Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Malware instalation

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
MartasK
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 23 pro 2016 18:49

Malware instalation

#1 Příspěvek od MartasK »

Zdravím, chci se jen ujistit, že PC je v pořádku stáhli mi děcka do PC nějaký soubor a otevřeli, hnedka se mi začalo instalovat do PC plno aplikací jako SpeedUpPC a podobná havěť. Odstranil jsem co se dalo a WindowsDefender našel tohle Trojan:Win32/Dynamerlac (Položky: file:C:\Users\Martin\AppData\Local\Temp\RarSFX2\key.exe). Soubor jsem již odstranil.

Stáhl jsem si od Vás FRST a dal scanovat, oba .TXT přikládám k topicu.
Díky

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by Martin (administrator) on MARTIN (23-12-2016 19:03:33)
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Windows 8.1 Pro (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Opera Software) C:\Users\Martin\AppData\Local\Programs\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Users\Martin\AppData\Local\Programs\Opera\42.0.2393.94\opera_crashreporter.exe
(Opera Software) C:\Users\Martin\AppData\Local\Programs\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Users\Martin\AppData\Local\Programs\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Users\Martin\AppData\Local\Programs\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Users\Martin\AppData\Local\Programs\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Users\Martin\AppData\Local\Programs\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Users\Martin\AppData\Local\Programs\Opera\42.0.2393.94\opera.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKU\S-1-5-21-711420153-2017975014-3052516532-1001\...\Run: [Steam] => D:\Games\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-711420153-2017975014-3052516532-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-06-22] (Disc Soft Ltd)
HKU\S-1-5-21-711420153-2017975014-3052516532-1001\...\Run: [World of Tanks] => D:\Games\World_of_Tanks\WargamingGameUpdater.exe [3135752 2016-11-18] (Wargaming.net)
HKU\S-1-5-21-711420153-2017975014-3052516532-1001\...\Run: [tsiVideo] => C:\Windows\SysWOW64\rundll32.exe C:\Users\Martin\AppData\Local\Temp\mdi064.dll,fwnewsdf <===== ATTENTION
HKU\S-1-5-18\...\Run: [] => 0

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 player.kmpmedia.net
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{893BD8AD-5F48-4031-9894-0F64A8F8C0B8}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{AE5073CD-D11C-4E27-BCA1-A201D2E7F333}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-27] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-27] (Oracle Corporation)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-27] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-01] (NVIDIA Corporation)

Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Martin\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-12-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-06-22] (Disc Soft Ltd)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2014-01-28] (Futuremark)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-01] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-11-17] (NVIDIA Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athur; C:\Windows\system32\DRIVERS\athuwbx.sys [2702336 2013-11-20] (Qualcomm Atheros Communications, Inc.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-06-29] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-06-29] (Disc Soft Ltd)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46016 2016-11-17] (NVIDIA Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 WinRing0_1_2_0; C:\DOWNLOAD\programy\CPU temperature\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 TEAM; \SystemRoot\system32\DRIVERS\RtTeam60.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-23 19:03 - 2016-12-23 19:03 - 00008826 _____ C:\Users\Martin\Desktop\FRST.txt
2016-12-23 18:54 - 2016-12-23 19:03 - 00000000 ____D C:\FRST
2016-12-23 18:45 - 2016-12-23 18:45 - 02420736 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2016-12-23 18:22 - 2016-12-23 18:22 - 00000000 ____D C:\Users\Martin\AppData\Local\CrashDumps
2016-12-13 16:49 - 2016-12-13 16:49 - 00000000 ____D C:\Users\Martin\AppData\Local\Chromium
2016-12-10 08:44 - 2016-12-10 08:44 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-12-10 08:44 - 2016-12-01 18:04 - 00134712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-12-10 08:44 - 2016-09-09 19:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-12-10 08:44 - 2016-09-09 19:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll
2016-12-10 08:44 - 2016-09-09 19:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-12-10 08:44 - 2016-09-09 19:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2016-12-10 08:41 - 2016-12-10 08:42 - 00000000 ____D C:\Windows\LastGood
2016-12-10 08:39 - 2016-12-01 20:52 - 40125496 _____ C:\Windows\system32\nvcompiler.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 35222976 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 34703416 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 28137920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 17440744 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 14410120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 14055360 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-12-10 08:39 - 2016-12-01 20:52 - 10912744 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 10795312 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 10346208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 09151400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 08913328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 08754160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 03645496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 03206592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 01951680 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437619.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437619.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 01036736 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 00974272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 00943552 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 00895424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 00894760 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 00683824 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 00573072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 00521096 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 00438208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 00435904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 00407064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 00390200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 00170872 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 00153184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 00148200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 00131536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-11-26 11:11 - 2016-11-30 17:42 - 00000000 ____D C:\Users\Martin\Downloads\Addons
2016-11-24 21:21 - 2016-11-24 21:21 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-11-24 21:20 - 2016-11-17 14:45 - 00101824 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-11-24 21:20 - 2016-11-17 14:45 - 00091584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-11-24 21:20 - 2016-11-17 14:45 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-11-24 20:35 - 2016-11-24 20:41 - 00000000 ____D C:\Users\Martin\Documents\Witcher 2
2016-11-24 20:35 - 2016-11-24 20:35 - 00000000 ____D C:\Users\Martin\AppData\Local\The Witcher 2
2016-11-24 20:34 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2016-11-24 20:34 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2016-11-24 20:34 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2016-11-24 20:34 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2016-11-24 20:34 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2016-11-24 20:34 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2016-11-24 20:34 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2016-11-24 20:34 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2016-11-24 20:34 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2016-11-24 20:34 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2016-11-24 20:34 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2016-11-24 20:34 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2016-11-24 20:34 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2016-11-24 20:34 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2016-11-24 20:34 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2016-11-24 20:34 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2016-11-24 20:34 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2016-11-24 20:34 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2016-11-24 20:34 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2016-11-24 20:34 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2016-11-24 20:34 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2016-11-24 20:34 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2016-11-24 20:34 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2016-11-24 20:34 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2016-11-24 20:34 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2016-11-24 20:34 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2016-11-24 20:34 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2016-11-24 20:34 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2016-11-24 20:34 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2016-11-24 20:34 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2016-11-24 20:34 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2016-11-24 20:34 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2016-11-24 20:34 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2016-11-24 20:34 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2016-11-24 20:34 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2016-11-24 20:34 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2016-11-24 20:34 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2016-11-24 20:34 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2016-11-24 20:34 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2016-11-24 20:34 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2016-11-24 20:34 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2016-11-24 20:34 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2016-11-24 20:34 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2016-11-24 20:34 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2016-11-24 20:34 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2016-11-24 20:34 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2016-11-24 20:34 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2016-11-24 20:34 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2016-11-24 20:34 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2016-11-24 20:34 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2016-11-24 20:34 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2016-11-24 20:34 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2016-11-24 20:34 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2016-11-24 20:34 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2016-11-24 20:34 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2016-11-24 20:34 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2016-11-24 20:34 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2016-11-24 20:34 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2016-11-24 20:34 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2016-11-24 20:34 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2016-11-24 20:34 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2016-11-24 20:34 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2016-11-24 20:34 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2016-11-24 20:34 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2016-11-24 20:34 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2016-11-24 20:34 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2016-11-24 20:34 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2016-11-24 20:34 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2016-11-24 20:34 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2016-11-24 20:34 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2016-11-24 20:34 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2016-11-24 20:34 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2016-11-24 20:34 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2016-11-24 20:34 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2016-11-24 20:34 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2016-11-24 20:34 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2016-11-24 20:34 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2016-11-24 20:34 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2016-11-24 20:34 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2016-11-24 20:34 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2016-11-24 20:34 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2016-11-24 20:34 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2016-11-24 20:34 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2016-11-24 20:34 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2016-11-24 20:34 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2016-11-24 20:34 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2016-11-24 20:34 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2016-11-24 20:34 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2016-11-24 20:34 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2016-11-24 20:34 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2016-11-24 20:34 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2016-11-24 20:34 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2016-11-24 20:34 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2016-11-24 20:34 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2016-11-24 20:34 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2016-11-24 20:34 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2016-11-24 20:34 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2016-11-24 20:34 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2016-11-24 20:34 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2016-11-24 20:34 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2016-11-24 20:34 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2016-11-24 20:34 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2016-11-24 20:34 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2016-11-24 20:34 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2016-11-24 20:34 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2016-11-24 20:34 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2016-11-24 20:34 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2016-11-24 20:34 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2016-11-24 20:34 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2016-11-24 20:34 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2016-11-24 20:34 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2016-11-24 20:34 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2016-11-24 20:34 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2016-11-24 20:34 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2016-11-24 20:34 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2016-11-24 20:34 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2016-11-24 20:34 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2016-11-24 20:34 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2016-11-24 20:34 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2016-11-24 20:34 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2016-11-24 20:34 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2016-11-24 20:34 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2016-11-24 20:34 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2016-11-24 20:34 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2016-11-24 20:34 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2016-11-24 20:34 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2016-11-24 20:34 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2016-11-24 20:34 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2016-11-24 20:34 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2016-11-24 20:34 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2016-11-24 20:34 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2016-11-24 20:34 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2016-11-24 20:34 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2016-11-24 20:34 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2016-11-24 20:34 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2016-11-24 20:34 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2016-11-24 20:34 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2016-11-24 20:34 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2016-11-24 20:34 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2016-11-24 20:34 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2016-11-24 20:34 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2016-11-24 20:34 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2016-11-24 20:34 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2016-11-24 20:34 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2016-11-24 20:34 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2016-11-24 20:34 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2016-11-24 20:34 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2016-11-24 20:34 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2016-11-24 20:34 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2016-11-24 20:34 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2016-11-24 20:34 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2016-11-24 20:34 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2016-11-24 20:34 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2016-11-24 20:34 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2016-11-24 20:34 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2016-11-24 20:34 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2016-11-24 20:34 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2016-11-24 20:34 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2016-11-24 20:34 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2016-11-24 20:34 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2016-11-24 20:33 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2016-11-24 20:33 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2016-11-24 20:33 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2016-11-24 20:33 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2016-11-24 20:33 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2016-11-24 20:33 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2016-11-24 20:33 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2016-11-24 20:33 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2016-11-24 20:33 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2016-11-24 20:33 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2016-11-24 20:33 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2016-11-24 20:33 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2016-11-24 20:33 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2016-11-24 20:33 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2016-11-24 20:33 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2016-11-24 20:33 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2016-11-24 20:33 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2016-11-24 20:33 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2016-11-24 20:33 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2016-11-24 20:33 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-23 18:37 - 2016-06-27 17:14 - 00000000 ___DO C:\Users\Martin\SkyDrive
2016-12-23 18:18 - 2016-07-13 11:03 - 00000000 ____D C:\Users\Martin\AppData\Roaming\vlc
2016-12-23 18:13 - 2016-06-27 17:16 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-711420153-2017975014-3052516532-1001
2016-12-23 18:07 - 2016-06-27 22:16 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-23 18:06 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-12-23 18:03 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2016-12-23 17:50 - 2016-06-27 17:10 - 00000000 ____D C:\Users\Martin
2016-12-23 12:28 - 2016-06-27 17:19 - 00004050 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1467044360
2016-12-23 12:28 - 2016-06-27 17:19 - 00001328 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-12-21 16:36 - 2013-09-30 05:20 - 01745984 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-21 16:36 - 2013-09-30 04:57 - 00738682 _____ C:\Windows\system32\perfh005.dat
2016-12-21 16:36 - 2013-09-30 04:57 - 00151404 _____ C:\Windows\system32\perfc005.dat
2016-12-13 16:49 - 2016-06-28 06:57 - 00000000 ____D C:\Users\Martin\AppData\Local\Steam
2016-12-10 09:16 - 2016-06-27 22:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-12-10 08:45 - 2016-06-27 22:16 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-12-04 11:47 - 2016-06-29 13:07 - 00219648 ___SH C:\Users\Martin\Desktop\Thumbs.db
2016-12-01 20:52 - 2016-11-19 16:30 - 17373312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-12-01 20:52 - 2016-10-30 16:23 - 00491536 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-12-01 20:52 - 2016-06-27 22:12 - 19948848 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-12-01 20:52 - 2016-06-27 22:12 - 03941536 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-12-01 20:52 - 2016-06-27 22:12 - 03479560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-12-01 20:52 - 2016-06-27 22:12 - 00041344 _____ C:\Windows\system32\nvinfo.pb
2016-12-01 18:33 - 2016-10-29 14:23 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2016-12-01 18:32 - 2016-06-27 22:16 - 06384576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-12-01 18:32 - 2016-06-27 22:16 - 02475968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-12-01 18:32 - 2016-06-27 22:16 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-12-01 18:32 - 2016-06-27 22:16 - 00546752 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-12-01 18:32 - 2016-06-27 22:16 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-12-01 18:32 - 2016-06-27 22:16 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-12-01 18:32 - 2016-06-27 22:16 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-11-30 10:34 - 2016-06-27 22:16 - 07607057 _____ C:\Windows\system32\nvcoproc.bin
2016-11-25 23:22 - 2016-06-28 14:30 - 00000000 ___RD C:\Users\Martin\Desktop\Games
2016-11-24 21:22 - 2016-10-29 14:24 - 00003780 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-24 21:21 - 2016-10-29 14:23 - 00003830 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-24 21:21 - 2016-10-29 14:23 - 00003830 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-24 21:21 - 2016-10-29 14:23 - 00003768 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-24 21:21 - 2016-10-29 14:23 - 00003592 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-24 21:21 - 2016-10-29 14:23 - 00003532 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-24 21:21 - 2016-06-27 17:16 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-11-24 21:21 - 2016-06-27 17:16 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

==================== Files in the root of some directories =======

2016-06-27 21:54 - 2016-06-27 21:54 - 0000017 _____ () C:\Users\Martin\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-16 18:03

==================== End of FRST.txt ============================

Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by Martin (23-12-2016 19:04:01)
Running from C:\Users\Martin\Desktop
Windows 8.1 Pro (Update) (X64) (2016-06-27 16:10:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-711420153-2017975014-3052516532-500 - Administrator - Disabled)
Guest (S-1-5-21-711420153-2017975014-3052516532-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-711420153-2017975014-3052516532-1003 - Limited - Enabled)
Martin (S-1-5-21-711420153-2017975014-3052516532-1001 - Administrator - Enabled) => C:\Users\Martin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark Vantage (HKLM-x32\...\{C40C3C3D-97CF-44B5-836C-766E374464B3}) (Version: 1.1.3 - Futuremark)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Aktualizace NVIDIA 2.13.0.21 (Version: 2.13.0.21 - NVIDIA Corporation) Hidden
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
Ansel (Version: 376.19 - NVIDIA Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0192 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
DmC Devil May Cry (HKLM\...\Steam App 220440) (Version: - Ninja Theory)
Dota 2 (HKLM\...\Steam App 570) (Version: - Valve)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.0.429 - Foxit Corporation)
Futuremark SystemInfo (HKLM-x32\...\{032DC00A-51D1-4D28-BFB7-1D0E85291E11}) (Version: 4.25.366 - Futuremark)
Ionball 2 : Ionstorm (HKLM\...\Steam App 287120) (Version: - Ironsun Studios)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.1.0.3 - PandoraTV)
Lethal League (HKLM\...\Steam App 261180) (Version: - Team Reptile)
Mafia II (HKLM\...\Steam App 50130) (Version: - 2K Czech)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mortal Kombat Komplete Edition (HKLM\...\Steam App 237110) (Version: - NetherRealm Studios)
NVIDIA GeForce Experience 3.1.2.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.2.31 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 376.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.19 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 376.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.19 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NVIDIA Virtuální audio Miracast 376.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 376.19 - NVIDIA Corporation)
NvNodejs (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
Opera Stable 42.0.2393.94 (HKU\S-1-5-21-711420153-2017975014-3052516532-1001\...\Opera 42.0.2393.94) (Version: 42.0.2393.94 - Opera Software)
Ovládací panel NVIDIA 376.19 (Version: 376.19 - NVIDIA Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0033 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 7.1.0340 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM\...\Steam App 20920) (Version: - CD PROJEKT RED)
Trine (HKLM\...\Steam App 35700) (Version: - Frozenbyte)
Trine 2 (HKLM\...\Steam App 35720) (Version: - Frozenbyte)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
World of Tanks (HKU\S-1-5-21-711420153-2017975014-3052516532-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1EEE3BB1-861E-4C0D-BC80-FE31155AB4AA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {474A8945-78FE-4CFD-9FAF-56A3142D8FBB} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-17] (NVIDIA Corporation)
Task: {5A35738A-D12F-4165-A96D-45E87117C663} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-17] (NVIDIA Corporation)
Task: {C0D3ECE8-3085-4D6F-9B0C-DEEAF96FC2B4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-11-17] (NVIDIA Corporation)
Task: {F13F6B2A-22FE-42CE-91F8-82266E12D662} - System32\Tasks\Opera scheduled Autoupdate 1467044360 => C:\Users\Martin\AppData\Local\Programs\Opera\launcher.exe [2016-12-19] (Opera Software)
Task: {F237708F-1126-41FF-A67C-446CE6842279} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-11-17] (NVIDIA Corporation)
Task: {F4805F29-6591-4CE3-91E8-1C0D207185B4} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-17] (NVIDIA Corporation)
Task: {F521FB43-B3D0-4CFD-8555-22941787F538} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_205_pepper.exe [2016-10-31] (Adobe Systems Incorporated)
Task: {F8A5BE88-D3F6-4704-84F2-1BF7F637E54C} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-17] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_205_pepper.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-10-29 14:23 - 2016-11-17 14:45 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-29 14:23 - 2016-11-17 14:45 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-29 14:24 - 2016-11-17 14:45 - 00418752 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2016-06-27 22:16 - 2016-12-01 18:32 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-06-29 13:18 - 2006-12-11 01:14 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2016-10-29 14:24 - 2016-11-17 14:45 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-29 14:23 - 2016-11-17 14:45 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-29 14:23 - 2016-11-17 14:45 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-29 14:24 - 2016-11-17 11:20 - 00506424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-29 14:24 - 2016-11-17 11:20 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-29 14:24 - 2016-11-17 11:20 - 02809912 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-29 14:24 - 2016-11-17 11:20 - 00245184 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-29 14:24 - 2016-11-17 11:20 - 00436792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-29 14:24 - 2016-11-17 11:20 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-29 14:24 - 2016-11-17 11:20 - 00968248 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-12-23 12:28 - 2016-12-23 12:27 - 68763736 _____ () C:\Users\Martin\AppData\Local\Programs\Opera\42.0.2393.94\opera.dll
2016-12-23 12:28 - 2016-12-23 12:27 - 01893976 _____ () C:\Users\Martin\AppData\Local\Programs\Opera\42.0.2393.94\libglesv2.dll
2016-12-23 12:28 - 2016-12-23 12:27 - 00086616 _____ () C:\Users\Martin\AppData\Local\Programs\Opera\42.0.2393.94\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2016-07-13 10:51 - 00000853 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 player.kmpmedia.net

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-711420153-2017975014-3052516532-1001\Control Panel\Desktop\\Wallpaper -> D:\Martin\FOTO\Se Zuzankou.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-711420153-2017975014-3052516532-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-711420153-2017975014-3052516532-1001\...\StartupApproved\Run: => "World of Tanks"
HKU\S-1-5-21-711420153-2017975014-3052516532-1001\...\StartupApproved\Run: => "tsiVideo"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{C54235BD-6882-4619-A368-78AC109869BD}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F72D6287-039D-4B54-8C37-BA30D4AD68E9}] => D:\Games\Steam\Steam.exe
FirewallRules: [{B24C6264-EA6F-4537-ACC7-190D48EB8567}] => D:\Games\Steam\Steam.exe
FirewallRules: [{325C057D-BFD5-441B-A603-1DB90E82FEB7}] => D:\Games\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{27D4C1E7-4BD6-40EA-988A-2717FF70BD3C}] => D:\Games\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B9C50C91-97A6-45F0-8938-60E94385D697}] => D:\Games\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6533250E-7F0A-4796-95B0-F2A4AEB3243D}] => D:\Games\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{A6297A4B-35D2-46C1-AAAD-046AB59D41A6}D:\games\diablo iii\diablo iii.exe] => D:\games\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{EF51CF86-7894-44E9-BCFA-A40AC1BF1E91}D:\games\diablo iii\diablo iii.exe] => D:\games\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{D2F68AF0-D15F-4537-861F-128097D71F39}C:\users\martin\appdata\roaming\utorrent\utorrent.exe] => C:\users\martin\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{11375898-56EB-4FC5-BB48-78DD43F5CF30}C:\users\martin\appdata\roaming\utorrent\utorrent.exe] => C:\users\martin\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{BF33CFD8-7295-40E4-88AA-2DF1BBA0343C}] => D:\Games\Steam\steamapps\common\Mafia II\pc\mafia2.exe
FirewallRules: [{A3C16EE5-20BD-4A7D-BFBA-8A5E81D7F33C}] => D:\Games\Steam\steamapps\common\Mafia II\pc\mafia2.exe
FirewallRules: [{CEEA58ED-9D91-460A-AEEA-75C287468323}] => D:\Games\Steam\steamapps\common\DmC Devil May Cry\Binaries\Win32\DMC-DevilMayCry.exe
FirewallRules: [{6D695CFC-D1BC-4844-8044-DB96B8745419}] => D:\Games\Steam\steamapps\common\DmC Devil May Cry\Binaries\Win32\DMC-DevilMayCry.exe
FirewallRules: [{C1CADC44-56BB-4C4A-A72F-1F0B10A1DBC9}] => D:\Games\Steam\steamapps\common\MortalKombat_KompleteEdition\DiscContentPC\MKKE.exe
FirewallRules: [{08BDC168-1761-4460-B0AF-6F832F97956A}] => D:\Games\Steam\steamapps\common\MortalKombat_KompleteEdition\DiscContentPC\MKKE.exe
FirewallRules: [{FE9011A3-DD43-4670-8573-9BFF9682E75E}] => D:\Games\Steam\steamapps\common\MortalKombat_KompleteEdition\DiscContentPC\MKLauncher.exe
FirewallRules: [{EDD20FA7-A10D-49F3-A0BD-081F0892FAA6}] => D:\Games\Steam\steamapps\common\MortalKombat_KompleteEdition\DiscContentPC\MKLauncher.exe
FirewallRules: [{BF468EBA-9ACF-4D1A-9862-83C20987AF37}] => D:\Games\Steam\steamapps\common\Trine\_enchanted_edition_\trine1_launcher.exe
FirewallRules: [{459F2B7B-809B-474B-85E4-504271951116}] => D:\Games\Steam\steamapps\common\Trine\_enchanted_edition_\trine1_launcher.exe
FirewallRules: [{7872E48D-E489-43F9-AC77-DDBF941F9504}] => D:\Games\Steam\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{85903EEC-7D83-4CDE-B5B1-FE14C812E60E}] => D:\Games\Steam\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{9BEB4F16-5C73-48E5-BCD6-59C83047429F}] => D:\Games\Steam\steamapps\common\Ionball 2 Ionstorm\IonStorm_v1.1.exe
FirewallRules: [{2C7724E6-D307-4AD4-9BAB-B95B50717F00}] => D:\Games\Steam\steamapps\common\Ionball 2 Ionstorm\IonStorm_v1.1.exe
FirewallRules: [{DDC0F607-1F37-4AD5-8A31-BED69AF7D071}] => D:\Games\Steam\steamapps\common\lethalleague\LethalLeague.exe
FirewallRules: [{7CE7E1D9-01EF-4616-9484-9503A1D66354}] => D:\Games\Steam\steamapps\common\lethalleague\LethalLeague.exe
FirewallRules: [TCP Query User{DDB7DAD5-C9AA-4614-985F-5ECCFC0B9E54}D:\games\diablo iii\diablo iii.exe] => D:\games\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{9739EC3E-93CA-4375-B8CE-A363C0A60474}D:\games\diablo iii\diablo iii.exe] => D:\games\diablo iii\diablo iii.exe
FirewallRules: [{A5EFF743-525A-49E1-8DE9-1455EC68AC47}] => D:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{0459A581-7A4F-42E3-9FDE-36EDD86578C9}] => D:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{75CA7AB5-4507-40EE-BCF7-28C4AC75A82E}] => D:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{8A49A64B-7B49-41FC-83BF-06B009711B6A}] => D:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{1A188C17-B5EF-4EBC-BE8D-892CF3368A80}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{54F012B3-C5D1-48B0-AC28-510004F8ED09}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{659B0F52-6DD1-4BB2-885B-6A039B3A0428}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{83FDA006-5270-4908-B515-C1E1CC820872}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{10680A19-F677-42B1-B715-5D14207C22BA}] => D:\Games\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{88F9C1D2-FA5B-4EA3-B35D-33151949EB1A}] => D:\Games\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{56F671EC-47FC-476B-9C75-77F614FCEFCF}] => D:\Games\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C9450CBD-4394-4410-80FB-611DBDA59774}] => D:\Games\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4AE134A1-9B69-4746-A228-4014EF66A274}] => D:\Games\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E64A5B19-36C8-4740-A771-7E63078B345E}] => D:\Games\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3321051D-5A8E-48BF-8555-64F6F64A9028}] => D:\Games\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0C691D3E-EAEF-46D0-BE00-E8FB59D61A00}] => D:\Games\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F568DA8E-523D-4E03-9AEE-228B47C6F5F3}] => D:\Games\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6191E7E4-CDEB-4A08-AB76-158CAC117666}] => D:\Games\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9752183C-94F9-42E7-9C5B-F5B73CC0294E}] => D:\Games\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{69B19D8C-D6E7-4580-9F8D-461556E6EA41}] => D:\Games\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0D48522A-4D12-453C-A5DD-5E155D0B818C}] => D:\Games\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{815A7E97-3955-4A76-AC40-E73C220677BE}] => D:\Games\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{418727E1-D2AE-4A1A-BB24-38D89A8544FE}] => D:\Games\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{793FC5B4-C988-4042-9AE7-6A7CBAA77D8A}] => D:\Games\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8CD98C3B-D05E-4F36-B8B8-AA07CF8365F8}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{F5E1A072-41E4-4780-9F2B-B2684B4DDF27}] => D:\Games\Steam\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{B9E9F090-5230-486F-9FB3-280ECCC95613}] => D:\Games\Steam\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [TCP Query User{B043CE37-EF34-439E-811B-EB7FF5E66518}D:\games\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => D:\games\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{22B6C920-CC7E-4A8B-A099-28DFACB21609}D:\games\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => D:\games\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [{015291EB-BC08-47EC-AACA-23D2C7728907}] => D:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8E8B79CE-03E9-4E72-8FA2-471C4A307ACE}] => D:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe

==================== Restore Points =========================

23-12-2016 17:45:29 Removed Online.io Application

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/23/2016 07:04:00 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1272) SRUJet: Při otevírání souboru protokolu C:\Windows\system32\SRU\SRU.log došlo k chybě -1023 (0xfffffc01).

Error: (12/23/2016 07:04:00 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1272) SRUJet: Při otevírání souboru protokolu C:\Windows\system32\SRU\SRU.log došlo k chybě -1023 (0xfffffc01).

Error: (12/23/2016 07:04:00 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1272) SRUJet: Při otevírání souboru protokolu C:\Windows\system32\SRU\SRU.log došlo k chybě -1023 (0xfffffc01).

Error: (12/23/2016 07:04:00 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1272) SRUJet: Při otevírání souboru protokolu C:\Windows\system32\SRU\SRU.log došlo k chybě -1023 (0xfffffc01).

Error: (12/23/2016 07:04:00 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1272) SRUJet: Při otevírání souboru protokolu C:\Windows\system32\SRU\SRU.log došlo k chybě -1023 (0xfffffc01).

Error: (12/23/2016 07:04:00 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1272) SRUJet: Při otevírání souboru protokolu C:\Windows\system32\SRU\SRU.log došlo k chybě -1023 (0xfffffc01).

Error: (12/23/2016 07:03:00 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1272) SRUJet: Při otevírání souboru protokolu C:\Windows\system32\SRU\SRU.log došlo k chybě -1023 (0xfffffc01).

Error: (12/23/2016 07:03:00 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1272) SRUJet: Při otevírání souboru protokolu C:\Windows\system32\SRU\SRU.log došlo k chybě -1023 (0xfffffc01).

Error: (12/23/2016 07:03:00 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1272) SRUJet: Při otevírání souboru protokolu C:\Windows\system32\SRU\SRU.log došlo k chybě -1023 (0xfffffc01).

Error: (12/23/2016 07:03:00 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1272) SRUJet: Při otevírání souboru protokolu C:\Windows\system32\SRU\SRU.log došlo k chybě -1023 (0xfffffc01).


System errors:
=============
Error: (12/23/2016 06:07:12 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.


CodeIntegrity:
===================================
Date: 2016-12-23 18:43:44.427
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-23 18:43:43.930
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-23 18:43:43.239
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-23 18:43:41.303
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-23 18:43:40.670
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-23 18:43:40.185
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-23 18:43:38.437
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-23 18:43:37.659
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-23 18:43:37.202
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-23 18:43:31.918
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 30%
Total physical RAM: 6142.49 MB
Available physical RAM: 4297.71 MB
Total Virtual: 6142.49 MB
Available Virtual: 4193.52 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.65 GB) (Free:41.76 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:200.43 GB) (Free:35.39 GB) NTFS
Drive e: (Disk) (Fixed) (Total:74.53 GB) (Free:32.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 74.5 GB) (Disk ID: F59CF59C)
Partition 1: (Not Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 0330032F)
Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=200.4 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119672
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Malware instalation

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
MartasK
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 23 pro 2016 18:49

Re: Malware instalation

#3 Příspěvek od MartasK »

# AdwCleaner v6.041 - Log vytvořen 23/12/2016 v 20:43:15
# Aktualizováno dne 16/12/2016 z Malwarebytes
# Databáze : 2016-12-22.1 [Server]
# Operační systém : Windows 8.1 Pro (X64)
# Uživatelské jméno : Martin - MARTIN
# Spuštěno z : C:\Users\Martin\AppData\Local\Temp\scoped_dir2536_14287\adwcleaner_6.041.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****

[-] Složka smazána: C:\Users\Martin\AppData\Local\eSupport.com


***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****

[-] Klíč smazán: HKU\S-1-5-21-711420153-2017975014-3052516532-1001\Software\eSupport.com
[#] Klíč smazán po restartu: HKCU\Software\eSupport.com
[-] Klíč smazán: HKLM\SOFTWARE\Microleaves
[#] Klíč smazán po restartu: [x64] HKCU\Software\eSupport.com
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microleaves
[-] Hodnota smazána: HKU\S-1-5-21-711420153-2017975014-3052516532-1001\Software\Microsoft\Windows\CurrentVersion\Run [tsiVideo]
[-] Hodnota smazána: HKU\S-1-5-21-711420153-2017975014-3052516532-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [tsiVideo]
[#] Hodnota smazána po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [tsiVideo]
[#] Hodnota smazána po restartu: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [tsiVideo]


***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1682 Bajty] - [23/12/2016 20:43:15]
C:\AdwCleaner\AdwCleaner[S0].txt - [2075 Bajty] - [23/12/2016 20:42:45]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1828 Bajty] ##########
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119672
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Malware instalation

#4 Příspěvek od Rudy »

Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
MartasK
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 23 pro 2016 18:49

Re: Malware instalation

#5 Příspěvek od MartasK »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by Martin (administrator) on MARTIN (23-12-2016 21:42:51)
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Windows 8.1 Pro (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Valve Corporation) D:\Games\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Valve Corporation) D:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) D:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKU\S-1-5-21-711420153-2017975014-3052516532-1001\...\Run: [Steam] => D:\Games\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-711420153-2017975014-3052516532-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-06-22] (Disc Soft Ltd)
HKU\S-1-5-21-711420153-2017975014-3052516532-1001\...\Run: [World of Tanks] => D:\Games\World_of_Tanks\WargamingGameUpdater.exe [3135752 2016-11-18] (Wargaming.net)
HKU\S-1-5-18\...\Run: [] => 0

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 player.kmpmedia.net
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{893BD8AD-5F48-4031-9894-0F64A8F8C0B8}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{AE5073CD-D11C-4E27-BCA1-A201D2E7F333}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-27] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-27] (Oracle Corporation)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-27] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-01] (NVIDIA Corporation)

Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Martin\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-12-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-06-22] (Disc Soft Ltd)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2014-01-28] (Futuremark)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-01] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-11-17] (NVIDIA Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athur; C:\Windows\system32\DRIVERS\athuwbx.sys [2702336 2013-11-20] (Qualcomm Atheros Communications, Inc.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-06-29] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-06-29] (Disc Soft Ltd)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46016 2016-11-17] (NVIDIA Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 WinRing0_1_2_0; C:\DOWNLOAD\programy\CPU temperature\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 TEAM; \SystemRoot\system32\DRIVERS\RtTeam60.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-23 20:44 - 2016-12-23 20:44 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-23 20:40 - 2016-12-23 20:43 - 00000000 ____D C:\AdwCleaner
2016-12-23 20:28 - 2016-12-23 20:30 - 03977168 _____ C:\Users\Martin\Desktop\adwcleaner_6.041.exe
2016-12-23 19:18 - 2016-12-23 19:22 - 00000000 ____D C:\Program Files\trend micro
2016-12-23 19:18 - 2016-12-23 19:18 - 00000000 ____D C:\rsit
2016-12-23 19:14 - 2016-12-23 19:14 - 01222144 _____ C:\Users\Martin\Desktop\RSITx64.exe
2016-12-23 19:03 - 2016-12-23 21:43 - 00008421 _____ C:\Users\Martin\Desktop\FRST.txt
2016-12-23 18:54 - 2016-12-23 21:42 - 00000000 ____D C:\FRST
2016-12-23 18:45 - 2016-12-23 18:45 - 02420736 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2016-12-23 18:22 - 2016-12-23 18:22 - 00000000 ____D C:\Users\Martin\AppData\Local\CrashDumps
2016-12-13 16:49 - 2016-12-13 16:49 - 00000000 ____D C:\Users\Martin\AppData\Local\Chromium
2016-12-10 08:44 - 2016-12-10 08:44 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-12-10 08:44 - 2016-12-01 18:04 - 00134712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-12-10 08:44 - 2016-09-09 19:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-12-10 08:44 - 2016-09-09 19:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll
2016-12-10 08:44 - 2016-09-09 19:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-12-10 08:44 - 2016-09-09 19:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2016-12-10 08:41 - 2016-12-10 08:42 - 00000000 ____D C:\Windows\LastGood
2016-12-10 08:39 - 2016-12-01 20:52 - 40125496 _____ C:\Windows\system32\nvcompiler.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 35222976 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 34703416 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 28137920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 17440744 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 14410120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 14055360 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-12-10 08:39 - 2016-12-01 20:52 - 10912744 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 10795312 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 10346208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 09151400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 08913328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 08754160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 03645496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 03206592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 01951680 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437619.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437619.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 01036736 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 00974272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 00943552 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 00895424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 00894760 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 00683824 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 00573072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 00521096 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 00438208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 00435904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 00407064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 00390200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 00170872 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 00153184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 00148200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-12-10 08:39 - 2016-12-01 20:52 - 00131536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-11-26 11:11 - 2016-11-30 17:42 - 00000000 ____D C:\Users\Martin\Downloads\Addons
2016-11-24 21:21 - 2016-11-24 21:21 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-11-24 21:20 - 2016-11-17 14:45 - 00101824 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-11-24 21:20 - 2016-11-17 14:45 - 00091584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-11-24 21:20 - 2016-11-17 14:45 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-11-24 20:35 - 2016-11-24 20:41 - 00000000 ____D C:\Users\Martin\Documents\Witcher 2
2016-11-24 20:35 - 2016-11-24 20:35 - 00000000 ____D C:\Users\Martin\AppData\Local\The Witcher 2
2016-11-24 20:34 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2016-11-24 20:34 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2016-11-24 20:34 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2016-11-24 20:34 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2016-11-24 20:34 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2016-11-24 20:34 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2016-11-24 20:34 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2016-11-24 20:34 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2016-11-24 20:34 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2016-11-24 20:34 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2016-11-24 20:34 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2016-11-24 20:34 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2016-11-24 20:34 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2016-11-24 20:34 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2016-11-24 20:34 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2016-11-24 20:34 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2016-11-24 20:34 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2016-11-24 20:34 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2016-11-24 20:34 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2016-11-24 20:34 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2016-11-24 20:34 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2016-11-24 20:34 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2016-11-24 20:34 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2016-11-24 20:34 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2016-11-24 20:34 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2016-11-24 20:34 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2016-11-24 20:34 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2016-11-24 20:34 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2016-11-24 20:34 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2016-11-24 20:34 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2016-11-24 20:34 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2016-11-24 20:34 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2016-11-24 20:34 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2016-11-24 20:34 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2016-11-24 20:34 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2016-11-24 20:34 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2016-11-24 20:34 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2016-11-24 20:34 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2016-11-24 20:34 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2016-11-24 20:34 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2016-11-24 20:34 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2016-11-24 20:34 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2016-11-24 20:34 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2016-11-24 20:34 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2016-11-24 20:34 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2016-11-24 20:34 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2016-11-24 20:34 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2016-11-24 20:34 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2016-11-24 20:34 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2016-11-24 20:34 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2016-11-24 20:34 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2016-11-24 20:34 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2016-11-24 20:34 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2016-11-24 20:34 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2016-11-24 20:34 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2016-11-24 20:34 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2016-11-24 20:34 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2016-11-24 20:34 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2016-11-24 20:34 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2016-11-24 20:34 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2016-11-24 20:34 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2016-11-24 20:34 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2016-11-24 20:34 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2016-11-24 20:34 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2016-11-24 20:34 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2016-11-24 20:34 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2016-11-24 20:34 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2016-11-24 20:34 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2016-11-24 20:34 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2016-11-24 20:34 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2016-11-24 20:34 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2016-11-24 20:34 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2016-11-24 20:34 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2016-11-24 20:34 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2016-11-24 20:34 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2016-11-24 20:34 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2016-11-24 20:34 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2016-11-24 20:34 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2016-11-24 20:34 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2016-11-24 20:34 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2016-11-24 20:34 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2016-11-24 20:34 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2016-11-24 20:34 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2016-11-24 20:34 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2016-11-24 20:34 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2016-11-24 20:34 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2016-11-24 20:34 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2016-11-24 20:34 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2016-11-24 20:34 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2016-11-24 20:34 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2016-11-24 20:34 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2016-11-24 20:34 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2016-11-24 20:34 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2016-11-24 20:34 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2016-11-24 20:34 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2016-11-24 20:34 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2016-11-24 20:34 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2016-11-24 20:34 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2016-11-24 20:34 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2016-11-24 20:34 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2016-11-24 20:34 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2016-11-24 20:34 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2016-11-24 20:34 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2016-11-24 20:34 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2016-11-24 20:34 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2016-11-24 20:34 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2016-11-24 20:34 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2016-11-24 20:34 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2016-11-24 20:34 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2016-11-24 20:34 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2016-11-24 20:34 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2016-11-24 20:34 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2016-11-24 20:34 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2016-11-24 20:34 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2016-11-24 20:34 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2016-11-24 20:34 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2016-11-24 20:34 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2016-11-24 20:34 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2016-11-24 20:34 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2016-11-24 20:34 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2016-11-24 20:34 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2016-11-24 20:34 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2016-11-24 20:34 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2016-11-24 20:34 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2016-11-24 20:34 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2016-11-24 20:34 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2016-11-24 20:34 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2016-11-24 20:34 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2016-11-24 20:34 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2016-11-24 20:34 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2016-11-24 20:34 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2016-11-24 20:34 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2016-11-24 20:34 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2016-11-24 20:34 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2016-11-24 20:34 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2016-11-24 20:34 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2016-11-24 20:34 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2016-11-24 20:34 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2016-11-24 20:34 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2016-11-24 20:34 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2016-11-24 20:34 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2016-11-24 20:34 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2016-11-24 20:34 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2016-11-24 20:34 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2016-11-24 20:34 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2016-11-24 20:34 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2016-11-24 20:34 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2016-11-24 20:34 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2016-11-24 20:34 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2016-11-24 20:34 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2016-11-24 20:34 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2016-11-24 20:34 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2016-11-24 20:34 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2016-11-24 20:34 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2016-11-24 20:34 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2016-11-24 20:34 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2016-11-24 20:34 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2016-11-24 20:34 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2016-11-24 20:34 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2016-11-24 20:34 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2016-11-24 20:33 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2016-11-24 20:33 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2016-11-24 20:33 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2016-11-24 20:33 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2016-11-24 20:33 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2016-11-24 20:33 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2016-11-24 20:33 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2016-11-24 20:33 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2016-11-24 20:33 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2016-11-24 20:33 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2016-11-24 20:33 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2016-11-24 20:33 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2016-11-24 20:33 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2016-11-24 20:33 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2016-11-24 20:33 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2016-11-24 20:33 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2016-11-24 20:33 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2016-11-24 20:33 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2016-11-24 20:33 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2016-11-24 20:33 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-23 21:42 - 2016-06-27 17:16 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-711420153-2017975014-3052516532-1001
2016-12-23 20:47 - 2016-06-27 17:14 - 00000000 ___DO C:\Users\Martin\SkyDrive
2016-12-23 20:44 - 2016-06-27 22:16 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-23 20:43 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-12-23 18:18 - 2016-07-13 11:03 - 00000000 ____D C:\Users\Martin\AppData\Roaming\vlc
2016-12-23 18:03 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2016-12-23 17:50 - 2016-06-27 17:10 - 00000000 ____D C:\Users\Martin
2016-12-23 12:28 - 2016-06-27 17:19 - 00004050 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1467044360
2016-12-23 12:28 - 2016-06-27 17:19 - 00001328 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-12-21 16:36 - 2013-09-30 05:20 - 01745984 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-21 16:36 - 2013-09-30 04:57 - 00738682 _____ C:\Windows\system32\perfh005.dat
2016-12-21 16:36 - 2013-09-30 04:57 - 00151404 _____ C:\Windows\system32\perfc005.dat
2016-12-13 16:49 - 2016-06-28 06:57 - 00000000 ____D C:\Users\Martin\AppData\Local\Steam
2016-12-10 09:16 - 2016-06-27 22:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-12-10 08:45 - 2016-06-27 22:16 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-12-04 11:47 - 2016-06-29 13:07 - 00219648 ___SH C:\Users\Martin\Desktop\Thumbs.db
2016-12-01 20:52 - 2016-11-19 16:30 - 17373312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-12-01 20:52 - 2016-10-30 16:23 - 00491536 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-12-01 20:52 - 2016-06-27 22:12 - 19948848 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-12-01 20:52 - 2016-06-27 22:12 - 03941536 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-12-01 20:52 - 2016-06-27 22:12 - 03479560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-12-01 20:52 - 2016-06-27 22:12 - 00041344 _____ C:\Windows\system32\nvinfo.pb
2016-12-01 18:33 - 2016-10-29 14:23 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2016-12-01 18:32 - 2016-06-27 22:16 - 06384576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-12-01 18:32 - 2016-06-27 22:16 - 02475968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-12-01 18:32 - 2016-06-27 22:16 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-12-01 18:32 - 2016-06-27 22:16 - 00546752 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-12-01 18:32 - 2016-06-27 22:16 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-12-01 18:32 - 2016-06-27 22:16 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-12-01 18:32 - 2016-06-27 22:16 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-11-30 10:34 - 2016-06-27 22:16 - 07607057 _____ C:\Windows\system32\nvcoproc.bin
2016-11-25 23:22 - 2016-06-28 14:30 - 00000000 ___RD C:\Users\Martin\Desktop\Games
2016-11-24 21:22 - 2016-10-29 14:24 - 00003780 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-24 21:21 - 2016-10-29 14:23 - 00003830 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-24 21:21 - 2016-10-29 14:23 - 00003830 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-24 21:21 - 2016-10-29 14:23 - 00003768 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-24 21:21 - 2016-10-29 14:23 - 00003592 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-24 21:21 - 2016-10-29 14:23 - 00003532 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-24 21:21 - 2016-06-27 17:16 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-11-24 21:21 - 2016-06-27 17:16 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

==================== Files in the root of some directories =======

2016-06-27 21:54 - 2016-06-27 21:54 - 0000017 _____ () C:\Users\Martin\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\Martin\AppData\Local\Temp\libeay32.dll
C:\Users\Martin\AppData\Local\Temp\msvcr120.dll
C:\Users\Martin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-16 18:03

==================== End of FRST.txt ============================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119672
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Malware instalation

#6 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKU\S-1-5-18\...\Run: [] => 0
C:\Windows\LastGood.Tmp
C:\Users\Martin\AppData\Local\Temp

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
MartasK
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 23 pro 2016 18:49

Re: Malware instalation

#7 Příspěvek od MartasK »

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by Martin (23-12-2016 22:14:26) Run:1
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKU\S-1-5-18\...\Run: [] => 0
C:\Windows\LastGood.Tmp
C:\Users\Martin\AppData\Local\Temp

EmptyTemp:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
C:\Windows\LastGood.Tmp => moved successfully

"C:\Users\Martin\AppData\Local\Temp" folder move:

Could not move "C:\Users\Martin\AppData\Local\Temp" => Scheduled to move on reboot.


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 24261914 B
Java, Flash, Steam htmlcache => 370041288 B
Windows/system/drivers => 21876 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 306371448 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 294686 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => -772 B
Martin => 10438283 B

RecycleBin => 256573 B
EmptyTemp: => 678.7 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 23-12-2016 22:15:55)

C:\Users\Martin\AppData\Local\Temp => moved successfully

==== End of Fixlog 22:15:55 ====
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119672
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Malware instalation

#8 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
MartasK
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 23 pro 2016 18:49

Re: Malware instalation

#9 Příspěvek od MartasK »

Vše už je OK, zmizel ze StartUpu nějaký proces co končil 064. Jinak vypadá už vše v pohodě.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119672
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Malware instalation

#10 Příspěvek od Rudy »

Tak to jsem rád! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“