Logfile of random's system information tool 1.10 (written by random/random)
Run by quinp at 2016-07-27 13:41:23
Microsoft Windows 10 Pro Insider Preview
System drive C: has 90 GB (19%) free of 476 GB
Total RAM: 6142 MB (47% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:41:30, on 27.07.2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14372.0000)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\quinp\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files\trend micro\quinp.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID= ... 5D7603317C
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://un-stop.info/wpad.dat?da580d3bb1 ... 1a11320387
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Run: [HDD Regenerator] "C:\Program Files (x86)\HDD Regenerator\Shell.exe" /1
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\quinp\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{eaaca85b-3f3e-4ae6-8057-c1c573fb1fb4}: NameServer = 192.168.0.1
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Plus Android Service (BstHdPlusAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HTCMonitorService - Nero AG - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: PACE License Services (PaceLicenseDServices) - PACE Anti-Piracy, Inc. - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12516 bytes
======Listing Processes======
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe"
"C:\WINDOWS\system32\nvvsvc.exe"
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe"
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe"
"C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe"
"C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\msdtc.exe
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\WINDOWS\system32\DllHost.exe /Processid:{48DA6741-1BF0-4A44-8325-293086C79077}
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
"C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe"
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\WinLogon.exe -SpecialSession
"dwm.exe"
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1"
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
C:\Windows\System32\CastSrv.exe CCastServerControlInteractiveUser -Embedding
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
C:\WINDOWS\system32\DllHost.exe /Processid:{49F6E667-6658-4BD1-9DE9-6AF87F9FAF85}
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Users\quinp\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files (x86)\BlueStacks\HD-Agent.exe"
"C:\Program Files (x86)\Steam\Steam.exe" -silent
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe" "-launchedbyvulcan"
"fontdrvhost.exe"
"C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe" --onOSstartup=true --showwindow=false --waitForRegistration=true
"C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe" --type=renderer --disable-3d-apis --disable-pinch --no-sandbox --enable-deferred-image-decoding --lang=en-US --lang=en-US --locales-dir-path="C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\locales" --log-file="C:\Users\quinp\AppData\Local\Temp\CreativeCloud\ACC\CEF.log" --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/537.36 CreativeCloud/3.7.0.271" --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-gpu-compositing --channel="10052.0.1711813751\1496838937" /prefetch:673131151
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe"
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe"
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe" "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\main.js"
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe" --type=renderer --disable-3d-apis --disable-pinch --no-sandbox --enable-deferred-image-decoding --lang=en-US --lang=en-US --locales-dir-path="C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\locales" --log-file="C:\Users\quinp\AppData\Local\Temp\CreativeCloud\ACC\CEF.log" --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/537.36 CreativeCloud/3.7.0.271" --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-gpu-compositing --channel="10052.1.1783766341\721730978" /prefetch:673131151
"C:\Program Files (x86)\Steam\bin\steamwebhelper.exe" "-cachedir=C:\Users\quinp\AppData\Local\Steam\htmlcache" "-steampid=10248" "-buildid=1468023329" "-steamid=0" --disable-gpu-compositing --disable-gpu --process-per-tab --enable-system-flash --disable-spell-checking --enable-widevine-cdm --enable-direct-write
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.5.155.0_x64__kzf8qxf38zg5c\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
taskhostw.exe
C:\WINDOWS\system32\AUDIODG.EXE 0x720
"C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.23041.0_x64__8wekyb3d8bbwe\Music.UI.exe" -ServerName:Microsoft.ZuneMusic.AppX48dcrcgzqqdshm3kf61t0cm5e9pyd6h6.mca
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe" serviceapp
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Program Files\Windows Defender\\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey 68D82CE0-F811-57FA-7397-777211B40CA8 -Reinvoke
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "http://safebrowsing.biz/?ssid=146561177 ... 2e4842140a"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 --no-rate-limit "--database=C:\Users\quinp\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=51.0.2704.103 --handshake-handle=0x1b8
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/DisallowFetchForDocWrittenScriptsInMainFrame/Default/EnableMediaRouter/Disabled/ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/NewSuggestType_A1_Stable_R1/OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*QUIC/EnabledNoId/RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/ResourcePriorities/Control25PermanentA/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/SafeBrowsingIncidentReportingService/Default/SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_42/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_12/*UMA-Uniformity-Trial-50-Percent/group_01/WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --type=gpu-process --channel="10492.0.2143445879\546429341" --supports-dual-gpus=false --gpu-driver-bug-workarounds=4,13,25,54,69 --gpu-vendor-id=0x10de --gpu-device-id=0x104a --gpu-driver-vendor=NVIDIA --gpu-driver-version=10.18.13.6820 --mojo-platform-channel-handle=1276 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/NewSuggestType_A1_Stable_R1/*OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*QUIC/EnabledNoId/*RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control25PermanentA/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_42/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_12/*UMA-Uniformity-Trial-50-Percent/group_01/*WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=37A2C48AB042B411B7342B8F3517A258 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="10492.12.1549943178\1462164847" --mojo-platform-channel-handle=2996 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/NewSuggestType_A1_Stable_R1/*OutOfProcessPac/Default/*PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*QUIC/EnabledNoId/*RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control25PermanentA/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_42/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_12/*UMA-Uniformity-Trial-50-Percent/group_01/*WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=260E1CB24A378D7D9E03F61F36897572 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="10492.26.1781972050\894951296" --mojo-platform-channel-handle=3200 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="10492.27.660164324\1113132949" --ppapi-flash-args --lang=cs --device-scale-factor=1 --mojo-platform-channel-handle=3364 --ignored=" --type=renderer " /prefetch:3
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe166_ Global\UsGthrCtrlFltPipeMssGthrPipe166 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 656 660 668 8192 664
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Users\quinp\Downloads\RSITx64.exe"
C:\WINDOWS\servicing\TrustedInstaller.exe
C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14372.0_none_36e86c51ddedcd92\TiWorker.exe -Embedding
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
=========Mozilla firefox=========
ProfilePath - C:\Users\quinp\AppData\Roaming\Mozilla\Firefox\Profiles\w51idqk1.default
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.242 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.242 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
C:\Users\quinp\AppData\Roaming\Mozilla\Firefox\Profiles\w51idqk1.default\extensions\
foebot@foebot.fr
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-07-20 213192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-07-20 2101032]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-07-01 13885696]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-05-05 508128]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-03-08 2789248]
"ShadowPlay"=C:\WINDOWS\system32\nvspcap64.dll [2016-03-08 1903344]
"WindowsDefender"=C:\Program Files\Windows Defender\MSASCuiL.exe [2016-06-21 629248]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\quinp\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-07-07 554184]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2015-06-18 4468056]
"BlueStacks Agent"=C:\Program Files (x86)\BlueStacks\HD-Agent.exe [2016-04-12 953880]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2016-07-09 2851408]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun []
"Adobe Creative Cloud"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2016-06-08 2380480]
"BlueStacks Agent"=C:\Program Files (x86)\BlueStacks\HD-Agent.exe [2016-04-12 953880]
"HDD Regenerator"=C:\Program Files (x86)\HDD Regenerator\Shell.exe /1 []
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-09-13 59720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{7AD1C0F5-07A2-40E5-8608-C6EAA0FF362F}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"EnableShellExecuteHooks"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"msacm.vorbis"=vorbis.acm
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2040-03-19 12:59:24 ----D---- C:\Program Files\Common Files\Steinberg
2040-03-19 12:59:13 ----D---- C:\ProgramData\Steinberg
2034-04-15 16:53:58 ----D---- C:\ProgramData\Syncrosoft
2016-07-27 13:41:23 ----D---- C:\rsit
2016-07-07 06:57:17 ----D---- C:\ProgramData\Microsoft OneDrive
2016-07-07 06:52:46 ----D---- C:\ProgramData\USOShared
2016-07-07 06:52:37 ----SHD---- C:\Recovery
2016-07-07 06:50:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2016-07-07 06:42:11 ----ASH---- C:\hiberfil.sys
2016-07-06 17:18:41 ----DC---- C:\WINDOWS\Panther
2016-07-06 17:08:18 ----D---- C:\WINDOWS\system32\Microsoft
2016-07-06 17:08:18 ----D---- C:\WINDOWS\ServiceProfiles
2016-07-06 17:06:25 ----D---- C:\WINDOWS\SYSWOW64\XPSViewer
2016-07-06 17:06:24 ----D---- C:\Program Files\Reference Assemblies
2016-07-06 17:06:24 ----D---- C:\Program Files\MSBuild
2016-07-06 17:06:24 ----D---- C:\Program Files (x86)\Reference Assemblies
2016-07-06 17:06:24 ----D---- C:\Program Files (x86)\MSBuild
2016-07-06 17:05:34 ----A---- C:\WINDOWS\SYSWOW64\TsWpfWrp.exe
2016-07-06 17:05:34 ----A---- C:\WINDOWS\SYSWOW64\PresentationNative_v0300.dll
2016-07-06 17:05:34 ----A---- C:\WINDOWS\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-07-06 17:05:28 ----A---- C:\WINDOWS\system32\TsWpfWrp.exe
2016-07-06 17:05:26 ----A---- C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-07-06 17:05:26 ----A---- C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-07-06 16:30:12 ----SD---- C:\Users\quinp\AppData\Roaming\Microsoft
2016-07-06 16:24:35 ----A---- C:\WINDOWS\SYSWOW64\PrintConfig.dll
2016-07-06 16:24:21 ----D---- C:\WINDOWS\SYSWOW64\RTCOM
2016-07-06 16:24:21 ----D---- C:\Program Files\Realtek
2016-07-06 16:24:18 ----D---- C:\ProgramData\NVIDIA
2016-07-06 16:24:10 ----A---- C:\WINDOWS\system32\nvvsvc.exe
2016-07-06 16:24:10 ----A---- C:\WINDOWS\system32\nvsvcr.dll
2016-07-06 16:24:10 ----A---- C:\WINDOWS\system32\nvsvc64.dll
2016-07-06 16:24:10 ----A---- C:\WINDOWS\system32\nvshext.dll
2016-07-06 16:24:10 ----A---- C:\WINDOWS\system32\nvmctray.dll
2016-07-06 16:24:10 ----A---- C:\WINDOWS\system32\nvcpl.dll
2016-07-06 16:24:10 ----A---- C:\WINDOWS\system32\nv3dappshextr.dll
2016-07-06 16:24:10 ----A---- C:\WINDOWS\system32\nv3dappshext.dll
2016-07-06 16:24:05 ----HD---- C:\Program Files (x86)\Uninstall Information
2016-07-06 16:23:54 ----D---- C:\ProgramData\NVIDIA Corporation
2016-07-06 16:23:38 ----D---- C:\Program Files\NVIDIA Corporation
2016-07-06 16:23:38 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2016-07-06 16:23:13 ----D---- C:\Program Files\Synaptics
2016-07-06 16:23:00 ----AS---- C:\WINDOWS\bootstat.dat
2016-07-06 16:20:45 ----D---- C:\WINDOWS\Prefetch
2016-07-06 16:20:33 ----D---- C:\WINDOWS\system32\SleepStudy
2016-07-06 16:20:18 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
======List of files/folders modified in the last 1 month======
2040-03-19 13:02:33 ----D---- C:\Users\quinp\AppData\Roaming\Steinberg
2034-04-15 16:53:58 ----D---- C:\ProgramData\eLicenser
2016-07-27 13:41:26 ----D---- C:\Program Files\trend micro
2016-07-27 13:40:29 ----D---- C:\WINDOWS\Temp
2016-07-27 13:24:41 ----D---- C:\WINDOWS\system32\sru
2016-07-27 13:22:35 ----RD---- C:\WINDOWS\Microsoft.NET
2016-07-26 18:26:21 ----D---- C:\WINDOWS\INF
2016-07-26 18:11:21 ----SHD---- C:\System Volume Information
2016-07-26 13:04:06 ----D---- C:\WINDOWS\AppReadiness
2016-07-26 13:00:02 ----D---- C:\Program Files (x86)\Steam
2016-07-25 07:40:14 ----HD---- C:\Program Files\WindowsApps
2016-07-24 16:21:01 ----D---- C:\WINDOWS\system32\config
2016-07-23 13:13:31 ----D---- C:\FFOutput
2016-07-22 02:40:08 ----D---- C:\Users\quinp\AppData\Roaming\vlc
2016-07-20 18:56:51 ----SHDC---- C:\WINDOWS\Installer
2016-07-20 18:56:50 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2016-07-20 18:56:31 ----D---- C:\Program Files (x86)\Common Files
2016-07-20 18:55:12 ----AD---- C:\Program Files (x86)\Microsoft Office
2016-07-14 12:57:10 ----D---- C:\WINDOWS\WinSxS
2016-07-14 12:23:11 ----D---- C:\WINDOWS\system32\catroot2
2016-07-13 19:47:10 ----RSD---- C:\WINDOWS\assembly
2016-07-12 20:26:34 ----D---- C:\WINDOWS\system32\Tasks
2016-07-12 20:25:56 ----D---- C:\WINDOWS\SysWOW64
2016-07-11 23:05:36 ----D---- C:\WINDOWS\system32\drivers
2016-07-11 23:05:29 ----D---- C:\WINDOWS\system32\drivers\UMDF
2016-07-11 23:05:29 ----D---- C:\WINDOWS\System32
2016-07-11 20:48:14 ----D---- C:\WINDOWS\Logs
2016-07-11 20:38:52 ----D---- C:\WINDOWS\CbsTemp
2016-07-11 20:31:56 ----D---- C:\Program Files\Steinberg
2016-07-11 20:31:07 ----A---- C:\WINDOWS\SYSWOW64\SYNSOPOS.exe.cfg
2016-07-11 20:27:49 ----D---- C:\WINDOWS\system32\restore
2016-07-08 14:16:57 ----D---- C:\WINDOWS\system32\LogFiles
2016-07-08 06:27:42 ----D---- C:\WINDOWS\appcompat
2016-07-08 06:26:17 ----D---- C:\WINDOWS\system32\WDI
2016-07-07 08:56:27 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2016-07-07 06:57:17 ----HD---- C:\ProgramData
2016-07-07 06:53:14 ----D---- C:\WINDOWS\rescache
2016-07-07 06:52:46 ----D---- C:\ProgramData\USOPrivate
2016-07-07 06:52:37 ----D---- C:\Program Files\Windows NT
2016-07-07 06:52:07 ----D---- C:\WINDOWS\debug
2016-07-07 06:52:04 ----D---- C:\WINDOWS\SoftwareDistribution
2016-07-07 06:50:12 ----D---- C:\Windows
2016-07-07 06:49:48 ----RSD---- C:\WINDOWS\Fonts
2016-07-07 06:49:48 ----D---- C:\WINDOWS\system32\WinBioDatabase
2016-07-07 06:49:48 ----D---- C:\WINDOWS\system32\Tasks_Migrated
2016-07-07 06:49:45 ----D---- C:\WINDOWS\Registration
2016-07-07 06:48:54 ----D---- C:\WINDOWS\Tasks
2016-07-07 06:47:46 ----D---- C:\WINDOWS\AppPatch
2016-07-07 06:47:44 ----SD---- C:\ProgramData\Microsoft
2016-07-07 06:47:21 ----D---- C:\WINDOWS\system32\wbem
2016-07-07 06:46:57 ----D---- C:\WINDOWS\system32\drivers\etc
2016-07-07 06:45:21 ----D---- C:\WINDOWS\system32\DriverStore
2016-07-06 17:06:25 ----D---- C:\WINDOWS\SYSWOW64\MUI
2016-07-06 17:06:25 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2016-07-06 17:06:25 ----D---- C:\WINDOWS\system32\MUI
2016-07-06 17:06:20 ----A---- C:\WINDOWS\SYSWOW64\dpwsockx.dll
2016-07-06 17:06:20 ----A---- C:\WINDOWS\SYSWOW64\dpmodemx.dll
2016-07-06 17:06:20 ----A---- C:\WINDOWS\SYSWOW64\dplayx.dll
2016-07-06 17:06:20 ----A---- C:\WINDOWS\SYSWOW64\dplaysvr.exe
2016-07-06 17:06:18 ----A---- C:\WINDOWS\SYSWOW64\dpnlobby.dll
2016-07-06 17:06:18 ----A---- C:\WINDOWS\SYSWOW64\dpnhupnp.dll
2016-07-06 17:06:18 ----A---- C:\WINDOWS\SYSWOW64\dpnhpast.dll
2016-07-06 17:06:18 ----A---- C:\WINDOWS\SYSWOW64\dpnet.dll
2016-07-06 17:06:18 ----A---- C:\WINDOWS\SYSWOW64\dpnathlp.dll
2016-07-06 17:06:18 ----A---- C:\WINDOWS\SYSWOW64\dpnaddr.dll
2016-07-06 17:06:17 ----A---- C:\WINDOWS\SYSWOW64\dpnsvr.exe
2016-07-06 17:06:14 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2016-07-06 17:06:14 ----A---- C:\WINDOWS\system32\dpnlobby.dll
2016-07-06 17:06:14 ----A---- C:\WINDOWS\system32\dpnhupnp.dll
2016-07-06 17:06:14 ----A---- C:\WINDOWS\system32\dpnhpast.dll
2016-07-06 17:06:14 ----A---- C:\WINDOWS\system32\dpnet.dll
2016-07-06 17:06:14 ----A---- C:\WINDOWS\system32\dpnathlp.dll
2016-07-06 17:06:14 ----A---- C:\WINDOWS\system32\dpnaddr.dll
2016-07-06 16:39:20 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2016-07-06 16:34:12 ----RD---- C:\WINDOWS\WebManagement
2016-07-06 16:34:09 ----D---- C:\WINDOWS\SYSWOW64\migration
2016-07-06 16:34:08 ----D---- C:\WINDOWS\SYSWOW64\GroupPolicy
2016-07-06 16:34:08 ----D---- C:\WINDOWS\SYSWOW64\en-US
2016-07-06 16:34:08 ----D---- C:\WINDOWS\SYSWOW64\drivers
2016-07-06 16:34:02 ----RSD---- C:\WINDOWS\system32\WindowsDevicePortal
2016-07-06 16:34:02 ----D---- C:\WINDOWS\system32\WinBioPlugIns
2016-07-06 16:34:02 ----D---- C:\WINDOWS\system32\spool
2016-07-06 16:34:00 ----D---- C:\WINDOWS\system32\NDF
2016-07-06 16:33:58 ----D---- C:\WINDOWS\system32\en-US
2016-07-06 16:33:58 ----D---- C:\WINDOWS\system32\drivers\en-US
2016-07-06 16:33:56 ----D---- C:\WINDOWS\system32\cs-CZ
2016-07-06 16:33:55 ----D---- C:\WINDOWS\system32\CatRoot
2016-07-06 16:33:55 ----D---- C:\WINDOWS\system32\appmgmt
2016-07-06 16:33:49 ----D---- C:\WINDOWS\PolicyDefinitions
2016-07-06 16:33:47 ----D---- C:\WINDOWS\LiveKernelReports
2016-07-06 16:33:39 ----D---- C:\WINDOWS\IME
2016-07-06 16:33:38 ----RD---- C:\Users
2016-07-06 16:33:16 ----RD---- C:\Program Files (x86)
2016-07-06 16:33:14 ----D---- C:\Program Files (x86)\Microsoft.NET
2016-07-06 16:33:11 ----RD---- C:\Program Files
2016-07-06 16:33:07 ----D---- C:\Program Files\Common Files\System
2016-07-06 16:33:07 ----D---- C:\Program Files\Common Files\microsoft shared
2016-07-06 16:33:07 ----D---- C:\Program Files\Common Files
2016-07-06 16:32:20 ----HD---- C:\WINDOWS\system32\GroupPolicy
2016-07-06 16:32:20 ----D---- C:\WINDOWS\system32\Recovery
2016-07-06 16:30:27 ----D---- C:\WINDOWS\system32\CodeIntegrity
2016-07-06 16:27:36 ----D---- C:\WINDOWS\system32\Sysprep
2016-07-06 16:25:05 ----RD---- C:\WINDOWS\PrintDialog
2016-07-06 16:25:04 ----RD---- C:\WINDOWS\MiracastView
2016-07-06 16:25:03 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2016-07-06 16:24:19 ----D---- C:\Temp
2016-07-06 16:24:10 ----D---- C:\WINDOWS\Help
2016-06-28 19:46:40 ----D---- C:\Program Files (x86)\VSTPlugIns
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-100; C:\WINDOWS\system32\drivers\iorate.sys [2016-06-21 40720]
R0 PxHlpa64;PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [2012-06-22 56336]
R0 Tpkd;Tpkd; C:\WINDOWS\system32\drivers\Tpkd.sys [2009-05-21 103272]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2016-06-21 88576]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-06-21 8192]
R2 BstkDrv;BlueStacks Plus Hypervisor; \??\C:\Program Files (x86)\BlueStacks\BstkDrv.sys [2016-04-06 270904]
R2 clreg;@%SystemRoot%\system32\drivers\registry.sys,-100; C:\WINDOWS\System32\drivers\registry.sys [2016-06-21 70144]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2016-06-21 47616]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2016-06-21 78336]
R3 dtlitescsibus;@oem23.inf,%DTLITESCSIBUS.DeviceDesc%;DAEMON Tools Lite Virtual SCSI Bus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [2015-09-27 30264]
R3 ffusb2audio;@oem8.inf,%DriverName%;Focusrite USB 2.0 Audio Driver; C:\WINDOWS\system32\DRIVERS\ffusb2audio.sys [2013-09-25 127280]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2015-07-01 4504320]
R3 netr28ux;@oem12.inf,%Generic.Service.DispName%;RT2870 USB Extensible Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\netr28ux.sys [2016-05-09 2244944]
R3 NVHDA;@oem4.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda64v.sys [2016-06-03 141240]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys [2016-06-03 13527088]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-03-08 28032]
R3 nvvad_WaveExtensible;@oem25.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\WINDOWS\system32\drivers\nvvad64v.sys [2016-03-08 47760]
R3 rt640x64;@rt640x64.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2016-06-21 589824]
R3 SmbDrvI;SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [2015-07-23 42696]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-06-21 101648]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-06-21 97040]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2016-06-21 54544]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2016-06-21 57616]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2016-06-21 84240]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2016-06-21 27920]
S2 BstHdDrv;BlueStacks Hypervisor; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2016-04-12 154680]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-06-21 18432]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2016-06-21 15360]
S3 AppvStrm;@%systemroot%\system32\drivers\AppvStrm.sys,-101; C:\WINDOWS\system32\drivers\AppvStrm.sys [2016-06-22 122128]
S3 AppvVemgr;@%systemroot%\system32\drivers\AppvVemgr.sys,-101; C:\WINDOWS\system32\drivers\AppvVemgr.sys [2016-06-22 152848]
S3 AppvVfs;@%systemroot%\system32\drivers\AppvVfs.sys,-101; C:\WINDOWS\system32\drivers\AppvVfs.sys [2016-06-22 136976]
S3 bcmfn;@bcmfn.inf,%bcmfn.SVCDESC%;bcmfn Service; C:\WINDOWS\System32\drivers\bcmfn.sys [2016-06-21 9728]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-06-21 37376]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2016-06-21 117248]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-06-21 20480]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-06-21 45840]
S3 htcnprot;@oem32.inf,%NDISPROT_Desc%;HTC NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\htcnprot.sys [2013-10-17 36928]
S3 HtcVCom32;@oem19.inf,%OEMSerialPortName00%;HTC Diagnostic Port; C:\WINDOWS\system32\DRIVERS\HtcVComV64.sys [2010-03-09 121800]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2016-06-21 69392]
S3 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-06-21 342800]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-06-21 2099984]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2016-06-21 81408]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-06-21 165888]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2016-06-21 522000]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-06-21 35840]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2016-06-21 120320]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [2015-12-11 192216]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-06-21 838416]
S3 MsSecFlt;@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001; C:\WINDOWS\system32\drivers\mssecflt.sys [2016-06-22 174352]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2016-06-21 104720]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2016-06-21 90624]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2016-06-21 924432]
S3 scmdisk0101;@scmdisk0101.inf,%scmdisk0101.SvcDesc%;Microsoft NVDIMM-N disk driver; C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-06-21 123904]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmCx.sys [2016-06-21 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys [2016-06-21 108544]
S3 UcmUcsi;@UcmUcsi.inf,%UcmUcsi.ServiceName%;USB Connector Manager UCSI Client; C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-06-21 50688]
S3 UdeCx;USB Device Emulation Support Library; C:\WINDOWS\system32\drivers\udecx.sys [2016-06-21 45568]
S3 Ufx01000;USB Function Class Extension; C:\WINDOWS\system32\drivers\ufx01000.sys [2016-06-21 258832]
S3 UfxChipidea;@ufxchipidea.inf,%UfxChipidea.ServiceName%;USB Chipidea Controller; C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-06-21 92432]
S3 ufxsynopsys;@ufxsynopsys.inf,%ufxsynopsys.ServiceName%;USB Synopsys Controller; C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-06-21 132880]
S4 UevAgentDriver;@%systemroot%\system32\drivers\UevAgentDriver.sys,-101; C:\WINDOWS\system32\drivers\UevAgentDriver.sys [2016-06-22 36112]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-06-25 82128]
R2 AdobeUpdateService;AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2016-06-03 737984]
R2 AGSService;Adobe Genuine Software Integrity Service; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016-04-05 2021592]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2016-04-12 417304]
R2 CDPUserSvc_16b2afa5;CDPUserSvc_16b2afa5; C:\WINDOWS\system32\svchost.exe [2016-06-21 40320]
R2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2016-07-11 2950856]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-06-21 40320]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2016-06-21 40320]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-03-08 1164672]
R2 HTCMonitorService;HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2014-06-27 87368]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-03-08 1880960]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-03-08 2609024]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvvsvc.exe [2016-05-18 1351104]
R2 OneSyncSvc_16b2afa5;Hostitel synchronizace_16b2afa5; C:\WINDOWS\system32\svchost.exe [2016-06-21 40320]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2013-10-17 166912]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe [2016-05-18 426040]
R2 tiledatamodelsvc;@%SystemRoot%\system32\tileobjserver.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-06-21 40320]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [2015-06-18 1268568]
R3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2016-06-21 40320]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2016-06-21 40320]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-03-08 6474112]
R3 PimIndexMaintenanceSvc_16b2afa5;Data kontaktů_16b2afa5; C:\WINDOWS\system32\svchost.exe [2016-06-21 40320]
R3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2016-06-21 40320]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-06-21 40320]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-07-09 1450064]
R3 TimeBrokerSvc;@%windir%\system32\TimeBrokerServer.dll,-1001; C:\WINDOWS\system32\svchost.exe [2016-06-21 40320]
S2 BstHdAndroidSvc;BlueStacks Android Service; C:\Program Files (x86)\BlueStacks\HD-Service.exe [2016-04-12 437784]
S2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-06-21 40320]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-06-21 40320]
S2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-06-21 40320]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-29 154440]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-06-21 40320]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2016-06-21 40320]
S2 PaceLicenseDServices;PACE License Services; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2016-03-03 45692456]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-29 269504]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2016-06-21 40320]
S3 BstHdPlusAndroidSvc;BlueStacks Plus Android Service; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [2016-04-12 433688]
S3 BstHdUpdaterSvc;BlueStacks Updater Service; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2016-04-12 921112]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2016-06-21 40320]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2016-06-21 40320]
S3 DcpSvc;@%SystemRoot%\system32\dcpsvc.dll,-3001; C:\WINDOWS\System32\svchost.exe [2016-06-21 40320]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-06-21 40320]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-06-21 93184]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-06-21 40320]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2016-06-21 40320]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2016-06-21 40320]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-06-21 40320]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2016-05-25 43696]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-06-21 40320]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-29 154440]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-06-21 40320]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2016-06-21 40320]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2016-06-21 40320]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-06-21 40320]
S3 MessagingService_16b2afa5;Služba zasílání zpráv_16b2afa5; C:\WINDOWS\system32\svchost.exe [2016-06-21 40320]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-05-05 146888]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2016-06-21 40320]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-06-21 40320]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-06-21 40320]
S3 ose;Office Source Engine; c:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2016-07-09 200240]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2016-06-21 40320]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2016-06-21 40320]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2016-06-21 40320]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2016-06-21 40320]
S3 Sense;@%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2016-06-22 2823168]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2016-06-21 1312768]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2016-06-21 40320]
S3 TieringEngineService;@%SystemRoot%\system32\TieringEngineService.exe,-702; C:\WINDOWS\system32\TieringEngineService.exe [2016-06-21 287744]
S3 tzautoupdate;@%SystemRoot%\system32\tzautoupdate.dll,-200; C:\WINDOWS\system32\svchost.exe [2016-06-21 40320]
S4 AppVClient;@%systemroot%\system32\AppVClient.exe,-102; C:\WINDOWS\system32\AppVClient.exe [2016-06-22 807696]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-06-21 40320]
S4 UevAgentService;@%systemroot%\system32\AgentService.exe,-102; C:\WINDOWS\system32\AgentService.exe [2016-06-22 1227264]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Vyskakovací okna ve všech prohlížečích
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119427
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vyskakovací okna ve všech prohlížečích
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vyskakovací okna ve všech prohlížečích
# AdwCleaner v5.201 - Log vytvořen 27/07/2016 v 20:19:07
# Aktualizováno 30/06/2016 by ToolsLib
# Databáze : 2016-07-27.1 [Server]
# Operační system : Windows 10 Pro Insider Preview (X64)
# Uživatelské jméno : quinp - WIN-OI7C9QIUQQO
# Spuštěno z : C:\Users\quinp\Desktop\adwcleaner_5.201.exe
# Nastavení : Čištění
# Podpora : https://toolslib.net/forum
***** [ Služby ] *****
***** [ Složky ] *****
[#] Složka Smazáno : C:\Users\quinp\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
[-] Složka Smazáno : C:\Users\quinp\AppData\Roaming\chportu
[-] Složka Smazáno : C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\YourGSearchFinder_br
[-] Složka Smazáno : C:\Users\quinp\AppData\Roaming\taskmgr
[-] Složka Smazáno : C:\Users\quinp\AppData\Roaming\Profiles\yzzfdyu4.default
***** [ Soubory ] *****
***** [ DLLs ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
[-] Zástupce Vyléčeno : C:\Users\Public\Desktop\Google Chrome.lnk
[-] Zástupce Vyléčeno : C:\Users\Public\Desktop\Mozilla Firefox.lnk
[-] Zástupce Vyléčeno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Zástupce Vyléčeno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Zástupce Vyléčeno : C:\Users\quinp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk
[-] Zástupce Vyléčeno : C:\Users\quinp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Zástupce Vyléčeno : C:\Users\quinp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
***** [ Naplánované úlohy ] *****
[-] Úloha Smazáno : Ateredomkefisp Cache
***** [ Registry ] *****
[-] Klíč Smazáno : HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Klíč Smazáno : HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Klíč Smazáno : HKCU\Software\Ultimate-Discounter
[-] Klíč Smazáno : HKCU\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[-] Klíč Smazáno : HKLM\SOFTWARE\hohosearchSoftware
[-] Klíč Smazáno : HKLM\SOFTWARE\SrpnFiles
[-] Klíč Smazáno : HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
[-] Klíč Smazáno : HKLM\SOFTWARE\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[-] Klíč Smazáno : [x64] HKLM\SOFTWARE\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[-] Klíč Smazáno : HKU\.DEFAULT\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
***** [ Prohlížeče ] *****
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("browser.search.searchengine.hp", "hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqB3UlBHAmBU..&v=20160531&uid=786DD4E0F4460915E8B227F771829F50&ptid=qca&mode=loadm");
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("browser.search.searchengine.sp", "hxxp://d2ucfwpxlh3zh3.cloudfront.net/chrome.php?mode=ffsengext&ptid=qca&q={searchTerms}&ts=AHEqB3UlBHAmBU..&uid=786DD4E0F4460915E8B227F771829F50&v=20160531[...]
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("browser.search.searchengine.uid", "786DD4E0F4460915E8B227F771829F50");
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("browser.search.searchengine.url", "hxxp://d2ucfwpxlh3zh3.cloudfront.net/chrome.php?mode=ffsengext&ptid=qca&q={searchTerms}&ts=AHEqB3UlBHAmBU..&uid=786DD4E0F4460915E8B227F771829F50&v=2016053[...]
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("browser.search.selectedEngine", "hohosearch");
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.BUTTON_STRUCTURE", "[{\"b\":224520315,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":224520316,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.browser.version.last", "46.0");
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.firstKnownVersion", "7.38.8.45986");
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.homepage", "/index.jhtml?n=782aa5e4");
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.hp.enabled", true);
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.hp.guardType", "HPR");
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.initialized", true);
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.installation.installDate", "2016060900");
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.installation.success", true);
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.lastActivePing", "1469579484219");
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.lastKnownVersion", "7.38.8.45986");
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.lssState", "{\"previousLocales\":[\"cs\",\"en-US\",\"en\"],\"supportedLocales\":[\"de\",\"es\",\"pt\",\"ja\",\"en\"],\"defaultLocale\":\"en\",\"supp[...]
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.options.defaultSearch", false);
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.options.homePageEnabled", false);
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.options.keywordEnabled", true);
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.options.tabEnabled", false);
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.productDeliveryOption.language", "en");
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.productDeliveryOption.type", "Toolbar");
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.successUrl", "hxxp://d2ucfwpxlh3zh3.cloudfront.net/chrome.php?uid=786DD4E0F4460915E8B227F771829F50&ptid=qca&ts=AHEqB3UlBHAmBU..&v=20160531&mode=ffex[...]
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.toolbarCollapsed", true);
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.uninstallTasks", "{\"prefBranchesToDelete\":[\"extensions.toolbar.mindspark._brMembers_.\"],\"filesToDelete\":[\"C:\\\\Users\\\\quinp\\\\AppData\\\\[...]
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "yourGSearchfinder@GSearch.com");
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark.lastInstalled", "yourGSearchfinder@GSearch.com");
*************************
:: "Tracing" klíče smazány
:: Nastavení Winsock vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [8494 bytů] - [27/07/2016 20:19:07]
C:\AdwCleaner\AdwCleaner[S1].txt - [9376 bytů] - [27/07/2016 20:17:11]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [8640 bytů] ##########
# Aktualizováno 30/06/2016 by ToolsLib
# Databáze : 2016-07-27.1 [Server]
# Operační system : Windows 10 Pro Insider Preview (X64)
# Uživatelské jméno : quinp - WIN-OI7C9QIUQQO
# Spuštěno z : C:\Users\quinp\Desktop\adwcleaner_5.201.exe
# Nastavení : Čištění
# Podpora : https://toolslib.net/forum
***** [ Služby ] *****
***** [ Složky ] *****
[#] Složka Smazáno : C:\Users\quinp\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
[-] Složka Smazáno : C:\Users\quinp\AppData\Roaming\chportu
[-] Složka Smazáno : C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\YourGSearchFinder_br
[-] Složka Smazáno : C:\Users\quinp\AppData\Roaming\taskmgr
[-] Složka Smazáno : C:\Users\quinp\AppData\Roaming\Profiles\yzzfdyu4.default
***** [ Soubory ] *****
***** [ DLLs ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
[-] Zástupce Vyléčeno : C:\Users\Public\Desktop\Google Chrome.lnk
[-] Zástupce Vyléčeno : C:\Users\Public\Desktop\Mozilla Firefox.lnk
[-] Zástupce Vyléčeno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Zástupce Vyléčeno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Zástupce Vyléčeno : C:\Users\quinp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk
[-] Zástupce Vyléčeno : C:\Users\quinp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Zástupce Vyléčeno : C:\Users\quinp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
***** [ Naplánované úlohy ] *****
[-] Úloha Smazáno : Ateredomkefisp Cache
***** [ Registry ] *****
[-] Klíč Smazáno : HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Klíč Smazáno : HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Klíč Smazáno : HKCU\Software\Ultimate-Discounter
[-] Klíč Smazáno : HKCU\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[-] Klíč Smazáno : HKLM\SOFTWARE\hohosearchSoftware
[-] Klíč Smazáno : HKLM\SOFTWARE\SrpnFiles
[-] Klíč Smazáno : HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
[-] Klíč Smazáno : HKLM\SOFTWARE\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[-] Klíč Smazáno : [x64] HKLM\SOFTWARE\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[-] Klíč Smazáno : HKU\.DEFAULT\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
***** [ Prohlížeče ] *****
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("browser.search.searchengine.hp", "hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqB3UlBHAmBU..&v=20160531&uid=786DD4E0F4460915E8B227F771829F50&ptid=qca&mode=loadm");
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("browser.search.searchengine.sp", "hxxp://d2ucfwpxlh3zh3.cloudfront.net/chrome.php?mode=ffsengext&ptid=qca&q={searchTerms}&ts=AHEqB3UlBHAmBU..&uid=786DD4E0F4460915E8B227F771829F50&v=20160531[...]
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("browser.search.searchengine.uid", "786DD4E0F4460915E8B227F771829F50");
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("browser.search.searchengine.url", "hxxp://d2ucfwpxlh3zh3.cloudfront.net/chrome.php?mode=ffsengext&ptid=qca&q={searchTerms}&ts=AHEqB3UlBHAmBU..&uid=786DD4E0F4460915E8B227F771829F50&v=2016053[...]
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("browser.search.selectedEngine", "hohosearch");
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.BUTTON_STRUCTURE", "[{\"b\":224520315,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":224520316,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.browser.version.last", "46.0");
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.firstKnownVersion", "7.38.8.45986");
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.homepage", "/index.jhtml?n=782aa5e4");
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.hp.enabled", true);
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.hp.guardType", "HPR");
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.initialized", true);
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.installation.installDate", "2016060900");
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.installation.success", true);
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.lastActivePing", "1469579484219");
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.lastKnownVersion", "7.38.8.45986");
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.lssState", "{\"previousLocales\":[\"cs\",\"en-US\",\"en\"],\"supportedLocales\":[\"de\",\"es\",\"pt\",\"ja\",\"en\"],\"defaultLocale\":\"en\",\"supp[...]
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.options.defaultSearch", false);
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.options.homePageEnabled", false);
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.options.keywordEnabled", true);
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.options.tabEnabled", false);
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.productDeliveryOption.language", "en");
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.productDeliveryOption.type", "Toolbar");
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.successUrl", "hxxp://d2ucfwpxlh3zh3.cloudfront.net/chrome.php?uid=786DD4E0F4460915E8B227F771829F50&ptid=qca&ts=AHEqB3UlBHAmBU..&v=20160531&mode=ffex[...]
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.toolbarCollapsed", true);
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark._brMembers_.uninstallTasks", "{\"prefBranchesToDelete\":[\"extensions.toolbar.mindspark._brMembers_.\"],\"filesToDelete\":[\"C:\\\\Users\\\\quinp\\\\AppData\\\\[...]
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "yourGSearchfinder@GSearch.com");
[-] [C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\prefs.js] Smazáno : user_pref("extensions.toolbar.mindspark.lastInstalled", "yourGSearchfinder@GSearch.com");
*************************
:: "Tracing" klíče smazány
:: Nastavení Winsock vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [8494 bytů] - [27/07/2016 20:19:07]
C:\AdwCleaner\AdwCleaner[S1].txt - [9376 bytů] - [27/07/2016 20:17:11]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [8640 bytů] ##########
-
Rudy
- Site Admin
- Příspěvky: 119427
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vyskakovací okna ve všech prohlížečích
Teď dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vyskakovací okna ve všech prohlížečích
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2016
Ran by quinp (administrator) on WIN-OI7C9QIUQQO (28-07-2016 19:19:23)
Running from C:\Users\quinp\Downloads
Loaded Profiles: quinp (Available Profiles: quinp)
Platform: Windows 10 Pro Insider Preview Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Microsoft Corporation) C:\Windows\System32\wimserv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.5.155.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-07-01] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-05-05] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-03-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [629248 2016-06-21] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2380480 2016-06-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [953880 2016-04-12] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [HDD Regenerator] => "C:\Program Files (x86)\HDD Regenerator\Shell.exe" /1
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1094651592-460179214-1795114754-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-1094651592-460179214-1795114754-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [953880 2016-04-12] (BlueStack Systems, Inc.)
HKU\S-1-5-21-1094651592-460179214-1795114754-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2851408 2016-07-09] (Valve Corporation)
HKU\S-1-5-21-1094651592-460179214-1795114754-1001\...\MountPoints2: {240347ce-c6b6-11e5-b6cb-001a4d496548} - "I:\setup.exe"
ShellExecuteHooks: - {7AD1C0F5-07A2-40E5-8608-C6EAA0FF362F} - No File [ ]
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [S-1-5-21-1094651592-460179214-1795114754-1001] => hxxp://un-stop.info/wpad.dat?da580d3bb1122016f16cce63d9e05e1a11320387
Tcpip\Parameters: [DhcpNameServer] 213.192.60.5 8.8.8.8
Tcpip\..\Interfaces\{147ca30a-36f0-485c-80ac-b28089cf6e0c}: [DhcpNameServer] 213.192.60.5 8.8.8.8
Tcpip\..\Interfaces\{eaaca85b-3f3e-4ae6-8057-c1c573fb1fb4}: [NameServer] 192.168.0.1
ManualProxies: 0hxxp://un-stop.info/wpad.dat?da580d3bb1122016f16cce63d9e05e1a11320387
Internet Explorer:
==================
HKU\S-1-5-21-1094651592-460179214-1795114754-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131093593238102861&GUID=01500A0E-118A-4BC5-B723-C85D7603317C
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-07-20] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-07-20] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-20] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-20] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-20] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-20] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default
FF NewTab: hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqB3UlBHAmBU..&v=20160531&uid=786DD4E0F4460915E8B227F771829F50&ptid=qca&mode=loadm
FF DefaultSearchEngine: cloudfront
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=cloudfront
FF Homepage: hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqB3UlBHAmBU..&v=20160531&uid=786DD4E0F4460915E8B227F771829F50&ptid=qca&mode=loadm
FF Keyword.URL: hxxp://d2ucfwpxlh3zh3.cloudfront.net/chrome.php?uid=786DD4E0F4460915E8B227F771829F50&ptid=qca&ts=AHEqB3UlBHAmBU..&v=20160531&mode=ffexttoolbar&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-29] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-06-08] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-29] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-07-20] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-05-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-05-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-06-08] (Adobe Systems)
FF SearchPlugin: C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\searchplugins\md9zgfyj.xml [2016-06-01]
FF Extension: Forge Of Empire Bot - C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\extensions\foebot@foebot.fr [2016-06-01]
FF Extension: Forge Of Empire Bot - C:\Users\quinp\AppData\Roaming\Mozilla\Firefox\Profiles\w51idqk1.default\Extensions\foebot@foebot.fr [2016-05-05]
FF Extension: Video DownloadHelper - C:\Users\quinp\AppData\Roaming\Mozilla\Firefox\Profiles\w51idqk1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-24]
FF Extension: Adblock Plus - C:\Users\quinp\AppData\Roaming\Mozilla\Firefox\Profiles\w51idqk1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]
FF Extension: GsearchFinder - C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-05-31]
FF Extension: Video DownloadHelper - C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-24]
FF Extension: Adblock Plus - C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]
Chrome:
=======
CHR HomePage: ChromeDefaultData -> hxxp://www.google.cz/
CHR StartupUrls: ChromeDefaultData -> "hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqB3UlBHAmBU..&v=20160531&uid=786DD4E0F4460915E8B227F771829F50&ptid=qca&mode=loadm"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://d2ucfwpxlh3zh3.cloudfront.net/chrome.php?q={searchTerms}&ts=AHEqB3UlBHAmBU..&v=20160531&uid=786DD4E0F4460915E8B227F771829F50&ptid=qca&mode=loadm
CHR DefaultSearchKeyword: ChromeDefaultData -> hohosearch
CHR Session Restore: ChromeDefaultData -> is enabled.
CHR Profile: C:\Users\quinp\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
CHR Extension: (Prezentace Google) - C:\Users\quinp\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-29]
CHR Extension: (Dokumenty Google) - C:\Users\quinp\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-29]
CHR Extension: (Disk Google) - C:\Users\quinp\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-29]
CHR Extension: (YouTube) - C:\Users\quinp\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-29]
CHR Extension: (Tabulky Google) - C:\Users\quinp\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\quinp\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\quinp\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-29]
CHR Extension: (Gmail) - C:\Users\quinp\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-29]
CHR Profile: C:\Users\quinp\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ultimate Discounter) - C:\Users\quinp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckcmdpmhiekiihmfjffdehhbhgllpapg [2016-06-01]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [737984 2016-06-03] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
S4 AppVClient; C:\Windows\system32\AppVClient.exe [807696 2016-06-22] (Microsoft Corporation)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437784 2016-04-12] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417304 2016-04-12] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [433688 2016-04-12] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [921112 2016-04-12] (BlueStack Systems, Inc.)
S2 CDPUserSvc; C:\Windows\System32\CDPUserSvc.dll [317952 2016-06-21] (Microsoft Corporation)
R2 CDPUserSvc_10c04ff; C:\WINDOWS\system32\svchost.exe [40320 2016-06-21] (Microsoft Corporation)
R2 CDPUserSvc_10c04ff; C:\WINDOWS\SysWOW64\svchost.exe [34616 2016-06-21] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2950856 2016-07-11] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S3 FrameServer; C:\Windows\system32\FrameServer.dll [801280 2016-06-21] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-03-08] (NVIDIA Corporation)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
S3 HvHost; C:\Windows\System32\hvhostsvc.dll [67584 2016-06-21] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-03-08] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-03-08] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-03-08] (NVIDIA Corporation)
S3 ose; c:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [200240 2016-07-09] (Microsoft Corporation) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 RmSvc; C:\Windows\System32\RMapi.dll [141312 2016-06-21] (Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2823168 2016-06-22] (Microsoft Corporation)
S4 shpamsvc; C:\Windows\system32\Windows.SharedPC.AccountManager.dll [161792 2016-06-21] (Microsoft Corporation)
R3 TimeBrokerSvc; C:\Windows\System32\TimeBrokerServer.dll [173056 2016-06-21] (Microsoft Corporation)
S4 UevAgentService; C:\Windows\system32\AgentService.exe [1227264 2016-06-22] (Microsoft Corporation)
S3 vmicrdv; C:\Windows\System32\icsvcext.dll [349696 2016-06-21] (Microsoft Corporation)
S3 vmicvss; C:\Windows\System32\icsvcext.dll [349696 2016-06-21] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [333584 2016-06-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [91368 2016-06-21] (Microsoft Corporation)
S3 wisvc; C:\Windows\system32\flightsettings.dll [614400 2016-06-21] (Microsoft Corporation)
S3 WpnUserService; C:\Windows\System32\WpnUserService.dll [74240 2016-06-21] (Microsoft Corporation)
S3 WpnUserService_10c04ff; C:\WINDOWS\system32\svchost.exe [40320 2016-06-21] (Microsoft Corporation)
S3 WpnUserService_10c04ff; C:\WINDOWS\SysWOW64\svchost.exe [34616 2016-06-21] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AcpiDev; C:\Windows\System32\drivers\AcpiDev.sys [18432 2016-06-21] (Microsoft Corporation)
S3 applockerfltr; C:\Windows\System32\drivers\applockerfltr.sys [15360 2016-06-21] (Microsoft Corporation)
S3 AppvStrm; C:\Windows\system32\drivers\AppvStrm.sys [122128 2016-06-22] (Microsoft Corporation)
S3 AppvVemgr; C:\Windows\system32\drivers\AppvVemgr.sys [152848 2016-06-22] (Microsoft Corporation)
S3 AppvVfs; C:\Windows\system32\drivers\AppvVfs.sys [136976 2016-06-22] (Microsoft Corporation)
S0 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [529680 2016-06-21] (QLogic Corporation)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-04-12] (BlueStack Systems)
R2 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2016-04-06] (Bluestack System Inc. )
S3 cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [342800 2016-06-21] (Chelsio Communications)
S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [2099984 2016-06-21] (Chelsio Communications)
R2 clreg; C:\Windows\System32\drivers\registry.sys [70144 2016-06-21] (Microsoft Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-09-27] (Disc Soft Ltd)
R3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
S3 hvservice; C:\Windows\System32\drivers\hvservice.sys [69392 2016-06-21] (Microsoft Corporation)
S3 IndirectKmd; C:\Windows\System32\drivers\IndirectKmd.sys [35840 2016-06-21] (Microsoft Corporation)
R0 iorate; C:\Windows\System32\drivers\iorate.sys [40720 2016-06-21] (Microsoft Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-11] (Malwarebytes)
S3 MsSecFlt; C:\Windows\System32\drivers\mssecflt.sys [174352 2016-06-22] (Microsoft Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-06-21] ()
R3 netr28ux; C:\Windows\system32\DRIVERS\netr28ux.sys [2244944 2016-05-09] (MediaTek Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-03-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2016-03-08] (NVIDIA Corporation)
S0 percsas2i; C:\Windows\System32\drivers\percsas2i.sys [54544 2016-06-21] (Avago Technologies)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-06-21] (Realtek )
S0 scmbus; C:\Windows\System32\drivers\scmbus.sys [84240 2016-06-21] (Microsoft Corporation)
S3 scmdisk0101; C:\Windows\System32\drivers\scmdisk0101.sys [123904 2016-06-21] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-23] (Synaptics Incorporated)
S3 UcmTcpciCx0101; C:\Windows\System32\Drivers\UcmTcpciCx.sys [108544 2016-06-21] (Microsoft Corporation)
S4 UevAgentDriver; C:\Windows\system32\drivers\UevAgentDriver.sys [36112 2016-06-22] (Microsoft Corporation)
R3 vmgid; C:\Windows\System32\drivers\vmgid.sys [10240 2016-06-21] (Microsoft Corporation)
R0 volume; C:\Windows\System32\drivers\volume.sys [12048 2016-06-21] (Microsoft Corporation)
R2 wcifs; C:\Windows\system32\drivers\wcifs.sys [114960 2016-06-21] (Microsoft Corporation)
R2 wcnfs; C:\Windows\system32\drivers\wcnfs.sys [66560 2016-06-21] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [40256 2016-06-21] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [284944 2016-06-21] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117520 2016-06-21] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVC: shpamsvc -> C:\Windows\system32\Windows.SharedPC.AccountManager.dll (Microsoft Corporation)
NETSVC: wisvc -> C:\Windows\system32\flightsettings.dll (Microsoft Corporation)
NETSVC: WpnService -> C:\Windows\system32\WpnService.dll (Microsoft Corporation)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2040-03-19 13:02 - 2016-07-23 13:05 - 00000000 ____D C:\Users\quinp\Documents\Cubase LE AI Elements Projects
2040-03-19 13:02 - 2016-03-30 13:00 - 00000000 ____D C:\Users\quinp\Documents\Steinberg
2040-03-19 13:01 - 2016-04-19 12:21 - 00000000 ____D C:\Users\quinp\Documents\VST3 Presets
2040-03-19 12:59 - 2040-03-19 12:59 - 00000000 ____D C:\ProgramData\Steinberg
2040-03-19 12:59 - 2040-03-19 12:59 - 00000000 ____D C:\Program Files\Common Files\Steinberg
2034-04-15 16:53 - 2027-04-15 17:05 - 00000000 ____D C:\ProgramData\Syncrosoft
2016-07-28 19:19 - 2016-07-28 19:20 - 00024605 _____ C:\Users\quinp\Downloads\FRST.txt
2016-07-28 19:18 - 2016-07-28 19:19 - 00000000 ____D C:\FRST
2016-07-28 19:18 - 2016-07-28 19:18 - 02394112 _____ (Farbar) C:\Users\quinp\Downloads\FRST64.exe
2016-07-28 19:18 - 2016-07-28 19:18 - 00112640 _____ (forum.viry.cz) C:\Users\quinp\Downloads\Nepotvrzeno 988197.crdownload
2016-07-28 19:17 - 2016-07-28 19:17 - 00112640 _____ (forum.viry.cz) C:\Users\quinp\Downloads\Nepotvrzeno 778353.crdownload
2016-07-27 20:17 - 2016-07-27 20:19 - 00000000 ____D C:\AdwCleaner
2016-07-27 20:15 - 2016-07-27 20:15 - 03712064 _____ C:\Users\quinp\Desktop\adwcleaner_5.201.exe
2016-07-27 13:41 - 2016-07-27 13:41 - 00000000 ____D C:\rsit
2016-07-27 13:40 - 2016-07-27 13:40 - 01222144 _____ C:\Users\quinp\Downloads\RSITx64.exe
2016-07-17 06:31 - 2016-07-17 06:45 - 00000000 ____D C:\Users\quinp\Downloads\Nymfomanka I,II
2016-07-17 06:30 - 2016-07-17 06:30 - 00018296 _____ C:\Users\quinp\Downloads\[CzT]Nymfomanka_cast_I_II_Nymph_maniac_Volume_1_2_Director_s_Cut_2013_.torrent
2016-07-17 00:58 - 2016-07-28 03:21 - 00000000 ___HD C:\$WINDOWS.~BT
2016-07-15 16:11 - 2016-07-15 16:12 - 50009546 _____ C:\Users\quinp\Downloads\Insomnia By LOOPGOONZ 110bpm.wav
2016-07-15 16:03 - 2016-07-15 16:05 - 63041893 _____ C:\Users\quinp\Downloads\1468591369.zip
2016-07-15 16:03 - 2016-07-15 16:05 - 39822981 _____ C:\Users\quinp\Downloads\1468591366.zip
2016-07-15 16:03 - 2016-07-15 16:03 - 00068619 _____ C:\Users\quinp\Downloads\Premium License.pdf
2016-07-15 16:02 - 2016-07-15 16:05 - 61331257 _____ C:\Users\quinp\Downloads\1468591362.zip
2016-07-11 20:32 - 2016-07-11 20:32 - 00002348 _____ C:\Users\quinp\Desktop\Cubase LE AI Elements 7 64bit.lnk
2016-07-11 20:31 - 2016-07-11 20:32 - 00000000 ____D C:\Users\quinp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase LE AI Elements 7 64bit
2016-07-07 06:57 - 2016-07-07 06:57 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-07-07 06:54 - 2016-07-07 06:54 - 00000020 ___SH C:\Users\quinp\ntuser.ini
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default\Šablony
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default\Soubory cookie
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default\Poslední
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default\Okolní tiskárny
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default\Okolní síť
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default\Nabídka Start
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default\Dokumenty
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default\Documents\Obrázky
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default\Documents\Hudba
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default\Documents\Filmy
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default\Data aplikací
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default\AppData\Local\Data aplikací
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default User\Documents\Obrázky
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default User\Documents\Hudba
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default User\Documents\Filmy
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Data aplikací
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 ____D C:\ProgramData\USOShared
2016-07-07 06:50 - 2016-07-27 20:27 - 01299322 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-07-07 06:50 - 2016-07-07 06:51 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2016-07-07 06:50 - 2016-07-07 06:51 - 00007623 _____ C:\WINDOWS\diagerr.xml
2016-07-07 06:48 - 2016-07-27 20:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-07 06:48 - 2016-07-12 20:26 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-07-07 06:48 - 2016-07-07 06:49 - 00003128 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-07-07 06:48 - 2016-07-07 06:49 - 00002804 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-quinplox@hotmail.com
2016-07-07 06:48 - 2016-07-07 06:49 - 00002544 _____ C:\WINDOWS\System32\Tasks\KMS8Server
2016-07-07 06:48 - 2016-07-07 06:48 - 00003504 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-07 06:48 - 2016-07-07 06:48 - 00003280 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-07 06:48 - 2016-07-07 06:48 - 00002578 _____ C:\WINDOWS\System32\Tasks\AutoPico Daily Restart
2016-07-07 06:48 - 2016-07-07 06:48 - 00002200 _____ C:\WINDOWS\System32\Tasks\KMS8
2016-07-07 06:48 - 2016-07-07 06:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-07-06 17:18 - 2016-07-28 03:24 - 00000000 ___DC C:\WINDOWS\Panther
2016-07-06 17:08 - 2016-07-06 17:08 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-07-06 17:08 - 2016-07-06 16:20 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-07-06 17:06 - 2016-07-06 17:06 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2016-07-06 17:06 - 2016-07-06 17:06 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-07-06 17:06 - 2016-07-06 17:06 - 00000000 ____D C:\Program Files\MSBuild
2016-07-06 17:06 - 2016-07-06 17:06 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-07-06 17:06 - 2016-07-06 17:06 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-07-06 17:05 - 2016-05-25 15:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-07-06 17:05 - 2016-05-25 15:31 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-07-06 17:05 - 2016-05-25 15:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-07-06 17:05 - 2016-05-25 15:31 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-07-06 17:05 - 2016-05-25 15:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-07-06 17:05 - 2016-05-25 15:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-07-06 16:37 - 2016-07-06 16:37 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-07-06 16:37 - 2016-07-06 16:37 - 00000000 ____D C:\Users\Default\AppData\Roaming\ATI
2016-07-06 16:37 - 2016-07-06 16:37 - 00000000 ____D C:\Users\Default\AppData\Local\ATI
2016-07-06 16:37 - 2016-07-06 16:37 - 00000000 ____D C:\Users\Default\3D Objects
2016-07-06 16:37 - 2016-07-06 16:37 - 00000000 ____D C:\Users\Default User\AppData\Roaming\ATI
2016-07-06 16:37 - 2016-07-06 16:37 - 00000000 ____D C:\Users\Default User\AppData\Local\ATI
2016-07-06 16:32 - 2016-07-06 16:32 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-07-06 16:30 - 2016-07-07 06:54 - 00000000 ____D C:\Users\quinp
2016-07-06 16:30 - 2016-07-06 16:30 - 00000000 _SHDL C:\Users\quinp\Šablony
2016-07-06 16:30 - 2016-07-06 16:30 - 00000000 _SHDL C:\Users\quinp\Soubory cookie
2016-07-06 16:30 - 2016-07-06 16:30 - 00000000 _SHDL C:\Users\quinp\Poslední
2016-07-06 16:30 - 2016-07-06 16:30 - 00000000 _SHDL C:\Users\quinp\Okolní tiskárny
2016-07-06 16:30 - 2016-07-06 16:30 - 00000000 _SHDL C:\Users\quinp\Okolní síť
2016-07-06 16:30 - 2016-07-06 16:30 - 00000000 _SHDL C:\Users\quinp\Nabídka Start
2016-07-06 16:30 - 2016-07-06 16:30 - 00000000 _SHDL C:\Users\quinp\Dokumenty
2016-07-06 16:30 - 2016-07-06 16:30 - 00000000 _SHDL C:\Users\quinp\Documents\Obrázky
2016-07-06 16:30 - 2016-07-06 16:30 - 00000000 _SHDL C:\Users\quinp\Documents\Hudba
2016-07-06 16:30 - 2016-07-06 16:30 - 00000000 _SHDL C:\Users\quinp\Documents\Filmy
2016-07-06 16:30 - 2016-07-06 16:30 - 00000000 _SHDL C:\Users\quinp\Data aplikací
2016-07-06 16:30 - 2016-07-06 16:30 - 00000000 _SHDL C:\Users\quinp\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2016-07-06 16:30 - 2016-07-06 16:30 - 00000000 _SHDL C:\Users\quinp\AppData\Local\Data aplikací
2016-07-06 16:24 - 2016-07-27 20:21 - 00000000 ____D C:\ProgramData\NVIDIA
2016-07-06 16:24 - 2016-07-06 16:24 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-07-06 16:24 - 2016-07-06 16:24 - 00000000 ____D C:\Program Files\Realtek
2016-07-06 16:24 - 2016-06-21 17:40 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-07-06 16:24 - 2016-05-18 04:50 - 06346688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-07-06 16:24 - 2016-05-18 04:50 - 02454976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-07-06 16:24 - 2016-05-18 04:50 - 01764408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-07-06 16:24 - 2016-05-18 04:50 - 01351104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-07-06 16:24 - 2016-05-18 04:50 - 00531904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-07-06 16:24 - 2016-05-18 04:50 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-07-06 16:24 - 2016-05-18 04:50 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-07-06 16:24 - 2016-05-18 04:50 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-07-06 16:24 - 2016-05-13 13:14 - 06434273 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-07-06 16:23 - 2016-07-06 16:33 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-07-06 16:23 - 2016-07-06 16:33 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-07-06 16:23 - 2016-07-06 16:33 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-07-06 16:23 - 2016-07-06 16:23 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2016-07-06 16:23 - 2016-07-06 16:23 - 00000000 ____D C:\Program Files\Synaptics
2016-07-06 16:20 - 2016-07-28 04:50 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-07-06 16:20 - 2016-07-27 20:21 - 05009248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-07-02 20:00 - 2016-07-02 20:02 - 60347386 _____ C:\Users\quinp\Downloads\PREACH-2 (3).wav
2016-07-02 20:00 - 2016-07-02 20:02 - 60347386 _____ C:\Users\quinp\Downloads\PREACH-2 (2).wav
2016-07-02 20:00 - 2016-07-02 20:02 - 60347386 _____ C:\Users\quinp\Downloads\PREACH-2 (1).wav
2016-06-28 19:54 - 2016-06-28 19:54 - 02189732 _____ C:\Users\quinp\Downloads\DyScratch_1_2_demo.zip
2016-06-28 19:46 - 2016-06-28 19:46 - 02595535 _____ C:\Users\quinp\Downloads\scratch-it.zip
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2040-03-19 13:02 - 2015-07-16 20:34 - 00000000 ____D C:\Users\quinp\AppData\Roaming\Steinberg
2034-04-15 16:53 - 2015-07-16 20:33 - 00000000 ____D C:\ProgramData\eLicenser
2027-04-15 17:05 - 2015-07-16 20:35 - 00002892 _____ () C:\WINDOWS\SysWOW64\audcon.sys
2020-06-25 16:41 - 2016-03-22 22:31 - 00000000 ____D C:\Users\quinp\Downloads\Muzika Programy
2016-07-28 18:34 - 2016-06-21 18:03 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-28 18:34 - 2016-06-21 18:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-07-28 18:30 - 2016-06-23 17:05 - 00000000 ____D C:\Program Files (x86)\Steam
2016-07-28 03:12 - 2015-07-01 22:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-07-28 03:08 - 2015-07-02 11:59 - 00000000 ____D C:\Users\quinp\AppData\Local\Adobe
2016-07-28 03:06 - 2015-07-01 22:10 - 144749672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-07-27 20:27 - 2016-06-22 04:04 - 00364900 _____ C:\WINDOWS\system32\perfh005.dat
2016-07-27 20:27 - 2016-06-22 04:04 - 00057068 _____ C:\WINDOWS\system32\perfc005.dat
2016-07-27 20:23 - 2015-07-07 16:49 - 00000000 ____D C:\Users\quinp\AppData\Local\HTC MediaHub
2016-07-27 20:21 - 2016-02-18 11:12 - 00000552 __RSH C:\ProgramData\ntuser.pol
2016-07-27 20:20 - 2016-06-21 12:32 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-07-27 20:19 - 2016-05-29 15:58 - 00001375 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-27 20:19 - 2016-05-29 15:58 - 00001363 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-07-27 20:19 - 2015-07-02 00:20 - 00001130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-07-27 20:19 - 2015-07-02 00:20 - 00001118 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-07-27 13:41 - 2015-12-11 21:52 - 00000000 ____D C:\Program Files\trend micro
2016-07-26 18:26 - 2016-06-21 17:54 - 00000000 ____D C:\WINDOWS\INF
2016-07-23 13:13 - 2016-02-29 21:49 - 00000000 ____D C:\FFOutput
2016-07-22 02:40 - 2015-07-28 11:45 - 00000000 ____D C:\Users\quinp\AppData\Roaming\vlc
2016-07-20 18:56 - 2016-06-21 18:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-07-20 18:55 - 2015-07-01 22:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-07-17 20:02 - 2015-07-27 22:19 - 00000000 ____D C:\Users\quinp\Downloads\utorrent-portable
2016-07-12 20:26 - 2015-07-06 01:17 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-11 20:38 - 2016-06-21 17:33 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-07-11 20:31 - 2016-04-15 16:51 - 00000049 _____ C:\WINDOWS\SysWOW64\SYNSOPOS.exe.cfg
2016-07-11 20:31 - 2016-04-15 16:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser
2016-07-11 20:31 - 2015-07-16 20:34 - 00000000 ____D C:\Program Files\Steinberg
2016-07-08 06:27 - 2016-06-21 18:03 - 00000000 ____D C:\WINDOWS\appcompat
2016-07-07 08:56 - 2015-07-01 22:12 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-07-07 07:01 - 2015-07-01 21:56 - 00002432 _____ C:\Users\quinp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-07-07 07:01 - 2015-07-01 21:56 - 00000000 ___RD C:\Users\quinp\OneDrive
2016-07-07 06:54 - 2015-07-01 21:55 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-07-07 06:53 - 2016-06-21 18:03 - 00000000 ____D C:\WINDOWS\rescache
2016-07-07 06:52 - 2016-06-21 18:03 - 00000000 ____D C:\ProgramData\USOPrivate
2016-07-07 06:52 - 2016-06-21 18:03 - 00000000 ____D C:\Program Files\Windows NT
2016-07-07 06:52 - 2016-06-21 12:32 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-07-07 06:49 - 2016-06-21 18:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-07-07 06:49 - 2016-06-21 18:03 - 00000000 ____D C:\WINDOWS\Registration
2016-07-07 06:49 - 2016-06-11 14:18 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-07-07 06:49 - 2015-07-07 11:34 - 00023020 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-07-07 06:46 - 2016-06-21 18:03 - 00000000 __RHD C:\Users\Public\Libraries
2016-07-06 17:18 - 2016-06-21 18:04 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-07-06 17:06 - 2016-06-21 18:03 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-07-06 17:06 - 2016-06-21 18:03 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-07-06 17:06 - 2016-06-21 17:44 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2016-07-06 17:06 - 2016-06-21 17:44 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2016-07-06 17:06 - 2016-06-21 17:44 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2016-07-06 17:06 - 2016-06-21 17:44 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2016-07-06 17:06 - 2016-06-21 17:44 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2016-07-06 17:06 - 2016-06-21 17:44 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2016-07-06 17:06 - 2016-06-21 17:44 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2016-07-06 17:06 - 2016-06-21 17:44 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2016-07-06 17:06 - 2016-06-21 17:44 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2016-07-06 17:06 - 2016-06-21 17:44 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2016-07-06 17:06 - 2016-06-21 17:44 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2016-07-06 17:06 - 2016-06-21 17:44 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2016-07-06 17:06 - 2016-06-21 17:44 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2016-07-06 17:06 - 2016-06-21 17:44 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2016-07-06 17:06 - 2016-06-21 17:44 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2016-07-06 17:06 - 2016-06-21 17:44 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2016-07-06 17:06 - 2016-06-21 17:44 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2016-07-06 17:06 - 2016-06-21 17:44 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2016-07-06 16:39 - 2016-06-25 22:11 - 00000000 ____D C:\Users\quinp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2016-07-06 16:39 - 2016-06-11 20:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-07-06 16:39 - 2016-06-08 10:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macro Recorder
2016-07-06 16:39 - 2016-05-27 12:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Artisteer 4
2016-07-06 16:39 - 2016-05-27 10:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2016-07-06 16:39 - 2016-03-22 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antares Audio Technologies
2016-07-06 16:39 - 2016-03-19 15:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves
2016-07-06 16:39 - 2016-03-18 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-07-06 16:39 - 2016-03-07 21:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-07-06 16:39 - 2016-01-26 14:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAXON
2016-07-06 16:39 - 2015-11-25 09:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2016-07-06 16:39 - 2015-09-27 09:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2016-07-06 16:39 - 2015-09-26 08:08 - 00000000 ____D C:\Users\quinp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2016-07-06 16:39 - 2015-09-26 08:06 - 00000000 ____D C:\Users\quinp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2016-07-06 16:39 - 2015-09-26 08:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2016-07-06 16:39 - 2015-08-15 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Celtx
2016-07-06 16:39 - 2015-07-28 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-07-06 16:39 - 2015-07-17 01:10 - 00000000 ____D C:\Users\quinp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-07-06 16:39 - 2015-07-17 01:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-07-06 16:39 - 2015-07-08 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office 2016
2016-07-06 16:39 - 2015-07-07 12:03 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-07-06 16:39 - 2015-07-01 23:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-07-06 16:37 - 2016-06-11 05:33 - 00000000 ____D C:\Users\Default.migrated
2016-07-06 16:34 - 2016-06-21 18:03 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-07-06 16:34 - 2016-06-21 18:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-07-06 16:34 - 2016-06-21 18:03 - 00000000 ____D C:\WINDOWS\system32\spool
2016-07-06 16:34 - 2016-06-21 18:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-07-06 16:34 - 2016-06-12 00:08 - 00000000 __RSD C:\WINDOWS\system32\WindowsDevicePortal
2016-07-06 16:34 - 2016-06-12 00:08 - 00000000 ___RD C:\WINDOWS\WebManagement
2016-07-06 16:33 - 2016-06-21 18:03 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-07-06 16:33 - 2016-06-21 18:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-07-06 16:33 - 2016-06-21 18:03 - 00000000 ____D C:\WINDOWS\IME
2016-07-06 16:33 - 2016-06-21 18:03 - 00000000 ____D C:\Program Files\Common Files\System
2016-07-06 16:33 - 2016-06-21 18:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-07-06 16:33 - 2016-03-22 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope
2016-07-06 16:33 - 2016-03-18 19:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focusrite
2016-07-06 16:33 - 2015-07-19 07:05 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-07-06 16:33 - 2015-07-07 16:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
2016-07-06 16:32 - 2015-05-23 15:06 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-07-06 16:31 - 2016-04-19 12:11 - 00000000 ____D C:\Users\quinp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antares Audio Technologies
2016-07-06 16:31 - 2015-07-01 21:55 - 00000000 ____D C:\Users\quinp\AppData\Local\Packages
2016-07-06 16:27 - 2016-06-21 12:32 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-07-06 16:25 - 2016-06-21 18:03 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-07-06 16:25 - 2016-06-21 18:03 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-07-06 16:25 - 2016-06-21 18:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-07-06 16:24 - 2016-06-21 18:03 - 00000000 ____D C:\WINDOWS\Help
2016-07-06 16:24 - 2015-07-07 16:46 - 00000000 ____D C:\Temp
2016-06-28 19:46 - 2016-03-19 09:25 - 00000000 ____D C:\Program Files (x86)\VSTPlugIns
==================== Files in the root of some directories =======
2016-03-22 22:01 - 2016-03-19 15:20 - 1781760 _____ (Waves Audio Ltd.) C:\Program Files (x86)\Common Files\WaveShell-VST3 9.3.vst3
2016-03-22 22:01 - 2016-03-19 15:20 - 7246336 _____ (Waves Audio Ltd.) C:\Program Files (x86)\Common Files\WaveShell-VST3 9.61.vst3
2016-05-15 19:30 - 2016-05-15 19:30 - 51703104 _____ () C:\Users\quinp\AppData\Roaming\chport.exe
2016-05-15 19:29 - 2016-05-15 19:29 - 240398848 _____ () C:\Users\quinp\AppData\Roaming\Launcher.dat
2015-12-29 23:07 - 2015-12-29 23:07 - 0000098 _____ () C:\Users\quinp\AppData\Roaming\nuvotonISP.lua
2016-05-15 19:29 - 2016-05-15 19:29 - 0000009 _____ () C:\Users\quinp\AppData\Roaming\update.dat
2015-11-15 20:45 - 2016-04-11 23:23 - 0001480 _____ () C:\Users\quinp\AppData\Local\Adobe Uložit pro web 13.0 Prefs
Some files in TEMP:
====================
C:\Users\quinp\AppData\Local\Temp\libeay32.dll
C:\Users\quinp\AppData\Local\Temp\msvcr120.dll
C:\Users\quinp\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-07-20 19:26
==================== End of FRST.txt ============================
Ran by quinp (administrator) on WIN-OI7C9QIUQQO (28-07-2016 19:19:23)
Running from C:\Users\quinp\Downloads
Loaded Profiles: quinp (Available Profiles: quinp)
Platform: Windows 10 Pro Insider Preview Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Microsoft Corporation) C:\Windows\System32\wimserv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.5.155.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-07-01] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-05-05] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-03-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [629248 2016-06-21] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2380480 2016-06-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [953880 2016-04-12] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [HDD Regenerator] => "C:\Program Files (x86)\HDD Regenerator\Shell.exe" /1
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1094651592-460179214-1795114754-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-1094651592-460179214-1795114754-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [953880 2016-04-12] (BlueStack Systems, Inc.)
HKU\S-1-5-21-1094651592-460179214-1795114754-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2851408 2016-07-09] (Valve Corporation)
HKU\S-1-5-21-1094651592-460179214-1795114754-1001\...\MountPoints2: {240347ce-c6b6-11e5-b6cb-001a4d496548} - "I:\setup.exe"
ShellExecuteHooks: - {7AD1C0F5-07A2-40E5-8608-C6EAA0FF362F} - No File [ ]
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [S-1-5-21-1094651592-460179214-1795114754-1001] => hxxp://un-stop.info/wpad.dat?da580d3bb1122016f16cce63d9e05e1a11320387
Tcpip\Parameters: [DhcpNameServer] 213.192.60.5 8.8.8.8
Tcpip\..\Interfaces\{147ca30a-36f0-485c-80ac-b28089cf6e0c}: [DhcpNameServer] 213.192.60.5 8.8.8.8
Tcpip\..\Interfaces\{eaaca85b-3f3e-4ae6-8057-c1c573fb1fb4}: [NameServer] 192.168.0.1
ManualProxies: 0hxxp://un-stop.info/wpad.dat?da580d3bb1122016f16cce63d9e05e1a11320387
Internet Explorer:
==================
HKU\S-1-5-21-1094651592-460179214-1795114754-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131093593238102861&GUID=01500A0E-118A-4BC5-B723-C85D7603317C
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-07-20] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-07-20] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-20] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-20] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-20] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-20] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default
FF NewTab: hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqB3UlBHAmBU..&v=20160531&uid=786DD4E0F4460915E8B227F771829F50&ptid=qca&mode=loadm
FF DefaultSearchEngine: cloudfront
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=cloudfront
FF Homepage: hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqB3UlBHAmBU..&v=20160531&uid=786DD4E0F4460915E8B227F771829F50&ptid=qca&mode=loadm
FF Keyword.URL: hxxp://d2ucfwpxlh3zh3.cloudfront.net/chrome.php?uid=786DD4E0F4460915E8B227F771829F50&ptid=qca&ts=AHEqB3UlBHAmBU..&v=20160531&mode=ffexttoolbar&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-29] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-06-08] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-29] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-07-20] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-05-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-05-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-06-08] (Adobe Systems)
FF SearchPlugin: C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\searchplugins\md9zgfyj.xml [2016-06-01]
FF Extension: Forge Of Empire Bot - C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\extensions\foebot@foebot.fr [2016-06-01]
FF Extension: Forge Of Empire Bot - C:\Users\quinp\AppData\Roaming\Mozilla\Firefox\Profiles\w51idqk1.default\Extensions\foebot@foebot.fr [2016-05-05]
FF Extension: Video DownloadHelper - C:\Users\quinp\AppData\Roaming\Mozilla\Firefox\Profiles\w51idqk1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-24]
FF Extension: Adblock Plus - C:\Users\quinp\AppData\Roaming\Mozilla\Firefox\Profiles\w51idqk1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]
FF Extension: GsearchFinder - C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-05-31]
FF Extension: Video DownloadHelper - C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-24]
FF Extension: Adblock Plus - C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]
Chrome:
=======
CHR HomePage: ChromeDefaultData -> hxxp://www.google.cz/
CHR StartupUrls: ChromeDefaultData -> "hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqB3UlBHAmBU..&v=20160531&uid=786DD4E0F4460915E8B227F771829F50&ptid=qca&mode=loadm"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://d2ucfwpxlh3zh3.cloudfront.net/chrome.php?q={searchTerms}&ts=AHEqB3UlBHAmBU..&v=20160531&uid=786DD4E0F4460915E8B227F771829F50&ptid=qca&mode=loadm
CHR DefaultSearchKeyword: ChromeDefaultData -> hohosearch
CHR Session Restore: ChromeDefaultData -> is enabled.
CHR Profile: C:\Users\quinp\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
CHR Extension: (Prezentace Google) - C:\Users\quinp\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-29]
CHR Extension: (Dokumenty Google) - C:\Users\quinp\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-29]
CHR Extension: (Disk Google) - C:\Users\quinp\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-29]
CHR Extension: (YouTube) - C:\Users\quinp\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-29]
CHR Extension: (Tabulky Google) - C:\Users\quinp\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\quinp\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\quinp\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-29]
CHR Extension: (Gmail) - C:\Users\quinp\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-29]
CHR Profile: C:\Users\quinp\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ultimate Discounter) - C:\Users\quinp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckcmdpmhiekiihmfjffdehhbhgllpapg [2016-06-01]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [737984 2016-06-03] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
S4 AppVClient; C:\Windows\system32\AppVClient.exe [807696 2016-06-22] (Microsoft Corporation)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437784 2016-04-12] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417304 2016-04-12] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [433688 2016-04-12] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [921112 2016-04-12] (BlueStack Systems, Inc.)
S2 CDPUserSvc; C:\Windows\System32\CDPUserSvc.dll [317952 2016-06-21] (Microsoft Corporation)
R2 CDPUserSvc_10c04ff; C:\WINDOWS\system32\svchost.exe [40320 2016-06-21] (Microsoft Corporation)
R2 CDPUserSvc_10c04ff; C:\WINDOWS\SysWOW64\svchost.exe [34616 2016-06-21] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2950856 2016-07-11] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S3 FrameServer; C:\Windows\system32\FrameServer.dll [801280 2016-06-21] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-03-08] (NVIDIA Corporation)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
S3 HvHost; C:\Windows\System32\hvhostsvc.dll [67584 2016-06-21] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-03-08] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-03-08] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-03-08] (NVIDIA Corporation)
S3 ose; c:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [200240 2016-07-09] (Microsoft Corporation) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 RmSvc; C:\Windows\System32\RMapi.dll [141312 2016-06-21] (Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2823168 2016-06-22] (Microsoft Corporation)
S4 shpamsvc; C:\Windows\system32\Windows.SharedPC.AccountManager.dll [161792 2016-06-21] (Microsoft Corporation)
R3 TimeBrokerSvc; C:\Windows\System32\TimeBrokerServer.dll [173056 2016-06-21] (Microsoft Corporation)
S4 UevAgentService; C:\Windows\system32\AgentService.exe [1227264 2016-06-22] (Microsoft Corporation)
S3 vmicrdv; C:\Windows\System32\icsvcext.dll [349696 2016-06-21] (Microsoft Corporation)
S3 vmicvss; C:\Windows\System32\icsvcext.dll [349696 2016-06-21] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [333584 2016-06-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [91368 2016-06-21] (Microsoft Corporation)
S3 wisvc; C:\Windows\system32\flightsettings.dll [614400 2016-06-21] (Microsoft Corporation)
S3 WpnUserService; C:\Windows\System32\WpnUserService.dll [74240 2016-06-21] (Microsoft Corporation)
S3 WpnUserService_10c04ff; C:\WINDOWS\system32\svchost.exe [40320 2016-06-21] (Microsoft Corporation)
S3 WpnUserService_10c04ff; C:\WINDOWS\SysWOW64\svchost.exe [34616 2016-06-21] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AcpiDev; C:\Windows\System32\drivers\AcpiDev.sys [18432 2016-06-21] (Microsoft Corporation)
S3 applockerfltr; C:\Windows\System32\drivers\applockerfltr.sys [15360 2016-06-21] (Microsoft Corporation)
S3 AppvStrm; C:\Windows\system32\drivers\AppvStrm.sys [122128 2016-06-22] (Microsoft Corporation)
S3 AppvVemgr; C:\Windows\system32\drivers\AppvVemgr.sys [152848 2016-06-22] (Microsoft Corporation)
S3 AppvVfs; C:\Windows\system32\drivers\AppvVfs.sys [136976 2016-06-22] (Microsoft Corporation)
S0 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [529680 2016-06-21] (QLogic Corporation)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-04-12] (BlueStack Systems)
R2 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2016-04-06] (Bluestack System Inc. )
S3 cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [342800 2016-06-21] (Chelsio Communications)
S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [2099984 2016-06-21] (Chelsio Communications)
R2 clreg; C:\Windows\System32\drivers\registry.sys [70144 2016-06-21] (Microsoft Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-09-27] (Disc Soft Ltd)
R3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
S3 hvservice; C:\Windows\System32\drivers\hvservice.sys [69392 2016-06-21] (Microsoft Corporation)
S3 IndirectKmd; C:\Windows\System32\drivers\IndirectKmd.sys [35840 2016-06-21] (Microsoft Corporation)
R0 iorate; C:\Windows\System32\drivers\iorate.sys [40720 2016-06-21] (Microsoft Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-11] (Malwarebytes)
S3 MsSecFlt; C:\Windows\System32\drivers\mssecflt.sys [174352 2016-06-22] (Microsoft Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-06-21] ()
R3 netr28ux; C:\Windows\system32\DRIVERS\netr28ux.sys [2244944 2016-05-09] (MediaTek Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-03-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2016-03-08] (NVIDIA Corporation)
S0 percsas2i; C:\Windows\System32\drivers\percsas2i.sys [54544 2016-06-21] (Avago Technologies)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-06-21] (Realtek )
S0 scmbus; C:\Windows\System32\drivers\scmbus.sys [84240 2016-06-21] (Microsoft Corporation)
S3 scmdisk0101; C:\Windows\System32\drivers\scmdisk0101.sys [123904 2016-06-21] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-23] (Synaptics Incorporated)
S3 UcmTcpciCx0101; C:\Windows\System32\Drivers\UcmTcpciCx.sys [108544 2016-06-21] (Microsoft Corporation)
S4 UevAgentDriver; C:\Windows\system32\drivers\UevAgentDriver.sys [36112 2016-06-22] (Microsoft Corporation)
R3 vmgid; C:\Windows\System32\drivers\vmgid.sys [10240 2016-06-21] (Microsoft Corporation)
R0 volume; C:\Windows\System32\drivers\volume.sys [12048 2016-06-21] (Microsoft Corporation)
R2 wcifs; C:\Windows\system32\drivers\wcifs.sys [114960 2016-06-21] (Microsoft Corporation)
R2 wcnfs; C:\Windows\system32\drivers\wcnfs.sys [66560 2016-06-21] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [40256 2016-06-21] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [284944 2016-06-21] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117520 2016-06-21] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVC: shpamsvc -> C:\Windows\system32\Windows.SharedPC.AccountManager.dll (Microsoft Corporation)
NETSVC: wisvc -> C:\Windows\system32\flightsettings.dll (Microsoft Corporation)
NETSVC: WpnService -> C:\Windows\system32\WpnService.dll (Microsoft Corporation)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2040-03-19 13:02 - 2016-07-23 13:05 - 00000000 ____D C:\Users\quinp\Documents\Cubase LE AI Elements Projects
2040-03-19 13:02 - 2016-03-30 13:00 - 00000000 ____D C:\Users\quinp\Documents\Steinberg
2040-03-19 13:01 - 2016-04-19 12:21 - 00000000 ____D C:\Users\quinp\Documents\VST3 Presets
2040-03-19 12:59 - 2040-03-19 12:59 - 00000000 ____D C:\ProgramData\Steinberg
2040-03-19 12:59 - 2040-03-19 12:59 - 00000000 ____D C:\Program Files\Common Files\Steinberg
2034-04-15 16:53 - 2027-04-15 17:05 - 00000000 ____D C:\ProgramData\Syncrosoft
2016-07-28 19:19 - 2016-07-28 19:20 - 00024605 _____ C:\Users\quinp\Downloads\FRST.txt
2016-07-28 19:18 - 2016-07-28 19:19 - 00000000 ____D C:\FRST
2016-07-28 19:18 - 2016-07-28 19:18 - 02394112 _____ (Farbar) C:\Users\quinp\Downloads\FRST64.exe
2016-07-28 19:18 - 2016-07-28 19:18 - 00112640 _____ (forum.viry.cz) C:\Users\quinp\Downloads\Nepotvrzeno 988197.crdownload
2016-07-28 19:17 - 2016-07-28 19:17 - 00112640 _____ (forum.viry.cz) C:\Users\quinp\Downloads\Nepotvrzeno 778353.crdownload
2016-07-27 20:17 - 2016-07-27 20:19 - 00000000 ____D C:\AdwCleaner
2016-07-27 20:15 - 2016-07-27 20:15 - 03712064 _____ C:\Users\quinp\Desktop\adwcleaner_5.201.exe
2016-07-27 13:41 - 2016-07-27 13:41 - 00000000 ____D C:\rsit
2016-07-27 13:40 - 2016-07-27 13:40 - 01222144 _____ C:\Users\quinp\Downloads\RSITx64.exe
2016-07-17 06:31 - 2016-07-17 06:45 - 00000000 ____D C:\Users\quinp\Downloads\Nymfomanka I,II
2016-07-17 06:30 - 2016-07-17 06:30 - 00018296 _____ C:\Users\quinp\Downloads\[CzT]Nymfomanka_cast_I_II_Nymph_maniac_Volume_1_2_Director_s_Cut_2013_.torrent
2016-07-17 00:58 - 2016-07-28 03:21 - 00000000 ___HD C:\$WINDOWS.~BT
2016-07-15 16:11 - 2016-07-15 16:12 - 50009546 _____ C:\Users\quinp\Downloads\Insomnia By LOOPGOONZ 110bpm.wav
2016-07-15 16:03 - 2016-07-15 16:05 - 63041893 _____ C:\Users\quinp\Downloads\1468591369.zip
2016-07-15 16:03 - 2016-07-15 16:05 - 39822981 _____ C:\Users\quinp\Downloads\1468591366.zip
2016-07-15 16:03 - 2016-07-15 16:03 - 00068619 _____ C:\Users\quinp\Downloads\Premium License.pdf
2016-07-15 16:02 - 2016-07-15 16:05 - 61331257 _____ C:\Users\quinp\Downloads\1468591362.zip
2016-07-11 20:32 - 2016-07-11 20:32 - 00002348 _____ C:\Users\quinp\Desktop\Cubase LE AI Elements 7 64bit.lnk
2016-07-11 20:31 - 2016-07-11 20:32 - 00000000 ____D C:\Users\quinp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase LE AI Elements 7 64bit
2016-07-07 06:57 - 2016-07-07 06:57 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-07-07 06:54 - 2016-07-07 06:54 - 00000020 ___SH C:\Users\quinp\ntuser.ini
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default\Šablony
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default\Soubory cookie
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default\Poslední
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default\Okolní tiskárny
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default\Okolní síť
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default\Nabídka Start
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default\Dokumenty
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default\Documents\Obrázky
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default\Documents\Hudba
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default\Documents\Filmy
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default\Data aplikací
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default\AppData\Local\Data aplikací
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default User\Documents\Obrázky
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default User\Documents\Hudba
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default User\Documents\Filmy
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Data aplikací
2016-07-07 06:52 - 2016-07-07 06:52 - 00000000 ____D C:\ProgramData\USOShared
2016-07-07 06:50 - 2016-07-27 20:27 - 01299322 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-07-07 06:50 - 2016-07-07 06:51 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2016-07-07 06:50 - 2016-07-07 06:51 - 00007623 _____ C:\WINDOWS\diagerr.xml
2016-07-07 06:48 - 2016-07-27 20:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-07 06:48 - 2016-07-12 20:26 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-07-07 06:48 - 2016-07-07 06:49 - 00003128 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-07-07 06:48 - 2016-07-07 06:49 - 00002804 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-quinplox@hotmail.com
2016-07-07 06:48 - 2016-07-07 06:49 - 00002544 _____ C:\WINDOWS\System32\Tasks\KMS8Server
2016-07-07 06:48 - 2016-07-07 06:48 - 00003504 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-07 06:48 - 2016-07-07 06:48 - 00003280 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-07 06:48 - 2016-07-07 06:48 - 00002578 _____ C:\WINDOWS\System32\Tasks\AutoPico Daily Restart
2016-07-07 06:48 - 2016-07-07 06:48 - 00002200 _____ C:\WINDOWS\System32\Tasks\KMS8
2016-07-07 06:48 - 2016-07-07 06:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-07-06 17:18 - 2016-07-28 03:24 - 00000000 ___DC C:\WINDOWS\Panther
2016-07-06 17:08 - 2016-07-06 17:08 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-07-06 17:08 - 2016-07-06 16:20 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-07-06 17:06 - 2016-07-06 17:06 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2016-07-06 17:06 - 2016-07-06 17:06 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-07-06 17:06 - 2016-07-06 17:06 - 00000000 ____D C:\Program Files\MSBuild
2016-07-06 17:06 - 2016-07-06 17:06 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-07-06 17:06 - 2016-07-06 17:06 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-07-06 17:05 - 2016-05-25 15:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-07-06 17:05 - 2016-05-25 15:31 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-07-06 17:05 - 2016-05-25 15:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-07-06 17:05 - 2016-05-25 15:31 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-07-06 17:05 - 2016-05-25 15:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-07-06 17:05 - 2016-05-25 15:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-07-06 16:37 - 2016-07-06 16:37 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-07-06 16:37 - 2016-07-06 16:37 - 00000000 ____D C:\Users\Default\AppData\Roaming\ATI
2016-07-06 16:37 - 2016-07-06 16:37 - 00000000 ____D C:\Users\Default\AppData\Local\ATI
2016-07-06 16:37 - 2016-07-06 16:37 - 00000000 ____D C:\Users\Default\3D Objects
2016-07-06 16:37 - 2016-07-06 16:37 - 00000000 ____D C:\Users\Default User\AppData\Roaming\ATI
2016-07-06 16:37 - 2016-07-06 16:37 - 00000000 ____D C:\Users\Default User\AppData\Local\ATI
2016-07-06 16:32 - 2016-07-06 16:32 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-07-06 16:30 - 2016-07-07 06:54 - 00000000 ____D C:\Users\quinp
2016-07-06 16:30 - 2016-07-06 16:30 - 00000000 _SHDL C:\Users\quinp\Šablony
2016-07-06 16:30 - 2016-07-06 16:30 - 00000000 _SHDL C:\Users\quinp\Soubory cookie
2016-07-06 16:30 - 2016-07-06 16:30 - 00000000 _SHDL C:\Users\quinp\Poslední
2016-07-06 16:30 - 2016-07-06 16:30 - 00000000 _SHDL C:\Users\quinp\Okolní tiskárny
2016-07-06 16:30 - 2016-07-06 16:30 - 00000000 _SHDL C:\Users\quinp\Okolní síť
2016-07-06 16:30 - 2016-07-06 16:30 - 00000000 _SHDL C:\Users\quinp\Nabídka Start
2016-07-06 16:30 - 2016-07-06 16:30 - 00000000 _SHDL C:\Users\quinp\Dokumenty
2016-07-06 16:30 - 2016-07-06 16:30 - 00000000 _SHDL C:\Users\quinp\Documents\Obrázky
2016-07-06 16:30 - 2016-07-06 16:30 - 00000000 _SHDL C:\Users\quinp\Documents\Hudba
2016-07-06 16:30 - 2016-07-06 16:30 - 00000000 _SHDL C:\Users\quinp\Documents\Filmy
2016-07-06 16:30 - 2016-07-06 16:30 - 00000000 _SHDL C:\Users\quinp\Data aplikací
2016-07-06 16:30 - 2016-07-06 16:30 - 00000000 _SHDL C:\Users\quinp\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2016-07-06 16:30 - 2016-07-06 16:30 - 00000000 _SHDL C:\Users\quinp\AppData\Local\Data aplikací
2016-07-06 16:24 - 2016-07-27 20:21 - 00000000 ____D C:\ProgramData\NVIDIA
2016-07-06 16:24 - 2016-07-06 16:24 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-07-06 16:24 - 2016-07-06 16:24 - 00000000 ____D C:\Program Files\Realtek
2016-07-06 16:24 - 2016-06-21 17:40 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-07-06 16:24 - 2016-05-18 04:50 - 06346688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-07-06 16:24 - 2016-05-18 04:50 - 02454976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-07-06 16:24 - 2016-05-18 04:50 - 01764408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-07-06 16:24 - 2016-05-18 04:50 - 01351104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-07-06 16:24 - 2016-05-18 04:50 - 00531904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-07-06 16:24 - 2016-05-18 04:50 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-07-06 16:24 - 2016-05-18 04:50 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-07-06 16:24 - 2016-05-18 04:50 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-07-06 16:24 - 2016-05-13 13:14 - 06434273 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-07-06 16:23 - 2016-07-06 16:33 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-07-06 16:23 - 2016-07-06 16:33 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-07-06 16:23 - 2016-07-06 16:33 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-07-06 16:23 - 2016-07-06 16:23 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2016-07-06 16:23 - 2016-07-06 16:23 - 00000000 ____D C:\Program Files\Synaptics
2016-07-06 16:20 - 2016-07-28 04:50 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-07-06 16:20 - 2016-07-27 20:21 - 05009248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-07-02 20:00 - 2016-07-02 20:02 - 60347386 _____ C:\Users\quinp\Downloads\PREACH-2 (3).wav
2016-07-02 20:00 - 2016-07-02 20:02 - 60347386 _____ C:\Users\quinp\Downloads\PREACH-2 (2).wav
2016-07-02 20:00 - 2016-07-02 20:02 - 60347386 _____ C:\Users\quinp\Downloads\PREACH-2 (1).wav
2016-06-28 19:54 - 2016-06-28 19:54 - 02189732 _____ C:\Users\quinp\Downloads\DyScratch_1_2_demo.zip
2016-06-28 19:46 - 2016-06-28 19:46 - 02595535 _____ C:\Users\quinp\Downloads\scratch-it.zip
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2040-03-19 13:02 - 2015-07-16 20:34 - 00000000 ____D C:\Users\quinp\AppData\Roaming\Steinberg
2034-04-15 16:53 - 2015-07-16 20:33 - 00000000 ____D C:\ProgramData\eLicenser
2027-04-15 17:05 - 2015-07-16 20:35 - 00002892 _____ () C:\WINDOWS\SysWOW64\audcon.sys
2020-06-25 16:41 - 2016-03-22 22:31 - 00000000 ____D C:\Users\quinp\Downloads\Muzika Programy
2016-07-28 18:34 - 2016-06-21 18:03 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-28 18:34 - 2016-06-21 18:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-07-28 18:30 - 2016-06-23 17:05 - 00000000 ____D C:\Program Files (x86)\Steam
2016-07-28 03:12 - 2015-07-01 22:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-07-28 03:08 - 2015-07-02 11:59 - 00000000 ____D C:\Users\quinp\AppData\Local\Adobe
2016-07-28 03:06 - 2015-07-01 22:10 - 144749672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-07-27 20:27 - 2016-06-22 04:04 - 00364900 _____ C:\WINDOWS\system32\perfh005.dat
2016-07-27 20:27 - 2016-06-22 04:04 - 00057068 _____ C:\WINDOWS\system32\perfc005.dat
2016-07-27 20:23 - 2015-07-07 16:49 - 00000000 ____D C:\Users\quinp\AppData\Local\HTC MediaHub
2016-07-27 20:21 - 2016-02-18 11:12 - 00000552 __RSH C:\ProgramData\ntuser.pol
2016-07-27 20:20 - 2016-06-21 12:32 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-07-27 20:19 - 2016-05-29 15:58 - 00001375 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-27 20:19 - 2016-05-29 15:58 - 00001363 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-07-27 20:19 - 2015-07-02 00:20 - 00001130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-07-27 20:19 - 2015-07-02 00:20 - 00001118 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-07-27 13:41 - 2015-12-11 21:52 - 00000000 ____D C:\Program Files\trend micro
2016-07-26 18:26 - 2016-06-21 17:54 - 00000000 ____D C:\WINDOWS\INF
2016-07-23 13:13 - 2016-02-29 21:49 - 00000000 ____D C:\FFOutput
2016-07-22 02:40 - 2015-07-28 11:45 - 00000000 ____D C:\Users\quinp\AppData\Roaming\vlc
2016-07-20 18:56 - 2016-06-21 18:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-07-20 18:55 - 2015-07-01 22:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-07-17 20:02 - 2015-07-27 22:19 - 00000000 ____D C:\Users\quinp\Downloads\utorrent-portable
2016-07-12 20:26 - 2015-07-06 01:17 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-11 20:38 - 2016-06-21 17:33 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-07-11 20:31 - 2016-04-15 16:51 - 00000049 _____ C:\WINDOWS\SysWOW64\SYNSOPOS.exe.cfg
2016-07-11 20:31 - 2016-04-15 16:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser
2016-07-11 20:31 - 2015-07-16 20:34 - 00000000 ____D C:\Program Files\Steinberg
2016-07-08 06:27 - 2016-06-21 18:03 - 00000000 ____D C:\WINDOWS\appcompat
2016-07-07 08:56 - 2015-07-01 22:12 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-07-07 07:01 - 2015-07-01 21:56 - 00002432 _____ C:\Users\quinp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-07-07 07:01 - 2015-07-01 21:56 - 00000000 ___RD C:\Users\quinp\OneDrive
2016-07-07 06:54 - 2015-07-01 21:55 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-07-07 06:53 - 2016-06-21 18:03 - 00000000 ____D C:\WINDOWS\rescache
2016-07-07 06:52 - 2016-06-21 18:03 - 00000000 ____D C:\ProgramData\USOPrivate
2016-07-07 06:52 - 2016-06-21 18:03 - 00000000 ____D C:\Program Files\Windows NT
2016-07-07 06:52 - 2016-06-21 12:32 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-07-07 06:49 - 2016-06-21 18:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-07-07 06:49 - 2016-06-21 18:03 - 00000000 ____D C:\WINDOWS\Registration
2016-07-07 06:49 - 2016-06-11 14:18 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-07-07 06:49 - 2015-07-07 11:34 - 00023020 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-07-07 06:46 - 2016-06-21 18:03 - 00000000 __RHD C:\Users\Public\Libraries
2016-07-06 17:18 - 2016-06-21 18:04 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-07-06 17:06 - 2016-06-21 18:03 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-07-06 17:06 - 2016-06-21 18:03 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-07-06 17:06 - 2016-06-21 17:44 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2016-07-06 17:06 - 2016-06-21 17:44 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2016-07-06 17:06 - 2016-06-21 17:44 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2016-07-06 17:06 - 2016-06-21 17:44 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2016-07-06 17:06 - 2016-06-21 17:44 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2016-07-06 17:06 - 2016-06-21 17:44 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2016-07-06 17:06 - 2016-06-21 17:44 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2016-07-06 17:06 - 2016-06-21 17:44 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2016-07-06 17:06 - 2016-06-21 17:44 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2016-07-06 17:06 - 2016-06-21 17:44 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2016-07-06 17:06 - 2016-06-21 17:44 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2016-07-06 17:06 - 2016-06-21 17:44 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2016-07-06 17:06 - 2016-06-21 17:44 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2016-07-06 17:06 - 2016-06-21 17:44 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2016-07-06 17:06 - 2016-06-21 17:44 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2016-07-06 17:06 - 2016-06-21 17:44 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2016-07-06 17:06 - 2016-06-21 17:44 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2016-07-06 17:06 - 2016-06-21 17:44 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2016-07-06 16:39 - 2016-06-25 22:11 - 00000000 ____D C:\Users\quinp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2016-07-06 16:39 - 2016-06-11 20:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-07-06 16:39 - 2016-06-08 10:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macro Recorder
2016-07-06 16:39 - 2016-05-27 12:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Artisteer 4
2016-07-06 16:39 - 2016-05-27 10:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2016-07-06 16:39 - 2016-03-22 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antares Audio Technologies
2016-07-06 16:39 - 2016-03-19 15:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves
2016-07-06 16:39 - 2016-03-18 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-07-06 16:39 - 2016-03-07 21:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-07-06 16:39 - 2016-01-26 14:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAXON
2016-07-06 16:39 - 2015-11-25 09:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2016-07-06 16:39 - 2015-09-27 09:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2016-07-06 16:39 - 2015-09-26 08:08 - 00000000 ____D C:\Users\quinp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2016-07-06 16:39 - 2015-09-26 08:06 - 00000000 ____D C:\Users\quinp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2016-07-06 16:39 - 2015-09-26 08:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2016-07-06 16:39 - 2015-08-15 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Celtx
2016-07-06 16:39 - 2015-07-28 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-07-06 16:39 - 2015-07-17 01:10 - 00000000 ____D C:\Users\quinp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-07-06 16:39 - 2015-07-17 01:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-07-06 16:39 - 2015-07-08 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office 2016
2016-07-06 16:39 - 2015-07-07 12:03 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-07-06 16:39 - 2015-07-01 23:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-07-06 16:37 - 2016-06-11 05:33 - 00000000 ____D C:\Users\Default.migrated
2016-07-06 16:34 - 2016-06-21 18:03 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-07-06 16:34 - 2016-06-21 18:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-07-06 16:34 - 2016-06-21 18:03 - 00000000 ____D C:\WINDOWS\system32\spool
2016-07-06 16:34 - 2016-06-21 18:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-07-06 16:34 - 2016-06-12 00:08 - 00000000 __RSD C:\WINDOWS\system32\WindowsDevicePortal
2016-07-06 16:34 - 2016-06-12 00:08 - 00000000 ___RD C:\WINDOWS\WebManagement
2016-07-06 16:33 - 2016-06-21 18:03 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-07-06 16:33 - 2016-06-21 18:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-07-06 16:33 - 2016-06-21 18:03 - 00000000 ____D C:\WINDOWS\IME
2016-07-06 16:33 - 2016-06-21 18:03 - 00000000 ____D C:\Program Files\Common Files\System
2016-07-06 16:33 - 2016-06-21 18:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-07-06 16:33 - 2016-03-22 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope
2016-07-06 16:33 - 2016-03-18 19:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focusrite
2016-07-06 16:33 - 2015-07-19 07:05 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-07-06 16:33 - 2015-07-07 16:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
2016-07-06 16:32 - 2015-05-23 15:06 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-07-06 16:31 - 2016-04-19 12:11 - 00000000 ____D C:\Users\quinp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antares Audio Technologies
2016-07-06 16:31 - 2015-07-01 21:55 - 00000000 ____D C:\Users\quinp\AppData\Local\Packages
2016-07-06 16:27 - 2016-06-21 12:32 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-07-06 16:25 - 2016-06-21 18:03 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-07-06 16:25 - 2016-06-21 18:03 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-07-06 16:25 - 2016-06-21 18:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-07-06 16:24 - 2016-06-21 18:03 - 00000000 ____D C:\WINDOWS\Help
2016-07-06 16:24 - 2015-07-07 16:46 - 00000000 ____D C:\Temp
2016-06-28 19:46 - 2016-03-19 09:25 - 00000000 ____D C:\Program Files (x86)\VSTPlugIns
==================== Files in the root of some directories =======
2016-03-22 22:01 - 2016-03-19 15:20 - 1781760 _____ (Waves Audio Ltd.) C:\Program Files (x86)\Common Files\WaveShell-VST3 9.3.vst3
2016-03-22 22:01 - 2016-03-19 15:20 - 7246336 _____ (Waves Audio Ltd.) C:\Program Files (x86)\Common Files\WaveShell-VST3 9.61.vst3
2016-05-15 19:30 - 2016-05-15 19:30 - 51703104 _____ () C:\Users\quinp\AppData\Roaming\chport.exe
2016-05-15 19:29 - 2016-05-15 19:29 - 240398848 _____ () C:\Users\quinp\AppData\Roaming\Launcher.dat
2015-12-29 23:07 - 2015-12-29 23:07 - 0000098 _____ () C:\Users\quinp\AppData\Roaming\nuvotonISP.lua
2016-05-15 19:29 - 2016-05-15 19:29 - 0000009 _____ () C:\Users\quinp\AppData\Roaming\update.dat
2015-11-15 20:45 - 2016-04-11 23:23 - 0001480 _____ () C:\Users\quinp\AppData\Local\Adobe Uložit pro web 13.0 Prefs
Some files in TEMP:
====================
C:\Users\quinp\AppData\Local\Temp\libeay32.dll
C:\Users\quinp\AppData\Local\Temp\msvcr120.dll
C:\Users\quinp\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-07-20 19:26
==================== End of FRST.txt ============================
-
Rudy
- Site Admin
- Příspěvky: 119427
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vyskakovací okna ve všech prohlížečích
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKU\S-1-5-21-1094651592-460179214-1795114754-1001\...\MountPoints2: {240347ce-c6b6-11e5-b6cb-001a4d496548} - "I:\setup.exe"
ShellExecuteHooks: - {7AD1C0F5-07A2-40E5-8608-C6EAA0FF362F} - No File [ ]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR DefaultSearchKeyword: ChromeDefaultData -> hohosearch
C:\WINDOWS\System32\Tasks\KMS8Server
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\System32\Tasks\AutoPico Daily Restart
C:\WINDOWS\System32\Tasks\KMS8
C:\Users\quinp\AppData\Local\Temp
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vyskakovací okna ve všech prohlížečích
Fix result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016
Ran by quinp (2016-07-28 20:46:54) Run:1
Running from C:\Users\quinp\Desktop
Loaded Profiles: quinp (Available Profiles: quinp)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKU\S-1-5-21-1094651592-460179214-1795114754-1001\...\MountPoints2: {240347ce-c6b6-11e5-b6cb-001a4d496548} - "I:\setup.exe"
ShellExecuteHooks: - {7AD1C0F5-07A2-40E5-8608-C6EAA0FF362F} - No File [ ]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR DefaultSearchKeyword: ChromeDefaultData -> hohosearch
C:\WINDOWS\System32\Tasks\KMS8Server
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\System32\Tasks\AutoPico Daily Restart
C:\WINDOWS\System32\Tasks\KMS8
C:\Users\quinp\AppData\Local\Temp
End
*****************
"HKU\S-1-5-21-1094651592-460179214-1795114754-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{240347ce-c6b6-11e5-b6cb-001a4d496548}" => key removed successfully
HKCR\CLSID\{240347ce-c6b6-11e5-b6cb-001a4d496548} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{7AD1C0F5-07A2-40E5-8608-C6EAA0FF362F} => value removed successfully
HKCR\CLSID\{7AD1C0F5-07A2-40E5-8608-C6EAA0FF362F} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
Chrome DefaultSearchKeyword => removed successfully
C:\WINDOWS\System32\Tasks\KMS8Server => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\WINDOWS\System32\Tasks\AutoPico Daily Restart => moved successfully
C:\WINDOWS\System32\Tasks\KMS8 => moved successfully
"C:\Users\quinp\AppData\Local\Temp" folder move:
Could not move "C:\Users\quinp\AppData\Local\Temp" => Scheduled to move on reboot.
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-07-28 20:51:55)
"C:\Users\quinp\AppData\Local\Temp" => Could not move
==== End of Fixlog 20:52:04 ====
Ran by quinp (2016-07-28 20:46:54) Run:1
Running from C:\Users\quinp\Desktop
Loaded Profiles: quinp (Available Profiles: quinp)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKU\S-1-5-21-1094651592-460179214-1795114754-1001\...\MountPoints2: {240347ce-c6b6-11e5-b6cb-001a4d496548} - "I:\setup.exe"
ShellExecuteHooks: - {7AD1C0F5-07A2-40E5-8608-C6EAA0FF362F} - No File [ ]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR DefaultSearchKeyword: ChromeDefaultData -> hohosearch
C:\WINDOWS\System32\Tasks\KMS8Server
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\System32\Tasks\AutoPico Daily Restart
C:\WINDOWS\System32\Tasks\KMS8
C:\Users\quinp\AppData\Local\Temp
End
*****************
"HKU\S-1-5-21-1094651592-460179214-1795114754-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{240347ce-c6b6-11e5-b6cb-001a4d496548}" => key removed successfully
HKCR\CLSID\{240347ce-c6b6-11e5-b6cb-001a4d496548} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{7AD1C0F5-07A2-40E5-8608-C6EAA0FF362F} => value removed successfully
HKCR\CLSID\{7AD1C0F5-07A2-40E5-8608-C6EAA0FF362F} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
Chrome DefaultSearchKeyword => removed successfully
C:\WINDOWS\System32\Tasks\KMS8Server => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\WINDOWS\System32\Tasks\AutoPico Daily Restart => moved successfully
C:\WINDOWS\System32\Tasks\KMS8 => moved successfully
"C:\Users\quinp\AppData\Local\Temp" folder move:
Could not move "C:\Users\quinp\AppData\Local\Temp" => Scheduled to move on reboot.
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-07-28 20:51:55)
"C:\Users\quinp\AppData\Local\Temp" => Could not move
==== End of Fixlog 20:52:04 ====
-
Rudy
- Site Admin
- Příspěvky: 119427
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vyskakovací okna ve všech prohlížečích
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vyskakovací okna ve všech prohlížečích
Ne bohužel ne, pořád stejné....jaké mám další možnosti? kromě přeinstalace systému?
-
Rudy
- Site Admin
- Příspěvky: 119427
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vyskakovací okna ve všech prohlížečích
Zkuste tyto skeny:
1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize
Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.
a
2.Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize
autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;
Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.
a
2.Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vyskakovací okna ve všech prohlížečích
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Pro Insider Preview x64
Ran by quinp (Administrator) on 29.07.2016 at 20:22:39,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.07.2016 at 20:24:39,13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Pro Insider Preview x64
Ran by quinp (Administrator) on 29.07.2016 at 20:22:39,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.07.2016 at 20:24:39,13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Re: Vyskakovací okna ve všech prohlížečích
problém stále přetrvává.
-
Rudy
- Site Admin
- Příspěvky: 119427
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vyskakovací okna ve všech prohlížečích
Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vyskakovací okna ve všech prohlížečích
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 29.07.2016
Čas skenování: 21:29
Protokol:
Správce: Ano
Verze: 2.2.1.1043
Databáze malwaru: v2016.07.29.10
Databáze rootkitů: v2016.05.27.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto
OS: Windows 10
CPU: x64
Souborový systém: NTFS
Uživatel: quinp
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 327114
Uplynulý čas: 19 min, 47 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 1
PUP.Optional.HohoSearch, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, , [4f7f9099405adf57e60bf90405fe3cc4],
Hodnoty registru: 5
PUP.Optional.HohoSearch, HKLM\SOFTWARE\MICROSOFT|help, http://d2ucfwpxlh3zh3.cloudfront.net/?t ... mode=nnnbe, , [3b93d1589cfee650b8a731cf54b0e020]
PUP.Optional.HohoSearch, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp, http://d2ucfwpxlh3zh3.cloudfront.net/?t ... =ffsengext, , [4f7f9099405adf57e60bf90405fe3cc4]
PUP.Optional.HohoSearch, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab, http://d2ucfwpxlh3zh3.cloudfront.net/?t ... =ffsengext, , [4a843eeb46541521fcf5feff46bd2ed2]
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, 0http://un-stop.info/wpad.dat?da580d3bb1122016f16cce63d9e05e1a11320387, , [844af4351d7d69cd27202d9d32d016ea]
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-1094651592-460179214-1795114754-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigURL, http://un-stop.info/wpad.dat?da580d3bb1 ... 1a11320387, , [537bfd2c57436dc9172daa20b151e31d]
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 2
PUP.Optional.GsearchFinder, C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi, , [3d91bb6efe9cc076448a4cb11ee5fc04],
PUP.Optional.HohoSearch, C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\searchplugins\md9zgfyj.xml, , [10be8d9cd0ca082e6b6b2974cf35fd03],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
www.malwarebytes.org
Datum skenování: 29.07.2016
Čas skenování: 21:29
Protokol:
Správce: Ano
Verze: 2.2.1.1043
Databáze malwaru: v2016.07.29.10
Databáze rootkitů: v2016.05.27.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto
OS: Windows 10
CPU: x64
Souborový systém: NTFS
Uživatel: quinp
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 327114
Uplynulý čas: 19 min, 47 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 1
PUP.Optional.HohoSearch, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, , [4f7f9099405adf57e60bf90405fe3cc4],
Hodnoty registru: 5
PUP.Optional.HohoSearch, HKLM\SOFTWARE\MICROSOFT|help, http://d2ucfwpxlh3zh3.cloudfront.net/?t ... mode=nnnbe, , [3b93d1589cfee650b8a731cf54b0e020]
PUP.Optional.HohoSearch, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp, http://d2ucfwpxlh3zh3.cloudfront.net/?t ... =ffsengext, , [4f7f9099405adf57e60bf90405fe3cc4]
PUP.Optional.HohoSearch, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab, http://d2ucfwpxlh3zh3.cloudfront.net/?t ... =ffsengext, , [4a843eeb46541521fcf5feff46bd2ed2]
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, 0http://un-stop.info/wpad.dat?da580d3bb1122016f16cce63d9e05e1a11320387, , [844af4351d7d69cd27202d9d32d016ea]
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-1094651592-460179214-1795114754-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigURL, http://un-stop.info/wpad.dat?da580d3bb1 ... 1a11320387, , [537bfd2c57436dc9172daa20b151e31d]
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 2
PUP.Optional.GsearchFinder, C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi, , [3d91bb6efe9cc076448a4cb11ee5fc04],
PUP.Optional.HohoSearch, C:\Users\quinp\AppData\Roaming\Profiles\wl74z2wa.default\searchplugins\md9zgfyj.xml, , [10be8d9cd0ca082e6b6b2974cf35fd03],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
-
Rudy
- Site Admin
- Příspěvky: 119427
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vyskakovací okna ve všech prohlížečích
Změnilo se něco teď?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?