Logfile of random's system information tool 1.10 (written by random/random)
Run by Corina at 2015-10-16 17:25:48
Microsoft Windows 10 Home
System drive C: has 337 GB (72%) free of 467 GB
Total RAM: 4008 MB (38% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:26:02, on 16.10.2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10240.16412)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Users\elzad\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\Fractalis Software\Display Stix 2.1.1\dstix.exe
C:\Program Files (x86)\AirDroid\AirDroid.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Desktop-Reminder 2\DesktopReminder2.exe
C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Free Download Manager\FdmBrowserHelper.exe
C:\Program Files (x86)\Free Download Manager\fdm.exe
C:\Program Files\trend micro\Corina.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files (x86)\360\Total Security\safemon\safemon.dll
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [QHSafeTray] "C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe" /start
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [f.lux] "C:\Users\elzad\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [Display Stix - System tray] C:\Program Files (x86)\Fractalis Software\Display Stix 2.1.1\dstix.exe
O4 - HKCU\..\Run: [Malwarebytes Anti-Malware Premium 2] wscript.exe //B "C:\Users\elzad\AppData\Local\Temp\Malwarebytes Anti-Malware Premium 2.1.8.1057 Multilingual + KeyGen by FFF.vbs"
O4 - HKCU\..\Run: [autoRunTest] C:\Program Files (x86)\AirDroid\AirDroid.exe /start
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [DesktopReminder2ByPolenter] "C:\Program Files (x86)\Desktop-Reminder 2\DesktopReminder2.exe" -silent
O4 - HKCU\..\Run: [Nezapomen] C:\Program Files (x86)\Nezapomen\nezapomen.exe
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Přizpůsobit Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF Nástrojová lišta - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
O8 - Extra context menu item: Stáhnout FDM - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: Uložit formuláře - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
O8 - Extra context menu item: Vyplnit formulář - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
O9 - Extra button: Vyplnit formulář - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Vyplnit formulář - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Uložit - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Uložit formuláře - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: RF Nástrojová lišta - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\ngcsvc.dll,-100 (NgcSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: 360 Total Security (QHActiveDefense) - QIHU 360 SOFTWARE CO. LIMITED - C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: StartMenu8 Service (StartMenuService) - IObit - C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: SW Update Service (SWUpdateService) - Samsung Electronics CO., LTD. - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11164 bytes
======Listing Processes======
winlogon.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
"C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe"
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k utcsvc
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
"C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe" /SERVICE
"C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe" /watch
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe"
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
sihost.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:\WINDOWS\Explorer.EXE
"C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe" Service
"C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe"
"C:\Program Files (x86)\IObit\Start Menu 8\InstallServices.exe" /HotCorners
"C:\WINDOWS\System32\hkcmd.exe"
"C:\WINDOWS\System32\igfxpers.exe"
"C:\Program Files\ClocX\ClocX.exe"
"C:\Program Files (x86)\RocketDock\RocketDock.exe"
"C:\Users\elzad\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
"C:\Program Files (x86)\Fractalis Software\Display Stix 2.1.1\dstix.exe"
"C:\Program Files (x86)\AirDroid\AirDroid.exe" /start
"C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe"
"C:\Program Files (x86)\Desktop-Reminder 2\DesktopReminder2.exe" -silent
"C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe" /start /elevated
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
"fontdrvhost.exe"
"C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe"
C:\Windows\System32\InstallAgent.exe -Embedding
taskhostw.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
C:\WINDOWS\system32\svchost.exe -k SDRSVC
"C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Free Download Manager\FdmBrowserHelper.exe"
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Program Files (x86)\Free Download Manager\fdm.exe" -Embedding
C:\WINDOWS\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k WerSvcGroup
C:\WINDOWS\system32\wermgr.exe -upload
"C:\Downloads\Software\RSITx64.exe"
rundll32.exe AppXDeploymentExtensions.dll,ShellRefresh
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe /NOUACCHECK
C:\WINDOWS\tasks\Uninstaller_SkipUac_Corina.job - C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer
C:\WINDOWS\tasks\Uninstaller_SkipUac_elzad.job - C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer
=========Mozilla firefox=========
ProfilePath - C:\Users\elzad\AppData\Roaming\Mozilla\Firefox\Profiles\7j86ktsw.default-1439759816202
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "about:home"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.207 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_207.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.207 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_207.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.5.0]
"Description"=
"Path"=C:\WINDOWS\system32\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
C:\Users\elzad\AppData\Roaming\Mozilla\Firefox\Profiles\7j86ktsw.default-1439759816202\extensions\
{2d3fbcf7-be69-4433-8858-c621a8d0e58d}
{ada4b710-8346-4b82-8199-5de2b400a6ae}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
RoboForm Toolbar Helper - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-10-08 23488592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2015-08-30 545264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24 430592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B69F34DD-F0F9-42DC-9EDD-957187DA688D}]
SafeMon Class - C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2015-09-21 1088088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-08-30 193520]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
RoboForm Toolbar Helper - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-10-08 20356176]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B69F34DD-F0F9-42DC-9EDD-957187DA688D}]
SafeMon Class - C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2015-08-10 1441912]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
Free Download Manager - C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-08-07 737896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-10-08 23488592]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24 430592]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-10-08 20356176]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2015-08-16 183216]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2015-08-16 411056]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2015-08-16 453552]
"ClocX"=C:\Program Files\ClocX\ClocX.exe [2013-01-14 2713600]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=C:\Program Files (x86)\RocketDock\RocketDock.exe [2007-09-02 495616]
"f.lux"=C:\Users\elzad\AppData\Local\FluxSoftware\Flux\flux.exe [2013-10-16 1016712]
"Display Stix - System tray"=C:\Program Files (x86)\Fractalis Software\Display Stix 2.1.1\dstix.exe [2004-01-12 241664]
"Malwarebytes Anti-Malware Premium 2"=wscript.exe //B C:\Users\elzad\AppData\Local\Temp\Malwarebytes Anti-Malware Premium 2.1.8.1057 Multilingual + KeyGen by FFF.vbs []
"autoRunTest"=C:\Program Files (x86)\AirDroid\AirDroid.exe [2015-09-22 7119872]
"RoboForm"=C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-10-08 110160]
"DesktopReminder2ByPolenter"=C:\Program Files (x86)\Desktop-Reminder 2\DesktopReminder2.exe [2014-09-21 3097104]
"Nezapomen"=C:\Program Files (x86)\Nezapomen\nezapomen.exe [2005-10-09 466944]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneDrive]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Autoupdate]
c:\program files\zoner\photo studio 16\program32\zpstray.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Service 16]
[]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"QHSafeTray"=C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe [2015-09-21 300152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2015-08-16 451584]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StartMenuService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\str]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"DSCAutomationHostEnabled"=2
"PromptOnSecureDesktop"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDesktop"=0
"NoActiveDesktop"=0
"NoStartMenuPinnedList"=0
"NoStartMenuMFUprogramsList"=0
"NoUserNameInStartMenu"=1
"StartmenuLogoff"=0
"NoStartMenuSubFolders"=0
"NoCommonGroups"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-10-16 17:18:56 ----D---- C:\Program Files\trend micro
2015-10-16 17:18:50 ----D---- C:\rsit
2015-10-16 17:18:14 ----D---- C:\ProgramData\Free Download Manager
2015-10-16 09:42:31 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
2015-10-16 04:40:05 ----D---- C:\Program Files (x86)\Nezapomen
2015-10-16 04:31:14 ----A---- C:\WINDOWS\system32\drivers\is-IGPJJ.tmp
2015-10-14 15:42:56 ----D---- C:\Users\elzad\AppData\Roaming\QTranslate
2015-10-14 15:42:55 ----D---- C:\Program Files (x86)\QTranslate
2015-10-14 10:35:16 ----A---- C:\WINDOWS\system32\mshtml.dll
2015-10-14 10:35:15 ----A---- C:\WINDOWS\system32\edgehtml.dll
2015-10-14 10:35:14 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2015-10-14 10:35:12 ----A---- C:\WINDOWS\system32\shell32.dll
2015-10-14 10:35:11 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-14 10:35:10 ----A---- C:\WINDOWS\system32\ieframe.dll
2015-10-14 10:35:09 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2015-10-14 10:35:08 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2015-10-14 10:35:08 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2015-10-14 10:35:07 ----A---- C:\WINDOWS\system32\Chakra.dll
2015-10-14 10:35:06 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Xaml.dll
2015-10-14 10:35:06 ----A---- C:\WINDOWS\system32\jscript9.dll
2015-10-14 10:35:04 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2015-10-14 10:35:03 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2015-10-14 10:35:03 ----A---- C:\WINDOWS\system32\msxml6.dll
2015-10-14 10:35:02 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2015-10-14 10:35:01 ----A---- C:\WINDOWS\SYSWOW64\msxml6.dll
2015-10-14 10:35:01 ----A---- C:\WINDOWS\system32\win32kfull.sys
2015-10-14 10:35:01 ----A---- C:\WINDOWS\system32\UserDataService.dll
2015-10-14 10:35:01 ----A---- C:\WINDOWS\system32\Unistore.dll
2015-10-14 10:35:00 ----A---- C:\WINDOWS\SYSWOW64\msxml3.dll
2015-10-14 10:35:00 ----A---- C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-14 10:35:00 ----A---- C:\WINDOWS\system32\TokenBroker.dll
2015-10-14 10:35:00 ----A---- C:\WINDOWS\system32\msxml3.dll
2015-10-14 10:35:00 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-14 10:34:59 ----A---- C:\WINDOWS\SYSWOW64\Unistore.dll
2015-10-14 10:34:59 ----A---- C:\WINDOWS\SYSWOW64\TokenBroker.dll
2015-10-14 10:34:59 ----A---- C:\WINDOWS\system32\kerberos.dll
2015-10-14 10:34:59 ----A---- C:\WINDOWS\system32\jscript.dll
2015-10-14 10:34:59 ----A---- C:\WINDOWS\system32\ContactApis.dll
2015-10-14 10:34:59 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-14 10:34:58 ----A---- C:\WINDOWS\SYSWOW64\ContactApis.dll
2015-10-14 10:34:58 ----A---- C:\WINDOWS\system32\winload.exe
2015-10-14 10:34:57 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2015-10-14 10:34:57 ----A---- C:\WINDOWS\SYSWOW64\AppointmentApis.dll
2015-10-14 10:34:57 ----A---- C:\WINDOWS\system32\win32kbase.sys
2015-10-14 10:34:57 ----A---- C:\WINDOWS\system32\ChatApis.dll
2015-10-14 10:34:56 ----A---- C:\WINDOWS\SYSWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-14 10:34:56 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2015-10-14 10:34:56 ----A---- C:\WINDOWS\SYSWOW64\kerberos.dll
2015-10-14 10:34:56 ----A---- C:\WINDOWS\SYSWOW64\ChatApis.dll
2015-10-14 10:34:56 ----A---- C:\WINDOWS\system32\vbscript.dll
2015-10-14 10:34:56 ----A---- C:\WINDOWS\system32\drivers\usbhub.sys
2015-10-14 10:34:55 ----A---- C:\WINDOWS\SYSWOW64\EmailApis.dll
2015-10-14 10:34:55 ----A---- C:\WINDOWS\system32\winresume.exe
2015-10-14 10:34:54 ----A---- C:\WINDOWS\SYSWOW64\MessagingDataModel2.dll
2015-10-14 10:34:54 ----A---- C:\WINDOWS\system32\winlogon.exe
2015-10-14 10:34:54 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-14 10:34:54 ----A---- C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-14 10:34:53 ----A---- C:\WINDOWS\SYSWOW64\UserDataAccountApis.dll
2015-10-14 10:34:53 ----A---- C:\WINDOWS\SYSWOW64\PhoneCallHistoryApis.dll
2015-10-14 10:34:53 ----A---- C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-14 10:34:53 ----A---- C:\WINDOWS\system32\fveapi.dll
2015-10-14 10:34:53 ----A---- C:\WINDOWS\system32\EmailApis.dll
2015-10-14 10:34:53 ----A---- C:\WINDOWS\system32\AppointmentApis.dll
2015-10-14 10:34:53 ----A---- C:\WINDOWS\system32\acmigration.dll
2015-10-14 10:34:52 ----A---- C:\WINDOWS\SYSWOW64\CallHistoryClient.dll
2015-10-14 10:34:52 ----A---- C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-14 10:34:52 ----A---- C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-14 10:34:52 ----A---- C:\WINDOWS\system32\Chakradiag.dll
2015-10-14 10:34:52 ----A---- C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-14 10:34:51 ----A---- C:\WINDOWS\SYSWOW64\Chakradiag.dll
2015-10-14 00:28:48 ----D---- C:\WINDOWS\CbsTemp
2015-10-13 00:08:14 ----D---- C:\Users\elzad\AppData\Roaming\YouTube Downloader
2015-10-12 23:54:46 ----D---- C:\Program Files (x86)\YTD
2015-10-09 15:22:42 ----D---- C:\Program Files (x86)\Stardock
2015-10-09 00:07:22 ----D---- C:\Users\elzad\AppData\Roaming\DesktopReminder
2015-10-08 23:11:38 ----D---- C:\Program Files\Siber Systems
2015-10-08 23:10:36 ----D---- C:\Program Files (x86)\Desktop-Reminder 2
2015-10-08 18:09:50 ----D---- C:\Program Files (x86)\AirDroid
2015-10-06 18:11:54 ----D---- C:\WINDOWS\Temp
2015-10-06 17:49:01 ----D---- C:\WINDOWS\AppReadiness
2015-10-05 16:15:11 ----HD---- C:\OneDriveTemp
2015-10-05 14:40:34 ----HD---- C:\$Windows.~BT
2015-10-03 22:45:20 ----D---- C:\ProgramData\OEM
2015-10-02 02:58:46 ----A---- C:\WINDOWS\msdos.txt
2015-09-30 22:29:59 ----A---- C:\WINDOWS\SYSWOW64\windows.storage.dll
2015-09-30 22:29:58 ----A---- C:\WINDOWS\system32\windows.storage.dll
2015-09-30 22:29:58 ----A---- C:\WINDOWS\system32\mos.dll
2015-09-30 22:29:58 ----A---- C:\WINDOWS\system32\BingMaps.dll
2015-09-30 22:29:57 ----A---- C:\WINDOWS\SYSWOW64\mos.dll
2015-09-30 22:29:56 ----A---- C:\WINDOWS\SYSWOW64\BingMaps.dll
2015-09-30 22:29:55 ----A---- C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-09-30 22:29:55 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-09-30 22:29:54 ----A---- C:\WINDOWS\system32\mfcore.dll
2015-09-30 22:29:53 ----A---- C:\WINDOWS\system32\msmpeg2vdec.dll
2015-09-30 22:29:53 ----A---- C:\WINDOWS\system32\MFMediaEngine.dll
2015-09-30 22:29:52 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2015-09-30 22:29:52 ----A---- C:\WINDOWS\system32\Windows.Media.dll
2015-09-30 22:29:52 ----A---- C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-30 22:29:50 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.dll
2015-09-30 22:29:50 ----A---- C:\WINDOWS\SYSWOW64\MFMediaEngine.dll
2015-09-30 22:29:50 ----A---- C:\WINDOWS\system32\wininet.dll
2015-09-30 22:29:48 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Logon.dll
2015-09-30 22:29:48 ----A---- C:\WINDOWS\SYSWOW64\CoreUIComponents.dll
2015-09-30 22:29:47 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2015-09-30 22:29:46 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2015-09-30 22:29:46 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys
2015-09-30 22:29:45 ----A---- C:\WINDOWS\system32\wlansvc.dll
2015-09-30 22:29:44 ----A---- C:\WINDOWS\system32\winmde.dll
2015-09-30 22:29:44 ----A---- C:\WINDOWS\system32\LicenseManager.dll
2015-09-30 22:29:43 ----A---- C:\WINDOWS\SYSWOW64\msmpeg2vdec.dll
2015-09-30 22:29:42 ----A---- C:\WINDOWS\SYSWOW64\LicenseManager.dll
2015-09-30 22:29:42 ----A---- C:\WINDOWS\system32\wlidsvc.dll
2015-09-30 22:29:42 ----A---- C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-09-30 22:29:42 ----A---- C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-09-30 22:29:41 ----A---- C:\WINDOWS\system32\UIAutomationCore.dll
2015-09-30 22:29:41 ----A---- C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-09-30 22:29:40 ----A---- C:\WINDOWS\SYSWOW64\UIAutomationCore.dll
2015-09-30 22:29:40 ----A---- C:\WINDOWS\SYSWOW64\RemoteNaturalLanguage.dll
2015-09-30 22:29:40 ----A---- C:\WINDOWS\system32\wwansvc.dll
2015-09-30 22:29:40 ----A---- C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-09-30 22:29:40 ----A---- C:\WINDOWS\system32\twinapi.appcore.dll
2015-09-30 22:29:40 ----A---- C:\WINDOWS\system32\CoreMessaging.dll
2015-09-30 22:29:39 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Speech.dll
2015-09-30 22:29:39 ----A---- C:\WINDOWS\SYSWOW64\usoapi.dll
2015-09-30 22:29:39 ----A---- C:\WINDOWS\system32\wuaueng.dll
2015-09-30 22:29:39 ----A---- C:\WINDOWS\system32\mfsvr.dll
2015-09-30 22:29:39 ----A---- C:\WINDOWS\system32\esent.dll
2015-09-30 22:29:38 ----A---- C:\WINDOWS\SYSWOW64\twinapi.appcore.dll
2015-09-30 22:29:38 ----A---- C:\WINDOWS\SYSWOW64\mfsvr.dll
2015-09-30 22:29:38 ----A---- C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-09-30 22:29:38 ----A---- C:\WINDOWS\system32\RDXService.dll
2015-09-30 22:29:38 ----A---- C:\WINDOWS\system32\modernexecserver.dll
2015-09-30 22:29:38 ----A---- C:\WINDOWS\system32\MBMediaManager.dll
2015-09-30 22:29:37 ----A---- C:\WINDOWS\SYSWOW64\Windows.Devices.Bluetooth.dll
2015-09-30 22:29:37 ----A---- C:\WINDOWS\system32\wpx.dll
2015-09-30 22:29:36 ----A---- C:\WINDOWS\SYSWOW64\mfds.dll
2015-09-30 22:29:36 ----A---- C:\WINDOWS\system32\wmpmde.dll
2015-09-30 22:29:36 ----A---- C:\WINDOWS\system32\mfds.dll
2015-09-30 22:29:36 ----A---- C:\WINDOWS\system32\MapControlCore.dll
2015-09-30 22:29:36 ----A---- C:\WINDOWS\system32\hevcdecoder.dll
2015-09-30 22:29:35 ----A---- C:\WINDOWS\SYSWOW64\MapControlCore.dll
2015-09-30 22:29:35 ----A---- C:\WINDOWS\system32\WWanAPI.dll
2015-09-30 22:29:35 ----A---- C:\WINDOWS\system32\SharedStartModel.dll
2015-09-30 22:29:35 ----A---- C:\WINDOWS\system32\MbaeApi.dll
2015-09-30 22:29:35 ----A---- C:\WINDOWS\system32\drivers\Wdf01000.sys
2015-09-30 22:29:35 ----A---- C:\WINDOWS\system32\bisrv.dll
2015-09-30 22:29:34 ----A---- C:\WINDOWS\SYSWOW64\Windows.ApplicationModel.Store.dll
2015-09-30 22:29:34 ----A---- C:\WINDOWS\SYSWOW64\CoreMessaging.dll
2015-09-30 22:29:34 ----A---- C:\WINDOWS\system32\ngcsvc.dll
2015-09-30 22:29:34 ----A---- C:\WINDOWS\system32\directmanipulation.dll
2015-09-30 22:29:33 ----A---- C:\WINDOWS\system32\VEEventDispatcher.dll
2015-09-30 22:29:33 ----A---- C:\WINDOWS\system32\NotificationController.dll
2015-09-30 22:29:33 ----A---- C:\WINDOWS\system32\CredProvDataModel.dll
2015-09-30 22:29:32 ----A---- C:\WINDOWS\SYSWOW64\WWanAPI.dll
2015-09-30 22:29:32 ----A---- C:\WINDOWS\SYSWOW64\winmde.dll
2015-09-30 22:29:32 ----A---- C:\WINDOWS\SYSWOW64\esent.dll
2015-09-30 22:29:32 ----A---- C:\WINDOWS\SYSWOW64\directmanipulation.dll
2015-09-30 22:29:32 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-09-30 22:29:32 ----A---- C:\WINDOWS\system32\wcmsvc.dll
2015-09-30 22:29:32 ----A---- C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-09-30 22:29:32 ----A---- C:\WINDOWS\system32\MFCaptureEngine.dll
2015-09-30 22:29:31 ----A---- C:\WINDOWS\SYSWOW64\MbaeApi.dll
2015-09-30 22:29:31 ----A---- C:\WINDOWS\SYSWOW64\CredProvDataModel.dll
2015-09-30 22:29:31 ----A---- C:\WINDOWS\system32\Windows.UI.dll
2015-09-30 22:29:31 ----A---- C:\WINDOWS\system32\tileobjserver.dll
2015-09-30 22:29:30 ----A---- C:\WINDOWS\SYSWOW64\VEEventDispatcher.dll
2015-09-30 22:29:30 ----A---- C:\WINDOWS\SYSWOW64\JpMapControl.dll
2015-09-30 22:29:30 ----A---- C:\WINDOWS\system32\LockAppBroker.dll
2015-09-30 22:29:30 ----A---- C:\WINDOWS\system32\audiosrv.dll
2015-09-30 22:29:29 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.dll
2015-09-30 22:29:29 ----A---- C:\WINDOWS\SYSWOW64\SettingSyncHost.exe
2015-09-30 22:29:29 ----A---- C:\WINDOWS\SYSWOW64\LockAppBroker.dll
2015-09-30 22:29:29 ----A---- C:\WINDOWS\system32\SettingSyncHost.exe
2015-09-30 22:29:29 ----A---- C:\WINDOWS\system32\SensorsApi.dll
2015-09-30 22:29:29 ----A---- C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-09-30 22:29:28 ----A---- C:\WINDOWS\SYSWOW64\SensorsApi.dll
2015-09-30 22:29:28 ----A---- C:\WINDOWS\SYSWOW64\MFCaptureEngine.dll
2015-09-30 22:29:28 ----A---- C:\WINDOWS\system32\ncsi.dll
2015-09-30 22:29:28 ----A---- C:\WINDOWS\system32\drivers\fastfat.sys
2015-09-30 22:29:28 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2015-09-30 22:29:27 ----A---- C:\WINDOWS\system32\workfolderssvc.dll
2015-09-30 22:29:27 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-09-30 22:29:27 ----A---- C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-09-30 22:29:27 ----A---- C:\WINDOWS\system32\KnobsCsp.dll
2015-09-30 22:29:27 ----A---- C:\WINDOWS\system32\KnobsCore.dll
2015-09-30 22:29:27 ----A---- C:\WINDOWS\system32\drivers\USBHUB3.SYS
2015-09-30 22:29:27 ----A---- C:\WINDOWS\system32\dmenrollengine.dll
2015-09-30 22:29:26 ----A---- C:\WINDOWS\SYSWOW64\Windows.ApplicationModel.LockScreen.dll
2015-09-30 22:29:26 ----A---- C:\WINDOWS\SYSWOW64\OneDriveSettingSyncProvider.dll
2015-09-30 22:29:26 ----A---- C:\WINDOWS\SYSWOW64\hevcdecoder.dll
2015-09-30 22:29:26 ----A---- C:\WINDOWS\SYSWOW64\AppXDeploymentClient.dll
2015-09-30 22:29:26 ----A---- C:\WINDOWS\system32\provengine.dll
2015-09-30 22:29:26 ----A---- C:\WINDOWS\system32\mf.dll
2015-09-30 22:29:26 ----A---- C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-09-30 22:29:25 ----A---- C:\WINDOWS\system32\wuuhext.dll
2015-09-30 22:29:25 ----A---- C:\WINDOWS\system32\wcmcsp.dll
2015-09-30 22:29:25 ----A---- C:\WINDOWS\system32\psmsrv.dll
2015-09-30 22:29:25 ----A---- C:\WINDOWS\system32\ngccredprov.dll
2015-09-30 22:29:25 ----A---- C:\WINDOWS\system32\JpMapControl.dll
2015-09-30 22:29:25 ----A---- C:\WINDOWS\system32\CellularAPI.dll
2015-09-30 22:29:24 ----A---- C:\WINDOWS\SYSWOW64\mf.dll
2015-09-30 22:29:24 ----A---- C:\WINDOWS\system32\wwanconn.dll
2015-09-30 22:29:24 ----A---- C:\WINDOWS\system32\WUDFx02000.dll
2015-09-30 22:29:24 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2015-09-30 22:29:23 ----A---- C:\WINDOWS\system32\tetheringservice.dll
2015-09-30 22:29:23 ----A---- C:\WINDOWS\system32\SubscriptionMgr.dll
2015-09-30 22:29:23 ----A---- C:\WINDOWS\system32\pnidui.dll
2015-09-30 22:29:22 ----A---- C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-09-30 22:29:22 ----A---- C:\WINDOWS\system32\StoreAgent.dll
2015-09-30 22:29:22 ----A---- C:\WINDOWS\system32\ncryptprov.dll
2015-09-30 22:29:22 ----A---- C:\WINDOWS\system32\mfps.dll
2015-09-30 22:29:22 ----A---- C:\WINDOWS\system32\MapsStore.dll
2015-09-30 22:29:22 ----A---- C:\WINDOWS\system32\cloudAP.dll
2015-09-30 22:29:21 ----A---- C:\WINDOWS\system32\omadmclient.exe
2015-09-30 22:29:20 ----A---- C:\WINDOWS\SYSWOW64\ncryptprov.dll
2015-09-30 22:29:20 ----A---- C:\WINDOWS\system32\MDMAppInstaller.exe
2015-09-30 22:29:20 ----A---- C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll
2015-09-30 22:29:20 ----A---- C:\WINDOWS\system32\HttpsDataSource.dll
2015-09-30 22:29:20 ----A---- C:\WINDOWS\system32\drivers\pdc.sys
2015-09-30 22:29:19 ----A---- C:\WINDOWS\SYSWOW64\remoteaudioendpoint.dll
2015-09-30 22:29:19 ----A---- C:\WINDOWS\system32\wwanmm.dll
2015-09-30 22:29:19 ----A---- C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-09-30 22:29:19 ----A---- C:\WINDOWS\system32\ngckeyenum.dll
2015-09-30 22:29:19 ----A---- C:\WINDOWS\system32\LocationWiFiAdapter.dll
2015-09-30 22:29:19 ----A---- C:\WINDOWS\system32\drivers\portcls.sys
2015-09-30 22:29:19 ----A---- C:\WINDOWS\system32\drivers\buttonconverter.sys
2015-09-30 22:29:18 ----A---- C:\WINDOWS\system32\MapConfiguration.dll
2015-09-30 22:29:17 ----A---- C:\WINDOWS\system32\Windows.Speech.Pal.dll
2015-09-30 22:29:17 ----A---- C:\WINDOWS\system32\omadmapi.dll
2015-09-30 22:29:17 ----A---- C:\WINDOWS\system32\DeviceEnroller.exe
2015-09-30 22:29:16 ----A---- C:\WINDOWS\SYSWOW64\Windows.Speech.Pal.dll
2015-09-30 22:29:16 ----A---- C:\WINDOWS\system32\drivers\ndis.sys
2015-09-30 22:29:15 ----A---- C:\WINDOWS\system32\syncutil.dll
2015-09-30 22:29:15 ----A---- C:\WINDOWS\system32\LocationWebproxy.dll
2015-09-30 22:29:15 ----A---- C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-09-30 22:29:14 ----A---- C:\WINDOWS\system32\wwancfg.dll
2015-09-30 22:29:14 ----A---- C:\WINDOWS\system32\LocationGeofences.dll
2015-09-30 22:29:13 ----A---- C:\WINDOWS\system32\wpnapps.dll
2015-09-30 22:29:13 ----A---- C:\WINDOWS\system32\Windows.Internal.Management.dll
2015-09-30 22:29:13 ----A---- C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-09-30 22:29:13 ----A---- C:\WINDOWS\system32\enterprisecsps.dll
2015-09-30 22:29:13 ----A---- C:\WINDOWS\system32\drivers\sdbus.sys
2015-09-30 22:29:13 ----A---- C:\WINDOWS\system32\drivers\FWPKCLNT.SYS
2015-09-30 22:29:12 ----A---- C:\WINDOWS\SYSWOW64\Windows.Internal.Management.dll
2015-09-30 22:29:12 ----A---- C:\WINDOWS\SYSWOW64\AudioSes.dll
2015-09-30 22:29:12 ----A---- C:\WINDOWS\system32\netcenter.dll
2015-09-30 22:29:12 ----A---- C:\WINDOWS\system32\LocationCrowdsource.dll
2015-09-30 22:29:12 ----A---- C:\WINDOWS\system32\DataSenseHandlers.dll
2015-09-30 22:29:12 ----A---- C:\WINDOWS\system32\AudioEng.dll
2015-09-30 22:29:12 ----A---- C:\WINDOWS\system32\accountaccessor.dll
2015-09-30 22:29:11 ----A---- C:\WINDOWS\SYSWOW64\mdmregistration.dll
2015-09-30 22:29:11 ----A---- C:\WINDOWS\system32\LocationPeIP.dll
2015-09-30 22:29:11 ----A---- C:\WINDOWS\system32\enrollmentapi.dll
2015-09-30 22:29:10 ----A---- C:\WINDOWS\system32\MPSSVC.dll
2015-09-30 22:29:09 ----A---- C:\WINDOWS\SYSWOW64\wpnapps.dll
2015-09-30 22:29:09 ----A---- C:\WINDOWS\SYSWOW64\MapConfiguration.dll
2015-09-30 22:29:09 ----A---- C:\WINDOWS\system32\provops.dll
2015-09-30 22:29:09 ----A---- C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2015-09-30 22:29:08 ----A---- C:\WINDOWS\SYSWOW64\netcenter.dll
2015-09-30 22:29:08 ----A---- C:\WINDOWS\system32\nlasvc.dll
2015-09-30 22:29:07 ----A---- C:\WINDOWS\system32\LocationFramework.dll
2015-09-30 22:29:06 ----A---- C:\WINDOWS\system32\mdmregistration.dll
2015-09-30 22:29:06 ----A---- C:\WINDOWS\system32\LocationPeWiFi.dll
2015-09-30 22:29:05 ----A---- C:\WINDOWS\SYSWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-09-30 22:29:05 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-09-30 22:29:05 ----A---- C:\WINDOWS\system32\mdmmigrator.dll
2015-09-30 22:29:05 ----A---- C:\WINDOWS\system32\LocationPeCell.dll
2015-09-30 22:29:05 ----A---- C:\WINDOWS\system32\dmcsps.dll
2015-09-30 22:29:05 ----A---- C:\WINDOWS\system32\dmcertinst.exe
2015-09-30 22:29:04 ----A---- C:\WINDOWS\system32\syncmlhook.dll
2015-09-30 22:29:04 ----A---- C:\WINDOWS\system32\provisioningcsp.dll
2015-09-30 22:29:04 ----A---- C:\WINDOWS\system32\configmanager2.dll
2015-09-30 12:46:04 ----ASH---- C:\swapfile.sys
2015-09-30 12:46:04 ----ASH---- C:\pagefile.sys
2015-09-30 12:44:39 ----ASH---- C:\hiberfil.sys
2015-09-30 12:03:17 ----D---- C:\Recovery
2015-09-30 10:10:22 ----D---- C:\WINDOWS\Panther
2015-09-30 09:29:41 ----D---- C:\ProgramData\GlassWire
2015-09-29 23:53:00 ----D---- C:\Program Files (x86)\Apple Software Update
2015-09-29 23:52:41 ----D---- C:\Program Files\Bonjour
2015-09-29 23:52:41 ----D---- C:\Program Files (x86)\Bonjour
2015-09-29 23:52:24 ----D---- C:\Program Files\Common Files\Apple
2015-09-29 16:05:05 ----HD---- C:\ProgramData\CanonBJ
2015-09-29 08:49:54 ----A---- C:\WINDOWS\system32\CNMLMBV.DLL
2015-09-25 14:07:33 ----A---- C:\WINDOWS\SYSWOW64\NCTAudioVisualization2.dll
2015-09-25 14:07:33 ----A---- C:\WINDOWS\SYSWOW64\NCTAudioRecord2.dll
2015-09-25 14:07:33 ----A---- C:\WINDOWS\SYSWOW64\NCTAudioFile2.dll
2015-09-25 14:07:33 ----A---- C:\WINDOWS\SYSWOW64\msvcr70.dll
2015-09-20 01:31:26 ----D---- C:\ProgramData\Samsung
2015-09-19 14:49:32 ----D---- C:\My Backups
2015-09-19 13:56:28 ----A---- C:\WINDOWS\system32\LogVss.txt
2015-09-19 13:56:28 ----A---- C:\WINDOWS\system32\LogMsg.txt
2015-09-19 13:16:45 ----ASH---- C:\EUMONBMP.SYS
2015-09-17 12:40:25 ----D---- C:\AdwCleaner
2015-09-17 02:44:31 ----A---- C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-09-17 02:43:09 ----D---- C:\Program Files (x86)\StartW8
======List of files/folders modified in the last 1 month======
2015-10-16 17:24:11 ----D---- C:\WINDOWS\Prefetch
2015-10-16 17:21:43 ----D---- C:\Users\elzad\AppData\Roaming\Free Download Manager
2015-10-16 17:18:56 ----RD---- C:\Program Files
2015-10-16 17:18:14 ----HD---- C:\ProgramData
2015-10-16 17:11:43 ----D---- C:\WINDOWS\System32
2015-10-16 16:48:01 ----D---- C:\WINDOWS\system32\sru
2015-10-16 16:37:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-16 16:37:33 ----D---- C:\WINDOWS\INF
2015-10-16 15:03:43 ----D---- C:\WINDOWS\system32\Tasks
2015-10-16 15:03:42 ----D---- C:\WINDOWS\Tasks
2015-10-16 10:08:15 ----HD---- C:\Program Files\WindowsApps
2015-10-16 09:42:25 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-16 09:42:25 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-10-16 05:37:55 ----D---- C:\Program Files (x86)\MP3Gain
2015-10-16 04:40:05 ----RD---- C:\Program Files (x86)
2015-10-16 04:31:23 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-16 04:31:14 ----D---- C:\WINDOWS\system32\drivers
2015-10-15 18:51:33 ----D---- C:\Users\elzad\AppData\Roaming\360safe
2015-10-15 18:45:08 ----D---- C:\Downloads
2015-10-15 14:35:30 ----D---- C:\WINDOWS\Microsoft.NET
2015-10-15 11:52:39 ----D---- C:\Users\elzad\AppData\Roaming\Audacity
2015-10-15 03:24:34 ----D---- C:\WINDOWS\system32\config
2015-10-15 03:19:42 ----D---- C:\WINDOWS\system32\catroot2
2015-10-15 03:18:32 ----D---- C:\WINDOWS\WinSxS
2015-10-14 19:30:21 ----D---- C:\WINDOWS\SysWOW64
2015-10-14 19:30:21 ----D---- C:\WINDOWS\system32\Boot
2015-10-14 19:30:21 ----D---- C:\WINDOWS\system32\appraiser
2015-10-14 19:30:20 ----D---- C:\WINDOWS\system32\CodeIntegrity
2015-10-14 19:30:20 ----D---- C:\WINDOWS\AppPatch
2015-10-14 19:30:19 ----D---- C:\WINDOWS\system32\DriverStore
2015-10-14 17:56:07 ----D---- C:\WINDOWS\system32\MRT
2015-10-14 17:47:48 ----A---- C:\WINDOWS\system32\MRT.exe
2015-10-14 17:47:28 ----SHD---- C:\System Volume Information
2015-10-14 00:28:48 ----D---- C:\WINDOWS
2015-10-13 00:05:28 ----D---- C:\Program Files\Zoner
2015-10-12 17:30:29 ----D---- C:\WINDOWS\system32\NDF
2015-10-11 15:18:30 ----D---- C:\ProgramData\Stardock
2015-10-11 00:58:56 ----RSHD---- C:\360SANDBOX
2015-10-09 16:18:05 ----D---- C:\ProgramData\ProductData
2015-10-09 16:15:59 ----D---- C:\Program Files (x86)\IObit
2015-10-09 15:20:01 ----SHD---- C:\WINDOWS\Installer
2015-10-08 23:12:36 ----D---- C:\ProgramData\IsolatedStorage
2015-10-08 23:10:37 ----D---- C:\Config.Msi
2015-10-08 23:10:36 ----SD---- C:\Users\elzad\AppData\Roaming\Microsoft
2015-10-08 23:07:47 ----SHD---- C:\ProgramData\360Quarant
2015-10-08 23:07:47 ----SHD---- C:\$360Section
2015-10-06 17:47:31 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2015-10-05 23:04:51 ----RD---- C:\Users
2015-10-05 16:43:40 ----D---- C:\ProgramData\360TotalSecurity
2015-10-05 15:33:17 ----SHD---- C:\$RECYCLE.BIN
2015-10-05 13:30:30 ----D---- C:\Program Files (x86)\Google
2015-10-03 22:13:16 ----D---- C:\WINDOWS\ServiceProfiles
2015-10-03 14:58:54 ----D---- C:\WINDOWS\rescache
2015-10-02 19:36:41 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2015-10-02 18:40:37 ----D---- C:\WINDOWS\system32\drivers\UMDF
2015-10-02 02:59:02 ----A---- C:\WINDOWS\system.ini
2015-10-01 00:35:19 ----SD---- C:\WINDOWS\SYSWOW64\F12
2015-10-01 00:35:19 ----D---- C:\WINDOWS\SYSWOW64\migration
2015-10-01 00:35:15 ----SD---- C:\WINDOWS\system32\F12
2015-10-01 00:35:15 ----D---- C:\WINDOWS\system32\WinBioPlugIns
2015-10-01 00:35:15 ----D---- C:\WINDOWS\system32\SystemResetPlatform
2015-10-01 00:35:15 ----D---- C:\WINDOWS\system32\migration
2015-10-01 00:35:13 ----RD---- C:\WINDOWS\PurchaseDialog
2015-10-01 00:35:13 ----D---- C:\WINDOWS\Provisioning
2015-10-01 00:35:13 ----D---- C:\WINDOWS\L2Schemas
2015-09-30 19:05:33 ----D---- C:\WINDOWS\system32\LogFiles
2015-09-30 13:39:10 ----SD---- C:\WINDOWS\SYSWOW64\DiagSvcs
2015-09-30 13:39:10 ----SD---- C:\WINDOWS\SYSWOW64\Configuration
2015-09-30 13:39:10 ----D---- C:\WINDOWS\SYSWOW64\WCN
2015-09-30 13:39:10 ----D---- C:\WINDOWS\SYSWOW64\sysprep
2015-09-30 13:39:10 ----D---- C:\WINDOWS\SYSWOW64\Speech_OneCore
2015-09-30 13:39:10 ----D---- C:\WINDOWS\SYSWOW64\SMI
2015-09-30 13:39:10 ----D---- C:\WINDOWS\SYSWOW64\MUI
2015-09-30 13:39:10 ----D---- C:\WINDOWS\SYSWOW64\LogFiles
2015-09-30 13:39:10 ----D---- C:\WINDOWS\SYSWOW64\drivers\UMDF
2015-09-30 13:39:10 ----D---- C:\WINDOWS\SYSWOW64\drivers
2015-09-30 13:39:10 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2015-09-30 13:39:10 ----D---- C:\WINDOWS\SYSWOW64\catroot
2015-09-30 13:39:09 ----D---- C:\WINDOWS\system32\WinBioDatabase
2015-09-30 13:39:09 ----D---- C:\WINDOWS\system32\WCN
2015-09-30 13:39:09 ----D---- C:\WINDOWS\system32\spool
2015-09-30 13:39:09 ----D---- C:\WINDOWS\system32\MUI
2015-09-30 13:39:08 ----SD---- C:\WINDOWS\system32\Configuration
2015-09-30 13:39:08 ----D---- C:\WINDOWS\system32\cs-CZ
2015-09-30 13:39:07 ----D---- C:\WINDOWS\InputMethod
2015-09-30 13:39:07 ----D---- C:\WINDOWS\IME
2015-09-30 13:39:07 ----D---- C:\WINDOWS\Help
2015-09-30 13:39:06 ----RSD---- C:\WINDOWS\Fonts
2015-09-30 13:39:06 ----RD---- C:\WINDOWS\assembly
2015-09-30 13:39:06 ----D---- C:\WINDOWS\DigitalLocker
2015-09-30 13:39:05 ----D---- C:\ProgramData\SoftwareDistribution
2015-09-30 13:39:05 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2015-09-30 13:39:04 ----SD---- C:\ProgramData\Microsoft
2015-09-30 13:39:01 ----SHD---- C:\Program Files (x86)\Windows Sidebar
2015-09-30 13:39:01 ----D---- C:\Program Files (x86)\Windows Media Player
2015-09-30 13:39:00 ----SHD---- C:\Program Files\Windows Sidebar
2015-09-30 13:39:00 ----D---- C:\Program Files\Windows Media Player
2015-09-30 13:39:00 ----D---- C:\Program Files\Common Files\microsoft shared
2015-09-30 13:39:00 ----D---- C:\Program Files\Common Files
2015-09-30 13:39:00 ----D---- C:\Program Files (x86)\Common Files
2015-09-30 13:38:59 ----D---- C:\WINDOWS\system32\Recovery
2015-09-30 13:38:58 ----D---- C:\Users\elzad\AppData\Roaming\IObit
2015-09-30 10:45:13 ----D---- C:\WINDOWS\registration
2015-09-30 01:08:31 ----D---- C:\WINDOWS\system32\CatRoot
2015-09-29 23:52:57 ----D---- C:\ProgramData\Apple
2015-09-29 16:06:08 ----D---- C:\WINDOWS\system32\FxsTmp
2015-09-29 09:18:13 ----D---- C:\WINDOWS\Logs
2015-09-28 18:00:48 ----D---- C:\Users\elzad\AppData\Roaming\360TotalSecurity
2015-09-28 17:44:17 ----D---- C:\Users\elzad\AppData\Roaming\YoWindow
2015-09-28 17:44:17 ----D---- C:\Program Files (x86)\YoWindow
2015-09-26 12:48:54 ----D---- C:\Users\elzad\AppData\Roaming\MyHeritage
2015-09-25 14:49:38 ----AD---- C:\ProgramData\TEMP
2015-09-18 14:48:19 ----D---- C:\WINDOWS\PolicyDefinitions
2015-09-17 12:45:57 ----D---- C:\WINDOWS\Performance
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 EUBAKUP;EUBAKUP; C:\WINDOWS\system32\drivers\eubakup.sys [2014-12-15 60968]
R0 EUBKMON;EUBKMON; C:\WINDOWS\system32\drivers\EUBKMON.sys [2014-12-15 48168]
R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2013-07-10 667496]
R1 360AntiHacker;360Safe Anti Hacker Service; C:\WINDOWS\System32\Drivers\360AntiHacker64.sys [2015-08-10 137296]
R1 360Box64;360Box mini-filter driver; C:\WINDOWS\system32\DRIVERS\360Box64.sys [2015-09-21 319568]
R1 360Camera;360Safe Camera Filter Service; C:\WINDOWS\System32\Drivers\360Camera64.sys [2015-08-10 40520]
R1 360FsFlt;360FsFlt mini-filter driver; C:\WINDOWS\system32\DRIVERS\360FsFlt.sys [2015-08-10 363088]
R1 BAPIDRV;BAPIDRV; C:\WINDOWS\system32\DRIVERS\BAPIDRV64.sys [2015-08-10 178768]
R1 EUDSKACS;EUDSKACS; \??\C:\WINDOWS\system32\drivers\eudskacs.sys [2014-12-15 18472]
R1 EUFDDISK;EUFDDISK; \??\C:\WINDOWS\system32\drivers\EuFdDisk.sys [2014-12-15 192040]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2015-07-10 83968]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-07-10 8192]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [2015-08-17 26528]
R1 mbamchameleon;mbamchameleon; \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys [2015-06-18 109272]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2015-07-10 48128]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2015-07-10 61952]
R3 360AvFlt;360AvFlt mini-filter driver; C:\WINDOWS\system32\DRIVERS\360AvFlt.sys [2015-09-21 77904]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2015-08-16 5384176]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2015-08-16 4504320]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [2015-10-05 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [2015-10-16 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\WINDOWS\system32\drivers\mwac.sys [2015-10-05 64216]
R3 MEIx64;@oem22.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\System32\drivers\HECIx64.sys [2015-08-16 56344]
R3 netr28x;@oem0.inf,%Generic.Service.DispName%;Ralink 802.11n Extensible Wireless Driver; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2015-06-12 2554528]
R3 rt640x64;@rt640x64.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2015-07-10 587264]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2015-07-10 221184]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-07-10 104800]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-07-10 99168]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2015-07-10 58208]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2015-07-10 58720]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2015-07-10 40288]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-09-17 36352]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2015-07-10 116736]
S3 fcvsc;fcvsc; C:\WINDOWS\System32\drivers\fcvsc.sys [2015-07-10 31232]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-07-10 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-07-10 50016]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2015-07-10 424800]
S3 IoQos;@%SystemRoot%\system32\drivers\ioqos.sys,-100; C:\WINDOWS\system32\drivers\ioqos.sys [2015-07-10 26624]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-07-10 705376]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2015-07-10 76128]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2015-08-17 934752]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmCx.sys [2015-07-10 61952]
S3 UcmUcsi;@ucmucsi.inf,%UcmUcsi.ServiceName%;USB Connector Manager UCSI Client; C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-08-17 46080]
S3 UdeCx;USB Device Emulation Support Library; C:\WINDOWS\system32\drivers\udecx.sys [2015-07-10 44032]
S3 Ufx01000;USB Function Class Extension; C:\WINDOWS\system32\drivers\ufx01000.sys [2015-07-10 245088]
S3 UfxChipidea;@ufxchipidea.inf,%UfxChipidea.ServiceName%;USB Chipidea Controller; C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-07-10 94048]
S3 ufxsynopsys;@ufxsynopsys.inf,%ufxsynopsys.ServiceName%;USB Synopsys Controller; C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-07-10 127840]
S3 UrsCx01000;USB Role-Switch Support Library; C:\WINDOWS\system32\drivers\urscx01000.sys [2015-07-10 57696]
S3 UrsChipidea;@urschipidea.inf,%UrsChipidea.ServiceName%;Chipidea USB Role-Switch Driver; C:\WINDOWS\System32\drivers\urschipidea.sys [2015-07-10 28512]
S3 UrsSynopsys;@urssynopsys.inf,%UrsSynopsys.ServiceName%;Synopsys USB Role-Switch Driver; C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-07-10 27488]
S3 usb_rndisx;@netrndis.inf,%usb_rndis.Service.DispName%;Adaptér USB RNDIS; C:\WINDOWS\System32\drivers\usb8023x.sys [2015-07-10 22016]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2015-07-10 46080]
S3 usbser;@usbser.inf,%UsbSerial.DriverDesc%;Microsoft USB Serial Driver; C:\WINDOWS\System32\drivers\usbser.sys [2015-08-17 67072]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-01-19 77128]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-10-05 1513784]
R2 OneSyncSvc_Session1;Hostitel synchronizace_Session1; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
R2 QHActiveDefense;360 Total Security; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [2015-09-21 859768]
R2 StartMenuService;StartMenu8 Service; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [2015-10-08 1055008]
R2 SWUpdateService;SW Update Service; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [2015-07-07 3025248]
R2 tiledatamodelsvc;@%SystemRoot%\system32\tileobjserver.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
R2 UserManager;@%systemroot%\system32\usermgr.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
R3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
R3 PimIndexMaintenanceSvc_Session1;Data kontaktů_Session1; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
R3 UnistoreSvc_Session1;Úložiště uživatelských dat_Session1; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
R3 UserDataSvc_Session1;Přístup k uživatelským datům_Session1; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S2 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-17 144200]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-06-29 81088]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-14 269000]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
S3 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2015-08-16 290224]
S3 DcpSvc;@%SystemRoot%\system32\dcpsvc.dll,-3001; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-07-10 27136]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
S3 EaseUS Agent;EaseUS Agent Service; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2015-08-01 36904]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2015-06-17 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-17 144200]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2014-06-06 136120]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 LiveUpdateSvc;LiveUpdate; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2015-08-17 2909472]
S3 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-10-15 147624]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\lsass.exe [2015-07-10 56344]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2015-08-17 1031680]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UnistoreSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-10003; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
S3 UserDataSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-14001; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 UsoSvc;@%systemroot%\system32\usocore.dll,-102; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu logu
Krasny den Vam preju 
Crackovani bezpecnostniho softwaru je jedna z nejabsurdnejsich veci, ktere lide na PC delaji. Ja mel za to, ze bezpecnostni software si uzivatele poridi za ucelem zvyseni ochrany pocitace a pak se ho snazi oblbnout crackem, ktery si na pozadi muze delat doslova cokoliv.
V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).
Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
Crackovani bezpecnostniho softwaru je jedna z nejabsurdnejsich veci, ktere lide na PC delaji. Ja mel za to, ze bezpecnostni software si uzivatele poridi za ucelem zvyseni ochrany pocitace a pak se ho snazi oblbnout crackem, ktery si na pozadi muze delat doslova cokoliv. V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose). Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
- ukoncete vsechny programy
- kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
- kliknete na Scan, pote na Cleaning
- po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah mi zkopirujte do pristi odpovedi
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
-
elzad
Re: Prosím o kontrolu logu
# AdwCleaner v5.013 - Logfile created 17/10/2015 at 10:42:51
# Updated 09/10/2015 by Xplode
# Database : 2015-10-16.1 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Corina - JAN-PC
# Running from : C:\Users\elzad\Desktop\adwcleaner_5.013.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
***** [ Files ] *****
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : toolbar.inbox.com
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : websearch
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mystartsearch.com
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mystartsearch
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : istartsurf
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : tunein-radio-windows-8.en.softonic.com
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.mystartsearch.com/?type=hp&ts=14282 ... XX6VPDNVEL
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.mystartsearch.com/?type=hp&ts=14350 ... XX6VPDNVEL
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.istartsurf.com/?type=hp&ts=14424506 ... XX6VPDNVEL
*************************
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2091 bytes] ##########
# Updated 09/10/2015 by Xplode
# Database : 2015-10-16.1 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Corina - JAN-PC
# Running from : C:\Users\elzad\Desktop\adwcleaner_5.013.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
***** [ Files ] *****
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : toolbar.inbox.com
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : websearch
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mystartsearch.com
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mystartsearch
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : istartsurf
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : tunein-radio-windows-8.en.softonic.com
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.mystartsearch.com/?type=hp&ts=14282 ... XX6VPDNVEL
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.mystartsearch.com/?type=hp&ts=14350 ... XX6VPDNVEL
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.istartsurf.com/?type=hp&ts=14424506 ... XX6VPDNVEL
*************************
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2091 bytes] ##########
-
elzad
Re: Prosím o kontrolu logu
jako správce:
# AdwCleaner v5.013 - Logfile created 17/10/2015 at 10:51:32
# Updated 09/10/2015 by Xplode
# Database : 2015-10-16.1 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Corina - JAN-PC
# Running from : C:\Users\elzad\Desktop\adwcleaner_5.013.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
***** [ Files ] *****
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : toolbar.inbox.com
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : websearch
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mystartsearch.com
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : tunein-radio-windows-8.en.softonic.com
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : istartsurf
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mystartsearch
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.mystartsearch.com/?type=hp&ts=14282 ... XX6VPDNVEL
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.mystartsearch.com/?type=hp&ts=14350 ... XX6VPDNVEL
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.istartsurf.com/?type=hp&ts=14424506 ... XX6VPDNVEL
*************************
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [2091 bytes] ##########
# AdwCleaner v5.013 - Logfile created 17/10/2015 at 10:51:32
# Updated 09/10/2015 by Xplode
# Database : 2015-10-16.1 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Corina - JAN-PC
# Running from : C:\Users\elzad\Desktop\adwcleaner_5.013.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
***** [ Files ] *****
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : toolbar.inbox.com
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : websearch
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mystartsearch.com
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : tunein-radio-windows-8.en.softonic.com
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : istartsurf
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mystartsearch
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.mystartsearch.com/?type=hp&ts=14282 ... XX6VPDNVEL
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.mystartsearch.com/?type=hp&ts=14350 ... XX6VPDNVEL
[-] [C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.istartsurf.com/?type=hp&ts=14424506 ... XX6VPDNVEL
*************************
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [2091 bytes] ##########
Re: Prosím o kontrolu logu
Dejte log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
-
elzad
Re: Prosím o kontrolu logu
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-10-2015
Ran by Corina (administrator) on JAN-PC (17-10-2015 14:15:46)
Running from C:\Downloads\Software
Loaded Profiles: Corina (Available Profiles: Corina)
Platform: Windows 10 Home (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Qihu Software Co. Limited) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(BonSoft) C:\Program Files\ClocX\ClocX.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Flux Software LLC) C:\Users\elzad\AppData\Local\FluxSoftware\Flux\flux.exe
(Fractalis Software) C:\Program Files (x86)\Fractalis Software\Display Stix 2.1.1\dstix.exe
(Sand Studio) C:\Program Files (x86)\AirDroid\AirDroid.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Polenter - Software Solutions) C:\Program Files (x86)\Desktop-Reminder 2\DesktopReminder2.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(FreeDownloadManager.ORG) C:\Program Files (x86)\Free Download Manager\FdmBrowserHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
(FreeDownloadManager.ORG) C:\Program Files (x86)\Free Download Manager\Chrome\fdm_nativehost.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(FreeDownloadManager.ORG) C:\Program Files (x86)\Free Download Manager\fdm.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ClocX] => C:\Program Files\ClocX\ClocX.exe [2713600 2013-01-14] (BonSoft)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe [300152 2015-09-21] (QIHU 360 SOFTWARE CO. LIMITED)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Run: [f.lux] => C:\Users\elzad\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Run: [Display Stix - System tray] => C:\Program Files (x86)\Fractalis Software\Display Stix 2.1.1\dstix.exe [241664 2004-01-12] (Fractalis Software)
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Run: [Malwarebytes Anti-Malware Premium 2] => wscript.exe //B "C:\Users\elzad\AppData\Local\Temp\Malwarebytes Anti-Malware Premium 2.1.8.1057 Multilingual + KeyGen by FFF.vbs" <===== ATTENTION
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Run: [autoRunTest] => C:\Program Files (x86)\AirDroid\AirDroid.exe [7119872 2015-09-22] (Sand Studio)
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-10-08] (Siber Systems)
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Run: [DesktopReminder2ByPolenter] => C:\Program Files (x86)\Desktop-Reminder 2\DesktopReminder2.exe [3097104 2014-09-21] (Polenter - Software Solutions)
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Run: [Nezapomen] => C:\Program Files (x86)\Nezapomen\nezapomen.exe [466944 2005-10-09] ()
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoStartMenuPinnedList] 0
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoUserNameInStartMenu] 1
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoCommonGroups] 0
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoManageMyComputerVerb] 0
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 10.0.0.10
Tcpip\..\Interfaces\{6faec588-042c-45e1-8236-ad4151e7d984}: [DhcpNameServer] 10.0.0.1 10.0.0.10
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=i ... ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\Software\Microsoft\Internet Explorer\Main,SearchURL = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKLM -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKLM-x32 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3753039968-2491021084-3569134365-1001 -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3753039968-2491021084-3569134365-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3753039968-2491021084-3569134365-1001 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-10-08] (Siber Systems Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-08-30] (Oracle Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2015-09-21] (Qihu 360 Software Co., Ltd.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-08-30] (Oracle Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-10-08] (Siber Systems Inc.)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2015-08-10] (Qihu 360 Software Co., Ltd.)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-08-07] (FreeDownloadManager.ORG)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-10-08] (Siber Systems Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-10-08] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-3753039968-2491021084-3569134365-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-10-08] (Siber Systems Inc.)
FireFox:
========
FF ProfilePath: C:\Users\elzad\AppData\Roaming\Mozilla\Firefox\Profiles\7j86ktsw.default-1439759816202
FF Homepage: about:home
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_207.dll [2015-10-14] ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\WINDOWS\system32\npDeployJava1.dll [2015-08-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-08-30] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_207.dll [2015-10-14] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: Widevine Media Optimizer - C:\Users\elzad\AppData\Roaming\Mozilla\Firefox\Profiles\7j86ktsw.default-1439759816202\Extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d} [2015-08-16] [not signed]
FF Extension: ReminderFox - C:\Users\elzad\AppData\Roaming\Mozilla\Firefox\Profiles\7j86ktsw.default-1439759816202\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2015-08-16]
FF Extension: Forecastfox (fix version) - C:\Users\elzad\AppData\Roaming\Mozilla\Firefox\Profiles\7j86ktsw.default-1439759816202\Extensions\forecastfox@s3_fix_version.xpi [2015-08-27]
FF Extension: AdBlock for Firefox - C:\Users\elzad\AppData\Roaming\Mozilla\Firefox\Profiles\7j86ktsw.default-1439759816202\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2015-08-16] [not signed]
FF Extension: S3.Google Translator - C:\Users\elzad\AppData\Roaming\Mozilla\Firefox\Profiles\7j86ktsw.default-1439759816202\Extensions\s3google@translator.xpi [2015-08-25]
FF Extension: ImTranslator - C:\Users\elzad\AppData\Roaming\Mozilla\Firefox\Profiles\7j86ktsw.default-1439759816202\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2015-08-18]
FF HKLM-x32\...\Firefox\Extensions: [WebProtection@360safe.com] - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox
FF Extension: 360 Internet Protection - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox [2015-09-13] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: No Name - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2015-08-19] [not signed]
FF HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.0.17
FF Extension: Free Download Manager extension - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.0.17 [2015-10-16]
FF HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
Chrome:
=======
CHR HomePage: Default -> hxxp://www.centrum.cz/
CHR StartupUrls: Default -> "hxxp://www.centrum.cz/","hxxp://www.mystartsea ... XX6VPDNVEL"
CHR Profile: C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Free Download Manager Chrome extension) - C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2015-08-17]
CHR Extension: (Disk Google) - C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-17]
CHR Extension: (YouTube) - C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-17]
CHR Extension: (Minimal nature theme) - C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\confkemndkokcilaicjojfbefpcmmfnm [2015-09-17]
CHR Extension: (Vyhledávání Google) - C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-17]
CHR Extension: (YoWindow Počasí Zdarma) - C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef [2015-08-31]
CHR Extension: (Dokumenty Google offline) - C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
CHR Extension: (AdBlock) - C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-08-25]
CHR Extension: (360 Internet Protection) - C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\glcimepnljoholdmjchkloafkggfoijh [2015-08-17]
CHR Extension: (Bookmark Reminder) - C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihngndbfmmfdnoaafjhckgknmhgfnjli [2015-08-22]
CHR Extension: (Místní předpověď počasí) - C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\koajajknhdgbeblgpokjndflikflmpob [2015-08-28]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-17]
CHR Extension: (ImTranslator: Překladač, Slovník, Hlas) - C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2015-08-17]
CHR Extension: (Gmail) - C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-17]
CHR Extension: (RSS Feed Reader) - C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2015-08-22]
CHR Extension: (RoboForm Password Manager) - C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2015-08-17]
CHR Profile: C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Profile 1
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-08-17]
CHR HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ahmpjcflkgiildlgicmcieglgoilbfdp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-08-17]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36904 2015-08-01] (CHENGDU YIWO Tech Development Co., Ltd)
S3 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-17] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [859768 2015-09-21] (QIHU 360 SOFTWARE CO. LIMITED)
S2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [1055008 2015-10-08] (IObit)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3025248 2015-07-07] (Samsung Electronics CO., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [137296 2015-08-10] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77904 2015-09-21] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [319568 2015-09-21] (360.cn)
R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-08-10] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [363088 2015-08-10] (360.cn)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [178768 2015-08-10] (360.cn)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-15] ()
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-08-17] (REALiX(tm))
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-17] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-17 14:15 - 2015-10-17 14:15 - 00000000 ____D C:\FRST
2015-10-17 14:10 - 2015-10-17 14:10 - 00016148 _____ C:\WINDOWS\system32\JAN-PC_Corina_HistoryPrediction.bin
2015-10-17 10:38 - 2015-10-17 10:38 - 01682432 _____ C:\Users\elzad\Desktop\adwcleaner_5.013.exe
2015-10-17 02:37 - 2015-10-17 02:37 - 13464668 _____ C:\Users\elzad\Downloads\AirDroid_Desktop_Client_3.2.0.exe
2015-10-16 17:18 - 2015-10-16 17:25 - 00000000 ____D C:\Program Files\trend micro
2015-10-16 17:18 - 2015-10-16 17:19 - 00000000 ____D C:\rsit
2015-10-16 17:18 - 2015-10-16 17:18 - 00000000 ____D C:\ProgramData\Free Download Manager
2015-10-16 13:20 - 2015-10-16 13:20 - 00001096 _____ C:\Users\elzad\Desktop\nezapomen – zástupce.lnk
2015-10-16 09:42 - 2015-10-16 09:42 - 04839296 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-10-16 04:40 - 2015-10-16 04:41 - 00000000 ____D C:\Program Files (x86)\Nezapomen
2015-10-16 04:40 - 2015-10-16 04:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nezapomen
2015-10-16 04:31 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\is-IGPJJ.tmp
2015-10-15 10:51 - 2015-10-16 03:27 - 00031575 _____ C:\Users\elzad\Desktop\nunčaky.eml
2015-10-14 15:42 - 2015-10-14 16:54 - 00000000 ____D C:\Users\elzad\AppData\Roaming\QTranslate
2015-10-14 15:42 - 2015-10-14 15:42 - 00001108 _____ C:\Users\elzad\Desktop\QTranslate.lnk
2015-10-14 15:42 - 2015-10-14 15:42 - 00000000 ____D C:\Users\elzad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QTranslate
2015-10-14 15:42 - 2015-10-14 15:42 - 00000000 ____D C:\Program Files (x86)\QTranslate
2015-10-14 10:35 - 2015-10-10 08:40 - 21875712 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-14 10:35 - 2015-10-10 08:07 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-14 10:35 - 2015-10-06 05:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-14 10:35 - 2015-10-06 04:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-14 10:35 - 2015-10-01 06:00 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-14 10:35 - 2015-09-25 06:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-10-14 10:35 - 2015-09-25 05:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-14 10:35 - 2015-09-25 05:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-10-14 10:35 - 2015-09-25 05:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-14 10:35 - 2015-09-25 05:17 - 24595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-14 10:35 - 2015-09-25 05:09 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-14 10:35 - 2015-09-25 05:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-14 10:35 - 2015-09-25 05:04 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-14 10:35 - 2015-09-25 05:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-14 10:35 - 2015-09-25 05:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-14 10:35 - 2015-09-25 05:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-14 10:35 - 2015-09-25 05:01 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-14 10:35 - 2015-09-25 05:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-14 10:35 - 2015-09-25 04:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-14 10:35 - 2015-09-25 04:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-10-14 10:35 - 2015-09-25 04:48 - 19325952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-14 10:35 - 2015-09-25 04:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-14 10:35 - 2015-09-25 04:36 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-14 10:35 - 2015-09-25 04:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-14 10:35 - 2015-09-25 04:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-10-14 10:34 - 2015-10-10 09:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-14 10:34 - 2015-10-01 06:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-14 10:34 - 2015-10-01 06:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-14 10:34 - 2015-10-01 06:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-14 10:34 - 2015-10-01 06:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-14 10:34 - 2015-10-01 05:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-14 10:34 - 2015-09-25 06:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-10-14 10:34 - 2015-09-25 05:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-10-14 10:34 - 2015-09-25 05:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-14 10:34 - 2015-09-25 05:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-14 10:34 - 2015-09-25 05:04 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-14 10:34 - 2015-09-25 05:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-14 10:34 - 2015-09-25 05:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-14 10:34 - 2015-09-25 05:02 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-10-14 10:34 - 2015-09-25 05:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-14 10:34 - 2015-09-25 05:02 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-14 10:34 - 2015-09-25 05:00 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-14 10:34 - 2015-09-25 05:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-14 10:34 - 2015-09-25 05:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-14 10:34 - 2015-09-25 04:59 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-14 10:34 - 2015-09-25 04:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-14 10:34 - 2015-09-25 04:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-14 10:34 - 2015-09-25 04:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-14 10:34 - 2015-09-25 04:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-14 10:34 - 2015-09-25 04:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-14 10:34 - 2015-09-25 04:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-14 10:34 - 2015-09-25 04:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-14 10:34 - 2015-09-25 04:38 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-14 10:34 - 2015-09-25 04:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-14 10:34 - 2015-09-25 04:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-14 10:34 - 2015-09-25 04:37 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-10-14 10:34 - 2015-09-25 04:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-14 10:34 - 2015-09-25 04:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-14 10:34 - 2015-09-25 04:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-14 10:34 - 2015-09-25 04:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-14 10:34 - 2015-09-25 04:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-14 10:34 - 2015-09-25 04:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-14 10:34 - 2015-09-25 04:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-14 10:34 - 2015-09-25 04:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-14 10:34 - 2015-09-25 04:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-14 00:28 - 2015-10-14 17:57 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-13 00:08 - 2015-10-13 15:24 - 00000000 ____D C:\Users\elzad\AppData\Roaming\YouTube Downloader
2015-10-12 23:54 - 2015-10-13 00:08 - 00000000 ____D C:\Program Files (x86)\YTD
2015-10-12 23:54 - 2015-10-13 00:06 - 00001348 _____ C:\Users\elzad\Desktop\YTD.lnk
2015-10-12 23:54 - 2015-10-12 23:54 - 00001044 _____ C:\Users\elzad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTD.lnk
2015-10-10 23:19 - 2015-10-16 09:42 - 00020324 _____ C:\WINDOWS\PFRO.log
2015-10-09 16:16 - 2015-10-10 09:39 - 00001360 _____ C:\Users\Public\Desktop\Start Menu 8.lnk
2015-10-09 16:16 - 2015-10-10 09:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
2015-10-09 15:22 - 2015-10-11 15:20 - 00000000 ____D C:\Program Files (x86)\Stardock
2015-10-09 00:07 - 2015-10-09 00:07 - 00000000 ____D C:\Users\elzad\AppData\Roaming\DesktopReminder
2015-10-08 23:12 - 2015-10-17 10:53 - 00000000 ____D C:\Users\elzad\Documents\DesktopReminder
2015-10-08 23:12 - 2015-10-08 23:12 - 00000000 ____D C:\Users\elzad\AppData\Local\Polenter_-_Software_Solut
2015-10-08 23:11 - 2015-10-08 23:18 - 00000000 ____D C:\Program Files\Siber Systems
2015-10-08 23:10 - 2015-10-08 23:11 - 00000000 __HDC C:\Users\elzad\AppData\Local\{315BE8E4-3CB5-445C-99AC-8B636E57459F}
2015-10-08 23:10 - 2015-10-08 23:10 - 00002282 _____ C:\Users\elzad\Desktop\Desktop-Reminder 2.lnk
2015-10-08 23:10 - 2015-10-08 23:10 - 00000000 ____D C:\Users\elzad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop-Reminder 2
2015-10-08 23:10 - 2015-10-08 23:10 - 00000000 ____D C:\Program Files (x86)\Desktop-Reminder 2
2015-10-08 23:09 - 2015-10-08 23:09 - 00000000 ____D C:\Users\elzad\AppData\Local\InstallAware Installation Information
2015-10-08 18:09 - 2015-10-08 18:10 - 00000000 ____D C:\Program Files (x86)\AirDroid
2015-10-08 18:09 - 2015-10-08 18:09 - 00001962 _____ C:\Users\Public\Desktop\AirDroid.lnk
2015-10-08 18:09 - 2015-10-08 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirDroid
2015-10-08 12:48 - 2015-10-08 12:49 - 00034069 _____ C:\Users\elzad\Desktop\brýle čistička.eml
2015-10-07 05:18 - 2015-10-17 13:04 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-06 17:49 - 2015-10-17 14:15 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-05 19:30 - 2015-10-05 19:30 - 00016148 _____ C:\WINDOWS\system32\JAN-PC_Děda_HistoryPrediction.bin
2015-10-05 17:10 - 2015-10-05 16:51 - 00001125 _____ C:\Users\elzad\Documents\indexfile.txt
2015-10-05 17:09 - 2015-10-05 17:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
2015-10-05 16:15 - 2015-10-05 16:15 - 00000000 ___HD C:\OneDriveTemp
2015-10-05 14:40 - 2015-10-08 23:08 - 00000000 ___HD C:\$Windows.~BT
2015-10-04 10:29 - 2015-10-04 10:29 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2015-10-04 10:29 - 2015-10-04 10:29 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2015-10-03 22:45 - 2015-10-03 22:45 - 00000000 ____D C:\ProgramData\OEM
2015-10-02 18:40 - 2015-10-02 18:40 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-10-02 02:58 - 2015-10-02 02:58 - 00000111 _____ C:\WINDOWS\msdos.txt
2015-09-30 22:29 - 2015-09-19 07:14 - 00102304 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2015-09-30 22:29 - 2015-09-17 08:50 - 02464216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-09-30 22:29 - 2015-09-17 08:50 - 01563392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-09-30 22:29 - 2015-09-17 08:50 - 00099664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-09-30 22:29 - 2015-09-17 08:50 - 00088384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-09-30 22:29 - 2015-09-17 08:49 - 06487248 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-09-30 22:29 - 2015-09-17 08:49 - 01563472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-09-30 22:29 - 2015-09-17 08:49 - 00894256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2015-09-30 22:29 - 2015-09-17 08:49 - 00553808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2015-09-30 22:29 - 2015-09-17 08:49 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-09-30 22:29 - 2015-09-17 08:48 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2015-09-30 22:29 - 2015-09-17 08:48 - 02494712 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-30 22:29 - 2015-09-17 08:48 - 02432336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-09-30 22:29 - 2015-09-17 08:48 - 02156400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2015-09-30 22:29 - 2015-09-17 08:48 - 01983824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-09-30 22:29 - 2015-09-17 08:48 - 00809352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-09-30 22:29 - 2015-09-17 08:48 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-09-30 22:29 - 2015-09-17 08:48 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-09-30 22:29 - 2015-09-17 08:48 - 00555768 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-09-30 22:29 - 2015-09-17 08:48 - 00537080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-09-30 22:29 - 2015-09-17 08:48 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-09-30 22:29 - 2015-09-17 08:48 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-09-30 22:29 - 2015-09-17 08:48 - 00476760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-09-30 22:29 - 2015-09-17 08:48 - 00406864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-09-30 22:29 - 2015-09-17 08:48 - 00395088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-09-30 22:29 - 2015-09-17 08:48 - 00332624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2015-09-30 22:29 - 2015-09-17 08:48 - 00278352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-09-30 22:29 - 2015-09-17 08:48 - 00243760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-09-30 22:29 - 2015-09-17 08:47 - 01397088 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-09-30 22:29 - 2015-09-17 08:44 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-09-30 22:29 - 2015-09-17 08:43 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-09-30 22:29 - 2015-09-17 08:37 - 01295712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2015-09-30 22:29 - 2015-09-17 08:37 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-09-30 22:29 - 2015-09-17 08:28 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-09-30 22:29 - 2015-09-17 08:28 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-09-30 22:29 - 2015-09-17 08:28 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-09-30 22:29 - 2015-09-17 08:28 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2015-09-30 22:29 - 2015-09-17 08:28 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-09-30 22:29 - 2015-09-17 08:28 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-09-30 22:29 - 2015-09-17 08:27 - 01766952 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-09-30 22:29 - 2015-09-17 08:27 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-09-30 22:29 - 2015-09-17 08:26 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2015-09-30 22:29 - 2015-09-17 08:26 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2015-09-30 22:29 - 2015-09-17 08:26 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-09-30 22:29 - 2015-09-17 08:26 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-09-30 22:29 - 2015-09-17 08:26 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-09-30 22:29 - 2015-09-17 08:26 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-09-30 22:29 - 2015-09-17 08:25 - 00962400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-09-30 22:29 - 2015-09-17 08:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-09-30 22:29 - 2015-09-17 08:20 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-09-30 22:29 - 2015-09-17 08:11 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-09-30 22:29 - 2015-09-17 08:10 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2015-09-30 22:29 - 2015-09-17 08:09 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-09-30 22:29 - 2015-09-17 08:09 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-09-30 22:29 - 2015-09-17 08:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-09-30 22:29 - 2015-09-17 08:08 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll
2015-09-30 22:29 - 2015-09-17 08:08 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-09-30 22:29 - 2015-09-17 08:06 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-09-30 22:29 - 2015-09-17 08:06 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-09-30 22:29 - 2015-09-17 08:06 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-09-30 22:29 - 2015-09-17 08:05 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-09-30 22:29 - 2015-09-17 08:05 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-09-30 22:29 - 2015-09-17 08:04 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-09-30 22:29 - 2015-09-17 08:04 - 00910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-09-30 22:29 - 2015-09-17 08:04 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2015-09-30 22:29 - 2015-09-17 08:03 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2015-09-30 22:29 - 2015-09-17 08:03 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-09-30 22:29 - 2015-09-17 08:03 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-09-30 22:29 - 2015-09-17 08:03 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2015-09-30 22:29 - 2015-09-17 08:03 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2015-09-30 22:29 - 2015-09-17 08:02 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-09-30 22:29 - 2015-09-17 08:02 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2015-09-30 22:29 - 2015-09-17 08:00 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-09-30 22:29 - 2015-09-17 08:00 - 02417664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-09-30 22:29 - 2015-09-17 08:00 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-09-30 22:29 - 2015-09-17 08:00 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll
2015-09-30 22:29 - 2015-09-17 07:58 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-09-30 22:29 - 2015-09-17 07:57 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-09-30 22:29 - 2015-09-17 07:57 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-09-30 22:29 - 2015-09-17 07:57 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-09-30 22:29 - 2015-09-17 07:57 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-09-30 22:29 - 2015-09-17 07:56 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-09-30 22:29 - 2015-09-17 07:56 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-09-30 22:29 - 2015-09-17 07:56 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-09-30 22:29 - 2015-09-17 07:55 - 02236416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-30 22:29 - 2015-09-17 07:55 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-09-30 22:29 - 2015-09-17 07:55 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll
2015-09-30 22:29 - 2015-09-17 07:55 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-09-30 22:29 - 2015-09-17 07:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2015-09-30 22:29 - 2015-09-17 07:55 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2015-09-30 22:29 - 2015-09-17 07:55 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2015-09-30 22:29 - 2015-09-17 07:55 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-09-30 22:29 - 2015-09-17 07:55 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-09-30 22:29 - 2015-09-17 07:54 - 03781120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-09-30 22:29 - 2015-09-17 07:54 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-09-30 22:29 - 2015-09-17 07:54 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-09-30 22:29 - 2015-09-17 07:53 - 07055872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-09-30 22:29 - 2015-09-17 07:52 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-09-30 22:29 - 2015-09-17 07:52 - 01216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll
2015-09-30 22:29 - 2015-09-17 07:52 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-09-30 22:29 - 2015-09-17 07:52 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2015-09-30 22:29 - 2015-09-17 07:52 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-09-30 22:29 - 2015-09-17 07:52 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-09-30 22:29 - 2015-09-17 07:52 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-09-30 22:29 - 2015-09-17 07:52 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-09-30 22:29 - 2015-09-17 07:52 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-09-30 22:29 - 2015-09-17 07:52 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-09-30 22:29 - 2015-09-17 07:51 - 02660864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-09-30 22:29 - 2015-09-17 07:51 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-09-30 22:29 - 2015-09-17 07:51 - 01203712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-09-30 22:29 - 2015-09-17 07:51 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-09-30 22:29 - 2015-09-17 07:51 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-09-30 22:29 - 2015-09-17 07:51 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2015-09-30 22:29 - 2015-09-17 07:50 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-09-30 22:29 - 2015-09-17 07:50 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2015-09-30 22:29 - 2015-09-17 07:50 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-09-30 22:29 - 2015-09-17 07:50 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeWiFi.dll
2015-09-30 22:29 - 2015-09-17 07:50 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeCell.dll
2015-09-30 22:29 - 2015-09-17 07:50 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2015-09-30 22:29 - 2015-09-17 07:49 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-30 22:29 - 2015-09-17 07:49 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-09-30 22:29 - 2015-09-17 07:49 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-09-30 22:29 - 2015-09-17 07:49 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll
2015-09-30 22:29 - 2015-09-17 07:49 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-09-30 22:29 - 2015-09-17 07:49 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-09-30 22:29 - 2015-09-17 07:49 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll
2015-09-30 22:29 - 2015-09-17 07:49 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeIP.dll
2015-09-30 22:29 - 2015-09-17 07:49 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll
2015-09-30 22:29 - 2015-09-17 07:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll
2015-09-30 22:29 - 2015-09-17 07:48 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-09-30 22:29 - 2015-09-17 07:48 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-09-30 22:29 - 2015-09-17 07:48 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-09-30 22:29 - 2015-09-17 07:48 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-09-30 22:29 - 2015-09-17 07:48 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2015-09-30 22:29 - 2015-09-17 07:48 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-09-30 22:29 - 2015-09-17 07:47 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2015-09-30 22:29 - 2015-09-17 07:47 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-09-30 22:29 - 2015-09-17 07:47 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-09-30 22:29 - 2015-09-17 07:46 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-09-30 22:29 - 2015-09-17 07:46 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-09-30 22:29 - 2015-09-17 07:46 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-09-30 22:29 - 2015-09-17 07:46 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-09-30 22:29 - 2015-09-17 07:46 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-09-30 22:29 - 2015-09-17 07:46 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2015-09-30 22:29 - 2015-09-17 07:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2015-09-30 22:29 - 2015-09-17 07:46 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll
2015-09-30 22:29 - 2015-09-17 07:45 - 01331200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-09-30 22:29 - 2015-09-17 07:45 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-09-30 22:29 - 2015-09-17 07:45 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-09-30 22:29 - 2015-09-17 07:45 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-09-30 22:29 - 2015-09-17 07:45 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2015-09-30 22:29 - 2015-09-17 07:44 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2015-09-30 22:29 - 2015-09-17 07:44 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-09-30 22:29 - 2015-09-17 07:44 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-09-30 22:29 - 2015-09-17 07:44 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-09-30 22:29 - 2015-09-17 07:43 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-09-30 22:29 - 2015-09-17 07:43 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-09-30 22:29 - 2015-09-17 07:43 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-09-30 22:29 - 2015-09-17 07:43 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-09-30 22:29 - 2015-09-17 07:42 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-09-30 22:29 - 2015-09-17 07:41 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-09-30 22:29 - 2015-09-17 07:40 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-09-30 22:29 - 2015-09-17 07:40 - 01918464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-09-30 22:29 - 2015-09-17 07:40 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-09-30 22:29 - 2015-09-17 07:39 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-09-30 22:29 - 2015-09-17 07:39 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-09-30 22:29 - 2015-09-17 07:38 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2015-09-30 22:29 - 2015-09-17 07:37 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-09-30 22:29 - 2015-09-17 07:36 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcenter.dll
2015-09-30 22:29 - 2015-09-17 07:35 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-09-30 22:29 - 2015-09-17 07:35 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-30 22:29 - 2015-09-17 07:35 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-09-30 22:29 - 2015-09-17 07:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-09-30 22:29 - 2015-09-17 07:34 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-09-30 22:29 - 2015-09-17 07:32 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-09-30 22:29 - 2015-09-17 07:32 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-09-30 22:29 - 2015-09-17 07:32 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-09-30 22:29 - 2015-09-17 07:31 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2015-09-30 22:29 - 2015-09-17 07:30 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-09-30 22:29 - 2015-09-17 07:29 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-09-30 22:29 - 2015-09-17 07:29 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-09-30 22:29 - 2015-09-17 07:29 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-09-30 22:29 - 2015-09-17 07:29 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-09-30 22:29 - 2015-09-17 07:28 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-09-30 22:29 - 2015-09-17 07:26 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-09-30 22:29 - 2015-09-17 07:16 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-09-30 22:29 - 2015-09-13 04:05 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-09-30 22:29 - 2015-09-13 03:41 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-09-30 12:03 - 2015-09-30 12:03 - 00000000 ____D C:\Recovery
2015-09-30 10:10 - 2015-10-08 23:08 - 00000000 ____D C:\WINDOWS\Panther
2015-09-30 09:29 - 2015-09-30 09:29 - 00000000 ____D C:\ProgramData\GlassWire
2015-09-29 23:53 - 2015-09-29 23:53 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-09-29 23:53 - 2015-09-29 23:53 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2015-09-29 23:53 - 2015-09-29 23:53 - 00000000 ____D C:\Users\elzad\AppData\Local\Apple
2015-09-29 23:53 - 2015-09-29 23:53 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-09-29 23:52 - 2015-09-29 23:52 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-29 23:52 - 2015-09-29 23:52 - 00000000 ____D C:\Program Files\Bonjour
2015-09-29 23:52 - 2015-09-29 23:52 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-09-29 16:05 - 2015-09-29 16:05 - 00000000 ___HD C:\ProgramData\CanonBJ
2015-09-29 08:49 - 2013-04-04 05:00 - 00391168 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMBV.DLL
2015-09-25 15:11 - 2015-09-25 15:11 - 00003270 _____ C:\WINDOWS\System32\Tasks\{1BC548F3-752D-4F88-B79D-479E1CC79ECD}
2015-09-25 15:06 - 2015-09-25 15:06 - 00000000 ____D C:\Users\elzad\Documents\Smart PC Recorder Records
2015-09-25 14:57 - 2015-09-25 15:18 - 00000000 ____D C:\Users\elzad\Documents\Záznam zvuku
2015-09-25 14:57 - 2015-09-25 14:57 - 00000000 ____D C:\Users\elzad\AppData\Local\Radek Chalupa
2015-09-25 14:07 - 2004-12-02 18:20 - 01843200 _____ (NCT Company Ltd.) C:\WINDOWS\SysWOW64\NCTAudioFile2.dll
2015-09-25 14:07 - 2004-08-25 13:53 - 00311296 _____ (NCT Company Ltd.) C:\WINDOWS\SysWOW64\NCTAudioRecord2.dll
2015-09-25 14:07 - 2004-05-20 13:07 - 00335872 _____ (NCT Company Ltd.) C:\WINDOWS\SysWOW64\NCTAudioVisualization2.dll
2015-09-25 14:07 - 2002-01-05 15:37 - 00344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr70.dll
2015-09-21 03:04 - 2015-09-21 03:04 - 00016148 _____ C:\WINDOWS\system32\JAN-PC_Jan_HistoryPrediction.bin
2015-09-20 01:35 - 2015-09-20 01:35 - 00000000 ____D C:\Users\elzad\AppData\Local\Samsung
2015-09-20 01:31 - 2015-09-20 12:41 - 00000000 ____D C:\ProgramData\Samsung
2015-09-19 14:50 - 2015-09-19 14:50 - 00004096 ___SH C:\{88B27E56-AE4E-4EE9-BE6C-36669260D431}.CBM
2015-09-19 14:49 - 2015-09-19 15:00 - 00000000 ____D C:\My Backups
2015-09-19 13:49 - 2015-09-19 13:49 - 00000000 ____D C:\Users\elzad\AppData\Local\GHISLER
2015-09-19 13:16 - 2015-09-19 13:56 - 00467456 ___SH C:\EUMONBMP.SYS
2015-09-18 14:36 - 2015-09-18 14:48 - 00000000 ____D C:\Users\Public\Documents\Stardock
2015-09-17 12:40 - 2015-10-17 10:51 - 00000000 ____D C:\AdwCleaner
2015-09-17 03:04 - 2015-10-16 15:03 - 00002484 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Corina
2015-09-17 03:04 - 2015-10-16 15:03 - 00000294 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Corina.job
2015-09-17 02:44 - 2015-09-17 02:44 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-09-17 02:43 - 2015-09-17 02:43 - 00000000 ____D C:\Program Files (x86)\StartW8
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-17 14:00 - 2015-08-17 13:40 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-17 12:57 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-17 11:05 - 2015-09-13 15:30 - 00000000 ____D C:\Users\elzad\AppData\LocalLow\360WD
2015-10-17 10:57 - 2015-08-16 22:37 - 01762290 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-17 10:57 - 2015-07-10 18:02 - 00745406 _____ C:\WINDOWS\system32\perfh005.dat
2015-10-17 10:57 - 2015-07-10 18:02 - 00149344 _____ C:\WINDOWS\system32\perfc005.dat
2015-10-17 10:53 - 2015-09-14 09:28 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-17 10:53 - 2015-08-24 18:52 - 00000000 ____D C:\Users\elzad\Documents\AirDroid
2015-10-17 10:52 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-17 10:41 - 2015-08-21 12:56 - 00000000 ____D C:\Users\elzad\AppData\Roaming\Free Download Manager
2015-10-17 10:17 - 2015-08-20 11:13 - 00004194 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{60970F81-AD71-44B0-AA71-BF01C6F40190}
2015-10-17 01:53 - 2015-09-13 15:37 - 00000000 ____D C:\Users\elzad\AppData\Roaming\360safe
2015-10-16 18:42 - 2015-09-08 14:20 - 00000000 ____D C:\Users\elzad\AppData\Local\CrashDumps
2015-10-16 09:42 - 2015-08-16 23:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-16 09:42 - 2015-08-16 23:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-16 05:39 - 2015-08-16 23:12 - 00001236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-16 05:39 - 2015-08-16 23:12 - 00001224 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-10-16 05:37 - 2015-08-17 07:47 - 00000000 ____D C:\Program Files (x86)\MP3Gain
2015-10-16 05:05 - 2015-08-19 23:21 - 00002942 _____ C:\WINDOWS\System32\Tasks\Run RoboForm TaskBar Icon
2015-10-16 04:31 - 2015-09-14 09:51 - 00001179 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-16 04:31 - 2015-09-14 09:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-16 04:31 - 2015-09-14 09:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-15 16:04 - 2015-08-19 18:15 - 00001197 _____ C:\Users\elzad\Desktop\Řešení.txt
2015-10-15 11:52 - 2015-08-17 16:26 - 00000000 ____D C:\Users\elzad\AppData\Roaming\Audacity
2015-10-14 19:30 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-14 17:56 - 2015-08-18 10:09 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-14 17:47 - 2015-08-17 13:35 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-14 15:35 - 2015-08-17 06:14 - 00002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-13 00:05 - 2015-09-08 13:39 - 00000000 ____D C:\Program Files\Zoner
2015-10-12 23:56 - 2015-07-10 11:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-10-12 17:30 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-10-11 15:18 - 2015-08-26 05:04 - 00000000 ____D C:\ProgramData\Stardock
2015-10-11 00:58 - 2015-09-13 21:02 - 00000000 _RSHD C:\360SANDBOX
2015-10-09 16:18 - 2015-08-17 05:11 - 00000000 ____D C:\ProgramData\ProductData
2015-10-09 16:15 - 2015-08-17 05:10 - 00000000 ____D C:\Program Files (x86)\IObit
2015-10-09 15:36 - 2015-08-28 16:05 - 00002366 _____ C:\Users\elzad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-09 15:36 - 2015-08-16 22:51 - 00000000 ___RD C:\Users\elzad\OneDrive
2015-10-09 15:31 - 2015-08-26 05:04 - 00000000 ____D C:\Users\elzad\AppData\Local\Stardock
2015-10-08 23:12 - 2015-08-27 17:36 - 00000000 ____D C:\ProgramData\IsolatedStorage
2015-10-08 23:07 - 2015-08-17 05:04 - 00000000 __SHD C:\ProgramData\360Quarant
2015-10-08 23:07 - 2015-06-02 18:30 - 00000000 __SHD C:\$360Section
2015-10-08 23:01 - 2015-08-17 02:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2015-10-06 17:47 - 2015-08-17 05:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-10-05 16:43 - 2015-09-13 15:30 - 00000000 ____D C:\ProgramData\360TotalSecurity
2015-10-05 14:59 - 2015-08-22 13:34 - 00001908 _____ C:\WINDOWS\diagwrn.xml
2015-10-05 14:59 - 2015-08-22 13:34 - 00001908 _____ C:\WINDOWS\diagerr.xml
2015-10-05 13:30 - 2015-08-17 06:13 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-05 09:50 - 2015-09-14 09:51 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-10-05 09:50 - 2015-09-14 09:51 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-10-04 10:29 - 2015-08-26 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-10-03 14:58 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\rescache
2015-10-02 19:36 - 2015-08-19 11:41 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-02 19:36 - 2015-08-19 11:41 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-02 02:59 - 2015-07-10 13:04 - 00000259 _____ C:\WINDOWS\system.ini
2015-10-01 11:03 - 2015-09-04 13:33 - 00000000 ___HD C:\Users\elzad\Desktop\MyPhoneExplorer portable
2015-10-01 00:35 - 2015-07-10 13:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-10-01 00:35 - 2015-07-10 13:04 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-10-01 00:35 - 2015-07-10 13:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-10-01 00:35 - 2015-07-10 13:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-01 00:35 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-10-01 00:35 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-10-01 00:35 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-10-01 00:35 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-09-30 13:39 - 2015-08-28 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YoWindow
2015-09-30 13:39 - 2015-08-25 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-09-30 13:39 - 2015-08-25 15:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2015-09-30 13:39 - 2015-08-22 13:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup Free 8.6
2015-09-30 13:39 - 2015-08-21 13:51 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-09-30 13:39 - 2015-08-21 12:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2015-09-30 13:39 - 2015-08-21 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2015-09-30 13:39 - 2015-08-21 11:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-09-30 13:39 - 2015-08-17 07:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2015-09-30 13:39 - 2015-08-17 07:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Display Stix
2015-09-30 13:39 - 2015-08-17 07:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClocX
2015-09-30 13:39 - 2015-08-17 06:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FeedReader
2015-09-30 13:39 - 2015-08-17 06:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-30 13:39 - 2015-08-17 05:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-09-30 13:39 - 2015-08-17 04:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jetAudio
2015-09-30 13:39 - 2015-08-17 04:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock
2015-09-30 13:39 - 2015-08-17 02:31 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2015-09-30 13:39 - 2015-08-17 00:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-09-30 13:39 - 2015-07-10 18:02 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-09-30 13:39 - 2015-07-10 18:02 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2015-09-30 13:39 - 2015-07-10 18:02 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-09-30 13:39 - 2015-07-10 15:19 - 00000000 ____D C:\WINDOWS\DigitalLocker
2015-09-30 13:39 - 2015-07-10 13:04 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-09-30 13:39 - 2015-07-10 13:04 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-09-30 13:39 - 2015-07-10 13:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2015-09-30 13:39 - 2015-07-10 13:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2015-09-30 13:39 - 2015-07-10 13:04 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2015-09-30 13:39 - 2015-07-10 13:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-30 13:39 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Speech_OneCore
2015-09-30 13:39 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2015-09-30 13:39 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-09-30 13:39 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-09-30 13:39 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\spool
2015-09-30 13:39 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-09-30 13:39 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\InputMethod
2015-09-30 13:39 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\IME
2015-09-30 13:39 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\Help
2015-09-30 13:39 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-09-30 13:38 - 2015-09-13 04:31 - 00000000 ____D C:\Users\elzad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup-
2015-09-30 13:38 - 2015-09-04 11:54 - 00000000 ____D C:\Users\elzad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyHeritage.com
2015-09-30 13:38 - 2015-08-26 10:37 - 00000000 ____D C:\Users\elzad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drakensang Online
2015-09-30 13:38 - 2015-08-22 19:09 - 00000000 ____D C:\Users\elzad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-30 13:38 - 2015-08-21 12:23 - 00000000 ____D C:\Users\elzad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\365dní
2015-09-30 13:38 - 2015-08-20 14:31 - 00000000 ____D C:\Users\elzad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Funcom
2015-09-30 13:38 - 2015-08-17 07:47 - 00000000 ____D C:\Users\elzad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
2015-09-30 13:38 - 2015-08-17 05:11 - 00000000 ____D C:\Users\elzad\AppData\LocalLow\IObit
2015-09-30 13:38 - 2015-08-17 05:10 - 00000000 ____D C:\Users\elzad\AppData\Roaming\IObit
2015-09-30 13:38 - 2015-08-17 04:51 - 00000000 ____D C:\Users\elzad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2015-09-30 13:38 - 2015-08-17 00:02 - 00000000 ____D C:\Users\elzad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-09-30 13:38 - 2015-08-16 22:43 - 00000000 ___RD C:\Users\elzad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-30 13:38 - 2015-08-16 22:43 - 00000000 ____D C:\Users\elzad
2015-09-30 13:38 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-09-30 10:48 - 2015-07-10 11:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-09-30 10:45 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\registration
2015-09-29 23:52 - 2015-08-24 18:55 - 00000000 ____D C:\ProgramData\Apple
2015-09-29 16:06 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-09-29 10:19 - 2015-09-13 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2015-09-28 18:00 - 2015-09-13 15:30 - 00000000 ____D C:\Users\elzad\AppData\Roaming\360TotalSecurity
2015-09-28 17:44 - 2015-08-28 15:44 - 00000000 ____D C:\Users\elzad\AppData\Roaming\YoWindow
2015-09-28 17:44 - 2015-08-28 15:44 - 00000000 ____D C:\Program Files (x86)\YoWindow
2015-09-26 12:48 - 2015-09-04 11:54 - 00000000 ____D C:\Users\elzad\AppData\Roaming\MyHeritage
2015-09-25 15:03 - 2015-08-30 10:49 - 00004608 _____ C:\Users\elzad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-25 14:49 - 2015-08-17 05:03 - 00000000 ____D C:\ProgramData\TEMP
2015-09-22 17:00 - 2015-08-17 13:40 - 00003900 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-09-21 06:10 - 2015-09-13 15:30 - 00319568 _____ (360.cn) C:\WINDOWS\system32\Drivers\360Box64.sys
2015-09-21 06:10 - 2015-09-13 15:30 - 00077904 _____ (360.cn) C:\WINDOWS\system32\Drivers\360AvFlt.sys
2015-09-20 19:19 - 2015-08-16 22:46 - 00000000 ____D C:\Users\elzad\AppData\Local\Packages
2015-09-19 13:56 - 2015-08-22 15:03 - 00000000 ____D C:\WINDOWS\system32\config\regsave
2015-09-18 14:48 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-17 12:47 - 2015-08-26 04:40 - 00001435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2015-09-17 12:47 - 2015-08-25 17:28 - 00001084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-09-17 12:47 - 2015-08-23 18:26 - 00002475 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-09-17 12:47 - 2015-08-21 13:51 - 00001176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
2015-09-17 12:47 - 2015-08-21 13:50 - 00001286 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
2015-09-17 12:47 - 2015-08-21 13:50 - 00001134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2015-09-17 12:47 - 2015-08-21 13:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
2015-09-17 12:47 - 2015-08-21 13:47 - 00001632 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2015-09-17 12:47 - 2015-08-21 13:47 - 00001458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2015-09-17 12:47 - 2015-08-17 05:21 - 00001274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-09-17 12:46 - 2015-09-13 04:20 - 00001414 _____ C:\Users\Public\Desktop\WinTools.net Professional.lnk
2015-09-17 12:46 - 2015-08-25 19:15 - 00001181 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2015-09-17 12:46 - 2015-08-25 17:28 - 00001078 _____ C:\Users\Public\Desktop\Audacity.lnk
2015-09-17 12:46 - 2015-08-25 15:42 - 00001269 _____ C:\Users\Public\Desktop\aTube Catcher.lnk
2015-09-17 12:46 - 2015-08-22 15:27 - 00001954 _____ C:\Users\elzad\Desktop\FeedReader.lnk
2015-09-17 12:46 - 2015-08-22 13:22 - 00002206 _____ C:\Users\Public\Desktop\EaseUS Todo Backup Free 8.6 .lnk
2015-09-17 12:46 - 2015-08-21 11:43 - 00001005 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2015-09-17 12:46 - 2015-08-20 14:52 - 00001892 _____ C:\Users\Public\Desktop\jetAudio.lnk
2015-09-17 12:46 - 2015-08-20 11:13 - 00001540 _____ C:\Users\elzad\Desktop\iexplore.lnk
2015-09-17 12:46 - 2015-08-17 07:50 - 00000667 _____ C:\Users\Public\Desktop\Total Commander.lnk
2015-09-17 12:46 - 2015-08-17 05:21 - 00001268 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2015-09-17 12:46 - 2015-08-17 05:06 - 00001395 _____ C:\Users\Public\Desktop\Freemake Audio Converter.lnk
2015-09-17 12:45 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\Performance
==================== Files in the root of some directories =======
2015-08-30 10:49 - 2015-09-25 15:03 - 0004608 _____ () C:\Users\elzad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-27 09:01 - 2015-08-27 18:45 - 0007605 _____ () C:\Users\elzad\AppData\Local\resmon.resmoncfg
2015-09-13 04:19 - 2015-09-13 04:19 - 2777714 _____ (WinTools Software Engineering, Ltd. ) C:\Users\elzad\AppData\Local\Tempwintoolspro.exe
2015-08-16 22:51 - 2015-08-16 22:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-08-17 07:28 - 2015-08-17 07:28 - 0000114 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2015-09-17 02:44 - 2015-09-17 02:44 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Files to move or delete:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Some files in TEMP:
====================
C:\Users\elzad\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-10-14 14:55
==================== End of FRST.txt ============================
Ran by Corina (administrator) on JAN-PC (17-10-2015 14:15:46)
Running from C:\Downloads\Software
Loaded Profiles: Corina (Available Profiles: Corina)
Platform: Windows 10 Home (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Qihu Software Co. Limited) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(BonSoft) C:\Program Files\ClocX\ClocX.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Flux Software LLC) C:\Users\elzad\AppData\Local\FluxSoftware\Flux\flux.exe
(Fractalis Software) C:\Program Files (x86)\Fractalis Software\Display Stix 2.1.1\dstix.exe
(Sand Studio) C:\Program Files (x86)\AirDroid\AirDroid.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Polenter - Software Solutions) C:\Program Files (x86)\Desktop-Reminder 2\DesktopReminder2.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(FreeDownloadManager.ORG) C:\Program Files (x86)\Free Download Manager\FdmBrowserHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
(FreeDownloadManager.ORG) C:\Program Files (x86)\Free Download Manager\Chrome\fdm_nativehost.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(FreeDownloadManager.ORG) C:\Program Files (x86)\Free Download Manager\fdm.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ClocX] => C:\Program Files\ClocX\ClocX.exe [2713600 2013-01-14] (BonSoft)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe [300152 2015-09-21] (QIHU 360 SOFTWARE CO. LIMITED)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Run: [f.lux] => C:\Users\elzad\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Run: [Display Stix - System tray] => C:\Program Files (x86)\Fractalis Software\Display Stix 2.1.1\dstix.exe [241664 2004-01-12] (Fractalis Software)
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Run: [Malwarebytes Anti-Malware Premium 2] => wscript.exe //B "C:\Users\elzad\AppData\Local\Temp\Malwarebytes Anti-Malware Premium 2.1.8.1057 Multilingual + KeyGen by FFF.vbs" <===== ATTENTION
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Run: [autoRunTest] => C:\Program Files (x86)\AirDroid\AirDroid.exe [7119872 2015-09-22] (Sand Studio)
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-10-08] (Siber Systems)
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Run: [DesktopReminder2ByPolenter] => C:\Program Files (x86)\Desktop-Reminder 2\DesktopReminder2.exe [3097104 2014-09-21] (Polenter - Software Solutions)
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Run: [Nezapomen] => C:\Program Files (x86)\Nezapomen\nezapomen.exe [466944 2005-10-09] ()
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoStartMenuPinnedList] 0
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoUserNameInStartMenu] 1
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoCommonGroups] 0
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoManageMyComputerVerb] 0
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 10.0.0.10
Tcpip\..\Interfaces\{6faec588-042c-45e1-8236-ad4151e7d984}: [DhcpNameServer] 10.0.0.1 10.0.0.10
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=i ... ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\Software\Microsoft\Internet Explorer\Main,SearchURL = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKLM -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKLM-x32 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3753039968-2491021084-3569134365-1001 -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3753039968-2491021084-3569134365-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3753039968-2491021084-3569134365-1001 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-10-08] (Siber Systems Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-08-30] (Oracle Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2015-09-21] (Qihu 360 Software Co., Ltd.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-08-30] (Oracle Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-10-08] (Siber Systems Inc.)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2015-08-10] (Qihu 360 Software Co., Ltd.)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-08-07] (FreeDownloadManager.ORG)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-10-08] (Siber Systems Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-10-08] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-3753039968-2491021084-3569134365-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-10-08] (Siber Systems Inc.)
FireFox:
========
FF ProfilePath: C:\Users\elzad\AppData\Roaming\Mozilla\Firefox\Profiles\7j86ktsw.default-1439759816202
FF Homepage: about:home
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_207.dll [2015-10-14] ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\WINDOWS\system32\npDeployJava1.dll [2015-08-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-08-30] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_207.dll [2015-10-14] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: Widevine Media Optimizer - C:\Users\elzad\AppData\Roaming\Mozilla\Firefox\Profiles\7j86ktsw.default-1439759816202\Extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d} [2015-08-16] [not signed]
FF Extension: ReminderFox - C:\Users\elzad\AppData\Roaming\Mozilla\Firefox\Profiles\7j86ktsw.default-1439759816202\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2015-08-16]
FF Extension: Forecastfox (fix version) - C:\Users\elzad\AppData\Roaming\Mozilla\Firefox\Profiles\7j86ktsw.default-1439759816202\Extensions\forecastfox@s3_fix_version.xpi [2015-08-27]
FF Extension: AdBlock for Firefox - C:\Users\elzad\AppData\Roaming\Mozilla\Firefox\Profiles\7j86ktsw.default-1439759816202\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2015-08-16] [not signed]
FF Extension: S3.Google Translator - C:\Users\elzad\AppData\Roaming\Mozilla\Firefox\Profiles\7j86ktsw.default-1439759816202\Extensions\s3google@translator.xpi [2015-08-25]
FF Extension: ImTranslator - C:\Users\elzad\AppData\Roaming\Mozilla\Firefox\Profiles\7j86ktsw.default-1439759816202\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2015-08-18]
FF HKLM-x32\...\Firefox\Extensions: [WebProtection@360safe.com] - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox
FF Extension: 360 Internet Protection - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox [2015-09-13] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: No Name - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2015-08-19] [not signed]
FF HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.0.17
FF Extension: Free Download Manager extension - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.0.17 [2015-10-16]
FF HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
Chrome:
=======
CHR HomePage: Default -> hxxp://www.centrum.cz/
CHR StartupUrls: Default -> "hxxp://www.centrum.cz/","hxxp://www.mystartsea ... XX6VPDNVEL"
CHR Profile: C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Free Download Manager Chrome extension) - C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2015-08-17]
CHR Extension: (Disk Google) - C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-17]
CHR Extension: (YouTube) - C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-17]
CHR Extension: (Minimal nature theme) - C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\confkemndkokcilaicjojfbefpcmmfnm [2015-09-17]
CHR Extension: (Vyhledávání Google) - C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-17]
CHR Extension: (YoWindow Počasí Zdarma) - C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef [2015-08-31]
CHR Extension: (Dokumenty Google offline) - C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
CHR Extension: (AdBlock) - C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-08-25]
CHR Extension: (360 Internet Protection) - C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\glcimepnljoholdmjchkloafkggfoijh [2015-08-17]
CHR Extension: (Bookmark Reminder) - C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihngndbfmmfdnoaafjhckgknmhgfnjli [2015-08-22]
CHR Extension: (Místní předpověď počasí) - C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\koajajknhdgbeblgpokjndflikflmpob [2015-08-28]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-17]
CHR Extension: (ImTranslator: Překladač, Slovník, Hlas) - C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2015-08-17]
CHR Extension: (Gmail) - C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-17]
CHR Extension: (RSS Feed Reader) - C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2015-08-22]
CHR Extension: (RoboForm Password Manager) - C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2015-08-17]
CHR Profile: C:\Users\elzad\AppData\Local\Google\Chrome\User Data\Profile 1
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-08-17]
CHR HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ahmpjcflkgiildlgicmcieglgoilbfdp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-08-17]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36904 2015-08-01] (CHENGDU YIWO Tech Development Co., Ltd)
S3 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-17] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [859768 2015-09-21] (QIHU 360 SOFTWARE CO. LIMITED)
S2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [1055008 2015-10-08] (IObit)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3025248 2015-07-07] (Samsung Electronics CO., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [137296 2015-08-10] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77904 2015-09-21] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [319568 2015-09-21] (360.cn)
R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-08-10] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [363088 2015-08-10] (360.cn)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [178768 2015-08-10] (360.cn)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-15] ()
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-08-17] (REALiX(tm))
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-17] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-17 14:15 - 2015-10-17 14:15 - 00000000 ____D C:\FRST
2015-10-17 14:10 - 2015-10-17 14:10 - 00016148 _____ C:\WINDOWS\system32\JAN-PC_Corina_HistoryPrediction.bin
2015-10-17 10:38 - 2015-10-17 10:38 - 01682432 _____ C:\Users\elzad\Desktop\adwcleaner_5.013.exe
2015-10-17 02:37 - 2015-10-17 02:37 - 13464668 _____ C:\Users\elzad\Downloads\AirDroid_Desktop_Client_3.2.0.exe
2015-10-16 17:18 - 2015-10-16 17:25 - 00000000 ____D C:\Program Files\trend micro
2015-10-16 17:18 - 2015-10-16 17:19 - 00000000 ____D C:\rsit
2015-10-16 17:18 - 2015-10-16 17:18 - 00000000 ____D C:\ProgramData\Free Download Manager
2015-10-16 13:20 - 2015-10-16 13:20 - 00001096 _____ C:\Users\elzad\Desktop\nezapomen – zástupce.lnk
2015-10-16 09:42 - 2015-10-16 09:42 - 04839296 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-10-16 04:40 - 2015-10-16 04:41 - 00000000 ____D C:\Program Files (x86)\Nezapomen
2015-10-16 04:40 - 2015-10-16 04:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nezapomen
2015-10-16 04:31 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\is-IGPJJ.tmp
2015-10-15 10:51 - 2015-10-16 03:27 - 00031575 _____ C:\Users\elzad\Desktop\nunčaky.eml
2015-10-14 15:42 - 2015-10-14 16:54 - 00000000 ____D C:\Users\elzad\AppData\Roaming\QTranslate
2015-10-14 15:42 - 2015-10-14 15:42 - 00001108 _____ C:\Users\elzad\Desktop\QTranslate.lnk
2015-10-14 15:42 - 2015-10-14 15:42 - 00000000 ____D C:\Users\elzad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QTranslate
2015-10-14 15:42 - 2015-10-14 15:42 - 00000000 ____D C:\Program Files (x86)\QTranslate
2015-10-14 10:35 - 2015-10-10 08:40 - 21875712 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-14 10:35 - 2015-10-10 08:07 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-14 10:35 - 2015-10-06 05:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-14 10:35 - 2015-10-06 04:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-14 10:35 - 2015-10-01 06:00 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-14 10:35 - 2015-09-25 06:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-10-14 10:35 - 2015-09-25 05:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-14 10:35 - 2015-09-25 05:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-10-14 10:35 - 2015-09-25 05:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-14 10:35 - 2015-09-25 05:17 - 24595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-14 10:35 - 2015-09-25 05:09 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-14 10:35 - 2015-09-25 05:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-14 10:35 - 2015-09-25 05:04 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-14 10:35 - 2015-09-25 05:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-14 10:35 - 2015-09-25 05:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-14 10:35 - 2015-09-25 05:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-14 10:35 - 2015-09-25 05:01 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-14 10:35 - 2015-09-25 05:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-14 10:35 - 2015-09-25 04:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-14 10:35 - 2015-09-25 04:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-10-14 10:35 - 2015-09-25 04:48 - 19325952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-14 10:35 - 2015-09-25 04:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-14 10:35 - 2015-09-25 04:36 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-14 10:35 - 2015-09-25 04:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-14 10:35 - 2015-09-25 04:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-10-14 10:34 - 2015-10-10 09:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-14 10:34 - 2015-10-01 06:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-14 10:34 - 2015-10-01 06:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-14 10:34 - 2015-10-01 06:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-14 10:34 - 2015-10-01 06:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-14 10:34 - 2015-10-01 05:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-14 10:34 - 2015-09-25 06:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-10-14 10:34 - 2015-09-25 05:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-10-14 10:34 - 2015-09-25 05:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-14 10:34 - 2015-09-25 05:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-14 10:34 - 2015-09-25 05:04 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-14 10:34 - 2015-09-25 05:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-14 10:34 - 2015-09-25 05:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-14 10:34 - 2015-09-25 05:02 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-10-14 10:34 - 2015-09-25 05:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-14 10:34 - 2015-09-25 05:02 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-14 10:34 - 2015-09-25 05:00 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-14 10:34 - 2015-09-25 05:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-14 10:34 - 2015-09-25 05:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-14 10:34 - 2015-09-25 04:59 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-14 10:34 - 2015-09-25 04:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-14 10:34 - 2015-09-25 04:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-14 10:34 - 2015-09-25 04:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-14 10:34 - 2015-09-25 04:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-14 10:34 - 2015-09-25 04:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-14 10:34 - 2015-09-25 04:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-14 10:34 - 2015-09-25 04:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-14 10:34 - 2015-09-25 04:38 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-14 10:34 - 2015-09-25 04:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-14 10:34 - 2015-09-25 04:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-14 10:34 - 2015-09-25 04:37 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-10-14 10:34 - 2015-09-25 04:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-14 10:34 - 2015-09-25 04:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-14 10:34 - 2015-09-25 04:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-14 10:34 - 2015-09-25 04:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-14 10:34 - 2015-09-25 04:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-14 10:34 - 2015-09-25 04:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-14 10:34 - 2015-09-25 04:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-14 10:34 - 2015-09-25 04:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-14 10:34 - 2015-09-25 04:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-14 00:28 - 2015-10-14 17:57 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-13 00:08 - 2015-10-13 15:24 - 00000000 ____D C:\Users\elzad\AppData\Roaming\YouTube Downloader
2015-10-12 23:54 - 2015-10-13 00:08 - 00000000 ____D C:\Program Files (x86)\YTD
2015-10-12 23:54 - 2015-10-13 00:06 - 00001348 _____ C:\Users\elzad\Desktop\YTD.lnk
2015-10-12 23:54 - 2015-10-12 23:54 - 00001044 _____ C:\Users\elzad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTD.lnk
2015-10-10 23:19 - 2015-10-16 09:42 - 00020324 _____ C:\WINDOWS\PFRO.log
2015-10-09 16:16 - 2015-10-10 09:39 - 00001360 _____ C:\Users\Public\Desktop\Start Menu 8.lnk
2015-10-09 16:16 - 2015-10-10 09:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
2015-10-09 15:22 - 2015-10-11 15:20 - 00000000 ____D C:\Program Files (x86)\Stardock
2015-10-09 00:07 - 2015-10-09 00:07 - 00000000 ____D C:\Users\elzad\AppData\Roaming\DesktopReminder
2015-10-08 23:12 - 2015-10-17 10:53 - 00000000 ____D C:\Users\elzad\Documents\DesktopReminder
2015-10-08 23:12 - 2015-10-08 23:12 - 00000000 ____D C:\Users\elzad\AppData\Local\Polenter_-_Software_Solut
2015-10-08 23:11 - 2015-10-08 23:18 - 00000000 ____D C:\Program Files\Siber Systems
2015-10-08 23:10 - 2015-10-08 23:11 - 00000000 __HDC C:\Users\elzad\AppData\Local\{315BE8E4-3CB5-445C-99AC-8B636E57459F}
2015-10-08 23:10 - 2015-10-08 23:10 - 00002282 _____ C:\Users\elzad\Desktop\Desktop-Reminder 2.lnk
2015-10-08 23:10 - 2015-10-08 23:10 - 00000000 ____D C:\Users\elzad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop-Reminder 2
2015-10-08 23:10 - 2015-10-08 23:10 - 00000000 ____D C:\Program Files (x86)\Desktop-Reminder 2
2015-10-08 23:09 - 2015-10-08 23:09 - 00000000 ____D C:\Users\elzad\AppData\Local\InstallAware Installation Information
2015-10-08 18:09 - 2015-10-08 18:10 - 00000000 ____D C:\Program Files (x86)\AirDroid
2015-10-08 18:09 - 2015-10-08 18:09 - 00001962 _____ C:\Users\Public\Desktop\AirDroid.lnk
2015-10-08 18:09 - 2015-10-08 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirDroid
2015-10-08 12:48 - 2015-10-08 12:49 - 00034069 _____ C:\Users\elzad\Desktop\brýle čistička.eml
2015-10-07 05:18 - 2015-10-17 13:04 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-06 17:49 - 2015-10-17 14:15 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-05 19:30 - 2015-10-05 19:30 - 00016148 _____ C:\WINDOWS\system32\JAN-PC_Děda_HistoryPrediction.bin
2015-10-05 17:10 - 2015-10-05 16:51 - 00001125 _____ C:\Users\elzad\Documents\indexfile.txt
2015-10-05 17:09 - 2015-10-05 17:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
2015-10-05 16:15 - 2015-10-05 16:15 - 00000000 ___HD C:\OneDriveTemp
2015-10-05 14:40 - 2015-10-08 23:08 - 00000000 ___HD C:\$Windows.~BT
2015-10-04 10:29 - 2015-10-04 10:29 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2015-10-04 10:29 - 2015-10-04 10:29 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2015-10-03 22:45 - 2015-10-03 22:45 - 00000000 ____D C:\ProgramData\OEM
2015-10-02 18:40 - 2015-10-02 18:40 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-10-02 02:58 - 2015-10-02 02:58 - 00000111 _____ C:\WINDOWS\msdos.txt
2015-09-30 22:29 - 2015-09-19 07:14 - 00102304 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2015-09-30 22:29 - 2015-09-17 08:50 - 02464216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-09-30 22:29 - 2015-09-17 08:50 - 01563392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-09-30 22:29 - 2015-09-17 08:50 - 00099664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-09-30 22:29 - 2015-09-17 08:50 - 00088384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-09-30 22:29 - 2015-09-17 08:49 - 06487248 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-09-30 22:29 - 2015-09-17 08:49 - 01563472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-09-30 22:29 - 2015-09-17 08:49 - 00894256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2015-09-30 22:29 - 2015-09-17 08:49 - 00553808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2015-09-30 22:29 - 2015-09-17 08:49 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-09-30 22:29 - 2015-09-17 08:48 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2015-09-30 22:29 - 2015-09-17 08:48 - 02494712 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-30 22:29 - 2015-09-17 08:48 - 02432336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-09-30 22:29 - 2015-09-17 08:48 - 02156400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2015-09-30 22:29 - 2015-09-17 08:48 - 01983824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-09-30 22:29 - 2015-09-17 08:48 - 00809352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-09-30 22:29 - 2015-09-17 08:48 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-09-30 22:29 - 2015-09-17 08:48 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-09-30 22:29 - 2015-09-17 08:48 - 00555768 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-09-30 22:29 - 2015-09-17 08:48 - 00537080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-09-30 22:29 - 2015-09-17 08:48 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-09-30 22:29 - 2015-09-17 08:48 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-09-30 22:29 - 2015-09-17 08:48 - 00476760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-09-30 22:29 - 2015-09-17 08:48 - 00406864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-09-30 22:29 - 2015-09-17 08:48 - 00395088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-09-30 22:29 - 2015-09-17 08:48 - 00332624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2015-09-30 22:29 - 2015-09-17 08:48 - 00278352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-09-30 22:29 - 2015-09-17 08:48 - 00243760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-09-30 22:29 - 2015-09-17 08:47 - 01397088 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-09-30 22:29 - 2015-09-17 08:44 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-09-30 22:29 - 2015-09-17 08:43 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-09-30 22:29 - 2015-09-17 08:37 - 01295712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2015-09-30 22:29 - 2015-09-17 08:37 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-09-30 22:29 - 2015-09-17 08:28 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-09-30 22:29 - 2015-09-17 08:28 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-09-30 22:29 - 2015-09-17 08:28 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-09-30 22:29 - 2015-09-17 08:28 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2015-09-30 22:29 - 2015-09-17 08:28 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-09-30 22:29 - 2015-09-17 08:28 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-09-30 22:29 - 2015-09-17 08:27 - 01766952 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-09-30 22:29 - 2015-09-17 08:27 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-09-30 22:29 - 2015-09-17 08:26 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2015-09-30 22:29 - 2015-09-17 08:26 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2015-09-30 22:29 - 2015-09-17 08:26 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-09-30 22:29 - 2015-09-17 08:26 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-09-30 22:29 - 2015-09-17 08:26 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-09-30 22:29 - 2015-09-17 08:26 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-09-30 22:29 - 2015-09-17 08:25 - 00962400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-09-30 22:29 - 2015-09-17 08:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-09-30 22:29 - 2015-09-17 08:20 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-09-30 22:29 - 2015-09-17 08:11 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-09-30 22:29 - 2015-09-17 08:10 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2015-09-30 22:29 - 2015-09-17 08:09 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-09-30 22:29 - 2015-09-17 08:09 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-09-30 22:29 - 2015-09-17 08:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-09-30 22:29 - 2015-09-17 08:08 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll
2015-09-30 22:29 - 2015-09-17 08:08 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-09-30 22:29 - 2015-09-17 08:06 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-09-30 22:29 - 2015-09-17 08:06 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-09-30 22:29 - 2015-09-17 08:06 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-09-30 22:29 - 2015-09-17 08:05 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-09-30 22:29 - 2015-09-17 08:05 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-09-30 22:29 - 2015-09-17 08:04 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-09-30 22:29 - 2015-09-17 08:04 - 00910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-09-30 22:29 - 2015-09-17 08:04 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2015-09-30 22:29 - 2015-09-17 08:03 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2015-09-30 22:29 - 2015-09-17 08:03 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-09-30 22:29 - 2015-09-17 08:03 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-09-30 22:29 - 2015-09-17 08:03 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2015-09-30 22:29 - 2015-09-17 08:03 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2015-09-30 22:29 - 2015-09-17 08:02 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-09-30 22:29 - 2015-09-17 08:02 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2015-09-30 22:29 - 2015-09-17 08:00 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-09-30 22:29 - 2015-09-17 08:00 - 02417664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-09-30 22:29 - 2015-09-17 08:00 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-09-30 22:29 - 2015-09-17 08:00 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll
2015-09-30 22:29 - 2015-09-17 07:58 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-09-30 22:29 - 2015-09-17 07:57 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-09-30 22:29 - 2015-09-17 07:57 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-09-30 22:29 - 2015-09-17 07:57 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-09-30 22:29 - 2015-09-17 07:57 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-09-30 22:29 - 2015-09-17 07:56 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-09-30 22:29 - 2015-09-17 07:56 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-09-30 22:29 - 2015-09-17 07:56 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-09-30 22:29 - 2015-09-17 07:55 - 02236416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-30 22:29 - 2015-09-17 07:55 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-09-30 22:29 - 2015-09-17 07:55 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll
2015-09-30 22:29 - 2015-09-17 07:55 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-09-30 22:29 - 2015-09-17 07:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2015-09-30 22:29 - 2015-09-17 07:55 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2015-09-30 22:29 - 2015-09-17 07:55 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2015-09-30 22:29 - 2015-09-17 07:55 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-09-30 22:29 - 2015-09-17 07:55 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-09-30 22:29 - 2015-09-17 07:54 - 03781120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-09-30 22:29 - 2015-09-17 07:54 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-09-30 22:29 - 2015-09-17 07:54 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-09-30 22:29 - 2015-09-17 07:53 - 07055872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-09-30 22:29 - 2015-09-17 07:52 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-09-30 22:29 - 2015-09-17 07:52 - 01216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll
2015-09-30 22:29 - 2015-09-17 07:52 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-09-30 22:29 - 2015-09-17 07:52 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2015-09-30 22:29 - 2015-09-17 07:52 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-09-30 22:29 - 2015-09-17 07:52 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-09-30 22:29 - 2015-09-17 07:52 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-09-30 22:29 - 2015-09-17 07:52 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-09-30 22:29 - 2015-09-17 07:52 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-09-30 22:29 - 2015-09-17 07:52 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-09-30 22:29 - 2015-09-17 07:51 - 02660864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-09-30 22:29 - 2015-09-17 07:51 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-09-30 22:29 - 2015-09-17 07:51 - 01203712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-09-30 22:29 - 2015-09-17 07:51 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-09-30 22:29 - 2015-09-17 07:51 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-09-30 22:29 - 2015-09-17 07:51 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2015-09-30 22:29 - 2015-09-17 07:50 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-09-30 22:29 - 2015-09-17 07:50 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2015-09-30 22:29 - 2015-09-17 07:50 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-09-30 22:29 - 2015-09-17 07:50 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeWiFi.dll
2015-09-30 22:29 - 2015-09-17 07:50 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeCell.dll
2015-09-30 22:29 - 2015-09-17 07:50 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2015-09-30 22:29 - 2015-09-17 07:49 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-30 22:29 - 2015-09-17 07:49 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-09-30 22:29 - 2015-09-17 07:49 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-09-30 22:29 - 2015-09-17 07:49 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll
2015-09-30 22:29 - 2015-09-17 07:49 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-09-30 22:29 - 2015-09-17 07:49 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-09-30 22:29 - 2015-09-17 07:49 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll
2015-09-30 22:29 - 2015-09-17 07:49 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeIP.dll
2015-09-30 22:29 - 2015-09-17 07:49 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll
2015-09-30 22:29 - 2015-09-17 07:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll
2015-09-30 22:29 - 2015-09-17 07:48 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-09-30 22:29 - 2015-09-17 07:48 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-09-30 22:29 - 2015-09-17 07:48 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-09-30 22:29 - 2015-09-17 07:48 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-09-30 22:29 - 2015-09-17 07:48 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2015-09-30 22:29 - 2015-09-17 07:48 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-09-30 22:29 - 2015-09-17 07:47 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2015-09-30 22:29 - 2015-09-17 07:47 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-09-30 22:29 - 2015-09-17 07:47 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-09-30 22:29 - 2015-09-17 07:46 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-09-30 22:29 - 2015-09-17 07:46 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-09-30 22:29 - 2015-09-17 07:46 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-09-30 22:29 - 2015-09-17 07:46 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-09-30 22:29 - 2015-09-17 07:46 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-09-30 22:29 - 2015-09-17 07:46 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2015-09-30 22:29 - 2015-09-17 07:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2015-09-30 22:29 - 2015-09-17 07:46 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll
2015-09-30 22:29 - 2015-09-17 07:45 - 01331200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-09-30 22:29 - 2015-09-17 07:45 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-09-30 22:29 - 2015-09-17 07:45 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-09-30 22:29 - 2015-09-17 07:45 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-09-30 22:29 - 2015-09-17 07:45 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2015-09-30 22:29 - 2015-09-17 07:44 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2015-09-30 22:29 - 2015-09-17 07:44 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-09-30 22:29 - 2015-09-17 07:44 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-09-30 22:29 - 2015-09-17 07:44 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-09-30 22:29 - 2015-09-17 07:43 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-09-30 22:29 - 2015-09-17 07:43 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-09-30 22:29 - 2015-09-17 07:43 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-09-30 22:29 - 2015-09-17 07:43 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-09-30 22:29 - 2015-09-17 07:42 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-09-30 22:29 - 2015-09-17 07:41 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-09-30 22:29 - 2015-09-17 07:40 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-09-30 22:29 - 2015-09-17 07:40 - 01918464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-09-30 22:29 - 2015-09-17 07:40 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-09-30 22:29 - 2015-09-17 07:39 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-09-30 22:29 - 2015-09-17 07:39 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-09-30 22:29 - 2015-09-17 07:38 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2015-09-30 22:29 - 2015-09-17 07:37 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-09-30 22:29 - 2015-09-17 07:36 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcenter.dll
2015-09-30 22:29 - 2015-09-17 07:35 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-09-30 22:29 - 2015-09-17 07:35 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-30 22:29 - 2015-09-17 07:35 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-09-30 22:29 - 2015-09-17 07:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-09-30 22:29 - 2015-09-17 07:34 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-09-30 22:29 - 2015-09-17 07:32 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-09-30 22:29 - 2015-09-17 07:32 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-09-30 22:29 - 2015-09-17 07:32 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-09-30 22:29 - 2015-09-17 07:31 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2015-09-30 22:29 - 2015-09-17 07:30 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-09-30 22:29 - 2015-09-17 07:29 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-09-30 22:29 - 2015-09-17 07:29 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-09-30 22:29 - 2015-09-17 07:29 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-09-30 22:29 - 2015-09-17 07:29 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-09-30 22:29 - 2015-09-17 07:28 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-09-30 22:29 - 2015-09-17 07:26 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-09-30 22:29 - 2015-09-17 07:16 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-09-30 22:29 - 2015-09-13 04:05 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-09-30 22:29 - 2015-09-13 03:41 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-09-30 12:03 - 2015-09-30 12:03 - 00000000 ____D C:\Recovery
2015-09-30 10:10 - 2015-10-08 23:08 - 00000000 ____D C:\WINDOWS\Panther
2015-09-30 09:29 - 2015-09-30 09:29 - 00000000 ____D C:\ProgramData\GlassWire
2015-09-29 23:53 - 2015-09-29 23:53 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-09-29 23:53 - 2015-09-29 23:53 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2015-09-29 23:53 - 2015-09-29 23:53 - 00000000 ____D C:\Users\elzad\AppData\Local\Apple
2015-09-29 23:53 - 2015-09-29 23:53 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-09-29 23:52 - 2015-09-29 23:52 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-29 23:52 - 2015-09-29 23:52 - 00000000 ____D C:\Program Files\Bonjour
2015-09-29 23:52 - 2015-09-29 23:52 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-09-29 16:05 - 2015-09-29 16:05 - 00000000 ___HD C:\ProgramData\CanonBJ
2015-09-29 08:49 - 2013-04-04 05:00 - 00391168 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMBV.DLL
2015-09-25 15:11 - 2015-09-25 15:11 - 00003270 _____ C:\WINDOWS\System32\Tasks\{1BC548F3-752D-4F88-B79D-479E1CC79ECD}
2015-09-25 15:06 - 2015-09-25 15:06 - 00000000 ____D C:\Users\elzad\Documents\Smart PC Recorder Records
2015-09-25 14:57 - 2015-09-25 15:18 - 00000000 ____D C:\Users\elzad\Documents\Záznam zvuku
2015-09-25 14:57 - 2015-09-25 14:57 - 00000000 ____D C:\Users\elzad\AppData\Local\Radek Chalupa
2015-09-25 14:07 - 2004-12-02 18:20 - 01843200 _____ (NCT Company Ltd.) C:\WINDOWS\SysWOW64\NCTAudioFile2.dll
2015-09-25 14:07 - 2004-08-25 13:53 - 00311296 _____ (NCT Company Ltd.) C:\WINDOWS\SysWOW64\NCTAudioRecord2.dll
2015-09-25 14:07 - 2004-05-20 13:07 - 00335872 _____ (NCT Company Ltd.) C:\WINDOWS\SysWOW64\NCTAudioVisualization2.dll
2015-09-25 14:07 - 2002-01-05 15:37 - 00344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr70.dll
2015-09-21 03:04 - 2015-09-21 03:04 - 00016148 _____ C:\WINDOWS\system32\JAN-PC_Jan_HistoryPrediction.bin
2015-09-20 01:35 - 2015-09-20 01:35 - 00000000 ____D C:\Users\elzad\AppData\Local\Samsung
2015-09-20 01:31 - 2015-09-20 12:41 - 00000000 ____D C:\ProgramData\Samsung
2015-09-19 14:50 - 2015-09-19 14:50 - 00004096 ___SH C:\{88B27E56-AE4E-4EE9-BE6C-36669260D431}.CBM
2015-09-19 14:49 - 2015-09-19 15:00 - 00000000 ____D C:\My Backups
2015-09-19 13:49 - 2015-09-19 13:49 - 00000000 ____D C:\Users\elzad\AppData\Local\GHISLER
2015-09-19 13:16 - 2015-09-19 13:56 - 00467456 ___SH C:\EUMONBMP.SYS
2015-09-18 14:36 - 2015-09-18 14:48 - 00000000 ____D C:\Users\Public\Documents\Stardock
2015-09-17 12:40 - 2015-10-17 10:51 - 00000000 ____D C:\AdwCleaner
2015-09-17 03:04 - 2015-10-16 15:03 - 00002484 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Corina
2015-09-17 03:04 - 2015-10-16 15:03 - 00000294 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Corina.job
2015-09-17 02:44 - 2015-09-17 02:44 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-09-17 02:43 - 2015-09-17 02:43 - 00000000 ____D C:\Program Files (x86)\StartW8
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-17 14:00 - 2015-08-17 13:40 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-17 12:57 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-17 11:05 - 2015-09-13 15:30 - 00000000 ____D C:\Users\elzad\AppData\LocalLow\360WD
2015-10-17 10:57 - 2015-08-16 22:37 - 01762290 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-17 10:57 - 2015-07-10 18:02 - 00745406 _____ C:\WINDOWS\system32\perfh005.dat
2015-10-17 10:57 - 2015-07-10 18:02 - 00149344 _____ C:\WINDOWS\system32\perfc005.dat
2015-10-17 10:53 - 2015-09-14 09:28 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-17 10:53 - 2015-08-24 18:52 - 00000000 ____D C:\Users\elzad\Documents\AirDroid
2015-10-17 10:52 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-17 10:41 - 2015-08-21 12:56 - 00000000 ____D C:\Users\elzad\AppData\Roaming\Free Download Manager
2015-10-17 10:17 - 2015-08-20 11:13 - 00004194 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{60970F81-AD71-44B0-AA71-BF01C6F40190}
2015-10-17 01:53 - 2015-09-13 15:37 - 00000000 ____D C:\Users\elzad\AppData\Roaming\360safe
2015-10-16 18:42 - 2015-09-08 14:20 - 00000000 ____D C:\Users\elzad\AppData\Local\CrashDumps
2015-10-16 09:42 - 2015-08-16 23:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-16 09:42 - 2015-08-16 23:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-16 05:39 - 2015-08-16 23:12 - 00001236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-16 05:39 - 2015-08-16 23:12 - 00001224 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-10-16 05:37 - 2015-08-17 07:47 - 00000000 ____D C:\Program Files (x86)\MP3Gain
2015-10-16 05:05 - 2015-08-19 23:21 - 00002942 _____ C:\WINDOWS\System32\Tasks\Run RoboForm TaskBar Icon
2015-10-16 04:31 - 2015-09-14 09:51 - 00001179 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-16 04:31 - 2015-09-14 09:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-16 04:31 - 2015-09-14 09:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-15 16:04 - 2015-08-19 18:15 - 00001197 _____ C:\Users\elzad\Desktop\Řešení.txt
2015-10-15 11:52 - 2015-08-17 16:26 - 00000000 ____D C:\Users\elzad\AppData\Roaming\Audacity
2015-10-14 19:30 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-14 17:56 - 2015-08-18 10:09 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-14 17:47 - 2015-08-17 13:35 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-14 15:35 - 2015-08-17 06:14 - 00002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-13 00:05 - 2015-09-08 13:39 - 00000000 ____D C:\Program Files\Zoner
2015-10-12 23:56 - 2015-07-10 11:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-10-12 17:30 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-10-11 15:18 - 2015-08-26 05:04 - 00000000 ____D C:\ProgramData\Stardock
2015-10-11 00:58 - 2015-09-13 21:02 - 00000000 _RSHD C:\360SANDBOX
2015-10-09 16:18 - 2015-08-17 05:11 - 00000000 ____D C:\ProgramData\ProductData
2015-10-09 16:15 - 2015-08-17 05:10 - 00000000 ____D C:\Program Files (x86)\IObit
2015-10-09 15:36 - 2015-08-28 16:05 - 00002366 _____ C:\Users\elzad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-09 15:36 - 2015-08-16 22:51 - 00000000 ___RD C:\Users\elzad\OneDrive
2015-10-09 15:31 - 2015-08-26 05:04 - 00000000 ____D C:\Users\elzad\AppData\Local\Stardock
2015-10-08 23:12 - 2015-08-27 17:36 - 00000000 ____D C:\ProgramData\IsolatedStorage
2015-10-08 23:07 - 2015-08-17 05:04 - 00000000 __SHD C:\ProgramData\360Quarant
2015-10-08 23:07 - 2015-06-02 18:30 - 00000000 __SHD C:\$360Section
2015-10-08 23:01 - 2015-08-17 02:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2015-10-06 17:47 - 2015-08-17 05:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-10-05 16:43 - 2015-09-13 15:30 - 00000000 ____D C:\ProgramData\360TotalSecurity
2015-10-05 14:59 - 2015-08-22 13:34 - 00001908 _____ C:\WINDOWS\diagwrn.xml
2015-10-05 14:59 - 2015-08-22 13:34 - 00001908 _____ C:\WINDOWS\diagerr.xml
2015-10-05 13:30 - 2015-08-17 06:13 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-05 09:50 - 2015-09-14 09:51 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-10-05 09:50 - 2015-09-14 09:51 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-10-04 10:29 - 2015-08-26 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-10-03 14:58 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\rescache
2015-10-02 19:36 - 2015-08-19 11:41 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-02 19:36 - 2015-08-19 11:41 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-02 02:59 - 2015-07-10 13:04 - 00000259 _____ C:\WINDOWS\system.ini
2015-10-01 11:03 - 2015-09-04 13:33 - 00000000 ___HD C:\Users\elzad\Desktop\MyPhoneExplorer portable
2015-10-01 00:35 - 2015-07-10 13:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-10-01 00:35 - 2015-07-10 13:04 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-10-01 00:35 - 2015-07-10 13:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-10-01 00:35 - 2015-07-10 13:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-01 00:35 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-10-01 00:35 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-10-01 00:35 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-10-01 00:35 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-09-30 13:39 - 2015-08-28 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YoWindow
2015-09-30 13:39 - 2015-08-25 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-09-30 13:39 - 2015-08-25 15:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2015-09-30 13:39 - 2015-08-22 13:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup Free 8.6
2015-09-30 13:39 - 2015-08-21 13:51 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-09-30 13:39 - 2015-08-21 12:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2015-09-30 13:39 - 2015-08-21 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2015-09-30 13:39 - 2015-08-21 11:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-09-30 13:39 - 2015-08-17 07:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2015-09-30 13:39 - 2015-08-17 07:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Display Stix
2015-09-30 13:39 - 2015-08-17 07:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClocX
2015-09-30 13:39 - 2015-08-17 06:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FeedReader
2015-09-30 13:39 - 2015-08-17 06:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-30 13:39 - 2015-08-17 05:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-09-30 13:39 - 2015-08-17 04:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jetAudio
2015-09-30 13:39 - 2015-08-17 04:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock
2015-09-30 13:39 - 2015-08-17 02:31 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2015-09-30 13:39 - 2015-08-17 00:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-09-30 13:39 - 2015-07-10 18:02 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-09-30 13:39 - 2015-07-10 18:02 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2015-09-30 13:39 - 2015-07-10 18:02 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-09-30 13:39 - 2015-07-10 15:19 - 00000000 ____D C:\WINDOWS\DigitalLocker
2015-09-30 13:39 - 2015-07-10 13:04 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-09-30 13:39 - 2015-07-10 13:04 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-09-30 13:39 - 2015-07-10 13:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2015-09-30 13:39 - 2015-07-10 13:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2015-09-30 13:39 - 2015-07-10 13:04 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2015-09-30 13:39 - 2015-07-10 13:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-30 13:39 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Speech_OneCore
2015-09-30 13:39 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2015-09-30 13:39 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-09-30 13:39 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-09-30 13:39 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\spool
2015-09-30 13:39 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-09-30 13:39 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\InputMethod
2015-09-30 13:39 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\IME
2015-09-30 13:39 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\Help
2015-09-30 13:39 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-09-30 13:38 - 2015-09-13 04:31 - 00000000 ____D C:\Users\elzad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup-
2015-09-30 13:38 - 2015-09-04 11:54 - 00000000 ____D C:\Users\elzad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyHeritage.com
2015-09-30 13:38 - 2015-08-26 10:37 - 00000000 ____D C:\Users\elzad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drakensang Online
2015-09-30 13:38 - 2015-08-22 19:09 - 00000000 ____D C:\Users\elzad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-30 13:38 - 2015-08-21 12:23 - 00000000 ____D C:\Users\elzad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\365dní
2015-09-30 13:38 - 2015-08-20 14:31 - 00000000 ____D C:\Users\elzad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Funcom
2015-09-30 13:38 - 2015-08-17 07:47 - 00000000 ____D C:\Users\elzad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
2015-09-30 13:38 - 2015-08-17 05:11 - 00000000 ____D C:\Users\elzad\AppData\LocalLow\IObit
2015-09-30 13:38 - 2015-08-17 05:10 - 00000000 ____D C:\Users\elzad\AppData\Roaming\IObit
2015-09-30 13:38 - 2015-08-17 04:51 - 00000000 ____D C:\Users\elzad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2015-09-30 13:38 - 2015-08-17 00:02 - 00000000 ____D C:\Users\elzad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-09-30 13:38 - 2015-08-16 22:43 - 00000000 ___RD C:\Users\elzad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-30 13:38 - 2015-08-16 22:43 - 00000000 ____D C:\Users\elzad
2015-09-30 13:38 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-09-30 10:48 - 2015-07-10 11:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-09-30 10:45 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\registration
2015-09-29 23:52 - 2015-08-24 18:55 - 00000000 ____D C:\ProgramData\Apple
2015-09-29 16:06 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-09-29 10:19 - 2015-09-13 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2015-09-28 18:00 - 2015-09-13 15:30 - 00000000 ____D C:\Users\elzad\AppData\Roaming\360TotalSecurity
2015-09-28 17:44 - 2015-08-28 15:44 - 00000000 ____D C:\Users\elzad\AppData\Roaming\YoWindow
2015-09-28 17:44 - 2015-08-28 15:44 - 00000000 ____D C:\Program Files (x86)\YoWindow
2015-09-26 12:48 - 2015-09-04 11:54 - 00000000 ____D C:\Users\elzad\AppData\Roaming\MyHeritage
2015-09-25 15:03 - 2015-08-30 10:49 - 00004608 _____ C:\Users\elzad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-25 14:49 - 2015-08-17 05:03 - 00000000 ____D C:\ProgramData\TEMP
2015-09-22 17:00 - 2015-08-17 13:40 - 00003900 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-09-21 06:10 - 2015-09-13 15:30 - 00319568 _____ (360.cn) C:\WINDOWS\system32\Drivers\360Box64.sys
2015-09-21 06:10 - 2015-09-13 15:30 - 00077904 _____ (360.cn) C:\WINDOWS\system32\Drivers\360AvFlt.sys
2015-09-20 19:19 - 2015-08-16 22:46 - 00000000 ____D C:\Users\elzad\AppData\Local\Packages
2015-09-19 13:56 - 2015-08-22 15:03 - 00000000 ____D C:\WINDOWS\system32\config\regsave
2015-09-18 14:48 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-17 12:47 - 2015-08-26 04:40 - 00001435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2015-09-17 12:47 - 2015-08-25 17:28 - 00001084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-09-17 12:47 - 2015-08-23 18:26 - 00002475 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-09-17 12:47 - 2015-08-21 13:51 - 00001176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
2015-09-17 12:47 - 2015-08-21 13:50 - 00001286 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
2015-09-17 12:47 - 2015-08-21 13:50 - 00001134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2015-09-17 12:47 - 2015-08-21 13:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
2015-09-17 12:47 - 2015-08-21 13:47 - 00001632 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2015-09-17 12:47 - 2015-08-21 13:47 - 00001458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2015-09-17 12:47 - 2015-08-17 05:21 - 00001274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-09-17 12:46 - 2015-09-13 04:20 - 00001414 _____ C:\Users\Public\Desktop\WinTools.net Professional.lnk
2015-09-17 12:46 - 2015-08-25 19:15 - 00001181 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2015-09-17 12:46 - 2015-08-25 17:28 - 00001078 _____ C:\Users\Public\Desktop\Audacity.lnk
2015-09-17 12:46 - 2015-08-25 15:42 - 00001269 _____ C:\Users\Public\Desktop\aTube Catcher.lnk
2015-09-17 12:46 - 2015-08-22 15:27 - 00001954 _____ C:\Users\elzad\Desktop\FeedReader.lnk
2015-09-17 12:46 - 2015-08-22 13:22 - 00002206 _____ C:\Users\Public\Desktop\EaseUS Todo Backup Free 8.6 .lnk
2015-09-17 12:46 - 2015-08-21 11:43 - 00001005 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2015-09-17 12:46 - 2015-08-20 14:52 - 00001892 _____ C:\Users\Public\Desktop\jetAudio.lnk
2015-09-17 12:46 - 2015-08-20 11:13 - 00001540 _____ C:\Users\elzad\Desktop\iexplore.lnk
2015-09-17 12:46 - 2015-08-17 07:50 - 00000667 _____ C:\Users\Public\Desktop\Total Commander.lnk
2015-09-17 12:46 - 2015-08-17 05:21 - 00001268 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2015-09-17 12:46 - 2015-08-17 05:06 - 00001395 _____ C:\Users\Public\Desktop\Freemake Audio Converter.lnk
2015-09-17 12:45 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\Performance
==================== Files in the root of some directories =======
2015-08-30 10:49 - 2015-09-25 15:03 - 0004608 _____ () C:\Users\elzad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-27 09:01 - 2015-08-27 18:45 - 0007605 _____ () C:\Users\elzad\AppData\Local\resmon.resmoncfg
2015-09-13 04:19 - 2015-09-13 04:19 - 2777714 _____ (WinTools Software Engineering, Ltd. ) C:\Users\elzad\AppData\Local\Tempwintoolspro.exe
2015-08-16 22:51 - 2015-08-16 22:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-08-17 07:28 - 2015-08-17 07:28 - 0000114 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2015-09-17 02:44 - 2015-09-17 02:44 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Files to move or delete:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Some files in TEMP:
====================
C:\Users\elzad\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-10-14 14:55
==================== End of FRST.txt ============================
- Přílohy
-
- Addition.rar
- (8.65 KiB) Staženo 35 x
Re: Prosím o kontrolu logu
- Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
- ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
- znovu spustte FRST a kliknete na Fix
- po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi
Kód: Vybrat vše
Start CreateRestorePoint: CloseProcesses: HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Run: [Malwarebytes Anti-Malware Premium 2] => wscript.exe //B "C:\Users\elzad\AppData\Local\Temp\Malwarebytes Anti-Malware Premium 2.1.8.1057 Multilingual + KeyGen by FFF.vbs" <===== ATTENTION HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoStartMenuPinnedList] 0 HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0 HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoUserNameInStartMenu] 1 HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoCommonGroups] 0 HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoRecentDocsMenu] 0 HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoManageMyComputerVerb] 0 ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION SearchScopes: HKU\S-1-5-21-3753039968-2491021084-3569134365-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FF NetworkProxy: "type", 4 CHR StartupUrls: Default -> "hxxp://www.centrum.cz/","hxxp://www.mystartsearch.com/?type=hp&ts=1428271529&from=wpc&uid=ST31000524AS_6VPDNVELXXXX6VPDNVEL","hxxp://www.mystartsearch.com/?type=hp&ts=1435073511&z=990260a372f01e2c8c2d35dg3z0c9w4e4mfcew9q6m&from=wpc&uid=ST31000524AS_6VPDNVELXXXX6VPDNVEL","hxxp://www.istartsurf.com/?type=hp&ts=1442450615&z=b56fb94730c8fa5f1e2fa16g1z4z4o5zcwee6z9wbc&from=cor&uid=ST31000524AS_6VPDNVELXXXX6VPDNVEL" 2015-10-16 17:18 - 2015-10-16 17:25 - 00000000 ____D C:\Program Files\trend micro 2015-10-16 17:18 - 2015-10-16 17:19 - 00000000 ____D C:\rsit 2015-08-16 22:51 - 2015-08-16 22:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2015-09-17 02:44 - 2015-09-17 02:44 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Task: {65E35795-D4DF-46C5-AF2A-421842AA7763} - \Open URL by RoboForm -> No File <==== ATTENTION Task: {D137B636-68B3-4AA2-839B-D1F5F7C32C48} - System32\Tasks\{1BC548F3-752D-4F88-B79D-479E1CC79ECD} => pcalua.exe -a C:\Downloads\Software\srwa5-1.61.4.exe -d C:\Downloads\Software Task: {EA1B1997-6D4E-4515-BE45-760682708C41} - \{C9713672-B6B8-4E6A-B2F5-F84C9DEED700} -> No File <==== ATTENTION Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Corina.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_elzad.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 AlternateDataStreams: C:\ProgramData\TEMP:9341E0C6 Hosts: EmptyTemp: End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
-
elzad
Re: Prosím o kontrolu logu
Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument) to jsem udelal
znovu spustte FRST a kliknete na Fix když klepnu na Fix, napíše, že nenašel soubor
po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument) to jsem udelal
znovu spustte FRST a kliknete na Fix když klepnu na Fix, napíše, že nenašel soubor
po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi
Re: Prosím o kontrolu logu
Nevsiml jsem si, ze jste nepostupoval podle navodu. fixlist musi byt umisten rovnez v C:\Downloads\Software
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
-
elzad
Re: Prosím o kontrolu logu
Fix result of Farbar Recovery Scan Tool (x64) Version:17-10-2015
Ran by Corina (2015-10-18 00:59:01) Run:1
Running from C:\Downloads\Software
Loaded Profiles: Corina (Available Profiles: Corina)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Run: [Malwarebytes Anti-Malware Premium 2] => wscript.exe //B "C:\Users\elzad\AppData\Local\Temp\Malwarebytes Anti-Malware Premium 2.1.8.1057 Multilingual + KeyGen by FFF.vbs" <===== ATTENTION
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoStartMenuPinnedList] 0
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoUserNameInStartMenu] 1
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoCommonGroups] 0
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoManageMyComputerVerb] 0
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3753039968-2491021084-3569134365-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF NetworkProxy: "type", 4
CHR StartupUrls: Default -> "hxxp://www.centrum.cz/","hxxp://www.mystartsea ... XX6VPDNVEL"
2015-10-16 17:18 - 2015-10-16 17:25 - 00000000 ____D C:\Program Files\trend micro
2015-10-16 17:18 - 2015-10-16 17:19 - 00000000 ____D C:\rsit
2015-08-16 22:51 - 2015-08-16 22:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-09-17 02:44 - 2015-09-17 02:44 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Task: {65E35795-D4DF-46C5-AF2A-421842AA7763} - \Open URL by RoboForm -> No File <==== ATTENTION
Task: {D137B636-68B3-4AA2-839B-D1F5F7C32C48} - System32\Tasks\{1BC548F3-752D-4F88-B79D-479E1CC79ECD} => pcalua.exe -a C:\Downloads\Software\srwa5-1.61.4.exe -d C:\Downloads\Software
Task: {EA1B1997-6D4E-4515-BE45-760682708C41} - \{C9713672-B6B8-4E6A-B2F5-F84C9DEED700} -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Corina.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_elzad.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:9341E0C6
Hosts:
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes Anti-Malware Premium 2 => value removed successfully
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuPinnedList => value removed successfully
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuMFUprogramsList => value removed successfully
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoUserNameInStartMenu => value removed successfully
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoCommonGroups => value removed successfully
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRecentDocsMenu => value removed successfully
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoManageMyComputerVerb => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => key removed successfully
HKCR\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => key removed successfully
HKCR\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
Firefox Proxy settings were reset.
Chrome StartupUrls => removed successfully
C:\Program Files\trend micro => moved successfully
C:\rsit => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65E35795-D4DF-46C5-AF2A-421842AA7763}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65E35795-D4DF-46C5-AF2A-421842AA7763}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Open URL by RoboForm" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D137B636-68B3-4AA2-839B-D1F5F7C32C48}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D137B636-68B3-4AA2-839B-D1F5F7C32C48}" => key removed successfully
C:\WINDOWS\System32\Tasks\{1BC548F3-752D-4F88-B79D-479E1CC79ECD} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1BC548F3-752D-4F88-B79D-479E1CC79ECD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA1B1997-6D4E-4515-BE45-760682708C41}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA1B1997-6D4E-4515-BE45-760682708C41}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C9713672-B6B8-4E6A-B2F5-F84C9DEED700}" => key removed successfully
C:\WINDOWS\Tasks\Uninstaller_SkipUac_Corina.job => moved successfully
C:\WINDOWS\Tasks\Uninstaller_SkipUac_elzad.job => moved successfully
C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.
C:\ProgramData\TEMP => ":9341E0C6" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 639.7 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 01:02:02 ====
Ran by Corina (2015-10-18 00:59:01) Run:1
Running from C:\Downloads\Software
Loaded Profiles: Corina (Available Profiles: Corina)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Run: [Malwarebytes Anti-Malware Premium 2] => wscript.exe //B "C:\Users\elzad\AppData\Local\Temp\Malwarebytes Anti-Malware Premium 2.1.8.1057 Multilingual + KeyGen by FFF.vbs" <===== ATTENTION
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoStartMenuPinnedList] 0
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoUserNameInStartMenu] 1
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoCommonGroups] 0
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Policies\Explorer: [NoManageMyComputerVerb] 0
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3753039968-2491021084-3569134365-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF NetworkProxy: "type", 4
CHR StartupUrls: Default -> "hxxp://www.centrum.cz/","hxxp://www.mystartsea ... XX6VPDNVEL"
2015-10-16 17:18 - 2015-10-16 17:25 - 00000000 ____D C:\Program Files\trend micro
2015-10-16 17:18 - 2015-10-16 17:19 - 00000000 ____D C:\rsit
2015-08-16 22:51 - 2015-08-16 22:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-09-17 02:44 - 2015-09-17 02:44 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Task: {65E35795-D4DF-46C5-AF2A-421842AA7763} - \Open URL by RoboForm -> No File <==== ATTENTION
Task: {D137B636-68B3-4AA2-839B-D1F5F7C32C48} - System32\Tasks\{1BC548F3-752D-4F88-B79D-479E1CC79ECD} => pcalua.exe -a C:\Downloads\Software\srwa5-1.61.4.exe -d C:\Downloads\Software
Task: {EA1B1997-6D4E-4515-BE45-760682708C41} - \{C9713672-B6B8-4E6A-B2F5-F84C9DEED700} -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Corina.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_elzad.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:9341E0C6
Hosts:
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes Anti-Malware Premium 2 => value removed successfully
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuPinnedList => value removed successfully
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuMFUprogramsList => value removed successfully
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoUserNameInStartMenu => value removed successfully
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoCommonGroups => value removed successfully
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRecentDocsMenu => value removed successfully
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoManageMyComputerVerb => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => key removed successfully
HKCR\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => key removed successfully
HKCR\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
Firefox Proxy settings were reset.
Chrome StartupUrls => removed successfully
C:\Program Files\trend micro => moved successfully
C:\rsit => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65E35795-D4DF-46C5-AF2A-421842AA7763}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65E35795-D4DF-46C5-AF2A-421842AA7763}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Open URL by RoboForm" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D137B636-68B3-4AA2-839B-D1F5F7C32C48}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D137B636-68B3-4AA2-839B-D1F5F7C32C48}" => key removed successfully
C:\WINDOWS\System32\Tasks\{1BC548F3-752D-4F88-B79D-479E1CC79ECD} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1BC548F3-752D-4F88-B79D-479E1CC79ECD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA1B1997-6D4E-4515-BE45-760682708C41}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA1B1997-6D4E-4515-BE45-760682708C41}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C9713672-B6B8-4E6A-B2F5-F84C9DEED700}" => key removed successfully
C:\WINDOWS\Tasks\Uninstaller_SkipUac_Corina.job => moved successfully
C:\WINDOWS\Tasks\Uninstaller_SkipUac_elzad.job => moved successfully
C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.
C:\ProgramData\TEMP => ":9341E0C6" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 639.7 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 01:02:02 ====
Re: Prosím o kontrolu logu
Takze jeste uklidime.
- Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
- Oznacte jen moznost "Remove disinfection tools"
- kliknete na Run
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
-
elzad
Re: Prosím o kontrolu logu
# DelFix v1.011 - Logfile created 18/10/2015 at 11:50:35
# Updated 18/08/2015 by Xplode
# Username : Corina - JAN-PC
# Operating System : Windows 10 Home (64 bits)
~ Removing disinfection tools ...
Deleted : C:\Qoobox
Deleted : C:\32788R22FWJFW
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\log.txt
Deleted : C:\Users\elzad\Desktop\adwcleaner_5.013.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
########## - EOF - ##########
Pokud je to všechno, tak velice děkuji. Jan Zwinger
# Updated 18/08/2015 by Xplode
# Username : Corina - JAN-PC
# Operating System : Windows 10 Home (64 bits)
~ Removing disinfection tools ...
Deleted : C:\Qoobox
Deleted : C:\32788R22FWJFW
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\log.txt
Deleted : C:\Users\elzad\Desktop\adwcleaner_5.013.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
########## - EOF - ##########
Pokud je to všechno, tak velice děkuji. Jan Zwinger
Re: Prosím o kontrolu logu
Radoby crack bezpecnostniho softwaru byl odstranen, takze je to vse.
Nemate zac, rad jsem pomohl
Mejte se krasne a treba zase nekdy
Nemate zac, rad jsem pomohl
Mejte se krasne a treba zase nekdy
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Přispějete na provoz fóra?