VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Malware v pc

https://forum.viry.cz:443/viewtopic.php?t=151467

Stránka 1 z 1

Malware v pc

Napsal: 20 úno 2017 17:36
od safire
Dobry den, dnes som si instaloval profidernu appku a nainstalovalo mi to plno malwaru do pc, vyskakuju mi okna v chrome, nainstalovalo mi to niejake programy, nieco som odinstaloval, nieco odinstalovat ani nejde a nieco som povypinal v startupe ale bol by som rad ak by ste mi pomohli s logom a pomohli vycistit pc :) dakujem pekne prosim dajte vediet s akeho programu je potrebny log :) dakujeem :)

Re: Malware v pc

Napsal: 20 úno 2017 17:40
od Rudy
Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Re: Malware v pc

Napsal: 20 úno 2017 17:59
od safire
Nech sa paci, vkladam log s FRST :)

Kód: Vybrat vše

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-02-2017
Ran by Safire (20-02-2017 18:03:38)
Running from C:\Users\Safire\Desktop
Windows 10 Pro Version 1607 (X64) (2016-10-15 14:30:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-639167727-1611962213-2014225226-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-639167727-1611962213-2014225226-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-639167727-1611962213-2014225226-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-639167727-1611962213-2014225226-501 - Limited - Disabled)
Safire (S-1-5-21-639167727-1611962213-2014225226-1001 - Administrator - Enabled) => C:\Users\Safire

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
1600 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
1600_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
1600Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattleBlock Theater (HKLM\...\Steam App 238460) (Version:  - The Behemoth)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.70.1080 - AB Team, d.o.o.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Castle Crashers (HKLM\...\Steam App 204360) (Version:  - The Behemoth)
Catalyst Control Center Next Localization BR (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CrystalDiskInfo 7.0.4 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.4 - Crystal Dew World)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0196 - Disc Soft Ltd)
DayZ (HKLM\...\Steam App 221100) (Version:  - Bohemia Interactive)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.1.6 - Lenovo)
Energy Management (x32 Version: 6.0.1.6 - Lenovo) Hidden
f.lux (HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\Flux) (Version:  - )
FastStone Image Viewer 6.0 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.0 - FastStone Soft)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Spoločnosť Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
H1Z1: King of the Kill (HKLM\...\Steam App 433850) (Version:  - Daybreak Game Company)
HD Tune Pro 5.50 (HKLM-x32\...\HD Tune Pro_is1) (Version:  - EFD Software)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software (HKLM\...\{6F5B70F0-EA6C-4A5B-BB16-8390BD66B251}) (Version: 14.0 - HP)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.1.1.14 - Intel(R) Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4483 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{99FDAE3B-6905-45A6-8F73-595363AAD3D1}) (Version: 15.05.1000.1411 - Intel Corporation)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
League of Legends (x32 Version: 4.2.1 - Riot Games) Hidden
Life is Strange (HKLM-x32\...\Life is Strange_is1) (Version:  - )
Life Is Strange™ (HKLM\...\Steam App 319630) (Version:  - DONTNOD Entertainment)
Logitech Gaming Software 8.88 (HKLM\...\Logitech Gaming Software) (Version: 8.88.30 - Logitech Inc.)
Manticore Gaming Keyboard (HKLM-x32\...\{0DAEFA4F-E394-4D1F-8F1A-6A2180561290}}_is1) (Version:  - )
Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.62615.0 (HKLM-x32\...\{33D89314-361A-4495-A1E1-0ACBCE08F78D}) (Version: 10.0.62615.0 - Microsoft Corporation)
Microsoft Office 2016 Professional Plus - sk-sk (HKLM\...\ProplusRetail - sk-sk) (Version: 16.0.7766.2047 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.7766.2047 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Mp3tag v2.79 (HKLM-x32\...\Mp3tag) (Version: v2.79 - Florian Heidenreich)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.7766.2039 - Microsoft Corporation) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Podpora Apple aplikácií (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Podpora Apple aplikácií(64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 7.6.8.66 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39029 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.)
Sapphire TRIXX (HKLM-x32\...\Sapphire TRIXX) (Version:  - )
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version:  - Firaxis Games)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Subtitle Workshop 6.0b (HKLM-x32\...\SubtitleWorkshop) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.0 - Synaptics Incorporated)
Synaptics WBF Fingerprint Reader (HKLM\...\{B0CB33D8-1426-4D61-A4F6-BDFD7407AE92}) (Version: 4.5.307.0 - Synaptics)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.5.0.0 - Zenimax Online Studios)
The Sims 4: City Living (HKLM\...\dGhlc2ltczRjaXR5bGl2aW5n_is1) (Version: 1 - )
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.25.136.1020 - Electronic Arts Inc.)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1495134320_is1) (Version: 2.0.0.51 - GOG.com)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
WinRAR 5.30 (64-bitová verzia) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Wise Auto Shutdown 1.55 (HKLM-x32\...\Wise Auto Shutdown_is1) (Version: 1.55 - WiseCleaner.com, Inc.)
youndoo - Uninstall (HKLM-x32\...\{8833B02A-1A73-4450-8BB5-9B893D007D09}) (Version:  - ) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-639167727-1611962213-2014225226-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Safire\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-639167727-1611962213-2014225226-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Safire\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-639167727-1611962213-2014225226-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Safire\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {071BF5D4-B51F-488A-974A-CE2E13C5A158} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-01-29] (Microsoft Corporation)
Task: {1456F6AC-8D10-49D6-A25F-1C20F7B636D7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {32DD1A3E-BEDA-4C58-81F1-F29D6F787392} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-01-13] (Advanced Micro Devices, Inc.)
Task: {3904411E-3865-43E4-A7D1-23A7E4541F20} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\RadeonInstaller.exe [2017-01-13] (Advanced Micro Devices, Inc.)
Task: {3C043F9B-C9CC-49E2-8DC3-F26B22EEAF80} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-01-29] (Microsoft Corporation)
Task: {4D4819FE-E7E7-4D98-96FA-848BBED1969C} - System32\Tasks\Kokock => "msiexec" /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel.php?u=HITACHIXHTS545050B9A300_120129PBN406P7HLX4JEX&v=2017220 /q
Task: {539492BF-AE75-4AC2-B3B5-AE6DA1930772} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {5B1468FD-4981-4134-B0AE-658D27F99FB8} - System32\Tasks\Nimasy Engine => C:\Program Files (x86)\Divosh\plejither.exe [2017-02-20] (Glarysoft Ltd)
Task: {705D5C7D-E230-4470-8A0B-FCB541EFF1ED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-15] (Google Inc.)
Task: {78229A4E-016A-433B-AB30-E1D99911CC00} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {B175F8AF-413E-4CD2-8753-1AF37D119B6A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-15] (Google Inc.)
Task: {CE605C66-2429-4F08-988B-0AF815F785B3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-02-07] (Microsoft Corporation)
Task: {DE6229BD-BD60-4CB5-A2F8-EF04B922AC57} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-02-07] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION

ShortcutWithArgument: C:\Users\Safire\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Safire\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Safire\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Safire\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Safire\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Safire\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Safire\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-12-14 18:19 - 2016-12-09 11:29 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2017-02-20 17:21 - 2017-02-20 17:21 - 00307200 _____ () C:\Program Files (x86)\Nimasy Engine\local64spl.dll
2015-06-10 16:33 - 2015-06-10 16:33 - 00022528 _____ () C:\Windows\system32\fpCSEvtSvc.exe
2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-24 23:20 - 2016-09-24 23:21 - 00189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-12-14 18:19 - 2016-12-09 11:29 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-10-15 18:44 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 19:41 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 19:40 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 19:40 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 19:40 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 19:40 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 19:40 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-08-23 19:43 - 2016-08-04 22:42 - 00384496 _____ () C:\Windows\system32\igfxTray.exe
2016-09-14 02:20 - 2016-09-14 02:20 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 02:20 - 2016-09-14 02:20 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 02:20 - 2016-09-14 02:20 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-14 02:20 - 2016-09-14 02:20 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 02:20 - 2016-09-14 02:20 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 02:20 - 2016-09-14 02:20 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-14 02:20 - 2016-09-14 02:20 - 00191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2017-02-07 00:13 - 2017-02-01 10:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 00:13 - 2017-02-01 10:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2017-02-20 17:30 - 00002216 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 distribution.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 beautifllink.xyz
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 distribution.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 beautifllink.xyz
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 distribution.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 beautifllink.xyz
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 distribution.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 beautifllink.xyz
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 distribution.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 beautifllink.xyz
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 distribution.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 beautifllink.xyz

There are 9 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-639167727-1611962213-2014225226-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "RtsCM"
HKLM\...\StartupApproved\Run: => "EnergyUtility"
HKLM\...\StartupApproved\Run: => "Energy Management"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "Manticore"
HKLM\...\StartupApproved\Run32: => "RazerCortex"
HKLM\...\StartupApproved\Run32: => "OMEWPRODUCT_2TRY3"
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\StartupApproved\StartupFolder: => "Sapphire TRIXX.lnk"
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\StartupApproved\StartupFolder: => "ThrottleStop - Shortcut.lnk"
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\StartupApproved\Run: => "f.lux"
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\StartupApproved\Run: => "Battle.net"
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\StartupApproved\Run: => "Uninstall C:\Users\Safire\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\StartupApproved\Run: => "18c294f5-8b2b-415f-a903-553cccbe3aad"
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\StartupApproved\Run: => "51fa5df9-73ee-4efa-96ac-853c6418a27f"
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\StartupApproved\Run: => "b2956951-fab2-487d-ac0d-16138d77c2d2"
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\StartupApproved\Run: => "baad9cf4-d497-405b-8736-78c7780c3422"
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_86536B082181848BA60E21454357D310"
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\StartupApproved\Run: => "msiql"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A61D35F8-9B9D-4987-A918-9D04BE4BF660}] => (Allow) C:\Users\Safire\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1E1F01A8-39FC-4B94-B88C-024567B9DE0E}] => (Allow) C:\Users\Safire\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2C16EB4C-27BF-4798-8951-9CCCDAA04533}] => (Allow) C:\Users\Safire\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B2EB2D83-00E1-415F-88A7-CB41FDE74943}] => (Allow) C:\Users\Safire\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{04CD9B5F-F562-483B-8A06-46D59C56ACAF}] => (Allow) C:\Users\Safire\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4E255959-E61B-4C7D-A50D-A9E43776E53C}] => (Allow) C:\Users\Safire\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{6E59B162-2174-4960-A44B-B9B55E6B581C}E:\overwatch\overwatch.exe] => (Allow) E:\overwatch\overwatch.exe
FirewallRules: [UDP Query User{D43707F3-BE37-425C-B7F8-B71F36BCF0A8}E:\overwatch\overwatch.exe] => (Allow) E:\overwatch\overwatch.exe
FirewallRules: [{1C9C000E-D5D0-440B-AEA9-7F522D8C6577}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{A843E776-FE53-4BE4-83E7-DA88D00F3BAC}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [TCP Query User{F9C6D998-58C3-4197-96EA-A22540764026}E:\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) E:\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [UDP Query User{375502E7-E295-4A19-A65A-E129C3320A3F}E:\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) E:\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [TCP Query User{433DED09-EA13-41C3-84AE-42E4B53B9F34}E:\steam\steamapps\common\arma 3\arma3.exe] => (Allow) E:\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{0EE41F77-F21B-4153-A14F-301FC66A1319}E:\steam\steamapps\common\arma 3\arma3.exe] => (Allow) E:\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [{620CEB3C-BEE8-4354-A21F-0F8298BA1E36}] => (Allow) E:\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{5C47D28C-DEB5-4AE3-B9DA-7C5BEDC2D162}] => (Allow) E:\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [TCP Query User{5E8967C8-2395-4A99-9565-749EC62CF7A5}E:\steam\steamapps\common\dayz\dayz.exe] => (Allow) E:\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{4B021C3A-35CB-4655-9EEB-5488E08D50DE}E:\steam\steamapps\common\dayz\dayz.exe] => (Allow) E:\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [TCP Query User{1ABF72A6-42FD-49A4-8DD2-D5918315E61E}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{14A27788-DB71-44E5-B12F-91E62795CBC0}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{BC5B0CB3-29FE-4558-B157-11774F5F45F6}] => (Allow) E:\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{82227E65-7D20-4A48-A55B-C2C7457A1AEF}] => (Allow) E:\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{3DAB3AE1-302B-445E-8CD8-EECB8C3BD286}] => (Allow) E:\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{9B510CF4-0610-4779-8BA1-F142FA6DC0B5}] => (Allow) E:\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{056123DA-F357-4EA4-86B5-88E9B3A8CAE3}] => (Allow) E:\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{0AA11BB0-AF0D-453D-A4F4-365F3EF42D1B}] => (Allow) E:\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{A0A4889E-8E7A-4911-A137-C320CF461752}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{964E81FB-3FF7-4996-A3B3-8F52FBE3BA33}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3DD1B225-D796-4BF5-8D27-A633D7353DD7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5FF09922-5702-4441-9367-2C28DDCBB83B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9356DE29-9183-4C6D-911F-513363EF8828}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2732BF25-5742-48D6-A8E8-21E388FEEF3C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{DA863C30-8B1A-42F0-BEF3-5A079F81EEFD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{D9EC1B84-7432-44AC-8FD8-39D0A52C2291}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{DEA09CC4-6350-408C-8C16-7F06418F46DF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{A5067960-83D4-43F3-B88C-F8EB13451EE4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{3B7998D2-905F-45EB-B62E-014441A33CB4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{7DDA1281-0CE5-476D-B6FF-B24D0F2B9E8B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{3A211694-02DA-4C30-8FB9-DF57641BA298}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{FFE48677-E992-4CBC-BB95-9FAD57AD0152}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{6BD6738B-074C-4CA4-B55B-830B71F36A7A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{1A82EDF0-FD94-47C8-BE2D-F9530117810D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{E09A65DC-1016-4374-B24F-C51D5C9C271D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{0806696B-6DBC-4C08-8443-4599A81A5346}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{1FAFE796-DD61-4517-A113-BD35B9623AA8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{A7455183-1FCB-4BEC-9573-C197593A111A}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{439D5886-C8F2-4AAA-80DD-07D63512DB42}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{F8A05764-C502-4EFF-9E48-B18B5BB81DB5}E:\steam\steamapps\common\dayz\dayz_x64.exe] => (Allow) E:\steam\steamapps\common\dayz\dayz_x64.exe
FirewallRules: [UDP Query User{EDE81CFD-AA9E-456D-A2E5-901D214F5638}E:\steam\steamapps\common\dayz\dayz_x64.exe] => (Allow) E:\steam\steamapps\common\dayz\dayz_x64.exe
FirewallRules: [{FD08640E-7097-432A-9805-A43E83418113}] => (Allow) E:\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{F67AFCB4-C9E1-494F-823E-7AB601FA0FEB}] => (Allow) E:\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{7992ABED-9F02-48A5-A070-1F2907B8FABA}] => (Allow) C:\Users\Safire\Downloads\The.Sims.4.Deluxe.Edition.v1.20.60.1020.Incl.Dine.Out\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{C6EE9612-F696-42BB-885A-FBB1E027EEE2}] => (Allow) C:\Users\Safire\Downloads\The.Sims.4.Deluxe.Edition.v1.20.60.1020.Incl.Dine.Out\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{ECE5DF2E-09AB-4124-838F-B88D750EB930}] => (Allow) C:\Users\Safire\Downloads\The.Sims.4.Deluxe.Edition.v1.20.60.1020.Incl.Dine.Out\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{D25D5BF8-1293-46E2-A32A-4E9DBB053C46}] => (Allow) C:\Users\Safire\Downloads\The.Sims.4.Deluxe.Edition.v1.20.60.1020.Incl.Dine.Out\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{D2BBD0E6-224D-41FE-BBA6-079E5530ACE0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A0391E87-DD20-4830-B43B-C472C710A515}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{667C9989-A868-484F-9A60-BF6C71C10CBA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8A2C4B36-DFFC-416A-AE7F-AAD6D3445DEA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{ECB3E350-CC7E-45FC-93DB-9731ABA42A38}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{C18F8441-5264-4C37-929E-D7E76303F286}C:\users\safire\appdata\local\temp\i1487242227\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\safire\appdata\local\temp\i1487242227\windows\resource\jre\bin\javaw.exe
FirewallRules: [UDP Query User{861B9133-66C8-43E0-946E-39465A8EDBD6}C:\users\safire\appdata\local\temp\i1487242227\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\safire\appdata\local\temp\i1487242227\windows\resource\jre\bin\javaw.exe
FirewallRules: [{E25FAF38-BD85-42F1-8592-3A2E71EEB191}] => (Allow) E:\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{401FCC55-E7CE-48FE-8672-7DD4861C56F9}] => (Allow) E:\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [TCP Query User{17DBA1FD-F883-4880-94CC-E605E5BDC84E}C:\users\safire\appdata\local\temp\is-ld4b1.tmp\download\minithunderplatform.exe] => (Allow) C:\users\safire\appdata\local\temp\is-ld4b1.tmp\download\minithunderplatform.exe
FirewallRules: [UDP Query User{73C5010C-F107-4697-9D98-D6C9003A111F}C:\users\safire\appdata\local\temp\is-ld4b1.tmp\download\minithunderplatform.exe] => (Allow) C:\users\safire\appdata\local\temp\is-ld4b1.tmp\download\minithunderplatform.exe
FirewallRules: [{5C7318B6-85CC-4B40-A8DA-83F1A32A069D}] => (Allow) C:\Users\Safire\AppData\Local\Temp\is-LD4B1.tmp\download\MiniThunderPlatform.exe

==================== Restore Points =========================

03-02-2017 16:36:41 Scheduled Checkpoint
10-02-2017 21:56:56 Scheduled Checkpoint
18-02-2017 17:02:44 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/20/2017 05:47:41 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (02/20/2017 05:47:30 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (02/20/2017 05:30:46 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Razer\Razer Cortex\StreamingServicesAPI.dll.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Razer\Razer Cortex\StreamingServicesAPI.dll.Manifest" on line 2.
The value "F:\joju\projects\XSplitCSDemo\RazerLauncher\Components\StreamingServicesAPI.dll" of attribute "name" in element "urn:schemas-microsoft-com:asm.v1^file" is invalid.

Error: (02/19/2017 09:03:52 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (02/19/2017 07:00:10 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (02/18/2017 08:17:44 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (02/18/2017 08:17:39 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (02/18/2017 05:03:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/17/2017 08:27:26 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (02/17/2017 08:27:21 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error


System errors:
=============
Error: (02/20/2017 05:51:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2017 05:51:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2017 05:51:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2017 05:47:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2017 05:27:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (02/20/2017 05:27:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.

Error: (02/20/2017 05:26:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2017 05:26:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2017 05:26:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2017 05:25:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Razer Game Scanner Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.


CodeIntegrity:
===================================
  Date: 2017-02-11 19:27:23.764
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-26 15:16:13.885
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\c0310456.inf_amd64_54a99fe241bea5ba\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-12 16:14:57.569
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-11 17:13:31.550
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-28 20:15:57.883
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-27 15:54:14.650
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-26 16:57:03.820
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-25 19:02:57.494
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\c0309792.inf_amd64_16fba8c07200efae\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-17 16:29:23.037
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-15 17:01:48.900
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4702MQ CPU @ 2.20GHz
Percentage of memory in use: 26%
Total physical RAM: 8073.11 MB
Available physical RAM: 5963.34 MB
Total Virtual: 9353.11 MB
Available Virtual: 7275.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:283.2 GB) (Free:81.76 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:182.36 GB) (Free:93.54 GB) NTFS
Drive i: (SAMSUNG) (Fixed) (Total:698.64 GB) (Free:129.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4056EB82)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=283.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=182.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 698.6 GB) (Disk ID: 66BE3048)
Partition 1: (Active) - (Size=698.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Re: Malware v pc

Napsal: 20 úno 2017 19:03
od Rudy
Teď spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: Malware v pc

Napsal: 20 úno 2017 20:21
od safire
- prikladam log ktory mi vybehol po restarte pc.

# AdwCleaner v6.043 - Logfile created 20/02/2017 at 20:17:53
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-13.1 [Local]
# Operating System : Windows 10 Pro (X64)
# Username : Safire - DESKTOP-UVHEV98
# Running from : C:\Users\Safire\Desktop\adwcleaner_6.043.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****

[-] File deleted: C:\Users\Safire\Desktop\AutoTime.lnk
[-] File deleted: C:\ProgramData\service.exe
[#] File deleted: C:\ProgramData\service.exe


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****

[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Shortcut disinfected: C:\Users\Safire\Desktop\Google Chrome.lnk
[-] Shortcut disinfected: C:\Users\Safire\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Shortcut disinfected: C:\Users\Safire\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk


***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D42C3A49-ABAF-464B-BBCE-991C3DD395E8}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{BF8946CD-EEBE-436B-8282-B19A021C9EFE}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{38DD0B4A-E4E0-4A57-99EE-DCCB185B4728}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}
[-] Key deleted: HKU\.DEFAULT\Software\b`nl{y
[-] Key deleted: HKU\.DEFAULT\Software\jhdbca
[-] Key deleted: HKU\S-1-5-21-639167727-1611962213-2014225226-1001\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-639167727-1611962213-2014225226-1001\Software\Installer
[-] Key deleted: HKU\S-1-5-21-639167727-1611962213-2014225226-1001\Software\AutoTime
[-] Key deleted: HKU\S-1-5-21-639167727-1611962213-2014225226-1001\Software\MICROSOFT\wewewe
[-] Key deleted: HKU\S-1-5-21-639167727-1611962213-2014225226-1001\Software\dlr
[-] Key deleted: HKU\S-1-5-21-639167727-1611962213-2014225226-1001\Software\PopWnd
[-] Key deleted: HKU\S-1-5-21-639167727-1611962213-2014225226-1001\Software\UpgSvr
[#] Key deleted on reboot: HKU\S-1-5-18\Software\b`nl{y
[#] Key deleted on reboot: HKU\S-1-5-18\Software\jhdbca
[#] Key deleted on reboot: HKCU\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\Installer
[#] Key deleted on reboot: HKCU\Software\AutoTime
[#] Key deleted on reboot: HKCU\Software\MICROSOFT\wewewe
[#] Key deleted on reboot: HKCU\Software\dlr
[#] Key deleted on reboot: HKCU\Software\PopWnd
[#] Key deleted on reboot: HKCU\Software\UpgSvr
[-] Key deleted: HKLM\SOFTWARE\Conduit
[-] Key deleted: HKLM\SOFTWARE\youndooSoftware
[-] Key deleted: HKLM\SOFTWARE\b`nl{y
[-] Key deleted: HKLM\SOFTWARE\jhdbca
[-] Key deleted: HKLM\SOFTWARE\WISECLEANER
[#] Key deleted on reboot: [x64] HKCU\Software\Conduit
[#] Key deleted on reboot: [x64] HKCU\Software\Installer
[#] Key deleted on reboot: [x64] HKCU\Software\AutoTime
[#] Key deleted on reboot: [x64] HKCU\Software\MICROSOFT\wewewe
[#] Key deleted on reboot: [x64] HKCU\Software\dlr
[#] Key deleted on reboot: [x64] HKCU\Software\PopWnd
[#] Key deleted on reboot: [x64] HKCU\Software\UpgSvr
[-] Key deleted: [x64] HKLM\SOFTWARE\b`nl{y
[-] Key deleted: [x64] HKLM\SOFTWARE\jhdbca
[-] Value deleted: HKU\S-1-5-21-639167727-1611962213-2014225226-1001\Software\Microsoft\Windows\CurrentVersion\Run [msiql]
[-] Value deleted: HKU\S-1-5-21-639167727-1611962213-2014225226-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [msiql]
[#] Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [msiql]
[#] Value deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [msiql]


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [4068 Bytes] - [20/02/2017 20:17:53]
C:\AdwCleaner\AdwCleaner[S0].txt - [4429 Bytes] - [20/02/2017 20:14:05]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [4214 Bytes] ##########

Re: Malware v pc

Napsal: 20 úno 2017 21:07
od Rudy
Dejte nový log FRST.

Re: Malware v pc

Napsal: 21 úno 2017 22:26
od safire
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-02-2017
Ran by Safire (administrator) on DESKTOP-UVHEV98 (21-02-2017 22:23:38)
Running from C:\Users\Safire\Desktop
Loaded Profiles: Safire (Available Profiles: defaultuser0 & Safire)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(HP) C:\Windows\System32\hpservice.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
() C:\Windows\System32\fpCSEvtSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(IEC) C:\Program Files (x86)\BikaQRssReader\BikaQ.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() E:\wallpaper_engine\wallpaper64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) E:\Steam\Steam.exe
(Valve Corporation) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9745312 2016-10-16] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5374880 2016-10-16] (Lenovo(beijing) Limited)
HKLM\...\Run: [RtsCM] => c:\windows\RTSCM64.EXE [227896 2016-06-23] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-03] (Synaptics Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [16293496 2016-09-29] (Logitech Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe [222160 2016-09-28] (Razer Inc.)
HKLM-x32\...\Run: [Manticore] => C:\Program Files (x86)\Genius\Manticore\MThid.exe [293376 2013-10-29] (KYE)
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4557504 2016-10-06] (Disc Soft Ltd)
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\Run: [Steam] => E:\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\Run: [f.lux] => C:\Users\Safire\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-28] (Piriform Ltd)
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\Run: [Battle.net] => E:\Battle.net\Battle.net Launcher.exe [3122152 2016-10-15] (Blizzard Entertainment)
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\Run: [GoogleChromeAutoLaunch_86536B082181848BA60E21454357D310] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1116504 2017-02-01] (Google Inc.)
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\Run: [51fa5df9-73ee-4efa-96ac-853c6418a27f] => C:\Program Files\8VG3U2BWP7\8VG3U2BWP.exe [370176 2017-02-20] (IAS33000000000000)
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\Run: [b2956951-fab2-487d-ac0d-16138d77c2d2] => C:\Program Files\40SGV55LUE\SWICAKXEY.exe [370176 2017-02-20] (IAS33000000000000)
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\Run: [baad9cf4-d497-405b-8736-78c7780c3422] => C:\Program Files\L9H6Y29HWJ\L9H6Y29HW.exe [370176 2017-02-20] (IAS33000000000000)
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\Run: [18c294f5-8b2b-415f-a903-553cccbe3aad] => C:\Program Files\4IDBK0B7IX\732D05FC5.exe [370176 2017-02-20] (IAS33000000000000)
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\Run: [WallpaperEngine] => E:\wallpaper_engine\wallpaper64.exe [894464 2017-02-11] ()
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\RunOnce: [Uninstall C:\Users\Safire\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Safire\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\MountPoints2: {b4011332-93a8-11e6-a064-c5b9bf7a5324} - "H:\setup.exe"
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\MountPoints2: {b60a08b8-9cff-11e6-a08a-a4db30d8d363} - "F:\LaunchU3.exe" -a
HKLM\...\Providers\jebnkuvk: C:\Program Files (x86)\Nimasy Engine\local64spl.dll [307200 2017-02-20] ()
IFEO\SppExtComObj.exe: [Debugger] SppExtComObjPatcher.exe
ShellExecuteHooks: No Name - {5AD340E8-F445-11E6-B566-64006A5CFC23} - C:\Program Files (x86)\Divosh\Reuqutain.dll [146432 2017-02-20] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-11-27]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Safire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sapphire TRIXX.lnk [2016-10-16]
ShortcutTarget: Sapphire TRIXX.lnk -> C:\Program Files (x86)\Sapphire TRIXX\TRIXX.exe (Sapphire Technology Limited)
Startup: C:\Users\Safire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ThrottleStop - Shortcut.lnk [2016-10-16]
ShortcutTarget: ThrottleStop - Shortcut.lnk -> C:\Users\Safire\Desktop\ThrottleStop_600\ThrottleStop.exe (uWebb Software)
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{52adbf23-2f58-4fe5-8893-08748841f73c}: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{dc55f9e6-d6a5-4d11-afd3-37bb98a04aa6}: [DhcpNameServer] 88.212.8.8 88.212.8.88
Tcpip\..\Interfaces\{ebc0d160-1295-4994-86c8-614ca694f736}: [DhcpNameServer] 192.168.0.1 0.0.0.0

Internet Explorer:
==================
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-02-07] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-07] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-07] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-02-07] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-07] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-02-07] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-07] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-02-07] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-07] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-02-07] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-02-07] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-02-07] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData2
CHR HomePage: ChromeDefaultData2 -> hxxp://www.youndoo.com/?z=46817d47ee5f418369f8 ... EX&type=hp
CHR StartupUrls: ChromeDefaultData2 -> "hxxp://www.youndoo.com/?z=46817d47ee5f418369f8 ... EX&type=hp"
CHR Profile: C:\Users\Safire\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2017-02-21] <==== ATTENTION
CHR Extension: (Prezentácie Google) - C:\Users\Safire\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-15]
CHR Extension: (Dokumenty Google) - C:\Users\Safire\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-15]
CHR Extension: (Disk Google) - C:\Users\Safire\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-15]
CHR Extension: (YouTube) - C:\Users\Safire\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-15]
CHR Extension: (Tabuľky Google) - C:\Users\Safire\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-15]
CHR Extension: (Musixmatch Lyrics for YouTube) - C:\Users\Safire\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\gfenjblodoldnbiddmggcbkcapiolbig [2016-12-20]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Safire\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-15]
CHR Extension: (AdBlock) - C:\Users\Safire\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-21]
CHR Extension: (Speed ​​Dial 2) - C:\Users\Safire\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2017-02-20]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Safire\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-02-17]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Safire\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\Safire\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-15]
CHR Extension: (Chrome Media Router) - C:\Users\Safire\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1447944 2016-12-14] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3702472 2017-01-29] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd)
R2 fpCsEvtSvc; C:\Windows\system32\fpCSEvtSvc.exe [22528 2015-06-10] ()
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 hpsrv; C:\Windows\system32\Hpservice.exe [38728 2016-10-12] (HP)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [356336 2016-08-04] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-09-29] (Logitech Inc.)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [133376 2016-09-28] (Razer Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [53248 2015-06-10] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WinSAPSvc; C:\Users\Safire\AppData\Roaming\WinSAPSvc\WinSAP.dll [184832 2017-02-21] (TODO: <Company name>) [File not signed]
R2 WinSnare; C:\Users\Safire\AppData\Roaming\WinSnare\WinSnare.dll [779264 2017-02-21] (InterSect Alliance Pty Ltd) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [56128 2016-10-12] (HP)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-10-16] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-10-16] (Disc Soft Ltd)
R0 hpdskflt; C:\Windows\System32\DRIVERS\hpdskflt.sys [42312 2016-10-12] (HP)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2016-09-29] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2016-09-29] (Logitech Inc.)
S1 ljkhoawh; C:\Windows\system32\drivers\ljkhoawh.sys [55168 2017-02-21] (Microsoft Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [772336 2015-08-27] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3126032 2016-06-23] (Realtek Semiconductor Corp.)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
S3 TRIXX; C:\Users\Safire\AppData\Local\Temp\TRIXX.sys [27008 2017-01-31] () <==== ATTENTION
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WinRing0_1_2_0; C:\Users\Safire\Desktop\ThrottleStop_600\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)
R3 WirelessButtonDriver64; C:\Windows\system32\DRIVERS\WirelessButtonDriver64.sys [31656 2016-04-14] (HP)
S3 GPU-Z; \??\C:\Users\Safire\AppData\Local\Temp\GPU-Z.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-21 22:23 - 2017-02-21 22:24 - 00020395 _____ C:\Users\Safire\Desktop\FRST.txt
2017-02-21 21:41 - 2017-02-21 21:41 - 00095044 _____ C:\Users\Safire\Desktop\sdsadasdasdasdasd.webp
2017-02-21 21:41 - 2017-02-21 21:41 - 00095044 _____ C:\Users\Safire\Desktop\dasdasdasdasd.webp
2017-02-21 21:36 - 2017-02-21 21:36 - 00234434 _____ C:\Users\Safire\Downloads\New Recording.m4a
2017-02-21 21:36 - 2017-02-21 21:36 - 00234434 _____ C:\Users\Safire\Desktop\New Recording.m4a
2017-02-21 10:13 - 2017-02-21 10:47 - 00000000 ____D C:\Users\Safire\Downloads\Before.the.Flood.2016.DOCU.1080p.WEBRip.x264.DD5.1-FGT
2017-02-21 09:54 - 2017-02-21 09:54 - 00003354 _____ C:\Windows\System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel
2017-02-21 09:54 - 2017-02-21 09:54 - 00000000 ____D C:\Users\Safire\AppData\Roaming\WinSnare
2017-02-21 09:54 - 2017-02-21 09:54 - 00000000 ____D C:\Users\Safire\AppData\Roaming\WinSAPSvc
2017-02-21 09:54 - 2017-02-21 09:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ
2017-02-21 09:54 - 2017-02-21 09:54 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.1.3)
2017-02-21 09:54 - 2017-02-21 09:54 - 00000000 ____D C:\Program Files (x86)\BikaQRssReader
2017-02-21 09:53 - 2017-02-21 09:54 - 00003672 _____ C:\Windows\System32\Tasks\Milimili
2017-02-21 09:53 - 2017-02-21 09:54 - 00000000 ____D C:\Program Files (x86)\MIO
2017-02-21 09:52 - 2017-02-21 09:52 - 00055168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ljkhoawh.sys
2017-02-21 09:49 - 2017-02-21 09:49 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
2017-02-21 09:49 - 2017-02-21 09:49 - 00000000 ____D C:\Program Files (x86)\jebnkuvk
2017-02-20 21:14 - 2017-02-20 21:55 - 2546251059 _____ C:\Users\Safire\Downloads\Wallpaper.Engine.Workshop.Pack.4.rar
2017-02-20 20:55 - 2017-02-20 21:04 - 906304620 _____ C:\Users\Safire\Downloads\Wallpaper.Engine.Workshop.Pack.2 (1).rar
2017-02-20 20:34 - 2017-02-20 20:45 - 906304620 _____ C:\Users\Safire\Downloads\Wallpaper.Engine.Workshop.Pack.2.rar
2017-02-20 20:24 - 2017-02-20 20:29 - 574809207 _____ C:\Users\Safire\Downloads\Wallpaper.Engine.gottx.Workshop.rar
2017-02-20 20:13 - 2017-02-20 20:17 - 00000000 ____D C:\AdwCleaner
2017-02-20 20:13 - 2017-02-20 20:12 - 04015056 _____ C:\Users\Safire\Desktop\adwcleaner_6.043.exe
2017-02-20 20:12 - 2017-02-20 20:12 - 04015056 _____ C:\Users\Safire\Downloads\adwcleaner_6.043.exe
2017-02-20 18:01 - 2017-02-21 22:23 - 00000000 ____D C:\FRST
2017-02-20 18:01 - 2017-02-20 18:01 - 02422784 _____ (Farbar) C:\Users\Safire\Downloads\FRST64.exe
2017-02-20 18:01 - 2017-02-20 18:01 - 02422784 _____ (Farbar) C:\Users\Safire\Desktop\FRST64.exe
2017-02-20 17:57 - 2017-02-20 17:57 - 00112640 _____ (forum.viry.cz) C:\Users\Safire\Downloads\FRSTLauncher (2).exe
2017-02-20 17:43 - 2017-02-20 17:43 - 00112640 _____ (forum.viry.cz) C:\Users\Safire\Downloads\Nepotvrdené 392475.crdownload
2017-02-20 17:42 - 2017-02-20 18:00 - 00029696 _____ C:\Users\Safire\AppData\Local\MSGBOX.EXE
2017-02-20 17:42 - 2017-02-20 17:42 - 00112640 _____ (forum.viry.cz) C:\Users\Safire\Downloads\FRSTLauncher (1).exe
2017-02-20 17:42 - 2017-02-20 17:42 - 00112640 _____ (forum.viry.cz) C:\Users\Safire\Desktop\FRSTLauncher.exe
2017-02-20 17:33 - 2017-02-21 09:52 - 00000000 ____D C:\Program Files\Y6T6BFBSH9
2017-02-20 17:31 - 2017-02-20 17:31 - 00000000 ____D C:\Program Files\4IDBK0B7IX
2017-02-20 17:30 - 2017-02-21 09:49 - 00000000 ____D C:\Program Files (x86)\Atepudomarlerward
2017-02-20 17:30 - 2017-02-20 17:30 - 00000000 ____D C:\Users\Safire\AppData\Roaming\Paceghvoqs
2017-02-20 17:29 - 2017-02-21 22:18 - 00001577 _____ C:\Users\Safire\Desktop\Google Chrome.lnk
2017-02-20 17:28 - 2017-02-20 17:31 - 00000000 ____D C:\Users\Safire\AppData\Local\Fomtion
2017-02-20 17:28 - 2017-02-20 17:28 - 00000258 __RSH C:\Users\Safire\ntuser.pol
2017-02-20 17:27 - 2017-02-20 17:28 - 00000000 ____D C:\Program Files\L9H6Y29HWJ
2017-02-20 17:23 - 2017-02-20 17:23 - 00000000 ____D C:\Program Files\B961C8CGOU
2017-02-20 17:22 - 2017-02-20 17:30 - 00000000 ____D C:\Program Files (x86)\PubHotspot
2017-02-20 17:22 - 2017-02-20 17:22 - 00000000 ____D C:\Program Files\40SGV55LUE
2017-02-20 17:21 - 2017-02-20 17:22 - 00000000 ____D C:\Users\Safire\AppData\Local\Grusert
2017-02-20 17:21 - 2017-02-20 17:22 - 00000000 ____D C:\Program Files\8VG3U2BWP7
2017-02-20 17:21 - 2017-02-20 17:22 - 00000000 ____D C:\Program Files (x86)\Divosh
2017-02-20 17:21 - 2017-02-20 17:21 - 00006028 _____ C:\Windows\System32\Tasks\Nimasy Engine
2017-02-20 17:21 - 2017-02-20 17:21 - 00005122 _____ C:\Windows\System32\Tasks\Kokock
2017-02-20 17:21 - 2017-02-20 17:21 - 00000000 ____D C:\Users\Public\Thunder Network
2017-02-20 17:21 - 2017-02-20 17:21 - 00000000 ____D C:\ProgramData\Thunder Network
2017-02-20 17:21 - 2017-02-20 17:21 - 00000000 ____D C:\Program Files (x86)\Nimasy Engine
2017-02-20 17:20 - 2017-02-20 17:20 - 01703936 _____ C:\Users\Safire\Downloads\Wallpaper_Engine_Build_1_0_562.iso
2017-02-20 17:20 - 2017-02-20 17:20 - 01703936 _____ C:\Users\Safire\Downloads\Wallpaper_Engine_Build_1_0_562 (2).iso
2017-02-20 17:20 - 2017-02-20 17:20 - 01703936 _____ C:\Users\Safire\Downloads\Wallpaper_Engine_Build_1_0_562 (1).iso
2017-02-20 17:10 - 2017-02-20 17:10 - 00321484 _____ C:\Users\Safire\Downloads\1eb150662091390fa69ef9a7640fda6b.mp4
2017-02-20 14:31 - 2017-02-20 14:32 - 220727043 ____R C:\Users\Safire\Downloads\wallpaper_engine.rar
2017-02-20 11:28 - 2017-02-20 11:49 - 00000000 ____D C:\Users\Safire\Downloads\From [ WWW.TORRENTING.ME ] - The.Walking.Dead.S07E10.720p.HDTV.x264-AVS
2017-02-17 13:49 - 2017-02-17 13:49 - 06337024 _____ C:\Users\Safire\Downloads\CIT_final_nove (1).ppt
2017-02-17 13:29 - 2017-02-17 13:29 - 00000200 _____ C:\Users\Safire\Desktop\Sid Meier's Civilization V.url
2017-02-17 11:40 - 2017-02-17 11:40 - 02536455 _____ C:\Users\Safire\Downloads\levoca-februar-2014.pdf
2017-02-16 21:31 - 2017-02-16 21:32 - 01435813 _____ C:\Users\Safire\Downloads\4Q16_PT_ENG (1).pdf
2017-02-16 21:29 - 2017-02-16 21:29 - 01435813 _____ C:\Users\Safire\Downloads\4Q16_PT_ENG.pdf
2017-02-16 16:58 - 2017-02-17 12:08 - 00000000 ____D C:\Users\Safire\Downloads\Vikings.S04E20.The.Reckoning.1080p.WEB-DL.DD5.1.H.264-DRACULA[ettv]
2017-02-16 16:58 - 2017-02-17 10:05 - 00000000 ____D C:\Users\Safire\Downloads\From [ WWW.TORRENTING.ME ] - Vikings.S04E19.720p.HDTV.x264-SVA
2017-02-16 16:58 - 2017-02-16 21:48 - 00000000 ____D C:\Users\Safire\Downloads\Vikings.S04E18.720p.WEB-DL.DD5.1.H264-LiGaS
2017-02-16 16:57 - 2017-02-16 17:22 - 00000000 ____D C:\Users\Safire\Downloads\From [ WWW.TORRENTING.ME ] - Vikings.S04E17.720p.HDTV.x264-SVA
2017-02-16 13:05 - 2017-02-16 13:05 - 00000000 ____D C:\Users\Safire\Documents\Elder Scrolls Online
2017-02-16 13:05 - 2017-02-16 13:05 - 00000000 ____D C:\ProgramData\Elder Scrolls Online
2017-02-16 11:52 - 2017-02-16 11:52 - 00000000 ____D C:\Users\Safire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online
2017-02-16 11:51 - 2017-02-16 11:52 - 00000000 ___HD C:\Program Files (x86)\Zero G Registry
2017-02-16 11:51 - 2017-02-16 11:52 - 00000000 ____D C:\Windows\jre
2017-02-16 11:51 - 2017-02-16 11:51 - 00000000 ___HD C:\Users\Safire\InstallAnywhere
2017-02-15 15:54 - 2017-02-15 15:54 - 06337024 _____ C:\Users\Safire\Downloads\CIT_final_nove.ppt
2017-02-15 15:31 - 2017-02-15 15:31 - 01449723 _____ C:\Users\Safire\Downloads\zaverecna_prace.pdf
2017-02-15 15:31 - 2017-02-15 15:31 - 00489040 _____ C:\Users\Safire\Downloads\226_Zateplovanie_budov.pdf
2017-02-13 19:41 - 2017-02-13 19:43 - 00000000 ____D C:\Users\Safire\Downloads\From [ WWW.TORRENTING.ME ] - The.Walking.Dead.S07E09.720p.HDTV.x264-AVS
2017-02-13 15:04 - 2017-02-13 15:04 - 01674807 _____ C:\Users\Safire\Downloads\BE2D31DF2BE5431DA8296E5EBB5F7E60.pdf
2017-02-13 15:04 - 2017-02-13 15:04 - 01674807 _____ C:\Users\Safire\Desktop\BE2D31DF2BE5431DA8296E5EBB5F7E60.pdf
2017-02-13 14:29 - 2017-02-13 19:43 - 00000000 ____D C:\Users\Safire\Downloads\Vikings.S04E02.720p.HDTV.x264-KILLERS[ettv]
2017-02-13 14:29 - 2017-02-13 17:34 - 00000000 ____D C:\Users\Safire\Downloads\Vikings.S04E01.720p.HDTV.x264-KILLERS[ettv]
2017-02-13 11:50 - 2017-02-13 11:50 - 00115443 _____ C:\Users\Safire\Downloads\Hudák_Riadenie kvality v doprave.pptx
2017-02-13 09:13 - 2017-02-13 09:13 - 00261632 _____ C:\Users\Safire\Downloads\rozpocet__ocu_2016-2018_z.xls
2017-02-13 09:11 - 2017-02-13 09:11 - 00192000 _____ C:\Users\Safire\Downloads\navrh_rozpocet_2017-2019.xls
2017-02-12 22:27 - 2017-02-12 22:28 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-02-12 22:27 - 2017-02-12 22:27 - 00001112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-02-12 22:27 - 2017-02-12 22:27 - 00001100 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-02-12 22:27 - 2017-02-12 22:27 - 00000000 ____D C:\Users\Safire\AppData\Roaming\TeamViewer
2017-02-12 22:25 - 2017-02-12 22:26 - 12973136 _____ (TeamViewer GmbH) C:\Users\Safire\Downloads\TeamViewer_Setup_sk.exe
2017-02-11 19:01 - 2017-02-11 19:01 - 00030225 _____ C:\Users\Safire\Downloads\Keanu (2016) [720p] [YTS.AG].torrent
2017-02-11 19:01 - 2017-02-11 19:01 - 00000000 ____D C:\Users\Safire\Downloads\The Escort (2015) [YTS.AG]
2017-02-11 19:01 - 2017-02-11 19:01 - 00000000 ____D C:\Users\Safire\Downloads\Keanu (2016) [YTS.AG]
2017-02-11 18:59 - 2017-02-11 18:59 - 00026115 _____ C:\Users\Safire\Downloads\The Escort (2015) [720p] [YTS.AG].torrent
2017-02-11 11:50 - 2017-02-11 11:50 - 00000162 ____H C:\Users\Safire\Desktop\~$ke_word_2013_sk.dotx
2017-02-10 20:30 - 2017-02-11 19:09 - 00000000 ____D C:\Users\Safire\Downloads\Hacksaw Ridge (2016) [1080p] [YTS.AG]
2017-02-10 20:30 - 2017-02-10 20:30 - 00022412 _____ C:\Users\Safire\Downloads\Hacksaw Ridge (2016) [1080p] [YTS.AG].torrent
2017-02-09 17:29 - 2017-02-09 17:29 - 00663521 _____ C:\Users\Safire\Downloads\LED Control Module 2.pdf
2017-02-09 17:29 - 2017-02-09 17:29 - 00542351 _____ C:\Users\Safire\Downloads\LED Control Module.pdf
2017-02-07 10:12 - 2017-02-07 10:12 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-02-06 22:06 - 2017-02-06 22:29 - 00000000 ____D C:\Users\Safire\Downloads\Police Squad! - 1982 TV Comedy (Basis for Naked Gun Movies)
2017-02-06 22:06 - 2017-02-06 22:06 - 00000000 ____D C:\Users\Safire\Downloads\Police Squad! - Original 1982 Naked Gun TV Series [Complete]
2017-02-06 18:26 - 2017-02-06 18:27 - 08197518 _____ C:\Users\Safire\Downloads\GBR_20161020.zip
2017-02-06 13:56 - 2017-02-07 15:02 - 00000000 ____D C:\Users\Safire\Downloads\Vikings Season 2 1080p
2017-02-04 20:35 - 2017-02-04 20:35 - 00000000 ____D C:\Users\Safire\Downloads\Jack Reacher Never Go Back (2016) [1080p] [YTS.AG]
2017-02-04 20:34 - 2017-02-04 20:34 - 00037578 _____ C:\Users\Safire\Downloads\Jack Reacher- Never Go Back (2016) [1080p] [YTS.AG].torrent
2017-02-04 18:18 - 2017-02-04 18:18 - 07934872 _____ C:\Users\Safire\Downloads\ŠO (1).rar
2017-02-04 18:13 - 2017-02-04 18:14 - 07934872 _____ C:\Users\Safire\Downloads\ŠO.rar
2017-02-04 14:41 - 2017-02-04 15:05 - 1399619684 _____ C:\Users\Safire\Downloads\SK_MIB1_411_MHIG_EU_SK_K1552_pwd (1).rar
2017-02-04 12:03 - 2017-02-04 12:03 - 05545384 _____ C:\Users\Safire\Downloads\Maintenance.pdf
2017-02-03 19:37 - 2017-02-21 10:13 - 00000000 ____D C:\Users\Safire\AppData\LocalLow\uTorrent
2017-02-03 18:59 - 2017-02-03 19:00 - 00000000 ____D C:\Users\Safire\Downloads\Inferno (2016) [1080p] [YTS.AG]
2017-02-03 18:58 - 2017-02-03 18:58 - 00000000 ____D C:\Users\Safire\Downloads\Inferno 2016 1080p WEB-DL x264 AC3-JYK
2017-02-03 15:13 - 2017-02-03 15:14 - 00000000 ____D C:\Users\Safire\Desktop\New folder (3)
2017-02-02 20:17 - 2017-02-02 20:17 - 00000000 ____D C:\ProgramData\IsolatedStorage
2017-01-30 18:27 - 2017-01-30 18:33 - 00000000 ____D C:\Users\Safire\Desktop\New folder (2)
2017-01-30 18:25 - 2017-01-30 18:30 - 00000000 ____D C:\Users\Safire\Desktop\New folder
2017-01-28 16:35 - 2017-01-28 16:41 - 00000000 ____D C:\Users\Safire\Downloads\Gone Girl (2014)
2017-01-27 17:12 - 2017-01-27 17:15 - 43232825 _____ C:\Users\Safire\Downloads\Malindzak.rar
2017-01-26 15:20 - 2017-01-26 15:20 - 00000000 _____ C:\Windows\ativpsrm.bin
2017-01-26 14:39 - 2017-01-26 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2017-01-26 14:37 - 2017-01-26 15:20 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-01-26 14:25 - 2017-01-26 14:25 - 00004292 _____ C:\Windows\System32\Tasks\AMD Updater
2017-01-25 20:35 - 2017-01-25 20:35 - 00255488 _____ C:\Users\Safire\Downloads\sablona.dot
2017-01-25 19:30 - 2017-01-25 19:30 - 00990425 _____ C:\Users\Safire\Downloads\Bitcoin-Kryptografická-mena-Bitcoin---Bakalárska-práca.pdf
2017-01-25 15:22 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-01-25 15:22 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-01-23 18:05 - 2017-01-23 18:05 - 04145320 _____ C:\Users\Safire\Downloads\Jozef-Iskra--Bakalárska-práca.pdf
2017-01-22 13:03 - 2017-01-22 13:03 - 00000000 ____D C:\ProgramData\Steam

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-21 22:18 - 2016-10-15 16:16 - 00001589 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-21 21:30 - 2016-10-26 22:28 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-21 21:30 - 2016-10-16 15:09 - 00000000 __SHD C:\Users\Safire\IntelGraphicsProfiles
2017-02-21 17:42 - 2016-10-15 17:36 - 00000000 ____D C:\Users\Safire\AppData\Roaming\uTorrent
2017-02-21 17:04 - 2016-10-16 18:51 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-21 09:47 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\LiveKernelReports
2017-02-20 20:22 - 2016-10-15 15:27 - 01162554 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-20 20:18 - 2016-10-16 15:12 - 00000000 ____D C:\ProgramData\Validity
2017-02-20 20:18 - 2016-10-16 15:06 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-02-20 20:18 - 2016-10-15 15:07 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-20 20:18 - 2016-07-16 07:04 - 00262144 _____ C:\Windows\system32\config\BBI
2017-02-20 19:48 - 2016-10-15 15:07 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-02-20 17:47 - 2016-10-15 15:32 - 00000000 ____D C:\Users\Safire
2017-02-20 17:25 - 2016-10-15 15:06 - 00224936 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-20 17:21 - 2016-10-22 10:37 - 00002184 __RSH C:\ProgramData\ntuser.pol
2017-02-20 17:21 - 2016-07-16 12:47 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-02-20 17:20 - 2016-10-16 13:15 - 00000000 ____D C:\Users\Safire\AppData\Roaming\DAEMON Tools Lite
2017-02-19 19:03 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\AppReadiness
2017-02-18 11:29 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-17 13:50 - 2016-10-15 15:32 - 00000000 ____D C:\Users\Safire\AppData\Local\Packages
2017-02-16 22:20 - 2016-10-15 16:28 - 00000000 ____D C:\Users\Safire\AppData\Local\Battle.net
2017-02-07 11:14 - 2016-12-02 13:07 - 00000000 ____D C:\Users\Safire\Downloads\Subs
2017-02-07 10:12 - 2016-07-16 12:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-02-07 10:12 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-02-07 10:11 - 2016-10-16 15:10 - 00000000 ____D C:\Program Files\Microsoft Office
2017-02-05 12:32 - 2016-12-28 12:18 - 00000000 ____D C:\Program Files\AMD
2017-02-02 20:20 - 2016-10-23 19:33 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2017-02-02 20:20 - 2016-07-16 12:45 - 00000000 ____D C:\Windows\INF
2017-01-31 21:28 - 2016-12-30 13:29 - 00000000 ____D C:\Program Files\Acrylic Wi-Fi Home
2017-01-31 21:28 - 2016-11-28 19:01 - 00000000 ____D C:\Users\Safire\AppData\Roaming\Acrylic Wi-Fi Home
2017-01-31 21:27 - 2016-10-26 23:47 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-01-31 21:27 - 2016-10-15 15:35 - 00000000 ___RD C:\Users\Safire\OneDrive
2017-01-27 17:14 - 2016-12-28 23:59 - 00000000 ____D C:\Users\Safire\Desktop\BAKALARKA
2017-01-27 11:26 - 2017-01-12 15:44 - 00000000 ____D C:\Users\Safire\Desktop\Skúška_DLP
2017-01-26 21:52 - 2016-10-25 18:56 - 00000000 ____D C:\Users\Safire\Desktop\Vyska
2017-01-26 14:39 - 2016-12-25 13:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard
2017-01-26 14:38 - 2016-10-26 23:33 - 00000000 ____D C:\Program Files (x86)\AMD
2017-01-26 14:24 - 2016-12-28 12:20 - 00000000 ____D C:\Users\Safire\AppData\Local\AMD
2017-01-26 14:06 - 2016-11-06 16:05 - 00000000 ____D C:\AMD
2017-01-25 16:04 - 2016-07-16 12:36 - 00000000 ____D C:\Windows\CbsTemp
2017-01-25 00:13 - 2016-11-07 22:08 - 00000000 ____D C:\Program Files (x86)\SpeedFan

==================== Files in the root of some directories =======

2017-02-20 17:42 - 2017-02-20 18:00 - 0029696 _____ () C:\Users\Safire\AppData\Local\MSGBOX.EXE
2016-10-16 23:15 - 2016-11-29 18:08 - 0007597 _____ () C:\Users\Safire\AppData\Local\Resmon.ResmonCfg
2016-11-27 16:56 - 2016-12-17 15:37 - 0001498 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
2017-02-20 17:22 - 2017-02-20 17:22 - 0501318 _____ (Leading2Apps ) C:\Users\Safire\AppData\Local\Temp\97IHV8D.exe
2017-02-20 17:21 - 2017-02-20 17:21 - 2315388 _____ ( ) C:\Users\Safire\AppData\Local\Temp\AutoTime51495.exe
2017-02-05 12:31 - 2017-02-05 12:31 - 0103384 _____ (AMD Inc.) C:\Users\Safire\AppData\Local\Temp\CIMManifest.exe
2017-02-20 17:21 - 2017-02-20 17:21 - 0528175 _____ ( ) C:\Users\Safire\AppData\Local\Temp\global_installer.exe
2017-02-20 17:30 - 2017-02-20 17:30 - 0257024 _____ (U) C:\Users\Safire\AppData\Local\Temp\GOKALMFCICCW.exe
2017-02-20 17:21 - 2017-02-20 17:21 - 0129024 _____ () C:\Users\Safire\AppData\Local\Temp\load.exe
2017-02-20 17:21 - 2017-02-20 17:21 - 0734208 _____ (TIto's) C:\Users\Safire\AppData\Local\Temp\Setup.exe
2017-02-20 17:21 - 2017-02-20 17:21 - 2984392 _____ () C:\Users\Safire\AppData\Local\Temp\sys32.exe
2017-02-20 17:21 - 2017-02-20 17:21 - 1755887 _____ () C:\Users\Safire\AppData\Local\Temp\yt.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-19 19:14

==================== End of FRST.txt ============================

Re: Malware v pc

Napsal: 22 úno 2017 18:32
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\Run: [51fa5df9-73ee-4efa-96ac-853c6418a27f] => C:\Program Files\8VG3U2BWP7\8VG3U2BWP.exe [370176 2017-02-20] (IAS33000000000000)
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\Run: [b2956951-fab2-487d-ac0d-16138d77c2d2] => C:\Program Files\40SGV55LUE\SWICAKXEY.exe [370176 2017-02-20] (IAS33000000000000)
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\Run: [baad9cf4-d497-405b-8736-78c7780c3422] => C:\Program Files\L9H6Y29HWJ\L9H6Y29HW.exe [370176 2017-02-20] (IAS33000000000000)
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\Run: [18c294f5-8b2b-415f-a903-553cccbe3aad] => C:\Program Files\4IDBK0B7IX\732D05FC5.exe [370176 2017-02-20] (IAS33000000000000)
C:\Program Files\8VG3U2BWP7
C:\Program Files\40SGV55LUE
C:\Program Files\L9H6Y29HWJ
C:\Program Files\4IDBK0B7IX
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\MountPoints2: {b4011332-93a8-11e6-a064-c5b9bf7a5324} - "H:\setup.exe"
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\MountPoints2: {b60a08b8-9cff-11e6-a08a-a4db30d8d363} - "F:\LaunchU3.exe" -a
IFEO\SppExtComObj.exe: [Debugger] SppExtComObjPatcher.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR StartupUrls: ChromeDefaultData2 -> "hxxp://www.youndoo.com/?z=46817d47ee5f418369f8 ... EX&type=hp"
CHR Profile: C:\Users\Safire\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2017-02-21] <==== ATTENTION
S1 ljkhoawh; C:\Windows\system32\drivers\ljkhoawh.sys [55168 2017-02-21] (Microsoft Corporation)
C:\Program Files\Y6T6BFBSH9
C:\Program Files (x86)\PubHotspot
C:\Users\Safire\AppData\Local\Temp


EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Malware v pc

Napsal: 22 úno 2017 21:42
od safire
nech sa paci, a mam este jeden problem, stale ked zapnem chrome tak mi vyskoci okno a hodi ma to na niejaku stranku ktoru nemam ani ako domovsku ani ako predvolenu pri otvarani noveho okna.
http://imgur.com/NUbaI5y
neviete cim to moze byt ? skusal som preinstalovat chrome a nepomohlo



-

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-02-2017 01
Ran by Safire (22-02-2017 21:18:15) Run:1
Running from C:\Users\Safire\Desktop
Loaded Profiles: Safire (Available Profiles: defaultuser0 & Safire)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\Run: [51fa5df9-73ee-4efa-96ac-853c6418a27f] => C:\Program Files\8VG3U2BWP7\8VG3U2BWP.exe [370176 2017-02-20] (IAS33000000000000)
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\Run: [b2956951-fab2-487d-ac0d-16138d77c2d2] => C:\Program Files\40SGV55LUE\SWICAKXEY.exe [370176 2017-02-20] (IAS33000000000000)
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\Run: [baad9cf4-d497-405b-8736-78c7780c3422] => C:\Program Files\L9H6Y29HWJ\L9H6Y29HW.exe [370176 2017-02-20] (IAS33000000000000)
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\Run: [18c294f5-8b2b-415f-a903-553cccbe3aad] => C:\Program Files\4IDBK0B7IX\732D05FC5.exe [370176 2017-02-20] (IAS33000000000000)
C:\Program Files\8VG3U2BWP7
C:\Program Files\40SGV55LUE
C:\Program Files\L9H6Y29HWJ
C:\Program Files\4IDBK0B7IX
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\MountPoints2: {b4011332-93a8-11e6-a064-c5b9bf7a5324} - "H:\setup.exe"
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\...\MountPoints2: {b60a08b8-9cff-11e6-a08a-a4db30d8d363} - "F:\LaunchU3.exe" -a
IFEO\SppExtComObj.exe: [Debugger] SppExtComObjPatcher.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR StartupUrls: ChromeDefaultData2 -> "hxxp://www.youndoo.com/?z=46817d47ee5f418369f8 ... EX&type=hp"
CHR Profile: C:\Users\Safire\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2017-02-21] <==== ATTENTION
S1 ljkhoawh; C:\Windows\system32\drivers\ljkhoawh.sys [55168 2017-02-21] (Microsoft Corporation)
C:\Program Files\Y6T6BFBSH9
C:\Program Files (x86)\PubHotspot
C:\Users\Safire\AppData\Local\Temp


EmptyTemp:
End
*****************

HKU\S-1-5-21-639167727-1611962213-2014225226-1001\Software\Microsoft\Windows\CurrentVersion\Run\\51fa5df9-73ee-4efa-96ac-853c6418a27f => value removed successfully
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\Software\Microsoft\Windows\CurrentVersion\Run\\b2956951-fab2-487d-ac0d-16138d77c2d2 => value removed successfully
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\Software\Microsoft\Windows\CurrentVersion\Run\\baad9cf4-d497-405b-8736-78c7780c3422 => value removed successfully
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\Software\Microsoft\Windows\CurrentVersion\Run\\18c294f5-8b2b-415f-a903-553cccbe3aad => value removed successfully
C:\Program Files\8VG3U2BWP7 => moved successfully
C:\Program Files\40SGV55LUE => moved successfully
C:\Program Files\L9H6Y29HWJ => moved successfully
C:\Program Files\4IDBK0B7IX => moved successfully
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b4011332-93a8-11e6-a064-c5b9bf7a5324} => key removed successfully
HKCR\CLSID\{b4011332-93a8-11e6-a064-c5b9bf7a5324} => key not found.
HKU\S-1-5-21-639167727-1611962213-2014225226-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b60a08b8-9cff-11e6-a08a-a4db30d8d363} => key removed successfully
HKCR\CLSID\{b60a08b8-9cff-11e6-a08a-a4db30d8d363} => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SppExtComObj.exe => key removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
Chrome StartupUrls => removed successfully
C:\Users\Safire\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 => moved successfully
HKLM\System\CurrentControlSet\Services\ljkhoawh => key removed successfully
ljkhoawh => service removed successfully
C:\Program Files\Y6T6BFBSH9 => moved successfully
C:\Program Files (x86)\PubHotspot => moved successfully

"C:\Users\Safire\AppData\Local\Temp" folder move:

Could not move "C:\Users\Safire\AppData\Local\Temp" => Scheduled to move on reboot.


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 30885463 B
Java, Flash, Steam htmlcache => 698431728 B
Windows/system/drivers => 8866668 B
Edge => 525 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 12674 B
defaultuser0 => 128 B
Safire => 1016709662 B

RecycleBin => 0 B
EmptyTemp: => 1.6 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 22-02-2017 21:22:14)

C:\Users\Safire\AppData\Local\Temp => moved successfully

==== End of Fixlog 21:22:17 ====

Re: Malware v pc

Napsal: 22 úno 2017 22:12
od Rudy
Smazáno. Nastala nějaká změna?

Re: Malware v pc

Napsal: 24 úno 2017 14:45
od safire
nenastala, stale mi to vyhadzuje ten error a presmeruvava na stranku qtipr.com :/

Re: Malware v pc

Napsal: 24 úno 2017 17:46
od Rudy
Zkuste ještě tyto skeny:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;





Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz