VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Preventivka T-Bag

https://forum.viry.cz:443/viewtopic.php?t=148705

Stránka 1 z 2

Preventivka T-Bag

Napsal: 17 dub 2016 13:43
od T-Bag
zdravím, prosím o kontrolu nazbierara sa my tu nejaka hávet.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-04-2016
Ran by Tibor (administrator) on TIBOR (17-04-2016 14:33:13)
Running from C:\Users\Tibor\Desktop
Loaded Profiles: Tibor (Available Profiles: Tibor)
Platform: Windows 10 Home Version 1511 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Qualcomm Atheros) C:\Program Files (x86)\Qualcomm Atheros\Qualcomm Atheros QCA9377 Wireless LAN & Bluetooth Installer\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Spoločnosť Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
() C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
() C:\Program Files (x86)\Savevid\SavevidService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Spoločnosť Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Pokki) C:\Users\Tibor\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files (x86)\Savevid\SavevidWSServer.exe
(Bandoo Media Inc.) C:\Program Files (x86)\Savevid\SavevidPluginCore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Viber Media S.à r.l.) C:\Users\Tibor\AppData\Local\Viber\Viber.exe
(Spotify Ltd) C:\Users\Tibor\AppData\Roaming\Spotify\SpotifyWebHelper.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Google Inc.) C:\Users\Tibor\AppData\Local\Google\Update\GoogleUpdate.exe
(Spotify Ltd) C:\Users\Tibor\AppData\Roaming\Spotify\Spotify.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Mega Limited) C:\Users\Tibor\AppData\Local\MEGAsync\MEGAsync.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
() C:\Program Files (x86)\Xiaomi\MiPhoneManager\MiPhoneHelper.exe
(Spotify Ltd) C:\Users\Tibor\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Spotify Ltd) C:\Users\Tibor\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Tibor\AppData\Roaming\Spotify\Spotify.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\SecureLine\secureline.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Pokki) C:\Users\Tibor\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(BitTorrent Inc.) C:\Users\Tibor\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\Tibor\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe
(BitTorrent Inc.) C:\Users\Tibor\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
() C:\Program Files (x86)\14C99AE2-1460895472-8942-9C0B-2C600C85C4F1\knsr6241.tmpfs
() C:\Program Files (x86)\14C99AE2-1460895472-8942-9C0B-2C600C85C4F1\jnsw7B2E.tmp
() C:\Program Files (x86)\14C99AE2-1460895472-8942-9C0B-2C600C85C4F1\hnsw9494.tmp
() C:\Users\Tibor\AppData\Local\Citytech.exe
() C:\Program Files\REACHit\REACHit.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\simpress.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(UPCleaner) C:\Windows\Temp\AF45.tmp
() C:\Program Files (x86)\badu\uc.exe
( ) C:\Program Files (x86)\badu\Bind.exe
() C:\Users\Tibor\AppData\Local\14C99AE2-1460902902-8942-9C0B-2C600C85C4F1\qnsiD288.tmp
() C:\Users\Tibor\AppData\Roaming\UPUpdata\conhost.exe
() C:\ProgramData\msiql.exe
() C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
() C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
() C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
() C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
() C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
() C:\Users\Tibor\AppData\Local\Temp\a0e6614\Uninst.exe
(forum.viry.cz) C:\Users\Tibor\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13874392 2015-01-22] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-07-08] (ESET)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23248560 2016-04-08] (Dropbox, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-07-23] (Power Software Ltd)
HKLM-x32\...\Run: [MiPhoneManager] => C:\Program Files (x86)\Xiaomi\MiPhoneManager\MiPhoneHelper.exe [160528 2013-03-22] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [apphide] => C:\Program Files (x86)\badu\uc.exe [249954 2016-04-16] ()
HKLM-x32\...\Run: [mpck_en_005030301] => [X]
HKLM-x32\...\Run: [conhost.exe -start] => C:\Users\Tibor\AppData\Roaming\UPUpdata\conhost.exe [2363392 2016-04-17] ()
HKLM-x32\...\Run: [LightGate] => c:\programdata\lightgate.exe [1081344 2015-12-04] ()
HKLM-x32\...\Run: [HomePageHelper] => c:\programdata\homepage.exe [1100288 2015-11-25] ()
HKLM\...\Winlogon: [Userinit] wscript C:\WINDOWS\run.vbs,
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2732760 2016-01-19] (Acer)
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\Run: [Viber] => C:\Users\Tibor\AppData\Local\Viber\Viber.exe [69267536 2016-04-06] (Viber Media S.à r.l.)
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\Run: [Spotify Web Helper] => C:\Users\Tibor\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-16] (Spotify Ltd)
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\Run: [Google Update] => C:\Users\Tibor\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-10-30] (Google Inc.)
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\Run: [Spotify] => C:\Users\Tibor\AppData\Roaming\Spotify\Spotify.exe [6855280 2016-04-16] (Spotify Ltd)
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\Run: [Yeaplayer] => C:\Program Files (x86)\Yeaplayer\Yeaplayermd.exe [2932736 2015-09-10] (PZ)
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\Run: [msiql] => c:\programdata\msiql.exe [1920000 2016-04-13] ()
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-01-19] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-01-19] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-01-19] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Tibor\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Tibor\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Tibor\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Tibor\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Tibor\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Tibor\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\Users\Tibor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2015-09-21]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Tibor\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.10 195.146.132.59 195.146.128.60
Tcpip\..\Interfaces\{1d9ffc61-a2fb-44e7-96bf-ef890dd7760b}: [DhcpNameServer] 40.30.1.66
Tcpip\..\Interfaces\{320306a9-b025-4184-8843-d430d4c6ca18}: [DhcpNameServer] 192.168.1.10 195.146.132.59 195.146.128.60

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\S-1-5-21-2813316739-561623387-2885406294-1001 -> DefaultScope {EC72BE89-BFE1-45D4-A60B-2A748301AFA4} URL =
SearchScopes: HKU\S-1-5-21-2813316739-561623387-2885406294-1001 -> {EC72BE89-BFE1-45D4-A60B-2A748301AFA4} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2015-09-22] (Oracle Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2015-09-22] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll [2015-09-22] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll [2015-09-22] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Tibor\AppData\Roaming\Mozilla\Firefox\Profiles\8kvdukb7.default
FF NewTab: hxxp://www.yessearches.com/?ts=AHEqA3UtBHAoAE. ... ode=ffseng
FF DefaultSearchEngine: yessearches
FF SelectedSearchEngine: yessearches
FF Homepage: hxxp://www.yessearches.com/?ts=AHEqA3UtBHAoAE. ... ode=ffseng
FF NetworkProxy: "ftp", "185.18.141.233"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "gopher", "185.18.141.233"
FF NetworkProxy: "gopher_port", 3128
FF NetworkProxy: "http", "185.18.141.233"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "socks", "185.18.141.233"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "185.18.141.233"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2015-09-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2015-09-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll [2015-07-23] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll [2015-09-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll [2015-09-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-15] ()
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2813316739-561623387-2885406294-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Tibor\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-2813316739-561623387-2885406294-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Tibor\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF SearchPlugin: C:\Users\Tibor\AppData\Roaming\Mozilla\Firefox\Profiles\8kvdukb7.default\searchplugins\DD1B66D4.xml [2016-04-17]
FF Extension: Best Proxy Switcher - C:\Users\Tibor\AppData\Roaming\Mozilla\Firefox\Profiles\8kvdukb7.default\extensions\bestproxyswitcher@bestproxyswitcher.com.xpi [2016-01-02]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.yessearches.com/?mode=nnnb&ptid=obs ... A3UtBHAoAE..
CHR StartupUrls: Default -> "hxxp://www.yessearches.com/?mode=nnnb&ptid=obs ... A3UtBHAoAE.."
CHR DefaultSearchURL: Default -> hxxp://www.yessearches.com/chrome.php?q={searc ... &mode=nnnb
CHR DefaultSearchKeyword: Default -> yessearches
CHR Profile: C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentácie Google) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-30]
CHR Extension: (Dokumenty Google) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-30]
CHR Extension: (Disk Google) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-30]
CHR Extension: (YouTube) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-30]
CHR Extension: (Google Search) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Tabuľky Google) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-30]
CHR Extension: (Vzdialená plocha Chrome) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-10-30]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-01]
CHR Extension: (Google Play Music) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2015-10-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-30]
CHR Extension: (Gmail) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-30]
CHR HKLM\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

Opera:
=======
StartMenuInternet: (HKLM) Operabeta - C:\Program Files (x86)\Opera beta\Launcher.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Qualcomm Atheros QCA9377 Wireless LAN & Bluetooth Installer\Bluetooth Suite\adminservice.exe [305664 2015-01-27] (Qualcomm Atheros) [File not signed]
S2 BugreportW; C:\Program Files (x86)\yesbnd\mbat.exe [988240 2016-04-14] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2016-01-14] (Acer Incorporated)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe [69016 2016-03-08] (Spoločnosť Google Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-17] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-17] (Dropbox, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2015-01-29] (Acer Incorporated)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-11-20] (WildTangent)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
S2 GoogleChromeUpService; C:\ProgramData\service.exe [1747456 2016-04-17] () [File not signed]
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [370064 2015-10-14] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation)
S2 jjcscheduleservice; C:\Program Files (x86)\Jejochclipasp\jjcscheduleservice.exe [310840 2016-04-15] ()
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625632 2015-07-22] (Lenovo)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [455912 2014-12-31] (Acer Incorporate)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1872808 2015-11-27] (Maxthon)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-02] (Electronic Arts)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [476904 2015-02-04] (Acer Incorporated)
R2 REACHit; C:\Program Files\REACHit\REACHit.exe [383488 2016-04-17] () [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-10-08] ()
R2 rijufoze; C:\Program Files (x86)\14C99AE2-1460895472-8942-9C0B-2C600C85C4F1\hnsw9494.tmp [138240 2016-04-17] () [File not signed]
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2015-02-04] (Acer Incorporated)
R2 rocufyky; C:\Program Files (x86)\14C99AE2-1460895472-8942-9C0B-2C600C85C4F1\jnsw7B2E.tmp [389632 2016-04-17] () [File not signed]
R2 SavevidService; C:\Program Files (x86)\Savevid\SavevidService.exe [796160 2014-08-14] ()
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [465088 2016-03-01] ()
S2 SstrprSrv; C:\Program Files (x86)\Sosition\SstrprSrv.exe [310360 2016-04-14] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [242944 2015-01-07] (acer)
R2 uydate; C:\Users\Tibor\AppData\Local\Citytech.exe [28160 2016-04-17] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 zigipyro; C:\Users\Tibor\AppData\Local\14C99AE2-1460902902-8942-9C0B-2C600C85C4F1\qnsiD288.tmp [158720 2015-12-26] () [File not signed]
R2 legyvumuzbt; C:\Program Files (x86)\14C99AE2-1460895472-8942-9C0B-2C600C85C4F1\knsr6241.tmpfs [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 EagleX64; C:\WINDOWS\system32\drivers\EagleX64.sys [145656 2015-11-23] (AhnLab, Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-13] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [251632 2015-07-13] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [178520 2015-07-13] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [231520 2015-07-13] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [53360 2015-07-13] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [72400 2015-07-13] (ESET)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-18] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2327040 2015-10-30] (Qualcomm Atheros, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-18] (Acer Incorporated)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410880 2015-07-03] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [56520 2015-09-18] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-17 14:33 - 2016-04-17 14:34 - 00036474 _____ C:\Users\Tibor\Desktop\FRST.txt
2016-04-17 14:33 - 2016-04-17 14:33 - 00000000 ____D C:\FRST
2016-04-17 14:32 - 2016-04-17 14:32 - 00112640 _____ (forum.viry.cz) C:\Users\Tibor\Desktop\FRSTLauncher.exe
2016-04-17 14:29 - 2016-04-17 14:29 - 02375168 _____ (Farbar) C:\Users\Tibor\Desktop\FRST64.exe
2016-04-17 14:25 - 2016-04-17 14:26 - 00000000 ____D C:\Users\Tibor\AppData\Local\app
2016-04-17 14:23 - 2016-04-17 14:23 - 00001784 ____R C:\Users\Tibor\Desktop\Yeabeats Browser.lnk
2016-04-17 14:23 - 2016-04-14 18:08 - 01274368 _____ C:\ProgramData\MiniFriv01.exe
2016-04-17 14:23 - 2016-04-06 00:37 - 00114176 _____ C:\ProgramData\hp.exe
2016-04-17 14:22 - 2016-04-17 14:30 - 00000000 ____D C:\Program Files (x86)\Yeaplayer
2016-04-17 14:22 - 2016-04-17 14:22 - 01747456 _____ C:\ProgramData\service.exe
2016-04-17 14:22 - 2016-04-17 14:22 - 00001314 _____ C:\ProgramData\webad.xml
2016-04-17 14:22 - 2016-04-17 14:22 - 00001102 _____ C:\Users\Public\Desktop\Yeaplayer.lnk
2016-04-17 14:22 - 2016-04-17 14:22 - 00000612 _____ C:\WINDOWS\Tasks\PPTAssistantUpdateTask_Tibor.job
2016-04-17 14:22 - 2016-04-17 14:22 - 00000342 _____ C:\WINDOWS\Tasks\PPTAssistantNotifyTask_Tibor.job
2016-04-17 14:22 - 2016-04-17 14:22 - 00000000 ____D C:\Users\Tibor\AppData\Roaming\pptassist
2016-04-17 14:22 - 2016-04-17 14:22 - 00000000 ____D C:\Users\Tibor\AppData\Roaming\LightGate
2016-04-17 14:22 - 2016-04-17 14:22 - 00000000 ____D C:\Users\Tibor\AppData\Local\Yeaplayer
2016-04-17 14:22 - 2016-04-17 14:22 - 00000000 ____D C:\Users\Tibor\AppData\Local\PPTAssist
2016-04-17 14:22 - 2016-04-17 14:22 - 00000000 ____D C:\Users\Public\Thunder Network
2016-04-17 14:22 - 2016-04-17 14:22 - 00000000 ____D C:\ProgramData\Thunder Network
2016-04-17 14:22 - 2016-04-17 14:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yeaplayer
2016-04-17 14:22 - 2016-04-17 14:22 - 00000000 ____D C:\ProgramData\kingsoft
2016-04-17 14:22 - 2016-04-17 14:22 - 00000000 _____ C:\Users\Tibor\AppData\Roaming\svrupg.exe
2016-04-17 14:22 - 2016-04-13 23:51 - 01920000 _____ C:\ProgramData\msiql.exe
2016-04-17 14:22 - 2015-12-04 16:14 - 01081344 _____ C:\ProgramData\LightGate.exe
2016-04-17 14:22 - 2015-11-25 18:31 - 01100288 _____ C:\ProgramData\HomePage.exe
2016-04-17 14:21 - 2016-04-17 14:25 - 00000000 ____D C:\Program Files (x86)\CleanBrowser
2016-04-17 14:21 - 2016-04-17 14:22 - 00000000 ____D C:\Users\Tibor\AppData\Roaming\UPUpdata
2016-04-17 14:21 - 2016-04-17 14:21 - 02540544 _____ C:\Users\Tibor\Desktop\TELESA.ppt
2016-04-17 14:21 - 2016-04-17 14:21 - 00000101 ____H C:\Users\Tibor\Desktop\.~lock.TELESA.ppt#
2016-04-17 14:21 - 2016-04-17 14:21 - 00000000 ____D C:\Users\Tibor\AppData\Local\14C99AE2-1460902902-8942-9C0B-2C600C85C4F1
2016-04-17 14:21 - 2016-04-17 14:21 - 00000000 ____D C:\Program Files (x86)\badu
2016-04-17 14:19 - 2016-04-17 14:19 - 07360512 _____ C:\Users\Tibor\Desktop\3D_telesa.ppt
2016-04-17 14:18 - 2016-04-17 14:18 - 00041472 _____ C:\Users\Tibor\AppData\Local\Citytech.dat
2016-04-17 14:18 - 2016-04-17 14:18 - 00028160 _____ C:\Users\Tibor\AppData\Local\Citytech.exe
2016-04-17 14:18 - 2016-04-17 14:18 - 00001072 _____ C:\Users\Tibor\Desktop\Get Random Viral.lnk
2016-04-17 14:18 - 2016-04-17 14:18 - 00001048 _____ C:\Users\Tibor\Desktop\Google Search.lnk
2016-04-17 14:18 - 2016-04-17 14:18 - 00000187 _____ C:\Users\Tibor\AppData\Local\Citytech.exe.config
2016-04-17 14:18 - 2016-04-17 14:18 - 00000000 ____D C:\Program Files\REACHit
2016-04-17 14:18 - 2016-04-17 14:16 - 00001008 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2016-04-17 14:17 - 2016-04-17 14:32 - 00000290 __RSH C:\ProgramData\ntuser.pol
2016-04-17 14:17 - 2016-04-17 14:18 - 00000000 ____D C:\Program Files (x86)\14C99AE2-1460895472-8942-9C0B-2C600C85C4F1
2016-04-17 14:17 - 2016-04-17 14:17 - 00000000 ____D C:\Users\Tibor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2016-04-17 14:15 - 2016-04-17 14:31 - 00000000 ____D C:\Users\Tibor\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-04-17 14:15 - 2016-04-17 14:31 - 00000000 ____D C:\Program Files (x86)\yesbnd
2016-04-17 14:15 - 2016-04-17 14:15 - 00014718 _____ C:\WINDOWS\System32\Tasks\Jejochclipasp Schedule
2016-04-17 14:15 - 2016-04-17 14:15 - 00000000 ____D C:\Program Files (x86)\Jejochclipasp
2016-04-17 14:14 - 2016-04-17 14:14 - 00014606 _____ C:\WINDOWS\System32\Tasks\Sosition Reports
2016-04-17 14:14 - 2016-04-17 14:14 - 00003530 _____ C:\WINDOWS\System32\Tasks\{FC53894F-D6D8-479E-A30E-51BE0DEA2EA1}
2016-04-17 14:14 - 2016-04-17 14:14 - 00000000 ____D C:\Users\Public\Documents\dmp
2016-04-17 14:14 - 2016-04-17 14:14 - 00000000 ____D C:\Program Files (x86)\Sosition
2016-04-17 14:14 - 2016-04-17 14:14 - 00000000 ____D C:\Program Files (x86)\KMSPico
2016-04-17 14:14 - 2016-04-17 14:14 - 00000000 ____D C:\Program Files (x86)\hohobnd
2016-04-17 14:11 - 2016-04-17 14:11 - 00000101 ____H C:\Users\Tibor\Desktop\.~lock.Stereometria.ppt#
2016-04-17 13:48 - 2016-04-17 13:48 - 04103168 _____ C:\Users\Tibor\Desktop\46_Stereometria,rezy_telies.Fodor.3.F.ppt
2016-04-17 13:48 - 2016-04-17 13:48 - 01057280 _____ C:\Users\Tibor\Desktop\Stereometria.ppt
2016-04-17 13:48 - 2016-04-17 13:48 - 00647168 _____ C:\Users\Tibor\Desktop\stereometria(1).ppt
2016-04-17 13:47 - 2016-04-17 13:47 - 01351333 _____ C:\Users\Tibor\Desktop\66_Stereometria,_rezy_telies.pptx
2016-04-17 13:37 - 2016-04-17 13:37 - 00258927 _____ C:\Users\Tibor\Desktop\STEREOMETRIA(1).pptx
2016-04-17 13:36 - 2016-04-17 13:36 - 00000000 ____D C:\Users\Tibor\Desktop\maturitne otazky
2016-04-17 13:25 - 2016-04-17 13:25 - 00000000 _____ C:\Users\Tibor\Desktop\Nový textový dokument.txt
2016-04-17 11:32 - 2016-04-17 11:32 - 00001404 _____ C:\Users\Public\Desktop\Worms Revolution.lnk
2016-04-17 09:38 - 2016-04-17 11:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Team 17
2016-04-17 09:38 - 2016-04-17 09:38 - 00001464 _____ C:\Users\Public\Desktop\Worms Reloaded GOTY.lnk
2016-04-17 09:35 - 2016-04-17 11:30 - 00000000 ____D C:\Program Files (x86)\Team 17
2016-04-17 09:31 - 2016-04-17 09:31 - 00000000 ____D C:\Users\Tibor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
2016-04-17 09:31 - 2016-04-17 09:31 - 00000000 ____D C:\Program Files (x86)\MagicISO
2016-04-17 09:22 - 2016-04-17 09:22 - 00000000 ____D C:\Users\Tibor\AppData\LocalLow\uTorrent
2016-04-16 10:50 - 2016-04-16 10:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-13 18:00 - 2016-03-29 12:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-13 18:00 - 2016-03-29 12:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 18:00 - 2016-03-29 12:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-13 18:00 - 2016-03-29 11:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-13 18:00 - 2016-03-29 10:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-13 18:00 - 2016-03-29 10:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-13 18:00 - 2016-03-29 10:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-13 18:00 - 2016-03-29 10:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-13 18:00 - 2016-03-29 09:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-13 18:00 - 2016-03-29 09:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-13 18:00 - 2016-03-29 09:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-13 18:00 - 2016-03-29 09:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-13 18:00 - 2016-03-29 09:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-13 18:00 - 2016-03-29 09:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-13 18:00 - 2016-03-29 09:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-13 18:00 - 2016-03-29 09:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-13 18:00 - 2016-03-29 09:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-13 18:00 - 2016-03-29 09:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-13 18:00 - 2016-03-29 09:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-13 18:00 - 2016-03-29 09:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-13 18:00 - 2016-03-29 09:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-13 18:00 - 2016-03-29 09:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-13 18:00 - 2016-03-29 08:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-13 18:00 - 2016-03-29 08:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-13 18:00 - 2016-03-29 08:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-13 18:00 - 2016-03-29 08:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-13 18:00 - 2016-03-29 08:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-13 18:00 - 2016-03-29 08:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-13 18:00 - 2016-03-29 08:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-13 18:00 - 2016-03-29 08:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-13 18:00 - 2016-03-29 08:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-13 18:00 - 2016-03-29 08:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-13 18:00 - 2016-03-29 08:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 18:00 - 2016-03-29 08:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-13 18:00 - 2016-03-29 08:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-13 18:00 - 2016-03-29 07:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-13 18:00 - 2016-03-29 07:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-13 18:00 - 2016-03-29 07:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-13 18:00 - 2016-03-29 07:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-13 18:00 - 2016-03-29 07:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-13 18:00 - 2016-03-29 07:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-13 18:00 - 2016-03-29 07:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-13 18:00 - 2016-03-29 07:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-13 18:00 - 2016-03-29 07:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-13 18:00 - 2016-03-29 07:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-13 17:59 - 2016-04-02 06:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-13 17:59 - 2016-04-02 06:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-13 17:59 - 2016-04-02 06:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-13 17:59 - 2016-04-02 06:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-13 17:59 - 2016-04-02 05:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-13 17:59 - 2016-04-02 05:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-13 17:59 - 2016-04-02 05:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-13 17:59 - 2016-04-02 05:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-13 17:59 - 2016-04-02 05:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-13 17:59 - 2016-04-02 05:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-13 17:59 - 2016-04-02 05:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-13 17:59 - 2016-04-02 05:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-13 17:59 - 2016-04-02 05:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-13 17:59 - 2016-04-02 05:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-13 17:59 - 2016-04-02 05:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-13 17:59 - 2016-04-02 05:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-13 17:59 - 2016-04-02 05:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-13 17:59 - 2016-04-02 05:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-13 17:59 - 2016-04-02 05:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-13 17:59 - 2016-04-02 05:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-13 17:59 - 2016-04-02 05:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-13 17:59 - 2016-03-29 12:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-13 17:59 - 2016-03-29 12:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 17:59 - 2016-03-29 12:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 17:59 - 2016-03-29 12:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 17:59 - 2016-03-29 12:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 17:59 - 2016-03-29 12:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-13 17:59 - 2016-03-29 12:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-13 17:59 - 2016-03-29 12:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-13 17:59 - 2016-03-29 12:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-13 17:59 - 2016-03-29 12:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-13 17:59 - 2016-03-29 11:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-13 17:59 - 2016-03-29 11:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-13 17:59 - 2016-03-29 11:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-13 17:59 - 2016-03-29 11:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-13 17:59 - 2016-03-29 11:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-13 17:59 - 2016-03-29 11:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-13 17:59 - 2016-03-29 11:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-13 17:59 - 2016-03-29 11:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-13 17:59 - 2016-03-29 11:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-13 17:59 - 2016-03-29 11:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-13 17:59 - 2016-03-29 11:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-13 17:59 - 2016-03-29 11:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-13 17:59 - 2016-03-29 11:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-13 17:59 - 2016-03-29 11:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-13 17:59 - 2016-03-29 11:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-13 17:59 - 2016-03-29 11:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-13 17:59 - 2016-03-29 11:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-13 17:59 - 2016-03-29 10:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-13 17:59 - 2016-03-29 10:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-13 17:59 - 2016-03-29 10:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-13 17:59 - 2016-03-29 10:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-13 17:59 - 2016-03-29 10:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-13 17:59 - 2016-03-29 10:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-13 17:59 - 2016-03-29 10:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-13 17:59 - 2016-03-29 10:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-13 17:59 - 2016-03-29 10:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-13 17:59 - 2016-03-29 10:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-13 17:59 - 2016-03-29 10:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-13 17:59 - 2016-03-29 10:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-13 17:59 - 2016-03-29 10:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-13 17:59 - 2016-03-29 10:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-13 17:59 - 2016-03-29 09:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-13 17:59 - 2016-03-29 09:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-13 17:59 - 2016-03-29 09:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-13 17:59 - 2016-03-29 09:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-13 17:59 - 2016-03-29 09:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-13 17:59 - 2016-03-29 09:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-13 17:59 - 2016-03-29 09:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-13 17:59 - 2016-03-29 09:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-13 17:59 - 2016-03-29 09:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-13 17:59 - 2016-03-29 09:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-13 17:59 - 2016-03-29 09:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-13 17:59 - 2016-03-29 09:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-13 17:59 - 2016-03-29 09:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-13 17:59 - 2016-03-29 09:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-13 17:59 - 2016-03-29 09:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-13 17:59 - 2016-03-29 09:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-13 17:59 - 2016-03-29 09:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-13 17:59 - 2016-03-29 09:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-13 17:59 - 2016-03-29 09:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-13 17:59 - 2016-03-29 09:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 17:59 - 2016-03-29 09:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-13 17:59 - 2016-03-29 09:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-13 17:59 - 2016-03-29 09:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-13 17:59 - 2016-03-29 09:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-13 17:59 - 2016-03-29 09:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-13 17:59 - 2016-03-29 09:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-13 17:59 - 2016-03-29 09:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-13 17:59 - 2016-03-29 09:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 17:59 - 2016-03-29 09:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-13 17:59 - 2016-03-29 09:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-13 17:59 - 2016-03-29 09:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-13 17:59 - 2016-03-29 09:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-13 17:59 - 2016-03-29 09:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-13 17:59 - 2016-03-29 09:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-13 17:59 - 2016-03-29 09:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-13 17:59 - 2016-03-29 09:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-13 17:59 - 2016-03-29 09:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-13 17:59 - 2016-03-29 09:14 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-04-13 17:59 - 2016-03-29 09:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-13 17:59 - 2016-03-29 09:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-13 17:59 - 2016-03-29 09:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-13 17:59 - 2016-03-29 09:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-13 17:59 - 2016-03-29 09:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-13 17:59 - 2016-03-29 09:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-13 17:59 - 2016-03-29 09:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-13 17:59 - 2016-03-29 09:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-13 17:59 - 2016-03-29 09:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-13 17:59 - 2016-03-29 09:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-13 17:59 - 2016-03-29 09:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-13 17:59 - 2016-03-29 09:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 17:59 - 2016-03-29 09:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-13 17:59 - 2016-03-29 09:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-13 17:59 - 2016-03-29 09:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-13 17:59 - 2016-03-29 09:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-13 17:59 - 2016-03-29 09:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-13 17:59 - 2016-03-29 09:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-13 17:59 - 2016-03-29 09:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-13 17:59 - 2016-03-29 08:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-13 17:59 - 2016-03-29 08:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-13 17:59 - 2016-03-29 08:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-13 17:59 - 2016-03-29 08:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-13 17:59 - 2016-03-29 08:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-13 17:59 - 2016-03-29 08:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-13 17:59 - 2016-03-29 08:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-13 17:59 - 2016-03-29 08:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-13 17:59 - 2016-03-29 08:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-13 17:59 - 2016-03-29 08:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-13 17:59 - 2016-03-29 08:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-13 17:59 - 2016-03-29 08:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 17:59 - 2016-03-29 08:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-13 17:59 - 2016-03-29 08:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-13 17:59 - 2016-03-29 08:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-13 17:59 - 2016-03-29 08:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-13 17:59 - 2016-03-29 08:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-13 17:59 - 2016-03-29 08:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-13 17:59 - 2016-03-29 08:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-13 17:59 - 2016-03-29 08:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-13 17:59 - 2016-03-29 08:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-13 17:59 - 2016-03-29 08:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-13 17:59 - 2016-03-29 08:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-13 17:59 - 2016-03-29 08:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 17:59 - 2016-03-29 08:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-13 17:59 - 2016-03-29 08:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-13 17:59 - 2016-03-29 08:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-13 17:59 - 2016-03-29 08:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-13 17:59 - 2016-03-29 08:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-13 17:59 - 2016-03-29 08:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-13 17:59 - 2016-03-29 08:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-13 17:59 - 2016-03-29 08:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-13 17:59 - 2016-03-29 08:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-13 17:59 - 2016-03-29 08:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-13 17:59 - 2016-03-29 08:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-13 17:59 - 2016-03-29 08:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-13 17:59 - 2016-03-29 08:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-13 17:59 - 2016-03-29 08:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-13 17:59 - 2016-03-29 08:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-13 17:59 - 2016-03-29 08:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-13 17:59 - 2016-03-29 08:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-13 17:59 - 2016-03-29 08:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-13 17:59 - 2016-03-29 08:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-13 17:59 - 2016-03-29 08:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-13 17:59 - 2016-03-29 08:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-13 17:59 - 2016-03-29 08:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-13 17:59 - 2016-03-29 08:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-13 17:59 - 2016-03-29 08:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-13 17:59 - 2016-03-29 08:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-13 17:59 - 2016-03-29 08:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-13 17:59 - 2016-03-29 08:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 17:59 - 2016-03-29 08:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-13 17:59 - 2016-03-29 08:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-13 17:59 - 2016-03-29 07:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-13 17:59 - 2016-03-29 07:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-13 17:59 - 2016-03-29 07:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-13 17:59 - 2016-03-29 07:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-13 17:59 - 2016-03-29 07:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-13 17:59 - 2016-03-29 07:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-13 17:59 - 2016-03-29 07:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-13 17:59 - 2016-03-29 07:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-13 17:59 - 2016-03-29 07:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-13 17:59 - 2016-03-29 07:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-13 17:59 - 2016-03-29 07:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-13 17:58 - 2016-04-02 05:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-13 17:58 - 2016-04-02 05:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-13 17:58 - 2016-03-29 10:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-13 17:58 - 2016-03-29 10:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-13 17:58 - 2016-03-29 10:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-13 17:58 - 2016-03-29 10:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-13 17:58 - 2016-03-29 10:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-13 17:58 - 2016-03-29 10:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-13 17:58 - 2016-03-29 10:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-13 17:58 - 2016-03-29 10:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-13 17:58 - 2016-03-29 09:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-13 17:58 - 2016-03-29 09:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-13 17:58 - 2016-03-29 09:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 17:58 - 2016-03-29 09:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-13 17:58 - 2016-03-29 09:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-13 17:58 - 2016-03-29 09:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-13 17:58 - 2016-03-29 09:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-13 17:58 - 2016-03-29 09:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 17:58 - 2016-03-29 09:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-13 17:58 - 2016-03-29 09:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-13 17:58 - 2016-03-29 09:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-13 17:58 - 2016-03-29 09:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-13 17:58 - 2016-03-29 09:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-13 17:58 - 2016-03-29 09:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-13 17:58 - 2016-03-29 09:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-13 17:58 - 2016-03-29 09:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-13 17:58 - 2016-03-29 09:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-13 17:58 - 2016-03-29 09:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-13 17:58 - 2016-03-29 09:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-13 17:58 - 2016-03-29 09:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-13 17:58 - 2016-03-29 09:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-13 17:58 - 2016-03-29 09:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-13 17:58 - 2016-03-29 09:14 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-04-13 17:58 - 2016-03-29 09:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-13 17:58 - 2016-03-29 09:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-13 17:58 - 2016-03-29 09:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-13 17:58 - 2016-03-29 09:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-13 17:58 - 2016-03-29 09:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-13 17:58 - 2016-03-29 09:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 17:58 - 2016-03-29 09:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-13 17:58 - 2016-03-29 09:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-13 17:58 - 2016-03-29 09:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-13 17:58 - 2016-03-29 09:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-13 17:58 - 2016-03-29 08:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-13 17:58 - 2016-03-29 08:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-13 17:58 - 2016-03-29 08:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-13 17:58 - 2016-03-29 08:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-13 17:58 - 2016-03-29 08:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-13 17:58 - 2016-03-29 08:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-13 17:58 - 2016-03-29 08:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-13 17:58 - 2016-03-29 08:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-13 17:58 - 2016-03-29 08:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-13 17:58 - 2016-03-29 08:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-13 17:58 - 2016-03-29 07:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-13 17:58 - 2016-03-29 07:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-13 17:58 - 2016-03-29 07:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-13 17:58 - 2016-03-29 07:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-13 17:58 - 2016-03-29 07:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-13 17:58 - 2016-03-29 07:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-13 15:39 - 2016-04-13 15:40 - 00000000 ____D C:\Users\Tibor\AppData\Local\Viber
2016-04-11 21:31 - 2016-04-11 21:31 - 00258927 _____ C:\Users\Tibor\Desktop\STEREOMETRIA.pptx
2016-03-31 17:52 - 2016-03-31 17:54 - 47352459 _____ C:\Users\Tibor\Desktop\civic-1996-2000-ek3-ek5-ej5-ej9-servisni-manual.PDF
2016-03-24 09:37 - 2016-03-24 09:37 - 00000101 ____H C:\Users\Tibor\Desktop\.~lock.Nová položka OpenDocument Text.odt#

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-17 14:35 - 2015-09-17 18:20 - 00000956 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-17 14:33 - 2015-09-17 18:33 - 00000000 ____D C:\Users\Tibor\AppData\Roaming\uTorrent
2016-04-17 14:31 - 2015-10-30 18:14 - 00002229 _____ C:\Users\Tibor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-17 14:24 - 2015-11-16 18:44 - 00000000 ____D C:\Users\Tibor\AppData\Local\CrashDumps
2016-04-17 14:22 - 2016-01-02 13:25 - 00001994 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-17 14:22 - 2016-01-02 13:25 - 00001982 ____R C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-04-17 14:22 - 2015-10-30 18:14 - 00002269 ____R C:\Users\Tibor\Desktop\Google Chrome.lnk
2016-04-17 14:22 - 2015-09-17 18:10 - 00001211 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera beta.lnk
2016-04-17 14:22 - 2015-09-17 18:10 - 00001149 ____R C:\Users\Public\Desktop\Maxthon Cloud Browser.lnk
2016-04-17 14:18 - 2015-10-03 21:10 - 00000000 ____D C:\Users\Tibor\Downloads\scars & souvenirs
2016-04-17 14:17 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-04-17 14:17 - 2013-08-22 17:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-04-17 14:13 - 2015-09-22 09:13 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-17 13:47 - 2015-09-17 18:42 - 00000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-04-17 12:46 - 2015-09-18 14:58 - 00000000 ____D C:\Users\Tibor\AppData\Roaming\Spotify
2016-04-17 09:39 - 2015-09-20 21:19 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-17 08:55 - 2015-11-29 19:04 - 00000000 ____D C:\Users\Tibor\AppData\Local\Adobe
2016-04-17 08:55 - 2015-09-17 17:37 - 00000000 ____D C:\Users\Tibor\AppData\Local\SweetLabs App Platform
2016-04-17 08:54 - 2015-09-17 18:05 - 00004190 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8F2A1093-C912-4462-BFFB-7C5D1FD27915}
2016-04-17 08:51 - 2015-09-18 14:58 - 00000000 ____D C:\Users\Tibor\AppData\Local\Spotify
2016-04-17 08:51 - 2015-09-17 18:28 - 00000000 ____D C:\Users\Tibor\AppData\Roaming\ViberPC
2016-04-17 08:51 - 2015-09-17 18:20 - 00000952 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-17 08:50 - 2015-12-30 05:14 - 00000000 ____D C:\Users\Tibor
2016-04-17 08:50 - 2015-12-30 05:09 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-04-17 08:50 - 2015-09-17 18:42 - 00000914 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-04-17 08:50 - 2015-09-17 17:40 - 00000000 __SHD C:\Users\Tibor\IntelGraphicsProfiles
2016-04-16 21:28 - 2015-09-17 18:08 - 00000000 ____D C:\Users\Tibor\AppData\Roaming\Skype
2016-04-16 14:48 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-16 14:48 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-16 10:50 - 2015-03-24 15:04 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-04-15 17:20 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-15 15:55 - 2015-09-17 17:45 - 00002500 _____ C:\Users\Tibor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2016-04-15 15:52 - 2015-10-31 13:17 - 00003372 _____ C:\WINDOWS\System32\Tasks\SweetLabs App Platform
2016-04-15 15:49 - 2015-09-21 16:08 - 00000000 ____D C:\Users\Tibor\AppData\Local\MEGAsync
2016-04-15 15:47 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-15 15:47 - 2015-09-17 22:24 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-15 15:40 - 2015-12-30 05:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-15 15:40 - 2015-12-30 05:04 - 04853872 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-14 22:13 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-14 22:11 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-14 22:11 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-14 22:10 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-14 22:10 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-14 17:22 - 2015-09-17 18:10 - 00003972 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1442506249
2016-04-14 17:22 - 2015-09-17 18:07 - 00000000 ____D C:\Program Files (x86)\Opera beta
2016-04-13 18:15 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-13 18:11 - 2015-09-18 19:12 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 18:06 - 2015-09-18 19:12 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-13 15:50 - 2015-09-17 17:40 - 00000000 ____D C:\Users\Tibor\AppData\Local\Packages
2016-04-13 15:41 - 2015-09-17 18:29 - 00000000 ____D C:\Users\Tibor\Documents\ViberDownloads
2016-04-09 02:43 - 2015-09-18 16:22 - 00000000 ____D C:\Users\Tibor\AppData\Roaming\vlc
2016-04-08 16:57 - 2015-09-21 21:44 - 00000000 ____D C:\Users\Tibor\Desktop\aplikacie
2016-04-08 16:56 - 2015-09-18 16:06 - 00000000 ____D C:\Users\Tibor\Desktop\Tibor
2016-04-08 16:53 - 2015-09-17 21:03 - 00000000 ____D C:\Users\Tibor\Desktop\hudba
2016-04-08 16:52 - 2015-10-30 16:12 - 00000000 ____D C:\Users\Tibor\Desktop\predaj
2016-04-07 19:13 - 2015-09-22 09:13 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-04-06 20:32 - 2015-10-30 09:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 20:32 - 2015-10-30 09:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-01 09:56 - 2015-03-24 15:04 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2016-04-01 09:55 - 2015-03-24 15:04 - 00000000 ____D C:\Program Files (x86)\Acer
2016-04-01 09:53 - 2015-09-17 17:43 - 00000000 ____D C:\Users\Tibor\AppData\Local\clear.fi
2016-03-30 21:36 - 2015-09-17 18:20 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-20 13:10 - 2015-03-24 15:11 - 00000000 ____D C:\ProgramData\Skype

==================== Files in the root of some directories =======

2016-04-17 14:22 - 2016-04-17 14:22 - 0000000 _____ () C:\Users\Tibor\AppData\Roaming\svrupg.exe
2016-04-17 14:18 - 2016-04-17 14:18 - 0041472 _____ () C:\Users\Tibor\AppData\Local\Citytech.dat
2016-04-17 14:18 - 2016-04-17 14:18 - 0028160 _____ () C:\Users\Tibor\AppData\Local\Citytech.exe
2016-04-17 14:18 - 2016-04-17 14:18 - 0000187 _____ () C:\Users\Tibor\AppData\Local\Citytech.exe.config
2015-12-30 05:10 - 2015-12-30 05:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-04-17 14:22 - 2015-11-25 18:31 - 1100288 _____ () C:\ProgramData\HomePage.exe
2016-04-17 14:23 - 2016-04-06 00:37 - 0114176 _____ () C:\ProgramData\hp.exe
2016-04-17 14:22 - 2015-12-04 16:14 - 1081344 _____ () C:\ProgramData\LightGate.exe
2016-04-17 14:23 - 2016-04-14 18:08 - 1274368 _____ () C:\ProgramData\MiniFriv01.exe
2016-04-17 14:22 - 2016-04-13 23:51 - 1920000 _____ () C:\ProgramData\msiql.exe
2016-04-17 14:22 - 2016-04-17 14:22 - 1747456 _____ () C:\ProgramData\service.exe
2016-04-17 14:22 - 2016-04-17 14:22 - 0001314 _____ () C:\ProgramData\webad.xml

Files to move or delete:
====================
C:\ProgramData\HomePage.exe
C:\ProgramData\hp.exe
C:\ProgramData\LightGate.exe
C:\ProgramData\MiniFriv01.exe
C:\ProgramData\msiql.exe
C:\ProgramData\service.exe


Some files in TEMP:
====================
C:\Users\Tibor\AppData\Local\Temp\23333.exe
C:\Users\Tibor\AppData\Local\Temp\5756.tmp.exe
C:\Users\Tibor\AppData\Local\Temp\9BF.tmp.exe
C:\Users\Tibor\AppData\Local\Temp\KMSPico__8154_il106928.exe
C:\Users\Tibor\AppData\Local\Temp\nsr57A8.exe
C:\Users\Tibor\AppData\Local\Temp\oct1AC8.tmp.exe
C:\Users\Tibor\AppData\Local\Temp\oct956B.tmp.exe
C:\Users\Tibor\AppData\Local\Temp\octA5DB.tmp.exe
C:\Users\Tibor\AppData\Local\Temp\octD6A4.tmp.exe
C:\Users\Tibor\AppData\Local\Temp\OfficeAssist.0744.80.1211.exe
C:\Users\Tibor\AppData\Local\Temp\qqpcmgr_v10.11.16588.235_72623_Silence.exe
C:\Users\Tibor\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Tibor\AppData\Local\Temp\Social%20Club%20v1.1.6.9%20Setup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2813316739-561623387-2885406294-1001Core.job => C:\Users\Tibor\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2813316739-561623387-2885406294-1001Core1d1132db007bc4b.job => C:\Users\Tibor\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2813316739-561623387-2885406294-1001Core1d12d29326e7777.job => C:\Users\Tibor\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2813316739-561623387-2885406294-1001Core1d15e4280e9be2c.job => C:\Users\Tibor\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\PPTAssistantNotifyTask_Tibor.job => C:\Users\Tibor\AppData\Local\PPTAssist\notify.exe
Task: C:\WINDOWS\Tasks\PPTAssistantUpdateTask_Tibor.job => C:\Users\Tibor\AppData\Local\PPTAssist\assistupdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Tibor\Desktop" je 96685 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]


==================== End Of Log ==============================

Re: Preventivka T-Bag

Napsal: 18 dub 2016 12:28
od Roli
Zdravím, ty cracky na produkty Microsoftu tam máš proč ?

Re: Preventivka T-Bag

Napsal: 18 dub 2016 17:31
od T-Bag
zdravím, neviem aké, ak tam nejake su kľudne ich ich zmažem. Používam Open Office a windows mam legálny.

Re: Preventivka T-Bag

Napsal: 19 dub 2016 13:46
od Roli
Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:files
C:\Users\Tibor\AppData\Local\Temp\KMSPico__8154_il106928.exe
C:\Program Files (x86)\KMSPico

:commands
[purity]
[emptytemp]
[start explorer]
klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem zkopíruj obsah logu uloženého na C:\_OTMoveIt\MovedFiles\


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Stáhni a spusť AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem jej spusť,

objeví se okno kde vlevo nahoře klikni na Scan.

Po dokončení skenu klikni na Clean,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té mi sem zkopíruj Report.


Nakonec použij Mbam z mého podpisu a dej mi sem z něj log po smazání.

Re: Preventivka T-Bag

Napsal: 19 dub 2016 14:09
od T-Bag
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\Users\Tibor\AppData\Local\Temp\KMSPico__8154_il106928.exe not found.
C:\Program Files (x86)\KMSPico folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default.migrated

User: Public

User: Tibor

Re: Preventivka T-Bag

Napsal: 19 dub 2016 15:11
od T-Bag
# AdwCleaner v5.112 - Logfile created 19/04/2016 at 16:05:01
# Updated 17/04/2016 by Xplode
# Database : 2016-04-19.4 [Server]
# Operating system : Windows 10 Home (X64)
# Username : Tibor - TIBOR
# Running from : C:\Users\Tibor\Desktop\adwcleaner_5.112.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : SavevidService
[-] Service Deleted : sp_rsdrv2
[-] Service Deleted : BugreportW
[-] Service Deleted : SstrprSrv
[-] Service Deleted : jjcscheduleservice
[-] Service Deleted : legyvumuzbt

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\Booking.com
[-] Folder Deleted : C:\Program Files (x86)\Burn4Free
[-] Folder Deleted : C:\Program Files (x86)\Savevid
[-] Folder Deleted : C:\Program Files (x86)\CleanBrowser
[-] Folder Deleted : C:\Program Files (x86)\Sosition
[-] Folder Deleted : C:\Program Files (x86)\hohobnd
[-] Folder Deleted : C:\Program Files (x86)\yesbnd
[-] Folder Deleted : C:\Program Files (x86)\14C99AE2-1460895472-8942-9C0B-2C600C85C4F1
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Burn4Free
[-] Folder Deleted : C:\Users\Tibor\AppData\Local\SweetLabs App Platform
[-] Folder Deleted : C:\Users\Tibor\AppData\Local\pptassist
[-] Folder Deleted : C:\Users\Tibor\AppData\Local\14C99AE2-1460902902-8942-9C0B-2C600C85C4F1
[-] Folder Deleted : C:\Users\Tibor\AppData\Local\VirtualStore\Program Files (x86)\Burn4Free
[-] Folder Deleted : C:\Users\Tibor\AppData\Roaming\RPEng
[-] Folder Deleted : C:\Users\Tibor\AppData\Roaming\pptassist
[-] Folder Deleted : C:\Users\Tibor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage

***** [ Files ] *****

[-] File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
[-] File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
[-] File Deleted : C:\Users\Tibor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
[-] File Deleted : C:\Users\Tibor\AppData\Roaming\Mozilla\Firefox\Profiles\8kvdukb7.default\searchplugins\dd1b66d4.xml
[-] File Deleted : C:\Users\Tibor\Desktop\Google Search.lnk
[-] File Deleted : C:\Users\Tibor\Desktop\Get Random Viral.lnk

***** [ DLLs ] *****


***** [ Shortcuts ] *****

[-] Shortcut Disinfected : C:\Users\Public\Desktop\Maxthon Cloud Browser.lnk
[-] Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera beta.lnk
[-] Shortcut Disinfected : C:\Users\Tibor\Desktop\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\Tibor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Shortcut Disinfected : C:\Users\Tibor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Maxthon Cloud Browser.lnk
[-] Shortcut Disinfected : C:\Users\Tibor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera beta.lnk

***** [ Scheduled tasks ] *****

[-] Task Deleted : SweetLabs App Platform
[-] Task Deleted : ACC
[-] Task Deleted : Sosition Reports
[-] Task Deleted : Jejochclipasp Schedule

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\Directory\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\Drive\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\lnkfile\shell\pokki
[-] Key Deleted : HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
[-] Key Deleted : HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Key Deleted : HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fcgnigmofekcllgbiejhmigggmgehkip
[-] Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\fcgnigmofekcllgbiejhmigggmgehkip
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8FF10FED-2F0A-4F7F-BE87-B04F1DCD4319}
[-] Key Deleted : HKCU\Software\Burn4Free
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls
[-] Key Deleted : HKCU\Software\OB
[-] Key Deleted : HKCU\Software\SweetLabs App Platform
[-] Key Deleted : HKCU\Software\torch
[-] Key Deleted : HKCU\Software\TutoTag
[-] Key Deleted : HKCU\Software\PPTAssist
[-] Key Deleted : HKLM\SOFTWARE\downchecker
[-] Key Deleted : HKLM\SOFTWARE\torch
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\yessearchesSoftware
[-] Key Deleted : HKLM\SOFTWARE\hohosearchSoftware
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PopupProduct
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CleanBrowser
[-] Key Deleted : [x64] HKLM\SOFTWARE\downchecker
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKU\S-1-5-21-2813316739-561623387-2885406294-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon [Userinit]

***** [ Web browsers ] *****

[-] [C:\Users\Tibor\AppData\Roaming\Mozilla\Firefox\Profiles\8kvdukb7.default\prefs.js] Deleted : user_pref("browser.newtab.url", "hxxp://www.yessearches.com/?ts=AHEqA3UtBHAoAE. ... ode=ffseng");
[-] [C:\Users\Tibor\AppData\Roaming\Mozilla\Firefox\Profiles\8kvdukb7.default\prefs.js] Deleted : user_pref("browser.search.defaultenginename", "yessearches");
[-] [C:\Users\Tibor\AppData\Roaming\Mozilla\Firefox\Profiles\8kvdukb7.default\prefs.js] Deleted : user_pref("browser.search.searchengine.hp", "hxxp://www.yessearches.com/?ts=AHEqA3UtBHAoAE. ... =ffsengext");
[-] [C:\Users\Tibor\AppData\Roaming\Mozilla\Firefox\Profiles\8kvdukb7.default\prefs.js] Deleted : user_pref("browser.search.searchengine.sp", "hxxp://www.yessearches.com/chrome.php?mode=ffs ... v=20160415");
[-] [C:\Users\Tibor\AppData\Roaming\Mozilla\Firefox\Profiles\8kvdukb7.default\prefs.js] Deleted : user_pref("browser.search.searchengine.url", "hxxp://www.yessearches.com/chrome.php?mode=ffs ... v=20160415");
[-] [C:\Users\Tibor\AppData\Roaming\Mozilla\Firefox\Profiles\8kvdukb7.default\prefs.js] Deleted : user_pref("browser.search.selectedEngine", "yessearches");
[-] [C:\Users\Tibor\AppData\Roaming\Mozilla\Firefox\Profiles\8kvdukb7.default\prefs.js] Deleted : user_pref("browser.startup.homepage", "hxxp://www.yessearches.com/?ts=AHEqA3UtBHAoAE. ... ode=ffseng");

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [7360 bytes] - [19/04/2016 16:05:01]
C:\AdwCleaner\AdwCleaner[S1].txt - [8078 bytes] - [19/04/2016 15:57:37]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7506 bytes] ##########

Re: Preventivka T-Bag

Napsal: 20 dub 2016 13:22
od Roli
Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!

tímto po sobě uklidí.


Ještě si počkám na ten Mbam.

Re: Preventivka T-Bag

Napsal: 20 dub 2016 18:39
od T-Bag
v prilohe.

Re: Preventivka T-Bag

Napsal: 20 dub 2016 19:07
od Roli
No nazdar, vše si doufám smazal ?


Spusť skener Cure It podle TOHOTO návodu

po skončení skenu mi sem nakopíruj výsledky - stačí konec logu se souhrnem.

(Upozornění je úchylně pomalý a je zapotřebí ho sledovat občas se na něco ptá)

Re: Preventivka T-Bag

Napsal: 20 dub 2016 20:04
od T-Bag
zmazano.

No nastali nejake komplikacie:

Po štarte my nabehla čierna obrazovka, musel som ju nahodiť cez novu ulohu "explorer.exe".
Nefunguje my menu štartu, všetko ostatne v spodnej lište funguje.
Po nabehnuti systemu my naskoči erorr okienko pri dalšom reštarte napíšem čo presne to píše.

Uznávam že to už neni vaša záležitosť tak potom budem hľadať riešenia,v prvom rade nech je čistý.

Re: Preventivka T-Bag

Napsal: 21 dub 2016 16:25
od Roli
No ono tam bylo dost havěti, tak je možné, že něco poškodila. Určitě mi sem písni co vyhazuje za errory a zkusíme s tím něco udělat.

Re: Preventivka T-Bag

Napsal: 23 dub 2016 21:23
od T-Bag
ten error už my nechce ukazať.

No najviac ma asi štve že my nenačita normalne obrazovku, ako som už písal musim ju nahodiť manual cez novu ulohu explorer.exe
A dalšia vec čo som si všimol nefunguje my zakladne aplikacie na zobrazenie foto, pdf , prehratie hudby.

Ešte mam pocit že tu ostala nejaka havet (vytažený DISK, zamrzol).

Re: Preventivka T-Bag

Napsal: 25 dub 2016 14:12
od Roli
Fakt to vypadá, že systém poškodila ta spousta havěti cos tam měl, asi bych si zálohoval důležité věci a udělal novou čistou instalaci.

Re: Preventivka T-Bag

Napsal: 01 čer 2016 09:08
od T-Bag
zdravím, tak konečne už mam viac času a chcel by som urobit novu inštalaciu.

Problém nastáva že mam W10 (aktualizoval som z W8.1) a samozrejme predajda my nepribalil inštalačne CD
čiže bolo by možno nejake preinštalovať windows bez straty originalnej licenciie ?

Re: Preventivka T-Bag

Napsal: 03 čer 2016 14:38
od Roli
Ahoj, instalační CD Windows se už pěkných pár let nedává.

To žes aktualizoval z nižší verze systému nevadí.

Většina noťasů má skrytou původní instalačku systému, stačí jí jen vyvolat.

Acer by měl jít při restartu přes ALT + F10 a pak postupovat podle instrukcí.
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz