Prosím o kontrolu logu

[tRaviss]

2. část:

2017-01-11 18:49 - 2016-12-14 05:39 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2017-01-11 18:49 - 2016-12-14 05:39 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.CredDialogController.dll
2017-01-11 18:49 - 2016-12-14 05:38 - 17188864 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2017-01-11 18:49 - 2016-12-14 05:38 - 13869056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2017-01-11 18:49 - 2016-12-14 05:38 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\CloudBackupSettings.dll
2017-01-11 18:49 - 2016-12-14 05:38 - 00213504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-11 18:49 - 2016-12-14 05:37 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2017-01-11 18:49 - 2016-12-14 05:36 - 01002496 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2017-01-11 18:49 - 2016-12-14 05:36 - 00539648 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2017-01-11 18:49 - 2016-12-14 05:36 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2017-01-11 18:49 - 2016-12-14 05:35 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-11 18:49 - 2016-12-14 05:35 - 00712192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-01-11 18:49 - 2016-12-14 05:35 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2017-01-11 18:49 - 2016-12-14 05:35 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2017-01-11 18:49 - 2016-12-14 05:32 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2017-01-11 18:49 - 2016-12-14 05:26 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-11 18:49 - 2016-12-14 05:26 - 00869888 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-01-11 18:49 - 2016-12-14 05:25 - 02009600 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2017-01-11 18:49 - 2016-12-14 05:24 - 01005568 _____ (Microsoft Corporation) C:\Windows\system32\D3D12.dll
2017-01-11 18:49 - 2016-12-14 05:24 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2017-01-11 18:49 - 2016-12-14 05:23 - 03134976 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2017-01-11 18:49 - 2016-12-14 05:23 - 01231872 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2017-01-11 18:49 - 2016-12-14 05:22 - 02748416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2017-01-11 18:49 - 2016-12-14 05:22 - 02317824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-01-11 18:49 - 2016-12-14 05:22 - 01513472 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2017-01-11 18:49 - 2016-12-14 05:22 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2017-01-11 18:49 - 2016-12-14 05:21 - 03616768 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2017-01-11 18:49 - 2016-11-02 13:01 - 00484584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-01-11 18:49 - 2016-11-02 12:00 - 00534096 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2017-01-11 18:49 - 2016-11-02 11:28 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-11 18:49 - 2016-11-02 11:22 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2017-01-11 18:49 - 2016-11-02 11:21 - 00942080 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-01-11 18:49 - 2016-08-02 05:30 - 00822784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2017-01-11 18:48 - 2016-12-21 08:42 - 00241504 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHost.dll
2017-01-11 18:48 - 2016-12-21 08:13 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCsp.dll
2017-01-11 18:48 - 2016-12-21 08:12 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\ProvPluginEng.dll
2017-01-11 18:48 - 2016-12-21 08:10 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCore.dll
2017-01-11 18:48 - 2016-12-21 08:08 - 01292288 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll
2017-01-11 18:48 - 2016-12-21 08:08 - 00349184 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2017-01-11 18:48 - 2016-12-21 05:24 - 05061120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2017-01-11 18:48 - 2016-12-21 05:24 - 03733504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-01-11 18:48 - 2016-12-21 05:24 - 00886272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2017-01-11 18:48 - 2016-12-21 05:22 - 00860672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2017-01-11 18:48 - 2016-12-14 06:26 - 01469792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppVEntSubsystems32.dll
2017-01-11 18:48 - 2016-12-14 06:08 - 00341344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-11 18:48 - 2016-12-14 06:06 - 00509792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2017-01-11 18:48 - 2016-12-14 05:45 - 00147968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32k.sys
2017-01-11 18:48 - 2016-12-14 05:40 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\ConsoleLogon.dll
2017-01-11 18:48 - 2016-12-14 05:40 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 18:48 - 2016-12-14 05:32 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3D12.dll
2017-01-11 18:48 - 2016-12-14 05:22 - 02998272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-01-11 18:48 - 2016-12-14 05:22 - 00707584 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2017-01-10 20:08 - 2017-01-21 11:17 - 00000000 ____D C:\Program Files (x86)\Amazon
2017-01-10 20:07 - 2017-01-21 10:13 - 00000000 ____D C:\ProgramData\Oracle
2017-01-10 20:07 - 2017-01-21 10:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-10 20:07 - 2017-01-21 10:12 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-01-10 20:07 - 2017-01-10 20:07 - 00000000 ____D C:\Users\dalib\AppData\Roaming\Sun
2017-01-10 20:07 - 2017-01-10 20:07 - 00000000 ____D C:\Users\dalib\AppData\LocalLow\Sun
2017-01-10 20:06 - 2017-01-21 10:13 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-10 20:04 - 2017-01-10 20:04 - 00737344 _____ (Oracle Corporation) C:\Users\dalib\Downloads\JavaSetup8u111.exe
2017-01-10 20:00 - 2017-01-10 20:00 - 00308281 _____ C:\Users\dalib\Downloads\XRay-47.jar
2017-01-10 19:14 - 2017-01-10 20:09 - 00000000 ____D C:\Users\dalib\AppData\Roaming\.minecraft
2017-01-10 19:14 - 2017-01-10 19:14 - 00000000 ____D C:\Users\dalib\AppData\Roaming\java
2017-01-10 19:12 - 2017-01-10 19:13 - 00000000 ____D C:\Program Files (x86)\Minecraft
2017-01-10 19:12 - 2017-01-10 19:12 - 00001032 _____ C:\Users\Public\Desktop\Minecraft.lnk
2017-01-10 19:12 - 2017-01-10 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2017-01-09 21:23 - 2017-01-21 10:13 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2017-01-04 21:12 - 2017-01-08 10:45 - 00000011 _____ C:\Users\dalib\Desktop\Nový textový dokument (2).txt
2017-01-04 21:02 - 2017-01-04 21:02 - 00002100 _____ C:\Users\Public\Desktop\Bloody6.lnk
2017-01-04 21:02 - 2017-01-04 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloody
2017-01-04 21:01 - 2017-01-04 21:01 - 00000000 ____D C:\Program Files (x86)\Bloody6
2017-01-03 17:38 - 2017-01-03 17:38 - 00000000 ____D C:\Windows\system32\˙˙˙˙˙˙˙˙8
2017-01-02 00:34 - 2017-01-02 00:34 - 00000000 ____D C:\Users\dalib\AppData\Local\FreemakeVideoConverter
2017-01-02 00:33 - 2017-01-02 00:34 - 00000000 ____D C:\Users\dalib\Documents\Freemake
2016-12-31 14:36 - 2016-12-31 14:36 - 00000083 _____ C:\Users\dalib\Desktop\Kachan.txt
2016-12-30 18:58 - 2016-12-30 18:58 - 00000083 _____ C:\Users\dalib\Desktop\Luther.txt
2016-12-30 01:23 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2016-12-30 01:23 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2016-12-30 01:23 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2016-12-30 01:23 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2016-12-30 01:23 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2016-12-30 01:23 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2016-12-30 01:23 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2016-12-30 01:23 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2016-12-30 01:23 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2016-12-30 01:23 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2016-12-30 01:23 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2016-12-30 01:23 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2016-12-30 01:23 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2016-12-30 01:23 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2016-12-30 01:23 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2016-12-30 01:23 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2016-12-30 01:23 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2016-12-30 01:23 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2016-12-30 01:23 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2016-12-30 01:23 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2016-12-30 01:23 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2016-12-30 01:23 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2016-12-30 01:23 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2016-12-30 01:23 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2016-12-30 01:23 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2016-12-30 01:23 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2016-12-30 01:23 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2016-12-30 01:23 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2016-12-30 01:23 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2016-12-30 01:23 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2016-12-30 01:23 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2016-12-30 01:23 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2016-12-30 01:23 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2016-12-30 01:23 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2016-12-30 01:23 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2016-12-30 01:23 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2016-12-30 01:23 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2016-12-30 01:23 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2016-12-30 01:23 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2016-12-30 01:23 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2016-12-30 01:23 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2016-12-30 01:23 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2016-12-30 01:23 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2016-12-30 01:23 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2016-12-30 01:23 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2016-12-30 01:23 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2016-12-30 01:23 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2016-12-30 01:23 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2016-12-30 01:23 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2016-12-30 01:23 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2016-12-30 01:23 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2016-12-30 01:23 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2016-12-30 01:23 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2016-12-30 01:23 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2016-12-30 01:23 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2016-12-30 01:23 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2016-12-30 01:23 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2016-12-30 01:23 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2016-12-30 01:23 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2016-12-30 01:23 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2016-12-30 01:23 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2016-12-30 01:23 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2016-12-30 01:23 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2016-12-30 01:23 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2016-12-30 01:23 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2016-12-30 01:23 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2016-12-30 01:23 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2016-12-30 01:23 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2016-12-30 01:23 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2016-12-30 01:23 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2016-12-30 01:23 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2016-12-30 01:23 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2016-12-30 01:23 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2016-12-30 01:23 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2016-12-30 01:23 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2016-12-30 01:23 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2016-12-30 01:23 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2016-12-30 01:23 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2016-12-30 01:23 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2016-12-30 01:23 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2016-12-30 01:23 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2016-12-30 01:23 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2016-12-30 01:23 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2016-12-30 01:23 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2016-12-30 01:23 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2016-12-30 01:23 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2016-12-30 01:23 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2016-12-30 01:23 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2016-12-30 01:23 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2016-12-30 01:23 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2016-12-30 01:23 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2016-12-30 01:23 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2016-12-30 01:23 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2016-12-30 01:23 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2016-12-30 01:23 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2016-12-30 01:23 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2016-12-30 01:23 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2016-12-30 01:23 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2016-12-30 01:23 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2016-12-30 01:23 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2016-12-30 01:23 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2016-12-30 01:23 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2016-12-30 01:23 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2016-12-30 01:23 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2016-12-30 01:23 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2016-12-30 01:23 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2016-12-30 01:23 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2016-12-30 01:23 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2016-12-30 01:23 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2016-12-30 01:23 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2016-12-30 01:23 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2016-12-30 01:23 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2016-12-30 01:23 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2016-12-30 01:23 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2016-12-30 01:23 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2016-12-30 01:23 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2016-12-30 01:23 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2016-12-30 01:23 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2016-12-30 01:23 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2016-12-30 01:23 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2016-12-30 01:23 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2016-12-30 01:23 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2016-12-30 01:23 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2016-12-30 01:23 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2016-12-30 01:23 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2016-12-30 01:23 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2016-12-30 01:23 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2016-12-30 01:23 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2016-12-30 01:23 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2016-12-30 01:23 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2016-12-30 01:23 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2016-12-30 01:23 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2016-12-30 01:23 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2016-12-30 01:23 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2016-12-30 01:23 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2016-12-30 01:23 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2016-12-30 01:23 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2016-12-30 01:23 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2016-12-30 01:23 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2016-12-30 01:23 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2016-12-30 01:23 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2016-12-30 01:23 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2016-12-30 01:23 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2016-12-30 01:23 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2016-12-30 01:22 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2016-12-30 01:22 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2016-12-30 01:22 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2016-12-30 01:22 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2016-12-30 01:22 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2016-12-30 01:22 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2016-12-30 01:22 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2016-12-30 01:22 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2016-12-30 01:22 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2016-12-30 01:22 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2016-12-30 01:22 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2016-12-30 01:22 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2016-12-30 01:22 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2016-12-30 01:22 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2016-12-30 01:22 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2016-12-30 01:22 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2016-12-30 01:22 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2016-12-30 01:22 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2016-12-30 01:22 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2016-12-30 01:22 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2016-12-30 01:22 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2016-12-30 01:22 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2016-12-30 01:22 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2016-12-30 01:22 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2016-12-30 01:22 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2016-12-30 01:22 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2016-12-30 01:22 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2016-12-30 01:22 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2016-12-30 01:22 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2016-12-30 01:22 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2016-12-30 01:22 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2016-12-30 01:22 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2016-12-30 01:22 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2016-12-30 01:22 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2016-12-30 01:22 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2016-12-30 01:22 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2016-12-30 01:22 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2016-12-30 01:22 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2016-12-28 13:08 - 2017-01-22 15:26 - 00036864 ___SH C:\Users\dalib\Documents\Thumbs.db
2016-12-28 13:03 - 2017-01-19 20:01 - 00000049 _____ C:\Windows\SysWOW64\ScrRecX.log
2016-12-28 13:03 - 2008-08-18 19:18 - 00077824 _____ (Fox Magic Software) C:\Windows\SysWOW64\fmcodec.DLL
2016-12-28 00:20 - 2016-12-28 00:20 - 00051800 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2016-12-28 00:19 - 2016-12-28 00:19 - 00938624 _____ (COMODO) C:\Windows\system32\guard64.dll
2016-12-28 00:19 - 2016-12-28 00:19 - 00730824 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2016-12-28 00:17 - 2016-12-28 00:17 - 00463032 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2016-12-28 00:17 - 2016-12-28 00:17 - 00230584 _____ (COMODO) C:\Windows\system32\cmdshim64.dll
2016-12-28 00:15 - 2016-12-28 00:15 - 00366776 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2016-12-28 00:15 - 2016-12-28 00:15 - 00194744 _____ (COMODO) C:\Windows\SysWOW64\cmdshim32.dll
2016-12-27 19:36 - 2016-12-27 19:36 - 00013248 _____ C:\Users\dalib\Documents\Jimi.png
2016-12-27 19:09 - 2017-01-26 17:25 - 00050688 ___SH C:\Users\dalib\Desktop\Thumbs.db
2016-12-27 18:44 - 2016-12-27 18:44 - 00000000 ____D C:\Users\dalib\AppData\Local\fabi.me
2016-12-27 18:36 - 2016-12-27 18:36 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2016-12-27 18:36 - 2016-12-27 18:36 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-12-27 18:36 - 2016-12-27 18:36 - 00000000 ____D C:\Program Files\MSBuild
2016-12-27 18:36 - 2016-12-27 18:36 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-12-27 18:36 - 2016-12-27 18:36 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-12-27 18:35 - 2016-05-25 14:31 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2016-12-27 18:35 - 2016-05-25 14:31 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-12-27 18:35 - 2016-05-25 14:31 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2016-12-27 18:35 - 2016-05-25 11:03 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2016-12-27 18:35 - 2016-05-25 11:03 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-12-27 18:35 - 2016-05-25 11:03 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2016-12-27 18:10 - 2016-12-27 18:10 - 00000000 ____D C:\Users\dalib\AppData\Local\Programs
2016-12-27 10:15 - 2016-12-27 10:15 - 00000000 ____D C:\ProgramData\AMD

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-26 19:49 - 2016-07-16 12:36 - 00000000 ____D C:\Windows\CbsTemp
2017-01-26 19:47 - 2016-12-24 18:52 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-01-26 18:31 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\AppReadiness
2017-01-26 12:45 - 2016-07-16 12:45 - 00000000 ____D C:\Windows\INF
2017-01-26 12:41 - 2016-12-24 19:07 - 01646252 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-26 12:41 - 2016-07-16 23:25 - 00547710 _____ C:\Windows\system32\perfh005.dat
2017-01-26 12:41 - 2016-07-16 23:25 - 00114788 _____ C:\Windows\system32\perfc005.dat
2017-01-25 23:48 - 2016-12-24 18:55 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-25 23:47 - 2016-12-24 19:18 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-01-25 23:47 - 2016-12-24 19:02 - 00000000 ____D C:\Users\dalib
2017-01-25 23:47 - 2016-07-16 07:04 - 00262144 _____ C:\Windows\system32\config\BBI
2017-01-25 23:38 - 2016-07-16 12:47 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-01-25 22:13 - 2016-12-24 20:05 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-25 15:52 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-25 10:50 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\LiveKernelReports
2017-01-21 10:24 - 2016-12-24 19:02 - 00000000 ____D C:\Users\dalib\AppData\Local\VirtualStore
2017-01-21 10:21 - 2016-12-24 19:18 - 00000000 ____D C:\Users\dalib\AppData\Local\AMD
2017-01-21 10:03 - 2016-12-24 19:34 - 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-01-21 10:03 - 2016-12-24 19:34 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-21 10:03 - 2016-12-24 18:52 - 00194440 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-20 19:24 - 2016-12-24 19:23 - 00003960 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1482603790
2017-01-20 19:24 - 2016-12-24 19:23 - 00001122 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-01-20 19:24 - 2016-12-24 19:09 - 00000000 ____D C:\Program Files (x86)\Opera
2017-01-15 20:37 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\rescache
2017-01-15 01:01 - 2016-12-24 19:34 - 00004042 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-01-15 01:01 - 2016-12-24 19:34 - 00003900 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-15 01:01 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-15 01:01 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-13 17:28 - 2016-12-24 19:02 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-12 22:29 - 2016-07-16 12:47 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-01-12 22:29 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2017-01-12 22:29 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\system32\oobe
2017-01-12 22:29 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\ShellExperiences
2017-01-12 22:29 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\Provisioning
2017-01-12 22:29 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-01-12 21:16 - 2016-12-24 23:21 - 00144384 ___SH C:\Users\dalib\Downloads\Thumbs.db
2017-01-12 18:10 - 2016-12-24 20:10 - 00000000 ____D C:\Windows\system32\MRT
2017-01-12 18:08 - 2016-12-24 20:10 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-09 00:15 - 2016-12-24 19:31 - 00000000 ____D C:\Program Files\CCleaner
2017-01-03 18:13 - 2016-07-16 12:43 - 00471040 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2017-01-03 18:13 - 2016-07-16 12:43 - 00395264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2017-01-03 18:13 - 2016-07-16 12:43 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplayx.dll
2017-01-03 18:13 - 2016-07-16 12:43 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll
2017-01-03 18:13 - 2016-07-16 12:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll
2017-01-03 18:13 - 2016-07-16 12:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpwsockx.dll
2017-01-03 18:13 - 2016-07-16 12:43 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2017-01-03 18:13 - 2016-07-16 12:43 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpmodemx.dll
2017-01-03 18:13 - 2016-07-16 12:43 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
2017-01-03 18:13 - 2016-07-16 12:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe
2017-01-03 18:13 - 2016-07-16 12:43 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dpnhupnp.dll
2017-01-03 18:13 - 2016-07-16 12:43 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dpnhpast.dll
2017-01-03 18:13 - 2016-07-16 12:43 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll
2017-01-03 18:13 - 2016-07-16 12:43 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll
2017-01-03 18:13 - 2016-07-16 12:43 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\dpnlobby.dll
2017-01-03 18:13 - 2016-07-16 12:43 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\dpnaddr.dll
2017-01-03 18:13 - 2016-07-16 12:43 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnlobby.dll
2017-01-03 18:13 - 2016-07-16 12:43 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnaddr.dll
2016-12-30 20:30 - 2016-07-16 07:04 - 00000000 ____D C:\Windows\Logs
2016-12-30 01:26 - 2016-07-16 12:47 - 00000000 ___SD C:\ProgramData\Microsoft
2016-12-28 15:39 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\Tasks
2016-12-27 18:36 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-12-27 18:36 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\system32\MUI
2016-12-27 18:20 - 2015-07-01 22:07 - 00088248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
2016-12-27 18:20 - 2015-07-01 22:07 - 00088248 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-26 19:48

==================== End of FRST.txt ============================

[Reklama]

[tRaviss]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-01-2017 01
Ran by Dalibor (26-01-2017 22:08:31)
Running from C:\Users\dalib\Desktop
Windows 10 Pro Version 1607 (X64) (2016-12-24 18:01:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1767994268-4153662662-1501429079-500 - Administrator - Disabled)
Dalibor (S-1-5-21-1767994268-4153662662-1501429079-1001 - Administrator - Enabled) => C:\Users\dalib
DefaultAccount (S-1-5-21-1767994268-4153662662-1501429079-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1767994268-4153662662-1501429079-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1767994268-4153662662-1501429079-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1767994268-4153662662-1501429079-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Disabled - Up to date) {D0CC7563-ABD2-DEBE-138E-FDD553335AF2}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Disabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Action! (HKLM-x32\...\Mirillis Action!) (Version: 2.1.0 - Mirillis)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Amazon Assistant (HKLM-x32\...\{AA11FD16-297F-452D-9015-F9014303CDD3}) (Version: 10.16.1216 - Amazon) <==== ATTENTION
AMD Settings (HKLM\...\WUCCCApp) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.)
Bloody6 (HKLM-x32\...\Bloody3) (Version: 16.12.0020 - Bloody)
Catalyst Control Center Next Localization BR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
COMODO Internet Security Premium (HKLM\...\COMODO Internet Security) (Version: 10.0.0.6092 - COMODO Security Solutions Inc.)
COMODO Internet Security Premium (Version: 10.0.0.6092 - COMODO Security Solutions Inc.) Hidden
Counter-Strike (HKLM\...\Steam App 10) (Version: - Valve)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Malwarebytes verze 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Opera Stable 42.0.2393.137 (HKLM-x32\...\Opera 42.0.2393.137) (Version: 42.0.2393.137 - Opera Software)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-1767994268-4153662662-1501429079-1001\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {195C08EC-0666-4E0F-B6EE-4DA04B9E12E4} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO)
Task: {287A3729-6402-4634-8810-0D04E77FCDA6} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe [2017-01-15] (Adobe Systems Incorporated)
Task: {4E86D49E-76EB-4D06-85D6-01FEE55A4CDB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-15] (Adobe Systems Incorporated)
Task: {517B383A-26AF-4576-814C-519F4682CFCA} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO)
Task: {59B43CE9-7A38-4A72-AA21-613FFB52E2D4} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO)
Task: {714A11B7-3F54-49FB-A66A-A2337DC743C6} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO)
Task: {772BC1DF-0DB5-4D4E-A54B-42EF913A513B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {932A62ED-2E01-49E5-8540-593948D858C1} - System32\Tasks\Opera scheduled Autoupdate 1482603790 => C:\Program Files (x86)\Opera\launcher.exe [2017-01-16] (Opera Software)
Task: {A185FB15-9737-4250-AA10-5518961C298E} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO)
Task: {C14E8122-6366-4C89-A438-0975EA3F15B5} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-12-28] (COMODO)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-12-16 14:05 - 2016-12-16 14:05 - 00099000 _____ () C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
2016-12-28 00:17 - 2016-12-28 00:17 - 00155320 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdwrhlp.dll
2016-12-28 00:16 - 2016-12-28 00:16 - 00107704 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll
2016-12-28 00:16 - 2016-12-28 00:16 - 00179896 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll
2017-01-21 10:20 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-21 10:20 - 2016-12-14 12:55 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-01-21 10:20 - 2016-12-14 12:55 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-09-16 15:38 - 2016-09-16 15:38 - 00155016 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-12-24 20:09 - 2016-12-09 11:29 - 02681200 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-12-24 20:09 - 2016-12-09 11:29 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-12-24 20:09 - 2016-12-09 11:29 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-12-24 20:08 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 18:49 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 18:49 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 18:49 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 18:49 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 18:49 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 18:49 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-03-16 10:25 - 2016-03-16 10:25 - 00073912 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2017-01-25 15:52 - 2017-01-25 15:52 - 03865600 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1701.10102.0_x64__8wekyb3d8bbwe\Calculator.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\amazon.com -> hxxps://amazon.com
IE trusted site: HKU\S-1-5-21-1767994268-4153662662-1501429079-1001\...\amazon.com -> hxxps://amazon.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2017-01-25 22:52 - 00000753 ____A C:\Windows\system32\Drivers\etc\hosts


127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1767994268-4153662662-1501429079-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 10.0.0.1 - 10.0.0.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run: => "COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}"
HKU\S-1-5-21-1767994268-4153662662-1501429079-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1767994268-4153662662-1501429079-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1767994268-4153662662-1501429079-1001\...\StartupApproved\Run: => "FMClickerPro_Updater_1"
HKU\S-1-5-21-1767994268-4153662662-1501429079-1001\...\StartupApproved\Run: => "RandomMouseClicker"
HKU\S-1-5-21-1767994268-4153662662-1501429079-1001\...\StartupApproved\Run: => "Bloody2"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{B48A8B96-7A7C-4E23-A23A-B60727345A05}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0168174E-DC90-4537-AB64-31E6C622DF3A}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D7D0BDEE-B4E7-4125-B142-14025A2FA286}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{9A4343CC-FB95-4E37-97E3-BA6FE5F1B0F1}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{F99A2152-4924-4D52-999A-5C5575CF8AF3}F:\torrent\utorrent.exe] => F:\torrent\utorrent.exe
FirewallRules: [UDP Query User{01C2BDF9-4B5E-48AC-ADE9-883DBDF7A74D}F:\torrent\utorrent.exe] => F:\torrent\utorrent.exe
FirewallRules: [{FB58B088-F853-4685-A358-B1DEB0A32B73}] => F:\torrent\utorrent.exe
FirewallRules: [{A65BE948-7403-406F-B50C-5DDC72714702}] => F:\torrent\utorrent.exe
FirewallRules: [{0A8F912F-CBDE-494A-97CF-76B63F3F933E}] => D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{BB40F085-D634-4EDE-ABED-B2163DCC2725}] => D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{1EC350CE-750D-4653-8967-1FDC3D4BB64F}] => C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{25729C37-232C-4CCE-98A6-43E26A2ACF03}] => C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{9450C19B-EA98-4BC8-B369-391C259A3F0A}] => C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe

==================== Restore Points =========================

25-01-2017 22:50:01 zoek.exe restore point

==================== Faulty Device Manager Devices =============

Name: Disketová jednotka
Description: Disketová jednotka
Class Guid: {4d36e980-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní disketové jednotky)
Service: flpydisk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/25/2017 10:50:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (01/25/2017 10:36:22 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/25/2017 10:36:22 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/25/2017 10:36:02 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/25/2017 10:36:02 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/25/2017 10:36:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: cmdagent.exe, verze: 10.0.0.6092, časové razítko: 0x5862e71e
Název chybujícího modulu: ntdll.dll, verze: 10.0.14393.479, časové razítko: 0x5825887f
Kód výjimky: 0xc0000374
Posun chyby: 0x00000000000f8283
ID chybujícího procesu: 0x1d4c
Čas spuštění chybující aplikace: 0x01d273eceb9fd442
Cesta k chybující aplikaci: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\ntdll.dll
ID zprávy: fa4cca48-2c9e-40d4-8c4b-05cd517ca66a
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/25/2017 10:36:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: wmiprvse.exe, verze: 10.0.14393.0, časové razítko: 0x57899ab2
Název chybujícího modulu: NetEventPacketCapture.dll, verze: 10.0.14393.206, časové razítko: 0x57dacea5
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000160d3
ID chybujícího procesu: 0x1930
Čas spuštění chybující aplikace: 0x01d27752fb6b7d5c
Cesta k chybující aplikaci: C:\Windows\system32\wbem\wmiprvse.exe
Cesta k chybujícímu modulu: C:\Windows\system32\wbem\NetEventPacketCapture.dll
ID zprávy: 4b69b29c-0baf-40f9-b19d-7cc9019290c2
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/22/2017 07:51:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: microsoftedgecp.exe, verze: 11.0.14393.82, časové razítko: 0x57a55786
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000604
Posun chyby: 0x0000000000000000
ID chybujícího procesu: 0x1fd4
Čas spuštění chybující aplikace: 0x01d274e08470b62a
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 690d7a9a-692d-41c7-871c-9837411b8a7b
Úplný název chybujícího balíčku: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: MicrosoftEdge

Error: (01/22/2017 07:51:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: microsoftedgecp.exe, verze: 11.0.14393.82, časové razítko: 0x57a55786
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000604
Posun chyby: 0x0000000000000000
ID chybujícího procesu: 0x1fd4
Čas spuštění chybující aplikace: 0x01d274e08470b62a
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: e389ffc5-425a-44d7-b9fb-c63ac42d3dd5
Úplný název chybujícího balíčku: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: MicrosoftEdge

Error: (01/22/2017 07:51:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: microsoftedgecp.exe, verze: 11.0.14393.82, časové razítko: 0x57a55786
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000604
Posun chyby: 0x0000000000000000
ID chybujícího procesu: 0x1fd4
Čas spuštění chybující aplikace: 0x01d274e08470b62a
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 83d2fcc7-9efb-464f-b2d4-77ef649aada5
Úplný název chybujícího balíčku: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: MicrosoftEdge


System errors:
=============
Error: (01/26/2017 05:25:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
a APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/26/2017 02:20:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/26/2017 12:38:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
a APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/25/2017 11:48:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/25/2017 11:48:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
a APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/25/2017 11:48:10 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba HomeGroupListener skončila s následující chybou specifickou pro službu:
%%2147944153 = Pro mapovač koncových bodů nejsou k dispozici další koncové body.

Error: (01/25/2017 11:47:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/25/2017 11:38:52 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (01/25/2017 11:38:52 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (01/25/2017 11:38:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.


CodeIntegrity:
===================================
Date: 2017-01-21 11:25:11.831
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-21 11:24:38.932
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-21 11:24:36.805
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-21 11:24:36.370
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-21 10:40:58.680
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 37%
Total physical RAM: 4094.49 MB
Available physical RAM: 2552.48 MB
Total Virtual: 6014.49 MB
Available Virtual: 4281.38 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:111.3 GB) (Free:89.69 GB) NTFS
Drive d: (Hry) (Fixed) (Total:300.29 GB) (Free:287.36 GB) NTFS
Drive e: (MOBIL) (Removable) (Total:7.41 GB) (Free:6.35 GB) FAT32
Drive f: (Filmy) (Fixed) (Total:398.34 GB) (Free:261.92 GB) NTFS
Drive m: () (Removable) (Total:1.27 GB) (Free:1 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or (Size: 111.8 GB) (Disk ID: 108EEA39)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 698.6 GB) (Disk ID: 02DE97FB)
Partition 1: (Not Active) - (Size=300.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=398.3 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 7.4 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 7 (Size: 1.3 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

[jaro3]

Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Na konci klepni na tlačítko Nastavení (ozubené kolo v rohu)> Advanced> ""
- "Přečetl jsem si upozornění a chci pokračovat stejně .....
Zaškrtnutí Auto Launch
Nezaškrtnutí Auto upload
Zaškrtnutí All Browser Extensions (Všechna rozšíření prohlížeče)
Inteligentní nastavení skenování jako náhrada za hloubkové prověření
Zavři všechny otevřené soubory, složky a prohlížeče
Klepni na tlačítko Scan now (Skenovat) a začne sken hrozeb.
Když je skenování dokončeno, objeví se tisková zpráva , zkopíruj sem celý obsah té zprávy.

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
() C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
SearchScopes: HKU\S-1-5-21-1767994268-4153662662-1501429079-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
R2 Amazon Assistant Service; C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe [99000 2016-12-16] ()
C:\Program Files (x86)\Amazon\Amazon Assistant
C:\Users\dalib\AppData\Local\PeerDistRepub
Amazon Assistant (HKLM-x32\...\{AA11FD16-297F-452D-9015-F9014303CDD3}) (Version: 10.16.1216 - Amazon) <==== ATTENTION
IE trusted site: HKU\.DEFAULT\...\amazon.com -> hxxps://amazon.com
IE trusted site: HKU\S-1-5-21-1767994268-4153662662-1501429079-1001\...\amazon.com -> hxxps://amazon.com

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

AV: Malwarebytes---------- trvale vypni ochranu v reálném čase.


C:\Windows\system32\˙˙˙˙˙˙˙˙8---------- podívej se co je v té složce.

[tRaviss]

u toho ZemanAntiMalware mi nic po skenování nevyskočilo, našlo to jedinou chybu a to nastavení domovské stránky v Miscrosoft Edge. Měl jsem tam nastavenou stránku na "tracker.cztorrent.net" Po skenování jsem zkusil kliknout na tlačítko Next, jestli se mi neobjeví žádná zpráva a nic.. Jen se opravila ta domovská stránka.

[tRaviss]

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-01-2017 01
Ran by Dalibor (27-01-2017 14:13:31) Run:1
Running from C:\Users\dalib\Desktop
Loaded Profiles: Dalibor (Available Profiles: defaultuser0 & Dalibor)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
() C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
SearchScopes: HKU\S-1-5-21-1767994268-4153662662-1501429079-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
R2 Amazon Assistant Service; C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe [99000 2016-12-16] ()
C:\Program Files (x86)\Amazon\Amazon Assistant
C:\Users\dalib\AppData\Local\PeerDistRepub
Amazon Assistant (HKLM-x32\...\{AA11FD16-297F-452D-9015-F9014303CDD3}) (Version: 10.16.1216 - Amazon) <==== ATTENTION
IE trusted site: HKU\.DEFAULT\...\amazon.com -> hxxps://amazon.com
IE trusted site: HKU\S-1-5-21-1767994268-4153662662-1501429079-1001\...\amazon.com -> hxxps://amazon.com

EmptyTemp:
End
*****************

Processes closed successfully.
[5652] C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe => process closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => key removed successfully
HKCR\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => key removed successfully
HKCR\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => key removed successfully
HKCR\Wow6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => key removed successfully
HKCR\Wow6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
HKU\S-1-5-21-1767994268-4153662662-1501429079-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} => key removed successfully
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
Amazon Assistant Service => Unable to stop service.
HKLM\System\CurrentControlSet\Services\Amazon Assistant Service => key removed successfully
Amazon Assistant Service => service removed successfully

"C:\Program Files (x86)\Amazon\Amazon Assistant" folder move:

Could not move "C:\Program Files (x86)\Amazon\Amazon Assistant" => Scheduled to move on reboot.

C:\Users\dalib\AppData\Local\PeerDistRepub => moved successfully
Amazon Assistant (HKLM-x32\...\{AA11FD16-297F-452D-9015-F9014303CDD3}) (Version: 10.16.1216 - Amazon) <==== ATTENTION => Error: No automatic fix found for this entry.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amazon.com => key removed successfully
HKU\S-1-5-21-1767994268-4153662662-1501429079-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amazon.com => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 29047695 B
Java, Flash, Steam htmlcache => 185339741 B
Windows/system/drivers => 29511 B
Edge => 108678303 B
Chrome => 0 B
Firefox => 0 B
Opera => 111920636 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 4898 B
NetworkService => 0 B
defaultuser0 => 0 B
dalib => 7998719 B

RecycleBin => 0 B
EmptyTemp: => 422.5 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 27-01-2017 14:14:45)

C:\Program Files (x86)\Amazon\Amazon Assistant => Is moved successfully

==== End of Fixlog 14:14:45 ====

[tRaviss]

Toto je cíl souboru, co je v té složce:
C:\Windows\system32\˙˙˙˙˙˙˙˙8\AMD\DxCache\59b7fea52c164c5a91c6c3b6f12065461dc56946cef57273..bin

[jaro3]

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\Windows\system32\˙˙˙˙˙˙˙˙8\AMD\DxCache\59b7fea52c164c5a91c6c3b6f12065461dc56946cef57273..bin

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

[tRaviss]

Tak nastavil jsem si zobrazení skrytých složek, souborů. Povolil jsem si abych viděl i soubory Windowsu a ve složce nic nového tam není.. pořád ten jeden soubor..

Virustotal také nic nenašel...
link: https://www.virustotal.com/cs/file/1683 ... 485543696/

Taktéž VirSCAN nic nenašel..
http://r.virscan.org/report/2ef510216ac ... a3ff8d3f3c

[jaro3]

Co problémy?

[tRaviss]

Amazon Assistant se po odinstalování a restartu počítače znovu neobjevuje.. Řekl bych že problém byl vyřešen

[jerabina]

Ano, neměl by tam již být. Ještě uklidíme a máme hotovo:

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt

Pokud nejsou problémy, je to vše a můžeš dát vyřešeno - zelenou "fajfku".

[tRaviss]

Děkuji moc za pomoc, tady dávám log.


# DelFix v1.013 - Logfile created 28/01/2017 at 17:40:35
# Updated 17/04/2016 by Xplode
# Username : Dalibor - DEKSTOP-PC
# Operating System : Windows 10 Pro (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\Users\dalib\Desktop\Addition.txt
Deleted : C:\Users\dalib\Desktop\AdwCleaner[C0].txt
Deleted : C:\Users\dalib\Desktop\AdwCleaner[S0].txt
Deleted : C:\Users\dalib\Desktop\adwcleaner_6.042.exe
Deleted : C:\Users\dalib\Desktop\Fixlog.txt
Deleted : C:\Users\dalib\Desktop\FRST.txt
Deleted : C:\Users\dalib\Desktop\FRST64.exe
Deleted : C:\Users\dalib\Desktop\JRT.exe
Deleted : C:\Users\dalib\Desktop\JRT.txt
Deleted : C:\Users\dalib\Desktop\HijackThis.exe
Deleted : C:\Users\dalib\Desktop\hijackthis.log
Deleted : C:\Users\dalib\Desktop\RogueKillerX64.exe
Deleted : C:\Users\dalib\Desktop\TFC.exe
Deleted : C:\Users\dalib\Desktop\zoek-results.txt
Deleted : C:\Users\dalib\Desktop\zoek.exe
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #1 [zoek.exe restore point | 01/25/2017 21:50:01]
Deleted : RP #2 [Removed Sophos Virus Removal Tool. | 01/28/2017 16:39:03]

New restore point created !

########## - EOF - ##########