 2016-03-06 13:45 - 00000000 ____D C:\SUPERDelete
2016-03-06 13:33 - 2016-03-06 13:33 - 24917712 _____ (SUPERAntiSpyware) C:\Users\Marcus\Downloads\SUPERAntiSpywarePro.exe
2016-03-06 10:28 - 2016-03-06 14:49 - 00000000 ____D C:\AdwCleaner
2016-03-06 10:18 - 2016-03-06 10:19 - 01518592 _____ C:\Users\Marcus\Desktop\adwcleaner_5.037.exe
2016-03-06 04:23 - 2016-03-06 04:23 - 00000000 ____D C:\Windows\Microsoft Antimalware
2016-03-06 01:39 - 2016-03-06 15:02 - 00000000 ____D C:\FRST
2016-03-06 01:37 - 2016-03-06 01:37 - 00000085 _____ C:\Windows\wininit.ini
2016-03-06 00:43 - 2016-03-06 14:21 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-06 00:42 - 2016-03-06 01:08 - 00001100 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-06 00:42 - 2016-03-06 00:42 - 22908888 _____ (Malwarebytes ) C:\Users\Marcus\Downloads\mbam-setup-2.2.0.1024.exe
2016-03-06 00:42 - 2016-03-06 00:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-06 00:42 - 2016-03-06 00:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-06 00:42 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-06 00:42 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-06 00:42 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-05 22:47 - 2016-03-05 19:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20160305-224718.backup
2016-03-05 19:03 - 2016-03-05 19:03 - 00016434 _____ C:\Users\Marcus\Documents\cc_20160305_190259.reg
2016-03-05 17:41 - 2016-03-05 17:41 - 00000000 ____D C:\Users\Marcus\Documents\ProcAlyzer Dumps
2016-03-05 16:40 - 2016-03-05 16:39 - 00451004 ____R C:\Windows\system32\Drivers\etc\hosts.20160305-164018.backup
2016-03-05 16:39 - 2009-06-10 22:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20160305-163942.backup
2016-03-05 16:34 - 2016-03-05 16:34 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-03-05 16:33 - 2016-03-06 09:43 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-03-05 16:33 - 2016-03-06 01:37 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-03-05 16:31 - 2016-03-05 16:32 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Marcus\Downloads\spybot-2.4.exe
2016-03-05 15:38 - 2016-03-05 15:38 - 00000000 _____ C:\autoexec.bat
2016-03-05 15:37 - 2016-03-06 01:07 - 00001131 _____ C:\Users\Marcus\Desktop\SpyHunter.lnk
2016-03-05 15:37 - 2016-03-05 15:37 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Enigma Software Group
2016-03-05 15:37 - 2016-03-05 15:37 - 00000000 ____D C:\sh4ldr
2016-03-05 15:36 - 2016-03-05 15:36 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-03-05 15:36 - 2016-03-05 15:36 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-03-05 15:34 - 2016-03-05 15:35 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Marcus\Downloads\SpyHunter-Installer.exe
2016-03-05 00:38 - 2016-03-05 00:38 - 00003728 _____ C:\Windows\System32\Tasks\{1954CF0F-6BC0-0C49-069E-ACFF46188234}
2016-03-04 20:11 - 2016-03-06 01:07 - 00001811 _____ C:\Users\Marcus\Desktop\DLV 60.lnk
2016-03-04 20:11 - 2016-03-04 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deus lo Vult 6.0
2016-03-04 18:56 - 2016-03-04 19:05 - 225630683 _____ (repman, repman@rep.de) C:\Users\Marcus\Downloads\DLV_Patch_62.exe
2016-03-04 13:58 - 2016-03-04 14:43 - 1325785424 _____ (repman, rep@rep.rep) C:\Users\Marcus\Downloads\DLV_60.exe
2016-03-04 13:57 - 2016-03-04 13:57 - 00013007 _____ C:\Users\Marcus\Downloads\DLV_60.exe.torrent
2016-03-03 21:46 - 2014-12-26 22:42 - 00000000 ____D C:\Users\Marcus\Downloads\data
2016-03-03 21:17 - 2016-03-03 21:17 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sega
2016-03-03 14:55 - 2016-03-03 15:07 - 980750954 _____ C:\Users\Marcus\Downloads\Johanka z Arku 2.díl CZ dabing (1999).avi
2016-03-03 09:00 - 2016-03-03 09:06 - 982804514 _____ C:\Users\Marcus\Downloads\Johanka z Arku 1.díl CZ dabing (1999).avi
2016-03-03 07:44 - 2016-03-03 07:50 - 1017688690 _____ C:\Users\Marcus\Downloads\Johanka z Arku (1999) CZ dabing.avi
2016-03-01 20:15 - 2016-03-01 20:17 - 10213128 _____ C:\Users\Marcus\Downloads\Bellum Crucis 6.3 Manual ENG.pdf
2016-03-01 17:17 - 2016-03-01 17:17 - 00000000 ___HD C:\Program Files (x86)\InstallJammer Registry
2016-03-01 16:30 - 2016-03-01 17:01 - 617720273 _____ () C:\Users\Marcus\Downloads\Setup (2).exe
2016-02-29 18:26 - 2016-03-06 01:08 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-29 18:26 - 2016-03-06 01:08 - 00002041 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-02-29 18:26 - 2016-02-29 18:26 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-02-29 12:05 - 2016-02-29 12:10 - 266430420 _____ C:\Users\Marcus\Downloads\Bellum Crucis 7 - Enhanced Sub-Mod.7z
2016-02-29 11:46 - 2016-02-29 11:56 - 801387727 _____ C:\Users\Marcus\Downloads\BC7 MP.7z
2016-02-29 11:43 - 2007-11-19 12:57 - 25194496 ____R (The Creative Assembly Ltd) C:\Users\Marcus\Downloads\medieval2.exe
2016-02-29 11:42 - 2016-02-29 11:42 - 07393609 _____ C:\Users\Marcus\Downloads\MEDIEVAL.2.TW.V1.3.ALL.PROPHET.NODVD (1).ZIP
2016-02-29 11:41 - 2016-02-29 11:41 - 07393609 _____ C:\Users\Marcus\Downloads\Nepotvrzeno 823361.crdownload
2016-02-29 11:40 - 2016-02-29 11:40 - 07391765 _____ C:\Users\Marcus\Downloads\Nepotvrzeno 446077.crdownload
2016-02-29 11:39 - 2016-02-29 11:40 - 07391765 _____ C:\Users\Marcus\Downloads\Nepotvrzeno 351084.crdownload
2016-02-29 07:23 - 2016-03-01 17:51 - 00000000 ____D C:\Users\Marcus\Desktop\saves
2016-02-29 07:12 - 2016-02-29 07:12 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2016-02-29 07:10 - 2008-06-10 07:04 - 19972096 _____ (The Creative Assembly Ltd) C:\Users\Marcus\Downloads\kingdoms.exe
2016-02-29 07:10 - 2008-06-09 22:48 - 00008076 _____ C:\Users\Marcus\Downloads\mtwk-dtn.nfo
2016-02-29 07:09 - 2016-02-29 07:09 - 04661135 _____ C:\Users\Marcus\Downloads\mtwk-dtn.7z.[gcw]
2016-02-29 06:55 - 2008-04-09 13:36 - 00000000 ____D C:\Users\Marcus\Downloads\TW_GOLD_Kingdoms_Patch_UK
2016-02-29 06:52 - 2016-02-29 06:54 - 122116885 _____ C:\Users\Marcus\Downloads\TW_GOLD_Kingdoms_Patch_UK (1).rar
2016-02-29 06:44 - 2016-02-29 06:44 - 00000000 ____D C:\Program Files (x86)\SEGA
2016-02-29 06:22 - 2016-02-29 06:22 - 00000000 ____D C:\Users\Marcus\Desktop\westerosaves
2016-02-28 17:31 - 2016-02-28 17:36 - 85049699 _____ C:\Users\Marcus\Downloads\G5_Settlement_Tweaks.7z
2016-02-28 17:31 - 2016-02-28 17:31 - 00000403 _____ C:\Users\Marcus\Downloads\Instructions.txt
2016-02-28 17:30 - 2016-02-28 17:30 - 00329545 _____ C:\Users\Marcus\Downloads\Titanium_Alpha_v0.85_Patch2.7z
2016-02-28 17:28 - 2016-02-28 17:29 - 18543394 _____ C:\Users\Marcus\Downloads\Titanium_Alpha_v0.85_Patch1.7z
2016-02-28 17:25 - 2015-09-26 12:17 - 00000000 ____D C:\Users\Marcus\Downloads\Titanium_Alpha
2016-02-28 17:09 - 2016-02-28 17:18 - 199445622 _____ C:\Users\Marcus\Downloads\Titanium_Alpha_v0.85.7z
2016-02-28 14:44 - 2016-02-28 14:44 - 00000000 ____D C:\Users\Marcus\Downloads\text
2016-02-28 14:39 - 2016-02-28 14:39 - 00000000 ____D C:\Users\Marcus\Downloads\Bellum Crucis 7 - Enhanced Sub-Mod
2016-02-28 13:47 - 2016-02-28 13:47 - 01862745 _____ C:\Users\Marcus\Downloads\English Text Fix.7z
2016-02-28 13:06 - 2016-02-28 13:06 - 05965994 _____ C:\Users\Marcus\Downloads\Bugfixer1_BC7_01012015.7z
2016-02-27 21:03 - 2016-03-06 01:08 - 00001762 _____ C:\Users\Public\Desktop\Defraggler.lnk
2016-02-27 21:03 - 2016-02-27 21:03 - 00000000 ____D C:\Program Files\Defraggler
2016-02-27 21:01 - 2016-02-27 21:02 - 04527736 _____ (Piriform Ltd) C:\Users\Marcus\Downloads\dfsetup220.exe
2016-02-27 21:01 - 2016-02-27 21:02 - 04527736 _____ (Piriform Ltd) C:\Users\Marcus\Downloads\dfsetup220 (1).exe
2016-02-27 21:01 - 2016-02-27 21:01 - 00266098 _____ C:\Users\Marcus\Documents\zaloha registru.reg
2016-02-27 20:54 - 2016-03-06 01:08 - 00000860 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-02-27 20:54 - 2016-02-27 20:54 - 00002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-02-27 20:54 - 2016-02-27 20:54 - 00000000 ____D C:\Program Files\CCleaner
2016-02-27 20:53 - 2016-02-27 20:53 - 06837784 _____ (Piriform Ltd) C:\Users\Marcus\Downloads\ccsetup515.exe
2016-02-27 20:41 - 2016-02-27 20:41 - 00000000 ____D C:\Users\Marcus\Documents\Smart PC Utilities
2016-02-27 20:36 - 2016-03-06 01:08 - 00002300 _____ C:\Users\Public\Desktop\PC Services Optimizer.lnk
2016-02-27 20:36 - 2016-02-27 20:36 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2016-02-27 20:36 - 2016-02-27 20:36 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Smart PC Utilities
2016-02-27 20:36 - 2016-02-27 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart PC Utilities
2016-02-27 20:36 - 2016-02-27 20:36 - 00000000 ____D C:\Program Files (x86)\Smart PC Utilities
2016-02-27 20:35 - 2016-02-27 20:35 - 06697319 _____ (Smart PC Utilities ) C:\Users\Marcus\Downloads\servicesoptimizer_1594.exe
2016-02-27 20:22 - 2016-02-27 20:22 - 00000000 ____D C:\Windows\pss
2016-02-27 18:07 - 2016-02-27 18:07 - 00041984 _____ (Lee 'FordGT90Concept' Glasser) C:\Users\Marcus\Downloads\Large Address Aware.exe
2016-02-27 17:47 - 2016-02-27 17:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-02-27 17:47 - 2016-02-27 17:47 - 00000000 ____D C:\Program Files\7-Zip
2016-02-27 17:46 - 2016-02-27 17:47 - 01371668 _____ (Igor Pavlov) C:\Users\Marcus\Downloads\7z1514-x64.exe
2016-02-27 16:29 - 2016-02-27 16:29 - 00242206 _____ C:\Users\Marcus\Downloads\Bellum_Crucis_7.0.zip.torrent
2016-02-20 16:37 - 2016-02-20 16:40 - 00000208 _____ C:\Users\Marcus\Desktop\ts servery.txt
2016-02-19 08:50 - 2016-02-19 08:53 - 711225344 _____ C:\Users\Marcus\Downloads\Cerna smrt (2010) CZ.avi
2016-02-18 17:34 - 2016-02-18 17:36 - 29190912 _____ C:\Users\Marcus\Downloads\BugFix_Compilation_v1.27.7z
2016-02-18 15:52 - 2016-02-29 07:11 - 00000000 ____D C:\Users\Marcus\AppData\Local\ApplicationHistory
2016-02-18 15:52 - 2016-02-18 15:52 - 00000094 _____ C:\Users\Marcus\AppData\Local\fusioncache.dat
2016-02-18 08:44 - 2016-02-18 08:44 - 00003230 _____ C:\Windows\System32\Tasks\{D23D84CA-8811-4DBC-9CE4-1B3A35BA6B5E}
2016-02-18 08:29 - 2016-02-18 08:30 - 122116885 _____ C:\Users\Marcus\Downloads\TW_GOLD_Kingdoms_Patch_UK.rar
2016-02-18 07:53 - 2016-02-18 07:53 - 00000000 ____D C:\Windows\SysWOW64\URTTEMP
2016-02-18 07:52 - 2016-03-03 21:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA
2016-02-17 08:06 - 2016-02-17 08:06 - 00013119 _____ C:\Users\Marcus\Downloads\Stainless Steel 6.4 patch.torrent
2016-02-17 08:05 - 2016-02-17 08:05 - 00012912 _____ C:\Users\Marcus\Downloads\SS6.3.torrent
2016-02-17 07:53 - 2016-02-17 08:00 - 1239224730 _____ C:\Users\Marcus\Downloads\Vlk z Wallstreet (2013) CZ.avi
2016-02-16 07:03 - 2016-02-16 07:08 - 843966464 _____ C:\Users\Marcus\Downloads\Muz-se-zeleznou-maskou-cz.avi
2016-02-12 00:22 - 2016-02-12 00:27 - 842371570 _____ C:\Users\Marcus\Downloads\Slídil--Nightcrawler (2014) BDRip CZ DABING.avi
2016-02-10 14:24 - 2016-02-06 11:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-10 14:24 - 2016-02-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-10 14:24 - 2016-02-06 11:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-10 14:24 - 2016-02-06 11:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-10 14:24 - 2016-02-06 11:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-10 14:24 - 2016-02-06 11:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-10 14:24 - 2016-02-06 10:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-10 14:24 - 2016-02-06 10:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-10 14:24 - 2016-02-06 10:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-10 14:24 - 2016-02-06 10:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-10 14:24 - 2016-02-06 10:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-10 14:24 - 2016-02-06 10:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-10 14:24 - 2016-02-06 10:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-10 14:24 - 2016-02-06 09:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-10 14:24 - 2016-01-06 20:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-10 14:24 - 2016-01-06 19:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-10 14:23 - 2016-01-22 21:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-10 14:23 - 2016-01-22 21:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-10 14:23 - 2016-01-22 07:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-10 14:23 - 2016-01-22 07:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-10 14:23 - 2016-01-22 07:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-10 14:23 - 2016-01-22 07:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-10 14:23 - 2016-01-22 07:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-10 14:23 - 2016-01-22 07:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-10 14:23 - 2016-01-22 07:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-10 14:23 - 2016-01-22 07:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-10 14:23 - 2016-01-22 07:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-10 14:23 - 2016-01-22 07:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-10 14:23 - 2016-01-22 07:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-10 14:23 - 2016-01-22 07:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-10 14:23 - 2016-01-22 07:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-10 14:23 - 2016-01-22 07:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-10 14:23 - 2016-01-22 07:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-10 14:23 - 2016-01-22 07:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-10 14:23 - 2016-01-22 07:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-10 14:23 - 2016-01-22 07:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-10 14:23 - 2016-01-22 07:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-10 14:23 - 2016-01-22 07:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-10 14:23 - 2016-01-22 07:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-02-10 14:23 - 2016-01-22 07:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-02-10 14:23 - 2016-01-22 07:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-02-10 14:23 - 2016-01-22 07:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-10 14:23 - 2016-01-22 07:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-02-10 14:23 - 2016-01-22 06:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-10 14:23 - 2016-01-22 06:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-02-10 14:23 - 2016-01-22 06:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-10 14:23 - 2016-01-22 06:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-02-10 14:23 - 2016-01-22 06:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-10 14:23 - 2016-01-22 06:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-10 14:23 - 2016-01-22 06:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-10 14:23 - 2016-01-22 06:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-10 14:23 - 2016-01-22 06:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-10 14:23 - 2016-01-22 06:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-02-10 14:23 - 2016-01-22 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-10 14:23 - 2016-01-22 06:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-02-10 14:23 - 2016-01-22 06:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-02-10 14:23 - 2016-01-22 06:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-10 14:23 - 2016-01-22 06:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-02-10 14:23 - 2016-01-22 06:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-02-10 14:23 - 2016-01-22 06:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-02-10 14:23 - 2016-01-22 06:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-10 14:23 - 2016-01-22 06:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-10 14:23 - 2016-01-22 06:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-10 14:23 - 2016-01-22 06:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-10 14:23 - 2016-01-22 06:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-02-10 14:23 - 2016-01-22 06:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-10 14:23 - 2016-01-22 06:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-10 14:23 - 2016-01-22 06:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-10 14:22 - 2016-01-22 07:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-10 14:22 - 2016-01-22 07:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-10 14:22 - 2016-01-22 07:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-10 14:22 - 2016-01-22 07:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-10 14:22 - 2016-01-22 07:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-10 14:22 - 2016-01-22 07:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-10 14:22 - 2016-01-22 07:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-10 14:22 - 2016-01-22 07:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-10 14:22 - 2016-01-22 07:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-10 14:22 - 2016-01-22 07:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-10 14:22 - 2016-01-22 07:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-10 14:22 - 2016-01-22 07:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-10 14:22 - 2016-01-22 07:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-10 14:22 - 2016-01-22 07:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-10 14:22 - 2016-01-22 07:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-10 14:22 - 2016-01-22 07:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-10 14:22 - 2016-01-22 07:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-10 14:22 - 2016-01-22 07:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-10 14:22 - 2016-01-22 07:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-10 14:22 - 2016-01-22 07:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-10 14:22 - 2016-01-22 07:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-10 14:22 - 2016-01-22 07:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-10 14:22 - 2016-01-22 07:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-10 14:22 - 2016-01-22 07:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-10 14:22 - 2016-01-22 07:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-10 14:22 - 2016-01-22 07:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-10 14:22 - 2016-01-22 07:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-10 14:22 - 2016-01-22 07:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-10 14:22 - 2016-01-22 07:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-10 14:22 - 2016-01-22 07:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-10 14:22 - 2016-01-22 07:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-10 14:22 - 2016-01-22 07:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-10 14:22 - 2016-01-22 07:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-10 14:22 - 2016-01-22 07:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-10 14:22 - 2016-01-22 07:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-10 14:22 - 2016-01-22 07:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-10 14:22 - 2016-01-22 07:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-10 14:22 - 2016-01-22 07:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-10 14:22 - 2016-01-22 07:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-10 14:22 - 2016-01-22 07:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-10 14:22 - 2016-01-22 07:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-10 14:22 - 2016-01-22 07:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-10 14:22 - 2016-01-22 07:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-10 14:22 - 2016-01-22 07:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-10 14:22 - 2016-01-22 07:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-10 14:22 - 2016-01-22 07:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-10 14:22 - 2016-01-22 07:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-10 14:22 - 2016-01-22 07:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-10 14:22 - 2016-01-22 07:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-10 14:22 - 2016-01-22 06:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-10 14:22 - 2016-01-22 06:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-10 14:22 - 2016-01-22 06:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-10 14:22 - 2016-01-22 05:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-10 14:22 - 2016-01-22 05:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-10 14:22 - 2016-01-22 05:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-10 14:22 - 2016-01-22 05:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-10 14:22 - 2016-01-22 05:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-10 14:22 - 2016-01-22 05:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-10 14:22 - 2016-01-22 05:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-10 14:22 - 2016-01-22 05:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 05:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 05:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-10 14:22 - 2016-01-16 20:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-10 14:22 - 2016-01-16 19:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-10 14:22 - 2016-01-07 18:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-10 14:22 - 2016-01-07 18:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-10 14:21 - 2016-01-22 07:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-10 14:21 - 2016-01-22 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-10 14:21 - 2016-01-22 07:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-10 14:21 - 2016-01-22 07:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-10 14:21 - 2016-01-22 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 14:21 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-10 14:21 - 2016-01-22 07:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-10 14:21 - 2016-01-22 07:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-10 14:21 - 2016-01-22 06:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-10 14:21 - 2016-01-22 06:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-10 14:21 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 14:21 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-10 14:21 - 2016-01-22 05:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-10 14:21 - 2016-01-22 05:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-10 14:21 - 2016-01-22 05:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-10 14:21 - 2016-01-22 05:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-10 04:27 - 2016-02-10 04:31 - 664674304 _____ C:\Users\Marcus\Downloads\Vikingové 1 Akční 1999 cz.avi
2016-02-09 22:14 - 2016-02-09 22:21 - 721546088 _____ C:\Users\Marcus\Downloads\Král Škorpión (2002)CZdab.avi
2016-02-09 04:18 - 2016-02-09 04:22 - 734214144 _____ C:\Users\Marcus\Downloads\Kracejici skala CZ.avi
2016-02-06 12:31 - 2012-11-08 21:17 - 00767961 _____ C:\Users\Marcus\Downloads\xcom_eu_2012_cz_v1.01.exe
2016-02-06 12:31 - 2012-11-08 20:37 - 00004628 _____ C:\Users\Marcus\Downloads\xcom_eu_cz_readme.txt
2016-02-06 12:31 - 2012-08-30 21:02 - 00000195 _____ C:\Users\Marcus\Downloads\CestinyCZ.txt
2016-02-06 12:30 - 2016-02-06 12:30 - 00684330 _____ C:\Users\Marcus\Downloads\xcom_eu_2012_cz_v101.zip
2016-02-06 00:36 - 2016-02-06 00:41 - 794585088 _____ C:\Users\Marcus\Downloads\Útěk z Alcatrazu - cz.dab.n@y.avi

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-06 14:33 - 2015-02-20 22:19 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-06 14:28 - 2009-07-14 05:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-06 14:28 - 2009-07-14 05:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-06 14:20 - 2015-02-20 22:19 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-06 14:19 - 2015-02-21 20:49 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-06 14:19 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-06 13:51 - 2015-04-20 23:00 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\uTorrent
2016-03-06 12:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\LiveKernelReports
2016-03-06 12:08 - 2009-07-14 16:18 - 00680876 _____ C:\Windows\system32\perfh005.dat
2016-03-06 12:08 - 2009-07-14 16:18 - 00146130 _____ C:\Windows\system32\perfc005.dat
2016-03-06 12:08 - 2009-07-14 06:13 - 01601672 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-06 12:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-03-06 12:01 - 2015-03-02 00:22 - 00000000 ____D C:\KMPlayer
2016-03-06 10:24 - 2015-02-22 14:36 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-06 01:08 - 2015-12-06 00:46 - 00001295 _____ C:\Users\Public\Desktop\KMPFaster.lnk
2016-03-06 01:08 - 2015-07-31 01:51 - 00001345 _____ C:\Users\Public\Desktop\Command and Conquer 3 Tiberium Wars and Kane's Wrath.lnk
2016-03-06 01:08 - 2015-07-28 21:57 - 00001342 _____ C:\Users\Public\Desktop\Command and Conquer Tiberian Sun.lnk
2016-03-06 01:08 - 2015-07-27 18:31 - 00000977 _____ C:\Users\Public\Desktop\Origin.lnk
2016-03-06 01:08 - 2015-04-23 23:34 - 00001607 _____ C:\Users\Public\Desktop\League of Legends.lnk
2016-03-06 01:08 - 2015-04-23 22:08 - 00002266 _____ C:\Users\Public\Desktop\HP Deskjet 2050 J510 series.lnk
2016-03-06 01:08 - 2015-04-23 22:08 - 00001188 _____ C:\Users\Public\Desktop\Zakoupit spotřební materiál - HP Deskjet 2050 J510 series.lnk
2016-03-06 01:08 - 2015-04-17 15:55 - 00001916 _____ C:\Users\Public\Desktop\DOSBox 0.74.lnk
2016-03-06 01:08 - 2015-04-05 01:23 - 00002298 _____ C:\Users\Public\Desktop\Seven Kingdoms - Ancient Adversaries.lnk
2016-03-06 01:08 - 2015-03-07 22:17 - 00001960 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-03-06 01:08 - 2015-02-22 14:36 - 00000961 _____ C:\Users\Public\Desktop\Steam.lnk
2016-03-06 01:08 - 2015-02-22 13:48 - 00001948 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2016-03-06 01:08 - 2015-02-20 22:20 - 00002259 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-06 01:08 - 2015-02-20 22:20 - 00002253 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-06 01:08 - 2009-07-14 05:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-03-06 01:08 - 2009-07-14 05:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-03-06 01:07 - 2015-08-04 19:33 - 00002929 _____ C:\Users\Marcus\Desktop\C&C Online.lnk
2016-03-06 01:07 - 2015-04-18 16:51 - 00001980 _____ C:\Users\Marcus\Desktop\PokerStars.eu.lnk
2016-03-06 01:07 - 2015-03-21 19:42 - 00001215 _____ C:\Users\Marcus\Desktop\TeamSpeak 3 Client.lnk
2016-03-06 01:07 - 2015-03-02 00:22 - 00000606 _____ C:\Users\Marcus\Desktop\KMPlayer.lnk
2016-03-06 01:07 - 2015-02-20 22:18 - 00001397 _____ C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-06 01:07 - 2009-07-14 06:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-03-06 01:07 - 2009-07-14 05:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-03-06 01:06 - 2015-12-06 12:13 - 00000270 __RSH C:\ProgramData\ntuser.pol
2016-03-06 01:05 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Web
2016-03-06 00:59 - 2015-04-20 23:00 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2016-03-06 00:59 - 2015-02-22 13:22 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-03-06 00:59 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-05 17:24 - 2015-03-21 20:13 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\TS3Client
2016-03-05 16:35 - 2015-12-04 01:41 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-05 15:37 - 2015-02-20 22:17 - 00000000 ____D C:\Users\Marcus
2016-03-04 21:28 - 2015-02-22 13:47 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\DAEMON Tools Lite
2016-03-04 13:19 - 2015-03-04 01:27 - 00000000 ____D C:\Hry
2016-03-03 21:22 - 2015-02-20 23:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-01 20:03 - 2015-04-05 01:17 - 00000000 ____D C:\Users\Marcus\AppData\Local\Adobe
2016-02-29 18:27 - 2015-06-24 21:44 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-02-29 18:26 - 2015-04-05 01:17 - 00000000 ____D C:\ProgramData\Adobe
2016-02-29 12:15 - 2015-02-20 23:03 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-02-29 12:15 - 2015-02-20 23:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-02-28 13:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-02-28 12:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2016-02-27 20:56 - 2015-04-03 10:30 - 00000000 ____D C:\Windows\Minidump
2016-02-27 20:56 - 2015-02-20 22:05 - 00000000 ____D C:\Windows\Panther
2016-02-27 19:47 - 2009-07-14 16:36 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-02-27 19:47 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-02-27 19:47 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-02-27 19:47 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-02-27 19:47 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\spool
2016-02-27 19:47 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-02-27 19:37 - 2015-04-23 22:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-02-27 19:35 - 2015-04-20 23:01 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Seznam.cz
2016-02-27 19:35 - 2015-04-20 23:01 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2016-02-27 19:34 - 2015-05-14 00:15 - 00000000 ____D C:\Program Files (x86)\LOLReplay
2016-02-27 19:33 - 2015-03-21 19:25 - 00000000 ____D C:\Users\Marcus\AppData\Local\LogMeIn Hamachi
2016-02-27 19:30 - 2015-07-27 18:37 - 00000000 ____D C:\Program Files (x86)\Origin Games
2016-02-20 05:15 - 2015-03-07 22:17 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-02-19 15:49 - 2015-05-14 01:19 - 00000000 ____D C:\ProgramData\Oracle
2016-02-19 15:49 - 2015-05-14 01:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-19 15:49 - 2015-05-14 01:19 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-19 15:48 - 2015-10-28 15:42 - 00000000 ____D C:\Users\Marcus\.oracle_jre_usage
2016-02-19 15:48 - 2015-05-14 01:20 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-02-18 07:54 - 2015-02-20 22:52 - 01684654 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-02-18 07:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Registration
2016-02-15 16:54 - 2015-04-18 16:51 - 00000000 ____D C:\Users\Marcus\AppData\Local\PokerStars.EU
2016-02-15 16:53 - 2015-04-18 16:50 - 00000000 ____D C:\Program Files (x86)\PokerStars.EU
2016-02-11 03:27 - 2009-07-14 05:45 - 00272504 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-10 19:47 - 2015-03-21 19:42 - 00000000 ____D C:\Users\Marcus\AppData\Local\TeamSpeak 3 Client
2016-02-06 11:54 - 2015-05-10 14:28 - 00000000 ____D C:\Users\Marcus\Documents\My Games

==================== Files in the root of some directories =======

2016-02-18 15:52 - 2016-02-18 15:52 - 0000094 _____ () C:\Users\Marcus\AppData\Local\fusioncache.dat
2015-04-23 22:08 - 2015-04-23 22:08 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-28 13:25

==================== End of FRST.txt ============================
Nahoru
Matlajs
Návštěvník
Návštěvník
Příspěvky: 11
Registrován: 06 bře 2016 12:43

Re: Adware?

#3 Příspěvek od Matlajs »

a tady scan z RSIT

Logfile of random's system information tool 1.10 (written by random/random)
Run by Marcus at 2016-03-06 15:56:11
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 202 GB (42%) free of 477 GB
Total RAM: 4095 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:56:19, on 6.3.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18205)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Marcus.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.8.4
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Služba zařazování tisku (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 7915 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"taskhost.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss 7ec22173-7b6d-42c2-8ed7-2324b218503b 1
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "-18797756933105235491608660676183189201775511363810508560401567816386-1934209189
\??\C:\Windows\system32\conhost.exe "-555154018-1015926964-375798273-99802909-15111012553313329111878080505289306060
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
ngservice.exe pipeserver
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Steam\Steam.exe"
"C:\Program Files (x86)\Steam\bin\steamwebhelper.exe" -cachedir="C:\Users\Marcus\AppData\Local\Steam\htmlcache" -steampid=4992 -buildid=1454621001 -steamid="0" --disable-gpu-compositing --disable-gpu --process-per-tab --enable-system-flash --disable-spell-checking --enable-widevine-cdm --enable-direct-write
"C:\Program Files (x86)\Steam\bin\steamwebhelper.exe" --type=renderer --disable-gpu-compositing --enable-pinch --lang=en-US --lang=en-US --log-file="C:\Program Files (x86)\Steam\bin\debug.log" --product-version="Valve Steam Client" --disable-spell-checking --enable-system-flash --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-gpu-compositing --channel="1064.0.1060578083\1332959403" --font-cache-shared-handle=1200 /prefetch:673131151
"C:\Program Files (x86)\Steam\bin\steamwebhelper.exe" --type=renderer --disable-gpu-compositing --enable-pinch --lang=en-US --lang=en-US --log-file="C:\Program Files (x86)\Steam\bin\debug.log" --product-version="Valve Steam Client" --disable-spell-checking --enable-system-flash --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-gpu-compositing --channel="1064.2.636932625\1472159623" --font-cache-shared-handle=2028 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 --no-rate-limit "--database=C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=49.0.2623.75 --handshake-handle=0xd8
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3856.0.643466928\1529448155" --supports-dual-gpus=false --gpu-driver-bug-workarounds=3,11,25,54,64 --gpu-vendor-id=0x10de --gpu-device-id=0x0ca3 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.4052 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AsyncSetAsDefault/Disabled/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_5/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/28DaySingleProfile/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/NewSuggestType_A8_Stable_R2/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SpdyEnableDependencies/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-50-Percent/default/UpdateRendererPriorityOnStartup/DisableStartupPriority2/*UseDelayAgnosticAEC/DefaultEnabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="3856.2.1723264597\231736512" --font-cache-shared-handle=2212 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AsyncSetAsDefault/Disabled/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_5/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/28DaySingleProfile/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/NewSuggestType_A8_Stable_R2/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SpdyEnableDependencies/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-50-Percent/default/*UpdateRendererPriorityOnStartup/DisableStartupPriority2/*UseDelayAgnosticAEC/DefaultEnabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="3856.3.1405618161\1664273471" --font-cache-shared-handle=2164 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AsyncSetAsDefault/Disabled/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_5/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/28DaySingleProfile/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/NewSuggestType_A8_Stable_R2/*PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*SpdyEnableDependencies/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-50-Percent/default/*UpdateRendererPriorityOnStartup/DisableStartupPriority2/*UseDelayAgnosticAEC/DefaultEnabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="3856.8.2098591234\1301775315" --font-cache-shared-handle=948 /prefetch:1

taskmgr.exe /3
"C:\Users\Marcus\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-24 662672]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-19 460384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-24 565304]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-19 172640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-07-20 7981088]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2015-03-28 2673296]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-07-25 1283136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2014-03-04 3696912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
C:\Program Files\CCleaner\CCleaner64.exe [2016-02-12 8641240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30 96056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotPostWindows10UpgradeReInstall]
C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28 1011200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\steam.exe [2016-02-04 3014224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Marcus^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Sledovat výstrahy inkoustu - HP Deskjet 2050 J510 series.lnk]
C:\Program Files\HP\HP Deskjet 2050 J510 series\bin\HPStatusBL.dll [2012-10-02 5699176]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-06-24 5515496]
""= []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-01-29 594992]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CNC3.exe]
"Debugger="
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CNC3EP1.exe]
"Debugger="C:\Program Files (x86)\Revora\CNCOnline\cnconline.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\generals.exe]
"Debugger="
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RA3.exe]
"Debugger="

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux2"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-03-06 15:50:16 ----D---- C:\rsit
2016-03-06 15:50:16 ----D---- C:\Program Files\trend micro
2016-03-06 15:32:40 ----D---- C:\Program Files (x86)\AdwCleaner
2016-03-06 14:00:22 ----D---- C:\Program Files (x86)\Adware Removal Tool by TSA
2016-03-06 14:00:22 ----A---- C:\Windows\SYSWOW64\subinacl.exe
2016-03-06 13:45:06 ----D---- C:\SUPERDelete
2016-03-06 10:28:41 ----D---- C:\AdwCleaner
2016-03-06 04:23:06 ----D---- C:\Windows\Microsoft Antimalware
2016-03-06 01:39:24 ----D---- C:\FRST
2016-03-06 01:37:31 ----A---- C:\Windows\wininit.ini
2016-03-06 00:43:01 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2016-03-06 00:42:34 ----D---- C:\ProgramData\Malwarebytes
2016-03-06 00:42:34 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-06 00:42:34 ----A---- C:\Windows\system32\drivers\mwac.sys
2016-03-06 00:42:34 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2016-03-06 00:42:34 ----A---- C:\Windows\system32\drivers\mbam.sys
2016-03-06 00:40:19 ----SHD---- C:\Config.Msi
2016-03-05 16:33:23 ----D---- C:\ProgramData\Spybot - Search & Destroy
2016-03-05 16:33:19 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-03-05 15:38:04 ----A---- C:\autoexec.bat
2016-03-05 15:37:29 ----D---- C:\Users\Marcus\AppData\Roaming\Enigma Software Group
2016-03-05 15:37:11 ----D---- C:\sh4ldr
2016-03-05 15:36:25 ----A---- C:\Windows\system32\drivers\EsgScanner.sys
2016-03-05 15:36:07 ----D---- C:\Program Files\Enigma Software Group
2016-03-01 17:17:35 ----HD---- C:\Program Files (x86)\InstallJammer Registry
2016-02-29 18:26:34 ----D---- C:\Program Files (x86)\Adobe
2016-02-29 07:12:28 ----A---- C:\Windows\SYSWOW64\CmdLineExt_x64.dll
2016-02-29 06:44:46 ----D---- C:\Program Files (x86)\SEGA
2016-02-27 21:03:49 ----D---- C:\Program Files\Defraggler
2016-02-27 20:54:44 ----D---- C:\Program Files\CCleaner
2016-02-27 20:36:52 ----SHD---- C:\Windows\SYSWOW64\AI_RecycleBin
2016-02-27 20:36:37 ----D---- C:\Program Files (x86)\Smart PC Utilities
2016-02-27 20:36:27 ----D---- C:\Users\Marcus\AppData\Roaming\Smart PC Utilities
2016-02-27 20:22:59 ----D---- C:\Windows\pss
2016-02-27 17:47:54 ----D---- C:\Program Files\7-Zip
2016-02-18 07:53:07 ----D---- C:\Windows\SYSWOW64\URTTEMP
2016-02-18 07:35:37 ----D---- C:\Users\Marcus\AppData\Roaming\InstallShield
2016-02-10 14:24:17 ----A---- C:\Windows\SYSWOW64\InkEd.dll
2016-02-10 14:24:17 ----A---- C:\Windows\system32\InkEd.dll
2016-02-10 14:24:15 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2016-02-10 14:24:15 ----A---- C:\Windows\system32\iertutil.dll
2016-02-10 14:24:14 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2016-02-10 14:24:13 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2016-02-10 14:24:13 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2016-02-10 14:24:13 ----A---- C:\Windows\SYSWOW64\ieui.dll
2016-02-10 14:24:13 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2016-02-10 14:24:13 ----A---- C:\Windows\system32\urlmon.dll
2016-02-10 14:24:13 ----A---- C:\Windows\system32\ieui.dll
2016-02-10 14:24:12 ----A---- C:\Windows\system32\mshtml.dll
2016-02-10 14:24:12 ----A---- C:\Windows\system32\ieUnatt.exe
2016-02-10 14:24:12 ----A---- C:\Windows\system32\ieframe.dll
2016-02-10 14:23:47 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2016-02-10 14:23:47 ----A---- C:\Windows\SYSWOW64\occache.dll
2016-02-10 14:23:47 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2016-02-10 14:23:47 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2016-02-10 14:23:47 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2016-02-10 14:23:47 ----A---- C:\Windows\SYSWOW64\inseng.dll
2016-02-10 14:23:47 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2016-02-10 14:23:47 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2016-02-10 14:23:47 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2016-02-10 14:23:47 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2016-02-10 14:23:47 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-10 14:23:47 ----A---- C:\Windows\system32\inseng.dll
2016-02-10 14:23:47 ----A---- C:\Windows\system32\iernonce.dll
2016-02-10 14:23:47 ----A---- C:\Windows\system32\ieetwproxystub.dll
2016-02-10 14:23:47 ----A---- C:\Windows\system32\ieetwcollector.exe
2016-02-10 14:23:47 ----A---- C:\Windows\system32\ie4uinit.exe
2016-02-10 14:23:45 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2016-02-10 14:23:45 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2016-02-10 14:23:45 ----A---- C:\Windows\SYSWOW64\jscript.dll
2016-02-10 14:23:45 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2016-02-10 14:23:45 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2016-02-10 14:23:45 ----A---- C:\Windows\system32\occache.dll
2016-02-10 14:23:45 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-10 14:23:45 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2016-02-10 14:23:45 ----A---- C:\Windows\system32\iedkcs32.dll
2016-02-10 14:23:44 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2016-02-10 14:23:44 ----A---- C:\Windows\system32\msfeeds.dll
2016-02-10 14:23:44 ----A---- C:\Windows\system32\iesetup.dll
2016-02-10 14:23:44 ----A---- C:\Windows\system32\ieapfltr.dll
2016-02-10 14:23:44 ----A---- C:\Windows\system32\dxtrans.dll
2016-02-10 14:23:43 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2016-02-10 14:23:43 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2016-02-10 14:23:43 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2016-02-10 14:23:43 ----A---- C:\Windows\system32\vbscript.dll
2016-02-10 14:23:42 ----A---- C:\Windows\SYSWOW64\wininet.dll
2016-02-10 14:23:42 ----A---- C:\Windows\SYSWOW64\msrating.dll
2016-02-10 14:23:42 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2016-02-10 14:23:42 ----A---- C:\Windows\system32\jsproxy.dll
2016-02-10 14:23:42 ----A---- C:\Windows\system32\dxtmsft.dll
2016-02-10 14:23:41 ----A---- C:\Windows\system32\webcheck.dll
2016-02-10 14:23:41 ----A---- C:\Windows\system32\mshtmlmedia.dll
2016-02-10 14:23:41 ----A---- C:\Windows\system32\mshtmled.dll
2016-02-10 14:23:41 ----A---- C:\Windows\system32\jscript.dll
2016-02-10 14:23:40 ----A---- C:\Windows\system32\wininet.dll
2016-02-10 14:23:40 ----A---- C:\Windows\system32\jscript9diag.dll
2016-02-10 14:23:40 ----A---- C:\Windows\system32\jscript9.dll
2016-02-10 14:23:39 ----A---- C:\Windows\system32\msrating.dll
2016-02-10 14:23:39 ----A---- C:\Windows\system32\MshtmlDac.dll
2016-02-10 14:22:59 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2016-02-10 14:22:58 ----A---- C:\Windows\system32\win32k.sys
2016-02-10 14:22:45 ----A---- C:\Windows\system32\ole32.dll
2016-02-10 14:22:43 ----A---- C:\Windows\SYSWOW64\ole32.dll
2016-02-10 14:22:19 ----A---- C:\Windows\system32\EncDec.dll
2016-02-10 14:22:18 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2016-02-10 14:22:18 ----A---- C:\Windows\SYSWOW64\CPFilters.dll
2016-02-10 14:22:18 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-02-10 14:22:18 ----A---- C:\Windows\system32\CPFilters.dll
2016-02-10 14:22:17 ----A---- C:\Windows\system32\ntdll.dll
2016-02-10 14:22:16 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2016-02-10 14:22:16 ----A---- C:\Windows\system32\mtxoci.dll
2016-02-10 14:22:16 ----A---- C:\Windows\system32\KernelBase.dll
2016-02-10 14:22:16 ----A---- C:\Windows\system32\kerberos.dll
2016-02-10 14:22:15 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2016-02-10 14:22:14 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2016-02-10 14:22:14 ----A---- C:\Windows\SYSWOW64\mtxoci.dll
2016-02-10 14:22:14 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2016-02-10 14:22:14 ----A---- C:\Windows\system32\kernel32.dll
2016-02-10 14:22:14 ----A---- C:\Windows\system32\advapi32.dll
2016-02-10 14:22:13 ----A---- C:\Windows\SYSWOW64\msorcl32.dll
2016-02-10 14:22:13 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2016-02-10 14:22:12 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2016-02-10 14:22:12 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-02-10 14:22:12 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-02-10 14:22:09 ----A---- C:\Windows\system32\lsasrv.dll
2016-02-10 14:22:07 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2016-02-10 14:22:07 ----A---- C:\Windows\system32\rpcrt4.dll
2016-02-10 14:22:07 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-02-10 14:22:06 ----A---- C:\Windows\system32\winsrv.dll
2016-02-10 14:22:06 ----A---- C:\Windows\system32\smss.exe
2016-02-10 14:22:06 ----A---- C:\Windows\system32\schannel.dll
2016-02-10 14:22:06 ----A---- C:\Windows\system32\ncrypt.dll
2016-02-10 14:22:06 ----A---- C:\Windows\system32\msv1_0.dll
2016-02-10 14:22:06 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-02-10 14:22:05 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2016-02-10 14:22:05 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2016-02-10 14:22:05 ----A---- C:\Windows\system32\wow64win.dll
2016-02-10 14:22:05 ----A---- C:\Windows\system32\wdigest.dll
2016-02-10 14:22:05 ----A---- C:\Windows\system32\TSpkg.dll
2016-02-10 14:22:05 ----A---- C:\Windows\system32\sspicli.dll
2016-02-10 14:22:05 ----A---- C:\Windows\system32\srcore.dll
2016-02-10 14:22:04 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2016-02-10 14:22:04 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2016-02-10 14:22:04 ----A---- C:\Windows\SYSWOW64\schannel.dll
2016-02-10 14:22:04 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2016-02-10 14:22:04 ----A---- C:\Windows\system32\wow64.dll
2016-02-10 14:22:04 ----A---- C:\Windows\system32\sspisrv.dll
2016-02-10 14:22:04 ----A---- C:\Windows\system32\secur32.dll
2016-02-10 14:22:04 ----A---- C:\Windows\system32\lsass.exe
2016-02-10 14:22:04 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-02-10 14:22:04 ----A---- C:\Windows\system32\csrsrv.dll
2016-02-10 14:22:04 ----A---- C:\Windows\system32\cryptbase.dll
2016-02-10 14:22:04 ----A---- C:\Windows\system32\conhost.exe
2016-02-10 14:22:03 ----A---- C:\Windows\SYSWOW64\srclient.dll
2016-02-10 14:22:03 ----A---- C:\Windows\SYSWOW64\secur32.dll
2016-02-10 14:22:03 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2016-02-10 14:22:03 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2016-02-10 14:22:03 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2016-02-10 14:22:03 ----A---- C:\Windows\SYSWOW64\credssp.dll
2016-02-10 14:22:03 ----A---- C:\Windows\system32\wow64cpu.dll
2016-02-10 14:22:03 ----A---- C:\Windows\system32\srclient.dll
2016-02-10 14:22:03 ----A---- C:\Windows\system32\rstrui.exe
2016-02-10 14:22:03 ----A---- C:\Windows\system32\ntvdm64.dll
2016-02-10 14:22:03 ----A---- C:\Windows\system32\credssp.dll
2016-02-10 14:22:03 ----A---- C:\Windows\system32\auditpol.exe
2016-02-10 14:22:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 14:22:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 14:22:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-10 14:22:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 14:22:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 14:22:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 14:22:02 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 14:22:02 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-10 14:22:02 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 14:22:02 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 14:22:02 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-10 14:22:02 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 14:22:02 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 14:22:02 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 14:22:02 ----A---- C:\Windows\SYSWOW64\wow32.dll
2016-02-10 14:22:02 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2016-02-10 14:22:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 14:22:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 14:22:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 14:22:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 14:22:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 14:22:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 14:22:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 14:22:01 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 14:22:01 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 14:22:01 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 14:22:01 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 14:22:01 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 14:22:01 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 14:22:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 14:22:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-10 14:22:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 14:22:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-10 14:22:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 14:22:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 14:22:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 14:22:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-10 14:22:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 14:22:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 14:22:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 14:22:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 14:22:00 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-10 14:22:00 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 14:22:00 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 14:22:00 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-10 14:22:00 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 14:22:00 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 14:22:00 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 14:22:00 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-10 14:22:00 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 14:22:00 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 14:22:00 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 14:22:00 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 14:21:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-10 14:21:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 14:21:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-10 14:21:59 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 14:21:59 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-10 14:21:59 ----A---- C:\Windows\SYSWOW64\setup16.exe
2016-02-10 14:21:59 ----A---- C:\Windows\SYSWOW64\instnm.exe
2016-02-10 14:21:58 ----A---- C:\Windows\SYSWOW64\user.exe
2016-02-10 14:21:58 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2016-02-10 14:21:58 ----A---- C:\Windows\system32\apisetschema.dll
2016-02-10 14:21:57 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2016-02-10 14:21:57 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2016-02-10 14:21:57 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2016-02-10 14:21:57 ----A---- C:\Windows\system32\msobjs.dll
2016-02-10 14:21:57 ----A---- C:\Windows\system32\msaudite.dll
2016-02-10 14:21:57 ----A---- C:\Windows\system32\adtschema.dll

======List of files/folders modified in the last 1 month======

2016-03-06 15:56:13 ----D---- C:\Windows\Temp
2016-03-06 15:50:16 ----RD---- C:\Program Files
2016-03-06 15:39:52 ----D---- C:\Hry
2016-03-06 15:37:18 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2016-03-06 15:37:04 ----SHD---- C:\System Volume Information
2016-03-06 15:36:06 ----D---- C:\Program Files (x86)\Steam
2016-03-06 15:32:40 ----RD---- C:\Program Files (x86)
2016-03-06 15:03:18 ----D---- C:\Windows
2016-03-06 14:19:47 ----D---- C:\ProgramData\NVIDIA
2016-03-06 14:00:22 ----D---- C:\Windows\SysWOW64
2016-03-06 13:56:58 ----HD---- C:\ProgramData
2016-03-06 13:56:58 ----D---- C:\Windows\Tasks
2016-03-06 13:56:58 ----D---- C:\Windows\system32\Tasks
2016-03-06 13:51:27 ----D---- C:\Users\Marcus\AppData\Roaming\uTorrent
2016-03-06 13:19:01 ----D---- C:\Windows\system32\config
2016-03-06 13:08:31 ----SD---- C:\Users\Marcus\AppData\Roaming\Microsoft
2016-03-06 12:22:22 ----D---- C:\Windows\system32\drivers
2016-03-06 12:22:22 ----D---- C:\Windows\LiveKernelReports
2016-03-06 12:08:10 ----D---- C:\Windows\System32
2016-03-06 12:08:10 ----D---- C:\Windows\inf
2016-03-06 12:08:10 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-03-06 12:01:59 ----D---- C:\KMPlayer
2016-03-06 01:37:35 ----SD---- C:\ProgramData\Microsoft
2016-03-06 01:05:09 ----D---- C:\Windows\Web
2016-03-06 00:40:41 ----SHD---- C:\Windows\Installer
2016-03-06 00:40:40 ----D---- C:\Program Files\Common Files
2016-03-05 22:47:18 ----D---- C:\Windows\system32\drivers\etc
2016-03-05 17:24:44 ----D---- C:\Users\Marcus\AppData\Roaming\TS3Client
2016-03-05 16:35:25 ----D---- C:\Program Files\Common Files\AV
2016-03-04 21:28:26 ----D---- C:\Users\Marcus\AppData\Roaming\DAEMON Tools Lite
2016-03-04 21:28:25 ----D---- C:\Windows\Logs
2016-03-04 20:20:35 ----D---- C:\Windows\Prefetch
2016-03-03 21:29:55 ----RSD---- C:\Windows\assembly
2016-02-29 18:26:23 ----D---- C:\ProgramData\Adobe
2016-02-28 13:32:38 ----D---- C:\Windows\rescache
2016-02-28 12:42:26 ----D---- C:\Windows\tracing
2016-02-27 22:00:43 ----D---- C:\Windows\Microsoft.NET
2016-02-27 20:56:44 ----D---- C:\Windows\Panther
2016-02-27 20:56:42 ----D---- C:\Windows\Minidump
2016-02-27 20:56:42 ----D---- C:\Windows\debug
2016-02-27 19:49:47 ----D---- C:\Windows\winsxs
2016-02-27 19:47:20 ----D---- C:\Program Files (x86)\Windows Sidebar
2016-02-27 19:47:19 ----D---- C:\Program Files\Windows Sidebar
2016-02-27 19:47:17 ----D---- C:\Program Files\Windows Media Player
2016-02-27 19:47:17 ----D---- C:\Program Files\DVD Maker
2016-02-27 19:47:16 ----D---- C:\Windows\SYSWOW64\wbem
2016-02-27 19:47:16 ----D---- C:\Windows\SYSWOW64\migration
2016-02-27 19:47:16 ----D---- C:\Windows\SYSWOW64\cs-CZ
2016-02-27 19:47:15 ----D---- C:\Windows\system32\wbem
2016-02-27 19:47:15 ----D---- C:\Windows\system32\spool
2016-02-27 19:47:15 ----D---- C:\Windows\system32\en-US
2016-02-27 19:47:15 ----D---- C:\Windows\system32\cs-CZ
2016-02-27 19:47:15 ----D---- C:\Windows\PolicyDefinitions
2016-02-27 19:35:35 ----D---- C:\Users\Marcus\AppData\Roaming\Seznam.cz
2016-02-27 19:35:24 ----D---- C:\Program Files (x86)\Seznam.cz
2016-02-27 19:34:03 ----D---- C:\Program Files (x86)\LOLReplay
2016-02-27 19:30:42 ----D---- C:\Program Files (x86)\Origin Games
2016-02-21 23:16:41 ----D---- C:\Program Files (x86)\Microsoft
2016-02-19 15:49:45 ----D---- C:\ProgramData\Oracle
2016-02-19 15:49:36 ----D---- C:\Program Files (x86)\Java
2016-02-19 15:49:17 ----D---- C:\Program Files (x86)\Common Files
2016-02-19 15:48:32 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2016-02-18 07:54:03 ----D---- C:\Windows\Registration
2016-02-18 07:54:00 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2016-02-18 07:53:07 ----D---- C:\Program Files (x86)\Internet Explorer
2016-02-15 16:53:51 ----D---- C:\Program Files (x86)\PokerStars.EU
2016-02-11 03:24:46 ----D---- C:\Windows\SYSWOW64\en-US
2016-02-11 03:24:46 ----D---- C:\Program Files\Internet Explorer
2016-02-11 03:24:44 ----D---- C:\Windows\AppPatch
2016-02-10 14:20:00 ----D---- C:\Windows\system32\catroot2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-06-24 65736]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-06-24 272248]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2015-06-24 93528]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-06-24 1047320]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-06-26 442264]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2015-02-22 283064]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-06-24 29168]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-06-24 89944]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2015-06-24 137288]
R2 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-06-24 273824]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-07-20 1831968]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-10-05 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2016-03-06 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-10-05 63704]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2014-08-11 197408]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-07-25 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-11-22 38032]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2014-11-21 18959360]
S3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2014-11-21 589312]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2014-06-21 94720]
S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2016-03-05 15920]
S3 EsgScanner;EsgScanner; C:\Windows\system32\DRIVERS\EsgScanner.sys [2016-03-05 22704]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2015-02-16 33856]
S3 MSICDSetup;MSICDSetup; \??\D:\CDriver64.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-06-24 343336]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-03-28 1152144]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-10-05 1513784]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-03-28 1878672]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-07-25 18956064]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-07-02 935368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-07-02 411936]
R3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-06-24 4034896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-01-22 114688]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2015-02-24 1255736]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
S4 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2014-11-21 244736]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-20 107848]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-20 107848]
S4 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2015-03-28 89840]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2015-12-17 2104840]
S4 SpyHunter 4 Service;SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [2016-03-05 1042304]
S4 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-02-04 835152]

-----------------EOF-----------------
Nahoru
Matlajs
Návštěvník
Návštěvník
Příspěvky: 11
Registrován: 06 bře 2016 12:43

Re: Adware?

#4 Příspěvek od Matlajs »

Rád bych se zeptal zda-li má toto forum nějakou frontu čekání nebo jestli jsem něco vynechal. já nechci být drzej a vim,že tu práci děláte dobrovolně a zdarma, ale rád bych se alespoň něco dozvěděl ikdyby to mělo být ,, Máš to čistý tak nevotravuj'' Jsou tu založené topicy v dobu +- jako moje i po mě a všem už se pomoci dostalo. A já s tim počítačem nerad něco dělam když je (asi) tam doposud ,,nedetekovanej/nevymazanej'' sajrajt... :(
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7275
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Adware?

#5 Příspěvek od altrok »

Krasny den Vam preju :bye:


:arrow: Pokud je Vas log dlouhy a nevejde se do jednoho prispevku (je delsi nez 10.000 znaku), pridejte do nazvu tematu informaci o tom, ze je log dlouhy a je rozdelen do vice casti (napr. "virus, 3 posty"). Primarne resime temata bez odpovedi, takze ve Vasem pripade to vypada, ze se Vam jiz nektery z kolegu venuje a tema snadno zapadne.


:arrow: Odinstalujte SpyHunter - odmita ucast na srovnavacich testech antimalwarovych nastroju a nektere zdroje ho radi mezi tzv. rogueware. Zkratka jeho cinnost i ucinnost je velice diskutabilni. Pro dalsi informace doporucuji procist http://www.bleepingcomputer.com/forums/ ... try3491488


:arrow: Vypnete trvale Windows Defender - http://windows.microsoft.com/cs-cz/wind ... =windows-7


:arrow: V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).


:arrow: Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
  • ukoncete vsechny programy
  • kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
  • kliknete na Scan, pote na Cleaning
  • po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah mi zkopirujte do pristi odpovedi
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Matlajs
Návštěvník
Návštěvník
Příspěvky: 11
Registrován: 06 bře 2016 12:43

Re: Adware?

#6 Příspěvek od Matlajs »

spyhunter smazán, defender deaktivován. nutno říct,že adwcleaner jsem už použil včera, tak jestli chcete ten starší .txt řekněte

log z adwcleaneru

# AdwCleaner v5.100 - Logfile created 07/03/2016 at 12:20:09
# Updated 06/03/2016 by Xplode
# Database : 2016-03-06.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Marcus - MARCUS-PC
# Running from : C:\Users\Marcus\Desktop\adwcleaner_5.100.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [711 bytes] - [07/03/2016 12:20:09]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [812 bytes] - [06/03/2016 15:32:54]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S2].txt - [904 bytes] - [07/03/2016 11:48:17]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [987 bytes] ##########
Nahoru
Matlajs
Návštěvník
Návštěvník
Příspěvky: 11
Registrován: 06 bře 2016 12:43

Re: Adware?

#7 Příspěvek od Matlajs »

a tohle je ještě ten zevčerejška s nálezem

# AdwCleaner v5.037 - Logfile created 06/03/2016 at 10:35:33
# Updated 28/02/2016 by Xplode
# Database : 2016-03-06.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Marcus - MARCUS-PC
# Running from : C:\Users\Marcus\Downloads\adwcleaner_5.037.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\simplitec
[-] Folder Deleted : C:\Program Files (x86)\XTab
[-] Folder Deleted : C:\ProgramData\simplitec
[-] Folder Deleted : C:\ProgramData\169bb5ef
[-] Folder Deleted : C:\ProgramData\7ad320e6-0363-1
[-] Folder Deleted : C:\ProgramData\7ad320e6-4fa5-0
[-] Folder Deleted : C:\ProgramData\ffac9e06-0423-1
[-] Folder Deleted : C:\ProgramData\ffac9e06-04c5-0
[-] Folder Deleted : C:\ProgramData\ffac9e06-0501-0
[-] Folder Deleted : C:\ProgramData\ffac9e06-1403-0
[-] Folder Deleted : C:\ProgramData\ffac9e06-35e5-1
[-] Folder Deleted : C:\ProgramData\ffac9e06-38b3-0
[-] Folder Deleted : C:\ProgramData\ffac9e06-4e57-0
[-] Folder Deleted : C:\ProgramData\ffac9e06-5757-1
[-] Folder Deleted : C:\ProgramData\ffac9e06-5f91-0
[-] Folder Deleted : C:\ProgramData\ffac9e06-6a57-1
[-] Folder Deleted : C:\ProgramData\ffac9e06-7e95-0
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec
[-] Folder Deleted : C:\Users\Marcus\AppData\Roaming\Solvusoft

***** [ Files ] *****

[-] File Deleted : C:\Windows\SysNative\roboot64.exe

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : simplitec Power Suite (Tray)
[-] Task Deleted : simplitec Power Suite

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
[-] Key Deleted : HKLM\SOFTWARE\simplitec
[-] Key Deleted : HKLM\SOFTWARE\SupDp
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\simplitec POWER SUITE_is1
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{FDCD738D-7F67-443F-8B0F-BED0F7D695BA}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{FE4DEC70-1CE5-49D5-A48B-9F27B6955740}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{D93194AD-C572-43F0-9FFC-2C85E3C918D3}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{EC042541-22E9-450D-B648-569D797AE0C1}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{48DE514C-5089-427B-9438-14A6557B1908}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{C94BE5A1-F514-40BD-9CF4-822A4304FCF1}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{7CA3F7CC-82E2-42AE-85AE-55A5010E9764}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{DC2FF17B-913C-4A11-8AA4-E05F4B94674B}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [TCP Query User{41E90233-30A1-434C-A569-350A9B540FDF}C:\program files (x86)\simplitec\kmpfaster\serviceprovider.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [UDP Query User{7E4227FB-2A02-48EC-B869-E90E820DBA2E}C:\program files (x86)\simplitec\kmpfaster\serviceprovider.exe]

***** [ Web browsers ] *****

[-] [C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxps://support.google.com/websearch/answer/8091?hl=en
[-] [C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ffjcmnpnoopgilmnfhloocdcbnimmmea

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [4230 bytes] - [06/03/2016 10:35:33]
C:\AdwCleaner\AdwCleaner[S1].txt - [4059 bytes] - [06/03/2016 10:29:10]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4376 bytes] ##########
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7275
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Adware?

#8 Příspěvek od altrok »

:arrow: Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pozn. pri druhem a dalsim spusteni FRST je pro vytvoreni logu Addition.txt nutne tuto volbu explicitne zatrhnout pred zacatkem skenu.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Matlajs
Návštěvník
Návštěvník
Příspěvky: 11
Registrován: 06 bře 2016 12:43

Re: Adware?

#9 Příspěvek od Matlajs »

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Marcus (administrator) on MARCUS-PC (07-03-2016 20:53:22)
Running from C:\Users\Marcus\Desktop
Loaded Profiles: Marcus (Available Profiles: Marcus)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-24] (Avast Software s.r.o.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\MountPoints2: F - F:\autorun.exe
HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\MountPoints2: {447062fc-b944-11e4-8a7a-806e6f6e6963} - D:\Launch.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-02-23] (Microsoft Corporation)
IFEO\CNC3.exe: [Debugger]
IFEO\CNC3EP1.exe: [Debugger] C:\Program Files (x86)\Revora\CNCOnline\cnconline.exe
IFEO\generals.exe: [Debugger]
IFEO\RA3.exe: [Debugger]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-24] (Avast Software s.r.o.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1168840733-3772592448-2830392990-1001] => localhost:8080
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{D23B4B5F-F3A7-4E98-878F-6C2656235529}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-24] (Avast Software s.r.o.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-19] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-24] (Avast Software s.r.o.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-19] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]
StartMenuInternet: firefox.exe - firefox.exe

Chrome:
=======
CHR Profile: C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-20]
CHR Extension: (Dokumenty Google) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-20]
CHR Extension: (Disk Google) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Vyhledávání Google) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tabulky Google) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-20]
CHR Extension: (Dokumenty Google offline) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (AdBlock) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (Gmail) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Profile: C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Prezentace Google) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-22]
CHR Extension: (Dokumenty Google) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-23]
CHR Extension: (Disk Google) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-23]
CHR Extension: (YouTube) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-23]
CHR Extension: (Vyhledávání Google) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-23]
CHR Extension: (Tabulky Google) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-22]
CHR Extension: (Dokumenty Google offline) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-23]
CHR Extension: (AdBlock) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-24]
CHR Extension: (Avast Online Security) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-22]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-22]
CHR Extension: (Gmail) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-07]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-24] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-06-24] (Avast Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-17] (Electronic Arts)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-24] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-24] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-24] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-24] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-24] ()
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [94720 2014-06-21] (Advanced Micro Devices) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-02-22] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-05] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-07] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-06-24] (Avast Software)
S3 MSICDSetup; \??\D:\CDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-07 12:55 - 2016-03-07 12:55 - 00002919 _____ C:\Users\Marcus\Desktop\JRT.txt
2016-03-07 12:50 - 2016-03-07 12:50 - 01609216 _____ (Malwarebytes) C:\Users\Marcus\Desktop\JRT.exe
2016-03-06 19:55 - 2016-03-06 19:55 - 00001811 _____ C:\Users\Marcus\Desktop\DLV 60.lnk
2016-03-06 19:26 - 2016-03-06 19:26 - 00001572 _____ C:\Users\Public\Desktop\Medieval II Total War Britannia.lnk
2016-03-06 19:26 - 2016-03-06 19:26 - 00001562 _____ C:\Users\Public\Desktop\Medieval II Total War Teutonic.lnk
2016-03-06 19:26 - 2016-03-06 19:26 - 00001562 _____ C:\Users\Public\Desktop\Medieval II Total War Crusades.lnk
2016-03-06 19:26 - 2016-03-06 19:26 - 00001562 _____ C:\Users\Public\Desktop\Medieval II Total War Americas.lnk
2016-03-06 19:11 - 2016-03-06 19:11 - 00001511 _____ C:\Users\Marcus\Desktop\Medieval II Total War.lnk
2016-03-06 19:07 - 2016-03-06 19:07 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sega
2016-03-06 15:50 - 2016-03-06 15:56 - 00000000 ____D C:\Program Files\trend micro
2016-03-06 15:50 - 2016-03-06 15:53 - 00000000 ____D C:\rsit
2016-03-06 15:47 - 2016-03-06 15:47 - 01222144 _____ C:\Users\Marcus\Desktop\RSITx64.exe
2016-03-06 15:32 - 2016-03-07 12:20 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-06 15:31 - 2016-03-06 15:32 - 01524224 _____ C:\Users\Marcus\Desktop\adwcleaner_5.100.exe
2016-03-06 15:02 - 2016-03-07 20:53 - 00015776 _____ C:\Users\Marcus\Desktop\FRST.txt
2016-03-06 15:00 - 2016-03-06 15:00 - 02374144 _____ (Farbar) C:\Users\Marcus\Desktop\FRST64.exe
2016-03-06 14:00 - 2016-03-07 12:58 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2016-03-06 13:45 - 2016-03-06 13:45 - 00000000 ____D C:\SUPERDelete
2016-03-06 13:33 - 2016-03-06 13:33 - 24917712 _____ (SUPERAntiSpyware) C:\Users\Marcus\Downloads\SUPERAntiSpywarePro.exe
2016-03-06 10:28 - 2016-03-06 14:49 - 00000000 ____D C:\AdwCleaner
2016-03-06 04:23 - 2016-03-06 04:23 - 00000000 ____D C:\Windows\Microsoft Antimalware
2016-03-06 01:39 - 2016-03-07 20:53 - 00000000 ____D C:\FRST
2016-03-06 00:43 - 2016-03-07 19:39 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-06 00:42 - 2016-03-06 01:08 - 00001100 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-06 00:42 - 2016-03-06 00:42 - 22908888 _____ (Malwarebytes ) C:\Users\Marcus\Downloads\mbam-setup-2.2.0.1024.exe
2016-03-06 00:42 - 2016-03-06 00:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-06 00:42 - 2016-03-06 00:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-06 00:42 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-06 00:42 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-06 00:42 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-05 22:47 - 2016-03-05 19:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20160305-224718.backup
2016-03-05 19:03 - 2016-03-05 19:03 - 00016434 _____ C:\Users\Marcus\Documents\cc_20160305_190259.reg
2016-03-05 17:41 - 2016-03-05 17:41 - 00000000 ____D C:\Users\Marcus\Documents\ProcAlyzer Dumps
2016-03-05 16:40 - 2016-03-05 16:39 - 00451004 ____R C:\Windows\system32\Drivers\etc\hosts.20160305-164018.backup
2016-03-05 16:39 - 2009-06-10 22:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20160305-163942.backup
2016-03-05 16:34 - 2016-03-05 16:34 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-03-05 16:33 - 2016-03-06 09:43 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-03-05 16:33 - 2016-03-06 01:37 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-03-05 16:31 - 2016-03-05 16:32 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Marcus\Downloads\spybot-2.4.exe
2016-03-05 15:38 - 2016-03-05 15:38 - 00000000 _____ C:\autoexec.bat
2016-03-05 15:37 - 2016-03-05 15:37 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Enigma Software Group
2016-03-05 15:36 - 2016-03-05 15:36 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-03-05 15:34 - 2016-03-05 15:35 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Marcus\Downloads\SpyHunter-Installer.exe
2016-03-05 00:38 - 2016-03-05 00:38 - 00003728 _____ C:\Windows\System32\Tasks\{1954CF0F-6BC0-0C49-069E-ACFF46188234}
2016-03-04 20:11 - 2016-03-04 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deus lo Vult 6.0
2016-03-04 18:56 - 2016-03-04 19:05 - 225630683 _____ (repman, repman@rep.de) C:\Users\Marcus\Downloads\DLV_Patch_62.exe
2016-03-04 13:58 - 2016-03-04 14:43 - 1325785424 _____ (repman, rep@rep.rep) C:\Users\Marcus\Downloads\DLV_60.exe
2016-03-04 13:57 - 2016-03-04 13:57 - 00013007 _____ C:\Users\Marcus\Downloads\DLV_60.exe.torrent
2016-03-03 21:46 - 2014-12-26 22:42 - 00000000 ____D C:\Users\Marcus\Downloads\data
2016-03-03 14:55 - 2016-03-03 15:07 - 980750954 _____ C:\Users\Marcus\Downloads\Johanka z Arku 2.díl CZ dabing (1999).avi
2016-03-03 09:00 - 2016-03-03 09:06 - 982804514 _____ C:\Users\Marcus\Downloads\Johanka z Arku 1.díl CZ dabing (1999).avi
2016-03-03 07:44 - 2016-03-03 07:50 - 1017688690 _____ C:\Users\Marcus\Downloads\Johanka z Arku (1999) CZ dabing.avi
2016-03-01 20:15 - 2016-03-01 20:17 - 10213128 _____ C:\Users\Marcus\Downloads\Bellum Crucis 6.3 Manual ENG.pdf
2016-03-01 17:17 - 2016-03-01 17:17 - 00000000 ___HD C:\Program Files (x86)\InstallJammer Registry
2016-03-01 16:30 - 2016-03-01 17:01 - 617720273 _____ () C:\Users\Marcus\Downloads\Setup (2).exe
2016-02-29 18:26 - 2016-03-06 01:08 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-29 18:26 - 2016-03-06 01:08 - 00002041 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-02-29 18:26 - 2016-02-29 18:26 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-02-29 12:05 - 2016-02-29 12:10 - 266430420 _____ C:\Users\Marcus\Downloads\Bellum Crucis 7 - Enhanced Sub-Mod.7z
2016-02-29 11:46 - 2016-02-29 11:56 - 801387727 _____ C:\Users\Marcus\Downloads\BC7 MP.7z
2016-02-29 11:43 - 2007-11-19 12:57 - 25194496 ____R (The Creative Assembly Ltd) C:\Users\Marcus\Downloads\medieval2.exe
2016-02-29 11:42 - 2016-02-29 11:42 - 07393609 _____ C:\Users\Marcus\Downloads\MEDIEVAL.2.TW.V1.3.ALL.PROPHET.NODVD (1).ZIP
2016-02-29 11:41 - 2016-02-29 11:41 - 07393609 _____ C:\Users\Marcus\Downloads\Nepotvrzeno 823361.crdownload
2016-02-29 11:40 - 2016-02-29 11:40 - 07391765 _____ C:\Users\Marcus\Downloads\Nepotvrzeno 446077.crdownload
2016-02-29 11:39 - 2016-02-29 11:40 - 07391765 _____ C:\Users\Marcus\Downloads\Nepotvrzeno 351084.crdownload
2016-02-29 07:23 - 2016-03-01 17:51 - 00000000 ____D C:\Users\Marcus\Desktop\saves
2016-02-29 07:12 - 2016-02-29 07:12 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2016-02-29 07:10 - 2008-06-10 07:04 - 19972096 _____ (The Creative Assembly Ltd) C:\Users\Marcus\Downloads\kingdoms.exe
2016-02-29 07:10 - 2008-06-09 22:48 - 00008076 _____ C:\Users\Marcus\Downloads\mtwk-dtn.nfo
2016-02-29 07:09 - 2016-02-29 07:09 - 04661135 _____ C:\Users\Marcus\Downloads\mtwk-dtn.7z.[gcw]
2016-02-29 06:55 - 2008-04-09 13:36 - 00000000 ____D C:\Users\Marcus\Downloads\TW_GOLD_Kingdoms_Patch_UK
2016-02-29 06:52 - 2016-02-29 06:54 - 122116885 _____ C:\Users\Marcus\Downloads\TW_GOLD_Kingdoms_Patch_UK (1).rar
2016-02-29 06:44 - 2016-02-29 06:44 - 00000000 ____D C:\Program Files (x86)\SEGA
2016-02-29 06:22 - 2016-02-29 06:22 - 00000000 ____D C:\Users\Marcus\Desktop\westerosaves
2016-02-28 17:31 - 2016-02-28 17:36 - 85049699 _____ C:\Users\Marcus\Downloads\G5_Settlement_Tweaks.7z
2016-02-28 17:31 - 2016-02-28 17:31 - 00000403 _____ C:\Users\Marcus\Downloads\Instructions.txt
2016-02-28 17:30 - 2016-02-28 17:30 - 00329545 _____ C:\Users\Marcus\Downloads\Titanium_Alpha_v0.85_Patch2.7z
2016-02-28 17:28 - 2016-02-28 17:29 - 18543394 _____ C:\Users\Marcus\Downloads\Titanium_Alpha_v0.85_Patch1.7z
2016-02-28 17:25 - 2015-09-26 12:17 - 00000000 ____D C:\Users\Marcus\Downloads\Titanium_Alpha
2016-02-28 17:09 - 2016-02-28 17:18 - 199445622 _____ C:\Users\Marcus\Downloads\Titanium_Alpha_v0.85.7z
2016-02-28 14:44 - 2016-02-28 14:44 - 00000000 ____D C:\Users\Marcus\Downloads\text
2016-02-28 14:39 - 2016-02-28 14:39 - 00000000 ____D C:\Users\Marcus\Downloads\Bellum Crucis 7 - Enhanced Sub-Mod
2016-02-28 13:47 - 2016-02-28 13:47 - 01862745 _____ C:\Users\Marcus\Downloads\English Text Fix.7z
2016-02-28 13:06 - 2016-02-28 13:06 - 05965994 _____ C:\Users\Marcus\Downloads\Bugfixer1_BC7_01012015.7z
2016-02-27 21:03 - 2016-03-06 01:08 - 00001762 _____ C:\Users\Public\Desktop\Defraggler.lnk
2016-02-27 21:03 - 2016-02-27 21:03 - 00000000 ____D C:\Program Files\Defraggler
2016-02-27 21:01 - 2016-02-27 21:02 - 04527736 _____ (Piriform Ltd) C:\Users\Marcus\Downloads\dfsetup220.exe
2016-02-27 21:01 - 2016-02-27 21:02 - 04527736 _____ (Piriform Ltd) C:\Users\Marcus\Downloads\dfsetup220 (1).exe
2016-02-27 21:01 - 2016-02-27 21:01 - 00266098 _____ C:\Users\Marcus\Documents\zaloha registru.reg
2016-02-27 20:54 - 2016-03-06 01:08 - 00000860 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-02-27 20:54 - 2016-02-27 20:54 - 00002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-02-27 20:54 - 2016-02-27 20:54 - 00000000 ____D C:\Program Files\CCleaner
2016-02-27 20:53 - 2016-02-27 20:53 - 06837784 _____ (Piriform Ltd) C:\Users\Marcus\Downloads\ccsetup515.exe
2016-02-27 20:41 - 2016-02-27 20:41 - 00000000 ____D C:\Users\Marcus\Documents\Smart PC Utilities
2016-02-27 20:36 - 2016-03-06 01:08 - 00002300 _____ C:\Users\Public\Desktop\PC Services Optimizer.lnk
2016-02-27 20:36 - 2016-02-27 20:36 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2016-02-27 20:36 - 2016-02-27 20:36 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Smart PC Utilities
2016-02-27 20:36 - 2016-02-27 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart PC Utilities
2016-02-27 20:36 - 2016-02-27 20:36 - 00000000 ____D C:\Program Files (x86)\Smart PC Utilities
2016-02-27 20:35 - 2016-02-27 20:35 - 06697319 _____ (Smart PC Utilities ) C:\Users\Marcus\Downloads\servicesoptimizer_1594.exe
2016-02-27 20:22 - 2016-02-27 20:22 - 00000000 ____D C:\Windows\pss
2016-02-27 18:07 - 2016-02-27 18:07 - 00041984 _____ (Lee 'FordGT90Concept' Glasser) C:\Users\Marcus\Downloads\Large Address Aware.exe
2016-02-27 17:47 - 2016-02-27 17:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-02-27 17:47 - 2016-02-27 17:47 - 00000000 ____D C:\Program Files\7-Zip
2016-02-27 17:46 - 2016-02-27 17:47 - 01371668 _____ (Igor Pavlov) C:\Users\Marcus\Downloads\7z1514-x64.exe
2016-02-27 16:29 - 2016-02-27 16:29 - 00242206 _____ C:\Users\Marcus\Downloads\Bellum_Crucis_7.0.zip.torrent
2016-02-20 16:37 - 2016-02-20 16:40 - 00000208 _____ C:\Users\Marcus\Desktop\ts servery.txt
2016-02-19 08:50 - 2016-02-19 08:53 - 711225344 _____ C:\Users\Marcus\Downloads\Cerna smrt (2010) CZ.avi
2016-02-18 17:34 - 2016-02-18 17:36 - 29190912 _____ C:\Users\Marcus\Downloads\BugFix_Compilation_v1.27.7z
2016-02-18 15:52 - 2016-02-29 07:11 - 00000000 ____D C:\Users\Marcus\AppData\Local\ApplicationHistory
2016-02-18 15:52 - 2016-02-18 15:52 - 00000094 _____ C:\Users\Marcus\AppData\Local\fusioncache.dat
2016-02-18 08:44 - 2016-02-18 08:44 - 00003230 _____ C:\Windows\System32\Tasks\{D23D84CA-8811-4DBC-9CE4-1B3A35BA6B5E}
2016-02-18 08:29 - 2016-02-18 08:30 - 122116885 _____ C:\Users\Marcus\Downloads\TW_GOLD_Kingdoms_Patch_UK.rar
2016-02-18 07:53 - 2016-02-18 07:53 - 00000000 ____D C:\Windows\SysWOW64\URTTEMP
2016-02-18 07:52 - 2016-03-06 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA
2016-02-17 08:06 - 2016-02-17 08:06 - 00013119 _____ C:\Users\Marcus\Downloads\Stainless Steel 6.4 patch.torrent
2016-02-17 08:05 - 2016-02-17 08:05 - 00012912 _____ C:\Users\Marcus\Downloads\SS6.3.torrent
2016-02-17 07:53 - 2016-02-17 08:00 - 1239224730 _____ C:\Users\Marcus\Downloads\Vlk z Wallstreet (2013) CZ.avi
2016-02-16 07:03 - 2016-02-16 07:08 - 843966464 _____ C:\Users\Marcus\Downloads\Muz-se-zeleznou-maskou-cz.avi
2016-02-12 00:22 - 2016-02-12 00:27 - 842371570 _____ C:\Users\Marcus\Downloads\Slídil--Nightcrawler (2014) BDRip CZ DABING.avi
2016-02-10 14:24 - 2016-02-06 11:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-10 14:24 - 2016-02-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-10 14:24 - 2016-02-06 11:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-10 14:24 - 2016-02-06 11:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-10 14:24 - 2016-02-06 11:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-10 14:24 - 2016-02-06 11:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-10 14:24 - 2016-02-06 10:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-10 14:24 - 2016-02-06 10:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-10 14:24 - 2016-02-06 10:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-10 14:24 - 2016-02-06 10:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-10 14:24 - 2016-02-06 10:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-10 14:24 - 2016-02-06 10:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-10 14:24 - 2016-02-06 10:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-10 14:24 - 2016-02-06 09:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-10 14:24 - 2016-01-06 20:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-10 14:24 - 2016-01-06 19:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-10 14:23 - 2016-01-22 21:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-10 14:23 - 2016-01-22 21:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-10 14:23 - 2016-01-22 07:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-10 14:23 - 2016-01-22 07:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-10 14:23 - 2016-01-22 07:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-10 14:23 - 2016-01-22 07:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-10 14:23 - 2016-01-22 07:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-10 14:23 - 2016-01-22 07:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-10 14:23 - 2016-01-22 07:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-10 14:23 - 2016-01-22 07:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-10 14:23 - 2016-01-22 07:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-10 14:23 - 2016-01-22 07:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-10 14:23 - 2016-01-22 07:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-10 14:23 - 2016-01-22 07:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-10 14:23 - 2016-01-22 07:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-10 14:23 - 2016-01-22 07:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-10 14:23 - 2016-01-22 07:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-10 14:23 - 2016-01-22 07:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-10 14:23 - 2016-01-22 07:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-10 14:23 - 2016-01-22 07:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-10 14:23 - 2016-01-22 07:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-10 14:23 - 2016-01-22 07:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-10 14:23 - 2016-01-22 07:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-02-10 14:23 - 2016-01-22 07:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-02-10 14:23 - 2016-01-22 07:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-02-10 14:23 - 2016-01-22 07:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-10 14:23 - 2016-01-22 07:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-02-10 14:23 - 2016-01-22 06:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-10 14:23 - 2016-01-22 06:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-02-10 14:23 - 2016-01-22 06:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-10 14:23 - 2016-01-22 06:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-02-10 14:23 - 2016-01-22 06:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-10 14:23 - 2016-01-22 06:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-10 14:23 - 2016-01-22 06:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-10 14:23 - 2016-01-22 06:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-10 14:23 - 2016-01-22 06:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-10 14:23 - 2016-01-22 06:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-02-10 14:23 - 2016-01-22 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-10 14:23 - 2016-01-22 06:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-02-10 14:23 - 2016-01-22 06:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-02-10 14:23 - 2016-01-22 06:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-10 14:23 - 2016-01-22 06:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-02-10 14:23 - 2016-01-22 06:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-02-10 14:23 - 2016-01-22 06:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-02-10 14:23 - 2016-01-22 06:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-10 14:23 - 2016-01-22 06:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-10 14:23 - 2016-01-22 06:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-10 14:23 - 2016-01-22 06:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-10 14:23 - 2016-01-22 06:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-02-10 14:23 - 2016-01-22 06:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-10 14:23 - 2016-01-22 06:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-10 14:23 - 2016-01-22 06:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-10 14:22 - 2016-01-22 07:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-10 14:22 - 2016-01-22 07:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-10 14:22 - 2016-01-22 07:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-10 14:22 - 2016-01-22 07:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-10 14:22 - 2016-01-22 07:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-10 14:22 - 2016-01-22 07:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-10 14:22 - 2016-01-22 07:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-10 14:22 - 2016-01-22 07:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-10 14:22 - 2016-01-22 07:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-10 14:22 - 2016-01-22 07:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-10 14:22 - 2016-01-22 07:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-10 14:22 - 2016-01-22 07:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-10 14:22 - 2016-01-22 07:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-10 14:22 - 2016-01-22 07:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-10 14:22 - 2016-01-22 07:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-10 14:22 - 2016-01-22 07:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-10 14:22 - 2016-01-22 07:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-10 14:22 - 2016-01-22 07:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-10 14:22 - 2016-01-22 07:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-10 14:22 - 2016-01-22 07:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-10 14:22 - 2016-01-22 07:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-10 14:22 - 2016-01-22 07:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-10 14:22 - 2016-01-22 07:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-10 14:22 - 2016-01-22 07:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-10 14:22 - 2016-01-22 07:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-10 14:22 - 2016-01-22 07:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-10 14:22 - 2016-01-22 07:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-10 14:22 - 2016-01-22 07:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-10 14:22 - 2016-01-22 07:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-10 14:22 - 2016-01-22 07:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-10 14:22 - 2016-01-22 07:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-10 14:22 - 2016-01-22 07:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 07:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-10 14:22 - 2016-01-22 07:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-10 14:22 - 2016-01-22 07:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-10 14:22 - 2016-01-22 07:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-10 14:22 - 2016-01-22 07:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-10 14:22 - 2016-01-22 07:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-10 14:22 - 2016-01-22 07:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-10 14:22 - 2016-01-22 07:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-10 14:22 - 2016-01-22 07:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-10 14:22 - 2016-01-22 07:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-10 14:22 - 2016-01-22 07:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-10 14:22 - 2016-01-22 07:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-10 14:22 - 2016-01-22 07:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-10 14:22 - 2016-01-22 07:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-10 14:22 - 2016-01-22 07:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-10 14:22 - 2016-01-22 07:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-10 14:22 - 2016-01-22 07:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-10 14:22 - 2016-01-22 07:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 06:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-10 14:22 - 2016-01-22 06:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-10 14:22 - 2016-01-22 06:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-10 14:22 - 2016-01-22 06:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-10 14:22 - 2016-01-22 05:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-10 14:22 - 2016-01-22 05:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-10 14:22 - 2016-01-22 05:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-10 14:22 - 2016-01-22 05:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-10 14:22 - 2016-01-22 05:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-10 14:22 - 2016-01-22 05:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-10 14:22 - 2016-01-22 05:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-10 14:22 - 2016-01-22 05:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 05:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 14:22 - 2016-01-22 05:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-10 14:22 - 2016-01-16 20:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-10 14:22 - 2016-01-16 19:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-10 14:22 - 2016-01-07 18:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-10 14:22 - 2016-01-07 18:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-10 14:21 - 2016-01-22 07:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-10 14:21 - 2016-01-22 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-10 14:21 - 2016-01-22 07:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-10 14:21 - 2016-01-22 07:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-10 14:21 - 2016-01-22 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 14:21 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-10 14:21 - 2016-01-22 07:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-10 14:21 - 2016-01-22 07:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-10 14:21 - 2016-01-22 06:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-10 14:21 - 2016-01-22 06:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-10 14:21 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 14:21 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-10 14:21 - 2016-01-22 05:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-10 14:21 - 2016-01-22 05:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-10 14:21 - 2016-01-22 05:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-10 14:21 - 2016-01-22 05:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-10 04:27 - 2016-02-10 04:31 - 664674304 _____ C:\Users\Marcus\Downloads\Vikingové 1 Akční 1999 cz.avi
2016-02-09 22:14 - 2016-02-09 22:21 - 721546088 _____ C:\Users\Marcus\Downloads\Král Škorpión (2002)CZdab.avi
2016-02-09 04:18 - 2016-02-09 04:22 - 734214144 _____ C:\Users\Marcus\Downloads\Kracejici skala CZ.avi
2016-02-06 12:31 - 2012-11-08 21:17 - 00767961 _____ C:\Users\Marcus\Downloads\xcom_eu_2012_cz_v1.01.exe
2016-02-06 12:31 - 2012-11-08 20:37 - 00004628 _____ C:\Users\Marcus\Downloads\xcom_eu_cz_readme.txt
2016-02-06 12:31 - 2012-08-30 21:02 - 00000195 _____ C:\Users\Marcus\Downloads\CestinyCZ.txt
2016-02-06 12:30 - 2016-02-06 12:30 - 00684330 _____ C:\Users\Marcus\Downloads\xcom_eu_2012_cz_v101.zip
2016-02-06 00:36 - 2016-02-06 00:41 - 794585088 _____ C:\Users\Marcus\Downloads\Útěk z Alcatrazu - cz.dab.n@y.avi

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-07 20:33 - 2015-02-20 22:19 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-07 16:19 - 2015-04-18 16:51 - 00000000 ____D C:\Users\Marcus\AppData\Local\PokerStars.EU
2016-03-07 16:19 - 2015-04-18 16:50 - 00000000 ____D C:\Program Files (x86)\PokerStars.EU
2016-03-07 13:11 - 2009-07-14 05:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-07 13:11 - 2009-07-14 05:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-07 13:03 - 2015-02-21 20:49 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-07 13:03 - 2015-02-20 22:19 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-07 13:03 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-06 19:17 - 2015-02-20 23:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-06 19:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-03-06 18:55 - 2015-03-04 01:27 - 00000000 ____D C:\Hry
2016-03-06 15:36 - 2015-02-22 14:36 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-06 13:51 - 2015-04-20 23:00 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\uTorrent
2016-03-06 12:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\LiveKernelReports
2016-03-06 12:08 - 2009-07-14 16:18 - 00680876 _____ C:\Windows\system32\perfh005.dat
2016-03-06 12:08 - 2009-07-14 16:18 - 00146130 _____ C:\Windows\system32\perfc005.dat
2016-03-06 12:08 - 2009-07-14 06:13 - 01601672 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-06 12:01 - 2015-03-02 00:22 - 00000000 ____D C:\KMPlayer
2016-03-06 01:08 - 2015-12-06 00:46 - 00001295 _____ C:\Users\Public\Desktop\KMPFaster.lnk
2016-03-06 01:08 - 2015-07-31 01:51 - 00001345 _____ C:\Users\Public\Desktop\Command and Conquer 3 Tiberium Wars and Kane's Wrath.lnk
2016-03-06 01:08 - 2015-07-28 21:57 - 00001342 _____ C:\Users\Public\Desktop\Command and Conquer Tiberian Sun.lnk
2016-03-06 01:08 - 2015-07-27 18:31 - 00000977 _____ C:\Users\Public\Desktop\Origin.lnk
2016-03-06 01:08 - 2015-04-23 23:34 - 00001607 _____ C:\Users\Public\Desktop\League of Legends.lnk
2016-03-06 01:08 - 2015-04-23 22:08 - 00002266 _____ C:\Users\Public\Desktop\HP Deskjet 2050 J510 series.lnk
2016-03-06 01:08 - 2015-04-23 22:08 - 00001188 _____ C:\Users\Public\Desktop\Zakoupit spotřební materiál - HP Deskjet 2050 J510 series.lnk
2016-03-06 01:08 - 2015-04-17 15:55 - 00001916 _____ C:\Users\Public\Desktop\DOSBox 0.74.lnk
2016-03-06 01:08 - 2015-04-05 01:23 - 00002298 _____ C:\Users\Public\Desktop\Seven Kingdoms - Ancient Adversaries.lnk
2016-03-06 01:08 - 2015-03-07 22:17 - 00001960 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-03-06 01:08 - 2015-02-22 14:36 - 00000961 _____ C:\Users\Public\Desktop\Steam.lnk
2016-03-06 01:08 - 2015-02-22 13:48 - 00001948 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2016-03-06 01:08 - 2015-02-20 22:20 - 00002259 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-06 01:08 - 2015-02-20 22:20 - 00002253 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-06 01:08 - 2009-07-14 05:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-03-06 01:08 - 2009-07-14 05:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-03-06 01:07 - 2015-08-04 19:33 - 00002929 _____ C:\Users\Marcus\Desktop\C&C Online.lnk
2016-03-06 01:07 - 2015-04-18 16:51 - 00001980 _____ C:\Users\Marcus\Desktop\PokerStars.eu.lnk
2016-03-06 01:07 - 2015-03-21 19:42 - 00001215 _____ C:\Users\Marcus\Desktop\TeamSpeak 3 Client.lnk
2016-03-06 01:07 - 2015-03-02 00:22 - 00000606 _____ C:\Users\Marcus\Desktop\KMPlayer.lnk
2016-03-06 01:07 - 2015-02-20 22:18 - 00001397 _____ C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-06 01:07 - 2009-07-14 06:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-03-06 01:07 - 2009-07-14 05:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-03-06 01:06 - 2015-12-06 12:13 - 00000270 __RSH C:\ProgramData\ntuser.pol
2016-03-06 01:05 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Web
2016-03-06 00:59 - 2015-04-20 23:00 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2016-03-06 00:59 - 2015-02-22 13:22 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-03-06 00:59 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-05 17:24 - 2015-03-21 20:13 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\TS3Client
2016-03-05 16:35 - 2015-12-04 01:41 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-05 15:37 - 2015-02-20 22:17 - 00000000 ____D C:\Users\Marcus
2016-03-04 21:28 - 2015-02-22 13:47 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\DAEMON Tools Lite
2016-03-01 20:03 - 2015-04-05 01:17 - 00000000 ____D C:\Users\Marcus\AppData\Local\Adobe
2016-02-29 18:27 - 2015-06-24 21:44 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-02-29 18:26 - 2015-04-05 01:17 - 00000000 ____D C:\ProgramData\Adobe
2016-02-29 12:15 - 2015-02-20 23:03 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-02-29 12:15 - 2015-02-20 23:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-02-28 13:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-02-28 12:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2016-02-27 20:56 - 2015-04-03 10:30 - 00000000 ____D C:\Windows\Minidump
2016-02-27 20:56 - 2015-02-20 22:05 - 00000000 ____D C:\Windows\Panther
2016-02-27 19:47 - 2009-07-14 16:36 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-02-27 19:47 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-02-27 19:47 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-02-27 19:47 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-02-27 19:47 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\spool
2016-02-27 19:47 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-02-27 19:37 - 2015-04-23 22:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-02-27 19:35 - 2015-04-20 23:01 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Seznam.cz
2016-02-27 19:35 - 2015-04-20 23:01 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2016-02-27 19:34 - 2015-05-14 00:15 - 00000000 ____D C:\Program Files (x86)\LOLReplay
2016-02-27 19:33 - 2015-03-21 19:25 - 00000000 ____D C:\Users\Marcus\AppData\Local\LogMeIn Hamachi
2016-02-27 19:30 - 2015-07-27 18:37 - 00000000 ____D C:\Program Files (x86)\Origin Games
2016-02-20 05:15 - 2015-03-07 22:17 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-02-19 15:49 - 2015-05-14 01:19 - 00000000 ____D C:\ProgramData\Oracle
2016-02-19 15:49 - 2015-05-14 01:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-19 15:49 - 2015-05-14 01:19 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-19 15:48 - 2015-10-28 15:42 - 00000000 ____D C:\Users\Marcus\.oracle_jre_usage
2016-02-19 15:48 - 2015-05-14 01:20 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-02-18 07:54 - 2015-02-20 22:52 - 01684654 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-02-18 07:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Registration
2016-02-11 03:27 - 2009-07-14 05:45 - 00272504 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-10 19:47 - 2015-03-21 19:42 - 00000000 ____D C:\Users\Marcus\AppData\Local\TeamSpeak 3 Client
2016-02-06 11:54 - 2015-05-10 14:28 - 00000000 ____D C:\Users\Marcus\Documents\My Games

==================== Files in the root of some directories =======

2016-02-18 15:52 - 2016-02-18 15:52 - 0000094 _____ () C:\Users\Marcus\AppData\Local\fusioncache.dat
2015-04-23 22:08 - 2015-04-23 22:08 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Marcus\AppData\Local\Temp\sqlite3.dll
C:\Users\Marcus\AppData\Local\Temp\_is4455.exe
C:\Users\Marcus\AppData\Local\Temp\_isD2AE.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-28 13:25

==================== End of FRST.txt ============================
Nahoru
Matlajs
Návštěvník
Návštěvník
Příspěvky: 11
Registrován: 06 bře 2016 12:43

Re: Adware?

#10 Příspěvek od Matlajs »

Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Marcus (2016-03-07 20:54:13)
Running from C:\Users\Marcus\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-02-20 21:17:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1168840733-3772592448-2830392990-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1168840733-3772592448-2830392990-1005 - Limited - Enabled)
Guest (S-1-5-21-1168840733-3772592448-2830392990-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1168840733-3772592448-2830392990-1002 - Limited - Enabled)
Marcus (S-1-5-21-1168840733-3772592448-2830392990-1001 - Administrator - Enabled) => C:\Users\Marcus

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Age of Empires III (HKLM-x32\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Aktualizace NVIDIA 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.68.1077 - AB Team, d.o.o.)
C&C:Online (HKLM-x32\...\{1298F091-2180-4779-BDA0-1176247252D0}) (Version: 2.0.7 - Revora)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
Command & Conquer™ 3 Tiberium Wars and Kane's Wrath (HKLM-x32\...\{35A2FE53-CC80-4D17-941F-3A7C82824FC7}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Tiberian Sun™ and Firestorm™ (HKLM-x32\...\{517FAF1E-3045-49DE-8079-107C2851389E}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Defraggler (HKLM\...\Defraggler) (Version: 2.20 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.75 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Jagged Alliance 2 Gold - 1.12 (HKLM-x32\...\Jagged Alliance 2 Gold - 1.12) (Version: - )
Jagged Alliance 2 Gold (HKLM-x32\...\Jagged Alliance 2 Gold) (Version: - )
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
JdH's CiV MP Mod Manager (HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\c03cf9dfba141d40) (Version: 1.0.7.10 - JdH's CiV MP Mod Manager)
K-Lite Codec Pack 10.9.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.5 - )
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.0.2.6 - PandoraTV)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Malwarebytes Anti-Malware verze 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Medieval II Total War (HKLM-x32\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.03.000 - Sega)
Medieval II Total War Kingdoms (HKLM-x32\...\{CE244E07-B58F-4140-806F-34FB0CDDE8CA}) (Version: 1.05.0000 - Sega)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.20.5318 - Electronic Arts, Inc.)
Ovládací panel NVIDIA 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
PC Services Optimizer (HKLM-x32\...\{F24BB09D-FD85-4D4C-90FB-FE45EF8D559C}) (Version: 2.2.385 - Smart PC Utilities)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.)
Seven Kingdoms - Ancient Adversaries (HKLM-x32\...\Seven Kingdoms - Ancient Adversaries_is1) (Version: - GOG.com)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Sid Meier's Civilization: Beyond Earth (HKLM-x32\...\Steam App 65980) (Version: - Firaxis Games)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Základní software zařízení HP Deskjet 2050 J510 series (HKLM\...\{F61FD928-A74D-4AF9-9667-BE2BB6F2C386}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {5572EF4D-C768-40C9-9652-A4517E3F0C86} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {5EECD883-A0B5-4DEA-B034-08106C78B479} - System32\Tasks\{1954CF0F-6BC0-0C49-069E-ACFF46188234} => C:\Windows\system32\regsvr32.exe [2009-07-14] (Microsoft Corporation)
Task: {66899CA7-06E0-47B2-A939-C1FE948B34FD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-24] (Avast Software s.r.o.)
Task: {77DCEFA5-CD0E-4F4A-994D-171384DAFB7E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {93D36609-962D-4E1A-8FDF-DE98E7326B02} - \{24C8A834-CBB9-C7F2-9431-AA32CA1F6715} -> No File <==== ATTENTION
Task: {AFAC9990-0D82-4542-96FA-6CCEB4AB8A87} - System32\Tasks\{D23D84CA-8811-4DBC-9CE4-1B3A35BA6B5E} => pcalua.exe -a C:\Users\Marcus\Downloads\TW_GOLD_Kingdoms_Patch_UK\setup.exe -d C:\Users\Marcus\Downloads\TW_GOLD_Kingdoms_Patch_UK
Task: {B451CBEF-FB94-48A5-B92D-4EF09D05B417} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-01-13] ()
Task: {B93BAA77-4697-4B79-97D2-3712A4C7E769} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-06] (AVAST Software)
Task: {D728F36E-718A-4A51-BED5-30E4B70F5D3E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-20] (Google Inc.)
Task: {F0F13F16-3FEE-4099-A641-3BCB869F8E8F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-20] (Google Inc.)
Task: {F15B6125-6D1B-46E2-B363-823DA54C0591} - \{4F163218-6F58-30F7-21D1-8F95E9565B24} -> No File <==== ATTENTION
Task: {FA01946E-F88A-491C-B849-838439FE037B} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Marcus\Desktop\DLV 60.lnk -> C:\Hry\sega\mods\DLV_ext\Launch_DLV_ext.bat ()
Shortcut: C:\Users\Marcus\Desktop\Windows7Fix.bat – zástupce.lnk -> C:\Program Files (x86)\GOG.com\Seven Kingdoms - Ancient Adversaries\Windows7Fix.bat ()

==================== Loaded Modules (Whitelisted) ==============

2015-02-21 20:48 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-06-24 21:50 - 2015-06-24 21:50 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-24 21:49 - 2015-06-24 21:49 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-03-07 11:21 - 2016-03-07 11:21 - 02838016 _____ () C:\Program Files\AVAST Software\Avast\defs\16030700\algo.dll
2015-04-10 15:19 - 2015-03-28 04:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-03-07 22:16 - 2015-03-07 22:16 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-03-05 15:06 - 2016-03-02 05:47 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\libglesv2.dll
2016-03-05 15:06 - 2016-03-02 05:47 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7872 more sites.

IE restricted site: HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\123simsen.com -> www.123simsen.com

There are 7870 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2016-03-05 22:47 - 00451004 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15472 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: SpyHunter 4 Service => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^Users^Marcus^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Sledovat výstrahy inkoustu - HP Deskjet 2050 J510 series.lnk => C:\Windows\pss\Sledovat výstrahy inkoustu - HP Deskjet 2050 J510 series.lnk.Startup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E9BB4829-C825-46FE-B596-AF27AA27CAD5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{7C097595-B001-42F4-90D4-4CC99C2DDCBD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5EF6B7E6-CB7C-4712-9735-B4E471396EDD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{47A02A96-64FF-4B72-8AE9-E44A77A56BCA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{DFD9428C-E6D8-4B1C-940F-3A773F3EEA46}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{173E08F4-CC85-4F38-834E-6509185A461E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DB674932-7CF4-4B01-AD91-E8AED201936F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{354239EA-140E-47ED-9027-11F7B972812E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BB287985-C133-4737-B2B1-9C1B914F9524}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{35441788-56EE-4065-88EF-B06937BC1222}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{BA69000E-4B95-40BE-BBB8-025DD81128AF}C:\program files (x86)\gog.com\seven kingdoms - ancient adversaries\7k.exe] => (Allow) C:\program files (x86)\gog.com\seven kingdoms - ancient adversaries\7k.exe
FirewallRules: [UDP Query User{3FB75019-B759-4B8B-A3B1-71A3BFA4B11A}C:\program files (x86)\gog.com\seven kingdoms - ancient adversaries\7k.exe] => (Allow) C:\program files (x86)\gog.com\seven kingdoms - ancient adversaries\7k.exe
FirewallRules: [TCP Query User{5681BF87-5B18-4EBE-AFB8-3A1C0328614D}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{965D09BF-DECF-4287-A033-87423E97CA18}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{06E8B639-678E-4FE9-8EBA-5568E473D88E}C:\users\marcus\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\marcus\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{05AF9961-3B58-488B-A942-B079AEB04F6C}C:\users\marcus\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\marcus\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{B2B7DCAA-0EC0-44A8-9168-78643BB912D8}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe
FirewallRules: [TCP Query User{9D191767-C82B-4C36-8915-6E1CA48AC965}C:\hry\age of empires 2\empires2.exe] => (Allow) C:\hry\age of empires 2\empires2.exe
FirewallRules: [UDP Query User{63FFFFC1-3B2C-4EE0-A5C8-312697EF9770}C:\hry\age of empires 2\empires2.exe] => (Allow) C:\hry\age of empires 2\empires2.exe
FirewallRules: [{53DA063F-E4BC-4762-84E8-10020EEE5D7D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{B0958C8C-3E27-42EF-8946-C209C543CC84}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{4C0B39AB-FC9F-42BF-B9DA-54EE155514AE}D:\easysetupassistant\wr741n\easysetupassistant.exe] => (Allow) D:\easysetupassistant\wr741n\easysetupassistant.exe
FirewallRules: [UDP Query User{DC95421D-C942-4A23-A406-F467A12E6A0C}D:\easysetupassistant\wr741n\easysetupassistant.exe] => (Allow) D:\easysetupassistant\wr741n\easysetupassistant.exe
FirewallRules: [{E4E9B26E-436A-4B67-BC87-7FF4F6A2C71F}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Tiberian Sun\TSLauncher.exe
FirewallRules: [{B8D592A4-C70F-4BED-91B6-89F645CEAEE7}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Tiberian Sun\TSLauncher.exe
FirewallRules: [{2C155813-6A63-40BC-B912-0B83FFE1831E}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer 3 TW and KW\CNC3Launcher.exe
FirewallRules: [{EAA648AB-16F6-4192-B836-4797F0AADDE0}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer 3 TW and KW\CNC3Launcher.exe
FirewallRules: [TCP Query User{3EF9F07D-4B76-46E2-A46D-DF196D40EAE9}C:\program files (x86)\origin games\command and conquer tiberian sun\game.exe] => (Allow) C:\program files (x86)\origin games\command and conquer tiberian sun\game.exe
FirewallRules: [UDP Query User{F70BFF16-D121-4DC2-923D-D180D61FA79F}C:\program files (x86)\origin games\command and conquer tiberian sun\game.exe] => (Allow) C:\program files (x86)\origin games\command and conquer tiberian sun\game.exe
FirewallRules: [{9DDF06C6-B5E0-4ED2-9745-06A00E8D2640}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer 3 TW and KW\Command Conquer 3 Kanes Wrath\RetailExe\1.2\cnc3ep1.dat
FirewallRules: [{F1F31987-D88C-4F14-A1BE-44D951678097}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{4F52637F-A710-43E3-A299-33BC85F7E3CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{A3BDE4E9-3830-46A7-BC26-BCA902DC146B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{29A453C4-0D24-4F24-8EB0-C84DCF9D6285}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{859399A5-B975-4B55-819A-18E4E694A9A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
FirewallRules: [{685A7AF6-2535-430B-B763-124BC790D4DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
FirewallRules: [{0AAE3473-B309-4598-AB9F-718A570CB5A4}] => (Allow) C:\Users\Marcus\AppData\Roaming\uTorrent\utorrent.exe
FirewallRules: [{27F8A94B-E0AE-46B9-B0C7-5672F83C24C4}] => (Allow) C:\Users\Marcus\AppData\Roaming\uTorrent\utorrent.exe
FirewallRules: [{21FD9250-9528-4EF0-B85A-8BCB4F24D81E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

03-03-2016 15:22:44 Removed Medieval II Total War : Kingdoms : Americas
03-03-2016 15:24:28 Removed Medieval II Total War
03-03-2016 21:06:46 Instalováno Medieval II Total War
03-03-2016 21:17:34 Nainstalováno rozhraní DirectX
03-03-2016 21:21:59 Instalováno Medieval II Total War Kingdoms
03-03-2016 21:27:41 Nainstalováno rozhraní DirectX
05-03-2016 18:14:37 Windows Update
05-03-2016 23:10:44 AA11
06-03-2016 00:39:40 AA11
06-03-2016 15:36:05 Odstraněno Medieval II Total War Kingdoms
06-03-2016 15:36:59 Odstraněno Medieval II Total War
06-03-2016 18:56:02 Instalováno Medieval II Total War
06-03-2016 19:07:33 Nainstalováno rozhraní DirectX
06-03-2016 19:17:10 Instalováno Medieval II Total War Kingdoms
06-03-2016 19:23:18 Nainstalováno rozhraní DirectX
07-03-2016 12:51:33 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/06/2016 06:59:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: _isD2AE.exe, verze: 12.0.0.58849, časové razítko: 0x45b1a378
Název chybujícího modulu: _isD2AE.exe, verze: 12.0.0.58849, časové razítko: 0x45b1a378
Kód výjimky: 0xc0000005
Posun chyby: 0x0001e7b9
ID chybujícího procesu: 0x16ec
Čas spuštění chybující aplikace: 0x_isD2AE.exe0
Cesta k chybující aplikaci: _isD2AE.exe1
Cesta k chybujícímu modulu: _isD2AE.exe2
ID zprávy: _isD2AE.exe3

Error: (03/06/2016 12:07:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Generování kontextu aktivace pro C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1 se nezdařilo. Chyba v souboru manifestu nebo zásad C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2 na řádku C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Součást 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (03/01/2016 08:59:12 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Generování kontextu aktivace pro C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1 se nezdařilo. Chyba v souboru manifestu nebo zásad C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2 na řádku C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Součást 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (02/29/2016 06:13:02 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (2292) WebCacheLocal: Pokus o otevření souboru C:\Users\Marcus\AppData\Local\Microsoft\Windows\WebCache\V01.chk pro čtení nebo zápis se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error: (02/29/2016 07:52:46 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Generování kontextu aktivace pro C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1 se nezdařilo. Chyba v souboru manifestu nebo zásad C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2 na řádku C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Součást 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (02/28/2016 12:43:35 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={583992A2-5BF0-4AC7-8343-E5250B46E7B6}: Uživatel Marcus-Pc\Marcus vytočil připojení s názvem Širokopásmové připojení, které se nezdařilo. Kód chyby vrácený při selhání je 691.

Error: (02/28/2016 12:42:12 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={830D07D5-CC62-476A-8C7F-5E2E91194BA8}: Uživatel Marcus-Pc\Marcus vytočil připojení s názvem Širokopásmové připojení, které se nezdařilo. Kód chyby vrácený při selhání je 691.

Error: (02/28/2016 12:40:54 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={A18766AA-0B88-4040-80A8-2BAF007128C7}: Uživatel Marcus-Pc\Marcus vytočil připojení s názvem Širokopásmové připojení, které se nezdařilo. Kód chyby vrácený při selhání je 691.

Error: (02/28/2016 12:40:41 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={6A707F89-FD6E-4E69-9CE6-0861E7F0C2B7}: Uživatel Marcus-Pc\Marcus vytočil připojení s názvem Širokopásmové připojení, které se nezdařilo. Kód chyby vrácený při selhání je 691.

Error: (02/28/2016 12:39:50 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={4ADC595E-3A26-4C8B-85FF-5DE272164E6F}: Uživatel Marcus-Pc\Marcus vytočil připojení s názvem Širokopásmové připojení, které se nezdařilo. Kód chyby vrácený při selhání je 691.


System errors:
=============
Error: (03/07/2016 04:08:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Superfetch byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Error: (03/07/2016 12:51:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Streamer Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/07/2016 12:51:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Display Driver Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/07/2016 12:20:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Instalační služba modulů systému Windows byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (03/07/2016 12:20:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Streamer Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/07/2016 12:20:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Network Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/07/2016 12:20:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA GeForce Experience Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/07/2016 12:20:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Stereoscopic 3D Driver Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/07/2016 12:20:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Display Driver Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/06/2016 10:35:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Streamer Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


==================== Memory info ===========================

Processor: AMD Athlon(tm) II X4 630 Processor
Percentage of memory in use: 44%
Total physical RAM: 4095.18 MB
Available physical RAM: 2273.97 MB
Total Virtual: 8188.57 MB
Available Virtual: 5713.46 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:168.78 GB) NTFS
Drive d: (KINGDOMS) (CDROM) (Total:5.47 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 645A66C8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7275
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Adware?

#11 Příspěvek od altrok »

:arrow: Po restartu dejte vedet, jak se PC chova.



  • Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
  • ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
  • znovu spustte FRST a kliknete na Fix
  • po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

    Kód: Vybrat vše

    Start
CreateRestorePoint:
CloseProcesses:
Folder: C:\Users\Marcus\Desktop\westerosaves
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\MountPoints2: F - F:\autorun.exe
HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\MountPoints2: {447062fc-b944-11e4-8a7a-806e6f6e6963} - D:\Launch.exe
IFEO\CNC3.exe: [Debugger]
IFEO\CNC3EP1.exe: [Debugger] C:\Program Files (x86)\Revora\CNCOnline\cnconline.exe
IFEO\generals.exe: [Debugger]
IFEO\RA3.exe: [Debugger] 
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyServer: [S-1-5-21-1168840733-3772592448-2830392990-1001] => localhost:8080
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
2016-03-06 15:50 - 2016-03-06 15:56 - 00000000 ____D C:\Program Files\trend micro
2016-03-06 15:50 - 2016-03-06 15:53 - 00000000 ____D C:\rsit
2016-03-06 15:47 - 2016-03-06 15:47 - 01222144 _____ C:\Users\Marcus\Desktop\RSITx64.exe
2016-03-06 15:32 - 2016-03-07 12:20 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-06 15:31 - 2016-03-06 15:32 - 01524224 _____ C:\Users\Marcus\Desktop\adwcleaner_5.100.exe
2016-03-06 15:02 - 2016-03-07 20:53 - 00015776 _____ C:\Users\Marcus\Desktop\FRST.txt
2016-03-05 15:37 - 2016-03-05 15:37 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Enigma Software Group
2016-03-05 15:36 - 2016-03-05 15:36 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-05] ()
2016-03-05 15:34 - 2016-03-05 15:35 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Marcus\Downloads\SpyHunter-Installer.exe
Task: {93D36609-962D-4E1A-8FDF-DE98E7326B02} - \{24C8A834-CBB9-C7F2-9431-AA32CA1F6715} -> No File <==== ATTENTION
Task: {AFAC9990-0D82-4542-96FA-6CCEB4AB8A87} - System32\Tasks\{D23D84CA-8811-4DBC-9CE4-1B3A35BA6B5E} => pcalua.exe -a C:\Users\Marcus\Downloads\TW_GOLD_Kingdoms_Patch_UK\setup.exe -d C:\Users\Marcus\Downloads\TW_GOLD_Kingdoms_Patch_UK
Task: {B451CBEF-FB94-48A5-B92D-4EF09D05B417} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-01-13] ()
Task: {F15B6125-6D1B-46E2-B363-823DA54C0591} - \{4F163218-6F58-30F7-21D1-8F95E9565B24} -> No File <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
EmptyTemp:
End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Matlajs
Návštěvník
Návštěvník
Příspěvky: 11
Registrován: 06 bře 2016 12:43

Re: Adware?

#12 Příspěvek od Matlajs »

nevim co vás konkrétně zajímá. pc se choval normálně už po cleanu malwarebytu, ale spyhunter něco hlásil, tak jsem chtěl ujištění že tu nic nemám.

log

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Marcus (2016-03-08 01:24:57) Run:1
Running from C:\Users\Marcus\Desktop
Loaded Profiles: Marcus (Available Profiles: Marcus)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
Folder: C:\Users\Marcus\Desktop\westerosaves
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\MountPoints2: F - F:\autorun.exe
HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\...\MountPoints2: {447062fc-b944-11e4-8a7a-806e6f6e6963} - D:\Launch.exe
IFEO\CNC3.exe: [Debugger]
IFEO\CNC3EP1.exe: [Debugger] C:\Program Files (x86)\Revora\CNCOnline\cnconline.exe
IFEO\generals.exe: [Debugger]
IFEO\RA3.exe: [Debugger]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyServer: [S-1-5-21-1168840733-3772592448-2830392990-1001] => localhost:8080
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
2016-03-06 15:50 - 2016-03-06 15:56 - 00000000 ____D C:\Program Files\trend micro
2016-03-06 15:50 - 2016-03-06 15:53 - 00000000 ____D C:\rsit
2016-03-06 15:47 - 2016-03-06 15:47 - 01222144 _____ C:\Users\Marcus\Desktop\RSITx64.exe
2016-03-06 15:32 - 2016-03-07 12:20 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-06 15:31 - 2016-03-06 15:32 - 01524224 _____ C:\Users\Marcus\Desktop\adwcleaner_5.100.exe
2016-03-06 15:02 - 2016-03-07 20:53 - 00015776 _____ C:\Users\Marcus\Desktop\FRST.txt
2016-03-05 15:37 - 2016-03-05 15:37 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Enigma Software Group
2016-03-05 15:36 - 2016-03-05 15:36 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-05] ()
2016-03-05 15:34 - 2016-03-05 15:35 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Marcus\Downloads\SpyHunter-Installer.exe
Task: {93D36609-962D-4E1A-8FDF-DE98E7326B02} - \{24C8A834-CBB9-C7F2-9431-AA32CA1F6715} -> No File <==== ATTENTION
Task: {AFAC9990-0D82-4542-96FA-6CCEB4AB8A87} - System32\Tasks\{D23D84CA-8811-4DBC-9CE4-1B3A35BA6B5E} => pcalua.exe -a C:\Users\Marcus\Downloads\TW_GOLD_Kingdoms_Patch_UK\setup.exe -d C:\Users\Marcus\Downloads\TW_GOLD_Kingdoms_Patch_UK
Task: {B451CBEF-FB94-48A5-B92D-4EF09D05B417} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-01-13] ()
Task: {F15B6125-6D1B-46E2-B363-823DA54C0591} - \{4F163218-6F58-30F7-21D1-8F95E9565B24} -> No File <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.

========================= Folder: C:\Users\Marcus\Desktop\westerosaves ========================

2016-02-29 06:22 - 2016-02-27 15:01 - 2773717 _____ () C:\Users\Marcus\Desktop\westerosaves\Autospeichern.sav
2016-02-29 06:22 - 2016-02-20 19:31 - 2281668 _____ () C:\Users\Marcus\Desktop\westerosaves\bez praporcu.sav
2016-02-29 06:22 - 2016-02-26 23:22 - 1882697 _____ () C:\Users\Marcus\Desktop\westerosaves\lannister.sav
2016-02-29 06:22 - 2016-02-27 14:56 - 2761844 _____ () C:\Users\Marcus\Desktop\westerosaves\red viper.sav
2016-02-29 06:22 - 2016-02-24 02:42 - 2517535 _____ () C:\Users\Marcus\Desktop\westerosaves\Stannis.sav

====== End of Folder: ======

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NvBackend => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => value removed successfully
"HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => key removed successfully
"HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{447062fc-b944-11e4-8a7a-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{447062fc-b944-11e4-8a7a-806e6f6e6963} => key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CNC3.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CNC3EP1.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\generals.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\RA3.exe" => key removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-21-1168840733-3772592448-2830392990-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Program Files\trend micro => moved successfully
C:\rsit => moved successfully
C:\Users\Marcus\Desktop\RSITx64.exe => moved successfully
C:\Program Files (x86)\AdwCleaner => moved successfully
C:\Users\Marcus\Desktop\adwcleaner_5.100.exe => moved successfully
C:\Users\Marcus\Desktop\FRST.txt => moved successfully
C:\Users\Marcus\AppData\Roaming\Enigma Software Group => moved successfully
C:\Windows\system32\Drivers\EsgScanner.sys => moved successfully
EsgScanner => service removed successfully
C:\Users\Marcus\Downloads\SpyHunter-Installer.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93D36609-962D-4E1A-8FDF-DE98E7326B02}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93D36609-962D-4E1A-8FDF-DE98E7326B02}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{24C8A834-CBB9-C7F2-9431-AA32CA1F6715}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFAC9990-0D82-4542-96FA-6CCEB4AB8A87}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFAC9990-0D82-4542-96FA-6CCEB4AB8A87}" => key removed successfully
C:\Windows\System32\Tasks\{D23D84CA-8811-4DBC-9CE4-1B3A35BA6B5E} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D23D84CA-8811-4DBC-9CE4-1B3A35BA6B5E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B451CBEF-FB94-48A5-B92D-4EF09D05B417}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B451CBEF-FB94-48A5-B92D-4EF09D05B417}" => key removed successfully
C:\Windows\System32\Tasks\klcp_update => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\klcp_update" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F15B6125-6D1B-46E2-B363-823DA54C0591}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F15B6125-6D1B-46E2-B363-823DA54C0591}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4F163218-6F58-30F7-21D1-8F95E9565B24}" => key removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
EmptyTemp: => 592.6 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 01:25:56 ====
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7275
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Adware?

#13 Příspěvek od altrok »

Takze jeste uklidime.
A pokud nejsou dotazy ci jine problemy, je to ode mne vse.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Matlajs
Návštěvník
Návštěvník
Příspěvky: 11
Registrován: 06 bře 2016 12:43

Re: Adware?

#14 Příspěvek od Matlajs »

ještě jsem se chtěl zeptat. zakládaly se tu různé topicy ohledně svchostu a jeho zátěže na pc.já vím že to bude asi dost variabilní kus od kusu, ale kolik by to tak cca mělo zabírat, popř. kdy už to začíná být podezřele vysoká hodnota?
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7275
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Adware?

#15 Příspěvek od altrok »

Na tohle me nenapada spravna odpoved. svchost.exe (jako kazdy jiny systemovy proces) je vyuzivan az desitkami dynamickych knihoven (.dll - dynamic link library). Malware muze pro svou potrebu svchost.exe vyuzivat (proto stoupa vytizeni procesoru/RAM legitimnim procesem). Na zobrazeni nazvu knihoven vyuzivajicich proces existuji nastroje typu Process Explorer od Sysinternals, cinsky PC Hunter atd.


Jina vec je, kdyz je samotny svchost tvorbou malwaru - v tom pripade se nenachazi v legitimnim umisteni %windir%\System32\svchost.exe


Ve Vasem PC vsak zadny malware nevidim.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“