VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Hijack alebo iný problém

https://forum.viry.cz:443/viewtopic.php?t=147740

Stránka 1 z 1

Hijack alebo iný problém

Napsal: 27 led 2016 13:16
od wink624
Dobrý deň,
pred pár dňami mi antivirus Eset začal opakovane vyhadzovať hlášku o zablokovaní URL adresy: http://unstopp.me/wpad.dat?b997b33fe75b ... 3122578334 z IP adresy 50.7.181.18
(pridávam screen). Najčastejšie sa táto hláška objaví keď zapnem prehliadač alebo ho po minimalizovaní znova otvorím.
Pokúšal som sa vygoogliť kde môže byť problém a pravdepodobne ide o Hijack.

Pridávam Log z FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-01-2016
Ran by Tomas (administrator) on TOM (27-01-2016 12:50:40)
Running from C:\Users\Tomas\Desktop
Loaded Profiles: Tomas (Available Profiles: Tomas)
Platform: Windows 8.1 Pro (X64) Language: Angličtina (Spojené kráľovstvo)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\pg_ctl.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(Connectify) C:\Program Files (x86)\Connectify\ConnectifyService.exe
(Connectify) C:\Program Files (x86)\Connectify\Connectifyd.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Security\egui.exe
() C:\Users\Tomas\AppData\Local\Viber\Viber.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
() C:\Users\Tomas\Documents\Visual Studio 2012\Projects\SaRComWP8\SaRComWin8\bin\Release\AppX\SaRComWin8.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Endpoint Security\egui.exe [4148664 2014-04-04] (ESET)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Connectify Hotspot] => C:\Program Files (x86)\Connectify\Connectify.exe [4126776 2016-01-04] (Connectify)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-995109915-418540622-1798004509-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-995109915-418540622-1798004509-1001\...\Run: [BitTorrent] => C:\Users\Tomas\AppData\Roaming\BitTorrent\BitTorrent.exe [1873952 2015-12-14] (BitTorrent Inc.)
HKU\S-1-5-21-995109915-418540622-1798004509-1001\...\Run: [Viber] => C:\Users\Tomas\AppData\Local\Viber\Viber.exe [51657424 2015-11-09] ()
HKU\S-1-5-21-995109915-418540622-1798004509-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-995109915-418540622-1798004509-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_209_Plugin.exe [1155760 2015-07-16] (Adobe Systems Incorporated)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 195.168.1.2 195.168.1.4
Tcpip\..\Interfaces\{13FE0950-136A-4873-B03C-1ED1FE70C8AC}: [DhcpNameServer] 195.168.1.2 195.168.1.4
Tcpip\..\Interfaces\{3029E740-1A09-48EE-A4CE-3255427038E8}: [DhcpNameServer] 192.168.44.1

Internet Explorer:
==================
HKU\S-1-5-21-995109915-418540622-1798004509-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.sk/?gws_rd=ssl/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ast_aw_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0AtB0Azz0C0D0EtD0AyEyDyBzytAtD0CtN0D0Tzu0StCtDyDyDtN1L2XzutAtFyCtFtBtFtDtN1L1Czu0C0I0S0V0E0R1V1StN1L1G1B1V1N2Y1L1Qzu2StDyBtA0C0C0AyC0DtGzztDtDtDtGyD0B0FyCtGyDzzyDyCtGtAtDtA0F0CtB0D0BzytCtB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0BtB0CtBtBzytDtGtCtA0BzztGyE0FtDzytG0AtC0EyDtG0AtDyDtC0C0FtAyB0C0C0C0B2Q&cr=230920243&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ast_aw_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0AtB0Azz0C0D0EtD0AyEyDyBzytAtD0CtN0D0Tzu0StCtDyDyDtN1L2XzutAtFyCtFtBtFtDtN1L1Czu0C0I0S0V0E0R1V1StN1L1G1B1V1N2Y1L1Qzu2StDyBtA0C0C0AyC0DtGzztDtDtDtGyD0B0FyCtGyDzzyDyCtGtAtDtA0F0CtB0D0BzytCtB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0BtB0CtBtBzytDtGtCtA0BzztGyE0FtDzytG0AtC0EyDtG0AtDyDtC0C0FtAyB0C0C0C0B2Q&cr=230920243&ir=
SearchScopes: HKU\S-1-5-21-995109915-418540622-1798004509-1001 -> DefaultScope {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-19] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-19] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\PROGRA~3\WONDER~1\VIDEOC~1\WSBROW~1.DLL => No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-30] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\0m38o23i.default
FF Homepage: hxxps://www.google.sk/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-16] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-16] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/DownloadManager,version=1.1 -> C:\Windows\ [] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Security\Mozilla Thunderbird
FF Extension: ESET Endpoint Security Extension - C:\Program Files\ESET\ESET Endpoint Security\Mozilla Thunderbird [2015-01-22] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://google.sk/
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_ast_aw_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0AtB0Azz0C0D0EtD0AyEyDyBzytAtD0CtN0D0Tzu0StCtDyDyDtN1L2XzutAtFyCtFtBtFtDtN1L1Czu0C0I0S0V0E0R1V1StN1L1G1B1V1N2Y1L1Qzu2StDyBtA0C0C0AyC0DtGzztDtDtDtGyD0B0FyCtGyDzzyDyCtGtAtDtA0F0CtB0D0BzytCtB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0BtB0CtBtBzytDtGtCtA0BzztGyE0FtDzytG0AtC0EyDtG0AtDyDtC0C0FtAyB0C0C0C0B2Q&cr=230920243&ir="
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll => No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Profile: C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentácie Google) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-10]
CHR Extension: (Dokumenty Google) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-10]
CHR Extension: (Disk Google) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-10]
CHR Extension: (Adblock Plus) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-12]
CHR Extension: (Google Search) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Tabuľky Google) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-10]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (Gmail) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-29] (ASUS)
R2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [256568 2016-01-04] (Connectify)
S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Security\EHttpSrv.exe [42048 2014-04-04] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe [1029704 2014-04-04] (ESET)
S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Security\EShaSrv.exe [191368 2014-04-04] (ESET)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-24] (NVIDIA Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [129992 2014-01-19] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe [22744 2015-02-05] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-24] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-23] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2015-01-28] ()
R2 postgresql-x64-9.4; C:\Program Files\PostgreSQL\9.4\bin\pg_ctl.exe [91648 2015-02-03] (PostgreSQL Global Development Group) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-07] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70928 2013-12-12] (ASUS Corporation)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [111104 2015-01-15] (ASIX Electronics Corp.)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-11-07] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1411384 2013-11-07] (Motorola Solutions, Inc.)
R1 cfywlan1; C:\Windows\system32\DRIVERS\cfywlan1.sys [36736 2016-01-12] (Connectify)
R1 cnnctfy3; C:\Windows\system32\DRIVERS\cnnctfy3.sys [43872 2016-01-12] (Connectify)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-09-27] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [219696 2014-04-10] (ESET)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [185224 2013-09-09] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [155896 2013-09-09] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [198096 2013-09-09] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [40512 2013-09-09] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [59064 2013-09-09] (ESET)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-01-26] ()
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-02-17] (LogMeIn Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [149448 2013-11-23] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [74344 2013-08-06] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
S3 kmloop; C:\Windows\system32\DRIVERS\loop.sys [15360 2013-08-22] (Microsoft Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
S3 NdisImPlatformMp; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [126464 2014-10-29] (Microsoft Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3609056 2013-12-05] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-08-29] (Windows (R) Win 7 DDK provider)
S3 RTLU3E8023-W8-64; C:\Windows\system32\DRIVERS\rtu30x64w8.sys [92376 2013-10-11] (Realtek )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2013-10-18] (Realsil Semiconductor Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S2 DS1410D; \??\C:\Windows\system32\drivers\ds1410d.sys [X]
S2 Sentinel; \SystemRoot\System32\Drivers\SENTINEL.SYS [X]
S3 Sntnlusb; \SystemRoot\System32\Drivers\SNTNLUSB.SYS [X]
S3 VMSMP; \SystemRoot\system32\DRIVERS\vmswitch.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-27 12:50 - 2016-01-27 12:51 - 00029191 _____ C:\Users\Tomas\Desktop\FRST.txt
2016-01-27 12:50 - 2016-01-27 12:50 - 00000000 ____D C:\FRST
2016-01-27 12:48 - 2016-01-27 12:48 - 02370560 _____ (Farbar) C:\Users\Tomas\Desktop\FRST64.exe
2016-01-27 12:40 - 2016-01-27 12:41 - 00000000 ____D C:\Program Files (x86)\HijackThis
2016-01-26 22:44 - 2016-01-26 22:44 - 00003328 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2016-01-26 22:44 - 2016-01-26 22:44 - 00002300 _____ C:\Users\Tomas\Desktop\SpyHunter.lnk
2016-01-26 22:44 - 2016-01-26 22:44 - 00000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2016-01-26 22:44 - 2016-01-26 22:44 - 00000000 ____D C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2016-01-26 22:44 - 2016-01-26 22:44 - 00000000 ____D C:\sh4ldr
2016-01-26 22:44 - 2016-01-26 22:44 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2016-01-26 22:05 - 2016-01-26 22:07 - 14959814 _____ C:\Users\Tomas\Downloads\SpyHunter-4.1.11.0-+-Crack.rar
2016-01-26 19:44 - 2016-01-26 19:44 - 02286875 _____ C:\Users\Tomas\Downloads\SpyHunter-4.5.7.3531-Serial-Key.zip
2016-01-26 18:57 - 2016-01-26 20:53 - 722796544 _____ C:\Users\Tomas\Downloads\Con-Air---Akční-CZ-Panak.avi.crdownload
2016-01-26 18:01 - 2016-01-26 22:43 - 00000000 ____D C:\Users\Tomas\AppData\Roaming\Enigma Software Group
2016-01-26 18:01 - 2016-01-26 18:01 - 00000000 _____ C:\autoexec.bat
2016-01-26 17:56 - 2016-01-26 17:56 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-01-26 17:52 - 2016-01-26 17:53 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Tomas\Downloads\SpyHunter-Installer.exe
2016-01-26 17:29 - 2016-01-26 17:29 - 00002780 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-01-26 17:29 - 2016-01-26 17:29 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-26 17:29 - 2016-01-26 17:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-01-26 17:29 - 2016-01-26 17:29 - 00000000 ____D C:\Program Files\CCleaner
2016-01-26 16:56 - 2016-01-26 16:57 - 06805328 _____ (Piriform Ltd) C:\Users\Tomas\Downloads\ccsetup513.exe
2016-01-26 14:53 - 2016-01-26 15:22 - 364881920 _____ C:\Users\Tomas\Downloads\Arrow-S04E10-cz.tit..avi.crdownload
2016-01-26 11:53 - 2016-01-26 11:53 - 00000000 ____D C:\Users\Tomas\AppData\Roaming\Curiolab
2016-01-26 11:51 - 2016-01-26 15:58 - 00000000 ____D C:\Program Files (x86)\Exterminate It!
2016-01-26 11:51 - 2016-01-26 11:51 - 00001093 _____ C:\Users\Public\Desktop\Exterminate It!.lnk
2016-01-26 11:51 - 2016-01-26 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It!
2016-01-26 11:36 - 2016-01-26 11:47 - 160760968 _____ (CURIOLAB S.M.B.A.) C:\Users\Tomas\Downloads\ExterminateItSetup.exe
2016-01-25 16:46 - 2013-01-14 19:59 - 00000000 ____D C:\Users\Tomas\Desktop\SharpPcap-4.2.0
2016-01-25 16:44 - 2016-01-25 16:44 - 00362550 _____ C:\Users\Tomas\Downloads\SharpPcap-4.2.0.bin.zip
2016-01-25 15:11 - 2016-01-26 16:01 - 00012450 _____ C:\Users\Tomas\Desktop\Bluetooth 32feet connection.txt
2016-01-24 11:12 - 2016-01-24 11:13 - 01470760 _____ C:\Windows\Minidump\012416-34734-01.dmp
2016-01-23 16:45 - 2016-01-23 16:45 - 00000000 ____D C:\Users\Tomas\.nuget
2016-01-23 16:37 - 2016-01-23 16:37 - 04293119 _____ C:\Users\Tomas\Downloads\NuGet.Tools.vsix
2016-01-23 16:28 - 2016-01-23 16:34 - 00000000 ____D C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\32feet.NET
2016-01-23 16:28 - 2016-01-23 16:34 - 00000000 ____D C:\Program Files (x86)\32feet.NET
2016-01-23 16:25 - 2016-01-23 16:26 - 05493148 _____ C:\Users\Tomas\Downloads\32feet.NET 3.5.zip
2016-01-21 17:55 - 2016-01-21 17:55 - 00000000 ____D C:\Users\Tomas\AppData\Roaming\Nordic Semiconductor
2016-01-21 17:53 - 2016-01-21 17:54 - 06534965 _____ C:\Users\Tomas\Downloads\ble-sniffer_win_1.0.1.zip
2016-01-21 17:42 - 2016-01-21 17:42 - 00002495 _____ C:\Users\Tomas\Desktop\Packet Sniffer.lnk
2016-01-21 17:42 - 2016-01-21 17:42 - 00000000 ____D C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texas Instruments
2016-01-21 17:41 - 2016-01-21 17:41 - 00000000 ____D C:\Program Files (x86)\Texas Instruments
2016-01-21 17:38 - 2016-01-21 17:40 - 23553042 _____ C:\Users\Tomas\Downloads\swrc045z.zip
2016-01-21 17:36 - 2016-01-21 17:36 - 00001798 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2016-01-21 17:36 - 2016-01-21 17:36 - 00001786 _____ C:\Users\Public\Desktop\Wireshark.lnk
2016-01-21 17:36 - 2016-01-21 17:36 - 00001609 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2016-01-21 17:35 - 2016-01-21 17:37 - 00000000 ____D C:\Program Files\Wireshark
2016-01-21 16:33 - 2016-01-21 16:35 - 10492125 _____ C:\Users\Tomas\Downloads\Windows Phone 8 Networking Samples.zip
2016-01-20 19:15 - 2016-01-20 19:36 - 81633120 _____ (Logitech Inc.) C:\Users\Tomas\Downloads\SetPoint6.67.83_64.exe
2016-01-20 14:13 - 2016-01-20 14:13 - 00015520 _____ C:\Users\Tomas\Downloads\[CzT]Far_Cry_3_CZ_2012_.torrent
2016-01-20 14:09 - 2016-01-20 14:09 - 00071460 _____ C:\Users\Tomas\Downloads\[CzT]Call_of_Duty_Modern_Warfare_3.torrent
2016-01-20 14:06 - 2016-01-20 14:07 - 00093385 _____ C:\Users\Tomas\Downloads\[CzT]Battlefield_4_2013_CZ_.torrent
2016-01-19 18:58 - 2016-01-19 18:58 - 00067516 _____ C:\Users\Tomas\Downloads\[CzT]Harry_Potter_Komplet_2001_2011_SK_.torrent
2016-01-19 18:57 - 2016-01-19 18:57 - 00071437 _____ C:\Users\Tomas\Downloads\[CzT]Harry_Potter_Komplet_2001_2011_CZ_.torrent
2016-01-17 21:25 - 2016-01-17 21:25 - 00106364 _____ C:\Users\Tomas\Downloads\Harry-Potter-and-the-Half-Blood-Prince(0000141529).srt
2016-01-16 18:14 - 2016-01-16 18:14 - 00022786 _____ C:\Users\Tomas\Downloads\[CzT]Wolfenstein_2009_CZ.torrent
2016-01-15 16:50 - 2016-01-15 16:50 - 04657871 _____ C:\Users\Tomas\Downloads\Skusky (1).zip
2016-01-15 15:01 - 2016-01-15 16:38 - 1143448754 _____ C:\Users\Tomas\Downloads\Nemilosrdní-(2015)-BRRip,-CZ-titulky,-1176620.avi.crdownload
2016-01-15 14:28 - 2016-01-15 14:44 - 181377024 _____ C:\Users\Tomas\Downloads\Big-Bang-Theory-S09E12-CZ-Titulky---TBBT-S09E12-CZ-titulky.avi.crdownload
2016-01-13 10:34 - 2015-12-11 05:38 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-13 10:34 - 2015-12-11 05:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-13 10:34 - 2015-12-11 04:55 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-13 10:34 - 2015-12-11 04:50 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-13 10:34 - 2015-12-11 04:45 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-13 10:34 - 2015-12-11 04:21 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-13 10:34 - 2015-12-11 04:18 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-13 10:34 - 2015-12-11 04:09 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-01-13 10:34 - 2015-12-11 04:09 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-13 10:34 - 2015-12-11 04:03 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-13 10:34 - 2015-12-11 03:59 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-13 10:34 - 2015-12-11 03:43 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-13 10:34 - 2015-12-11 03:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-01-13 10:34 - 2015-12-11 03:38 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-13 10:34 - 2015-12-11 03:37 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-13 10:34 - 2015-12-11 03:35 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-13 10:34 - 2015-12-11 03:26 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-13 10:34 - 2015-12-11 03:14 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-13 10:34 - 2015-12-11 03:12 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-13 10:34 - 2015-12-11 03:08 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-13 10:34 - 2015-12-11 03:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-13 10:33 - 2015-12-30 20:32 - 07453016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-13 10:33 - 2015-12-30 20:32 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-13 10:33 - 2015-12-30 20:32 - 01499912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-13 10:33 - 2015-12-10 01:40 - 00033456 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-13 10:33 - 2015-12-07 11:56 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 02745184 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 02528784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 02450240 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 02447136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 02334104 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 02324744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 01877504 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 01798480 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 01484888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 01288128 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 01210200 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 01150232 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 01115640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 01037680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00914672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00850680 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 00735496 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 00700360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 00629600 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00584656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 00557856 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00498472 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 00492736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00463776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00399776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 00299080 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00275312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00274280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00250520 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00248432 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00246856 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00244296 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 00229272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00203016 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00184912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00183856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00116720 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00110544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 00099136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00090904 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 00090392 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 00081032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 00076936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-13 10:33 - 2015-12-04 16:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-13 10:33 - 2015-12-03 20:42 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-01-13 10:33 - 2015-12-03 20:42 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-01-13 10:33 - 2015-12-03 20:42 - 00137968 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-13 10:33 - 2015-12-03 20:42 - 00106960 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2016-01-13 10:33 - 2015-12-03 20:41 - 00177488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-13 10:33 - 2015-12-03 19:52 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-01-13 10:33 - 2015-12-03 19:52 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-13 10:33 - 2015-12-03 19:52 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2016-01-13 10:33 - 2015-12-03 19:28 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-13 10:33 - 2015-12-03 19:28 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-13 10:33 - 2015-12-03 19:07 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-13 10:33 - 2015-12-03 19:07 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-13 10:33 - 2015-12-03 19:05 - 00644608 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-13 10:33 - 2015-12-03 19:02 - 01664000 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 10:33 - 2015-12-03 19:00 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-13 10:33 - 2015-12-03 18:58 - 00378880 ____C (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-13 10:33 - 2015-12-03 18:51 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-01-13 10:33 - 2015-12-03 18:36 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-13 10:33 - 2015-12-03 18:30 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-13 10:33 - 2015-12-03 18:28 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-13 10:33 - 2015-12-03 18:28 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-13 10:33 - 2015-12-03 18:27 - 00736256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-13 10:33 - 2015-12-03 18:24 - 01411584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-13 10:33 - 2015-12-03 18:23 - 00402432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-13 10:33 - 2015-12-03 18:16 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-01-13 10:33 - 2015-12-03 18:13 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-13 10:33 - 2015-12-03 18:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-13 10:33 - 2015-12-03 18:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-13 10:33 - 2015-12-03 18:01 - 00743936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-13 10:33 - 2015-12-03 17:45 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-13 10:33 - 2015-12-03 17:40 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 10:33 - 2015-12-03 17:29 - 00887296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-13 10:33 - 2015-12-02 16:04 - 00670208 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-13 10:33 - 2015-12-02 16:01 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-13 10:33 - 2015-11-17 22:07 - 01380864 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-13 10:33 - 2015-11-17 22:07 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-13 10:33 - 2015-11-17 22:07 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-13 10:33 - 2015-11-17 22:07 - 00705024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-13 10:33 - 2015-11-17 22:07 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-13 10:33 - 2015-11-17 22:07 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-13 10:33 - 2015-11-17 22:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-13 10:32 - 2015-12-08 20:08 - 00685432 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-13 10:32 - 2015-12-08 20:07 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-12 18:17 - 2016-01-12 18:17 - 00043872 _____ (Connectify) C:\Windows\system32\Drivers\cnnctfy3.sys
2016-01-12 18:17 - 2016-01-12 18:17 - 00036736 _____ (Connectify) C:\Windows\system32\Drivers\cfywlan1.sys
2016-01-12 18:17 - 2016-01-12 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connectify 2016
2016-01-12 15:13 - 2016-01-18 21:57 - 00000000 ____D C:\Users\Tomas\Documents\ViberDownloads
2016-01-12 14:55 - 2016-01-26 12:23 - 00000000 ____D C:\Users\Tomas\AppData\Roaming\ViberPC
2016-01-12 14:55 - 2016-01-12 14:55 - 00000997 _____ C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk
2016-01-12 14:54 - 2016-01-12 14:55 - 00000000 ____D C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
2016-01-12 14:54 - 2016-01-12 14:54 - 101213136 _____ (Viber Media Inc.) C:\Users\Tomas\Downloads\ViberSetup.exe
2016-01-12 14:54 - 2016-01-12 14:54 - 00000000 ____D C:\Users\Tomas\AppData\Local\Viber
2016-01-12 14:54 - 2016-01-12 14:54 - 00000000 ____D C:\Users\Tomas\AppData\Local\Package Cache
2016-01-12 11:34 - 2016-01-12 11:34 - 00283924 _____ C:\Users\Tomas\Downloads\Junior .NET Developer.pdf
2016-01-04 17:41 - 2016-01-04 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2016-01-04 17:31 - 2016-01-04 18:38 - 00000000 ____D C:\Users\Tomas\Desktop\Playlist
2015-12-29 16:58 - 2015-12-29 16:59 - 00015099 _____ C:\Users\Tomas\Desktop\SaRCom.txt
2015-12-28 22:31 - 2015-12-28 22:31 - 00060707 _____ C:\Users\Tomas\Downloads\The-Revenant(0000264324).srt
2015-12-28 22:09 - 2015-12-28 23:50 - 1472785706 _____ C:\Users\Tomas\Downloads\REVENANT-Zmrtvýchvstání--The-Revenant-(2015)-Titulky-Czech.avi.crdownload

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-27 12:50 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2016-01-27 12:48 - 2014-10-21 17:37 - 00000938 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfed4d5eecc471.job
2016-01-27 12:46 - 2014-10-07 23:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-27 12:42 - 2014-09-27 20:32 - 00000938 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-27 12:18 - 2014-09-27 20:48 - 00002600 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-27 12:18 - 2014-09-27 20:48 - 00002571 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-27 06:31 - 2014-09-27 21:00 - 00000000 ____D C:\Users\Tomas\AppData\Roaming\ClassicShell
2016-01-26 22:58 - 2015-07-16 18:42 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bfeecced5c3a.job
2016-01-26 22:50 - 2014-11-13 10:43 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfff263b1f731a.job
2016-01-26 22:50 - 2014-09-27 18:35 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-995109915-418540622-1798004509-1001
2016-01-26 22:45 - 2014-09-28 16:27 - 00000000 ____D C:\Users\Tomas\Desktop\Nový priečinok
2016-01-26 22:39 - 2015-12-09 10:06 - 00000000 ____D C:\Users\Tomas\AppData\Local\CrashDumps
2016-01-26 22:36 - 2014-10-09 15:37 - 00000000 ____D C:\Users\Tomas\AppData\Roaming\vlc
2016-01-26 19:47 - 2015-02-04 22:45 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d040c3eb6830d9.job
2016-01-26 18:00 - 2014-09-27 18:30 - 00000000 ____D C:\Users\Tomas
2016-01-26 17:30 - 2015-03-06 22:13 - 00001944 _____ C:\Windows\System32\Tasks\AutoKMS
2016-01-26 17:30 - 2015-02-04 22:45 - 00002836 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d040c3eb6830d9
2016-01-26 17:30 - 2015-01-28 13:46 - 00001814 _____ C:\Windows\System32\Tasks\{F298954C-99DD-4A6B-8633-A1C00E545787}
2016-01-26 17:30 - 2014-11-13 10:43 - 00003072 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cfff263b74f63a
2016-01-26 17:30 - 2014-11-13 10:43 - 00002836 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cfff263b1f731a
2016-01-26 17:30 - 2014-10-21 17:37 - 00003072 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cfed4d5eecc471
2016-01-26 17:30 - 2014-10-07 23:17 - 00002634 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-26 17:30 - 2014-09-28 21:33 - 00002738 _____ C:\Windows\System32\Tasks\LaunchSignup
2016-01-26 17:30 - 2014-09-27 20:32 - 00003072 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-01-26 17:30 - 2014-09-27 20:32 - 00002836 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-26 17:30 - 2014-09-27 19:50 - 00001838 _____ C:\Windows\System32\Tasks\AsusVibeSchedule
2016-01-26 17:30 - 2014-09-27 19:49 - 00001988 _____ C:\Windows\System32\Tasks\ASUS P4G
2016-01-26 17:30 - 2014-09-27 19:49 - 00001760 _____ C:\Windows\System32\Tasks\ASUS InstantOn Config
2016-01-26 17:30 - 2014-09-27 19:46 - 00001904 _____ C:\Windows\System32\Tasks\ASUS USB Charger Plus
2016-01-26 17:30 - 2014-09-27 19:28 - 00002398 _____ C:\Windows\System32\Tasks\ASUS Smart Gesture Launcher
2016-01-26 17:30 - 2014-09-27 19:23 - 00001926 _____ C:\Windows\System32\Tasks\RtHDVBg
2016-01-26 17:30 - 2014-09-27 19:23 - 00001920 _____ C:\Windows\System32\Tasks\RTKCPL
2016-01-26 15:59 - 2015-09-15 21:53 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0eff8a53f68ef.job
2016-01-26 12:24 - 2014-10-04 10:01 - 00000000 ____D C:\Users\Tomas\AppData\Roaming\Skype
2016-01-26 12:24 - 2014-10-04 10:01 - 00000000 ____D C:\ProgramData\Skype
2016-01-26 12:23 - 2014-09-27 23:30 - 00000000 ____D C:\Users\Tomas\AppData\Roaming\BitTorrent
2016-01-26 12:20 - 2014-09-27 20:32 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-26 12:20 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-26 12:20 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-01-26 10:34 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2016-01-25 15:35 - 2015-02-11 22:51 - 00436224 ___SH C:\Users\Tomas\Downloads\Thumbs.db
2016-01-24 20:13 - 2014-11-19 15:10 - 01361408 ___SH C:\Users\Tomas\Desktop\Thumbs.db
2016-01-24 14:21 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2016-01-24 13:51 - 2015-11-12 00:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2016-01-24 12:38 - 2014-09-27 18:30 - 00000000 ____D C:\Users\Tomas\AppData\Local\Packages
2016-01-24 11:12 - 2014-10-08 15:50 - 631214189 _____ C:\Windows\MEMORY.DMP
2016-01-24 11:12 - 2014-10-08 15:50 - 00000000 ____D C:\Windows\Minidump
2016-01-23 23:37 - 2014-12-10 23:05 - 00000000 ____D C:\Users\Tomas\Documents\FIFA 14
2016-01-23 16:34 - 2015-03-06 22:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-21 17:36 - 2014-09-27 19:36 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-21 17:12 - 2014-03-18 16:25 - 00927154 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-21 16:46 - 2015-11-09 21:46 - 00000000 ____D C:\Users\Tomas\Documents\Visual Studio 2015
2016-01-21 13:09 - 2014-09-27 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hry
2016-01-21 13:09 - 2014-09-27 22:04 - 00000000 ____D C:\Hry
2016-01-16 13:13 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2016-01-14 17:21 - 2014-12-12 18:21 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-14 17:21 - 2014-12-12 18:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-14 17:19 - 2015-04-15 22:34 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-14 17:19 - 2015-03-10 07:32 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-13 11:07 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2016-01-13 11:06 - 2014-12-12 18:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-13 11:02 - 2014-09-28 01:25 - 00000000 ____D C:\Windows\system32\MRT
2016-01-13 10:56 - 2014-09-28 01:25 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-13 10:56 - 2013-08-22 14:25 - 00000246 _____ C:\Windows\win.ini
2016-01-12 18:21 - 2015-09-17 11:05 - 00000000 ____D C:\Program Files (x86)\Connectify
2016-01-07 18:02 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\LiveKernelReports
2016-01-05 21:04 - 2013-08-22 16:38 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-05 21:04 - 2013-08-22 16:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-04 17:41 - 2014-12-02 19:49 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2016-01-04 17:41 - 2014-12-02 19:48 - 00001305 _____ C:\Users\Public\Desktop\YTD Video Downloader.lnk
2016-01-04 17:31 - 2014-12-14 16:29 - 00000000 ____D C:\Users\Tomas\Desktop\Nový priečinok (2)
2015-12-30 18:47 - 2014-09-29 16:20 - 00000000 ____D C:\Users\Tomas\Documents\Visual Studio 2012

==================== Files in the root of some directories =======

2015-10-22 19:47 - 2015-11-20 12:14 - 0003941 _____ () C:\Users\Tomas\AppData\Roaming\gns3.ini
2014-09-28 01:18 - 2014-09-28 01:19 - 0000281 _____ () C:\Users\Tomas\AppData\Roaming\GPU MeterV2_Settings.ini
2014-09-28 01:20 - 2014-09-28 01:20 - 0000655 _____ () C:\Users\Tomas\AppData\Roaming\GPU Monitor_GPU0_Settings.ini
2014-11-21 12:51 - 2015-06-27 23:51 - 0000116 _____ () C:\Users\Tomas\AppData\Roaming\WB.CFG
2014-11-21 17:42 - 2014-12-17 18:08 - 0000600 _____ () C:\Users\Tomas\AppData\Roaming\winscp.rnd
2014-10-01 18:14 - 2015-10-20 16:27 - 0000600 _____ () C:\Users\Tomas\AppData\Local\PUTTY.RND
2015-12-03 12:33 - 2015-12-03 12:33 - 0002425 _____ () C:\Users\Tomas\AppData\Local\recently-used.xbel
2014-11-27 22:58 - 2014-11-27 22:58 - 0007602 _____ () C:\Users\Tomas\AppData\Local\Resmon.ResmonCfg
2014-09-27 19:23 - 2014-09-27 19:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Tomas\AppData\Local\Temp\5aab56d1264da1c3e8ec8ebdeb2275be.dll
C:\Users\Tomas\AppData\Local\Temp\9785221f3ec3bf48edd1e729cecd3e85.dll
C:\Users\Tomas\AppData\Local\Temp\a4e33d69d72d398cc109e8b9c3596f9a.dll
C:\Users\Tomas\AppData\Local\Temp\AutoRun.exe
C:\Users\Tomas\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Tomas\AppData\Local\Temp\C6AiyswEVB.exe
C:\Users\Tomas\AppData\Local\Temp\CloudBackup3188.exe
C:\Users\Tomas\AppData\Local\Temp\EAInstall.dll
C:\Users\Tomas\AppData\Local\Temp\f1452ead4021e95d85b00b5c90a3b851.dll
C:\Users\Tomas\AppData\Local\Temp\fed22ce3f7a73078b2d20168b2b97f10.dll
C:\Users\Tomas\AppData\Local\Temp\HssInstaller.exe
C:\Users\Tomas\AppData\Local\Temp\HssInstaller64.exe
C:\Users\Tomas\AppData\Local\Temp\InstHelper.exe
C:\Users\Tomas\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Tomas\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Tomas\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Tomas\AppData\Local\Temp\MP3_Launcher_1_36_0_0.exe
C:\Users\Tomas\AppData\Local\Temp\ochelper.dll
C:\Users\Tomas\AppData\Local\Temp\ochelper.exe
C:\Users\Tomas\AppData\Local\Temp\optprosetup.exe
C:\Users\Tomas\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Tomas\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\Tomas\AppData\Local\Temp\Y2s7Jopjmw.exe
C:\Users\Tomas\AppData\Local\Temp\_isDEE1.exe
C:\Users\Tomas\AppData\Local\Temp\{7014E919-2EAA-4158-AB8A-7483300316F4}.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-20 01:58

==================== End of FRST.txt ============================

Vopred vďaka za akúkoľvek pomoc.

Re: Hijack alebo iný problém

Napsal: 27 led 2016 17:36
od Rudy
Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: Hijack alebo iný problém

Napsal: 27 led 2016 17:46
od wink624
Log z AdwCleaner:

# AdwCleaner v5.031 - Logfile created 27/01/2016 at 17:41:46
# Updated 25/01/2016 by Xplode
# Database : 2016-01-25.3 [Server]
# Operating system : Windows 8.1 Pro (x64)
# Username : Tomas - TOM
# Running from : C:\Users\Tomas\Desktop\adwcleaner_5.031.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\ytd video downloader
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader

***** [ Files ] *****

[-] File Deleted : C:\Users\Public\Desktop\YTD Video Downloader.lnk

***** [ DLLs ] *****


***** [ Shortcuts ] *****

[-] Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hry\Crysis 3\Crysis 3.lnk
[-] Shortcut Disinfected : C:\Users\Tomas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\Tomas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[-] [C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : vosteran.com
[-] [C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : steam.en.softonic.com
[-] [C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://Vosteran.com/?f=7&a=vst_ast_aw_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0AtB0Azz0C0D0EtD0AyEyDyBzytAtD0CtN0D0Tzu0StCtDyDyDtN1L2XzutAtFyCtFtBtFtDtN1L1Czu0C0I0S0V0E0R1V1StN1L1G1B1V1N2Y1L1Qzu2StDyBtA0C0C0AyC0DtGzztDtDtDtGyD0B0FyCtGyDzzyDyCtGtAtDtA0F0CtB0D0BzytCtB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0BtB0CtBtBzytDtGtCtA0BzztGyE0FtDzytG0AtC0EyDtG0AtDyDtC0C0FtAyB0C0C0C0B2Q&cr=230920243&ir=

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2212 bytes] ##########

Re: Hijack alebo iný problém

Napsal: 27 led 2016 17:57
od Rudy
Dejte nový log FRST.

Re: Hijack alebo iný problém

Napsal: 27 led 2016 18:10
od wink624
Nový FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-01-2016
Ran by Tomas (administrator) on TOM (27-01-2016 18:04:20)
Running from C:\Users\Tomas\Desktop
Loaded Profiles: Tomas (Available Profiles: Tomas)
Platform: Windows 8.1 Pro (X64) Language: Angličtina (Spojené kráľovstvo)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\pg_ctl.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(Connectify) C:\Program Files (x86)\Connectify\ConnectifyService.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Connectify) C:\Program Files (x86)\Connectify\Connectifyd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Security\egui.exe
() C:\Users\Tomas\AppData\Local\Viber\Viber.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Endpoint Security\egui.exe [4148664 2014-04-04] (ESET)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Connectify Hotspot] => C:\Program Files (x86)\Connectify\Connectify.exe [4126776 2016-01-04] (Connectify)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-995109915-418540622-1798004509-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-995109915-418540622-1798004509-1001\...\Run: [BitTorrent] => C:\Users\Tomas\AppData\Roaming\BitTorrent\BitTorrent.exe [1873952 2015-12-14] (BitTorrent Inc.)
HKU\S-1-5-21-995109915-418540622-1798004509-1001\...\Run: [Viber] => C:\Users\Tomas\AppData\Local\Viber\Viber.exe [51657424 2015-11-09] ()
HKU\S-1-5-21-995109915-418540622-1798004509-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 195.168.1.2 195.168.1.4
Tcpip\..\Interfaces\{13FE0950-136A-4873-B03C-1ED1FE70C8AC}: [DhcpNameServer] 195.168.1.2 195.168.1.4
Tcpip\..\Interfaces\{3029E740-1A09-48EE-A4CE-3255427038E8}: [DhcpNameServer] 192.168.44.1

Internet Explorer:
==================
HKU\S-1-5-21-995109915-418540622-1798004509-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.sk/?gws_rd=ssl/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-995109915-418540622-1798004509-1001 -> DefaultScope {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-19] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-19] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\PROGRA~3\WONDER~1\VIDEOC~1\WSBROW~1.DLL => No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-30] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\0m38o23i.default
FF Homepage: hxxps://www.google.sk/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-27] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-27] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/DownloadManager,version=1.1 -> C:\Windows\ [] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Security\Mozilla Thunderbird
FF Extension: ESET Endpoint Security Extension - C:\Program Files\ESET\ESET Endpoint Security\Mozilla Thunderbird [2015-01-22] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://google.sk/
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_ast_aw_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0AtB0Azz0C0D0EtD0AyEyDyBzytAtD0CtN0D0Tzu0StCtDyDyDtN1L2XzutAtFyCtFtBtFtDtN1L1Czu0C0I0S0V0E0R1V1StN1L1G1B1V1N2Y1L1Qzu2StDyBtA0C0C0AyC0DtGzztDtDtDtGyD0B0FyCtGyDzzyDyCtGtAtDtA0F0CtB0D0BzytCtB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0BtB0CtBtBzytDtGtCtA0BzztGyE0FtDzytG0AtC0EyDtG0AtDyDtC0C0FtAyB0C0C0C0B2Q&cr=230920243&ir="
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll => No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Profile: C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentácie Google) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-10]
CHR Extension: (Dokumenty Google) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-10]
CHR Extension: (Disk Google) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-10]
CHR Extension: (Adblock Plus) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-12]
CHR Extension: (Google Search) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Tabuľky Google) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-10]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (Gmail) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-29] (ASUS)
R2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [256568 2016-01-04] (Connectify)
S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Security\EHttpSrv.exe [42048 2014-04-04] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe [1029704 2014-04-04] (ESET)
S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Security\EShaSrv.exe [191368 2014-04-04] (ESET)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-24] (NVIDIA Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [129992 2014-01-19] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe [22744 2015-02-05] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-24] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-23] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2015-01-28] ()
R2 postgresql-x64-9.4; C:\Program Files\PostgreSQL\9.4\bin\pg_ctl.exe [91648 2015-02-03] (PostgreSQL Global Development Group) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-07] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70928 2013-12-12] (ASUS Corporation)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [111104 2015-01-15] (ASIX Electronics Corp.)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-11-07] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1411384 2013-11-07] (Motorola Solutions, Inc.)
R1 cfywlan1; C:\Windows\system32\DRIVERS\cfywlan1.sys [36736 2016-01-12] (Connectify)
R1 cnnctfy3; C:\Windows\system32\DRIVERS\cnnctfy3.sys [43872 2016-01-12] (Connectify)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-09-27] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [219696 2014-04-10] (ESET)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [185224 2013-09-09] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [155896 2013-09-09] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [198096 2013-09-09] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [40512 2013-09-09] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [59064 2013-09-09] (ESET)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-01-26] ()
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-02-17] (LogMeIn Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [149448 2013-11-23] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [74344 2013-08-06] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
S3 kmloop; C:\Windows\system32\DRIVERS\loop.sys [15360 2013-08-22] (Microsoft Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
S3 NdisImPlatformMp; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [126464 2014-10-29] (Microsoft Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3609056 2013-12-05] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-08-29] (Windows (R) Win 7 DDK provider)
S3 RTLU3E8023-W8-64; C:\Windows\system32\DRIVERS\rtu30x64w8.sys [92376 2013-10-11] (Realtek )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2013-10-18] (Realsil Semiconductor Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S2 DS1410D; \??\C:\Windows\system32\drivers\ds1410d.sys [X]
S2 Sentinel; \SystemRoot\System32\Drivers\SENTINEL.SYS [X]
S3 Sntnlusb; \SystemRoot\System32\Drivers\SNTNLUSB.SYS [X]
S3 VMSMP; \SystemRoot\system32\DRIVERS\vmswitch.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-27 17:43 - 2016-01-27 17:44 - 00000000 ____D C:\Users\Tomas\AppData\LocalLow\BitTorrent
2016-01-27 17:26 - 2016-01-27 17:41 - 00000000 ____D C:\AdwCleaner
2016-01-27 17:25 - 2016-01-27 17:25 - 01507840 _____ C:\Users\Tomas\Desktop\adwcleaner_5.031.exe
2016-01-27 12:56 - 2016-01-27 12:56 - 02370560 _____ (Farbar) C:\Users\Tomas\Downloads\FRST64.exe
2016-01-27 12:51 - 2016-01-27 12:52 - 00069072 _____ C:\Users\Tomas\Desktop\Addition.txt
2016-01-27 12:50 - 2016-01-27 18:04 - 00025957 _____ C:\Users\Tomas\Desktop\FRST.txt
2016-01-27 12:50 - 2016-01-27 18:04 - 00000000 ____D C:\FRST
2016-01-27 12:48 - 2016-01-27 12:48 - 02370560 _____ (Farbar) C:\Users\Tomas\Desktop\FRST64.exe
2016-01-27 12:40 - 2016-01-27 12:41 - 00000000 ____D C:\Program Files (x86)\HijackThis
2016-01-26 22:44 - 2016-01-26 22:44 - 00002300 _____ C:\Users\Tomas\Desktop\SpyHunter.lnk
2016-01-26 22:44 - 2016-01-26 22:44 - 00000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2016-01-26 22:44 - 2016-01-26 22:44 - 00000000 ____D C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2016-01-26 22:44 - 2016-01-26 22:44 - 00000000 ____D C:\sh4ldr
2016-01-26 22:44 - 2016-01-26 22:44 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2016-01-26 22:05 - 2016-01-26 22:07 - 14959814 _____ C:\Users\Tomas\Downloads\SpyHunter-4.1.11.0-+-Crack.rar
2016-01-26 19:44 - 2016-01-26 19:44 - 02286875 _____ C:\Users\Tomas\Downloads\SpyHunter-4.5.7.3531-Serial-Key.zip
2016-01-26 18:57 - 2016-01-26 20:53 - 722796544 _____ C:\Users\Tomas\Downloads\Con-Air---Akční-CZ-Panak.avi.crdownload
2016-01-26 18:01 - 2016-01-26 22:43 - 00000000 ____D C:\Users\Tomas\AppData\Roaming\Enigma Software Group
2016-01-26 18:01 - 2016-01-26 18:01 - 00000000 _____ C:\autoexec.bat
2016-01-26 17:56 - 2016-01-26 17:56 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-01-26 17:52 - 2016-01-26 17:53 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Tomas\Downloads\SpyHunter-Installer.exe
2016-01-26 17:29 - 2016-01-26 17:29 - 00002780 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-01-26 17:29 - 2016-01-26 17:29 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-26 17:29 - 2016-01-26 17:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-01-26 17:29 - 2016-01-26 17:29 - 00000000 ____D C:\Program Files\CCleaner
2016-01-26 16:56 - 2016-01-26 16:57 - 06805328 _____ (Piriform Ltd) C:\Users\Tomas\Downloads\ccsetup513.exe
2016-01-26 14:53 - 2016-01-26 15:22 - 364881920 _____ C:\Users\Tomas\Downloads\Arrow-S04E10-cz.tit..avi.crdownload
2016-01-26 11:53 - 2016-01-26 11:53 - 00000000 ____D C:\Users\Tomas\AppData\Roaming\Curiolab
2016-01-26 11:51 - 2016-01-26 15:58 - 00000000 ____D C:\Program Files (x86)\Exterminate It!
2016-01-26 11:51 - 2016-01-26 11:51 - 00001093 _____ C:\Users\Public\Desktop\Exterminate It!.lnk
2016-01-26 11:51 - 2016-01-26 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It!
2016-01-26 11:36 - 2016-01-26 11:47 - 160760968 _____ (CURIOLAB S.M.B.A.) C:\Users\Tomas\Downloads\ExterminateItSetup.exe
2016-01-25 16:46 - 2013-01-14 19:59 - 00000000 ____D C:\Users\Tomas\Desktop\SharpPcap-4.2.0
2016-01-25 16:44 - 2016-01-25 16:44 - 00362550 _____ C:\Users\Tomas\Downloads\SharpPcap-4.2.0.bin.zip
2016-01-25 15:11 - 2016-01-26 16:01 - 00012450 _____ C:\Users\Tomas\Desktop\Bluetooth 32feet connection.txt
2016-01-24 11:12 - 2016-01-24 11:13 - 01470760 _____ C:\Windows\Minidump\012416-34734-01.dmp
2016-01-23 16:45 - 2016-01-23 16:45 - 00000000 ____D C:\Users\Tomas\.nuget
2016-01-23 16:37 - 2016-01-23 16:37 - 04293119 _____ C:\Users\Tomas\Downloads\NuGet.Tools.vsix
2016-01-23 16:28 - 2016-01-23 16:34 - 00000000 ____D C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\32feet.NET
2016-01-23 16:28 - 2016-01-23 16:34 - 00000000 ____D C:\Program Files (x86)\32feet.NET
2016-01-23 16:25 - 2016-01-23 16:26 - 05493148 _____ C:\Users\Tomas\Downloads\32feet.NET 3.5.zip
2016-01-21 17:55 - 2016-01-21 17:55 - 00000000 ____D C:\Users\Tomas\AppData\Roaming\Nordic Semiconductor
2016-01-21 17:53 - 2016-01-21 17:54 - 06534965 _____ C:\Users\Tomas\Downloads\ble-sniffer_win_1.0.1.zip
2016-01-21 17:42 - 2016-01-21 17:42 - 00002495 _____ C:\Users\Tomas\Desktop\Packet Sniffer.lnk
2016-01-21 17:42 - 2016-01-21 17:42 - 00000000 ____D C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texas Instruments
2016-01-21 17:41 - 2016-01-21 17:41 - 00000000 ____D C:\Program Files (x86)\Texas Instruments
2016-01-21 17:38 - 2016-01-21 17:40 - 23553042 _____ C:\Users\Tomas\Downloads\swrc045z.zip
2016-01-21 17:36 - 2016-01-21 17:36 - 00001798 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2016-01-21 17:36 - 2016-01-21 17:36 - 00001786 _____ C:\Users\Public\Desktop\Wireshark.lnk
2016-01-21 17:36 - 2016-01-21 17:36 - 00001609 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2016-01-21 17:35 - 2016-01-21 17:37 - 00000000 ____D C:\Program Files\Wireshark
2016-01-21 16:33 - 2016-01-21 16:35 - 10492125 _____ C:\Users\Tomas\Downloads\Windows Phone 8 Networking Samples.zip
2016-01-20 19:15 - 2016-01-20 19:36 - 81633120 _____ (Logitech Inc.) C:\Users\Tomas\Downloads\SetPoint6.67.83_64.exe
2016-01-20 14:13 - 2016-01-20 14:13 - 00015520 _____ C:\Users\Tomas\Downloads\[CzT]Far_Cry_3_CZ_2012_.torrent
2016-01-20 14:09 - 2016-01-20 14:09 - 00071460 _____ C:\Users\Tomas\Downloads\[CzT]Call_of_Duty_Modern_Warfare_3.torrent
2016-01-20 14:06 - 2016-01-20 14:07 - 00093385 _____ C:\Users\Tomas\Downloads\[CzT]Battlefield_4_2013_CZ_.torrent
2016-01-19 18:58 - 2016-01-19 18:58 - 00067516 _____ C:\Users\Tomas\Downloads\[CzT]Harry_Potter_Komplet_2001_2011_SK_.torrent
2016-01-19 18:57 - 2016-01-19 18:57 - 00071437 _____ C:\Users\Tomas\Downloads\[CzT]Harry_Potter_Komplet_2001_2011_CZ_.torrent
2016-01-17 21:25 - 2016-01-17 21:25 - 00106364 _____ C:\Users\Tomas\Downloads\Harry-Potter-and-the-Half-Blood-Prince(0000141529).srt
2016-01-16 18:14 - 2016-01-16 18:14 - 00022786 _____ C:\Users\Tomas\Downloads\[CzT]Wolfenstein_2009_CZ.torrent
2016-01-15 16:50 - 2016-01-15 16:50 - 04657871 _____ C:\Users\Tomas\Downloads\Skusky (1).zip
2016-01-15 15:01 - 2016-01-15 16:38 - 1143448754 _____ C:\Users\Tomas\Downloads\Nemilosrdní-(2015)-BRRip,-CZ-titulky,-1176620.avi.crdownload
2016-01-15 14:28 - 2016-01-15 14:44 - 181377024 _____ C:\Users\Tomas\Downloads\Big-Bang-Theory-S09E12-CZ-Titulky---TBBT-S09E12-CZ-titulky.avi.crdownload
2016-01-13 10:34 - 2015-12-11 05:38 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-13 10:34 - 2015-12-11 05:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-13 10:34 - 2015-12-11 04:55 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-13 10:34 - 2015-12-11 04:50 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-13 10:34 - 2015-12-11 04:45 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-13 10:34 - 2015-12-11 04:21 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-13 10:34 - 2015-12-11 04:18 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-13 10:34 - 2015-12-11 04:09 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-01-13 10:34 - 2015-12-11 04:09 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-13 10:34 - 2015-12-11 04:03 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-13 10:34 - 2015-12-11 03:59 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-13 10:34 - 2015-12-11 03:43 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-13 10:34 - 2015-12-11 03:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-01-13 10:34 - 2015-12-11 03:38 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-13 10:34 - 2015-12-11 03:37 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-13 10:34 - 2015-12-11 03:35 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-13 10:34 - 2015-12-11 03:26 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-13 10:34 - 2015-12-11 03:14 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-13 10:34 - 2015-12-11 03:12 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-13 10:34 - 2015-12-11 03:08 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-13 10:34 - 2015-12-11 03:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-13 10:33 - 2015-12-30 20:32 - 07453016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-13 10:33 - 2015-12-30 20:32 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-13 10:33 - 2015-12-30 20:32 - 01499912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-13 10:33 - 2015-12-10 01:40 - 00033456 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-13 10:33 - 2015-12-07 11:56 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 02745184 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 02528784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 02450240 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 02447136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 02334104 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 02324744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 01877504 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 01798480 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 01484888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 01288128 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 01210200 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 01150232 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 01115640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 01037680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00914672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00850680 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 00735496 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 00700360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 00629600 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00584656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 00557856 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00498472 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 00492736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00463776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00399776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 00299080 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00275312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00274280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00250520 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00248432 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00246856 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00244296 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 00229272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00203016 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00184912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00183856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00116720 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00110544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 00099136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-13 10:33 - 2015-12-05 06:58 - 00090904 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 00090392 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 00081032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-13 10:33 - 2015-12-05 06:58 - 00076936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-13 10:33 - 2015-12-04 16:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-13 10:33 - 2015-12-03 20:42 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-01-13 10:33 - 2015-12-03 20:42 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-01-13 10:33 - 2015-12-03 20:42 - 00137968 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-13 10:33 - 2015-12-03 20:42 - 00106960 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2016-01-13 10:33 - 2015-12-03 20:41 - 00177488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-13 10:33 - 2015-12-03 19:52 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-01-13 10:33 - 2015-12-03 19:52 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-13 10:33 - 2015-12-03 19:52 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2016-01-13 10:33 - 2015-12-03 19:28 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-13 10:33 - 2015-12-03 19:28 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-13 10:33 - 2015-12-03 19:07 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-13 10:33 - 2015-12-03 19:07 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-13 10:33 - 2015-12-03 19:05 - 00644608 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-13 10:33 - 2015-12-03 19:02 - 01664000 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 10:33 - 2015-12-03 19:00 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-13 10:33 - 2015-12-03 18:58 - 00378880 ____C (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-13 10:33 - 2015-12-03 18:51 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-01-13 10:33 - 2015-12-03 18:36 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-13 10:33 - 2015-12-03 18:30 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-13 10:33 - 2015-12-03 18:28 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-13 10:33 - 2015-12-03 18:28 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-13 10:33 - 2015-12-03 18:27 - 00736256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-13 10:33 - 2015-12-03 18:24 - 01411584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-13 10:33 - 2015-12-03 18:23 - 00402432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-13 10:33 - 2015-12-03 18:16 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-01-13 10:33 - 2015-12-03 18:13 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-13 10:33 - 2015-12-03 18:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-13 10:33 - 2015-12-03 18:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-13 10:33 - 2015-12-03 18:01 - 00743936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-13 10:33 - 2015-12-03 17:45 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-13 10:33 - 2015-12-03 17:40 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 10:33 - 2015-12-03 17:29 - 00887296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-13 10:33 - 2015-12-02 16:04 - 00670208 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-13 10:33 - 2015-12-02 16:01 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-13 10:33 - 2015-11-17 22:07 - 01380864 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-13 10:33 - 2015-11-17 22:07 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-13 10:33 - 2015-11-17 22:07 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-13 10:33 - 2015-11-17 22:07 - 00705024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-13 10:33 - 2015-11-17 22:07 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-13 10:33 - 2015-11-17 22:07 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-13 10:33 - 2015-11-17 22:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-13 10:32 - 2015-12-08 20:08 - 00685432 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-13 10:32 - 2015-12-08 20:07 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-12 18:17 - 2016-01-12 18:17 - 00043872 _____ (Connectify) C:\Windows\system32\Drivers\cnnctfy3.sys
2016-01-12 18:17 - 2016-01-12 18:17 - 00036736 _____ (Connectify) C:\Windows\system32\Drivers\cfywlan1.sys
2016-01-12 18:17 - 2016-01-12 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connectify 2016
2016-01-12 15:13 - 2016-01-18 21:57 - 00000000 ____D C:\Users\Tomas\Documents\ViberDownloads
2016-01-12 14:55 - 2016-01-27 17:44 - 00000000 ____D C:\Users\Tomas\AppData\Roaming\ViberPC
2016-01-12 14:55 - 2016-01-12 14:55 - 00000997 _____ C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk
2016-01-12 14:54 - 2016-01-12 14:55 - 00000000 ____D C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
2016-01-12 14:54 - 2016-01-12 14:54 - 101213136 _____ (Viber Media Inc.) C:\Users\Tomas\Downloads\ViberSetup.exe
2016-01-12 14:54 - 2016-01-12 14:54 - 00000000 ____D C:\Users\Tomas\AppData\Local\Viber
2016-01-12 14:54 - 2016-01-12 14:54 - 00000000 ____D C:\Users\Tomas\AppData\Local\Package Cache
2016-01-12 11:34 - 2016-01-12 11:34 - 00283924 _____ C:\Users\Tomas\Downloads\Junior .NET Developer.pdf
2016-01-04 17:31 - 2016-01-04 18:38 - 00000000 ____D C:\Users\Tomas\Desktop\Playlist
2015-12-29 16:58 - 2015-12-29 16:59 - 00015099 _____ C:\Users\Tomas\Desktop\SaRCom.txt
2015-12-28 22:31 - 2015-12-28 22:31 - 00060707 _____ C:\Users\Tomas\Downloads\The-Revenant(0000264324).srt
2015-12-28 22:09 - 2015-12-28 23:50 - 1472785706 _____ C:\Users\Tomas\Downloads\REVENANT-Zmrtvýchvstání--The-Revenant-(2015)-Titulky-Czech.avi.crdownload

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-27 17:48 - 2014-10-21 17:37 - 00000938 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfed4d5eecc471.job
2016-01-27 17:47 - 2014-09-27 18:35 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-995109915-418540622-1798004509-1001
2016-01-27 17:46 - 2014-10-07 23:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-27 17:44 - 2014-09-27 23:30 - 00000000 ____D C:\Users\Tomas\AppData\Roaming\BitTorrent
2016-01-27 17:44 - 2014-09-27 21:00 - 00000000 ____D C:\Users\Tomas\AppData\Roaming\ClassicShell
2016-01-27 17:42 - 2015-09-15 21:53 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0eff8a53f68ef.job
2016-01-27 17:42 - 2015-07-16 18:42 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bfeecced5c3a.job
2016-01-27 17:42 - 2015-02-04 22:45 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d040c3eb6830d9.job
2016-01-27 17:42 - 2014-11-13 10:43 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfff263b1f731a.job
2016-01-27 17:42 - 2014-09-27 20:32 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-27 17:42 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-27 17:41 - 2014-12-01 20:55 - 00001061 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-01-27 17:41 - 2014-09-27 20:48 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-27 17:41 - 2014-09-27 20:48 - 00001318 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-27 17:38 - 2014-10-07 23:17 - 00003582 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-27 17:32 - 2014-09-27 20:32 - 00000938 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-27 17:29 - 2014-12-01 20:55 - 00001073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-27 17:29 - 2014-09-27 18:30 - 00000999 _____ C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-27 13:03 - 2014-11-19 15:10 - 01369600 ___SH C:\Users\Tomas\Desktop\Thumbs.db
2016-01-27 12:52 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2016-01-26 22:45 - 2014-09-28 16:27 - 00000000 ____D C:\Users\Tomas\Desktop\Nový priečinok
2016-01-26 22:39 - 2015-12-09 10:06 - 00000000 ____D C:\Users\Tomas\AppData\Local\CrashDumps
2016-01-26 22:36 - 2014-10-09 15:37 - 00000000 ____D C:\Users\Tomas\AppData\Roaming\vlc
2016-01-26 18:00 - 2014-09-27 18:30 - 00000000 ____D C:\Users\Tomas
2016-01-26 17:30 - 2015-03-06 22:13 - 00001944 _____ C:\Windows\System32\Tasks\AutoKMS
2016-01-26 17:30 - 2015-02-04 22:45 - 00002836 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d040c3eb6830d9
2016-01-26 17:30 - 2015-01-28 13:46 - 00001814 _____ C:\Windows\System32\Tasks\{F298954C-99DD-4A6B-8633-A1C00E545787}
2016-01-26 17:30 - 2014-11-13 10:43 - 00003072 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cfff263b74f63a
2016-01-26 17:30 - 2014-11-13 10:43 - 00002836 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cfff263b1f731a
2016-01-26 17:30 - 2014-10-21 17:37 - 00003072 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cfed4d5eecc471
2016-01-26 17:30 - 2014-09-27 20:32 - 00003072 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-01-26 17:30 - 2014-09-27 20:32 - 00002836 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-26 17:30 - 2014-09-27 19:50 - 00001838 _____ C:\Windows\System32\Tasks\AsusVibeSchedule
2016-01-26 17:30 - 2014-09-27 19:49 - 00001988 _____ C:\Windows\System32\Tasks\ASUS P4G
2016-01-26 17:30 - 2014-09-27 19:49 - 00001760 _____ C:\Windows\System32\Tasks\ASUS InstantOn Config
2016-01-26 17:30 - 2014-09-27 19:46 - 00001904 _____ C:\Windows\System32\Tasks\ASUS USB Charger Plus
2016-01-26 17:30 - 2014-09-27 19:28 - 00002398 _____ C:\Windows\System32\Tasks\ASUS Smart Gesture Launcher
2016-01-26 17:30 - 2014-09-27 19:23 - 00001926 _____ C:\Windows\System32\Tasks\RtHDVBg
2016-01-26 17:30 - 2014-09-27 19:23 - 00001920 _____ C:\Windows\System32\Tasks\RTKCPL
2016-01-26 12:24 - 2014-10-04 10:01 - 00000000 ____D C:\Users\Tomas\AppData\Roaming\Skype
2016-01-26 12:24 - 2014-10-04 10:01 - 00000000 ____D C:\ProgramData\Skype
2016-01-26 12:20 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-01-26 10:34 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2016-01-25 15:35 - 2015-02-11 22:51 - 00436224 ___SH C:\Users\Tomas\Downloads\Thumbs.db
2016-01-24 14:21 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2016-01-24 13:51 - 2015-11-12 00:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2016-01-24 12:38 - 2014-09-27 18:30 - 00000000 ____D C:\Users\Tomas\AppData\Local\Packages
2016-01-24 11:12 - 2014-10-08 15:50 - 631214189 _____ C:\Windows\MEMORY.DMP
2016-01-24 11:12 - 2014-10-08 15:50 - 00000000 ____D C:\Windows\Minidump
2016-01-23 23:37 - 2014-12-10 23:05 - 00000000 ____D C:\Users\Tomas\Documents\FIFA 14
2016-01-23 16:34 - 2015-03-06 22:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-21 17:36 - 2014-09-27 19:36 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-21 17:12 - 2014-03-18 16:25 - 00927154 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-21 16:46 - 2015-11-09 21:46 - 00000000 ____D C:\Users\Tomas\Documents\Visual Studio 2015
2016-01-21 13:09 - 2014-09-27 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hry
2016-01-21 13:09 - 2014-09-27 22:04 - 00000000 ____D C:\Hry
2016-01-16 13:13 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2016-01-14 17:21 - 2014-12-12 18:21 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-14 17:21 - 2014-12-12 18:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-14 17:19 - 2015-04-15 22:34 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-14 17:19 - 2015-03-10 07:32 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-13 11:07 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2016-01-13 11:06 - 2014-12-12 18:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-13 11:02 - 2014-09-28 01:25 - 00000000 ____D C:\Windows\system32\MRT
2016-01-13 10:56 - 2014-09-28 01:25 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-13 10:56 - 2013-08-22 14:25 - 00000246 _____ C:\Windows\win.ini
2016-01-12 18:21 - 2015-09-17 11:05 - 00000000 ____D C:\Program Files (x86)\Connectify
2016-01-07 18:02 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\LiveKernelReports
2016-01-05 21:04 - 2013-08-22 16:38 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-05 21:04 - 2013-08-22 16:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-04 17:31 - 2014-12-14 16:29 - 00000000 ____D C:\Users\Tomas\Desktop\Nový priečinok (2)
2015-12-30 18:47 - 2014-09-29 16:20 - 00000000 ____D C:\Users\Tomas\Documents\Visual Studio 2012

==================== Files in the root of some directories =======

2015-10-22 19:47 - 2015-11-20 12:14 - 0003941 _____ () C:\Users\Tomas\AppData\Roaming\gns3.ini
2014-09-28 01:18 - 2014-09-28 01:19 - 0000281 _____ () C:\Users\Tomas\AppData\Roaming\GPU MeterV2_Settings.ini
2014-09-28 01:20 - 2014-09-28 01:20 - 0000655 _____ () C:\Users\Tomas\AppData\Roaming\GPU Monitor_GPU0_Settings.ini
2014-11-21 12:51 - 2015-06-27 23:51 - 0000116 _____ () C:\Users\Tomas\AppData\Roaming\WB.CFG
2014-11-21 17:42 - 2014-12-17 18:08 - 0000600 _____ () C:\Users\Tomas\AppData\Roaming\winscp.rnd
2014-10-01 18:14 - 2015-10-20 16:27 - 0000600 _____ () C:\Users\Tomas\AppData\Local\PUTTY.RND
2015-12-03 12:33 - 2015-12-03 12:33 - 0002425 _____ () C:\Users\Tomas\AppData\Local\recently-used.xbel
2014-11-27 22:58 - 2014-11-27 22:58 - 0007602 _____ () C:\Users\Tomas\AppData\Local\Resmon.ResmonCfg
2014-09-27 19:23 - 2014-09-27 19:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Tomas\AppData\Local\Temp\5aab56d1264da1c3e8ec8ebdeb2275be.dll
C:\Users\Tomas\AppData\Local\Temp\9785221f3ec3bf48edd1e729cecd3e85.dll
C:\Users\Tomas\AppData\Local\Temp\a4e33d69d72d398cc109e8b9c3596f9a.dll
C:\Users\Tomas\AppData\Local\Temp\AutoRun.exe
C:\Users\Tomas\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Tomas\AppData\Local\Temp\C6AiyswEVB.exe
C:\Users\Tomas\AppData\Local\Temp\CloudBackup3188.exe
C:\Users\Tomas\AppData\Local\Temp\EAInstall.dll
C:\Users\Tomas\AppData\Local\Temp\f1452ead4021e95d85b00b5c90a3b851.dll
C:\Users\Tomas\AppData\Local\Temp\fed22ce3f7a73078b2d20168b2b97f10.dll
C:\Users\Tomas\AppData\Local\Temp\HssInstaller.exe
C:\Users\Tomas\AppData\Local\Temp\HssInstaller64.exe
C:\Users\Tomas\AppData\Local\Temp\InstHelper.exe
C:\Users\Tomas\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Tomas\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Tomas\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Tomas\AppData\Local\Temp\MP3_Launcher_1_36_0_0.exe
C:\Users\Tomas\AppData\Local\Temp\ochelper.dll
C:\Users\Tomas\AppData\Local\Temp\ochelper.exe
C:\Users\Tomas\AppData\Local\Temp\optprosetup.exe
C:\Users\Tomas\AppData\Local\Temp\sqlite3.dll
C:\Users\Tomas\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Tomas\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\Tomas\AppData\Local\Temp\Y2s7Jopjmw.exe
C:\Users\Tomas\AppData\Local\Temp\_isDEE1.exe
C:\Users\Tomas\AppData\Local\Temp\{7014E919-2EAA-4158-AB8A-7483300316F4}.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-20 01:58

==================== End of FRST.txt ============================

Re: Hijack alebo iný problém

Napsal: 27 led 2016 18:58
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
GroupPolicyScripts: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-995109915-418540622-1798004509-1001 -> DefaultScope {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL =
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_ast_aw_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0AtB0Azz0C0D0EtD0AyEyDyBzytAtD0CtN0D0Tzu0StCtDyDyDtN1L2XzutAtFyCtFtBtFtDtN1L1Czu0C0I0S0V0E0R1V1StN1L1G1B1V1N2Y1L1Qzu2StDyBtA0C0C0AyC0DtGzztDtDtDtGyD0B0FyCtGyDzzyDyCtGtAtDtA0F0CtB0D0BzytCtB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0BtB0CtBtBzytDtGtCtA0BzztGyE0FtDzytG0AtC0EyDtG0AtDyDtC0C0FtAyB0C0C0C0B2Q&cr=230920243&ir="
CHR Plugin: (Shockwave Flash) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll => No File
C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfed4d5eecc471.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0eff8a53f68ef.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bfeecced5c3a.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d040c3eb6830d9.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfff263b1f731a.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\System32\Tasks\AutoKMS
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\ProgramData\DP45977C.lfl
C:\Users\Tomas\AppData\Local\Temp
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Hijack alebo iný problém

Napsal: 27 led 2016 20:15
od wink624
Nový log z FRST:

Fix result of Farbar Recovery Scan Tool (x64) Version:25-01-2016
Ran by Tomas (2016-01-27 20:08:47) Run:1
Running from C:\Users\Tomas\Desktop
Loaded Profiles: Tomas (Available Profiles: Tomas)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
GroupPolicyScripts: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-995109915-418540622-1798004509-1001 -> DefaultScope {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL =
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_ast_aw_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0AtB0Azz0C0D0EtD0AyEyDyBzytAtD0CtN0D0Tzu0StCtDyDyDtN1L2XzutAtFyCtFtBtFtDtN1L1Czu0C0I0S0V0E0R1V1StN1L1G1B1V1N2Y1L1Qzu2StDyBtA0C0C0AyC0DtGzztDtDtDtGyD0B0FyCtGyDzzyDyCtGtAtDtA0F0CtB0D0BzytCtB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0BtB0CtBtBzytDtGtCtA0BzztGyE0FtDzytG0AtC0EyDtG0AtDyDtC0C0FtAyB0C0C0C0B2Q&cr=230920243&ir="
CHR Plugin: (Shockwave Flash) - C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll => No File
C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfed4d5eecc471.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0eff8a53f68ef.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bfeecced5c3a.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d040c3eb6830d9.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfff263b1f731a.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\System32\Tasks\AutoKMS
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\ProgramData\DP45977C.lfl
C:\Users\Tomas\AppData\Local\Temp
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-995109915-418540622-1798004509-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKCR\PROTOCOLS\Handler\WSWSVCUchrome" => key removed successfully
Chrome StartupUrls => removed successfully
C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll => not found.
C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfed4d5eecc471.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0eff8a53f68ef.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bfeecced5c3a.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d040c3eb6830d9.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfff263b1f731a.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\System32\Tasks\AutoKMS => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully

"C:\Users\Tomas\AppData\Local\Temp" folder move:

Could not move "C:\Users\Tomas\AppData\Local\Temp" => Scheduled to move on reboot.


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-01-27 20:11:40)

C:\Users\Tomas\AppData\Local\Temp => moved successfully

==== End of Fixlog 20:11:40 ====

Re: Hijack alebo iný problém

Napsal: 27 led 2016 20:47
od Rudy
Smazáno. Nastala nějaká změna?

Re: Hijack alebo iný problém

Napsal: 27 led 2016 21:16
od wink624
Áno, vyzerá to byť vyriešené, ďakujem za pomoc,
ak sa smiem ešte spýtať, že čo to bolo za vírus alebo problém?

Re: Hijack alebo iný problém

Napsal: 27 led 2016 21:58
od Rudy
Bylo tam pár AdWarů a nějaké zbytečnosti. Nemáte zač!
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz