. ďaujem 
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
vysoký UPload
Moderátor: Moderátoři
vysoký UPload
dobrý deň, prosím vás o pomoc s mojím problémom...už dlhšiu dobu mám problém s vysokou hdnotou môjho uploadu, inokedy by mi to neprekážalo ale nakolko momentálne študujem a bývam na internáte máme tu týždennú prenosovú kôtu ktorá činí 40GB a to oboma smermi, jedná sa ale o to že častokrát pri kontrolovaní využití kôty narazím na vysoký upload ktorý mi podstatne rýchlejšie odčerpá daný objem dát pri tom ale žiadny upload nerobím, po sťahovaní cez torrenty vždy torrent ukončím a celú aplikáciu vypnem cez správcu úloh. pripíja obrázok aby ste mali predstavu ako velké su tie hohnoty. . ďaujem
. ďaujem -
Rudy
- Site Admin
- Příspěvky: 119381
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: vysoký UPload
Zdravím!
K tomu, abchom zjistili, kde je problém, bude třeba otestovat všechna zařízení, která jsou na danou wifi síť připojena. Některý z připojených PC je zřejmě zavirován a odesílá do internetu nějaká data.
K tomu, abchom zjistili, kde je problém, bude třeba otestovat všechna zařízení, která jsou na danou wifi síť připojena. Některý z připojených PC je zřejmě zavirován a odesílá do internetu nějaká data.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: vysoký UPload
No ono to nie je wifi sieť je to normálne po šnúre.... písal som aj ja helpdesk s tým že aký mám problém tak ma odbili tým že nemá zmysel mi tie dáta nejak obnovovať lebo nad ich mínaním niemám kontrolu... robím si pravidelne kontroly cez antivirák aj malwarebytes a nikdy nič nenájde ... takže som ozaj bezradný ... naposledy bol za pol dňa upload až 21gb čo mi zo 7 denného 40GB objemu dosť odhryzlo ďakujem za odpoveď
ďakujem za odpoveď -
Rudy
- Site Admin
- Příspěvky: 119381
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: vysoký UPload
Víte z kterého PC to pochází? Pokud ano dejte z něj log FRST: http://forum.viry.cz/viewtopic.php?f=24&t=132509 . Mimoto mne zaráží, že více jak půl roku vám to bylo jedno.Rudy píše:Zdravím!
K tomu, abchom zjistili, kde je problém, bude třeba otestovat všechna zařízení, která jsou na danou wifi síť připojena. Některý z připojených PC je zřejmě zavirován a odesílá do internetu nějaká data.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: vysoký UPload
neviem a ani nemám ako zistiť. Som pripojený na internátnu sieť a otestovať všetky zariadenia nie je možné.
-
Rudy
- Site Admin
- Příspěvky: 119381
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: vysoký UPload
Já vám mohu vyčist PC, k němuž máte přístup. Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=24&t=132509 . Pokud ale na to budete opět půl roku kašlat, nemá význam, abychom něco čistili.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: vysoký UPload
no začiatkom januára som ukončil štúdium čiže som už nemal ako otestovať funkčnosť toho čo by mi kto napísal pre to tá časová prodleva. Ospravedlňujem sa. tu už pripájam spomináný log: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by Peter (administrator) on PETER-PC (13-12-2016 19:39:43)
Running from C:\Users\Peter\AppData\Local\Temp\scoped_dir9604_12806
Loaded Profiles: Peter (Available Profiles: Peter)
Platform: Windows 8.1 (Update) (X64) Language: Angličtina (USA)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Pokki) C:\Users\Peter\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
() C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe
() C:\Program Files (x86)\Anvsoft\Syncios\androidnotifier.exe
() C:\Program Files (x86)\Anvsoft\Syncios\adb.exe
(SoftPerfect) C:\Program Files\NetWorx\networx.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-09-24] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-11] (IDT, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-10-04] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-10-04] (Lenovo(beijing) Limited)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [hshhsaaaws] => [X]
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [7640904 2016-12-08] (SoftPerfect)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-15] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe [1925136 2016-07-15] ()
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [55264 2016-03-10] (Malwarebytes)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29547136 2016-08-17] (Skype Technologies S.A.)
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4289728 2016-04-04] (Disc Soft Ltd)
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\...\MountPoints2: G - "G:\setup.exe"
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\...\MountPoints2: {3b9455de-6502-11e6-8281-80193439446d} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\...\MountPoints2: {3b9455fc-6502-11e6-8281-80193439446d} - "F:\HiSuiteDownLoader.exe"
Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Odoslanie do aplikácie OneNote.lnk [2016-10-25]
ShortcutTarget: Odoslanie do aplikácie OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{50843068-EEBB-47DF-B18F-EF84E8B14E73}: [DhcpNameServer] 192.168.120.1 195.168.1.2
Tcpip\..\Interfaces\{EE6ADE99-5D37-4B85-BC53-C09EC1F2AE17}: [DhcpNameServer] 10.143.8.1 195.178.72.150
Internet Explorer:
==================
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-47896895-3338985398-2092846972-1001 -> DefaultScope {C8BB25FB-2E75-49CE-8B5B-B0C023BE402F} URL =
SearchScopes: HKU\S-1-5-21-47896895-3338985398-2092846972-1001 -> {C8BB25FB-2E75-49CE-8B5B-B0C023BE402F} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-10-30] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-09-27] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-30] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-27] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-10-30] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-27] (Oracle Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-10-30] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-30] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Peter\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-11-01]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3294912 2016-10-30] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1443520 2016-04-04] (Disc Soft Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2815520 2016-10-11] (ESET)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2014-01-28] (Futuremark)
R2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [191688 2016-05-25] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-09-24] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-09-21] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-21] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [338944 2013-08-11] (IDT, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-10-04] ()
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-21] (Intel® Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 btmaux; C:\windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.)
S3 dg_ssudbus; C:\windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\windows\System32\drivers\dtlitescsibus.sys [30264 2016-04-22] (Disc Soft Ltd)
R3 dtliteusbbus; C:\windows\System32\drivers\dtliteusbbus.sys [47672 2016-04-22] (Disc Soft Ltd)
R1 eamonm; C:\windows\System32\DRIVERS\eamonm.sys [232072 2016-10-13] (ESET)
R0 edevmon; C:\windows\System32\DRIVERS\edevmon.sys [212096 2016-10-13] (ESET)
S0 eelam; C:\windows\System32\DRIVERS\eelam.sys [15488 2016-10-13] (ESET)
R1 ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys [177792 2016-10-13] (ESET)
R2 ekbdflt; C:\windows\system32\DRIVERS\ekbdflt.sys [48768 2016-10-13] (ESET)
R1 epfw; C:\windows\system32\DRIVERS\epfw.sys [76416 2016-10-13] (ESET)
R1 epfwwfp; C:\windows\system32\DRIVERS\epfwwfp.sys [91784 2016-10-13] (ESET)
S3 ew_usbccgpfilter; C:\windows\System32\drivers\ew_usbccgpfilter.sys [18816 2016-05-25] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-05-25] (Huawei Technologies Co., Ltd.)
R3 ibtusb; C:\windows\system32\DRIVERS\ibtusb.sys [118216 2013-09-10] (Intel Corporation)
U0 ihep; C:\windows\System32\drivers\mtlmkyx.sys [79064 2016-12-12] (Malwarebytes)
R0 IntelHSWPcc; C:\windows\System32\drivers\IntelPcc.sys [74344 2013-07-03] (Intel Corporation)
R3 MEIx64; C:\windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 NETwNb64; C:\windows\system32\DRIVERS\NETwbw02.sys [3609568 2013-12-25] (Intel Corporation)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R1 networx; C:\windows\System32\drivers\networx.sys [72632 2016-10-04] (NetFilterSDK.com)
R2 NPF; C:\windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 nvvad_WaveExtensible; C:\windows\system32\drivers\nvvad64v.sys [39200 2013-12-28] (NVIDIA Corporation)
R3 SensorsSimulatorDriver; C:\windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R3 SmbDrvI; C:\windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated)
S3 ssudmdm; C:\windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\windows\system32\DRIVERS\ssudserd.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
R3 vm331avs; C:\windows\System32\Drivers\vm331avs.sys [1065472 2013-08-30] (Vimicro Corporation)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S3 cpuz130; \??\C:\Users\Peter\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 cpuz136; \??\C:\windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 GPUZ; \??\C:\windows\TEMP\GPUZ.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2035-09-02 22:35 - 2013-07-23 18:43 - 00000128 _____ C:\tmp2
2016-12-13 19:32 - 2016-12-13 19:39 - 00000000 ____D C:\FRST
2016-12-13 19:31 - 2016-12-13 19:31 - 02420224 _____ (Farbar) C:\Users\Peter\Downloads\FRST64.exe
2016-12-12 01:44 - 2016-12-12 01:44 - 00000000 ____D C:\ProgramData\SoftPerfect
2016-12-12 01:44 - 2016-12-12 01:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWorx
2016-12-12 01:44 - 2016-12-12 01:44 - 00000000 ____D C:\Program Files\NetWorx
2016-12-12 01:44 - 2016-10-04 18:04 - 00072632 _____ (NetFilterSDK.com) C:\windows\system32\Drivers\networx.sys
2016-12-12 01:43 - 2016-12-12 01:43 - 04778072 _____ (Softperfect ) C:\Users\Peter\Downloads\networx_setup.exe
2016-12-12 01:37 - 2016-12-12 02:00 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Wireshark
2016-12-12 01:26 - 2016-12-12 01:26 - 00001809 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2016-12-12 01:26 - 2016-12-12 01:26 - 00001797 _____ C:\Users\Public\Desktop\Wireshark.lnk
2016-12-12 01:26 - 2016-12-12 01:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2016-12-12 01:26 - 2016-12-12 01:26 - 00000000 ____D C:\Program Files (x86)\WinPcap
2016-12-12 01:25 - 2016-12-12 01:25 - 00001609 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2016-12-12 01:24 - 2016-12-12 01:26 - 00000000 ____D C:\Program Files\Wireshark
2016-12-12 01:24 - 2016-12-12 01:24 - 00079064 _____ (Malwarebytes) C:\windows\system32\Drivers\mtlmkyx.sys
2016-12-12 01:21 - 2016-12-12 01:21 - 49242104 _____ (Wireshark development team) C:\Users\Peter\Downloads\wireshark_2.2.2Win64-bit.exe
2016-12-07 19:50 - 2016-12-07 20:02 - 00000000 ____D C:\Users\Peter\Documents\Mount&Blade Savegames
2016-12-07 19:48 - 2016-12-07 19:50 - 00000000 ____D C:\Program Files (x86)\Mount&Blade
2016-12-07 19:48 - 2016-12-07 19:48 - 00001066 _____ C:\Users\Peter\Desktop\Mount&Blade.lnk
2016-12-07 19:48 - 2016-12-07 19:48 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mount&Blade
2016-12-07 19:48 - 2016-12-07 19:48 - 00000000 ____D C:\Program Files (x86)\M
2016-12-07 19:18 - 2016-12-07 19:45 - 494298474 _____ C:\Users\Peter\Downloads\Mount-and-blade-CZ.rar
2016-12-07 19:08 - 2016-12-07 19:10 - 00000000 ____D C:\Users\Peter\Downloads\Mount.and.Blade.Warband-SKIDROW
2016-12-07 18:18 - 2016-12-07 18:23 - 00000000 ____D C:\Users\Peter\Desktop\textures
2016-12-07 18:18 - 2016-12-07 18:18 - 00000000 ____D C:\Users\Peter\Desktop\Modules
2016-12-07 18:18 - 2016-12-07 18:18 - 00000000 ____D C:\Users\Peter\Desktop\languages
2016-12-07 15:46 - 2016-12-07 15:46 - 00929145 _____ () C:\Users\Peter\Downloads\Mount-and-Blade-Warband-Čeština.exe
2016-12-07 15:42 - 2016-12-07 15:42 - 00929145 _____ () C:\Users\Peter\Downloads\CZMAB.exe
2016-12-07 15:42 - 2016-12-07 15:42 - 00000000 ____D C:\Program Files (x86)\Čeština pro Mount and Blade 0.960
2016-12-07 15:38 - 2016-12-09 01:48 - 00000000 ____D C:\Users\Peter\Documents\Mount&Blade Warband Savegames
2016-12-07 15:26 - 2016-12-07 15:26 - 00001163 _____ C:\Users\Peter\Desktop\Mount&Blade Warband.lnk
2016-12-07 15:26 - 2016-12-07 15:26 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Mount&Blade Warband
2016-12-07 15:26 - 2016-12-07 15:26 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mount&Blade Warband
2016-12-07 15:26 - 2016-12-07 15:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount&Blade Warband
2016-12-07 15:25 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_42.dll
2016-12-07 15:25 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_42.dll
2016-12-07 15:25 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_41.dll
2016-12-07 15:23 - 2016-12-09 01:32 - 00000000 ____D C:\Users\Peter\Documents\Mount&Blade Warband
2016-12-07 15:23 - 2016-12-07 15:27 - 00000000 ____D C:\Program Files (x86)\Mount&Blade Warband
2016-12-07 15:21 - 2016-12-07 15:22 - 615036714 _____ C:\Users\Peter\Downloads\mount-blade-warband_1.153.exe
2016-12-07 15:17 - 2016-12-07 15:20 - 00000000 ____D C:\Users\Peter\Downloads\Mount and blade crack
2016-12-07 15:06 - 2016-12-07 22:48 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Mount&Blade
2016-12-07 15:05 - 2016-12-07 15:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount&Blade
2016-12-07 15:01 - 2016-12-07 15:02 - 399385059 _____ C:\Users\Peter\Downloads\mount-blade_1.011.exe
2016-11-30 10:05 - 2016-11-30 10:05 - 00760840 _____ C:\Users\Peter\Desktop\brunecký.rar
2016-11-30 10:05 - 2016-11-30 10:05 - 00000000 ____D C:\Users\Peter\Desktop\Nový priečinok
2016-11-23 15:08 - 2016-11-23 15:08 - 00001223 _____ C:\Users\Peter\Desktop\Spintires.lnk
2016-11-23 15:08 - 2016-11-23 15:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2016-11-23 15:08 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_7.dll
2016-11-23 15:08 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_7.dll
2016-11-23 15:08 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\windows\system32\xinput1_3.dll
2016-11-23 15:08 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\windows\SysWOW64\xinput1_3.dll
2016-11-23 15:06 - 2016-11-23 15:06 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2016-11-23 14:57 - 2016-11-23 14:58 - 00000000 ____D C:\Users\Peter\Downloads\[R.G. Mechanics] Spintires
2016-11-23 14:42 - 2016-11-23 14:43 - 00000000 ____D C:\Users\Peter\Downloads\Spintires-CODEX
2016-11-23 13:49 - 2016-11-23 13:49 - 12270080 _____ C:\Users\Peter\Downloads\Spintires - InstallShield Wizard.exe
2016-11-23 13:44 - 2016-11-23 16:46 - 00000000 ____D C:\Users\Peter\AppData\Roaming\SpinTires
2016-11-23 13:43 - 2016-11-23 13:43 - 00000000 ____D C:\Users\Peter\AppData\Local\Personal_use_only_(Darean
2016-11-23 13:41 - 2016-11-23 13:42 - 658291191 ____R C:\Users\Peter\Downloads\IGG-Spintires.Build 25.12.2015.zip
2016-11-14 06:36 - 2016-10-28 22:04 - 00828408 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-11-14 06:36 - 2016-10-28 22:04 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-13 19:24 - 2016-10-26 16:48 - 00000565 _____ C:\windows\system32\Drivers\etc\hosts.ics
2016-12-13 19:18 - 2016-11-02 18:14 - 00000000 ____D C:\Users\Peter\Documents\Visual Studio 2015
2016-12-13 19:15 - 2016-04-13 11:06 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-12-13 18:37 - 2016-06-15 12:49 - 00000000 ____D C:\Users\Peter\Documents\Euro Truck Simulator 2
2016-12-13 17:55 - 2016-04-20 16:38 - 00000876 _____ C:\Users\Peter\Desktop\Start Tor Browser.lnk
2016-12-13 17:31 - 2016-04-13 10:42 - 00003926 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{212AA5ED-FE81-4271-A9CC-E10E4E7FBC92}
2016-12-13 12:45 - 2016-04-13 10:29 - 00000000 ____D C:\Users\Peter\AppData\Local\SweetLabs App Platform
2016-12-12 13:12 - 2016-04-13 19:59 - 00000000 ____D C:\Users\Peter\AppData\Roaming\vlc
2016-12-12 06:00 - 2016-04-13 10:39 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-47896895-3338985398-2092846972-1001
2016-12-12 01:25 - 2014-10-04 12:45 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-12 01:24 - 2013-08-22 16:36 - 00000000 ___RD C:\windows\ImmersiveControlPanel
2016-12-12 01:08 - 2016-04-20 20:36 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-11 01:30 - 2016-04-13 11:06 - 00000892 _____ C:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-12-09 15:36 - 2016-04-13 10:41 - 00000000 ___DO C:\Users\Peter\OneDrive
2016-12-09 04:55 - 2014-03-18 10:53 - 00915466 _____ C:\windows\system32\PerfStringBackup.INI
2016-12-09 04:55 - 2013-08-22 14:36 - 00000000 ____D C:\windows\Inf
2016-12-09 04:51 - 2013-08-22 15:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-12-09 04:50 - 2014-10-04 13:27 - 00006656 _____ C:\windows\system32\VfService.trf
2016-12-09 04:50 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\BBI
2016-12-09 04:13 - 2016-04-15 15:42 - 00000000 ____D C:\Users\Peter\AppData\Roaming\uTorrent
2016-12-09 04:13 - 2016-04-13 10:29 - 00000000 ____D C:\Users\Peter
2016-12-05 17:49 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\NDF
2016-11-25 06:58 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-11-25 06:56 - 2014-10-04 13:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-11-24 23:08 - 2016-04-13 10:54 - 00003858 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1460541278
2016-11-24 23:08 - 2016-04-13 10:54 - 00001074 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-11-24 23:08 - 2016-04-13 10:47 - 00000000 ____D C:\Program Files (x86)\Opera
2016-11-24 04:24 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-24 04:24 - 2013-08-22 16:36 - 00000000 ____D C:\windows\AppReadiness
2016-11-22 17:56 - 2016-05-15 16:05 - 00000000 ____D C:\Users\Peter\Desktop\HĽuza
2016-11-20 17:17 - 2016-04-15 09:28 - 00003304 _____ C:\windows\System32\Tasks\SweetLabs App Platform
2016-11-15 15:57 - 2013-08-22 16:36 - 00000000 ____D C:\windows\rescache
2016-11-14 06:35 - 2013-08-22 15:44 - 00484024 _____ C:\windows\system32\FNTCACHE.DAT
2016-11-14 06:30 - 2013-08-22 16:36 - 00000000 ___RD C:\windows\ToastData
==================== Files in the root of some directories =======
2016-04-18 20:33 - 2016-04-18 20:33 - 0005120 _____ () C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-05-13 18:45 - 2016-05-13 18:45 - 0007601 _____ () C:\Users\Peter\AppData\Local\Resmon.ResmonCfg
2014-10-04 12:44 - 2014-10-04 12:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Peter\AppData\Local\Temp\cpa.exe
C:\Users\Peter\AppData\Local\Temp\dxdiag.exe
C:\Users\Peter\AppData\Local\Temp\gamesetup.exe
C:\Users\Peter\AppData\Local\Temp\oct2031.tmp.exe
C:\Users\Peter\AppData\Local\Temp\oct2642.tmp.exe
C:\Users\Peter\AppData\Local\Temp\oct4D24.tmp.exe
C:\Users\Peter\AppData\Local\Temp\oct687.tmp.exe
C:\Users\Peter\AppData\Local\Temp\octC76E.tmp.exe
C:\Users\Peter\AppData\Local\Temp\octCF7.tmp.exe
C:\Users\Peter\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Peter\AppData\Local\Temp\wait.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-12-12 06:00
==================== End of FRST.txt ============================
Ran by Peter (administrator) on PETER-PC (13-12-2016 19:39:43)
Running from C:\Users\Peter\AppData\Local\Temp\scoped_dir9604_12806
Loaded Profiles: Peter (Available Profiles: Peter)
Platform: Windows 8.1 (Update) (X64) Language: Angličtina (USA)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Pokki) C:\Users\Peter\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
() C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe
() C:\Program Files (x86)\Anvsoft\Syncios\androidnotifier.exe
() C:\Program Files (x86)\Anvsoft\Syncios\adb.exe
(SoftPerfect) C:\Program Files\NetWorx\networx.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-09-24] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-11] (IDT, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-10-04] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-10-04] (Lenovo(beijing) Limited)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [hshhsaaaws] => [X]
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [7640904 2016-12-08] (SoftPerfect)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-15] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe [1925136 2016-07-15] ()
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [55264 2016-03-10] (Malwarebytes)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29547136 2016-08-17] (Skype Technologies S.A.)
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4289728 2016-04-04] (Disc Soft Ltd)
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\...\MountPoints2: G - "G:\setup.exe"
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\...\MountPoints2: {3b9455de-6502-11e6-8281-80193439446d} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\...\MountPoints2: {3b9455fc-6502-11e6-8281-80193439446d} - "F:\HiSuiteDownLoader.exe"
Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Odoslanie do aplikácie OneNote.lnk [2016-10-25]
ShortcutTarget: Odoslanie do aplikácie OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{50843068-EEBB-47DF-B18F-EF84E8B14E73}: [DhcpNameServer] 192.168.120.1 195.168.1.2
Tcpip\..\Interfaces\{EE6ADE99-5D37-4B85-BC53-C09EC1F2AE17}: [DhcpNameServer] 10.143.8.1 195.178.72.150
Internet Explorer:
==================
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-47896895-3338985398-2092846972-1001 -> DefaultScope {C8BB25FB-2E75-49CE-8B5B-B0C023BE402F} URL =
SearchScopes: HKU\S-1-5-21-47896895-3338985398-2092846972-1001 -> {C8BB25FB-2E75-49CE-8B5B-B0C023BE402F} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-10-30] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-09-27] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-30] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-27] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-10-30] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-27] (Oracle Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-10-30] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-30] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Peter\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-11-01]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3294912 2016-10-30] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1443520 2016-04-04] (Disc Soft Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2815520 2016-10-11] (ESET)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2014-01-28] (Futuremark)
R2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [191688 2016-05-25] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-09-24] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-09-21] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-21] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [338944 2013-08-11] (IDT, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-10-04] ()
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-21] (Intel® Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 btmaux; C:\windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.)
S3 dg_ssudbus; C:\windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\windows\System32\drivers\dtlitescsibus.sys [30264 2016-04-22] (Disc Soft Ltd)
R3 dtliteusbbus; C:\windows\System32\drivers\dtliteusbbus.sys [47672 2016-04-22] (Disc Soft Ltd)
R1 eamonm; C:\windows\System32\DRIVERS\eamonm.sys [232072 2016-10-13] (ESET)
R0 edevmon; C:\windows\System32\DRIVERS\edevmon.sys [212096 2016-10-13] (ESET)
S0 eelam; C:\windows\System32\DRIVERS\eelam.sys [15488 2016-10-13] (ESET)
R1 ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys [177792 2016-10-13] (ESET)
R2 ekbdflt; C:\windows\system32\DRIVERS\ekbdflt.sys [48768 2016-10-13] (ESET)
R1 epfw; C:\windows\system32\DRIVERS\epfw.sys [76416 2016-10-13] (ESET)
R1 epfwwfp; C:\windows\system32\DRIVERS\epfwwfp.sys [91784 2016-10-13] (ESET)
S3 ew_usbccgpfilter; C:\windows\System32\drivers\ew_usbccgpfilter.sys [18816 2016-05-25] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-05-25] (Huawei Technologies Co., Ltd.)
R3 ibtusb; C:\windows\system32\DRIVERS\ibtusb.sys [118216 2013-09-10] (Intel Corporation)
U0 ihep; C:\windows\System32\drivers\mtlmkyx.sys [79064 2016-12-12] (Malwarebytes)
R0 IntelHSWPcc; C:\windows\System32\drivers\IntelPcc.sys [74344 2013-07-03] (Intel Corporation)
R3 MEIx64; C:\windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 NETwNb64; C:\windows\system32\DRIVERS\NETwbw02.sys [3609568 2013-12-25] (Intel Corporation)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R1 networx; C:\windows\System32\drivers\networx.sys [72632 2016-10-04] (NetFilterSDK.com)
R2 NPF; C:\windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 nvvad_WaveExtensible; C:\windows\system32\drivers\nvvad64v.sys [39200 2013-12-28] (NVIDIA Corporation)
R3 SensorsSimulatorDriver; C:\windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R3 SmbDrvI; C:\windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated)
S3 ssudmdm; C:\windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\windows\system32\DRIVERS\ssudserd.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
R3 vm331avs; C:\windows\System32\Drivers\vm331avs.sys [1065472 2013-08-30] (Vimicro Corporation)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S3 cpuz130; \??\C:\Users\Peter\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 cpuz136; \??\C:\windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 GPUZ; \??\C:\windows\TEMP\GPUZ.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2035-09-02 22:35 - 2013-07-23 18:43 - 00000128 _____ C:\tmp2
2016-12-13 19:32 - 2016-12-13 19:39 - 00000000 ____D C:\FRST
2016-12-13 19:31 - 2016-12-13 19:31 - 02420224 _____ (Farbar) C:\Users\Peter\Downloads\FRST64.exe
2016-12-12 01:44 - 2016-12-12 01:44 - 00000000 ____D C:\ProgramData\SoftPerfect
2016-12-12 01:44 - 2016-12-12 01:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWorx
2016-12-12 01:44 - 2016-12-12 01:44 - 00000000 ____D C:\Program Files\NetWorx
2016-12-12 01:44 - 2016-10-04 18:04 - 00072632 _____ (NetFilterSDK.com) C:\windows\system32\Drivers\networx.sys
2016-12-12 01:43 - 2016-12-12 01:43 - 04778072 _____ (Softperfect ) C:\Users\Peter\Downloads\networx_setup.exe
2016-12-12 01:37 - 2016-12-12 02:00 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Wireshark
2016-12-12 01:26 - 2016-12-12 01:26 - 00001809 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2016-12-12 01:26 - 2016-12-12 01:26 - 00001797 _____ C:\Users\Public\Desktop\Wireshark.lnk
2016-12-12 01:26 - 2016-12-12 01:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2016-12-12 01:26 - 2016-12-12 01:26 - 00000000 ____D C:\Program Files (x86)\WinPcap
2016-12-12 01:25 - 2016-12-12 01:25 - 00001609 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2016-12-12 01:24 - 2016-12-12 01:26 - 00000000 ____D C:\Program Files\Wireshark
2016-12-12 01:24 - 2016-12-12 01:24 - 00079064 _____ (Malwarebytes) C:\windows\system32\Drivers\mtlmkyx.sys
2016-12-12 01:21 - 2016-12-12 01:21 - 49242104 _____ (Wireshark development team) C:\Users\Peter\Downloads\wireshark_2.2.2Win64-bit.exe
2016-12-07 19:50 - 2016-12-07 20:02 - 00000000 ____D C:\Users\Peter\Documents\Mount&Blade Savegames
2016-12-07 19:48 - 2016-12-07 19:50 - 00000000 ____D C:\Program Files (x86)\Mount&Blade
2016-12-07 19:48 - 2016-12-07 19:48 - 00001066 _____ C:\Users\Peter\Desktop\Mount&Blade.lnk
2016-12-07 19:48 - 2016-12-07 19:48 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mount&Blade
2016-12-07 19:48 - 2016-12-07 19:48 - 00000000 ____D C:\Program Files (x86)\M
2016-12-07 19:18 - 2016-12-07 19:45 - 494298474 _____ C:\Users\Peter\Downloads\Mount-and-blade-CZ.rar
2016-12-07 19:08 - 2016-12-07 19:10 - 00000000 ____D C:\Users\Peter\Downloads\Mount.and.Blade.Warband-SKIDROW
2016-12-07 18:18 - 2016-12-07 18:23 - 00000000 ____D C:\Users\Peter\Desktop\textures
2016-12-07 18:18 - 2016-12-07 18:18 - 00000000 ____D C:\Users\Peter\Desktop\Modules
2016-12-07 18:18 - 2016-12-07 18:18 - 00000000 ____D C:\Users\Peter\Desktop\languages
2016-12-07 15:46 - 2016-12-07 15:46 - 00929145 _____ () C:\Users\Peter\Downloads\Mount-and-Blade-Warband-Čeština.exe
2016-12-07 15:42 - 2016-12-07 15:42 - 00929145 _____ () C:\Users\Peter\Downloads\CZMAB.exe
2016-12-07 15:42 - 2016-12-07 15:42 - 00000000 ____D C:\Program Files (x86)\Čeština pro Mount and Blade 0.960
2016-12-07 15:38 - 2016-12-09 01:48 - 00000000 ____D C:\Users\Peter\Documents\Mount&Blade Warband Savegames
2016-12-07 15:26 - 2016-12-07 15:26 - 00001163 _____ C:\Users\Peter\Desktop\Mount&Blade Warband.lnk
2016-12-07 15:26 - 2016-12-07 15:26 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Mount&Blade Warband
2016-12-07 15:26 - 2016-12-07 15:26 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mount&Blade Warband
2016-12-07 15:26 - 2016-12-07 15:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount&Blade Warband
2016-12-07 15:25 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_42.dll
2016-12-07 15:25 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_42.dll
2016-12-07 15:25 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_41.dll
2016-12-07 15:23 - 2016-12-09 01:32 - 00000000 ____D C:\Users\Peter\Documents\Mount&Blade Warband
2016-12-07 15:23 - 2016-12-07 15:27 - 00000000 ____D C:\Program Files (x86)\Mount&Blade Warband
2016-12-07 15:21 - 2016-12-07 15:22 - 615036714 _____ C:\Users\Peter\Downloads\mount-blade-warband_1.153.exe
2016-12-07 15:17 - 2016-12-07 15:20 - 00000000 ____D C:\Users\Peter\Downloads\Mount and blade crack
2016-12-07 15:06 - 2016-12-07 22:48 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Mount&Blade
2016-12-07 15:05 - 2016-12-07 15:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount&Blade
2016-12-07 15:01 - 2016-12-07 15:02 - 399385059 _____ C:\Users\Peter\Downloads\mount-blade_1.011.exe
2016-11-30 10:05 - 2016-11-30 10:05 - 00760840 _____ C:\Users\Peter\Desktop\brunecký.rar
2016-11-30 10:05 - 2016-11-30 10:05 - 00000000 ____D C:\Users\Peter\Desktop\Nový priečinok
2016-11-23 15:08 - 2016-11-23 15:08 - 00001223 _____ C:\Users\Peter\Desktop\Spintires.lnk
2016-11-23 15:08 - 2016-11-23 15:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2016-11-23 15:08 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_7.dll
2016-11-23 15:08 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_7.dll
2016-11-23 15:08 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\windows\system32\xinput1_3.dll
2016-11-23 15:08 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\windows\SysWOW64\xinput1_3.dll
2016-11-23 15:06 - 2016-11-23 15:06 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2016-11-23 14:57 - 2016-11-23 14:58 - 00000000 ____D C:\Users\Peter\Downloads\[R.G. Mechanics] Spintires
2016-11-23 14:42 - 2016-11-23 14:43 - 00000000 ____D C:\Users\Peter\Downloads\Spintires-CODEX
2016-11-23 13:49 - 2016-11-23 13:49 - 12270080 _____ C:\Users\Peter\Downloads\Spintires - InstallShield Wizard.exe
2016-11-23 13:44 - 2016-11-23 16:46 - 00000000 ____D C:\Users\Peter\AppData\Roaming\SpinTires
2016-11-23 13:43 - 2016-11-23 13:43 - 00000000 ____D C:\Users\Peter\AppData\Local\Personal_use_only_(Darean
2016-11-23 13:41 - 2016-11-23 13:42 - 658291191 ____R C:\Users\Peter\Downloads\IGG-Spintires.Build 25.12.2015.zip
2016-11-14 06:36 - 2016-10-28 22:04 - 00828408 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-11-14 06:36 - 2016-10-28 22:04 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-13 19:24 - 2016-10-26 16:48 - 00000565 _____ C:\windows\system32\Drivers\etc\hosts.ics
2016-12-13 19:18 - 2016-11-02 18:14 - 00000000 ____D C:\Users\Peter\Documents\Visual Studio 2015
2016-12-13 19:15 - 2016-04-13 11:06 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-12-13 18:37 - 2016-06-15 12:49 - 00000000 ____D C:\Users\Peter\Documents\Euro Truck Simulator 2
2016-12-13 17:55 - 2016-04-20 16:38 - 00000876 _____ C:\Users\Peter\Desktop\Start Tor Browser.lnk
2016-12-13 17:31 - 2016-04-13 10:42 - 00003926 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{212AA5ED-FE81-4271-A9CC-E10E4E7FBC92}
2016-12-13 12:45 - 2016-04-13 10:29 - 00000000 ____D C:\Users\Peter\AppData\Local\SweetLabs App Platform
2016-12-12 13:12 - 2016-04-13 19:59 - 00000000 ____D C:\Users\Peter\AppData\Roaming\vlc
2016-12-12 06:00 - 2016-04-13 10:39 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-47896895-3338985398-2092846972-1001
2016-12-12 01:25 - 2014-10-04 12:45 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-12 01:24 - 2013-08-22 16:36 - 00000000 ___RD C:\windows\ImmersiveControlPanel
2016-12-12 01:08 - 2016-04-20 20:36 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-11 01:30 - 2016-04-13 11:06 - 00000892 _____ C:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-12-09 15:36 - 2016-04-13 10:41 - 00000000 ___DO C:\Users\Peter\OneDrive
2016-12-09 04:55 - 2014-03-18 10:53 - 00915466 _____ C:\windows\system32\PerfStringBackup.INI
2016-12-09 04:55 - 2013-08-22 14:36 - 00000000 ____D C:\windows\Inf
2016-12-09 04:51 - 2013-08-22 15:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-12-09 04:50 - 2014-10-04 13:27 - 00006656 _____ C:\windows\system32\VfService.trf
2016-12-09 04:50 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\BBI
2016-12-09 04:13 - 2016-04-15 15:42 - 00000000 ____D C:\Users\Peter\AppData\Roaming\uTorrent
2016-12-09 04:13 - 2016-04-13 10:29 - 00000000 ____D C:\Users\Peter
2016-12-05 17:49 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\NDF
2016-11-25 06:58 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-11-25 06:56 - 2014-10-04 13:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-11-24 23:08 - 2016-04-13 10:54 - 00003858 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1460541278
2016-11-24 23:08 - 2016-04-13 10:54 - 00001074 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-11-24 23:08 - 2016-04-13 10:47 - 00000000 ____D C:\Program Files (x86)\Opera
2016-11-24 04:24 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-24 04:24 - 2013-08-22 16:36 - 00000000 ____D C:\windows\AppReadiness
2016-11-22 17:56 - 2016-05-15 16:05 - 00000000 ____D C:\Users\Peter\Desktop\HĽuza
2016-11-20 17:17 - 2016-04-15 09:28 - 00003304 _____ C:\windows\System32\Tasks\SweetLabs App Platform
2016-11-15 15:57 - 2013-08-22 16:36 - 00000000 ____D C:\windows\rescache
2016-11-14 06:35 - 2013-08-22 15:44 - 00484024 _____ C:\windows\system32\FNTCACHE.DAT
2016-11-14 06:30 - 2013-08-22 16:36 - 00000000 ___RD C:\windows\ToastData
==================== Files in the root of some directories =======
2016-04-18 20:33 - 2016-04-18 20:33 - 0005120 _____ () C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-05-13 18:45 - 2016-05-13 18:45 - 0007601 _____ () C:\Users\Peter\AppData\Local\Resmon.ResmonCfg
2014-10-04 12:44 - 2014-10-04 12:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Peter\AppData\Local\Temp\cpa.exe
C:\Users\Peter\AppData\Local\Temp\dxdiag.exe
C:\Users\Peter\AppData\Local\Temp\gamesetup.exe
C:\Users\Peter\AppData\Local\Temp\oct2031.tmp.exe
C:\Users\Peter\AppData\Local\Temp\oct2642.tmp.exe
C:\Users\Peter\AppData\Local\Temp\oct4D24.tmp.exe
C:\Users\Peter\AppData\Local\Temp\oct687.tmp.exe
C:\Users\Peter\AppData\Local\Temp\octC76E.tmp.exe
C:\Users\Peter\AppData\Local\Temp\octCF7.tmp.exe
C:\Users\Peter\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Peter\AppData\Local\Temp\wait.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-12-12 06:00
==================== End of FRST.txt ============================
-
Rudy
- Site Admin
- Příspěvky: 119381
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: vysoký UPload
Teď spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: vysoký UPload
# AdwCleaner v6.040 - Logfile created 13/12/2016 at 23:59:46
# Updated on 02/12/2016 by Malwarebytes
# Database : 2016-12-13.2 [Server]
# Operating System : Windows 8.1 (X64)
# Username : Peter - PETER-PC
# Running from : C:\Users\Peter\AppData\Local\Temp\scoped_dir9604_23874\adwcleaner_6.040.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
Folder Found: C:\Users\Peter\AppData\Local\SweetLabs App Platform
Folder Found: C:\ProgramData\pokki
Folder Found: C:\ProgramData\Pokki
Folder Found: C:\ProgramData\Application Data\pokki
Folder Found: C:\ProgramData\Application Data\Pokki
Folder Found: C:\Users\Default User\AppData\Local\Pokki
Folder Found: C:\Users\Default\AppData\Local\Pokki
***** [ Files ] *****
File Found: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious keys found.
***** [ Shortcuts ] *****
No infected shortcut found.
***** [ Scheduled Tasks ] *****
Task Found: SweetLabs App Platform
***** [ Registry ] *****
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1
Key Found: HKU\S-1-5-21-47896895-3338985398-2092846972-1001\Software\Classes\pokki
Key Found: HKCU\Software\Classes\pokki
Key Found: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
Key Found: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
Key Found: [x64] HKCU\Software\Classes\pokki
Key Found: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
Key Found: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
Key Found: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Key Found: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Key Found: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
Key Found: HKU\S-1-5-21-47896895-3338985398-2092846972-1001\Software\SweetLabs App Platform
Key Found: HKU\S-1-5-21-47896895-3338985398-2092846972-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
Key Found: HKU\S-1-5-21-47896895-3338985398-2092846972-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
Key Found: HKCU\Software\SweetLabs App Platform
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
Key Found: [x64] HKCU\Software\SweetLabs App Platform
Key Found: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
Key Found: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
Value Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [hshhsaaaws]
Key Found: HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Key Found: HKCU\Software\Classes\Directory\shell\pokki
Key Found: HKCU\Software\Classes\Drive\shell\pokki
Key Found: HKCU\Software\Classes\lnkfile\shell\pokki
***** [ Web browsers ] *****
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
*************************
C:\AdwCleaner\AdwCleaner[S0].txt - [3428 Bytes] - [13/12/2016 23:59:46]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3501 Bytes] ##########
# AdwCleaner v6.040 - Logfile created 14/12/2016 at 00:02:51
# Updated on 02/12/2016 by Malwarebytes
# Database : 2016-12-13.2 [Server]
# Operating System : Windows 8.1 (X64)
# Username : Peter - PETER-PC
# Running from : C:\Users\Peter\AppData\Local\Temp\scoped_dir9604_23874\adwcleaner_6.040.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder deleted: C:\Users\Peter\AppData\Local\SweetLabs App Platform
[-] Folder deleted: C:\ProgramData\pokki
[#] Folder deleted on reboot: C:\ProgramData\Pokki
[#] Folder deleted on reboot: C:\ProgramData\Application Data\pokki
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Pokki
[-] Folder deleted: C:\Users\Default User\AppData\Local\Pokki
[#] Folder deleted on reboot: C:\Users\Default\AppData\Local\Pokki
***** [ Files ] *****
[-] File deleted: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
[-] Task deleted: SweetLabs App Platform
***** [ Registry ] *****
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1
[-] Key deleted: HKU\S-1-5-21-47896895-3338985398-2092846972-1001\Software\Classes\pokki
[#] Key deleted on reboot: HKCU\Software\Classes\pokki
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\pokki
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Key deleted: HKU\S-1-5-21-47896895-3338985398-2092846972-1001\Software\SweetLabs App Platform
[-] Key deleted: HKU\S-1-5-21-47896895-3338985398-2092846972-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[-] Key deleted: HKU\S-1-5-21-47896895-3338985398-2092846972-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[#] Key deleted on reboot: HKCU\Software\SweetLabs App Platform
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[#] Key deleted on reboot: [x64] HKCU\Software\SweetLabs App Platform
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [hshhsaaaws]
[-] Key deleted: HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
[-] Key deleted: HKCU\Software\Classes\Directory\shell\pokki
[-] Key deleted: HKCU\Software\Classes\Drive\shell\pokki
[-] Key deleted: HKCU\Software\Classes\lnkfile\shell\pokki
***** [ Web browsers ] *****
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [3628 Bytes] - [14/12/2016 00:02:51]
C:\AdwCleaner\AdwCleaner[S0].txt - [3608 Bytes] - [13/12/2016 23:59:46]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3774 Bytes] ##########
# Updated on 02/12/2016 by Malwarebytes
# Database : 2016-12-13.2 [Server]
# Operating System : Windows 8.1 (X64)
# Username : Peter - PETER-PC
# Running from : C:\Users\Peter\AppData\Local\Temp\scoped_dir9604_23874\adwcleaner_6.040.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
Folder Found: C:\Users\Peter\AppData\Local\SweetLabs App Platform
Folder Found: C:\ProgramData\pokki
Folder Found: C:\ProgramData\Pokki
Folder Found: C:\ProgramData\Application Data\pokki
Folder Found: C:\ProgramData\Application Data\Pokki
Folder Found: C:\Users\Default User\AppData\Local\Pokki
Folder Found: C:\Users\Default\AppData\Local\Pokki
***** [ Files ] *****
File Found: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious keys found.
***** [ Shortcuts ] *****
No infected shortcut found.
***** [ Scheduled Tasks ] *****
Task Found: SweetLabs App Platform
***** [ Registry ] *****
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1
Key Found: HKU\S-1-5-21-47896895-3338985398-2092846972-1001\Software\Classes\pokki
Key Found: HKCU\Software\Classes\pokki
Key Found: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
Key Found: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
Key Found: [x64] HKCU\Software\Classes\pokki
Key Found: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
Key Found: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
Key Found: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Key Found: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Key Found: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
Key Found: HKU\S-1-5-21-47896895-3338985398-2092846972-1001\Software\SweetLabs App Platform
Key Found: HKU\S-1-5-21-47896895-3338985398-2092846972-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
Key Found: HKU\S-1-5-21-47896895-3338985398-2092846972-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
Key Found: HKCU\Software\SweetLabs App Platform
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
Key Found: [x64] HKCU\Software\SweetLabs App Platform
Key Found: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
Key Found: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
Value Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [hshhsaaaws]
Key Found: HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Key Found: HKCU\Software\Classes\Directory\shell\pokki
Key Found: HKCU\Software\Classes\Drive\shell\pokki
Key Found: HKCU\Software\Classes\lnkfile\shell\pokki
***** [ Web browsers ] *****
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
*************************
C:\AdwCleaner\AdwCleaner[S0].txt - [3428 Bytes] - [13/12/2016 23:59:46]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3501 Bytes] ##########
# AdwCleaner v6.040 - Logfile created 14/12/2016 at 00:02:51
# Updated on 02/12/2016 by Malwarebytes
# Database : 2016-12-13.2 [Server]
# Operating System : Windows 8.1 (X64)
# Username : Peter - PETER-PC
# Running from : C:\Users\Peter\AppData\Local\Temp\scoped_dir9604_23874\adwcleaner_6.040.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder deleted: C:\Users\Peter\AppData\Local\SweetLabs App Platform
[-] Folder deleted: C:\ProgramData\pokki
[#] Folder deleted on reboot: C:\ProgramData\Pokki
[#] Folder deleted on reboot: C:\ProgramData\Application Data\pokki
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Pokki
[-] Folder deleted: C:\Users\Default User\AppData\Local\Pokki
[#] Folder deleted on reboot: C:\Users\Default\AppData\Local\Pokki
***** [ Files ] *****
[-] File deleted: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
[-] Task deleted: SweetLabs App Platform
***** [ Registry ] *****
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1
[-] Key deleted: HKU\S-1-5-21-47896895-3338985398-2092846972-1001\Software\Classes\pokki
[#] Key deleted on reboot: HKCU\Software\Classes\pokki
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\pokki
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Key deleted: HKU\S-1-5-21-47896895-3338985398-2092846972-1001\Software\SweetLabs App Platform
[-] Key deleted: HKU\S-1-5-21-47896895-3338985398-2092846972-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[-] Key deleted: HKU\S-1-5-21-47896895-3338985398-2092846972-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[#] Key deleted on reboot: HKCU\Software\SweetLabs App Platform
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[#] Key deleted on reboot: [x64] HKCU\Software\SweetLabs App Platform
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [hshhsaaaws]
[-] Key deleted: HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
[-] Key deleted: HKCU\Software\Classes\Directory\shell\pokki
[-] Key deleted: HKCU\Software\Classes\Drive\shell\pokki
[-] Key deleted: HKCU\Software\Classes\lnkfile\shell\pokki
***** [ Web browsers ] *****
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [3628 Bytes] - [14/12/2016 00:02:51]
C:\AdwCleaner\AdwCleaner[S0].txt - [3608 Bytes] - [13/12/2016 23:59:46]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3774 Bytes] ##########
Re: vysoký UPload
zabudol som napísať že pri pripojení k sieti mi niekedy antivírus hlási duplicitné IP adresy na sieti a tiež upozornenie na ARP cache poisoning. Zaujalo ma ale to že niekedy to po reštarte PC prestane robiť.
-
Rudy
- Site Admin
- Příspěvky: 119381
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: vysoký UPload
Duplicitní adresy v síti je problém providera, to neřešte. Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: vysoký UPload
môžu tie duplicitné IPčky nejak vplývať na môj problém? ... a chcel som ešte že na doporučenie operátora z HelpDesku som si stiahol program na kontrolu prenášaných dát konkrétne NetWorx ktorý mi ale za tri dni pripojenia ani raz neukázal nejak zvýšený UPload skôr mám dojem ako by mi narástol download ale nie nejak príliš výrazne, takže nerozumiem ako sa tabuľka v univerzitnom IS dostala na také astronomické čísla.
nižšie pripájam Log z FRST. ... prajem pekný večer
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by Peter (administrator) on PETER-PC (14-12-2016 22:52:22)
Running from C:\Users\Peter\AppData\Local\Temp\scoped_dir5144_32287
Loaded Profiles: Peter (Available Profiles: Peter)
Platform: Windows 8.1 (Update) (X64) Language: Angličtina (USA)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(SoftPerfect) C:\Program Files\NetWorx\networx.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
() C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe
() C:\Program Files (x86)\Anvsoft\Syncios\androidnotifier.exe
() C:\Program Files (x86)\Anvsoft\Syncios\adb.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-09-24] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-11] (IDT, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-10-04] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-10-04] (Lenovo(beijing) Limited)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [7640904 2016-12-08] (SoftPerfect)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-15] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe [1925136 2016-07-15] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29547136 2016-08-17] (Skype Technologies S.A.)
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4289728 2016-04-04] (Disc Soft Ltd)
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\...\MountPoints2: G - "G:\setup.exe"
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\...\MountPoints2: {3b9455de-6502-11e6-8281-80193439446d} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\...\MountPoints2: {3b9455fc-6502-11e6-8281-80193439446d} - "F:\HiSuiteDownLoader.exe"
Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Odoslanie do aplikácie OneNote.lnk [2016-12-14]
ShortcutTarget: Odoslanie do aplikácie OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.9.60.1 81.30.224.2
Tcpip\..\Interfaces\{50843068-EEBB-47DF-B18F-EF84E8B14E73}: [DhcpNameServer] 10.9.60.1 81.30.224.2
Tcpip\..\Interfaces\{EE6ADE99-5D37-4B85-BC53-C09EC1F2AE17}: [DhcpNameServer] 10.51.68.1
Internet Explorer:
==================
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-47896895-3338985398-2092846972-1001 -> DefaultScope {C8BB25FB-2E75-49CE-8B5B-B0C023BE402F} URL =
SearchScopes: HKU\S-1-5-21-47896895-3338985398-2092846972-1001 -> {C8BB25FB-2E75-49CE-8B5B-B0C023BE402F} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-10-30] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-09-27] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-30] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-27] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-10-30] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-27] (Oracle Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-10-30] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-30] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Peter\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-11-01]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3294912 2016-10-30] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1443520 2016-04-04] (Disc Soft Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2815520 2016-10-11] (ESET)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2014-01-28] (Futuremark)
R2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [191688 2016-05-25] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-09-24] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-09-21] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-21] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [338944 2013-08-11] (IDT, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-10-04] ()
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-21] (Intel® Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 btmaux; C:\windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.)
S3 dg_ssudbus; C:\windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\windows\System32\drivers\dtlitescsibus.sys [30264 2016-04-22] (Disc Soft Ltd)
R3 dtliteusbbus; C:\windows\System32\drivers\dtliteusbbus.sys [47672 2016-04-22] (Disc Soft Ltd)
R1 eamonm; C:\windows\System32\DRIVERS\eamonm.sys [232072 2016-10-13] (ESET)
R0 edevmon; C:\windows\System32\DRIVERS\edevmon.sys [212096 2016-10-13] (ESET)
S0 eelam; C:\windows\System32\DRIVERS\eelam.sys [15488 2016-10-13] (ESET)
R1 ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys [177792 2016-10-13] (ESET)
R2 ekbdflt; C:\windows\system32\DRIVERS\ekbdflt.sys [48768 2016-10-13] (ESET)
R1 epfw; C:\windows\system32\DRIVERS\epfw.sys [76416 2016-10-13] (ESET)
R1 epfwwfp; C:\windows\system32\DRIVERS\epfwwfp.sys [91784 2016-10-13] (ESET)
S3 ew_usbccgpfilter; C:\windows\System32\drivers\ew_usbccgpfilter.sys [18816 2016-05-25] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-05-25] (Huawei Technologies Co., Ltd.)
R3 ibtusb; C:\windows\system32\DRIVERS\ibtusb.sys [118216 2013-09-10] (Intel Corporation)
R0 IntelHSWPcc; C:\windows\System32\drivers\IntelPcc.sys [74344 2013-07-03] (Intel Corporation)
R3 MEIx64; C:\windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 NETwNb64; C:\windows\system32\DRIVERS\NETwbw02.sys [3609568 2013-12-25] (Intel Corporation)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R1 networx; C:\windows\System32\drivers\networx.sys [72632 2016-10-04] (NetFilterSDK.com)
R2 NPF; C:\windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 nvvad_WaveExtensible; C:\windows\system32\drivers\nvvad64v.sys [39200 2013-12-28] (NVIDIA Corporation)
R3 SensorsSimulatorDriver; C:\windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R3 SmbDrvI; C:\windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated)
S3 ssudmdm; C:\windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\windows\system32\DRIVERS\ssudserd.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
R3 vm331avs; C:\windows\System32\Drivers\vm331avs.sys [1065472 2013-08-30] (Vimicro Corporation)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S3 cpuz130; \??\C:\Users\Peter\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 cpuz136; \??\C:\windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 GPUZ; \??\C:\windows\TEMP\GPUZ.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2035-09-02 22:35 - 2013-07-23 18:43 - 00000128 _____ C:\tmp2
2016-12-14 20:47 - 2016-12-12 00:00 - 00835576 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-12-14 20:47 - 2016-12-12 00:00 - 00177656 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-14 07:00 - 2016-11-30 07:34 - 00028352 _____ (Microsoft Corporation) C:\windows\SysWOW64\aspnet_counters.dll
2016-12-14 07:00 - 2016-11-30 07:27 - 00030400 _____ (Microsoft Corporation) C:\windows\system32\aspnet_counters.dll
2016-12-14 03:26 - 2016-11-19 22:24 - 00567152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-12-14 03:26 - 2016-11-19 22:24 - 00152856 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2016-12-14 03:26 - 2016-11-19 20:29 - 00401408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-12-14 03:26 - 2016-11-19 19:44 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-12-14 03:26 - 2016-11-19 18:53 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-12-14 03:26 - 2016-11-19 18:22 - 00111104 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2016-12-14 03:26 - 2016-11-16 22:49 - 00377176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\clfs.sys
2016-12-14 03:26 - 2016-11-12 22:06 - 00738104 _____ (Microsoft Corporation) C:\windows\system32\d3d10level9.dll
2016-12-14 03:26 - 2016-11-12 20:38 - 00613632 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10level9.dll
2016-12-14 03:26 - 2016-11-12 20:25 - 00576000 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-12-14 03:26 - 2016-11-12 20:08 - 25759744 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-12-14 03:26 - 2016-11-12 20:07 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-12-14 03:26 - 2016-11-12 19:53 - 06049280 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-12-14 03:26 - 2016-11-12 19:29 - 00498688 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-12-14 03:26 - 2016-11-12 19:23 - 01033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2016-12-14 03:26 - 2016-11-12 19:17 - 20302848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-12-14 03:26 - 2016-11-12 19:14 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-12-14 03:26 - 2016-11-12 19:10 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-12-14 03:26 - 2016-11-12 18:45 - 00880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2016-12-14 03:26 - 2016-11-12 18:41 - 15257088 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-12-14 03:26 - 2016-11-12 18:38 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-12-14 03:26 - 2016-11-12 18:37 - 04608000 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-12-14 03:26 - 2016-11-12 18:35 - 02920960 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-12-14 03:26 - 2016-11-12 18:21 - 13653504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-12-14 03:26 - 2016-11-12 18:20 - 01543680 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-12-14 03:26 - 2016-11-12 18:11 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-12-14 03:26 - 2016-11-12 18:05 - 02444800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-12-14 03:26 - 2016-11-12 18:02 - 01312256 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-12-14 03:26 - 2016-11-12 18:02 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-12-14 03:26 - 2016-11-11 03:33 - 01541240 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2016-12-14 03:26 - 2016-11-09 18:25 - 01376768 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2016-12-14 03:26 - 2016-11-05 21:46 - 00422744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2016-12-14 03:26 - 2016-11-05 19:35 - 04169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-12-14 03:26 - 2016-11-05 18:57 - 03320320 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2016-12-14 03:26 - 2016-11-05 18:11 - 03606528 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2016-12-14 03:26 - 2016-11-05 16:56 - 02778624 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-12-14 03:26 - 2016-11-05 16:46 - 02463744 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-12-14 03:26 - 2016-10-28 03:56 - 01380048 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-12-14 03:26 - 2016-10-27 15:28 - 01097728 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-12-14 03:26 - 2016-10-12 22:49 - 00379224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2016-12-14 03:26 - 2016-10-12 22:11 - 00922968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\refs.sys
2016-12-14 03:26 - 2016-10-11 17:45 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\TpmTasks.dll
2016-12-14 03:26 - 2016-10-11 00:31 - 00990040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2016-12-14 03:26 - 2016-10-10 19:18 - 00069976 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-12-14 03:26 - 2016-10-10 19:18 - 00022360 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cmimcext.sys
2016-12-14 03:26 - 2016-10-09 15:17 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\ActionQueue.dll
2016-12-14 03:26 - 2016-10-09 15:08 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\shsetup.dll
2016-12-14 03:26 - 2016-10-09 15:08 - 00095232 _____ (Microsoft Corporation) C:\windows\SysWOW64\shsetup.dll
2016-12-14 03:26 - 2016-10-08 23:24 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2016-12-14 03:26 - 2016-10-08 22:31 - 00498688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2016-12-14 03:26 - 2016-10-08 22:10 - 03547648 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2016-12-14 03:26 - 2016-10-05 15:01 - 01200128 _____ (Microsoft Corporation) C:\windows\system32\Windows.Globalization.dll
2016-12-14 03:26 - 2016-10-05 15:00 - 00868864 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Globalization.dll
2016-12-14 03:26 - 2016-10-05 15:00 - 00323072 _____ (Microsoft Corporation) C:\windows\system32\GlobCollationHost.dll
2016-12-14 03:26 - 2016-10-05 14:52 - 00513456 _____ C:\windows\SysWOW64\locale.nls
2016-12-14 03:26 - 2016-10-05 14:52 - 00513456 _____ C:\windows\system32\locale.nls
2016-12-14 03:26 - 2016-10-05 05:15 - 01969944 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2016-12-14 03:26 - 2016-10-05 05:15 - 01613528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2016-12-14 03:26 - 2016-10-05 05:15 - 00324896 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2016-12-14 03:26 - 2016-10-05 05:15 - 00245320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2016-12-14 03:26 - 2016-09-27 21:16 - 00445873 _____ C:\windows\system32\ApnDatabase.xml
2016-12-14 03:26 - 2016-09-20 23:30 - 02462040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2016-12-14 03:26 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\windows\SysWOW64\GlobCollationHost.dll
2016-12-13 23:54 - 2016-12-14 00:32 - 00000000 ____D C:\AdwCleaner
2016-12-13 23:54 - 2016-12-13 23:54 - 03968464 _____ C:\Users\Peter\Downloads\adwcleaner_6.040.exe
2016-12-13 23:02 - 2016-12-13 23:55 - 00000000 ____D C:\Program Files (x86)\RAR Password Unlocker
2016-12-13 23:02 - 2016-12-13 23:02 - 03291483 _____ C:\Users\Peter\Downloads\RAR Password unlocker full version.zip
2016-12-13 23:02 - 2016-12-13 23:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Unlocker
2016-12-13 22:39 - 2016-12-14 00:06 - 00002048 _____ C:\Users\Public\Desktop\ESET Ochrana online platieb.lnk
2016-12-13 22:39 - 2016-12-13 22:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-12-13 22:39 - 2016-12-13 22:39 - 00000000 ____D C:\ProgramData\ESET
2016-12-13 22:39 - 2016-12-13 22:39 - 00000000 ____D C:\Program Files\ESET
2016-12-13 22:24 - 2016-12-13 22:24 - 00000000 ____D C:\Users\Peter\Downloads\Mount.and.Blade.2.Bannerlord.PC
2016-12-13 22:23 - 2016-12-13 22:23 - 00014101 _____ C:\Users\Peter\Downloads\Mount.and.Blade.2.Bannerlord.PC.torrent
2016-12-13 22:23 - 2016-12-13 22:23 - 00000000 ____D C:\Users\Peter\AppData\LocalLow\uTorrent
2016-12-13 19:32 - 2016-12-14 22:52 - 00000000 ____D C:\FRST
2016-12-13 19:31 - 2016-12-13 19:31 - 02420224 _____ (Farbar) C:\Users\Peter\Downloads\FRST64.exe
2016-12-12 01:44 - 2016-12-12 01:44 - 00000000 ____D C:\ProgramData\SoftPerfect
2016-12-12 01:44 - 2016-12-12 01:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWorx
2016-12-12 01:44 - 2016-12-12 01:44 - 00000000 ____D C:\Program Files\NetWorx
2016-12-12 01:44 - 2016-10-04 18:04 - 00072632 _____ (NetFilterSDK.com) C:\windows\system32\Drivers\networx.sys
2016-12-12 01:43 - 2016-12-12 01:43 - 04778072 _____ (Softperfect ) C:\Users\Peter\Downloads\networx_setup.exe
2016-12-12 01:37 - 2016-12-12 02:00 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Wireshark
2016-12-12 01:26 - 2016-12-14 00:07 - 00001853 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2016-12-12 01:26 - 2016-12-12 01:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2016-12-12 01:26 - 2016-12-12 01:26 - 00000000 ____D C:\Program Files (x86)\WinPcap
2016-12-12 01:25 - 2016-12-14 00:07 - 00001653 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2016-12-12 01:24 - 2016-12-12 01:26 - 00000000 ____D C:\Program Files\Wireshark
2016-12-12 01:21 - 2016-12-12 01:21 - 49242104 _____ (Wireshark development team) C:\Users\Peter\Downloads\wireshark_2.2.2Win64-bit.exe
2016-12-07 19:50 - 2016-12-07 20:02 - 00000000 ____D C:\Users\Peter\Documents\Mount&Blade Savegames
2016-12-07 19:48 - 2016-12-14 00:06 - 00001066 _____ C:\Users\Peter\Desktop\Mount&Blade.lnk
2016-12-07 19:48 - 2016-12-07 19:50 - 00000000 ____D C:\Program Files (x86)\Mount&Blade
2016-12-07 19:48 - 2016-12-07 19:48 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mount&Blade
2016-12-07 19:48 - 2016-12-07 19:48 - 00000000 ____D C:\Program Files (x86)\M
2016-12-07 19:18 - 2016-12-07 19:45 - 494298474 _____ C:\Users\Peter\Downloads\Mount-and-blade-CZ.rar
2016-12-07 19:08 - 2016-12-07 19:10 - 00000000 ____D C:\Users\Peter\Downloads\Mount.and.Blade.Warband-SKIDROW
2016-12-07 18:18 - 2016-12-07 18:23 - 00000000 ____D C:\Users\Peter\Desktop\textures
2016-12-07 18:18 - 2016-12-07 18:18 - 00000000 ____D C:\Users\Peter\Desktop\Modules
2016-12-07 18:18 - 2016-12-07 18:18 - 00000000 ____D C:\Users\Peter\Desktop\languages
2016-12-07 15:46 - 2016-12-07 15:46 - 00929145 _____ () C:\Users\Peter\Downloads\Mount-and-Blade-Warband-Čeština.exe
2016-12-07 15:42 - 2016-12-07 15:42 - 00929145 _____ () C:\Users\Peter\Downloads\CZMAB.exe
2016-12-07 15:42 - 2016-12-07 15:42 - 00000000 ____D C:\Program Files (x86)\Čeština pro Mount and Blade 0.960
2016-12-07 15:38 - 2016-12-09 01:48 - 00000000 ____D C:\Users\Peter\Documents\Mount&Blade Warband Savegames
2016-12-07 15:26 - 2016-12-14 00:06 - 00001163 _____ C:\Users\Peter\Desktop\Mount&Blade Warband.lnk
2016-12-07 15:26 - 2016-12-07 15:26 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Mount&Blade Warband
2016-12-07 15:26 - 2016-12-07 15:26 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mount&Blade Warband
2016-12-07 15:26 - 2016-12-07 15:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount&Blade Warband
2016-12-07 15:25 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_42.dll
2016-12-07 15:25 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_42.dll
2016-12-07 15:25 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_41.dll
2016-12-07 15:23 - 2016-12-09 01:32 - 00000000 ____D C:\Users\Peter\Documents\Mount&Blade Warband
2016-12-07 15:23 - 2016-12-07 15:27 - 00000000 ____D C:\Program Files (x86)\Mount&Blade Warband
2016-12-07 15:21 - 2016-12-07 15:22 - 615036714 _____ C:\Users\Peter\Downloads\mount-blade-warband_1.153.exe
2016-12-07 15:17 - 2016-12-07 15:20 - 00000000 ____D C:\Users\Peter\Downloads\Mount and blade crack
2016-12-07 15:06 - 2016-12-07 22:48 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Mount&Blade
2016-12-07 15:05 - 2016-12-07 15:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount&Blade
2016-12-07 15:01 - 2016-12-07 15:02 - 399385059 _____ C:\Users\Peter\Downloads\mount-blade_1.011.exe
2016-11-30 10:05 - 2016-11-30 10:05 - 00760840 _____ C:\Users\Peter\Desktop\brunecký.rar
2016-11-23 15:08 - 2016-12-14 00:06 - 00001223 _____ C:\Users\Peter\Desktop\Spintires.lnk
2016-11-23 15:08 - 2016-11-23 15:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2016-11-23 15:08 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_7.dll
2016-11-23 15:08 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_7.dll
2016-11-23 15:08 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\windows\system32\xinput1_3.dll
2016-11-23 15:08 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\windows\SysWOW64\xinput1_3.dll
2016-11-23 15:06 - 2016-11-23 15:06 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2016-11-23 14:57 - 2016-11-23 14:58 - 00000000 ____D C:\Users\Peter\Downloads\[R.G. Mechanics] Spintires
2016-11-23 14:42 - 2016-11-23 14:43 - 00000000 ____D C:\Users\Peter\Downloads\Spintires-CODEX
2016-11-23 13:49 - 2016-11-23 13:49 - 12270080 _____ C:\Users\Peter\Downloads\Spintires - InstallShield Wizard.exe
2016-11-23 13:44 - 2016-11-23 16:46 - 00000000 ____D C:\Users\Peter\AppData\Roaming\SpinTires
2016-11-23 13:43 - 2016-11-23 13:43 - 00000000 ____D C:\Users\Peter\AppData\Local\Personal_use_only_(Darean
2016-11-23 13:41 - 2016-11-23 13:42 - 658291191 ____R C:\Users\Peter\Downloads\IGG-Spintires.Build 25.12.2015.zip
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-14 22:51 - 2016-04-13 10:41 - 00000000 ___DO C:\Users\Peter\OneDrive
2016-12-14 22:48 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\NDF
2016-12-14 22:34 - 2016-04-13 10:42 - 00003926 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{212AA5ED-FE81-4271-A9CC-E10E4E7FBC92}
2016-12-14 22:24 - 2016-04-13 10:47 - 00000000 ____D C:\Program Files (x86)\Opera
2016-12-14 22:23 - 2014-03-18 10:53 - 00915466 _____ C:\windows\system32\PerfStringBackup.INI
2016-12-14 22:23 - 2013-08-22 14:36 - 00000000 ____D C:\windows\Inf
2016-12-14 22:19 - 2013-08-22 15:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-12-14 22:18 - 2014-10-04 13:27 - 00006656 _____ C:\windows\system32\VfService.trf
2016-12-14 22:18 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\BBI
2016-12-14 22:15 - 2016-04-13 11:06 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-12-14 21:26 - 2016-05-15 16:05 - 00000000 ____D C:\Users\Peter\Desktop\HĽuza
2016-12-14 20:45 - 2013-08-22 15:44 - 00484024 _____ C:\windows\system32\FNTCACHE.DAT
2016-12-14 20:42 - 2013-08-22 14:36 - 00000000 ____D C:\windows\system32\oobe
2016-12-14 07:04 - 2013-08-22 16:20 - 00000000 ____D C:\windows\CbsTemp
2016-12-14 07:03 - 2016-04-17 02:46 - 00000000 ____D C:\windows\system32\MRT
2016-12-14 07:01 - 2016-04-17 02:46 - 135632432 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-12-14 04:18 - 2016-04-13 10:39 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-47896895-3338985398-2092846972-1001
2016-12-14 02:58 - 2016-10-26 16:48 - 00000565 _____ C:\windows\system32\Drivers\etc\hosts.ics
2016-12-14 00:07 - 2016-11-02 17:38 - 00001565 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2015.lnk
2016-12-14 00:07 - 2016-11-02 17:31 - 00001566 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015.lnk
2016-12-14 00:07 - 2016-10-27 09:49 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-12-14 00:07 - 2016-04-27 23:24 - 00002311 _____ C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-12-14 00:07 - 2016-04-27 20:56 - 00001066 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-12-14 00:07 - 2016-04-20 16:38 - 00000790 _____ C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2016-12-14 00:07 - 2016-04-13 17:20 - 00002518 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-12-14 00:07 - 2016-04-13 17:20 - 00002517 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-12-14 00:07 - 2016-04-13 17:20 - 00002478 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-12-14 00:07 - 2016-04-13 17:20 - 00002439 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-12-14 00:07 - 2016-04-13 17:20 - 00002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-12-14 00:07 - 2016-04-13 17:20 - 00002434 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-12-14 00:07 - 2016-04-13 17:20 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-12-14 00:07 - 2016-04-13 17:20 - 00002403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-12-14 00:07 - 2016-04-13 17:20 - 00002395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-12-14 00:07 - 2016-04-13 10:54 - 00001074 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-12-14 00:07 - 2016-04-13 10:50 - 00002709 _____ C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo Web Start.lnk
2016-12-14 00:07 - 2016-04-13 10:50 - 00002381 _____ C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
2016-12-14 00:07 - 2016-04-13 10:33 - 00001429 _____ C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-12-14 00:07 - 2016-04-13 10:29 - 00000445 _____ C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-12-14 00:07 - 2016-04-13 10:29 - 00000443 _____ C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-12-14 00:07 - 2014-10-04 13:29 - 00000000 ____D C:\ProgramData\Energy Manager
2016-12-14 00:06 - 2016-11-03 01:52 - 00001554 _____ C:\Users\Peter\Desktop\Visual Studio 2015.lnk
2016-12-14 00:06 - 2016-10-27 09:49 - 00002072 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-12-14 00:06 - 2016-09-27 18:12 - 00001523 _____ C:\Users\Peter\Desktop\Lazarus.lnk
2016-12-14 00:06 - 2016-08-20 00:34 - 00001058 _____ C:\Users\Public\Desktop\Hitman Absolution.lnk
2016-12-14 00:06 - 2016-06-15 12:23 - 00001357 _____ C:\Users\Public\Desktop\Euro Truck Simulator 2.lnk
2016-12-14 00:06 - 2016-05-23 11:40 - 00001721 _____ C:\Users\Peter\Desktop\Counter-Strike WaRzOnE.lnk
2016-12-14 00:06 - 2016-05-03 01:11 - 00002016 _____ C:\Users\Peter\Desktop\Vypínač na dobrou noc.lnk
2016-12-14 00:06 - 2016-04-27 20:56 - 00001048 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-12-14 00:06 - 2016-04-22 00:22 - 00001099 _____ C:\Users\Public\Desktop\Mafia II.lnk
2016-12-14 00:06 - 2016-04-22 00:11 - 00001834 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2016-12-14 00:06 - 2016-04-20 20:36 - 00001119 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-12-14 00:06 - 2016-04-20 16:38 - 00000876 _____ C:\Users\Peter\Desktop\Start Tor Browser.lnk
2016-12-14 00:06 - 2016-04-18 20:31 - 00001261 _____ C:\Users\Public\Desktop\Ashampoo Photo Commander 12.lnk
2016-12-14 00:06 - 2016-04-13 17:36 - 00000936 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-12-14 00:06 - 2016-04-13 11:08 - 00002723 _____ C:\Users\Public\Desktop\Skype.lnk
2016-12-14 00:06 - 2016-04-13 11:06 - 00000892 _____ C:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-12-14 00:06 - 2016-04-13 10:59 - 00000990 _____ C:\Users\Peter\Desktop\WinRAR.lnk
2016-12-14 00:06 - 2016-04-13 10:54 - 00001128 _____ C:\Users\Public\Desktop\Opera.lnk
2016-12-14 00:04 - 2013-08-22 16:36 - 00000000 ___RD C:\windows\ImmersiveControlPanel
2016-12-13 23:54 - 2016-04-15 15:42 - 00000000 ____D C:\Users\Peter\AppData\Roaming\uTorrent
2016-12-13 22:40 - 2013-08-22 16:36 - 00000000 ___HD C:\windows\ELAMBKUP
2016-12-13 22:15 - 2016-04-13 11:06 - 00003856 _____ C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-12-13 22:15 - 2016-04-13 11:06 - 00003718 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-12-13 22:15 - 2013-08-22 16:36 - 00000000 ____D C:\windows\SysWOW64\Macromed
2016-12-13 22:15 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\Macromed
2016-12-13 19:18 - 2016-11-02 18:14 - 00000000 ____D C:\Users\Peter\Documents\Visual Studio 2015
2016-12-13 18:37 - 2016-06-15 12:49 - 00000000 ____D C:\Users\Peter\Documents\Euro Truck Simulator 2
2016-12-12 13:12 - 2016-04-13 19:59 - 00000000 ____D C:\Users\Peter\AppData\Roaming\vlc
2016-12-12 01:25 - 2014-10-04 12:45 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-12 01:08 - 2016-04-20 20:36 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-09 04:13 - 2016-04-13 10:29 - 00000000 ____D C:\Users\Peter
2016-11-25 06:58 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-11-25 06:56 - 2014-10-04 13:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-11-24 23:08 - 2016-04-13 10:54 - 00003858 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1460541278
2016-11-24 04:24 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-24 04:24 - 2013-08-22 16:36 - 00000000 ____D C:\windows\AppReadiness
2016-11-15 15:57 - 2013-08-22 16:36 - 00000000 ____D C:\windows\rescache
2016-11-14 06:30 - 2013-08-22 16:36 - 00000000 ___RD C:\windows\ToastData
==================== Files in the root of some directories =======
2016-04-18 20:33 - 2016-04-18 20:33 - 0005120 _____ () C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-05-13 18:45 - 2016-05-13 18:45 - 0007601 _____ () C:\Users\Peter\AppData\Local\Resmon.ResmonCfg
2014-10-04 12:44 - 2014-10-04 12:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Peter\AppData\Local\Temp\cpa.exe
C:\Users\Peter\AppData\Local\Temp\oct2031.tmp.exe
C:\Users\Peter\AppData\Local\Temp\oct2642.tmp.exe
C:\Users\Peter\AppData\Local\Temp\oct4D24.tmp.exe
C:\Users\Peter\AppData\Local\Temp\oct687.tmp.exe
C:\Users\Peter\AppData\Local\Temp\octC76E.tmp.exe
C:\Users\Peter\AppData\Local\Temp\octCF7.tmp.exe
C:\Users\Peter\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-12-12 06:00
==================== End of FRST.txt ============================
nižšie pripájam Log z FRST. ... prajem pekný večer
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by Peter (administrator) on PETER-PC (14-12-2016 22:52:22)
Running from C:\Users\Peter\AppData\Local\Temp\scoped_dir5144_32287
Loaded Profiles: Peter (Available Profiles: Peter)
Platform: Windows 8.1 (Update) (X64) Language: Angličtina (USA)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(SoftPerfect) C:\Program Files\NetWorx\networx.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
() C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe
() C:\Program Files (x86)\Anvsoft\Syncios\androidnotifier.exe
() C:\Program Files (x86)\Anvsoft\Syncios\adb.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-09-24] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-11] (IDT, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-10-04] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-10-04] (Lenovo(beijing) Limited)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [7640904 2016-12-08] (SoftPerfect)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-15] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe [1925136 2016-07-15] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29547136 2016-08-17] (Skype Technologies S.A.)
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4289728 2016-04-04] (Disc Soft Ltd)
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\...\MountPoints2: G - "G:\setup.exe"
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\...\MountPoints2: {3b9455de-6502-11e6-8281-80193439446d} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\...\MountPoints2: {3b9455fc-6502-11e6-8281-80193439446d} - "F:\HiSuiteDownLoader.exe"
Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Odoslanie do aplikácie OneNote.lnk [2016-12-14]
ShortcutTarget: Odoslanie do aplikácie OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.9.60.1 81.30.224.2
Tcpip\..\Interfaces\{50843068-EEBB-47DF-B18F-EF84E8B14E73}: [DhcpNameServer] 10.9.60.1 81.30.224.2
Tcpip\..\Interfaces\{EE6ADE99-5D37-4B85-BC53-C09EC1F2AE17}: [DhcpNameServer] 10.51.68.1
Internet Explorer:
==================
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-47896895-3338985398-2092846972-1001 -> DefaultScope {C8BB25FB-2E75-49CE-8B5B-B0C023BE402F} URL =
SearchScopes: HKU\S-1-5-21-47896895-3338985398-2092846972-1001 -> {C8BB25FB-2E75-49CE-8B5B-B0C023BE402F} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-10-30] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-09-27] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-30] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-27] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-10-30] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-27] (Oracle Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-10-30] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-30] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Peter\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-11-01]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3294912 2016-10-30] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1443520 2016-04-04] (Disc Soft Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2815520 2016-10-11] (ESET)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2014-01-28] (Futuremark)
R2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [191688 2016-05-25] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-09-24] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-09-21] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-21] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [338944 2013-08-11] (IDT, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-10-04] ()
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-21] (Intel® Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 btmaux; C:\windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.)
S3 dg_ssudbus; C:\windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\windows\System32\drivers\dtlitescsibus.sys [30264 2016-04-22] (Disc Soft Ltd)
R3 dtliteusbbus; C:\windows\System32\drivers\dtliteusbbus.sys [47672 2016-04-22] (Disc Soft Ltd)
R1 eamonm; C:\windows\System32\DRIVERS\eamonm.sys [232072 2016-10-13] (ESET)
R0 edevmon; C:\windows\System32\DRIVERS\edevmon.sys [212096 2016-10-13] (ESET)
S0 eelam; C:\windows\System32\DRIVERS\eelam.sys [15488 2016-10-13] (ESET)
R1 ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys [177792 2016-10-13] (ESET)
R2 ekbdflt; C:\windows\system32\DRIVERS\ekbdflt.sys [48768 2016-10-13] (ESET)
R1 epfw; C:\windows\system32\DRIVERS\epfw.sys [76416 2016-10-13] (ESET)
R1 epfwwfp; C:\windows\system32\DRIVERS\epfwwfp.sys [91784 2016-10-13] (ESET)
S3 ew_usbccgpfilter; C:\windows\System32\drivers\ew_usbccgpfilter.sys [18816 2016-05-25] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-05-25] (Huawei Technologies Co., Ltd.)
R3 ibtusb; C:\windows\system32\DRIVERS\ibtusb.sys [118216 2013-09-10] (Intel Corporation)
R0 IntelHSWPcc; C:\windows\System32\drivers\IntelPcc.sys [74344 2013-07-03] (Intel Corporation)
R3 MEIx64; C:\windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 NETwNb64; C:\windows\system32\DRIVERS\NETwbw02.sys [3609568 2013-12-25] (Intel Corporation)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R1 networx; C:\windows\System32\drivers\networx.sys [72632 2016-10-04] (NetFilterSDK.com)
R2 NPF; C:\windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 nvvad_WaveExtensible; C:\windows\system32\drivers\nvvad64v.sys [39200 2013-12-28] (NVIDIA Corporation)
R3 SensorsSimulatorDriver; C:\windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R3 SmbDrvI; C:\windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated)
S3 ssudmdm; C:\windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\windows\system32\DRIVERS\ssudserd.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
R3 vm331avs; C:\windows\System32\Drivers\vm331avs.sys [1065472 2013-08-30] (Vimicro Corporation)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S3 cpuz130; \??\C:\Users\Peter\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 cpuz136; \??\C:\windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 GPUZ; \??\C:\windows\TEMP\GPUZ.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2035-09-02 22:35 - 2013-07-23 18:43 - 00000128 _____ C:\tmp2
2016-12-14 20:47 - 2016-12-12 00:00 - 00835576 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-12-14 20:47 - 2016-12-12 00:00 - 00177656 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-14 07:00 - 2016-11-30 07:34 - 00028352 _____ (Microsoft Corporation) C:\windows\SysWOW64\aspnet_counters.dll
2016-12-14 07:00 - 2016-11-30 07:27 - 00030400 _____ (Microsoft Corporation) C:\windows\system32\aspnet_counters.dll
2016-12-14 03:26 - 2016-11-19 22:24 - 00567152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-12-14 03:26 - 2016-11-19 22:24 - 00152856 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2016-12-14 03:26 - 2016-11-19 20:29 - 00401408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-12-14 03:26 - 2016-11-19 19:44 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-12-14 03:26 - 2016-11-19 18:53 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-12-14 03:26 - 2016-11-19 18:22 - 00111104 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2016-12-14 03:26 - 2016-11-16 22:49 - 00377176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\clfs.sys
2016-12-14 03:26 - 2016-11-12 22:06 - 00738104 _____ (Microsoft Corporation) C:\windows\system32\d3d10level9.dll
2016-12-14 03:26 - 2016-11-12 20:38 - 00613632 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10level9.dll
2016-12-14 03:26 - 2016-11-12 20:25 - 00576000 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-12-14 03:26 - 2016-11-12 20:08 - 25759744 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-12-14 03:26 - 2016-11-12 20:07 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-12-14 03:26 - 2016-11-12 19:53 - 06049280 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-12-14 03:26 - 2016-11-12 19:29 - 00498688 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-12-14 03:26 - 2016-11-12 19:23 - 01033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2016-12-14 03:26 - 2016-11-12 19:17 - 20302848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-12-14 03:26 - 2016-11-12 19:14 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-12-14 03:26 - 2016-11-12 19:10 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-12-14 03:26 - 2016-11-12 18:45 - 00880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2016-12-14 03:26 - 2016-11-12 18:41 - 15257088 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-12-14 03:26 - 2016-11-12 18:38 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-12-14 03:26 - 2016-11-12 18:37 - 04608000 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-12-14 03:26 - 2016-11-12 18:35 - 02920960 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-12-14 03:26 - 2016-11-12 18:21 - 13653504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-12-14 03:26 - 2016-11-12 18:20 - 01543680 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-12-14 03:26 - 2016-11-12 18:11 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-12-14 03:26 - 2016-11-12 18:05 - 02444800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-12-14 03:26 - 2016-11-12 18:02 - 01312256 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-12-14 03:26 - 2016-11-12 18:02 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-12-14 03:26 - 2016-11-11 03:33 - 01541240 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2016-12-14 03:26 - 2016-11-09 18:25 - 01376768 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2016-12-14 03:26 - 2016-11-05 21:46 - 00422744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2016-12-14 03:26 - 2016-11-05 19:35 - 04169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-12-14 03:26 - 2016-11-05 18:57 - 03320320 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2016-12-14 03:26 - 2016-11-05 18:11 - 03606528 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2016-12-14 03:26 - 2016-11-05 16:56 - 02778624 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-12-14 03:26 - 2016-11-05 16:46 - 02463744 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-12-14 03:26 - 2016-10-28 03:56 - 01380048 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-12-14 03:26 - 2016-10-27 15:28 - 01097728 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-12-14 03:26 - 2016-10-12 22:49 - 00379224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2016-12-14 03:26 - 2016-10-12 22:11 - 00922968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\refs.sys
2016-12-14 03:26 - 2016-10-11 17:45 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\TpmTasks.dll
2016-12-14 03:26 - 2016-10-11 00:31 - 00990040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2016-12-14 03:26 - 2016-10-10 19:18 - 00069976 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-12-14 03:26 - 2016-10-10 19:18 - 00022360 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cmimcext.sys
2016-12-14 03:26 - 2016-10-09 15:17 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\ActionQueue.dll
2016-12-14 03:26 - 2016-10-09 15:08 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\shsetup.dll
2016-12-14 03:26 - 2016-10-09 15:08 - 00095232 _____ (Microsoft Corporation) C:\windows\SysWOW64\shsetup.dll
2016-12-14 03:26 - 2016-10-08 23:24 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2016-12-14 03:26 - 2016-10-08 22:31 - 00498688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2016-12-14 03:26 - 2016-10-08 22:10 - 03547648 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2016-12-14 03:26 - 2016-10-05 15:01 - 01200128 _____ (Microsoft Corporation) C:\windows\system32\Windows.Globalization.dll
2016-12-14 03:26 - 2016-10-05 15:00 - 00868864 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Globalization.dll
2016-12-14 03:26 - 2016-10-05 15:00 - 00323072 _____ (Microsoft Corporation) C:\windows\system32\GlobCollationHost.dll
2016-12-14 03:26 - 2016-10-05 14:52 - 00513456 _____ C:\windows\SysWOW64\locale.nls
2016-12-14 03:26 - 2016-10-05 14:52 - 00513456 _____ C:\windows\system32\locale.nls
2016-12-14 03:26 - 2016-10-05 05:15 - 01969944 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2016-12-14 03:26 - 2016-10-05 05:15 - 01613528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2016-12-14 03:26 - 2016-10-05 05:15 - 00324896 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2016-12-14 03:26 - 2016-10-05 05:15 - 00245320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2016-12-14 03:26 - 2016-09-27 21:16 - 00445873 _____ C:\windows\system32\ApnDatabase.xml
2016-12-14 03:26 - 2016-09-20 23:30 - 02462040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2016-12-14 03:26 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\windows\SysWOW64\GlobCollationHost.dll
2016-12-13 23:54 - 2016-12-14 00:32 - 00000000 ____D C:\AdwCleaner
2016-12-13 23:54 - 2016-12-13 23:54 - 03968464 _____ C:\Users\Peter\Downloads\adwcleaner_6.040.exe
2016-12-13 23:02 - 2016-12-13 23:55 - 00000000 ____D C:\Program Files (x86)\RAR Password Unlocker
2016-12-13 23:02 - 2016-12-13 23:02 - 03291483 _____ C:\Users\Peter\Downloads\RAR Password unlocker full version.zip
2016-12-13 23:02 - 2016-12-13 23:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Unlocker
2016-12-13 22:39 - 2016-12-14 00:06 - 00002048 _____ C:\Users\Public\Desktop\ESET Ochrana online platieb.lnk
2016-12-13 22:39 - 2016-12-13 22:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-12-13 22:39 - 2016-12-13 22:39 - 00000000 ____D C:\ProgramData\ESET
2016-12-13 22:39 - 2016-12-13 22:39 - 00000000 ____D C:\Program Files\ESET
2016-12-13 22:24 - 2016-12-13 22:24 - 00000000 ____D C:\Users\Peter\Downloads\Mount.and.Blade.2.Bannerlord.PC
2016-12-13 22:23 - 2016-12-13 22:23 - 00014101 _____ C:\Users\Peter\Downloads\Mount.and.Blade.2.Bannerlord.PC.torrent
2016-12-13 22:23 - 2016-12-13 22:23 - 00000000 ____D C:\Users\Peter\AppData\LocalLow\uTorrent
2016-12-13 19:32 - 2016-12-14 22:52 - 00000000 ____D C:\FRST
2016-12-13 19:31 - 2016-12-13 19:31 - 02420224 _____ (Farbar) C:\Users\Peter\Downloads\FRST64.exe
2016-12-12 01:44 - 2016-12-12 01:44 - 00000000 ____D C:\ProgramData\SoftPerfect
2016-12-12 01:44 - 2016-12-12 01:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWorx
2016-12-12 01:44 - 2016-12-12 01:44 - 00000000 ____D C:\Program Files\NetWorx
2016-12-12 01:44 - 2016-10-04 18:04 - 00072632 _____ (NetFilterSDK.com) C:\windows\system32\Drivers\networx.sys
2016-12-12 01:43 - 2016-12-12 01:43 - 04778072 _____ (Softperfect ) C:\Users\Peter\Downloads\networx_setup.exe
2016-12-12 01:37 - 2016-12-12 02:00 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Wireshark
2016-12-12 01:26 - 2016-12-14 00:07 - 00001853 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2016-12-12 01:26 - 2016-12-12 01:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2016-12-12 01:26 - 2016-12-12 01:26 - 00000000 ____D C:\Program Files (x86)\WinPcap
2016-12-12 01:25 - 2016-12-14 00:07 - 00001653 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2016-12-12 01:24 - 2016-12-12 01:26 - 00000000 ____D C:\Program Files\Wireshark
2016-12-12 01:21 - 2016-12-12 01:21 - 49242104 _____ (Wireshark development team) C:\Users\Peter\Downloads\wireshark_2.2.2Win64-bit.exe
2016-12-07 19:50 - 2016-12-07 20:02 - 00000000 ____D C:\Users\Peter\Documents\Mount&Blade Savegames
2016-12-07 19:48 - 2016-12-14 00:06 - 00001066 _____ C:\Users\Peter\Desktop\Mount&Blade.lnk
2016-12-07 19:48 - 2016-12-07 19:50 - 00000000 ____D C:\Program Files (x86)\Mount&Blade
2016-12-07 19:48 - 2016-12-07 19:48 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mount&Blade
2016-12-07 19:48 - 2016-12-07 19:48 - 00000000 ____D C:\Program Files (x86)\M
2016-12-07 19:18 - 2016-12-07 19:45 - 494298474 _____ C:\Users\Peter\Downloads\Mount-and-blade-CZ.rar
2016-12-07 19:08 - 2016-12-07 19:10 - 00000000 ____D C:\Users\Peter\Downloads\Mount.and.Blade.Warband-SKIDROW
2016-12-07 18:18 - 2016-12-07 18:23 - 00000000 ____D C:\Users\Peter\Desktop\textures
2016-12-07 18:18 - 2016-12-07 18:18 - 00000000 ____D C:\Users\Peter\Desktop\Modules
2016-12-07 18:18 - 2016-12-07 18:18 - 00000000 ____D C:\Users\Peter\Desktop\languages
2016-12-07 15:46 - 2016-12-07 15:46 - 00929145 _____ () C:\Users\Peter\Downloads\Mount-and-Blade-Warband-Čeština.exe
2016-12-07 15:42 - 2016-12-07 15:42 - 00929145 _____ () C:\Users\Peter\Downloads\CZMAB.exe
2016-12-07 15:42 - 2016-12-07 15:42 - 00000000 ____D C:\Program Files (x86)\Čeština pro Mount and Blade 0.960
2016-12-07 15:38 - 2016-12-09 01:48 - 00000000 ____D C:\Users\Peter\Documents\Mount&Blade Warband Savegames
2016-12-07 15:26 - 2016-12-14 00:06 - 00001163 _____ C:\Users\Peter\Desktop\Mount&Blade Warband.lnk
2016-12-07 15:26 - 2016-12-07 15:26 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Mount&Blade Warband
2016-12-07 15:26 - 2016-12-07 15:26 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mount&Blade Warband
2016-12-07 15:26 - 2016-12-07 15:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount&Blade Warband
2016-12-07 15:25 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_42.dll
2016-12-07 15:25 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_42.dll
2016-12-07 15:25 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_41.dll
2016-12-07 15:23 - 2016-12-09 01:32 - 00000000 ____D C:\Users\Peter\Documents\Mount&Blade Warband
2016-12-07 15:23 - 2016-12-07 15:27 - 00000000 ____D C:\Program Files (x86)\Mount&Blade Warband
2016-12-07 15:21 - 2016-12-07 15:22 - 615036714 _____ C:\Users\Peter\Downloads\mount-blade-warband_1.153.exe
2016-12-07 15:17 - 2016-12-07 15:20 - 00000000 ____D C:\Users\Peter\Downloads\Mount and blade crack
2016-12-07 15:06 - 2016-12-07 22:48 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Mount&Blade
2016-12-07 15:05 - 2016-12-07 15:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount&Blade
2016-12-07 15:01 - 2016-12-07 15:02 - 399385059 _____ C:\Users\Peter\Downloads\mount-blade_1.011.exe
2016-11-30 10:05 - 2016-11-30 10:05 - 00760840 _____ C:\Users\Peter\Desktop\brunecký.rar
2016-11-23 15:08 - 2016-12-14 00:06 - 00001223 _____ C:\Users\Peter\Desktop\Spintires.lnk
2016-11-23 15:08 - 2016-11-23 15:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2016-11-23 15:08 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_7.dll
2016-11-23 15:08 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_7.dll
2016-11-23 15:08 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\windows\system32\xinput1_3.dll
2016-11-23 15:08 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\windows\SysWOW64\xinput1_3.dll
2016-11-23 15:06 - 2016-11-23 15:06 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2016-11-23 14:57 - 2016-11-23 14:58 - 00000000 ____D C:\Users\Peter\Downloads\[R.G. Mechanics] Spintires
2016-11-23 14:42 - 2016-11-23 14:43 - 00000000 ____D C:\Users\Peter\Downloads\Spintires-CODEX
2016-11-23 13:49 - 2016-11-23 13:49 - 12270080 _____ C:\Users\Peter\Downloads\Spintires - InstallShield Wizard.exe
2016-11-23 13:44 - 2016-11-23 16:46 - 00000000 ____D C:\Users\Peter\AppData\Roaming\SpinTires
2016-11-23 13:43 - 2016-11-23 13:43 - 00000000 ____D C:\Users\Peter\AppData\Local\Personal_use_only_(Darean
2016-11-23 13:41 - 2016-11-23 13:42 - 658291191 ____R C:\Users\Peter\Downloads\IGG-Spintires.Build 25.12.2015.zip
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-14 22:51 - 2016-04-13 10:41 - 00000000 ___DO C:\Users\Peter\OneDrive
2016-12-14 22:48 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\NDF
2016-12-14 22:34 - 2016-04-13 10:42 - 00003926 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{212AA5ED-FE81-4271-A9CC-E10E4E7FBC92}
2016-12-14 22:24 - 2016-04-13 10:47 - 00000000 ____D C:\Program Files (x86)\Opera
2016-12-14 22:23 - 2014-03-18 10:53 - 00915466 _____ C:\windows\system32\PerfStringBackup.INI
2016-12-14 22:23 - 2013-08-22 14:36 - 00000000 ____D C:\windows\Inf
2016-12-14 22:19 - 2013-08-22 15:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-12-14 22:18 - 2014-10-04 13:27 - 00006656 _____ C:\windows\system32\VfService.trf
2016-12-14 22:18 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\BBI
2016-12-14 22:15 - 2016-04-13 11:06 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-12-14 21:26 - 2016-05-15 16:05 - 00000000 ____D C:\Users\Peter\Desktop\HĽuza
2016-12-14 20:45 - 2013-08-22 15:44 - 00484024 _____ C:\windows\system32\FNTCACHE.DAT
2016-12-14 20:42 - 2013-08-22 14:36 - 00000000 ____D C:\windows\system32\oobe
2016-12-14 07:04 - 2013-08-22 16:20 - 00000000 ____D C:\windows\CbsTemp
2016-12-14 07:03 - 2016-04-17 02:46 - 00000000 ____D C:\windows\system32\MRT
2016-12-14 07:01 - 2016-04-17 02:46 - 135632432 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-12-14 04:18 - 2016-04-13 10:39 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-47896895-3338985398-2092846972-1001
2016-12-14 02:58 - 2016-10-26 16:48 - 00000565 _____ C:\windows\system32\Drivers\etc\hosts.ics
2016-12-14 00:07 - 2016-11-02 17:38 - 00001565 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2015.lnk
2016-12-14 00:07 - 2016-11-02 17:31 - 00001566 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015.lnk
2016-12-14 00:07 - 2016-10-27 09:49 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-12-14 00:07 - 2016-04-27 23:24 - 00002311 _____ C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-12-14 00:07 - 2016-04-27 20:56 - 00001066 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-12-14 00:07 - 2016-04-20 16:38 - 00000790 _____ C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2016-12-14 00:07 - 2016-04-13 17:20 - 00002518 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-12-14 00:07 - 2016-04-13 17:20 - 00002517 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-12-14 00:07 - 2016-04-13 17:20 - 00002478 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-12-14 00:07 - 2016-04-13 17:20 - 00002439 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-12-14 00:07 - 2016-04-13 17:20 - 00002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-12-14 00:07 - 2016-04-13 17:20 - 00002434 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-12-14 00:07 - 2016-04-13 17:20 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-12-14 00:07 - 2016-04-13 17:20 - 00002403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-12-14 00:07 - 2016-04-13 17:20 - 00002395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-12-14 00:07 - 2016-04-13 10:54 - 00001074 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-12-14 00:07 - 2016-04-13 10:50 - 00002709 _____ C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo Web Start.lnk
2016-12-14 00:07 - 2016-04-13 10:50 - 00002381 _____ C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
2016-12-14 00:07 - 2016-04-13 10:33 - 00001429 _____ C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-12-14 00:07 - 2016-04-13 10:29 - 00000445 _____ C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-12-14 00:07 - 2016-04-13 10:29 - 00000443 _____ C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-12-14 00:07 - 2014-10-04 13:29 - 00000000 ____D C:\ProgramData\Energy Manager
2016-12-14 00:06 - 2016-11-03 01:52 - 00001554 _____ C:\Users\Peter\Desktop\Visual Studio 2015.lnk
2016-12-14 00:06 - 2016-10-27 09:49 - 00002072 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-12-14 00:06 - 2016-09-27 18:12 - 00001523 _____ C:\Users\Peter\Desktop\Lazarus.lnk
2016-12-14 00:06 - 2016-08-20 00:34 - 00001058 _____ C:\Users\Public\Desktop\Hitman Absolution.lnk
2016-12-14 00:06 - 2016-06-15 12:23 - 00001357 _____ C:\Users\Public\Desktop\Euro Truck Simulator 2.lnk
2016-12-14 00:06 - 2016-05-23 11:40 - 00001721 _____ C:\Users\Peter\Desktop\Counter-Strike WaRzOnE.lnk
2016-12-14 00:06 - 2016-05-03 01:11 - 00002016 _____ C:\Users\Peter\Desktop\Vypínač na dobrou noc.lnk
2016-12-14 00:06 - 2016-04-27 20:56 - 00001048 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-12-14 00:06 - 2016-04-22 00:22 - 00001099 _____ C:\Users\Public\Desktop\Mafia II.lnk
2016-12-14 00:06 - 2016-04-22 00:11 - 00001834 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2016-12-14 00:06 - 2016-04-20 20:36 - 00001119 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-12-14 00:06 - 2016-04-20 16:38 - 00000876 _____ C:\Users\Peter\Desktop\Start Tor Browser.lnk
2016-12-14 00:06 - 2016-04-18 20:31 - 00001261 _____ C:\Users\Public\Desktop\Ashampoo Photo Commander 12.lnk
2016-12-14 00:06 - 2016-04-13 17:36 - 00000936 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-12-14 00:06 - 2016-04-13 11:08 - 00002723 _____ C:\Users\Public\Desktop\Skype.lnk
2016-12-14 00:06 - 2016-04-13 11:06 - 00000892 _____ C:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-12-14 00:06 - 2016-04-13 10:59 - 00000990 _____ C:\Users\Peter\Desktop\WinRAR.lnk
2016-12-14 00:06 - 2016-04-13 10:54 - 00001128 _____ C:\Users\Public\Desktop\Opera.lnk
2016-12-14 00:04 - 2013-08-22 16:36 - 00000000 ___RD C:\windows\ImmersiveControlPanel
2016-12-13 23:54 - 2016-04-15 15:42 - 00000000 ____D C:\Users\Peter\AppData\Roaming\uTorrent
2016-12-13 22:40 - 2013-08-22 16:36 - 00000000 ___HD C:\windows\ELAMBKUP
2016-12-13 22:15 - 2016-04-13 11:06 - 00003856 _____ C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-12-13 22:15 - 2016-04-13 11:06 - 00003718 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-12-13 22:15 - 2013-08-22 16:36 - 00000000 ____D C:\windows\SysWOW64\Macromed
2016-12-13 22:15 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\Macromed
2016-12-13 19:18 - 2016-11-02 18:14 - 00000000 ____D C:\Users\Peter\Documents\Visual Studio 2015
2016-12-13 18:37 - 2016-06-15 12:49 - 00000000 ____D C:\Users\Peter\Documents\Euro Truck Simulator 2
2016-12-12 13:12 - 2016-04-13 19:59 - 00000000 ____D C:\Users\Peter\AppData\Roaming\vlc
2016-12-12 01:25 - 2014-10-04 12:45 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-12 01:08 - 2016-04-20 20:36 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-09 04:13 - 2016-04-13 10:29 - 00000000 ____D C:\Users\Peter
2016-11-25 06:58 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-11-25 06:56 - 2014-10-04 13:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-11-24 23:08 - 2016-04-13 10:54 - 00003858 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1460541278
2016-11-24 04:24 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-24 04:24 - 2013-08-22 16:36 - 00000000 ____D C:\windows\AppReadiness
2016-11-15 15:57 - 2013-08-22 16:36 - 00000000 ____D C:\windows\rescache
2016-11-14 06:30 - 2013-08-22 16:36 - 00000000 ___RD C:\windows\ToastData
==================== Files in the root of some directories =======
2016-04-18 20:33 - 2016-04-18 20:33 - 0005120 _____ () C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-05-13 18:45 - 2016-05-13 18:45 - 0007601 _____ () C:\Users\Peter\AppData\Local\Resmon.ResmonCfg
2014-10-04 12:44 - 2014-10-04 12:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Peter\AppData\Local\Temp\cpa.exe
C:\Users\Peter\AppData\Local\Temp\oct2031.tmp.exe
C:\Users\Peter\AppData\Local\Temp\oct2642.tmp.exe
C:\Users\Peter\AppData\Local\Temp\oct4D24.tmp.exe
C:\Users\Peter\AppData\Local\Temp\oct687.tmp.exe
C:\Users\Peter\AppData\Local\Temp\octC76E.tmp.exe
C:\Users\Peter\AppData\Local\Temp\octCF7.tmp.exe
C:\Users\Peter\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-12-12 06:00
==================== End of FRST.txt ============================
-
Rudy
- Site Admin
- Příspěvky: 119381
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: vysoký UPload
Duplicitní IP mají podstatný vliv na připojení. Na váš problém ne. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\...\MountPoints2: G - "G:\setup.exe"
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\...\MountPoints2: {3b9455de-6502-11e6-8281-80193439446d} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\...\MountPoints2: {3b9455fc-6502-11e6-8281-80193439446d} - "F:\HiSuiteDownLoader.exe"
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-47896895-3338985398-2092846972-1001 -> DefaultScope {C8BB25FB-2E75-49CE-8B5B-B0C023BE402F} URL =
SearchScopes: HKU\S-1-5-21-47896895-3338985398-2092846972-1001 -> {C8BB25FB-2E75-49CE-8B5B-B0C023BE402F} URL =
C:\ProgramData\DP45977C.lfl
C:\Users\Peter\AppData\Local\Temp
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: vysoký UPload
Antivírus mi dokáže za minútu vyprodukovať aj 80-90 hlásení o tejto chyba .. dá sa tomu nejak predísť? alebo jednoducho zaškrtnúť nezobrazovať a nemusím mať obavu to neriešiť? ďakujem za odpoveď
Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by Peter (15-12-2016 20:34:36) Run:1
Running from C:\Users\Peter\Desktop
Loaded Profiles: Peter (Available Profiles: Peter)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\...\MountPoints2: G - "G:\setup.exe"
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\...\MountPoints2: {3b9455de-6502-11e6-8281-80193439446d} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\...\MountPoints2: {3b9455fc-6502-11e6-8281-80193439446d} - "F:\HiSuiteDownLoader.exe"
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-47896895-3338985398-2092846972-1001 -> DefaultScope {C8BB25FB-2E75-49CE-8B5B-B0C023BE402F} URL =
SearchScopes: HKU\S-1-5-21-47896895-3338985398-2092846972-1001 -> {C8BB25FB-2E75-49CE-8B5B-B0C023BE402F} URL =
C:\ProgramData\DP45977C.lfl
C:\Users\Peter\AppData\Local\Temp
EmptyTemp:
End
*****************
"HKU\S-1-5-21-47896895-3338985398-2092846972-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => key removed successfully
"HKU\S-1-5-21-47896895-3338985398-2092846972-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b9455de-6502-11e6-8281-80193439446d}" => key removed successfully
HKCR\CLSID\{3b9455de-6502-11e6-8281-80193439446d} => key not found.
"HKU\S-1-5-21-47896895-3338985398-2092846972-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b9455fc-6502-11e6-8281-80193439446d}" => key removed successfully
HKCR\CLSID\{3b9455fc-6502-11e6-8281-80193439446d} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-47896895-3338985398-2092846972-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C8BB25FB-2E75-49CE-8B5B-B0C023BE402F}" => key removed successfully
HKCR\CLSID\{C8BB25FB-2E75-49CE-8B5B-B0C023BE402F} => key not found.
Could not move "C:\ProgramData\DP45977C.lfl" => Scheduled to move on reboot.
"C:\Users\Peter\AppData\Local\Temp" folder move:
Could not move "C:\Users\Peter\AppData\Local\Temp" => Scheduled to move on reboot.
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 33206148 B
Java, Flash, Steam htmlcache => 840 B
Windows/system/drivers => 132769886 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 468725241 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 98269 B
systemprofile32 => 128 B
LocalService => 295018 B
NetworkService => 62368 B
Peter => 5419923164 B
RecycleBin => 762912 B
EmptyTemp: => 5.6 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 15-12-2016 20:36:38)
"C:\ProgramData\DP45977C.lfl" => Could not move
C:\Users\Peter\AppData\Local\Temp => moved successfully
==== End of Fixlog 20:36:38 ====
Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by Peter (15-12-2016 20:34:36) Run:1
Running from C:\Users\Peter\Desktop
Loaded Profiles: Peter (Available Profiles: Peter)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\...\MountPoints2: G - "G:\setup.exe"
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\...\MountPoints2: {3b9455de-6502-11e6-8281-80193439446d} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\...\MountPoints2: {3b9455fc-6502-11e6-8281-80193439446d} - "F:\HiSuiteDownLoader.exe"
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-47896895-3338985398-2092846972-1001 -> DefaultScope {C8BB25FB-2E75-49CE-8B5B-B0C023BE402F} URL =
SearchScopes: HKU\S-1-5-21-47896895-3338985398-2092846972-1001 -> {C8BB25FB-2E75-49CE-8B5B-B0C023BE402F} URL =
C:\ProgramData\DP45977C.lfl
C:\Users\Peter\AppData\Local\Temp
EmptyTemp:
End
*****************
"HKU\S-1-5-21-47896895-3338985398-2092846972-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => key removed successfully
"HKU\S-1-5-21-47896895-3338985398-2092846972-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b9455de-6502-11e6-8281-80193439446d}" => key removed successfully
HKCR\CLSID\{3b9455de-6502-11e6-8281-80193439446d} => key not found.
"HKU\S-1-5-21-47896895-3338985398-2092846972-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b9455fc-6502-11e6-8281-80193439446d}" => key removed successfully
HKCR\CLSID\{3b9455fc-6502-11e6-8281-80193439446d} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-47896895-3338985398-2092846972-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-47896895-3338985398-2092846972-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C8BB25FB-2E75-49CE-8B5B-B0C023BE402F}" => key removed successfully
HKCR\CLSID\{C8BB25FB-2E75-49CE-8B5B-B0C023BE402F} => key not found.
Could not move "C:\ProgramData\DP45977C.lfl" => Scheduled to move on reboot.
"C:\Users\Peter\AppData\Local\Temp" folder move:
Could not move "C:\Users\Peter\AppData\Local\Temp" => Scheduled to move on reboot.
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 33206148 B
Java, Flash, Steam htmlcache => 840 B
Windows/system/drivers => 132769886 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 468725241 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 98269 B
systemprofile32 => 128 B
LocalService => 295018 B
NetworkService => 62368 B
Peter => 5419923164 B
RecycleBin => 762912 B
EmptyTemp: => 5.6 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 15-12-2016 20:36:38)
"C:\ProgramData\DP45977C.lfl" => Could not move
C:\Users\Peter\AppData\Local\Temp => moved successfully
==== End of Fixlog 20:36:38 ====
-
Rudy
- Site Admin
- Příspěvky: 119381
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: vysoký UPload
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?