Dobrý den,
chtěl bych porposit o kontrolu logu. Při instalaci doplňku do mozily firefox se mi podařilo chytnout nějakou čínskou infekci.
Velice děkuji
Log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015
Ran by Daniel (administrator) on DANIEL-LENOVO (02-12-2015 22:12:24)
Running from C:\Users\Daniel\Desktop
Loaded Profiles: Daniel (Available Profiles: Daniel)
Platform: Windows 10 Education (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1120.13270.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1511.24020.0_x64__8wekyb3d8bbwe\Calculator.exe
( ) C:\Program Files (x86)\baidu\pps.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(iQIYI.COM) C:\IQIYI Video\LStyle\QyKernel.exe
() C:\IQIYI Video\LStyle\Mobile\AndroidService.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16065.215\TAOFrame.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16065.215\QQPCRTP.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16065.215\QQPCTray.exe
(Tencent) C:\Program Files (x86)\Common Files\Tencent\QQDownload\130\Tencentdl.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16065.215\plugins\QMNetMon\QQPCNetFlow.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16065.215\QQPCRealTimeSpeedup.exe
(Tencent) C:\Program Files (x86)\Common Files\Tencent\QQDownload\130\Tencentdl.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16065.215\QQPCTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3743648 2015-09-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2015-10-11] (Pixart Imaging Inc)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2757424 2015-11-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [561672 2015-06-12] (Vimicro)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [SafeQClient] => C:\Program Files (x86)\SafeQ\SafeQ_cli.exe [493056 2015-11-02] (VŠB-TU Ostrava)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16065.215\QQPCTray.exe [355296 2015-12-02] (Tencent)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3011152 2015-11-10] (Valve Corporation)
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Daniel\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Daniel\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\Run: [GSplay.exe] => C:\Users\Daniel\Desktop\GSplay.exe
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\Run: [NIRegistrationWizard] => C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe [847000 2013-04-19] ()
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\Run: [apphide] => C:\Program Files (x86)\baidu\pps.exe [81920 2015-11-04] ( )
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\Run: [HCDNClient] => C:\IQIYI Video\LStyle\QyKernel.exe [576104 2015-08-04] (iQIYI.COM)
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\MountPoints2: {1dbc3f99-8472-11e5-9bd5-b888e373a893} - "E:\LG_PC_Programs.exe"
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\MountPoints2: {9927f19a-7030-11e5-9bd0-b888e373a893} - "E:\autorun.exe"
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177600 2015-11-16] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155792 2015-11-16] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16065.215\QMGCShellExt64.dll [2015-04-07] (Tencent)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk [2015-11-24]
ShortcutTarget: NI Error Reporting.lnk -> C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512 2014-06-06] (National Instruments Corporation)
Winsock: Catalog5-x64 07 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560 2014-06-06] (National Instruments Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 10.0.1.1
Tcpip\..\Interfaces\{952e9e30-7837-4bd5-b7ce-835e1409f774}: [DhcpNameServer] 10.0.0.1 10.0.1.1
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=92280131_hao_pg
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=92280131_hao_pg
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://windows.microsoft.com/cs-cz/hotmail/home?ocid=iehp
SearchScopes: HKU\S-1-5-21-2161712444-3510936251-563553130-1001 -> {069202F1-27FC-4601-A5CA-41F878F17CB4} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2161712444-3510936251-563553130-1001 -> {0D95C45A-4BB5-40A8-AAC6-45A9A2CA3FDC} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2161712444-3510936251-563553130-1001 -> {17871175-3CF6-4B2C-94D8-C8E87473DBBA} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2161712444-3510936251-563553130-1001 -> {1C10EE84-0FDE-4C21-92AA-A8E14B148BF1} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2161712444-3510936251-563553130-1001 -> {9BF95EE0-8409-4BE3-8C75-761AB9324909} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2161712444-3510936251-563553130-1001 -> {A1FBF928-091F-4EA8-BD03-00673561F5CD} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_16194
SearchScopes: HKU\S-1-5-21-2161712444-3510936251-563553130-1001 -> {BE5B2B07-E2DB-4C66-9A79-AA1CDA6D160B} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_16194
SearchScopes: HKU\S-1-5-21-2161712444-3510936251-563553130-1001 -> {CE5AAD91-AB43-45DC-94F4-1C9C48ADDEF3} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_16194
SearchScopes: HKU\S-1-5-21-2161712444-3510936251-563553130-1001 -> {E5F225C3-804F-47D5-81B9-AB6A482B2607} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_16194
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16065.215\TSWebMon64.dat [2015-12-02] (Tencent)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-23] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-23] (Oracle Corporation)
BHO-x32: °®ĆćŇŐÖúĘÖ -> {FB4F6285-4C32-49F2-950F-A5998F9CEC6C} -> C:\IQIYI Video\LStyle\Accelerator\IEHelper.dll [2015-08-04] (爱奇艺)
FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\xu00lnfi.default
FF Homepage: hxxps://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll [2015-08-04] ()
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll [2015-08-04] ()
FF Plugin-x32: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16065.215\npQMExtensionsMozilla.dll [2015-12-02] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2161712444-3510936251-563553130-1001: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin HKU\S-1-5-21-2161712444-3510936251-563553130-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Daniel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2014win32.dll [2015-04-30] (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2015win32.dll [2015-06-17] (National Instruments)
FF Extension: Adblock Plus - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\xu00lnfi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-25]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [135072 2015-09-05] (ELAN Microelectronics Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-11-16] (NVIDIA Corporation)
R2 LkCitadelServer; C:\WINDOWS\SysWOW64\lkcitdl.exe [695136 2014-08-07] (National Instruments, Inc.)
R2 lkClassAds; C:\WINDOWS\SysWOW64\lkads.exe [53544 2015-06-01] (National Instruments Corporation)
R2 lkTimeSync; C:\WINDOWS\SysWOW64\lktsrv.exe [63792 2015-06-01] (National Instruments Corporation)
R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [84792 2015-06-12] (National Instruments Corporation)
R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57184 2015-06-03] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [80736 2015-06-03] (National Instruments Corporation)
R2 niauth; C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe [571712 2015-06-02] (National Instruments Corporation)
R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [399152 2015-06-01] (National Instruments Corporation)
S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [320368 2014-06-06] (National Instruments Corporation)
R2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [177024 2015-06-12] (National Instruments Corporation)
R2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [89928 2015-06-02] (National Instruments Corporation)
R2 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57168 2015-06-03] (National Instruments Corporation)
R2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [703304 2015-06-11] (National Instruments Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-16] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8133424 2015-11-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5915440 2015-11-16] (NVIDIA Corporation)
R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16065.215\QQPCRTP.exe [297608 2015-12-02] (Tencent)
R3 TAOFrame; C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16065.215\TAOFrame.exe [293728 2015-12-02] (Tencent)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7593176 2015-07-10] (Broadcom Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-10-13] (Disc Soft Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-11-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-11-16] (NVIDIA Corporation)
R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16065.215\QMUdisk64.sys [80184 2015-12-02] (Tencent)
R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16065.215\QQSysMonX64.sys [127800 2015-12-02] (电脑管家)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410848 2015-09-02] (Realsil Semiconductor Corporation)
R2 TAOAccelerator; C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys [99640 2015-12-02] (Tencent)
R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel64.sys [174392 2015-12-02] (Tencent Technology(Shenzhen) Company Limited)
R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2015-12-02] (电脑管家)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-09-07] ()
R1 TSCPM; C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16065.215\tscpm64.sys [42296 2015-12-02] (电脑管家)
S1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16065.215\TSDefenseBT64.sys [28472 2015-12-02] (Tencent)
R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16065.215\TSSysKit64.sys [87352 2015-12-02] (电脑管家)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2015-10-11] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [802312 2015-06-12] (Vimicro Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-02 22:12 - 2015-12-02 22:13 - 00023581 _____ C:\Users\Daniel\Desktop\FRST.txt
2015-12-02 22:10 - 2015-12-02 22:10 - 02350080 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2015-12-02 22:02 - 2015-10-30 18:18 - 00126776 _____ (电脑管家) C:\WINDOWS\SysWOW64\Drivers\TsFltMgr.sys
2015-12-02 22:00 - 2015-12-02 21:59 - 00099640 _____ (Tencent) C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys
2015-12-02 21:59 - 2015-12-02 21:59 - 00174392 _____ (Tencent Technology(Shenzhen) Company Limited) C:\WINDOWS\system32\Drivers\TAOKernel64.sys
2015-12-02 21:59 - 2015-12-02 21:59 - 00087864 _____ (电脑管家) C:\WINDOWS\system32\Drivers\TFsFltX64.sys
2015-12-02 21:59 - 2015-12-02 21:59 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-12-02 21:59 - 2015-12-02 21:59 - 00000000 ____D C:\Program Files\Common Files\Tencent
2015-12-02 21:58 - 2015-12-02 22:05 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Tencent
2015-12-02 21:58 - 2015-12-02 21:59 - 00000000 ____D C:\ProgramData\Tencent
2015-12-02 21:58 - 2015-12-02 21:58 - 00000000 ____D C:\Program Files (x86)\Tencent
2015-12-02 21:35 - 2015-12-02 21:35 - 00001234 _____ C:\Users\Daniel\Desktop\全网影视.lnk
2015-12-02 21:34 - 2015-12-02 21:34 - 00001035 _____ C:\Users\Daniel\Desktop\PPS游戏大厅.lnk
2015-12-02 21:15 - 2015-12-02 21:15 - 00000000 ____D C:\Users\Daniel\.android
2015-12-02 21:14 - 2015-12-02 21:14 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\ppslog
2015-12-02 21:14 - 2015-12-02 21:14 - 00000000 ____D C:\Users\Daniel\AppData\LocalLow\VirtualStore
2015-12-02 21:14 - 2015-12-02 21:14 - 00000000 ____D C:\Users\Daniel\AppData\LocalLow\Unity
2015-12-02 21:14 - 2015-12-02 21:14 - 00000000 ____D C:\Users\Daniel\AppData\Local\Unity
2015-12-02 21:14 - 2015-12-02 21:14 - 00000000 ____D C:\Users\Daniel\AppData\Local\SysassistByHotWheel
2015-12-02 21:13 - 2015-12-02 21:45 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\IQIYI Video
2015-12-02 21:13 - 2015-12-02 21:36 - 00000000 ____D C:\ProgramData\IQIYI Video
2015-12-02 21:13 - 2015-12-02 21:14 - 00000000 ____D C:\IQIYI Video
2015-12-02 21:13 - 2015-12-02 21:13 - 00000000 ____D C:\Users\Public\QiYi
2015-12-02 21:11 - 2015-12-02 21:11 - 00000000 ____D C:\Program Files (x86)\baidu
2015-12-02 20:23 - 2015-12-02 20:23 - 00016148 _____ C:\WINDOWS\system32\DANIEL-LENOVO_Daniel_HistoryPrediction.bin
2015-12-02 18:18 - 2015-12-02 18:18 - 00858072 _____ C:\Users\Daniel\Desktop\mtlk.rar
2015-12-01 13:19 - 2015-12-01 13:19 - 00001085 _____ C:\Users\Daniel\Desktop\SafeQClient.lnk
2015-12-01 11:48 - 2015-12-01 11:48 - 01246406 _____ C:\Users\Daniel\Desktop\FKPIT-Projekt-č.1-zadaní-13.-Hodnocení-95-bodů-chyba-v-grafu-so-02.11.2015.rar
2015-11-30 11:14 - 2015-11-30 11:14 - 00000042 _____ C:\Users\Daniel\Desktop\vyplata listopad.txt
2015-11-28 22:19 - 2014-12-02 03:10 - 00971844 _____ C:\Users\Daniel\Desktop\Integrály komplet.pdf
2015-11-27 13:09 - 2015-11-24 11:18 - 00001153 _____ C:\Users\Daniel\Desktop\NI LabVIEW 2015 (32-bit).lnk
2015-11-27 12:44 - 2015-11-27 12:44 - 00680150 _____ C:\Users\Daniel\Desktop\Zadání semestrálního projektu MTLK.pdf
2015-11-25 17:31 - 2015-11-25 17:32 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-24 11:50 - 2015-11-24 11:50 - 00000000 ____D C:\Users\Public\Documents\National Instruments
2015-11-24 11:47 - 2015-11-24 11:47 - 00000000 ____D C:\National Instruments Downloads
2015-11-24 11:39 - 2015-12-01 21:16 - 00000000 ____D C:\Users\Daniel\Documents\LabVIEW Data
2015-11-24 11:31 - 2015-11-24 11:52 - 00003382 _____ C:\WINDOWS\System32\Tasks\NIUpdateServiceStartupTask
2015-11-24 11:31 - 2015-11-24 11:31 - 00000000 ____D C:\Users\Daniel\AppData\Local\National Instruments
2015-11-24 11:27 - 2015-11-24 12:45 - 00000000 ____D C:\ProgramData\JKI
2015-11-24 11:27 - 2015-11-24 11:27 - 00004146 _____ C:\WINDOWS\System32\Tasks\JKIUpdateTask
2015-11-24 11:27 - 2015-11-24 11:27 - 00001253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VI Package Manager.lnk
2015-11-24 11:27 - 2015-11-24 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JKI
2015-11-24 11:27 - 2015-11-24 11:27 - 00000000 ____D C:\Program Files (x86)\JKI
2015-11-24 11:26 - 2015-11-24 11:26 - 00000000 ____D C:\Program Files\Common Files\OPC Foundation
2015-11-24 11:24 - 2015-11-24 11:24 - 00001188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NI MAX.lnk
2015-11-24 11:18 - 2015-11-24 11:18 - 00001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NI LabVIEW 2015 (32-bit).lnk
2015-11-24 11:15 - 2015-11-24 11:15 - 00000132 _____ C:\WINDOWS\ODBC.INI
2015-11-24 11:14 - 2015-11-24 11:14 - 00000000 ____D C:\WINDOWS\SysWOW64\cvirte
2015-11-24 11:14 - 2015-11-24 11:14 - 00000000 ____D C:\WINDOWS\system32\cvirte
2015-11-24 11:13 - 2015-11-24 11:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Instruments
2015-11-24 11:13 - 2015-11-24 11:50 - 00000000 ____D C:\Program Files\National Instruments
2015-11-24 11:13 - 2015-11-24 11:13 - 00001439 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NI Launcher.lnk
2015-11-24 11:12 - 2015-11-24 11:50 - 00000000 ____D C:\Program Files (x86)\National Instruments
2015-11-24 11:09 - 2015-11-24 11:39 - 00000000 ____D C:\ProgramData\National Instruments
2015-11-24 10:47 - 2015-11-24 11:03 - 00000000 ____D C:\Program Files (x86)\LW
2015-11-21 12:08 - 2015-11-21 12:08 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2015-11-20 18:24 - 2015-11-20 18:24 - 00321152 _____ C:\WINDOWS\Minidump\112015-54046-01.dmp
2015-11-20 17:49 - 2015-11-20 17:50 - 00000000 ____D C:\Users\Daniel\AppData\Local\NVIDIA
2015-11-20 17:49 - 2015-11-20 17:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-11-20 17:49 - 2015-11-16 04:54 - 01828160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-11-20 17:49 - 2015-11-16 04:54 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-11-20 17:49 - 2015-11-16 04:54 - 01509824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-11-20 17:49 - 2015-11-16 04:54 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-11-20 17:49 - 2015-11-16 04:54 - 00112712 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2015-11-20 17:48 - 2015-11-20 17:48 - 00000000 ____D C:\Users\Daniel\AppData\Local\NVIDIA Corporation
2015-11-20 17:47 - 2015-11-20 17:47 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2015-11-20 17:47 - 2015-11-20 17:47 - 00000000 ____D C:\WINDOWS\system32\NV
2015-11-20 17:46 - 2015-11-16 04:54 - 00112944 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-11-20 17:45 - 2015-11-20 17:46 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-11-20 17:43 - 2015-11-20 17:43 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-20 17:41 - 2015-11-17 07:27 - 00040264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2015-11-20 17:41 - 2015-11-16 04:54 - 42913912 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 37881976 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 22345848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 18390832 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 16561320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 15933400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 15839200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 14844112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 13533608 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 12870192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 12040952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 03540544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 03126800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 02876536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 02496632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 01905456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435900.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 01564792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435900.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 00877688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 00861816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 00689784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 00674096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 00151184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 00072504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 00069416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 00050472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-11-20 16:07 - 2015-11-20 16:07 - 00000810 _____ C:\Users\Daniel\Desktop\editor – zástupce.lnk
2015-11-19 19:45 - 2015-11-19 19:45 - 00001738 _____ C:\Users\Daniel\Desktop\EXCEL – zástupce.lnk
2015-11-18 10:09 - 2015-11-18 10:09 - 00000652 _____ C:\WINDOWS\setting.ini
2015-11-18 10:09 - 2015-11-18 10:09 - 00000158 _____ C:\WINDOWS\system32\ricdb.ini
2015-11-18 10:09 - 2015-11-18 10:09 - 00000141 _____ C:\WINDOWS\setting1.ini
2015-11-18 10:09 - 2015-11-18 10:09 - 00000000 ____D C:\Users\Daniel\AppData\Local\TempDIR
2015-11-18 10:09 - 2015-11-18 10:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SafeQClient
2015-11-18 10:09 - 2015-11-18 10:09 - 00000000 ____D C:\Program Files (x86)\SafeQ
2015-11-17 17:15 - 2015-11-21 00:54 - 00000000 ____D C:\Users\Daniel\Desktop\foto netřiděne
2015-11-10 20:20 - 2015-11-05 06:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 20:20 - 2015-11-05 06:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-10 20:20 - 2015-11-05 06:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-10 20:20 - 2015-11-05 06:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-10 20:20 - 2015-11-05 06:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-10 20:20 - 2015-11-05 06:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-10 20:20 - 2015-11-05 06:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-10 20:20 - 2015-11-05 06:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-10 20:20 - 2015-11-05 05:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-10 20:20 - 2015-11-05 05:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-10 20:20 - 2015-11-05 05:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-10 20:20 - 2015-11-05 05:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-10 20:20 - 2015-11-05 05:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-10 20:20 - 2015-11-05 05:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-10 20:20 - 2015-11-05 05:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-10 20:20 - 2015-11-05 05:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-10 20:20 - 2015-11-05 05:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-10 20:20 - 2015-11-05 05:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-10 20:20 - 2015-11-05 05:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-10 20:20 - 2015-11-05 05:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-10 20:20 - 2015-11-05 05:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-10 20:20 - 2015-11-05 05:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-10 20:20 - 2015-11-05 05:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-10 20:20 - 2015-11-05 05:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-10 20:20 - 2015-11-05 05:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-10 20:20 - 2015-11-05 05:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-10 20:20 - 2015-11-05 05:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-10 20:20 - 2015-11-05 05:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-10 20:20 - 2015-11-05 05:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-10 20:20 - 2015-11-05 05:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-10 20:20 - 2015-11-05 05:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-10 20:20 - 2015-11-05 05:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-10 20:20 - 2015-11-05 05:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-10 20:20 - 2015-11-05 04:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-10 20:20 - 2015-11-05 04:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-10 20:20 - 2015-11-05 04:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-10 20:20 - 2015-11-05 04:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-10 20:20 - 2015-11-05 04:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-10 20:20 - 2015-11-05 04:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-10 20:20 - 2015-11-05 04:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-10 20:20 - 2015-11-05 04:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-10 20:20 - 2015-11-05 04:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-10 20:20 - 2015-11-05 04:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-10 20:20 - 2015-11-05 04:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-10 20:20 - 2015-11-05 04:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-10 20:20 - 2015-11-05 04:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-10 20:20 - 2015-11-05 04:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-10 20:20 - 2015-11-05 04:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-10 20:20 - 2015-11-05 04:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-10 20:20 - 2015-11-05 04:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-10 20:20 - 2015-11-05 04:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-10 20:20 - 2015-11-05 04:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-10 20:20 - 2015-11-05 04:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-10 09:48 - 2015-12-01 20:04 - 00000000 ____D C:\Users\Daniel\Desktop\OK1
2015-11-10 09:46 - 2015-11-28 15:10 - 00000000 ____D C:\Users\Daniel\Desktop\RS2
2015-11-05 11:09 - 2015-11-24 11:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-02 22:12 - 2015-09-06 17:44 - 00000000 ____D C:\FRST
2015-12-02 22:04 - 2015-09-22 07:39 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-02 21:59 - 2015-09-01 22:48 - 00000000 ____D C:\Users\Daniel\AppData\Local\VirtualStore
2015-12-02 21:44 - 2015-09-14 07:33 - 00000988 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-02 21:37 - 2015-09-02 21:55 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-02 21:15 - 2015-09-01 22:48 - 00000000 ____D C:\Users\Daniel
2015-12-02 19:00 - 2015-09-20 22:03 - 00000600 _____ C:\Users\Daniel\AppData\Roaming\winscp.rnd
2015-12-02 18:52 - 2015-09-02 22:26 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\TS3Client
2015-12-02 18:28 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-02 18:19 - 2015-09-14 07:35 - 00000000 ___RD C:\Users\Daniel\Disk Google
2015-12-02 18:18 - 2015-09-14 07:33 - 00000984 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-02 18:17 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-02 12:22 - 2015-07-10 10:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-12-01 13:51 - 2015-09-02 22:24 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype
2015-11-30 23:18 - 2015-09-17 13:49 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\vlc
2015-11-30 17:29 - 2015-09-11 13:13 - 00000000 ____D C:\Users\Daniel\AppData\Local\CrashDumps
2015-11-29 22:30 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-28 23:27 - 2015-09-01 20:59 - 01762290 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-28 23:27 - 2015-07-10 17:01 - 00746648 _____ C:\WINDOWS\system32\perfh005.dat
2015-11-28 23:27 - 2015-07-10 17:01 - 00149550 _____ C:\WINDOWS\system32\perfc005.dat
2015-11-28 23:27 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\INF
2015-11-28 21:50 - 2015-09-14 07:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-11-27 11:05 - 2015-09-03 20:08 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-25 17:36 - 2015-09-01 21:42 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-24 11:15 - 2015-07-10 10:05 - 00000000 ____D C:\Windows
2015-11-23 19:48 - 2015-09-20 11:38 - 00000000 ____D C:\ProgramData\Oracle
2015-11-23 19:48 - 2015-09-20 11:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-23 19:48 - 2015-09-20 11:38 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-23 19:47 - 2015-09-20 11:38 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-11-23 19:47 - 2015-09-20 11:38 - 00000000 ____D C:\Users\Daniel\.oracle_jre_usage
2015-11-21 23:02 - 2015-09-02 22:24 - 00000000 ____D C:\ProgramData\Skype
2015-11-20 18:24 - 2015-10-17 20:45 - 556521389 _____ C:\WINDOWS\MEMORY.DMP
2015-11-20 18:24 - 2015-10-17 20:45 - 00000000 ____D C:\WINDOWS\Minidump
2015-11-20 18:24 - 2015-07-10 13:20 - 00277600 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-20 17:49 - 2015-09-01 20:47 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-11-20 17:49 - 2015-09-01 20:47 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-11-20 17:49 - 2015-09-01 20:47 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-11-20 17:47 - 2015-09-01 20:48 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-20 16:49 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-20 16:45 - 2014-12-07 21:54 - 00000000 ____D C:\NVIDIA
2015-11-20 12:12 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache
2015-11-19 11:56 - 2015-09-20 21:58 - 00001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2015-11-19 11:56 - 2015-09-20 21:58 - 00001059 _____ C:\Users\Daniel\Desktop\WinSCP.lnk
2015-11-19 11:56 - 2015-09-20 21:58 - 00000000 ____D C:\Program Files (x86)\WinSCP
2015-11-19 11:26 - 2015-10-13 08:38 - 00000000 ____D C:\Users\Daniel\Desktop\voip
2015-11-18 22:38 - 2015-09-02 09:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-17 23:42 - 2015-10-02 10:42 - 00000000 ____D C:\Users\Daniel\Desktop\vpzma zapisek
2015-11-17 17:20 - 2015-09-02 22:11 - 00000000 ____D C:\Users\Daniel\AppData\Local\Steam
2015-11-17 07:27 - 2015-07-23 03:02 - 11228816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-11-16 04:54 - 2015-07-23 03:02 - 18487360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-11-16 04:54 - 2015-07-23 03:02 - 00539464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-11-16 04:54 - 2015-07-23 03:02 - 00445400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-11-16 04:54 - 2015-07-23 03:02 - 00177600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-11-16 04:54 - 2015-07-23 03:02 - 00155792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-11-16 04:54 - 2015-07-23 03:02 - 00034494 _____ C:\WINDOWS\system32\nvinfo.pb
2015-11-16 04:54 - 2015-07-10 12:00 - 00105080 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2015-11-14 21:13 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-14 07:20 - 2015-09-01 20:48 - 06358648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-11-14 07:20 - 2015-09-01 20:48 - 02983216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-11-14 07:20 - 2015-09-01 20:48 - 02554488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-11-14 07:20 - 2015-09-01 20:48 - 00938616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-11-14 07:20 - 2015-09-01 20:48 - 00523384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-11-14 07:20 - 2015-09-01 20:48 - 00385144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-11-14 07:20 - 2015-09-01 20:48 - 00114296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\oemdspif.dll
2015-11-14 07:20 - 2015-09-01 20:48 - 00074872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-11-14 07:20 - 2015-09-01 20:48 - 00062584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-11-11 20:14 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-11 20:13 - 2015-09-05 09:45 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-11 20:10 - 2015-09-05 09:45 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-10 21:05 - 2015-09-02 21:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-10 20:05 - 2015-09-22 07:39 - 00003904 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-10 20:04 - 2015-10-17 21:04 - 05286088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-11-03 19:20 - 2015-10-05 17:35 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 19:20 - 2015-10-05 17:35 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2015-04-14 17:28 - 2015-04-14 17:28 - 0004387 _____ () C:\Users\Daniel\AppData\Roaming\syznI8o9vS
2015-04-20 15:05 - 2015-04-20 15:05 - 1246720 _____ () C:\Users\Daniel\AppData\Roaming\syznI8o9vS.exe
2015-09-20 22:03 - 2015-12-02 19:00 - 0000600 _____ () C:\Users\Daniel\AppData\Roaming\winscp.rnd
2015-09-06 17:43 - 2015-09-06 17:43 - 0029696 _____ () C:\Users\Daniel\AppData\Local\MSGBOX.EXE
2015-10-14 10:40 - 2015-10-14 10:40 - 0000218 _____ () C:\Users\Daniel\AppData\Local\recently-used.xbel
2015-09-02 21:40 - 2015-09-02 21:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\2178.exe
C:\Users\Daniel\AppData\Local\Temp\DivX.Web.Player.Installer__8420_il635.exe
C:\Users\Daniel\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Daniel\AppData\Local\Temp\IQIYIsetup_spl004@kb037.exe
C:\Users\Daniel\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Daniel\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Daniel\AppData\Local\Temp\KMS Windows 8 n 8.1 Activator__9771_il302426.exe
C:\Users\Daniel\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\Daniel\AppData\Local\Temp\PCMgr_AndroidServer.exe
C:\Users\Daniel\AppData\Local\Temp\qqpcmgr_v10.7.16065.215_71643_Silence.exe
C:\Users\Daniel\AppData\Local\Temp\setup3.exe
C:\Users\Daniel\AppData\Local\Temp\sqlite-3.8.2-x86-sqlitejdbc.dll
C:\Users\Daniel\AppData\Local\Temp\sqlite3.dll
C:\Users\Daniel\AppData\Local\Temp\~85B6.exe
C:\Users\Daniel\AppData\Local\Temp\~89FD.exe
C:\Users\Daniel\AppData\Local\Temp\~A7F.exe
C:\Users\Daniel\AppData\Local\Temp\~F35C.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-23 20:20
==================== End of FRST.txt ============================
Log addiction: http://leteckaposta.cz/660268803
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Čínský malware
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Čínský malware
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Čínský malware
# AdwCleaner v5.023 - Logfile created 02/12/2015 at 22:40:16
# Updated 30/11/2015 by Xplode
# Database : 2015-11-30.1 [Server]
# Operating system : Windows 10 Education (x64)
# Username : Daniel - DANIEL-LENOVO
# Running from : C:\Users\Daniel\Desktop\adwcleaner_5.023.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
[-] Service Deleted : QQPCRTP
[-] Service Deleted : TAOAccelerator
[-] Service Deleted : TSDefenseBt
[-] Service Deleted : TSSysKit
[-] Service Deleted : QMUdisk
[-] Service Deleted : QQSysMonX64
[-] Service Deleted : TSCPM
[-] Service Deleted : TFsFlt
[-] Service Deleted : TAOFrame
[!] Service Not Deleted : TAOKernelDriver
***** [ Folders ] *****
[-] Folder Deleted : C:\IQIYI Video
[#] Folder Deleted : C:\Program Files (x86)\tencent
[-] Folder Deleted : C:\Program Files (x86)\Common Files\tencent
[#] Folder Deleted : C:\Program Files\Common Files\tencent
[-] Folder Deleted : C:\ProgramData\IQIYI Video
[#] Folder Deleted : C:\ProgramData\tencent
[-] Folder Deleted : C:\ProgramData\TXQMPC
[-] Folder Deleted : C:\Users\Daniel\AppData\Local\SysassistByHotWheel
[-] Folder Deleted : C:\Users\Daniel\AppData\Local\Temp\tencent
[-] Folder Deleted : C:\Users\Daniel\AppData\Roaming\IQIYI Video
[#] Folder Deleted : C:\Users\Daniel\AppData\Roaming\tencent
[-] Folder Deleted : C:\Users\Daniel\AppData\Roaming\ppslog
[-] Folder Deleted : C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
[-] Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\tencent
***** [ Files ] *****
[-] File Deleted : C:\Users\Daniel\AppData\Local\Temp\task.vbs
[-] File Deleted : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\xu00lnfi.default\invalidprefs.js
[-] File Deleted : C:\Users\Daniel\Desktop\PPS游戏大厅.lnk
[-] File Deleted : C:\Users\Daniel\Desktop\全网影视.lnk
[-] File Deleted : C:\WINDOWS\SysNative\drivers\TAOAccelerator64.sys
[-] File Deleted : C:\WINDOWS\SysNative\drivers\TAOKernel64.sys
[-] File Deleted : C:\WINDOWS\SysNative\drivers\TFsFltX64.sys
[-] File Deleted : C:\WINDOWS\SysWOW64\drivers\TsFltMgr.sys
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\METNSD
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
[-] Key Deleted : HKCU\Software\MozillaPlugins\@iqiyi.com/npWebPlayer
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@iqiyi.com/npWebPlayer
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@iqiyi.com/npclient
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [HCDNClient]
[-] Key Deleted : HKLM\SOFTWARE\Classes\qygameclient
[-] Key Deleted : HKLM\SOFTWARE\Classes\HCDNProxy
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@qq.com/QQPCMgr
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [apphide]
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\GEEPLAYER.DIR
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\APPLICATIONS\GEEPLAYER.EXE
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PPStream.exe
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ QQPCTray]
[-] Key Deleted : HKLM\SOFTWARE\Classes\Crossbrowse
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\GeePlayer.exe
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\dream.capture.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\dream.capture
[-] Value Deleted : HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [QyBrowser.exe]
[-] Value Deleted : HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [QyClient.exe]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{307B3CDB-9EE3-4137-9D18-F9AD6537ECEB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CF3CDEFB-31BE-43AE-B064-B9C62C883259}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{117270FA-48AC-45BB-9171-B63D1B42A910}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B6360BD3-5CD0-40D3-BD87-DAFF37889F50}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E1D75F62-CBBD-45C7-9D1D-6B5ECEC2E006}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{444785F1-DE89-4295-863A-D46C3A781394}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{444785F1-DE89-4295-863A-D46C3A781394}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6BE0FB-8B18-4DFC-959F-233651CC4D7F}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAC94FEE-45B4-4FD4-9EEA-D8978EC96C6E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5CD76C57-6893-478A-B776-47E7C82504BE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CBDECEF7-7A29-4CBF-A009-2673D82C7BF9}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKCU\Software\QyGameClient
[-] Key Deleted : HKCU\Software\PPStream
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IQIYI Video
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PPStream
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GeePlayer
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4C4396A8-6F7A-4786-9ED6-0B9225862E57}
[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tab]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\reimagenetwork.com
***** [ Web browsers ] *****
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [11622 bytes] ##########
# Updated 30/11/2015 by Xplode
# Database : 2015-11-30.1 [Server]
# Operating system : Windows 10 Education (x64)
# Username : Daniel - DANIEL-LENOVO
# Running from : C:\Users\Daniel\Desktop\adwcleaner_5.023.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
[-] Service Deleted : QQPCRTP
[-] Service Deleted : TAOAccelerator
[-] Service Deleted : TSDefenseBt
[-] Service Deleted : TSSysKit
[-] Service Deleted : QMUdisk
[-] Service Deleted : QQSysMonX64
[-] Service Deleted : TSCPM
[-] Service Deleted : TFsFlt
[-] Service Deleted : TAOFrame
[!] Service Not Deleted : TAOKernelDriver
***** [ Folders ] *****
[-] Folder Deleted : C:\IQIYI Video
[#] Folder Deleted : C:\Program Files (x86)\tencent
[-] Folder Deleted : C:\Program Files (x86)\Common Files\tencent
[#] Folder Deleted : C:\Program Files\Common Files\tencent
[-] Folder Deleted : C:\ProgramData\IQIYI Video
[#] Folder Deleted : C:\ProgramData\tencent
[-] Folder Deleted : C:\ProgramData\TXQMPC
[-] Folder Deleted : C:\Users\Daniel\AppData\Local\SysassistByHotWheel
[-] Folder Deleted : C:\Users\Daniel\AppData\Local\Temp\tencent
[-] Folder Deleted : C:\Users\Daniel\AppData\Roaming\IQIYI Video
[#] Folder Deleted : C:\Users\Daniel\AppData\Roaming\tencent
[-] Folder Deleted : C:\Users\Daniel\AppData\Roaming\ppslog
[-] Folder Deleted : C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
[-] Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\tencent
***** [ Files ] *****
[-] File Deleted : C:\Users\Daniel\AppData\Local\Temp\task.vbs
[-] File Deleted : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\xu00lnfi.default\invalidprefs.js
[-] File Deleted : C:\Users\Daniel\Desktop\PPS游戏大厅.lnk
[-] File Deleted : C:\Users\Daniel\Desktop\全网影视.lnk
[-] File Deleted : C:\WINDOWS\SysNative\drivers\TAOAccelerator64.sys
[-] File Deleted : C:\WINDOWS\SysNative\drivers\TAOKernel64.sys
[-] File Deleted : C:\WINDOWS\SysNative\drivers\TFsFltX64.sys
[-] File Deleted : C:\WINDOWS\SysWOW64\drivers\TsFltMgr.sys
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\METNSD
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
[-] Key Deleted : HKCU\Software\MozillaPlugins\@iqiyi.com/npWebPlayer
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@iqiyi.com/npWebPlayer
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@iqiyi.com/npclient
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [HCDNClient]
[-] Key Deleted : HKLM\SOFTWARE\Classes\qygameclient
[-] Key Deleted : HKLM\SOFTWARE\Classes\HCDNProxy
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@qq.com/QQPCMgr
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [apphide]
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\GEEPLAYER.DIR
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\APPLICATIONS\GEEPLAYER.EXE
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PPStream.exe
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ QQPCTray]
[-] Key Deleted : HKLM\SOFTWARE\Classes\Crossbrowse
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\GeePlayer.exe
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\dream.capture.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\dream.capture
[-] Value Deleted : HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [QyBrowser.exe]
[-] Value Deleted : HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [QyClient.exe]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{307B3CDB-9EE3-4137-9D18-F9AD6537ECEB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CF3CDEFB-31BE-43AE-B064-B9C62C883259}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{117270FA-48AC-45BB-9171-B63D1B42A910}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B6360BD3-5CD0-40D3-BD87-DAFF37889F50}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E1D75F62-CBBD-45C7-9D1D-6B5ECEC2E006}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{444785F1-DE89-4295-863A-D46C3A781394}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{444785F1-DE89-4295-863A-D46C3A781394}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6BE0FB-8B18-4DFC-959F-233651CC4D7F}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAC94FEE-45B4-4FD4-9EEA-D8978EC96C6E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5CD76C57-6893-478A-B776-47E7C82504BE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CBDECEF7-7A29-4CBF-A009-2673D82C7BF9}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKCU\Software\QyGameClient
[-] Key Deleted : HKCU\Software\PPStream
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IQIYI Video
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PPStream
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GeePlayer
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4C4396A8-6F7A-4786-9ED6-0B9225862E57}
[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tab]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\reimagenetwork.com
***** [ Web browsers ] *****
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [11622 bytes] ##########
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Čínský malware
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Čínský malware
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015
Ran by Daniel (administrator) on DANIEL-LENOVO (02-12-2015 22:51:59)
Running from C:\Users\Daniel\Desktop
Loaded Profiles: Daniel (Available Profiles: Daniel)
Platform: Windows 10 Education (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16565_none_1162030161f5c19b\TiWorker.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3743648 2015-09-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2015-10-11] (Pixart Imaging Inc)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2757424 2015-11-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [561672 2015-06-12] (Vimicro)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [SafeQClient] => C:\Program Files (x86)\SafeQ\SafeQ_cli.exe [493056 2015-11-02] (VŠB-TU Ostrava)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3011152 2015-11-10] (Valve Corporation)
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Daniel\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Daniel\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\Run: [GSplay.exe] => C:\Users\Daniel\Desktop\GSplay.exe
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\Run: [NIRegistrationWizard] => C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe [847000 2013-04-19] ()
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\MountPoints2: {1dbc3f99-8472-11e5-9bd5-b888e373a893} - "E:\LG_PC_Programs.exe"
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\MountPoints2: {9927f19a-7030-11e5-9bd0-b888e373a893} - "E:\autorun.exe"
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177600 2015-11-16] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155792 2015-11-16] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk [2015-11-24]
ShortcutTarget: NI Error Reporting.lnk -> C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512 2014-06-06] (National Instruments Corporation)
Winsock: Catalog5-x64 07 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560 2014-06-06] (National Instruments Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 10.0.1.1
Tcpip\..\Interfaces\{952e9e30-7837-4bd5-b7ce-835e1409f774}: [DhcpNameServer] 10.0.0.1 10.0.1.1
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://windows.microsoft.com/cs-cz/hotmail/home?ocid=iehp
SearchScopes: HKU\S-1-5-21-2161712444-3510936251-563553130-1001 -> {069202F1-27FC-4601-A5CA-41F878F17CB4} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2161712444-3510936251-563553130-1001 -> {0D95C45A-4BB5-40A8-AAC6-45A9A2CA3FDC} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2161712444-3510936251-563553130-1001 -> {17871175-3CF6-4B2C-94D8-C8E87473DBBA} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2161712444-3510936251-563553130-1001 -> {1C10EE84-0FDE-4C21-92AA-A8E14B148BF1} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2161712444-3510936251-563553130-1001 -> {9BF95EE0-8409-4BE3-8C75-761AB9324909} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2161712444-3510936251-563553130-1001 -> {A1FBF928-091F-4EA8-BD03-00673561F5CD} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_16194
SearchScopes: HKU\S-1-5-21-2161712444-3510936251-563553130-1001 -> {BE5B2B07-E2DB-4C66-9A79-AA1CDA6D160B} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_16194
SearchScopes: HKU\S-1-5-21-2161712444-3510936251-563553130-1001 -> {CE5AAD91-AB43-45DC-94F4-1C9C48ADDEF3} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_16194
SearchScopes: HKU\S-1-5-21-2161712444-3510936251-563553130-1001 -> {E5F225C3-804F-47D5-81B9-AB6A482B2607} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_16194
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-23] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-23] (Oracle Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\xu00lnfi.default
FF Homepage: hxxps://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll [No File]
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2161712444-3510936251-563553130-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Daniel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2014win32.dll [2015-04-30] (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2015win32.dll [2015-06-17] (National Instruments)
FF Extension: Adblock Plus - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\xu00lnfi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-25]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [135072 2015-09-05] (ELAN Microelectronics Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-11-16] (NVIDIA Corporation)
R2 LkCitadelServer; C:\WINDOWS\SysWOW64\lkcitdl.exe [695136 2014-08-07] (National Instruments, Inc.)
R2 lkClassAds; C:\WINDOWS\SysWOW64\lkads.exe [53544 2015-06-01] (National Instruments Corporation)
R2 lkTimeSync; C:\WINDOWS\SysWOW64\lktsrv.exe [63792 2015-06-01] (National Instruments Corporation)
R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [84792 2015-06-12] (National Instruments Corporation)
R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57184 2015-06-03] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [80736 2015-06-03] (National Instruments Corporation)
R2 niauth; C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe [571712 2015-06-02] (National Instruments Corporation)
R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [399152 2015-06-01] (National Instruments Corporation)
S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [320368 2014-06-06] (National Instruments Corporation)
R2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [177024 2015-06-12] (National Instruments Corporation)
R2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [89928 2015-06-02] (National Instruments Corporation)
R2 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57168 2015-06-03] (National Instruments Corporation)
R2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [703304 2015-06-11] (National Instruments Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-16] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8133424 2015-11-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5915440 2015-11-16] (NVIDIA Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7593176 2015-07-10] (Broadcom Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-10-13] (Disc Soft Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-11-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-11-16] (NVIDIA Corporation)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410848 2015-09-02] (Realsil Semiconductor Corporation)
R1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16924.223\softaal64.sys [35128 2015-12-02] (Tencent)
U4 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2015-12-02] (电脑管家)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-09-07] ()
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2015-10-11] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [802312 2015-06-12] (Vimicro Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U4 QQSysMonX64; no ImagePath
S1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16924.223\TSDefenseBT64.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-02 22:51 - 2015-12-02 22:51 - 00020315 _____ C:\Users\Daniel\Desktop\FRST.txt
2015-12-02 22:43 - 2015-12-02 22:43 - 00016148 _____ C:\WINDOWS\system32\DANIEL-LENOVO_Daniel_HistoryPrediction.bin
2015-12-02 22:41 - 2015-12-02 22:41 - 00000000 ____D C:\ProgramData\TXQMPC
2015-12-02 22:37 - 2015-12-02 22:37 - 01736704 _____ C:\Users\Daniel\Desktop\adwcleaner_5.023.exe
2015-12-02 22:19 - 2015-12-02 22:19 - 00005120 _____ C:\Users\Daniel\AppData\Roaming\GiftBag.db
2015-12-02 22:10 - 2015-12-02 22:10 - 02350080 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2015-12-02 21:59 - 2015-12-02 21:59 - 00087864 ____N (电脑管家) C:\WINDOWS\system32\Drivers\TFsFltX64.sys
2015-12-02 21:58 - 2015-12-02 22:42 - 00000000 ____D C:\ProgramData\Tencent
2015-12-02 21:58 - 2015-12-02 21:58 - 00000000 ____D C:\Program Files (x86)\Tencent
2015-12-02 21:15 - 2015-12-02 21:15 - 00000000 ____D C:\Users\Daniel\.android
2015-12-02 21:14 - 2015-12-02 21:14 - 00000000 ____D C:\Users\Daniel\AppData\LocalLow\VirtualStore
2015-12-02 21:14 - 2015-12-02 21:14 - 00000000 ____D C:\Users\Daniel\AppData\LocalLow\Unity
2015-12-02 21:14 - 2015-12-02 21:14 - 00000000 ____D C:\Users\Daniel\AppData\Local\Unity
2015-12-02 21:13 - 2015-12-02 21:13 - 00000000 ____D C:\Users\Public\QiYi
2015-12-02 21:11 - 2015-12-02 21:11 - 00000000 ____D C:\Program Files (x86)\baidu
2015-12-02 18:18 - 2015-12-02 18:18 - 00858072 _____ C:\Users\Daniel\Desktop\mtlk.rar
2015-12-01 13:19 - 2015-12-01 13:19 - 00001085 _____ C:\Users\Daniel\Desktop\SafeQClient.lnk
2015-12-01 11:48 - 2015-12-01 11:48 - 01246406 _____ C:\Users\Daniel\Desktop\FKPIT-Projekt-č.1-zadaní-13.-Hodnocení-95-bodů-chyba-v-grafu-so-02.11.2015.rar
2015-11-30 11:14 - 2015-11-30 11:14 - 00000042 _____ C:\Users\Daniel\Desktop\vyplata listopad.txt
2015-11-28 22:19 - 2014-12-02 03:10 - 00971844 _____ C:\Users\Daniel\Desktop\Integrály komplet.pdf
2015-11-27 13:09 - 2015-11-24 11:18 - 00001153 _____ C:\Users\Daniel\Desktop\NI LabVIEW 2015 (32-bit).lnk
2015-11-27 12:44 - 2015-11-27 12:44 - 00680150 _____ C:\Users\Daniel\Desktop\Zadání semestrálního projektu MTLK.pdf
2015-11-25 17:31 - 2015-11-25 17:32 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-24 11:50 - 2015-11-24 11:50 - 00000000 ____D C:\Users\Public\Documents\National Instruments
2015-11-24 11:47 - 2015-11-24 11:47 - 00000000 ____D C:\National Instruments Downloads
2015-11-24 11:39 - 2015-12-01 21:16 - 00000000 ____D C:\Users\Daniel\Documents\LabVIEW Data
2015-11-24 11:31 - 2015-11-24 11:52 - 00003382 _____ C:\WINDOWS\System32\Tasks\NIUpdateServiceStartupTask
2015-11-24 11:31 - 2015-11-24 11:31 - 00000000 ____D C:\Users\Daniel\AppData\Local\National Instruments
2015-11-24 11:27 - 2015-11-24 12:45 - 00000000 ____D C:\ProgramData\JKI
2015-11-24 11:27 - 2015-11-24 11:27 - 00004146 _____ C:\WINDOWS\System32\Tasks\JKIUpdateTask
2015-11-24 11:27 - 2015-11-24 11:27 - 00001253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VI Package Manager.lnk
2015-11-24 11:27 - 2015-11-24 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JKI
2015-11-24 11:27 - 2015-11-24 11:27 - 00000000 ____D C:\Program Files (x86)\JKI
2015-11-24 11:26 - 2015-11-24 11:26 - 00000000 ____D C:\Program Files\Common Files\OPC Foundation
2015-11-24 11:24 - 2015-11-24 11:24 - 00001188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NI MAX.lnk
2015-11-24 11:18 - 2015-11-24 11:18 - 00001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NI LabVIEW 2015 (32-bit).lnk
2015-11-24 11:15 - 2015-11-24 11:15 - 00000132 _____ C:\WINDOWS\ODBC.INI
2015-11-24 11:14 - 2015-11-24 11:14 - 00000000 ____D C:\WINDOWS\SysWOW64\cvirte
2015-11-24 11:14 - 2015-11-24 11:14 - 00000000 ____D C:\WINDOWS\system32\cvirte
2015-11-24 11:13 - 2015-11-24 11:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Instruments
2015-11-24 11:13 - 2015-11-24 11:50 - 00000000 ____D C:\Program Files\National Instruments
2015-11-24 11:13 - 2015-11-24 11:13 - 00001439 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NI Launcher.lnk
2015-11-24 11:12 - 2015-11-24 11:50 - 00000000 ____D C:\Program Files (x86)\National Instruments
2015-11-24 11:09 - 2015-11-24 11:39 - 00000000 ____D C:\ProgramData\National Instruments
2015-11-24 10:47 - 2015-11-24 11:03 - 00000000 ____D C:\Program Files (x86)\LW
2015-11-21 12:08 - 2015-11-21 12:08 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2015-11-20 18:24 - 2015-11-20 18:24 - 00321152 _____ C:\WINDOWS\Minidump\112015-54046-01.dmp
2015-11-20 17:49 - 2015-11-20 17:50 - 00000000 ____D C:\Users\Daniel\AppData\Local\NVIDIA
2015-11-20 17:49 - 2015-11-20 17:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-11-20 17:49 - 2015-11-16 04:54 - 01828160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-11-20 17:49 - 2015-11-16 04:54 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-11-20 17:49 - 2015-11-16 04:54 - 01509824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-11-20 17:49 - 2015-11-16 04:54 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-11-20 17:49 - 2015-11-16 04:54 - 00112712 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2015-11-20 17:48 - 2015-11-20 17:48 - 00000000 ____D C:\Users\Daniel\AppData\Local\NVIDIA Corporation
2015-11-20 17:47 - 2015-11-20 17:47 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2015-11-20 17:47 - 2015-11-20 17:47 - 00000000 ____D C:\WINDOWS\system32\NV
2015-11-20 17:46 - 2015-11-16 04:54 - 00112944 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-11-20 17:45 - 2015-11-20 17:46 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-11-20 17:43 - 2015-11-20 17:43 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-20 17:41 - 2015-11-17 07:27 - 00040264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2015-11-20 17:41 - 2015-11-16 04:54 - 42913912 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 37881976 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 22345848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 18390832 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 16561320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 15933400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 15839200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 14844112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 13533608 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 12870192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 12040952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 03540544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 03126800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 02876536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 02496632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 01905456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435900.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 01564792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435900.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 00877688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 00861816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 00689784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 00674096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 00151184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 00072504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 00069416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 00050472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-11-20 16:07 - 2015-11-20 16:07 - 00000810 _____ C:\Users\Daniel\Desktop\editor – zástupce.lnk
2015-11-19 19:45 - 2015-11-19 19:45 - 00001738 _____ C:\Users\Daniel\Desktop\EXCEL – zástupce.lnk
2015-11-18 10:09 - 2015-11-18 10:09 - 00000652 _____ C:\WINDOWS\setting.ini
2015-11-18 10:09 - 2015-11-18 10:09 - 00000158 _____ C:\WINDOWS\system32\ricdb.ini
2015-11-18 10:09 - 2015-11-18 10:09 - 00000141 _____ C:\WINDOWS\setting1.ini
2015-11-18 10:09 - 2015-11-18 10:09 - 00000000 ____D C:\Users\Daniel\AppData\Local\TempDIR
2015-11-18 10:09 - 2015-11-18 10:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SafeQClient
2015-11-18 10:09 - 2015-11-18 10:09 - 00000000 ____D C:\Program Files (x86)\SafeQ
2015-11-17 17:15 - 2015-11-21 00:54 - 00000000 ____D C:\Users\Daniel\Desktop\foto netřiděne
2015-11-15 12:31 - 2015-11-16 19:32 - 00919040 _____ (Farbar) C:\WINDOWS\mod_frst.exe
2015-11-10 20:20 - 2015-11-05 06:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 20:20 - 2015-11-05 06:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-10 20:20 - 2015-11-05 06:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-10 20:20 - 2015-11-05 06:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-10 20:20 - 2015-11-05 06:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-10 20:20 - 2015-11-05 06:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-10 20:20 - 2015-11-05 06:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-10 20:20 - 2015-11-05 06:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-10 20:20 - 2015-11-05 05:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-10 20:20 - 2015-11-05 05:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-10 20:20 - 2015-11-05 05:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-10 20:20 - 2015-11-05 05:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-10 20:20 - 2015-11-05 05:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-10 20:20 - 2015-11-05 05:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-10 20:20 - 2015-11-05 05:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-10 20:20 - 2015-11-05 05:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-10 20:20 - 2015-11-05 05:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-10 20:20 - 2015-11-05 05:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-10 20:20 - 2015-11-05 05:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-10 20:20 - 2015-11-05 05:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-10 20:20 - 2015-11-05 05:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-10 20:20 - 2015-11-05 05:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-10 20:20 - 2015-11-05 05:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-10 20:20 - 2015-11-05 05:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-10 20:20 - 2015-11-05 05:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-10 20:20 - 2015-11-05 05:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-10 20:20 - 2015-11-05 05:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-10 20:20 - 2015-11-05 05:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-10 20:20 - 2015-11-05 05:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-10 20:20 - 2015-11-05 05:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-10 20:20 - 2015-11-05 05:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-10 20:20 - 2015-11-05 05:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-10 20:20 - 2015-11-05 05:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-10 20:20 - 2015-11-05 04:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-10 20:20 - 2015-11-05 04:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-10 20:20 - 2015-11-05 04:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-10 20:20 - 2015-11-05 04:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-10 20:20 - 2015-11-05 04:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-10 20:20 - 2015-11-05 04:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-10 20:20 - 2015-11-05 04:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-10 20:20 - 2015-11-05 04:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-10 20:20 - 2015-11-05 04:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-10 20:20 - 2015-11-05 04:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-10 20:20 - 2015-11-05 04:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-10 20:20 - 2015-11-05 04:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-10 20:20 - 2015-11-05 04:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-10 20:20 - 2015-11-05 04:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-10 20:20 - 2015-11-05 04:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-10 20:20 - 2015-11-05 04:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-10 20:20 - 2015-11-05 04:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-10 20:20 - 2015-11-05 04:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-10 20:20 - 2015-11-05 04:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-10 20:20 - 2015-11-05 04:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-10 09:48 - 2015-12-01 20:04 - 00000000 ____D C:\Users\Daniel\Desktop\OK1
2015-11-10 09:46 - 2015-11-28 15:10 - 00000000 ____D C:\Users\Daniel\Desktop\RS2
2015-11-05 11:09 - 2015-11-24 11:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-02 22:51 - 2015-09-06 17:44 - 00000000 ____D C:\FRST
2015-12-02 22:44 - 2015-09-14 07:35 - 00000000 ___RD C:\Users\Daniel\Disk Google
2015-12-02 22:44 - 2015-09-14 07:33 - 00000988 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-02 22:43 - 2015-09-14 07:33 - 00000984 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-02 22:42 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-02 22:42 - 2015-07-10 13:20 - 00280744 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-02 22:41 - 2015-07-10 10:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-12-02 22:40 - 2015-09-07 21:42 - 00000000 ____D C:\AdwCleaner
2015-12-02 22:14 - 2015-07-10 10:05 - 00000000 ____D C:\Windows
2015-12-02 22:04 - 2015-09-22 07:39 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-02 21:59 - 2015-09-01 22:48 - 00000000 ____D C:\Users\Daniel\AppData\Local\VirtualStore
2015-12-02 21:37 - 2015-09-02 21:55 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-02 21:15 - 2015-09-01 22:48 - 00000000 ____D C:\Users\Daniel
2015-12-02 19:00 - 2015-09-20 22:03 - 00000600 _____ C:\Users\Daniel\AppData\Roaming\winscp.rnd
2015-12-02 18:52 - 2015-09-02 22:26 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\TS3Client
2015-12-02 18:28 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-01 13:51 - 2015-09-02 22:24 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype
2015-11-30 23:18 - 2015-09-17 13:49 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\vlc
2015-11-30 17:29 - 2015-09-11 13:13 - 00000000 ____D C:\Users\Daniel\AppData\Local\CrashDumps
2015-11-29 22:30 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-28 23:27 - 2015-09-01 20:59 - 01762290 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-28 23:27 - 2015-07-10 17:01 - 00746648 _____ C:\WINDOWS\system32\perfh005.dat
2015-11-28 23:27 - 2015-07-10 17:01 - 00149550 _____ C:\WINDOWS\system32\perfc005.dat
2015-11-28 23:27 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\INF
2015-11-28 21:50 - 2015-09-14 07:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-11-27 11:05 - 2015-09-03 20:08 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-25 17:36 - 2015-09-01 21:42 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-23 19:48 - 2015-09-20 11:38 - 00000000 ____D C:\ProgramData\Oracle
2015-11-23 19:48 - 2015-09-20 11:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-23 19:48 - 2015-09-20 11:38 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-23 19:47 - 2015-09-20 11:38 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-11-23 19:47 - 2015-09-20 11:38 - 00000000 ____D C:\Users\Daniel\.oracle_jre_usage
2015-11-21 23:02 - 2015-09-02 22:24 - 00000000 ____D C:\ProgramData\Skype
2015-11-20 18:24 - 2015-10-17 20:45 - 556521389 _____ C:\WINDOWS\MEMORY.DMP
2015-11-20 18:24 - 2015-10-17 20:45 - 00000000 ____D C:\WINDOWS\Minidump
2015-11-20 17:49 - 2015-09-01 20:47 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-11-20 17:49 - 2015-09-01 20:47 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-11-20 17:49 - 2015-09-01 20:47 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-11-20 17:47 - 2015-09-01 20:48 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-20 16:49 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-20 16:45 - 2014-12-07 21:54 - 00000000 ____D C:\NVIDIA
2015-11-20 12:12 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache
2015-11-19 11:56 - 2015-09-20 21:58 - 00001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2015-11-19 11:56 - 2015-09-20 21:58 - 00001059 _____ C:\Users\Daniel\Desktop\WinSCP.lnk
2015-11-19 11:56 - 2015-09-20 21:58 - 00000000 ____D C:\Program Files (x86)\WinSCP
2015-11-19 11:26 - 2015-10-13 08:38 - 00000000 ____D C:\Users\Daniel\Desktop\voip
2015-11-18 22:38 - 2015-09-02 09:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-17 23:42 - 2015-10-02 10:42 - 00000000 ____D C:\Users\Daniel\Desktop\vpzma zapisek
2015-11-17 17:20 - 2015-09-02 22:11 - 00000000 ____D C:\Users\Daniel\AppData\Local\Steam
2015-11-17 07:27 - 2015-07-23 03:02 - 11228816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-11-16 04:54 - 2015-07-23 03:02 - 18487360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-11-16 04:54 - 2015-07-23 03:02 - 00539464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-11-16 04:54 - 2015-07-23 03:02 - 00445400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-11-16 04:54 - 2015-07-23 03:02 - 00177600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-11-16 04:54 - 2015-07-23 03:02 - 00155792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-11-16 04:54 - 2015-07-23 03:02 - 00034494 _____ C:\WINDOWS\system32\nvinfo.pb
2015-11-16 04:54 - 2015-07-10 12:00 - 00105080 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2015-11-14 21:13 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-14 07:20 - 2015-09-01 20:48 - 06358648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-11-14 07:20 - 2015-09-01 20:48 - 02983216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-11-14 07:20 - 2015-09-01 20:48 - 02554488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-11-14 07:20 - 2015-09-01 20:48 - 00938616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-11-14 07:20 - 2015-09-01 20:48 - 00523384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-11-14 07:20 - 2015-09-01 20:48 - 00385144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-11-14 07:20 - 2015-09-01 20:48 - 00114296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\oemdspif.dll
2015-11-14 07:20 - 2015-09-01 20:48 - 00074872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-11-14 07:20 - 2015-09-01 20:48 - 00062584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-11-11 20:14 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-11 20:13 - 2015-09-05 09:45 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-11 20:10 - 2015-09-05 09:45 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-10 21:05 - 2015-09-02 21:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-10 20:05 - 2015-09-22 07:39 - 00003904 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-10 20:04 - 2015-10-17 21:04 - 05286088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-11-03 19:20 - 2015-10-05 17:35 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 19:20 - 2015-10-05 17:35 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2015-12-02 22:19 - 2015-12-02 22:19 - 0005120 _____ () C:\Users\Daniel\AppData\Roaming\GiftBag.db
2015-04-14 17:28 - 2015-04-14 17:28 - 0004387 _____ () C:\Users\Daniel\AppData\Roaming\syznI8o9vS
2015-04-20 15:05 - 2015-04-20 15:05 - 1246720 _____ () C:\Users\Daniel\AppData\Roaming\syznI8o9vS.exe
2015-09-20 22:03 - 2015-12-02 19:00 - 0000600 _____ () C:\Users\Daniel\AppData\Roaming\winscp.rnd
2015-09-06 17:43 - 2015-09-06 17:43 - 0029696 _____ () C:\Users\Daniel\AppData\Local\MSGBOX.EXE
2015-10-14 10:40 - 2015-10-14 10:40 - 0000218 _____ () C:\Users\Daniel\AppData\Local\recently-used.xbel
2015-09-02 21:40 - 2015-09-02 21:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\2178.exe
C:\Users\Daniel\AppData\Local\Temp\DivX.Web.Player.Installer__8420_il635.exe
C:\Users\Daniel\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Daniel\AppData\Local\Temp\IQIYIsetup_spl004@kb037.exe
C:\Users\Daniel\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Daniel\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Daniel\AppData\Local\Temp\KMS Windows 8 n 8.1 Activator__9771_il302426.exe
C:\Users\Daniel\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\Daniel\AppData\Local\Temp\PCMgr_AndroidServer.exe
C:\Users\Daniel\AppData\Local\Temp\PCMgr_Setup_11_1_16924_223.exe
C:\Users\Daniel\AppData\Local\Temp\qqpcmgr_v10.7.16065.215_71643_Silence.exe
C:\Users\Daniel\AppData\Local\Temp\setup3.exe
C:\Users\Daniel\AppData\Local\Temp\sqlite-3.8.2-x86-sqlitejdbc.dll
C:\Users\Daniel\AppData\Local\Temp\sqlite3.dll
C:\Users\Daniel\AppData\Local\Temp\~85B6.exe
C:\Users\Daniel\AppData\Local\Temp\~89FD.exe
C:\Users\Daniel\AppData\Local\Temp\~A7F.exe
C:\Users\Daniel\AppData\Local\Temp\~F35C.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-23 20:20
==================== End of FRST.txt ============================
Ran by Daniel (administrator) on DANIEL-LENOVO (02-12-2015 22:51:59)
Running from C:\Users\Daniel\Desktop
Loaded Profiles: Daniel (Available Profiles: Daniel)
Platform: Windows 10 Education (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16565_none_1162030161f5c19b\TiWorker.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3743648 2015-09-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2015-10-11] (Pixart Imaging Inc)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2757424 2015-11-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [561672 2015-06-12] (Vimicro)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [SafeQClient] => C:\Program Files (x86)\SafeQ\SafeQ_cli.exe [493056 2015-11-02] (VŠB-TU Ostrava)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3011152 2015-11-10] (Valve Corporation)
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Daniel\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Daniel\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\Run: [GSplay.exe] => C:\Users\Daniel\Desktop\GSplay.exe
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\Run: [NIRegistrationWizard] => C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe [847000 2013-04-19] ()
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\MountPoints2: {1dbc3f99-8472-11e5-9bd5-b888e373a893} - "E:\LG_PC_Programs.exe"
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\MountPoints2: {9927f19a-7030-11e5-9bd0-b888e373a893} - "E:\autorun.exe"
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177600 2015-11-16] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155792 2015-11-16] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk [2015-11-24]
ShortcutTarget: NI Error Reporting.lnk -> C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512 2014-06-06] (National Instruments Corporation)
Winsock: Catalog5-x64 07 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560 2014-06-06] (National Instruments Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 10.0.1.1
Tcpip\..\Interfaces\{952e9e30-7837-4bd5-b7ce-835e1409f774}: [DhcpNameServer] 10.0.0.1 10.0.1.1
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://windows.microsoft.com/cs-cz/hotmail/home?ocid=iehp
SearchScopes: HKU\S-1-5-21-2161712444-3510936251-563553130-1001 -> {069202F1-27FC-4601-A5CA-41F878F17CB4} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2161712444-3510936251-563553130-1001 -> {0D95C45A-4BB5-40A8-AAC6-45A9A2CA3FDC} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2161712444-3510936251-563553130-1001 -> {17871175-3CF6-4B2C-94D8-C8E87473DBBA} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2161712444-3510936251-563553130-1001 -> {1C10EE84-0FDE-4C21-92AA-A8E14B148BF1} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2161712444-3510936251-563553130-1001 -> {9BF95EE0-8409-4BE3-8C75-761AB9324909} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2161712444-3510936251-563553130-1001 -> {A1FBF928-091F-4EA8-BD03-00673561F5CD} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_16194
SearchScopes: HKU\S-1-5-21-2161712444-3510936251-563553130-1001 -> {BE5B2B07-E2DB-4C66-9A79-AA1CDA6D160B} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_16194
SearchScopes: HKU\S-1-5-21-2161712444-3510936251-563553130-1001 -> {CE5AAD91-AB43-45DC-94F4-1C9C48ADDEF3} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_16194
SearchScopes: HKU\S-1-5-21-2161712444-3510936251-563553130-1001 -> {E5F225C3-804F-47D5-81B9-AB6A482B2607} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_16194
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-23] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-23] (Oracle Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\xu00lnfi.default
FF Homepage: hxxps://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll [No File]
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2161712444-3510936251-563553130-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Daniel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2014win32.dll [2015-04-30] (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2015win32.dll [2015-06-17] (National Instruments)
FF Extension: Adblock Plus - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\xu00lnfi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-25]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [135072 2015-09-05] (ELAN Microelectronics Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-11-16] (NVIDIA Corporation)
R2 LkCitadelServer; C:\WINDOWS\SysWOW64\lkcitdl.exe [695136 2014-08-07] (National Instruments, Inc.)
R2 lkClassAds; C:\WINDOWS\SysWOW64\lkads.exe [53544 2015-06-01] (National Instruments Corporation)
R2 lkTimeSync; C:\WINDOWS\SysWOW64\lktsrv.exe [63792 2015-06-01] (National Instruments Corporation)
R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [84792 2015-06-12] (National Instruments Corporation)
R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57184 2015-06-03] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [80736 2015-06-03] (National Instruments Corporation)
R2 niauth; C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe [571712 2015-06-02] (National Instruments Corporation)
R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [399152 2015-06-01] (National Instruments Corporation)
S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [320368 2014-06-06] (National Instruments Corporation)
R2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [177024 2015-06-12] (National Instruments Corporation)
R2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [89928 2015-06-02] (National Instruments Corporation)
R2 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57168 2015-06-03] (National Instruments Corporation)
R2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [703304 2015-06-11] (National Instruments Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-16] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8133424 2015-11-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5915440 2015-11-16] (NVIDIA Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7593176 2015-07-10] (Broadcom Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-10-13] (Disc Soft Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-11-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-11-16] (NVIDIA Corporation)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410848 2015-09-02] (Realsil Semiconductor Corporation)
R1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16924.223\softaal64.sys [35128 2015-12-02] (Tencent)
U4 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2015-12-02] (电脑管家)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-09-07] ()
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2015-10-11] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [802312 2015-06-12] (Vimicro Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U4 QQSysMonX64; no ImagePath
S1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16924.223\TSDefenseBT64.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-02 22:51 - 2015-12-02 22:51 - 00020315 _____ C:\Users\Daniel\Desktop\FRST.txt
2015-12-02 22:43 - 2015-12-02 22:43 - 00016148 _____ C:\WINDOWS\system32\DANIEL-LENOVO_Daniel_HistoryPrediction.bin
2015-12-02 22:41 - 2015-12-02 22:41 - 00000000 ____D C:\ProgramData\TXQMPC
2015-12-02 22:37 - 2015-12-02 22:37 - 01736704 _____ C:\Users\Daniel\Desktop\adwcleaner_5.023.exe
2015-12-02 22:19 - 2015-12-02 22:19 - 00005120 _____ C:\Users\Daniel\AppData\Roaming\GiftBag.db
2015-12-02 22:10 - 2015-12-02 22:10 - 02350080 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2015-12-02 21:59 - 2015-12-02 21:59 - 00087864 ____N (电脑管家) C:\WINDOWS\system32\Drivers\TFsFltX64.sys
2015-12-02 21:58 - 2015-12-02 22:42 - 00000000 ____D C:\ProgramData\Tencent
2015-12-02 21:58 - 2015-12-02 21:58 - 00000000 ____D C:\Program Files (x86)\Tencent
2015-12-02 21:15 - 2015-12-02 21:15 - 00000000 ____D C:\Users\Daniel\.android
2015-12-02 21:14 - 2015-12-02 21:14 - 00000000 ____D C:\Users\Daniel\AppData\LocalLow\VirtualStore
2015-12-02 21:14 - 2015-12-02 21:14 - 00000000 ____D C:\Users\Daniel\AppData\LocalLow\Unity
2015-12-02 21:14 - 2015-12-02 21:14 - 00000000 ____D C:\Users\Daniel\AppData\Local\Unity
2015-12-02 21:13 - 2015-12-02 21:13 - 00000000 ____D C:\Users\Public\QiYi
2015-12-02 21:11 - 2015-12-02 21:11 - 00000000 ____D C:\Program Files (x86)\baidu
2015-12-02 18:18 - 2015-12-02 18:18 - 00858072 _____ C:\Users\Daniel\Desktop\mtlk.rar
2015-12-01 13:19 - 2015-12-01 13:19 - 00001085 _____ C:\Users\Daniel\Desktop\SafeQClient.lnk
2015-12-01 11:48 - 2015-12-01 11:48 - 01246406 _____ C:\Users\Daniel\Desktop\FKPIT-Projekt-č.1-zadaní-13.-Hodnocení-95-bodů-chyba-v-grafu-so-02.11.2015.rar
2015-11-30 11:14 - 2015-11-30 11:14 - 00000042 _____ C:\Users\Daniel\Desktop\vyplata listopad.txt
2015-11-28 22:19 - 2014-12-02 03:10 - 00971844 _____ C:\Users\Daniel\Desktop\Integrály komplet.pdf
2015-11-27 13:09 - 2015-11-24 11:18 - 00001153 _____ C:\Users\Daniel\Desktop\NI LabVIEW 2015 (32-bit).lnk
2015-11-27 12:44 - 2015-11-27 12:44 - 00680150 _____ C:\Users\Daniel\Desktop\Zadání semestrálního projektu MTLK.pdf
2015-11-25 17:31 - 2015-11-25 17:32 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-24 11:50 - 2015-11-24 11:50 - 00000000 ____D C:\Users\Public\Documents\National Instruments
2015-11-24 11:47 - 2015-11-24 11:47 - 00000000 ____D C:\National Instruments Downloads
2015-11-24 11:39 - 2015-12-01 21:16 - 00000000 ____D C:\Users\Daniel\Documents\LabVIEW Data
2015-11-24 11:31 - 2015-11-24 11:52 - 00003382 _____ C:\WINDOWS\System32\Tasks\NIUpdateServiceStartupTask
2015-11-24 11:31 - 2015-11-24 11:31 - 00000000 ____D C:\Users\Daniel\AppData\Local\National Instruments
2015-11-24 11:27 - 2015-11-24 12:45 - 00000000 ____D C:\ProgramData\JKI
2015-11-24 11:27 - 2015-11-24 11:27 - 00004146 _____ C:\WINDOWS\System32\Tasks\JKIUpdateTask
2015-11-24 11:27 - 2015-11-24 11:27 - 00001253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VI Package Manager.lnk
2015-11-24 11:27 - 2015-11-24 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JKI
2015-11-24 11:27 - 2015-11-24 11:27 - 00000000 ____D C:\Program Files (x86)\JKI
2015-11-24 11:26 - 2015-11-24 11:26 - 00000000 ____D C:\Program Files\Common Files\OPC Foundation
2015-11-24 11:24 - 2015-11-24 11:24 - 00001188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NI MAX.lnk
2015-11-24 11:18 - 2015-11-24 11:18 - 00001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NI LabVIEW 2015 (32-bit).lnk
2015-11-24 11:15 - 2015-11-24 11:15 - 00000132 _____ C:\WINDOWS\ODBC.INI
2015-11-24 11:14 - 2015-11-24 11:14 - 00000000 ____D C:\WINDOWS\SysWOW64\cvirte
2015-11-24 11:14 - 2015-11-24 11:14 - 00000000 ____D C:\WINDOWS\system32\cvirte
2015-11-24 11:13 - 2015-11-24 11:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Instruments
2015-11-24 11:13 - 2015-11-24 11:50 - 00000000 ____D C:\Program Files\National Instruments
2015-11-24 11:13 - 2015-11-24 11:13 - 00001439 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NI Launcher.lnk
2015-11-24 11:12 - 2015-11-24 11:50 - 00000000 ____D C:\Program Files (x86)\National Instruments
2015-11-24 11:09 - 2015-11-24 11:39 - 00000000 ____D C:\ProgramData\National Instruments
2015-11-24 10:47 - 2015-11-24 11:03 - 00000000 ____D C:\Program Files (x86)\LW
2015-11-21 12:08 - 2015-11-21 12:08 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2015-11-20 18:24 - 2015-11-20 18:24 - 00321152 _____ C:\WINDOWS\Minidump\112015-54046-01.dmp
2015-11-20 17:49 - 2015-11-20 17:50 - 00000000 ____D C:\Users\Daniel\AppData\Local\NVIDIA
2015-11-20 17:49 - 2015-11-20 17:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-11-20 17:49 - 2015-11-16 04:54 - 01828160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-11-20 17:49 - 2015-11-16 04:54 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-11-20 17:49 - 2015-11-16 04:54 - 01509824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-11-20 17:49 - 2015-11-16 04:54 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-11-20 17:49 - 2015-11-16 04:54 - 00112712 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2015-11-20 17:48 - 2015-11-20 17:48 - 00000000 ____D C:\Users\Daniel\AppData\Local\NVIDIA Corporation
2015-11-20 17:47 - 2015-11-20 17:47 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2015-11-20 17:47 - 2015-11-20 17:47 - 00000000 ____D C:\WINDOWS\system32\NV
2015-11-20 17:46 - 2015-11-16 04:54 - 00112944 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-11-20 17:45 - 2015-11-20 17:46 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-11-20 17:43 - 2015-11-20 17:43 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-20 17:41 - 2015-11-17 07:27 - 00040264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2015-11-20 17:41 - 2015-11-16 04:54 - 42913912 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 37881976 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 22345848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 18390832 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 16561320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 15933400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 15839200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 14844112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 13533608 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 12870192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 12040952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 03540544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 03126800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 02876536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 02496632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 01905456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435900.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 01564792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435900.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 00877688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 00861816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 00689784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 00674096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 00151184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 00072504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 00069416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-11-20 17:41 - 2015-11-16 04:54 - 00050472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-11-20 16:07 - 2015-11-20 16:07 - 00000810 _____ C:\Users\Daniel\Desktop\editor – zástupce.lnk
2015-11-19 19:45 - 2015-11-19 19:45 - 00001738 _____ C:\Users\Daniel\Desktop\EXCEL – zástupce.lnk
2015-11-18 10:09 - 2015-11-18 10:09 - 00000652 _____ C:\WINDOWS\setting.ini
2015-11-18 10:09 - 2015-11-18 10:09 - 00000158 _____ C:\WINDOWS\system32\ricdb.ini
2015-11-18 10:09 - 2015-11-18 10:09 - 00000141 _____ C:\WINDOWS\setting1.ini
2015-11-18 10:09 - 2015-11-18 10:09 - 00000000 ____D C:\Users\Daniel\AppData\Local\TempDIR
2015-11-18 10:09 - 2015-11-18 10:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SafeQClient
2015-11-18 10:09 - 2015-11-18 10:09 - 00000000 ____D C:\Program Files (x86)\SafeQ
2015-11-17 17:15 - 2015-11-21 00:54 - 00000000 ____D C:\Users\Daniel\Desktop\foto netřiděne
2015-11-15 12:31 - 2015-11-16 19:32 - 00919040 _____ (Farbar) C:\WINDOWS\mod_frst.exe
2015-11-10 20:20 - 2015-11-05 06:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 20:20 - 2015-11-05 06:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-10 20:20 - 2015-11-05 06:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-10 20:20 - 2015-11-05 06:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-10 20:20 - 2015-11-05 06:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-10 20:20 - 2015-11-05 06:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-10 20:20 - 2015-11-05 06:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-10 20:20 - 2015-11-05 06:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-10 20:20 - 2015-11-05 05:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-10 20:20 - 2015-11-05 05:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-10 20:20 - 2015-11-05 05:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-10 20:20 - 2015-11-05 05:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-10 20:20 - 2015-11-05 05:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-10 20:20 - 2015-11-05 05:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-10 20:20 - 2015-11-05 05:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-10 20:20 - 2015-11-05 05:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-10 20:20 - 2015-11-05 05:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-10 20:20 - 2015-11-05 05:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-10 20:20 - 2015-11-05 05:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-10 20:20 - 2015-11-05 05:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-10 20:20 - 2015-11-05 05:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-10 20:20 - 2015-11-05 05:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-10 20:20 - 2015-11-05 05:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-10 20:20 - 2015-11-05 05:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-10 20:20 - 2015-11-05 05:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-10 20:20 - 2015-11-05 05:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-10 20:20 - 2015-11-05 05:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-10 20:20 - 2015-11-05 05:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-10 20:20 - 2015-11-05 05:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-10 20:20 - 2015-11-05 05:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-10 20:20 - 2015-11-05 05:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-10 20:20 - 2015-11-05 05:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-10 20:20 - 2015-11-05 05:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-10 20:20 - 2015-11-05 04:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-10 20:20 - 2015-11-05 04:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-10 20:20 - 2015-11-05 04:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-10 20:20 - 2015-11-05 04:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-10 20:20 - 2015-11-05 04:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-10 20:20 - 2015-11-05 04:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-10 20:20 - 2015-11-05 04:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-10 20:20 - 2015-11-05 04:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-10 20:20 - 2015-11-05 04:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-10 20:20 - 2015-11-05 04:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-10 20:20 - 2015-11-05 04:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-10 20:20 - 2015-11-05 04:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-10 20:20 - 2015-11-05 04:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-10 20:20 - 2015-11-05 04:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-10 20:20 - 2015-11-05 04:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-10 20:20 - 2015-11-05 04:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-10 20:20 - 2015-11-05 04:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-10 20:20 - 2015-11-05 04:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-10 20:20 - 2015-11-05 04:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-10 20:20 - 2015-11-05 04:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-10 09:48 - 2015-12-01 20:04 - 00000000 ____D C:\Users\Daniel\Desktop\OK1
2015-11-10 09:46 - 2015-11-28 15:10 - 00000000 ____D C:\Users\Daniel\Desktop\RS2
2015-11-05 11:09 - 2015-11-24 11:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-02 22:51 - 2015-09-06 17:44 - 00000000 ____D C:\FRST
2015-12-02 22:44 - 2015-09-14 07:35 - 00000000 ___RD C:\Users\Daniel\Disk Google
2015-12-02 22:44 - 2015-09-14 07:33 - 00000988 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-02 22:43 - 2015-09-14 07:33 - 00000984 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-02 22:42 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-02 22:42 - 2015-07-10 13:20 - 00280744 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-02 22:41 - 2015-07-10 10:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-12-02 22:40 - 2015-09-07 21:42 - 00000000 ____D C:\AdwCleaner
2015-12-02 22:14 - 2015-07-10 10:05 - 00000000 ____D C:\Windows
2015-12-02 22:04 - 2015-09-22 07:39 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-02 21:59 - 2015-09-01 22:48 - 00000000 ____D C:\Users\Daniel\AppData\Local\VirtualStore
2015-12-02 21:37 - 2015-09-02 21:55 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-02 21:15 - 2015-09-01 22:48 - 00000000 ____D C:\Users\Daniel
2015-12-02 19:00 - 2015-09-20 22:03 - 00000600 _____ C:\Users\Daniel\AppData\Roaming\winscp.rnd
2015-12-02 18:52 - 2015-09-02 22:26 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\TS3Client
2015-12-02 18:28 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-01 13:51 - 2015-09-02 22:24 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype
2015-11-30 23:18 - 2015-09-17 13:49 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\vlc
2015-11-30 17:29 - 2015-09-11 13:13 - 00000000 ____D C:\Users\Daniel\AppData\Local\CrashDumps
2015-11-29 22:30 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-28 23:27 - 2015-09-01 20:59 - 01762290 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-28 23:27 - 2015-07-10 17:01 - 00746648 _____ C:\WINDOWS\system32\perfh005.dat
2015-11-28 23:27 - 2015-07-10 17:01 - 00149550 _____ C:\WINDOWS\system32\perfc005.dat
2015-11-28 23:27 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\INF
2015-11-28 21:50 - 2015-09-14 07:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-11-27 11:05 - 2015-09-03 20:08 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-25 17:36 - 2015-09-01 21:42 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-23 19:48 - 2015-09-20 11:38 - 00000000 ____D C:\ProgramData\Oracle
2015-11-23 19:48 - 2015-09-20 11:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-23 19:48 - 2015-09-20 11:38 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-23 19:47 - 2015-09-20 11:38 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-11-23 19:47 - 2015-09-20 11:38 - 00000000 ____D C:\Users\Daniel\.oracle_jre_usage
2015-11-21 23:02 - 2015-09-02 22:24 - 00000000 ____D C:\ProgramData\Skype
2015-11-20 18:24 - 2015-10-17 20:45 - 556521389 _____ C:\WINDOWS\MEMORY.DMP
2015-11-20 18:24 - 2015-10-17 20:45 - 00000000 ____D C:\WINDOWS\Minidump
2015-11-20 17:49 - 2015-09-01 20:47 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-11-20 17:49 - 2015-09-01 20:47 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-11-20 17:49 - 2015-09-01 20:47 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-11-20 17:47 - 2015-09-01 20:48 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-20 16:49 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-20 16:45 - 2014-12-07 21:54 - 00000000 ____D C:\NVIDIA
2015-11-20 12:12 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache
2015-11-19 11:56 - 2015-09-20 21:58 - 00001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2015-11-19 11:56 - 2015-09-20 21:58 - 00001059 _____ C:\Users\Daniel\Desktop\WinSCP.lnk
2015-11-19 11:56 - 2015-09-20 21:58 - 00000000 ____D C:\Program Files (x86)\WinSCP
2015-11-19 11:26 - 2015-10-13 08:38 - 00000000 ____D C:\Users\Daniel\Desktop\voip
2015-11-18 22:38 - 2015-09-02 09:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-17 23:42 - 2015-10-02 10:42 - 00000000 ____D C:\Users\Daniel\Desktop\vpzma zapisek
2015-11-17 17:20 - 2015-09-02 22:11 - 00000000 ____D C:\Users\Daniel\AppData\Local\Steam
2015-11-17 07:27 - 2015-07-23 03:02 - 11228816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-11-16 04:54 - 2015-07-23 03:02 - 18487360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-11-16 04:54 - 2015-07-23 03:02 - 00539464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-11-16 04:54 - 2015-07-23 03:02 - 00445400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-11-16 04:54 - 2015-07-23 03:02 - 00177600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-11-16 04:54 - 2015-07-23 03:02 - 00155792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-11-16 04:54 - 2015-07-23 03:02 - 00034494 _____ C:\WINDOWS\system32\nvinfo.pb
2015-11-16 04:54 - 2015-07-10 12:00 - 00105080 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2015-11-14 21:13 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-14 07:20 - 2015-09-01 20:48 - 06358648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-11-14 07:20 - 2015-09-01 20:48 - 02983216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-11-14 07:20 - 2015-09-01 20:48 - 02554488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-11-14 07:20 - 2015-09-01 20:48 - 00938616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-11-14 07:20 - 2015-09-01 20:48 - 00523384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-11-14 07:20 - 2015-09-01 20:48 - 00385144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-11-14 07:20 - 2015-09-01 20:48 - 00114296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\oemdspif.dll
2015-11-14 07:20 - 2015-09-01 20:48 - 00074872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-11-14 07:20 - 2015-09-01 20:48 - 00062584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-11-11 20:14 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-11 20:13 - 2015-09-05 09:45 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-11 20:10 - 2015-09-05 09:45 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-10 21:05 - 2015-09-02 21:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-10 20:05 - 2015-09-22 07:39 - 00003904 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-10 20:04 - 2015-10-17 21:04 - 05286088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-11-03 19:20 - 2015-10-05 17:35 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 19:20 - 2015-10-05 17:35 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2015-12-02 22:19 - 2015-12-02 22:19 - 0005120 _____ () C:\Users\Daniel\AppData\Roaming\GiftBag.db
2015-04-14 17:28 - 2015-04-14 17:28 - 0004387 _____ () C:\Users\Daniel\AppData\Roaming\syznI8o9vS
2015-04-20 15:05 - 2015-04-20 15:05 - 1246720 _____ () C:\Users\Daniel\AppData\Roaming\syznI8o9vS.exe
2015-09-20 22:03 - 2015-12-02 19:00 - 0000600 _____ () C:\Users\Daniel\AppData\Roaming\winscp.rnd
2015-09-06 17:43 - 2015-09-06 17:43 - 0029696 _____ () C:\Users\Daniel\AppData\Local\MSGBOX.EXE
2015-10-14 10:40 - 2015-10-14 10:40 - 0000218 _____ () C:\Users\Daniel\AppData\Local\recently-used.xbel
2015-09-02 21:40 - 2015-09-02 21:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\2178.exe
C:\Users\Daniel\AppData\Local\Temp\DivX.Web.Player.Installer__8420_il635.exe
C:\Users\Daniel\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Daniel\AppData\Local\Temp\IQIYIsetup_spl004@kb037.exe
C:\Users\Daniel\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Daniel\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Daniel\AppData\Local\Temp\KMS Windows 8 n 8.1 Activator__9771_il302426.exe
C:\Users\Daniel\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\Daniel\AppData\Local\Temp\PCMgr_AndroidServer.exe
C:\Users\Daniel\AppData\Local\Temp\PCMgr_Setup_11_1_16924_223.exe
C:\Users\Daniel\AppData\Local\Temp\qqpcmgr_v10.7.16065.215_71643_Silence.exe
C:\Users\Daniel\AppData\Local\Temp\setup3.exe
C:\Users\Daniel\AppData\Local\Temp\sqlite-3.8.2-x86-sqlitejdbc.dll
C:\Users\Daniel\AppData\Local\Temp\sqlite3.dll
C:\Users\Daniel\AppData\Local\Temp\~85B6.exe
C:\Users\Daniel\AppData\Local\Temp\~89FD.exe
C:\Users\Daniel\AppData\Local\Temp\~A7F.exe
C:\Users\Daniel\AppData\Local\Temp\~F35C.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-23 20:20
==================== End of FRST.txt ============================
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Čínský malware
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\MountPoints2: {1dbc3f99-8472-11e5-9bd5-b888e373a893} - "E:\LG_PC_Programs.exe"
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\MountPoints2: {9927f19a-7030-11e5-9bd0-b888e373a893} - "E:\autorun.exe"
FF Plugin: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll [No File]
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
U4 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2015-12-02] (电脑管家)
S1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16924.223\TSDefenseBT64.sys [X]
C:\WINDOWS\system32\Drivers\TFsFltX64.sys
C:\Users\Public\QiYi
C:\Program Files (x86)\baidu
C:\WINDOWS\LastGood.Tmp
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\Daniel\AppData\Roaming\GiftBag.db
C:\Users\Daniel\AppData\Roaming\syznI8o9vS
C:\Users\Daniel\AppData\Roaming\syznI8o9vS.exe
C:\ProgramData\DP45977C.lfl
C:\Users\Daniel\AppData\Local\Temp
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Čínský malware
Fix result of Farbar Recovery Scan Tool (x64) Version:01-12-2015
Ran by Daniel (2015-12-03 22:20:44) Run:1
Running from C:\Users\Daniel\Desktop
Loaded Profiles: Daniel (Available Profiles: Daniel)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\MountPoints2: {1dbc3f99-8472-11e5-9bd5-b888e373a893} - "E:\LG_PC_Programs.exe"
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\MountPoints2: {9927f19a-7030-11e5-9bd0-b888e373a893} - "E:\autorun.exe"
FF Plugin: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll [No File]
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
U4 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2015-12-02] (????)
S1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16924.223\TSDefenseBT64.sys [X]
C:\WINDOWS\system32\Drivers\TFsFltX64.sys
C:\Users\Public\QiYi
C:\Program Files (x86)\baidu
C:\WINDOWS\LastGood.Tmp
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\Daniel\AppData\Roaming\GiftBag.db
C:\Users\Daniel\AppData\Roaming\syznI8o9vS
C:\Users\Daniel\AppData\Roaming\syznI8o9vS.exe
C:\ProgramData\DP45977C.lfl
C:\Users\Daniel\AppData\Local\Temp
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
"HKU\S-1-5-21-2161712444-3510936251-563553130-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1dbc3f99-8472-11e5-9bd5-b888e373a893}" => key removed successfully
HKCR\CLSID\{1dbc3f99-8472-11e5-9bd5-b888e373a893} => key not found.
"HKU\S-1-5-21-2161712444-3510936251-563553130-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9927f19a-7030-11e5-9bd0-b888e373a893}" => key removed successfully
HKCR\CLSID\{9927f19a-7030-11e5-9bd0-b888e373a893} => key not found.
"HKLM\Software\MozillaPlugins\@iqiyi.com/npclient" => key removed successfully
"HKLM\Software\MozillaPlugins\@iqiyi.com/npWebPlayer" => key removed successfully
TFsFlt => service removed successfully
TSDefenseBt => service removed successfully
C:\WINDOWS\system32\Drivers\TFsFltX64.sys => moved successfully
C:\Users\Public\QiYi => moved successfully
C:\Program Files (x86)\baidu => moved successfully
C:\WINDOWS\LastGood.Tmp => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Users\Daniel\AppData\Roaming\GiftBag.db => moved successfully
C:\Users\Daniel\AppData\Roaming\syznI8o9vS => moved successfully
C:\Users\Daniel\AppData\Roaming\syznI8o9vS.exe => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
"C:\Users\Daniel\AppData\Local\Temp" folder move:
Could not move "C:\Users\Daniel\AppData\Local\Temp" => Scheduled to move on reboot.
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-12-03 22:24:38)
C:\Users\Daniel\AppData\Local\Temp => moved successfully
==== End of Fixlog 22:24:41 ====
Ran by Daniel (2015-12-03 22:20:44) Run:1
Running from C:\Users\Daniel\Desktop
Loaded Profiles: Daniel (Available Profiles: Daniel)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\MountPoints2: {1dbc3f99-8472-11e5-9bd5-b888e373a893} - "E:\LG_PC_Programs.exe"
HKU\S-1-5-21-2161712444-3510936251-563553130-1001\...\MountPoints2: {9927f19a-7030-11e5-9bd0-b888e373a893} - "E:\autorun.exe"
FF Plugin: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll [No File]
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
U4 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2015-12-02] (????)
S1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16924.223\TSDefenseBT64.sys [X]
C:\WINDOWS\system32\Drivers\TFsFltX64.sys
C:\Users\Public\QiYi
C:\Program Files (x86)\baidu
C:\WINDOWS\LastGood.Tmp
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\Daniel\AppData\Roaming\GiftBag.db
C:\Users\Daniel\AppData\Roaming\syznI8o9vS
C:\Users\Daniel\AppData\Roaming\syznI8o9vS.exe
C:\ProgramData\DP45977C.lfl
C:\Users\Daniel\AppData\Local\Temp
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
"HKU\S-1-5-21-2161712444-3510936251-563553130-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1dbc3f99-8472-11e5-9bd5-b888e373a893}" => key removed successfully
HKCR\CLSID\{1dbc3f99-8472-11e5-9bd5-b888e373a893} => key not found.
"HKU\S-1-5-21-2161712444-3510936251-563553130-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9927f19a-7030-11e5-9bd0-b888e373a893}" => key removed successfully
HKCR\CLSID\{9927f19a-7030-11e5-9bd0-b888e373a893} => key not found.
"HKLM\Software\MozillaPlugins\@iqiyi.com/npclient" => key removed successfully
"HKLM\Software\MozillaPlugins\@iqiyi.com/npWebPlayer" => key removed successfully
TFsFlt => service removed successfully
TSDefenseBt => service removed successfully
C:\WINDOWS\system32\Drivers\TFsFltX64.sys => moved successfully
C:\Users\Public\QiYi => moved successfully
C:\Program Files (x86)\baidu => moved successfully
C:\WINDOWS\LastGood.Tmp => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Users\Daniel\AppData\Roaming\GiftBag.db => moved successfully
C:\Users\Daniel\AppData\Roaming\syznI8o9vS => moved successfully
C:\Users\Daniel\AppData\Roaming\syznI8o9vS.exe => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
"C:\Users\Daniel\AppData\Local\Temp" folder move:
Could not move "C:\Users\Daniel\AppData\Local\Temp" => Scheduled to move on reboot.
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-12-03 22:24:38)
C:\Users\Daniel\AppData\Local\Temp => moved successfully
==== End of Fixlog 22:24:41 ====
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Čínský malware
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Čínský malware
Smazáno, vše vypadá v pohodě 
.
Velice děkuji za pomoc.
Odeslal jsem drobný finanční příspěvek .
.Velice děkuji za pomoc.
Odeslal jsem drobný finanční příspěvek
.-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Čínský malware
Za podporu děkujeme a vy nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?