Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Preventivka

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Lilo
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 19 srp 2016 13:48

Preventivka

#1 Příspěvek od Lilo »

Dobrý den,

prosím o kontrolu laptopu mého kamaráda :)
__________________________________________________________________________________
Logfile of random's system information tool 1.10 (written by random/random)
Run by home at 2016-09-04 01:10:46
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 75 GB (47%) free of 160 GB
Total RAM: 4021 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:29:28, on 04/09/2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18427)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.26\deploy\LoLLauncher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.66\deploy\LoLPatcher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.214\deploy\LolClient.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\home.exe

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: AviraBrowserSafety.BrowserSafety - {c3c77255-42c0-499f-b664-6e981a0b1647} - mscoree.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
O4 - HKLM\..\Run: [Lenovo Smart Fingerprint] "C:\Program Files (x86)\Lenovo\Lenovo Smart Fingerprint\fplmonitor.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [Avira System Speedup User Starter] "C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: zSpeedup.lnk = C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe
O9 - Extra button: ??? ?? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ?&?? ?? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ?&???? ??????? ?? OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: ?&???? ??????? ?? OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Avira Browser Safety - {d8f67242-b229-4065-95fa-391b077ed6ca} - mscoree.dll (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: abs - {E00957BD-D0E1-4EB9-A025-7743FDC8B27B} - mscoree.dll (file missing)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Arc Service (ArcService) - Unknown owner - E:\Arc\ArcService.exe (file missing)
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: Avira Updater Service (AviraUpdaterService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ????? ?????? Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: ????? ?????? Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Avira System Speedup (SpeedupService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update service - Popcorn Time - C:\Program Files (x86)\Popcorn Time\Updater.exe
O23 - Service: Synaptics FP WBF Policy Service (valWBFPolicyService) - Unknown owner - C:\Windows\system32\valWBFPolicyService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - IntelR Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 10592 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\igfxCUIService.exe
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-5527df3d-8df5-41f2-aa12-e5534f4677be -SystemEventPortName:HostProcess-ff94b405-24bb-48a7-a6b6-d1a8b84a069d -IoCancelEventPortName:HostProcess-b010fef9-6342-4e5c-98fd-cf4390a8423b -NonStateChangingEventPortName:HostProcess-b977005f-4c04-486b-bbaf-04ed97239bf4 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:e3a9eabc-d28e-4ce0-aace-a431e6fc4c1b -DeviceGroupId:
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 28784880
\??\C:\Windows\system32\conhost.exe "723890203262498137-901282969197979756414578450621926473472484856986993243586
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\Avira\Antivirus\sched.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Avira\Antivirus\avguard.exe"
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\Avira\Antivirus\avshadow.exe" avshadowcontrol0_00000658
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
"C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
igfxEM.exe
igfxHK.exe
igfxTray.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe" /connectToHost
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\valWBFPolicyService.exe
"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"
"C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe" updateandrun lol_launcher LoLLauncher.exe
LoLLauncher.exe
"C:/Riot Games/League of Legends/RADS/projects/lol_patcher/releases/0.0.0.66/deploy/LoLPatcher.exe" ""
"C:/Riot Games/League of Legends/RADS/projects/lol_air_client/releases/0.0.1.214/deploy//LolClient.exe" "-runtime" ".\\" "-nodebug" "META-INF\AIR\application.xml" ".\\" "--" "8393"

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "http://watch.lolesports.com/en_GB/nalcs ... ifications"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 --no-rate-limit "--database=C:\Users\home\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel=-m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=52.0.2743.116 --handshake-handle=0xe8
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="6240.0.873066292\474725184" --mojo-application-channel-token=51FE94C4E775C4FE59A2E733C5C23775 --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,*PreconnectMore<PreconnectMore,*TranslateUI2016Q2<TranslateUI2016Q2,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/Aggressive/AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/DisallowFetchForDocWrittenScriptsInMainFrame/Default/EnableMediaRouter/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/StandardR7/PasswordBranding/Disabled/*PasswordGeneration/Disabled/PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/PasswordSmartBubble/3-Times/PreconnectMore/Default/*QUIC/EnabledNewRTOJuly/ReportCertificateErrors/ShowAndPossiblySend/ResourcePriorities/Control25PermanentB/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/BiMonthlyPrompt/SSLCommonNameMismatchHandling/Enabled/SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/TranslateUI2016Q2/DefaultTranslateUI2016Q2/TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_17/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_17/*UMA-Uniformity-Trial-50-Percent/group_01/*UMA_CheckStates/Checks/ --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=4,12,13,27,47,55 --gpu-vendor-id=0x8086 --gpu-device-id=0x0a16 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=10.18.14.4156 --gpu-driver-date=3-3-2015 --mojo-platform-channel-handle=1116 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,*PreconnectMore<PreconnectMore,*TranslateUI2016Q2<TranslateUI2016Q2,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/Aggressive/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/PasswordSmartBubble/3-Times/PreconnectMore/Default/*QUIC/EnabledNewRTOJuly/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control25PermanentB/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/BiMonthlyPrompt/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_17/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_17/*UMA-Uniformity-Trial-50-Percent/group_01/*UMA_CheckStates/Checks/ --primordial-pipe-token=54FD0347667FC1D682D12EB0B6ABE747 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --mojo-channel-token=A2608A85B45083BAE6E20964D95120CD --mojo-application-channel-token=F84B4BA55C59840D6580F6BD08287444 --channel="6240.1.509848190\227701602" --mojo-platform-channel-handle=1880 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,*PreconnectMore<PreconnectMore,*TranslateUI2016Q2<TranslateUI2016Q2,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/Aggressive/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/PasswordSmartBubble/3-Times/PreconnectMore/Default/*QUIC/EnabledNewRTOJuly/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control25PermanentB/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/BiMonthlyPrompt/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_17/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_17/*UMA-Uniformity-Trial-50-Percent/group_01/*UMA_CheckStates/Checks/ --primordial-pipe-token=761EF5E7AEB61BCD7998FE5335C3B4ED --lang=en-US --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --mojo-channel-token=A8317F02CE62A01EB3D63302381F5540 --mojo-application-channel-token=447B1D3F6080870C4BABF0F64442E41B --channel="6240.3.500258634\994972988" --mojo-platform-channel-handle=2472 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="6240.4.821358125\2048972495" --ppapi-flash-args --lang=en-US --device-scale-factor=1 --mojo-platform-channel-handle=4404 --ignored=" --type=renderer " /prefetch:3
C:\Windows\system32\wbem\wmiprvse.exe
"D:\Users\home\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-30 473152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3c77255-42c0-499f-b664-6e981a0b1647}]
AviraBrowserSafety.BrowserSafety - C:\Windows\system32\mscoree.dll [2010-11-21 444752]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-30 186944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-03-23 2858152]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [2009-12-17 4367808]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2009-12-17 6988736]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2016-01-29 1340192]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2016-07-26 176952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-06-29 26424960]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2016-08-23 2857248]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Avira SystrayStartTrigger"=C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [2016-08-04 67864]
"avgnt"=C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2016-08-25 831576]
"Lenovo Smart Fingerprint"=C:\Program Files (x86)\Lenovo\Lenovo Smart Fingerprint\fplmonitor.exe [2015-03-26 1761208]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2015-03-24 296216]
"Avira System Speedup User Starter"=C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2016-08-18 18520]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-06-22 598552]

C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
zSpeedup.lnk - C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2016-09-04 01:10:47 ----D---- C:\Program Files\trend micro
2016-09-04 01:10:46 ----D---- C:\rsit
2016-08-30 17:59:01 ----D---- C:\Users\home\AppData\Roaming\java
2016-08-30 17:58:50 ----D---- C:\Users\home\AppData\Roaming\.minecraft
2016-08-30 17:58:13 ----D---- C:\Users\home\AppData\Roaming\Sun
2016-08-30 17:57:44 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2016-08-30 17:57:13 ----D---- C:\ProgramData\Oracle
2016-08-30 17:57:10 ----D---- C:\Program Files (x86)\Java
2016-08-30 17:35:46 ----D---- C:\Windows\system32\appmgmt
2016-08-30 14:33:56 ----D---- C:\Users\home\AppData\Roaming\Azureus
2016-08-26 22:55:30 ----D---- C:\Program Files (x86)\Popcorn Time
2016-08-19 18:25:19 ----A---- C:\Windows\SYSWOW64\tzres.dll
2016-08-19 18:25:19 ----A---- C:\Windows\system32\tzres.dll
2016-08-19 18:24:43 ----A---- C:\Windows\system32\wksprt.exe
2016-08-19 18:24:42 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2016-08-19 18:24:42 ----A---- C:\Windows\system32\mstscax.dll
2016-08-19 18:24:41 ----A---- C:\Windows\SYSWOW64\rdvidcrl.dll
2016-08-19 18:24:41 ----A---- C:\Windows\system32\rdvidcrl.dll
2016-08-19 18:24:40 ----A---- C:\Windows\SYSWOW64\tsgqec.dll
2016-08-19 18:24:40 ----A---- C:\Windows\system32\tsgqec.dll
2016-08-19 18:24:39 ----A---- C:\Windows\system32\win32spl.dll
2016-08-19 18:24:39 ----A---- C:\Windows\system32\localspl.dll
2016-08-19 18:24:38 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2016-08-19 18:24:38 ----A---- C:\Windows\SYSWOW64\ntprint.dll
2016-08-19 18:24:38 ----A---- C:\Windows\system32\ntprint.dll
2016-08-19 18:24:38 ----A---- C:\Windows\system32\inetpp.dll
2016-08-19 18:24:36 ----A---- C:\Windows\SYSWOW64\ntprint.exe
2016-08-19 18:24:36 ----A---- C:\Windows\system32\wpnpinst.exe
2016-08-19 18:24:36 ----A---- C:\Windows\system32\ntprint.exe
2016-08-19 18:24:36 ----A---- C:\Windows\system32\inetppui.dll
2016-08-19 18:24:30 ----A---- C:\Windows\SYSWOW64\schannel.dll
2016-08-19 18:24:30 ----A---- C:\Windows\SYSWOW64\certcli.dll
2016-08-19 18:24:30 ----A---- C:\Windows\system32\schannel.dll
2016-08-19 18:24:30 ----A---- C:\Windows\system32\rpcrt4.dll
2016-08-19 18:24:30 ----A---- C:\Windows\system32\lsasrv.dll
2016-08-19 18:24:30 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-08-19 18:24:30 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-08-19 18:24:30 ----A---- C:\Windows\system32\certcli.dll
2016-08-19 18:24:29 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2016-08-19 18:24:29 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2016-08-19 18:24:29 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2016-08-19 18:24:29 ----A---- C:\Windows\SYSWOW64\secur32.dll
2016-08-19 18:24:29 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2016-08-19 18:24:29 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2016-08-19 18:24:29 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2016-08-19 18:24:29 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2016-08-19 18:24:29 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2016-08-19 18:24:29 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2016-08-19 18:24:29 ----A---- C:\Windows\SYSWOW64\credssp.dll
2016-08-19 18:24:29 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2016-08-19 18:24:29 ----A---- C:\Windows\system32\wdigest.dll
2016-08-19 18:24:29 ----A---- C:\Windows\system32\TSpkg.dll
2016-08-19 18:24:29 ----A---- C:\Windows\system32\sspisrv.dll
2016-08-19 18:24:29 ----A---- C:\Windows\system32\sspicli.dll
2016-08-19 18:24:29 ----A---- C:\Windows\system32\secur32.dll
2016-08-19 18:24:29 ----A---- C:\Windows\system32\rpchttp.dll
2016-08-19 18:24:29 ----A---- C:\Windows\system32\ncrypt.dll
2016-08-19 18:24:29 ----A---- C:\Windows\system32\msv1_0.dll
2016-08-19 18:24:29 ----A---- C:\Windows\system32\lsass.exe
2016-08-19 18:24:29 ----A---- C:\Windows\system32\kerberos.dll
2016-08-19 18:24:29 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-08-19 18:24:29 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-08-19 18:24:29 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-08-19 18:24:29 ----A---- C:\Windows\system32\cryptbase.dll
2016-08-19 18:24:29 ----A---- C:\Windows\system32\credssp.dll
2016-08-19 18:24:29 ----A---- C:\Windows\system32\auditpol.exe
2016-08-19 18:24:29 ----A---- C:\Windows\system32\adtschema.dll
2016-08-19 18:24:28 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2016-08-19 18:24:28 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2016-08-19 18:24:28 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2016-08-19 18:24:28 ----A---- C:\Windows\system32\msobjs.dll
2016-08-19 18:24:28 ----A---- C:\Windows\system32\msaudite.dll
2016-08-19 18:24:20 ----A---- C:\Windows\system32\TSWbPrxy.exe
2016-08-19 18:23:57 ----A---- C:\Windows\system32\rdpudd.dll
2016-08-19 18:23:57 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-08-19 18:23:57 ----A---- C:\Windows\system32\rdpcorets.dll
2016-08-19 18:23:09 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2016-08-19 18:23:09 ----A---- C:\Windows\SYSWOW64\inseng.dll
2016-08-19 18:23:09 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2016-08-19 18:23:09 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2016-08-19 18:23:09 ----A---- C:\Windows\system32\iernonce.dll
2016-08-19 18:23:09 ----A---- C:\Windows\system32\ieetwproxystub.dll
2016-08-19 18:23:09 ----A---- C:\Windows\system32\ieetwcollector.exe
2016-08-19 18:23:08 ----A---- C:\Windows\SYSWOW64\occache.dll
2016-08-19 18:23:08 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2016-08-19 18:23:08 ----A---- C:\Windows\system32\ie4uinit.exe
2016-08-19 18:23:07 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2016-08-19 18:23:07 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2016-08-19 18:23:07 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2016-08-19 18:23:07 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2016-08-19 18:23:07 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2016-08-19 18:23:07 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2016-08-19 18:23:07 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2016-08-19 18:23:07 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-19 18:23:07 ----A---- C:\Windows\system32\inseng.dll
2016-08-19 18:23:05 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2016-08-19 18:23:05 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2016-08-19 18:23:05 ----A---- C:\Windows\system32\occache.dll
2016-08-19 18:23:04 ----A---- C:\Windows\SYSWOW64\jscript.dll
2016-08-19 18:23:04 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2016-08-19 18:23:04 ----A---- C:\Windows\system32\urlmon.dll
2016-08-19 18:23:04 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2016-08-19 18:23:04 ----A---- C:\Windows\system32\iedkcs32.dll
2016-08-19 18:23:03 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2016-08-19 18:23:03 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2016-08-19 18:23:03 ----A---- C:\Windows\SYSWOW64\ieui.dll
2016-08-19 18:23:03 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2016-08-19 18:23:03 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-19 18:23:03 ----A---- C:\Windows\system32\dxtrans.dll
2016-08-19 18:23:02 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2016-08-19 18:23:02 ----A---- C:\Windows\system32\msfeeds.dll
2016-08-19 18:23:02 ----A---- C:\Windows\system32\iesetup.dll
2016-08-19 18:23:01 ----A---- C:\Windows\system32\ieapfltr.dll
2016-08-19 18:23:00 ----A---- C:\Windows\system32\iertutil.dll
2016-08-19 18:22:59 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2016-08-19 18:22:59 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2016-08-19 18:22:59 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2016-08-19 18:22:59 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2016-08-19 18:22:59 ----A---- C:\Windows\system32\vbscript.dll
2016-08-19 18:22:58 ----A---- C:\Windows\SYSWOW64\wininet.dll
2016-08-19 18:22:58 ----A---- C:\Windows\SYSWOW64\msrating.dll
2016-08-19 18:22:58 ----A---- C:\Windows\system32\jsproxy.dll
2016-08-19 18:22:57 ----A---- C:\Windows\system32\ieui.dll
2016-08-19 18:22:57 ----A---- C:\Windows\system32\ieframe.dll
2016-08-19 18:22:57 ----A---- C:\Windows\system32\dxtmsft.dll
2016-08-19 18:22:56 ----A---- C:\Windows\system32\mshtmlmedia.dll
2016-08-19 18:22:56 ----A---- C:\Windows\system32\mshtmled.dll
2016-08-19 18:22:56 ----A---- C:\Windows\system32\ieUnatt.exe
2016-08-19 18:22:55 ----A---- C:\Windows\system32\webcheck.dll
2016-08-19 18:22:55 ----A---- C:\Windows\system32\jscript9diag.dll
2016-08-19 18:22:55 ----A---- C:\Windows\system32\jscript.dll
2016-08-19 18:22:54 ----A---- C:\Windows\system32\wininet.dll
2016-08-19 18:22:54 ----A---- C:\Windows\system32\jscript9.dll
2016-08-19 18:22:53 ----A---- C:\Windows\system32\msrating.dll
2016-08-19 18:22:53 ----A---- C:\Windows\system32\MshtmlDac.dll
2016-08-19 18:22:52 ----A---- C:\Windows\system32\mshtml.dll
2016-08-19 18:10:31 ----A---- C:\Windows\system32\win32k.sys
2016-08-19 15:45:47 ----A---- C:\Windows\ntbtlog.txt
2016-08-19 15:37:06 ----D---- C:\Users\home\AppData\Roaming\Avira
2016-08-19 15:36:42 ----D---- C:\Users\home\AppData\Roaming\Mozilla
2016-08-19 15:32:34 ----A---- C:\Windows\system32\drivers\avnetflt.sys
2016-08-19 15:32:33 ----A---- C:\Windows\system32\drivers\avkmgr.sys
2016-08-19 15:32:33 ----A---- C:\Windows\system32\drivers\avipbb.sys
2016-08-19 15:32:33 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2016-08-19 15:25:50 ----D---- C:\Program Files (x86)\Avira
2016-08-19 15:25:38 ----D---- C:\ProgramData\Avira
2016-08-19 14:54:10 ----A---- C:\autoexec.bat
2016-08-19 14:53:29 ----D---- C:\Users\home\AppData\Roaming\Enigma Software Group
2016-08-19 14:51:14 ----A---- C:\Windows\system32\drivers\EsgScanner.sys
2016-08-19 14:28:48 ----A---- C:\Windows\system32\roboot64.exe
2016-08-19 14:28:43 ----D---- C:\Users\home\AppData\Roaming\Solvusoft
2016-08-19 14:11:16 ----D---- C:\ProgramData\Malwarebytes
2016-08-19 13:52:25 ----D---- C:\Users\home\AppData\Roaming\QuickScan
2016-08-18 02:52:23 ----A---- C:\Windows\SYSWOW64\Setup.exe
2016-08-18 02:28:42 ----D---- C:\Users\home\AppData\Roaming\uTorrent
2016-08-14 22:41:08 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-08-14 22:40:48 ----D---- C:\Windows\system32\Macromed
2016-08-14 22:40:09 ----D---- C:\Windows\SYSWOW64\Macromed
2016-08-10 00:29:38 ----D---- C:\Users\home\AppData\Roaming\breedingseason
2016-08-10 00:29:33 ----D---- C:\Program Files (x86)\Breeding Season
2016-08-05 20:06:29 ----D---- C:\Program Files (x86)\iTunes
2016-08-05 20:06:27 ----D---- C:\Program Files\iPod
2016-08-05 20:06:25 ----D---- C:\Program Files\iTunes
2016-07-14 03:50:47 ----D---- C:\Users\home\AppData\Roaming\ifonebox
2016-07-12 00:20:38 ----HD---- C:\$WINDOWS.~BT
2016-07-05 22:45:54 ----A---- C:\Windows\system32\TsUsbGDCoInstaller.dll
2016-07-05 22:45:49 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2016-07-05 22:45:49 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2016-07-05 22:45:49 ----A---- C:\Windows\system32\drivers\TsUsbFlt.sys
2016-07-05 22:45:48 ----A---- C:\Windows\SYSWOW64\wksprtPS.dll
2016-07-05 22:45:48 ----A---- C:\Windows\system32\wksprtPS.dll
2016-07-05 22:45:47 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2016-07-05 22:45:47 ----A---- C:\Windows\SYSWOW64\MsRdpWebAccess.dll
2016-07-05 22:45:47 ----A---- C:\Windows\system32\MsRdpWebAccess.dll
2016-07-05 22:45:46 ----A---- C:\Windows\system32\mstsc.exe
2016-07-05 22:38:24 ----A---- C:\Windows\system32\drivers\TsUsbGD.sys
2016-07-05 22:38:24 ----A---- C:\Windows\system32\drivers\rdpvideominiport.sys
2016-07-05 22:38:22 ----A---- C:\Windows\SYSWOW64\rdpendp_winip.dll
2016-07-05 22:38:21 ----A---- C:\Windows\system32\rdpendp_winip.dll
2016-07-05 22:32:53 ----D---- C:\Program Files\Microsoft Silverlight
2016-07-05 22:32:52 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2016-07-05 22:30:50 ----A---- C:\Windows\system32\icaapi.dll
2016-07-05 22:30:48 ----A---- C:\Windows\system32\drivers\tssecsrv.sys
2016-07-05 22:29:48 ----A---- C:\Windows\system32\wuapp.exe
2016-07-05 22:29:47 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2016-07-05 22:29:47 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2016-07-05 22:29:47 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2016-07-05 22:29:47 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2016-07-05 22:29:47 ----A---- C:\Windows\system32\wudriver.dll
2016-07-05 22:29:47 ----A---- C:\Windows\system32\wucltux.dll
2016-07-05 22:29:47 ----A---- C:\Windows\system32\wuauclt.exe
2016-07-05 22:29:47 ----A---- C:\Windows\system32\WinSetupUI.dll
2016-07-05 22:29:46 ----A---- C:\Windows\SYSWOW64\wups.dll
2016-07-05 22:29:46 ----A---- C:\Windows\system32\wuwebv.dll
2016-07-05 22:29:46 ----A---- C:\Windows\system32\wups2.dll
2016-07-05 22:29:46 ----A---- C:\Windows\system32\wups.dll
2016-07-05 22:29:46 ----A---- C:\Windows\system32\wuaueng.dll
2016-07-05 22:29:46 ----A---- C:\Windows\system32\wuapi.dll
2016-07-05 22:29:46 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2016-07-05 22:29:46 ----A---- C:\Windows\system32\ntdll.dll
2016-07-05 22:29:45 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2016-07-05 22:29:45 ----A---- C:\Windows\system32\msi.dll
2016-07-05 22:29:44 ----A---- C:\Windows\SYSWOW64\olepro32.dll
2016-07-05 22:29:44 ----A---- C:\Windows\system32\msiexec.exe
2016-07-05 22:29:43 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2016-07-05 22:29:42 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-07-05 22:29:42 ----A---- C:\Windows\system32\consent.exe
2016-07-05 22:29:41 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2016-07-05 22:29:41 ----A---- C:\Windows\SYSWOW64\msiexec.exe
2016-07-05 22:29:41 ----A---- C:\Windows\SYSWOW64\msi.dll
2016-07-05 22:29:39 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2016-07-05 22:29:39 ----A---- C:\Windows\system32\oleaut32.dll
2016-07-05 22:29:37 ----A---- C:\Windows\system32\smss.exe
2016-07-05 22:29:37 ----A---- C:\Windows\system32\kernel32.dll
2016-07-05 22:29:37 ----A---- C:\Windows\system32\authui.dll
2016-07-05 22:29:37 ----A---- C:\Windows\system32\advapi32.dll
2016-07-05 22:29:36 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2016-07-05 22:29:35 ----A---- C:\Windows\system32\wow64win.dll
2016-07-05 22:29:35 ----A---- C:\Windows\system32\winsrv.dll
2016-07-05 22:29:35 ----A---- C:\Windows\system32\srcore.dll
2016-07-05 22:29:35 ----A---- C:\Windows\system32\KernelBase.dll
2016-07-05 22:29:34 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2016-07-05 22:29:34 ----A---- C:\Windows\SYSWOW64\authui.dll
2016-07-05 22:29:34 ----A---- C:\Windows\system32\wow64.dll
2016-07-05 22:29:34 ----A---- C:\Windows\system32\msihnd.dll
2016-07-05 22:29:34 ----A---- C:\Windows\system32\conhost.exe
2016-07-05 22:29:33 ----A---- C:\Windows\system32\csrsrv.dll
2016-07-05 22:29:33 ----A---- C:\Windows\system32\appinfo.dll
2016-07-05 22:29:32 ----A---- C:\Windows\system32\wow64cpu.dll
2016-07-05 22:29:32 ----A---- C:\Windows\system32\drivers\appid.sys
2016-07-05 22:29:31 ----A---- C:\Windows\SYSWOW64\msihnd.dll
2016-07-05 22:29:31 ----A---- C:\Windows\system32\srclient.dll
2016-07-05 22:29:31 ----A---- C:\Windows\system32\setbcdlocale.dll
2016-07-05 22:29:31 ----A---- C:\Windows\system32\appidapi.dll
2016-07-05 22:29:30 ----A---- C:\Windows\SYSWOW64\srclient.dll
2016-07-05 22:29:30 ----A---- C:\Windows\system32\rstrui.exe
2016-07-05 22:29:30 ----A---- C:\Windows\system32\asycfilt.dll
2016-07-05 22:29:30 ----A---- C:\Windows\system32\appidsvc.dll
2016-07-05 22:29:30 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2016-07-05 22:29:29 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2016-07-05 22:29:29 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2016-07-05 22:29:29 ----A---- C:\Windows\system32\ntvdm64.dll
2016-07-05 22:29:27 ----A---- C:\Windows\SYSWOW64\asycfilt.dll
2016-07-05 22:29:26 ----A---- C:\Windows\SYSWOW64\wow32.dll
2016-07-05 22:29:26 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2016-07-05 22:29:26 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2016-07-05 22:29:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-07-05 22:29:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-07-05 22:29:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-07-05 22:29:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2016-07-05 22:29:25 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-07-05 22:29:25 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-07-05 22:29:25 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-07-05 22:29:25 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-07-05 22:29:25 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-07-05 22:29:25 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-07-05 22:29:25 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-07-05 22:29:25 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-07-05 22:29:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-07-05 22:29:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-07-05 22:29:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-07-05 22:29:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-07-05 22:29:24 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-07-05 22:29:24 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-07-05 22:29:24 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-07-05 22:29:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-07-05 22:29:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-07-05 22:29:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-07-05 22:29:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-07-05 22:29:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2016-07-05 22:29:23 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-07-05 22:29:23 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-07-05 22:29:23 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-07-05 22:29:23 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-07-05 22:29:23 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-07-05 22:29:23 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-07-05 22:29:23 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-07-05 22:29:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2016-07-05 22:29:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-07-05 22:29:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-07-05 22:29:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2016-07-05 22:29:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-07-05 22:29:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-07-05 22:29:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-07-05 22:29:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-07-05 22:29:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-07-05 22:29:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-07-05 22:29:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-07-05 22:29:22 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-07-05 22:29:22 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-07-05 22:29:22 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-07-05 22:29:22 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-07-05 22:29:22 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-07-05 22:29:22 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-07-05 22:29:22 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-07-05 22:29:22 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-07-05 22:29:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2016-07-05 22:29:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-07-05 22:29:21 ----A---- C:\Windows\SYSWOW64\setup16.exe
2016-07-05 22:29:20 ----A---- C:\Windows\SYSWOW64\instnm.exe
2016-07-05 22:29:20 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2016-07-05 22:29:20 ----A---- C:\Windows\system32\apisetschema.dll
2016-07-05 22:29:19 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-07-05 22:29:19 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2016-07-05 22:29:19 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-07-05 22:29:19 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-07-05 22:29:18 ----A---- C:\Windows\SYSWOW64\user.exe
2016-07-05 22:29:14 ----A---- C:\Windows\SYSWOW64\msimsg.dll
2016-07-05 22:29:14 ----A---- C:\Windows\system32\msimsg.dll
2016-07-05 22:27:31 ----A---- C:\Windows\SYSWOW64\nlsbres.dll
2016-07-05 22:27:31 ----A---- C:\Windows\SYSWOW64\KBDAZE.DLL
2016-07-05 22:27:31 ----A---- C:\Windows\system32\nlsbres.dll
2016-07-05 22:27:31 ----A---- C:\Windows\system32\KBDAZE.DLL
2016-07-05 22:27:30 ----A---- C:\Windows\SYSWOW64\kbdgeoqw.dll
2016-07-05 22:27:30 ----A---- C:\Windows\SYSWOW64\KBDAZEL.DLL
2016-07-05 22:27:30 ----A---- C:\Windows\system32\kbdgeoqw.dll
2016-07-05 22:27:30 ----A---- C:\Windows\system32\KBDAZEL.DLL
2016-07-05 22:21:36 ----A---- C:\Windows\system32\appraiser.dll
2016-07-05 22:21:36 ----A---- C:\Windows\system32\aeinv.dll
2016-07-05 22:21:35 ----A---- C:\Windows\system32\invagent.dll
2016-07-05 22:21:35 ----A---- C:\Windows\system32\devinv.dll
2016-07-05 22:21:35 ----A---- C:\Windows\system32\centel.dll
2016-07-05 22:21:35 ----A---- C:\Windows\system32\aepic.dll
2016-07-05 22:21:34 ----A---- C:\Windows\system32\generaltel.dll
2016-07-05 22:21:32 ----A---- C:\Windows\system32\CompatTelRunner.exe
2016-07-05 22:21:31 ----A---- C:\Windows\system32\acmigration.dll
2016-06-28 22:55:04 ----D---- C:\Users\home\AppData\Roaming\kingdom_rush_frontiers
2016-06-15 23:21:51 ----A---- C:\Windows\system32\drivers\srv2.sys
2016-06-15 23:21:51 ----A---- C:\Windows\system32\drivers\srv.sys
2016-06-15 23:21:51 ----A---- C:\Windows\system32\drivers\cng.sys
2016-06-15 23:21:50 ----A---- C:\Windows\SYSWOW64\bcryptprimitives.dll
2016-06-15 23:21:50 ----A---- C:\Windows\system32\drivers\srvnet.sys
2016-06-15 23:21:50 ----A---- C:\Windows\system32\bcryptprimitives.dll
2016-06-15 23:21:23 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2016-06-15 23:21:23 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2016-06-15 23:21:23 ----A---- C:\Windows\system32\lpk.dll
2016-06-15 23:21:23 ----A---- C:\Windows\system32\fontsub.dll
2016-06-15 23:21:23 ----A---- C:\Windows\system32\dciman32.dll
2016-06-15 23:21:23 ----A---- C:\Windows\system32\atmfd.dll
2016-06-15 23:21:22 ----A---- C:\Windows\SYSWOW64\lpk.dll
2016-06-15 23:21:22 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2016-06-15 23:21:22 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2016-06-15 23:21:22 ----A---- C:\Windows\system32\atmlib.dll
2016-06-15 23:21:21 ----A---- C:\Windows\SYSWOW64\StructuredQuery.dll
2016-06-15 23:21:21 ----A---- C:\Windows\system32\StructuredQuery.dll
2016-06-15 23:21:17 ----A---- C:\Windows\system32\ws2_32.dll
2016-06-15 23:21:17 ----A---- C:\Windows\system32\mswsock.dll
2016-06-15 23:21:16 ----A---- C:\Windows\SYSWOW64\ws2_32.dll
2016-06-15 23:21:16 ----A---- C:\Windows\SYSWOW64\winhttp.dll
2016-06-15 23:21:16 ----A---- C:\Windows\SYSWOW64\netbtugc.exe
2016-06-15 23:21:16 ----A---- C:\Windows\SYSWOW64\mswsock.dll
2016-06-15 23:21:16 ----A---- C:\Windows\system32\winhttp.dll
2016-06-15 23:21:16 ----A---- C:\Windows\system32\netbtugc.exe
2016-06-15 23:21:16 ----A---- C:\Windows\system32\drivers\netbt.sys
2016-06-15 23:21:11 ----A---- C:\Windows\SYSWOW64\gpprefcl.dll
2016-06-15 23:21:11 ----A---- C:\Windows\system32\polstore.dll
2016-06-15 23:21:11 ----A---- C:\Windows\system32\IPSECSVC.DLL
2016-06-15 23:21:11 ----A---- C:\Windows\system32\gpsvc.dll
2016-06-15 23:21:11 ----A---- C:\Windows\system32\gpprefcl.dll
2016-06-15 23:21:10 ----A---- C:\Windows\SYSWOW64\winipsec.dll
2016-06-15 23:21:10 ----A---- C:\Windows\SYSWOW64\polstore.dll
2016-06-15 23:21:10 ----A---- C:\Windows\SYSWOW64\gpscript.exe
2016-06-15 23:21:10 ----A---- C:\Windows\SYSWOW64\gpscript.dll
2016-06-15 23:21:10 ----A---- C:\Windows\SYSWOW64\gpapi.dll
2016-06-15 23:21:10 ----A---- C:\Windows\SYSWOW64\FwRemoteSvr.dll
2016-06-15 23:21:10 ----A---- C:\Windows\system32\winipsec.dll
2016-06-15 23:21:10 ----A---- C:\Windows\system32\gpscript.exe
2016-06-15 23:21:10 ----A---- C:\Windows\system32\gpscript.dll
2016-06-15 23:21:10 ----A---- C:\Windows\system32\gpapi.dll
2016-06-15 23:21:10 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 23:20:53 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2016-06-15 23:20:53 ----A---- C:\Windows\system32\gdi32.dll
2016-06-15 23:20:52 ----A---- C:\Windows\SYSWOW64\webio.dll
2016-06-15 23:20:52 ----A---- C:\Windows\system32\webio.dll
2016-06-15 23:20:49 ----A---- C:\Windows\system32\shell32.dll
2016-06-15 23:20:47 ----A---- C:\Windows\explorer.exe
2016-06-15 23:20:45 ----A---- C:\Windows\SYSWOW64\shell32.dll
2016-06-15 23:20:44 ----A---- C:\Windows\SYSWOW64\ExplorerFrame.dll
2016-06-15 23:20:44 ----A---- C:\Windows\SYSWOW64\explorer.exe
2016-06-15 23:20:44 ----A---- C:\Windows\system32\ExplorerFrame.dll
2016-06-05 21:35:01 ----D---- C:\Users\home\AppData\Roaming\BrawlhallaAir

======List of files/folders modified in the last 3 months======

2016-09-04 01:10:56 ----D---- C:\Windows\Temp
2016-09-04 01:10:47 ----RD---- C:\Program Files
2016-09-04 00:22:54 ----D---- C:\Windows\system32\config
2016-09-03 21:06:36 ----D---- C:\Users\home\AppData\Roaming\Skype
2016-09-03 21:06:05 ----D---- C:\Program Files (x86)\Steam
2016-09-03 21:05:34 ----D---- C:\ProgramData\Validity
2016-09-02 13:54:26 ----D---- C:\Windows\system32\NDF
2016-09-01 08:56:45 ----SHD---- C:\System Volume Information
2016-08-30 17:58:24 ----SHD---- C:\Windows\Installer
2016-08-30 17:58:24 ----SHD---- C:\Config.Msi
2016-08-30 17:58:24 ----D---- C:\Program Files (x86)\Common Files
2016-08-30 17:57:44 ----D---- C:\Windows\SysWOW64
2016-08-30 17:57:13 ----HD---- C:\ProgramData
2016-08-30 17:57:10 ----RD---- C:\Program Files (x86)
2016-08-30 17:35:46 ----D---- C:\Windows\System32
2016-08-26 22:54:43 ----D---- C:\Windows\inf
2016-08-26 22:54:43 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-08-24 00:51:35 ----D---- C:\Windows\Microsoft.NET
2016-08-23 23:52:28 ----RSD---- C:\Windows\assembly
2016-08-23 22:42:07 ----D---- C:\Windows\system32\Tasks
2016-08-23 13:58:51 ----D---- C:\ProgramData\Microsoft Help
2016-08-22 21:36:57 ----D---- C:\Windows\winsxs
2016-08-21 03:50:40 ----D---- C:\Program Files\Google
2016-08-21 03:50:40 ----D---- C:\Program Files (x86)\Google
2016-08-21 03:49:21 ----D---- C:\Windows\SYSWOW64\he-IL
2016-08-21 03:49:21 ----D---- C:\Windows\SYSWOW64\en-US
2016-08-21 03:49:21 ----D---- C:\Windows\system32\he-IL
2016-08-21 03:49:21 ----D---- C:\Windows\system32\en-US
2016-08-21 03:49:17 ----D---- C:\Windows\system32\drivers
2016-08-21 03:49:17 ----D---- C:\Windows\AppPatch
2016-08-21 03:49:16 ----D---- C:\Program Files\Internet Explorer
2016-08-21 03:49:11 ----D---- C:\Program Files (x86)\Internet Explorer
2016-08-21 03:18:25 ----D---- C:\Windows\system32\MRT
2016-08-21 03:11:21 ----AC---- C:\Windows\system32\MRT.exe
2016-08-19 18:21:19 ----D---- C:\Windows\system32\catroot2
2016-08-19 16:32:05 ----D---- C:\Windows\system32\DriverStore
2016-08-19 16:27:08 ----D---- C:\Windows\Minidump
2016-08-19 16:27:08 ----D---- C:\Windows
2016-08-19 16:22:58 ----D---- C:\Windows\Prefetch
2016-08-19 15:39:46 ----RSD---- C:\Windows\Fonts
2016-08-19 15:24:22 ----D---- C:\ProgramData\Package Cache
2016-08-19 14:49:35 ----D---- C:\Windows\Tasks
2016-08-14 22:41:30 ----D---- C:\Windows\Downloaded Program Files
2016-08-10 00:29:37 ----D---- C:\ProgramData\Adobe
2016-08-10 00:29:30 ----D---- C:\Program Files (x86)\Adobe
2016-08-10 00:29:00 ----D---- C:\Users\home\AppData\Roaming\Adobe
2016-08-08 03:49:46 ----SD---- C:\Users\home\AppData\Roaming\Microsoft
2016-08-05 20:06:26 ----D---- C:\Program Files\Common Files\Apple
2016-07-27 22:25:34 ----N---- C:\Windows\system32\MpSigStub.exe
2016-07-27 19:15:43 ----RD---- C:\Program Files (x86)\Skype
2016-07-27 19:15:35 ----D---- C:\ProgramData\Skype
2016-07-12 00:20:47 ----D---- C:\Windows\Panther
2016-07-10 12:08:32 ----SD---- C:\Windows\system32\Microsoft
2016-07-05 23:44:52 ----D---- C:\Windows\SYSWOW64\wbem
2016-07-05 23:44:52 ----D---- C:\Windows\system32\wbem
2016-07-05 23:44:52 ----D---- C:\Windows\system32\drivers\en-US
2016-07-05 23:44:52 ----D---- C:\Windows\PolicyDefinitions
2016-07-05 23:44:52 ----D---- C:\Program Files\Windows Journal
2016-07-05 23:44:48 ----D---- C:\Windows\system32\Boot
2016-07-05 23:44:47 ----D---- C:\Windows\system32\appraiser
2016-07-05 22:34:14 ----SD---- C:\ProgramData\Microsoft
2016-06-26 09:23:47 ----D---- C:\Windows\Logs
2016-06-18 03:51:58 ----D---- C:\Windows\en-US
2016-06-18 03:51:57 ----D---- C:\Windows\he-IL

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2015-03-24 22800]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2015-11-13 289120]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2016-07-18 145984]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2016-07-18 28600]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2016-07-18 171752]
R2 avnetflt;avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [2016-07-18 79696]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\Windows\system32\DRIVERS\AcpiVpc.sys [2009-10-19 28176]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;התקן Bluetooth (רשת תקשורת אישית); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2015-03-06 4877240]
R3 iusb3hub;מנהל התקן רכזת ל- USB 3.0 של Intel(R)‎; C:\Windows\system32\DRIVERS\iusb3hub.sys [2015-03-24 390416]
R3 iusb3xhc;מנהל התקן של בקר מארח בר-הרחבה ל- USB 3.0 של Intel(R)‎; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2015-03-24 800016]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2013-12-20 99288]
R3 NETwNs64;___ מנהל התקן של מתאם Intel(R) Wireless עבור Windows 7 64 Bit; C:\Windows\system32\DRIVERS\Netwsw02.sys [2015-01-20 3437848]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2015-11-13 133816]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
R3 RFCOMM;התקן Bluetooth ‏(RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2015-01-15 977624]
R3 rtsuvc;Lenovo EasyCamera; C:\Windows\system32\DRIVERS\rtsuvc.sys [2014-12-22 2981080]
R3 SmbDrvI;SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [2015-03-23 31400]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2015-03-23 580776]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-21 41984]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 EsgScanner;EsgScanner; C:\Windows\system32\DRIVERS\EsgScanner.sys [2016-08-19 22704]
S3 IntcDAud;שמע תצוגת Intel(R)‎‎‎; C:\Windows\system32\DRIVERS\IntcDAud.sys [2015-03-06 455440]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUVStor.sys [2015-01-08 334040]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2015-11-05 54784]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-06-25 82128]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\Antivirus\sched.exe [2016-08-25 470600]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [2016-08-25 470600]
R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-03-02 83768]
R2 Avira.ServiceHost;Avira Service Host; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [2016-08-04 320672]
R2 AviraUpdaterService;Avira Updater Service; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [2016-08-23 26760]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2015-08-12 462096]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2014-11-19 638368]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\Windows\system32\igfxCUIService.exe [2015-03-06 344168]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2016-01-29 23808]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2014-11-19 157088]
R2 SpeedupService;Avira System Speedup; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [2016-08-18 27632]
R2 valWBFPolicyService;Synaptics FP WBF Policy Service; C:\Windows\system32\valWBFPolicyService.exe [2014-09-01 49040]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2016-07-26 651576]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-01-29 374344]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 AntiVirMailService;Avira Mail Protection; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [2016-08-25 988184]
S2 AntiVirWebService;Avira Web Protection; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [2016-08-25 1453696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-05 125112]
S2 gupdate;שירות ‏עדכון Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-24 107848]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-05-23 324224]
S2 Update service;Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [2016-08-03 339968]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 ArcService;Arc Service; E:\Arc\ArcService.exe []
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2015-03-06 279144]
S3 gupdatem;שירות ‏עדכון Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-24 107848]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-08-02 114688]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 50942144]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2014-11-19 268192]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-08-23 1465120]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2015-11-30 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-11-05 51376]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]

-----------------EOF-----------------
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Preventivka

#2 Příspěvek od Márty84 »

Zdravim :)

:???: Jde ciste jen o prevenci, nebo je i nejaky problem?

:arrow: Bezi tam dva antiviry - Avira a MSE. Jeden odinstalujte.

:arrow: Stahnete crystal disk info http://www.slunecnice.cz/sw/crystaldiskinfo/
Nainstalujte (pozor na pripadne doplnky, ty odmitnete zrusenim zatrzitka) a spustte jako spravce. Za chvili se zobrazi vysledek.
Kliknete nahore na napis Úpravy a pak na napis Kopírovat. To co se zkopiruje (ulozi se to do pameti) mi sem vlozte (ctrl + V)

:arrow: Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Lilo
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 19 srp 2016 13:48

Re: Preventivka

#3 Příspěvek od Lilo »

Žádný závažnější problém se neobjevil. Laptop běží bez problémů :)

Logy: CrystalDiskInfo
----------------------------------------------------------------------------
CrystalDiskInfo 7.0.3 (C) 2008-2016 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Professional SP1 [6.1 Build 7601] (x64)
Date : 2016/09/04 11:13:08

-- Controller Map ----------------------------------------------------------
+ Intel(R) 8 Series SATA Controller 1 (AHCI) - 9C03 [ATA]
+ ATA Channel 0 (0)
- WDC WD5000LPCX-24C6HT0 ATA Device

-- Disk List ---------------------------------------------------------------
(1) WDC WD5000LPCX-24C6HT0 : 500.1 GB [0/0/0, pd1] - wd

----------------------------------------------------------------------------
(1) WDC WD5000LPCX-24C6HT0
----------------------------------------------------------------------------
Model : WDC WD5000LPCX-24C6HT0
Firmware : 02.01A02
Serial Number : WD-WX11A853AJY1
Disk Size : 500.1 GB (8.4/137.4/500.1/500.1)
Buffer Size : 16384 KB
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ACS-2
Minor Version : ----
Transfer Mode : SATA/600 | SATA/600
Power On Hours : 1667 hours
Power On Count : 1015 count
Temperature : 37 C (98 F)
Health Status : Good
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 0060h [ON]
AAM Level : ----
Drive Letter : C: D:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 000000000000 Read Error Rate
03 152 143 _21 00000000054E Spin-Up Time
04 _81 _81 __0 000000004D0B Start/Stop Count
05 200 200 140 000000000000 Reallocated Sectors Count
07 200 200 _51 000000000000 Seek Error Rate
09 _98 _98 __0 000000000683 Power-On Hours
0A 100 100 __0 000000000000 Spin Retry Count
0B 100 100 __0 000000000000 Recalibration Retries
0C _99 _99 __0 0000000003F7 Power Cycle Count
C0 200 200 __0 000000000011 Power-off Retract Count
C1 185 185 __0 00000000BB07 Load/Unload Cycle Count
C2 106 _97 __0 000000000025 Temperature
C4 200 200 __0 000000000000 Reallocation Event Count
C5 200 200 __0 000000000000 Current Pending Sector Count
C6 100 253 __0 000000000000 Uncorrectable Sector Count
C7 200 200 __0 000000000000 UltraDMA CRC Error Count
C8 100 253 __0 000000000000 Write Error Rate
F0 _99 _99 __0 00000000058D Head Flying Hours

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 427A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2057 442D 5758 3131 4138 3533 414A 5931
020: 0000 8000 0000 3032 2E30 3141 3032 5744 4320 5744
030: 3530 3030 4C50 4358 2D32 3443 3648 5430 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0000 0000 0007 3FFF 0010 003F FC10 00FB 0100
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F FF0E 0006 004C 0040
080: 03FE 0000 346B 7D29 6123 3469 BC09 6123 407F 002F
090: 002F 0060 FFFE 0000 0000 0000 0000 0000 0000 0000
100: 6030 3A38 0000 0000 0000 0000 6003 0000 5001 4EE6
110: 0609 42A9 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 0400
130: 0001 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0004 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 7035 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 103E 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 1000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 EBA5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2F 00 C8 C8 00 00 00 00 00 00 00 03 27
010: 00 98 8F 4E 05 00 00 00 00 00 04 32 00 51 51 0B
020: 4D 00 00 00 00 00 05 33 00 C8 C8 00 00 00 00 00
030: 00 00 07 2F 00 C8 C8 00 00 00 00 00 00 00 09 32
040: 00 62 62 83 06 00 00 00 00 00 0A 32 00 64 64 00
050: 00 00 00 00 00 00 0B 32 00 64 64 00 00 00 00 00
060: 00 00 0C 32 00 63 63 F7 03 00 00 00 00 00 C0 32
070: 00 C8 C8 11 00 00 00 00 00 00 C1 32 00 B9 B9 07
080: BB 00 00 00 00 00 C2 22 00 6A 61 25 00 00 00 00
090: 00 00 C4 32 00 C8 C8 00 00 00 00 00 00 00 C5 32
0A0: 00 C8 C8 00 00 00 00 00 00 00 C6 30 00 64 FD 00
0B0: 00 00 00 00 00 00 C7 32 00 C8 C8 00 00 00 00 00
0C0: 00 00 C8 08 00 64 FD 00 00 00 00 00 00 00 F0 32
0D0: 00 63 63 8D 05 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 B0 22 01 7B
170: 03 00 01 00 02 67 05 00 00 00 00 00 00 00 00 00
180: 00 00 01 02 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 56

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 33 C8 C8 00 00 00 00 00 00 00 00 03 15
010: 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00
020: 00 00 00 00 00 00 05 8C 00 00 00 00 00 00 00 00
030: 00 00 07 33 C8 C8 00 00 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 00 00 00 00 00
050: 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 00 00
060: 00 00 0C 00 00 00 00 00 00 00 00 00 00 00 C0 00
070: 00 00 00 00 00 00 00 00 00 00 C1 00 00 00 00 00
080: 00 00 00 00 00 00 C2 00 00 00 00 00 00 00 00 00
090: 00 00 C4 00 00 00 00 00 00 00 00 00 00 00 C5 00
0A0: 00 00 00 00 00 00 00 00 00 00 C6 00 00 00 00 00
0B0: 00 00 00 00 00 00 C7 00 00 00 00 00 00 00 00 00
0C0: 00 00 C8 00 00 00 00 00 00 00 00 00 00 00 F0 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7A

_____________________________________________________________________________________

AdwCleaner

# AdwCleaner v6.010 - Logfile created 04/09/2016 at 11:27:02
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-09-03.2 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : home - HOME-PC
# Running from : D:\Users\home\Downloads\adwcleaner_6.010.exe
# Mode: Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

[-] Service deleted: Update service

***** [ Folders ] *****

[-] Folder deleted: C:\Users\home\AppData\Roaming\Solvusoft
[-] Folder deleted: C:\Users\home\AppData\Local\VirtualStore\Program Files (x86)\Trymedia
[-] Folder deleted: C:\Users\home\AppData\Local\VirtualStore\Program Files (x86)\Popcorn Time
[-] Folder deleted: C:\Program Files (x86)\Popcorn Time

***** [ Files ] *****

[-] File deleted: C:\Windows\SysNative\roboot64.exe
[-] File deleted: C:\Users\home\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_en.softonic.com_0.localstorage
[-] File deleted: C:\Users\home\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_en.softonic.com_0.localstorage-journal

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\pc-mechanic
[-] Key deleted: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[-] Key deleted: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key deleted: [x64] HKLM\SOFTWARE\Reimage
[-] Key deleted: HKU\S-1-5-21-2398489320-3750471686-3902459509-1000\Software\Reimage
[-] Key deleted: HKU\S-1-5-21-2398489320-3750471686-3902459509-1000\Software\Solvusoft
[-] Key deleted: HKU\S-1-5-21-2398489320-3750471686-3902459509-1000\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[#] Key deleted on reboot: HKCU\Software\Reimage
[#] Key deleted on reboot: HKCU\Software\Solvusoft
[#] Key deleted on reboot: HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[-] Key deleted: HKLM\SOFTWARE\Solvusoft
[-] Key deleted: HKLM\SOFTWARE\Trymedia Systems
[-] Key deleted: HKLM\SOFTWARE\Uniblue
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Popcorn Time_is1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3383 Bytes] - [04/09/2016 11:27:02]
C:\AdwCleaner\AdwCleaner[S0].txt - [3512 Bytes] - [04/09/2016 11:25:16]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3529 Bytes] ##########
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Preventivka

#4 Příspěvek od Márty84 »

:arrow: Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Lilo
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 19 srp 2016 13:48

Re: Preventivka

#5 Příspěvek od Lilo »

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 04/09/2016
Scan Time: 20:09
Logfile: xd123.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.04.07
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: home

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 507715
Time Elapsed: 2 hr, 47 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.SysTweak, C:\AdwCleaner\quarantine\files\hfezwicgwhewiklwhfxpkiyaztjkkkjo.back, , [38efabc3eeac37ff5943a222c93811ef],

Physical Sectors: 0
(No malicious items detected)


(end)
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Preventivka

#6 Příspěvek od Márty84 »

Nalez uz je v karantene ADWCleaneru, takze ho neni potreba resit.


:arrow: Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach :)
(Kdyby nesel Launcher stahnout, dejte logy jen ze samotneho FRST, tedy bez pouziti Launcheru)
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Lilo
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 19 srp 2016 13:48

Re: Preventivka

#7 Příspěvek od Lilo »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by home (administrator) on HOME-PC (05-09-2016 15:50:22)
Running from d:\Users\home\Desktop
Loaded Profiles: home (Available Profiles: home)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.26\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.66\deploy\LoLPatcher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.214\deploy\LolClient.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2858152 2015-03-23] (Synaptics Incorporated)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4367808 2009-12-17] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [6988736 2009-12-17] (Lenovo (Beijing) Limited)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM-x32\...\Run: [Lenovo Smart Fingerprint] => C:\Program Files (x86)\Lenovo\Lenovo Smart Fingerprint\fplmonitor.exe [1761208 2015-03-26] (Lenovo)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-03-24] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKU\S-1-5-21-2398489320-3750471686-3902459509-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26424960 2016-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-2398489320-3750471686-3902459509-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation)
HKU\S-1-5-21-2398489320-3750471686-3902459509-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-21] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{47C4DC17-B4E2-4FAF-9851-99D43CEA6EA8}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-30] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-30] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2398489320-3750471686-3902459509-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\Z9iCEEY7.default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: (Avira Browser Safety) - C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\Z9iCEEY7.default\Extensions\abs@avira.com [2016-08-19]
FF Extension: (Avira SafeSearch Plus) - C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\Z9iCEEY7.default\Extensions\safesearchplus2@avira.com [2016-08-19]

Chrome:
=======
CHR DefaultSearchURL: Profile 1 -> hxxps://search.avira.net/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> Avira
CHR DefaultSuggestURL: Profile 1 -> hxxps://search.avira.net/suggestions?q={searchTerms}&li=ff&hl=en
CHR Profile: C:\Users\home\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google מצגות) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-24]
CHR Extension: (Google Docs) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-24]
CHR Extension: (כונן Google) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-24]
CHR Extension: (YouTube) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-24]
CHR Extension: (חיפוש Google) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-24]
CHR Extension: (Google Sheets) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-24]
CHR Extension: (Gmail) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-24]
CHR Profile: C:\Users\home\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-30]
CHR Extension: (YouTube) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-30]
CHR Extension: (Google Search) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-30]
CHR Extension: (Avira Browser Safety) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-08-19]
CHR Extension: (Google Docs Offline) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2016-08-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (The First Snow) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pbkomonlkeobifjdafacclcmabkcodhm [2015-12-30]
CHR Extension: (Gmail) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-30]
CHR Extension: (Chrome Media Router) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-30]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-03-06] (Intel Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-11-19] ()
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [49040 2014-09-01] (Synaptics Incorporated)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-11-19] (Intel® Corporation)
S3 ArcService; E:\Arc\ArcService.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-08-19] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-12-20] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3437848 2015-01-20] (Intel Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [2981080 2014-12-22] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31400 2015-03-23] (Synaptics Incorporated)
S4 avgntflt; system32\DRIVERS\avgntflt.sys [X]
R4 avkmgr; system32\DRIVERS\avkmgr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-05 15:49 - 2016-09-05 15:50 - 00000000 ____D C:\FRST
2016-09-05 15:46 - 2016-09-05 15:46 - 00029696 _____ C:\Users\home\AppData\Local\MSGBOX.EXE
2016-09-04 20:08 - 2016-09-04 20:08 - 00000000 ____D C:\Users\home\AppData\Local\AviraSpeedup
2016-09-04 20:07 - 2016-09-05 11:21 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-04 20:06 - 2016-09-04 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-04 20:06 - 2016-09-04 20:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-04 20:06 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-09-04 20:06 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-09-04 20:06 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-09-04 11:23 - 2016-09-04 11:27 - 00000000 ____D C:\AdwCleaner
2016-09-04 11:07 - 2016-09-04 11:08 - 00000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2016-09-04 11:07 - 2016-09-04 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2016-09-04 11:02 - 2016-09-04 11:02 - 00001945 _____ C:\Windows\epplauncher.mif
2016-09-04 01:10 - 2016-09-04 01:29 - 00000000 ____D C:\rsit
2016-09-04 01:10 - 2016-09-04 01:29 - 00000000 ____D C:\Program Files\trend micro
2016-08-30 18:00 - 2016-08-30 18:00 - 00000000 ____D C:\Users\home\AppData\Local\Intel_Corporation
2016-08-30 17:59 - 2016-08-30 17:59 - 00000000 ____D C:\Users\home\AppData\Roaming\java
2016-08-30 17:58 - 2016-09-01 18:09 - 00000000 ____D C:\Users\home\AppData\Roaming\.minecraft
2016-08-30 17:58 - 2016-08-30 17:58 - 00000000 ____D C:\Users\home\AppData\Roaming\Sun
2016-08-30 17:58 - 2016-08-30 17:58 - 00000000 ____D C:\Users\home\AppData\LocalLow\Sun
2016-08-30 17:57 - 2016-08-30 17:57 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-08-30 17:57 - 2016-08-30 17:57 - 00000000 ____D C:\ProgramData\Oracle
2016-08-30 17:57 - 2016-08-30 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-08-30 17:57 - 2016-08-30 17:57 - 00000000 ____D C:\Program Files (x86)\Java
2016-08-30 17:35 - 2016-09-05 15:41 - 00000000 ____D C:\Windows\system32\appmgmt
2016-08-30 14:35 - 2016-08-30 14:35 - 00000000 ____D C:\Users\home\.swt
2016-08-30 14:33 - 2016-08-30 17:58 - 00000000 ____D C:\Users\home\.oracle_jre_usage
2016-08-30 14:33 - 2016-08-30 15:36 - 00000000 ____D C:\Users\home\AppData\Roaming\Azureus
2016-08-27 00:28 - 2016-08-27 00:28 - 00000000 ____D C:\Users\home\AppData\Local\PopcornTimeDesktop
2016-08-19 18:25 - 2016-07-08 18:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-08-19 18:25 - 2016-07-08 18:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-08-19 18:24 - 2016-07-08 18:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-19 18:24 - 2016-07-08 18:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-19 18:24 - 2016-07-08 18:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-19 18:24 - 2016-07-08 18:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-19 18:24 - 2016-07-08 18:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-19 18:24 - 2016-07-08 18:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-19 18:24 - 2016-07-08 18:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-19 18:24 - 2016-07-08 18:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-19 18:24 - 2016-07-08 18:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-19 18:24 - 2016-07-08 18:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-19 18:24 - 2016-07-08 18:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-19 18:24 - 2016-07-08 18:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-19 18:24 - 2016-07-08 18:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-19 18:24 - 2016-07-08 18:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-19 18:24 - 2016-07-08 18:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-19 18:24 - 2016-07-08 18:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-19 18:24 - 2016-07-08 18:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-19 18:24 - 2016-07-08 18:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-08-19 18:24 - 2016-07-08 18:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-19 18:24 - 2016-07-08 18:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-19 18:24 - 2016-07-08 18:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-08-19 18:24 - 2016-07-08 18:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-08-19 18:24 - 2016-07-08 18:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-08-19 18:24 - 2016-07-08 18:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-19 18:24 - 2016-07-08 18:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-19 18:24 - 2016-07-08 18:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-19 18:24 - 2016-07-08 18:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-19 18:24 - 2016-07-08 18:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-08-19 18:24 - 2016-07-08 18:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-08-19 18:24 - 2016-07-08 18:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-08-19 18:24 - 2016-07-08 18:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-08-19 18:24 - 2016-07-08 18:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-08-19 18:24 - 2016-07-08 18:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-08-19 18:24 - 2016-07-08 18:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-08-19 18:24 - 2016-07-08 18:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-08-19 18:24 - 2016-07-08 18:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-19 18:24 - 2016-07-08 17:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-19 18:24 - 2016-07-08 17:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-19 18:24 - 2016-07-08 17:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-19 18:24 - 2016-07-08 17:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-08-19 18:24 - 2016-07-08 17:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-19 18:24 - 2016-07-08 17:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-08-19 18:24 - 2016-06-26 03:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-08-19 18:24 - 2016-06-26 03:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-08-19 18:24 - 2016-06-26 03:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-08-19 18:24 - 2016-06-26 03:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-08-19 18:24 - 2016-06-26 03:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-08-19 18:24 - 2016-06-25 22:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-08-19 18:24 - 2016-06-25 22:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-08-19 18:24 - 2016-06-25 22:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-08-19 18:24 - 2016-06-25 22:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-08-19 18:24 - 2016-06-25 22:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-08-19 18:24 - 2015-07-16 22:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-08-19 18:24 - 2015-07-16 22:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2016-08-19 18:24 - 2015-07-16 22:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2016-08-19 18:24 - 2015-07-16 22:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-08-19 18:24 - 2015-07-16 22:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2016-08-19 18:24 - 2015-07-16 22:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2016-08-19 18:24 - 2015-07-11 16:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2016-08-19 18:24 - 2014-12-11 20:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2016-08-19 18:23 - 2016-08-02 17:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-19 18:23 - 2016-08-02 17:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-19 18:23 - 2016-08-02 09:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-19 18:23 - 2016-08-02 09:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-19 18:23 - 2016-08-02 09:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-19 18:23 - 2016-08-02 09:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-19 18:23 - 2016-08-02 09:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-19 18:23 - 2016-08-02 09:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-19 18:23 - 2016-08-02 09:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-19 18:23 - 2016-08-02 09:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-19 18:23 - 2016-08-02 09:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-08-19 18:23 - 2016-08-02 09:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-19 18:23 - 2016-08-02 08:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-19 18:23 - 2016-08-02 08:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-19 18:23 - 2016-08-02 08:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-19 18:23 - 2016-08-02 08:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-19 18:23 - 2016-08-02 08:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-19 18:23 - 2016-08-02 08:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-08-19 18:23 - 2016-08-02 08:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-08-19 18:23 - 2016-08-02 08:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-08-19 18:23 - 2016-08-02 08:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-19 18:23 - 2016-08-02 08:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-08-19 18:23 - 2016-08-02 08:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-08-19 18:23 - 2016-08-02 08:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-08-19 18:23 - 2016-08-02 08:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-19 18:23 - 2016-08-02 08:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-08-19 18:23 - 2016-08-02 08:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-19 18:23 - 2016-08-02 08:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-19 18:23 - 2016-08-02 08:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-19 18:23 - 2016-08-02 08:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-08-19 18:23 - 2016-08-02 08:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-19 18:23 - 2016-08-02 08:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-08-19 18:23 - 2016-08-02 08:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-08-19 18:23 - 2016-08-02 08:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-08-19 18:23 - 2016-08-02 08:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-08-19 18:23 - 2016-08-02 08:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-19 18:23 - 2016-08-02 08:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-19 18:23 - 2016-08-02 08:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-19 18:23 - 2016-08-02 08:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-19 18:23 - 2016-08-02 07:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-19 18:23 - 2016-08-02 07:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-19 18:23 - 2016-08-02 07:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-19 18:23 - 2015-12-20 21:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-08-19 18:23 - 2015-12-20 21:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-08-19 18:23 - 2015-12-20 17:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-08-19 18:22 - 2016-08-02 09:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-19 18:22 - 2016-08-02 09:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-19 18:22 - 2016-08-02 09:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-19 18:22 - 2016-08-02 09:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-19 18:22 - 2016-08-02 09:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-19 18:22 - 2016-08-02 09:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-19 18:22 - 2016-08-02 09:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-19 18:22 - 2016-08-02 09:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-19 18:22 - 2016-08-02 09:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-19 18:22 - 2016-08-02 09:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-19 18:22 - 2016-08-02 09:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-19 18:22 - 2016-08-02 08:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-19 18:22 - 2016-08-02 08:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-19 18:22 - 2016-08-02 08:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-08-19 18:22 - 2016-08-02 08:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-08-19 18:22 - 2016-08-02 08:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-19 18:22 - 2016-08-02 08:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-19 18:22 - 2016-08-02 08:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-19 18:22 - 2016-08-02 08:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-08-19 18:22 - 2016-08-02 08:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-19 18:22 - 2016-08-02 08:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-19 18:22 - 2016-08-02 08:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-08-19 18:22 - 2016-08-02 08:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-08-19 18:22 - 2016-08-02 07:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-19 18:10 - 2016-07-08 18:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-19 16:26 - 2016-08-19 16:26 - 00262144 ____N C:\Windows\Minidump\081916-25365-01.dmp
2016-08-19 15:59 - 2016-08-19 15:59 - 00000000 ____D C:\Users\home\AppData\Local\Avira
2016-08-19 15:45 - 2016-08-19 15:46 - 00079838 _____ C:\Windows\ntbtlog.txt
2016-08-19 15:45 - 2016-08-19 15:45 - 00262144 ____N C:\Windows\Minidump\081916-38657-01.dmp
2016-08-19 15:36 - 2016-08-19 15:36 - 00000000 ____D C:\Users\home\AppData\Roaming\Mozilla
2016-08-19 15:25 - 2016-09-05 15:44 - 00000000 ____D C:\Program Files (x86)\Avira
2016-08-19 14:54 - 2016-08-19 14:54 - 00000000 _____ C:\autoexec.bat
2016-08-19 14:53 - 2016-08-19 14:53 - 00003320 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2016-08-19 14:53 - 2016-08-19 14:53 - 00000000 ____D C:\Users\home\AppData\Roaming\Enigma Software Group
2016-08-19 14:52 - 2016-08-19 14:52 - 00001087 _____ C:\Users\home\Desktop\SpyHunter.lnk
2016-08-19 14:51 - 2016-08-19 14:51 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-08-19 14:42 - 2016-08-19 14:42 - 00106173 _____ C:\ProgramData\1471606930.bdinstall.bin
2016-08-19 14:41 - 2016-08-19 14:41 - 00106229 _____ C:\ProgramData\1471606900.bdinstall.bin
2016-08-19 14:41 - 2016-08-19 14:41 - 00106154 _____ C:\ProgramData\1471606843.bdinstall.bin
2016-08-19 14:40 - 2016-08-19 14:40 - 00105312 _____ C:\ProgramData\1471606813.bdinstall.bin
2016-08-19 14:17 - 2016-08-19 14:17 - 00000000 ____D C:\Users\home\AppData\Local\ElevatedDiagnostics
2016-08-19 14:11 - 2016-08-19 14:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-19 13:54 - 2016-08-19 13:54 - 00045837 _____ C:\ProgramData\1471604043.bdinstall.bin
2016-08-19 13:53 - 2016-08-19 13:53 - 00045407 _____ C:\ProgramData\1471603946.bdinstall.bin
2016-08-19 13:52 - 2016-08-19 13:52 - 00000000 ____D C:\Users\home\AppData\Roaming\QuickScan
2016-08-19 13:41 - 2016-08-19 13:41 - 00262144 ____N C:\Windows\Minidump\081916-26832-01.dmp
2016-08-18 02:52 - 2007-08-01 07:55 - 00188416 _____ (Takeharu Kimura) C:\Windows\SysWOW64\Setup.exe
2016-08-18 02:45 - 2016-08-18 02:45 - 00003174 _____ C:\Windows\System32\Tasks\{A256F429-4300-4D55-A3FB-6BDA454BB8D8}
2016-08-18 02:43 - 2016-08-18 02:43 - 00000862 _____ C:\Users\home\Desktop\SuccubusQuest短編.lnk
2016-08-18 02:42 - 2016-08-18 02:42 - 00000850 _____ C:\Users\home\Desktop\SuccubusQuest.lnk
2016-08-18 02:29 - 2016-08-18 03:18 - 00000000 ____D C:\Users\home\AppData\LocalLow\uTorrent
2016-08-18 02:28 - 2016-08-18 03:19 - 00000000 ____D C:\Users\home\AppData\Roaming\uTorrent
2016-08-15 18:05 - 2016-08-15 18:05 - 00262144 ____N C:\Windows\Minidump\081516-17534-01.dmp
2016-08-14 22:41 - 2016-08-14 22:41 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-08-14 22:41 - 2016-08-14 22:41 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-08-14 22:40 - 2016-08-14 22:40 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-08-14 22:40 - 2016-08-14 22:40 - 00000000 ____D C:\Windows\system32\Macromed
2016-08-10 00:29 - 2016-08-10 00:29 - 00000000 ____D C:\Users\home\AppData\Roaming\breedingseason
2016-08-10 00:29 - 2016-08-10 00:29 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-08-10 00:29 - 2016-08-10 00:29 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-08-09 20:35 - 2016-08-09 20:38 - 00000000 ____D C:\Users\home\AppData\Local\tyranoscript

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-05 15:44 - 2015-11-24 18:16 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-05 15:44 - 2009-07-14 07:45 - 00022416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-05 15:44 - 2009-07-14 07:45 - 00022416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-05 15:43 - 2015-11-24 19:00 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-05 13:58 - 2016-04-27 05:02 - 00000000 ____D C:\Users\home\AppData\Roaming\Skype
2016-09-05 11:21 - 2015-11-24 21:46 - 00000000 __SHD C:\Users\home\IntelGraphicsProfiles
2016-09-05 11:18 - 2015-11-25 17:59 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-05 11:18 - 2015-11-24 19:00 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-05 11:18 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-05 11:17 - 2015-11-24 18:23 - 00000000 ____D C:\ProgramData\Validity
2016-09-04 23:32 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\NDF
2016-08-30 14:35 - 2015-11-24 22:28 - 00000000 ____D C:\Users\home
2016-08-30 14:08 - 2015-11-25 00:06 - 00123560 _____ C:\Users\home\AppData\Local\GDIPFONTCACHEV1.DAT
2016-08-30 14:07 - 2009-07-14 07:45 - 00449584 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-26 22:54 - 2011-04-12 12:50 - 00404644 _____ C:\Windows\system32\perfh00D.dat
2016-08-26 22:54 - 2011-04-12 12:50 - 00093548 _____ C:\Windows\system32\perfc00D.dat
2016-08-26 22:54 - 2009-07-14 08:13 - 01275024 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-26 22:54 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2016-08-21 03:50 - 2015-11-24 19:00 - 00000000 ____D C:\Program Files\Google
2016-08-21 03:50 - 2015-11-24 19:00 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-21 03:18 - 2015-12-02 16:55 - 00000000 ____D C:\Windows\system32\MRT
2016-08-21 03:11 - 2015-12-02 16:55 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-20 23:22 - 2015-11-24 19:00 - 00000000 ____D C:\Users\home\AppData\Local\Google
2016-08-20 23:20 - 2016-04-19 09:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2016-08-19 16:27 - 2015-11-24 21:43 - 00000000 ____D C:\Windows\Minidump
2016-08-19 13:38 - 2009-07-14 08:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-14 22:41 - 2009-07-14 08:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-08-10 00:29 - 2015-12-02 19:36 - 00000000 ____D C:\Users\home\AppData\Roaming\Adobe
2016-08-10 00:29 - 2015-11-24 18:59 - 00000000 ____D C:\ProgramData\Adobe
2016-08-10 00:29 - 2015-11-24 18:59 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-08-10 00:28 - 2015-11-24 18:58 - 00000000 ____D C:\Users\home\AppData\Local\Adobe
2016-08-09 00:51 - 2015-11-24 19:00 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-09 00:51 - 2015-11-24 19:00 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2016-09-05 15:46 - 2016-09-05 15:46 - 0029696 _____ () C:\Users\home\AppData\Local\MSGBOX.EXE
2016-08-19 13:53 - 2016-08-19 13:53 - 0045407 _____ () C:\ProgramData\1471603946.bdinstall.bin
2016-08-19 13:54 - 2016-08-19 13:54 - 0045837 _____ () C:\ProgramData\1471604043.bdinstall.bin
2016-08-19 14:40 - 2016-08-19 14:40 - 0105312 _____ () C:\ProgramData\1471606813.bdinstall.bin
2016-08-19 14:41 - 2016-08-19 14:41 - 0106154 _____ () C:\ProgramData\1471606843.bdinstall.bin
2016-08-19 14:41 - 2016-08-19 14:41 - 0106229 _____ () C:\ProgramData\1471606900.bdinstall.bin
2016-08-19 14:42 - 2016-08-19 14:42 - 0106173 _____ () C:\ProgramData\1471606930.bdinstall.bin

Some files in TEMP:
====================
C:\Users\home\AppData\Local\Temp\avgnt.exe
C:\Users\home\AppData\Local\Temp\libeay32.dll
C:\Users\home\AppData\Local\Temp\msvcr120.dll
C:\Users\home\AppData\Local\Temp\ReimagePackage.exe
C:\Users\home\AppData\Local\Temp\sqlite3.dll
C:\Users\home\AppData\Local\Temp\sqlite3.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-28 21:09

==================== End of FRST.txt ============================
Přílohy
Addition.zip
(9.43 KiB) Staženo 52 x
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Preventivka

#8 Příspěvek od Márty84 »

:???: Ted zas v logu nevidim zadny antivir :-D Je tam nejaky? :?:


:arrow: Napiste mi velikost adresare plochy



:arrow: Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKU\S-1-5-21-2398489320-3750471686-3902459509-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26424960 2016-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-2398489320-3750471686-3902459509-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation)

Toolbar: HKU\S-1-5-21-2398489320-3750471686-3902459509-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-08-19] ()
S4 avgntflt; system32\DRIVERS\avgntflt.sys [X]
R4 avkmgr; system32\DRIVERS\avkmgr.sys [X]
S2 gupdate;שירות ‏עדכון Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-24 107848]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-05-23 324224]
S3 gupdatem;שירות ‏עדכון Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-24 107848]

Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Hosts:
EmptyTemp:
Reboot:
End
Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Lilo
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 19 srp 2016 13:48

Re: Preventivka

#9 Příspěvek od Lilo »

Avira dělala okolo FRST problémy, takže byla odinstalována a je v plánu nainstalovat Avast so nejdříve.

Velikost adresáře plochy:
447 bajtů
na disku - 4096 bajtů (4 kB)

fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by home (05-09-2016 17:40:33) Run:1
Running from d:\Users\home\Desktop
Loaded Profiles: home (Available Profiles: home)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKU\S-1-5-21-2398489320-3750471686-3902459509-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26424960 2016-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-2398489320-3750471686-3902459509-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation)
Toolbar: HKU\S-1-5-21-2398489320-3750471686-3902459509-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-08-19] ()
S4 avgntflt; system32\DRIVERS\avgntflt.sys [X]
R4 avkmgr; system32\DRIVERS\avkmgr.sys [X]
S2 gupdate;שירות ‏עדכון Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-24 107848]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-05-23 324224]
S3 gupdatem;שירות ‏עדכון Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-24 107848]
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-2398489320-3750471686-3902459509-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => value removed successfully
HKU\S-1-5-21-2398489320-3750471686-3902459509-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Steam => value removed successfully
HKU\S-1-5-21-2398489320-3750471686-3902459509-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
EsgScanner => service removed successfully
avgntflt => service not found.
avkmgr => Unable to stop service.
avkmgr => service removed successfully
gupdate => service removed successfully
SkypeUpdate => service removed successfully
gupdatem => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{EB02381F-D652-4B1C-894A-712498C62C51}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB02381F-D652-4B1C-894A-712498C62C51}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\LPRemove" => key removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16015806 B
Java, Flash, Steam htmlcache => 372905195 B
Windows/system/drivers => 1039011856 B
Edge => 0 B
Chrome => 489689835 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83913 B
systemprofile32 => 69340 B
LocalService => 66228 B
NetworkService => 12933826 B
home => 2384800703 B

RecycleBin => 0 B
EmptyTemp: => 4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:42:51 ====
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Preventivka

#10 Příspěvek od Márty84 »

Lilo píše:Velikost adresáře plochy:
447 bajtů
na disku - 4096 bajtů (4 kB)
To tezko, na plose mate treba FRST a i to samotne ma vic. Tohle bude velikost te ikonky slozky, ja mel na mysli velikost obsahu :-)


:!: Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

:arrow:
vyosek píše: :arrow: DelFix https://toolslib.net/downloads/finish/2/
  • Stahnete a spustte
  • Ponechte zatrzitkou pouze u volby Remove disinfection tools
  • Kliknete na Run
:arrow: Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

:arrow: Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




:arrow: Pak napiste, jak to s pc vypada.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Lilo
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 19 srp 2016 13:48

Re: Preventivka

#11 Příspěvek od Lilo »

Tak snad teď to bude již dobře :D Velikost plochy: 1.04 MB, 1.11 MB na disku

Jinak počítač běží úplně bez problémů. Čistější než nový :D Děkuji!
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Preventivka

#12 Příspěvek od Márty84 »

Lilo píše:Tak snad teď to bude již dobře :D Velikost plochy: 1.04 MB, 1.11 MB na disku
No pokud to tak je, tak je to parada. Cim min toho na plose je, tim lepe ;-)

Neni vubec zac! :-)

Mejte se a treba zase nekdy :bye:

:closed:
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Zamčeno

Zpět na „Preventivní kontroly logů“