Prosím o kontrolu logu

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: memphisto, Mods_senior, Security team

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 36683
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 13 zář 2017 10:35

Vlož nový log z HJT + informuj o problémech


Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Reklama
Nebrazsi
nováček
Příspěvky: 31
Registrován: září 17
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod Nebrazsi » 13 zář 2017 16:52

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by David on st 13. 09. 2017 at 15:20:42,70.
Microsoft Windows 10 Home 10.0.14393 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\David\AppData\Local\Temp\scoped_dir1952_2899\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

13. 9. 2017 15:27:43 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\dont starve The Stuff of Nightmares + testing tools mod deleted successfully
C:\PROGRA~2\EnjoYCCoupuoon deleted successfully
C:\PROGRA~2\New Folder deleted successfully
C:\PROGRA~2\WinRAR deleted successfully
C:\Program Files\Paint.NET deleted successfully
C:\Program Files\Common Files\Intel deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\CoupExtennsion deleted successfully
C:\PROGRA~3\EExsstaRaCCoouupon deleted successfully
C:\PROGRA~3\EnjoYCCoupuoon deleted successfully
C:\PROGRA~3\ExstraCouppon deleted successfully
C:\PROGRA~3\Office2013 deleted successfully
C:\PROGRA~3\save oin deleted successfully
C:\PROGRA~3\Save uon deleted successfully
C:\PROGRA~3\saveo on deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\SuhOipDDRop deleted successfully
C:\Users\David\AppData\Local\ActiveSync deleted successfully
C:\Users\David\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\David\AppData\Local\EmieSiteList deleted successfully
C:\Users\David\AppData\Local\EmieUserList deleted successfully
C:\Users\David\AppData\Local\Skype deleted successfully
C:\Users\David\AppData\Local\Windows Live Writer deleted successfully
C:\Users\Pavel\AppData\Local\VirtualStore deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\47cmes1v.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=en-ww");
user_pref("browser.search.defaultenginename", "Bing ");
user_pref("browser.search.selectedEngine", "Bing ");
user_pref("keyword.URL", "http://www.bing.com/search?FORM=SK216DF&PC=SK216&q=");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\47cmes1v.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\tuof9e21.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser//");
user_pref("browser.search.selectedEngine", "Google");
user_pref("keyword.URL", "https://www.google.com/search?q={searchTerms}");

Added to C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\tuof9e21.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\47cmes1v.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- FireFox user.js and prefs.js backups ----

prefs_201713.09._1624_.backup

ProfilePath: C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\tuof9e21.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_201713.09._1624_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\dont starve The Stuff of Nightmares + testing tools mod not found
C:\PROGRA~2\EnjoYCCoupuoon not found
C:\PROGRA~2\New Folder not found
C:\PROGRA~2\WinRAR not found
C:\Users\David\AppData\Roaming\.technic deleted
C:\Users\David\AppData\Roaming\Factorio deleted
C:\Users\David\AppData\LocalLow\{1F68A858-4F0B-F548-F6F1-6FCB66655538} deleted
C:\Users\David\AppData\LocalLow\{47B27CE9-7FE5-A612-DC0C-F37F352EE4F2} deleted
C:\Users\David\AppData\LocalLow\{66551D98-B6D8-BE45-8311-F7FA8C94CDDA} deleted
C:\Users\David\AppData\LocalLow\{666C78D4-88EA-9238-187D-33260414618E} deleted
C:\Users\David\AppData\LocalLow\{6E68E600-84CA-5261-BB66-BEF0B537DBCA} deleted
C:\Users\David\AppData\LocalLow\{72DA8B0A-97E9-DB3D-49F3-438588B88C3C} deleted
C:\Users\David\AppData\LocalLow\{B60C263D-A10C-9CD5-9DDD-CDA68BC975AD} deleted
C:\Users\David\AppData\LocalLow\{C4795868-E31D-837F-8A3F-02A0E4922486} deleted
C:\Users\David\AppData\LocalLow\{CBCD1E34-0ADD-E268-55AE-294EBFD9DCFE} deleted
C:\Users\David\AppData\LocalLow\{D71B506C-335E-57AA-F637-D89EB812FC4E} deleted
C:\Users\David\AppData\LocalLow\{ECF1AE37-D062-7632-35FA-B52798C53E56} deleted
C:\Users\David\AppData\Local\Packages\windows_ie_ac_001\AC\{1F68A858-4F0B-F548-F6F1-6FCB66655538} deleted
C:\Users\David\AppData\Local\Packages\windows_ie_ac_001\AC\{47B27CE9-7FE5-A612-DC0C-F37F352EE4F2} deleted
C:\Users\David\AppData\Local\Packages\windows_ie_ac_001\AC\{66551D98-B6D8-BE45-8311-F7FA8C94CDDA} deleted
C:\Users\David\AppData\Local\Packages\windows_ie_ac_001\AC\{666C78D4-88EA-9238-187D-33260414618E} deleted
C:\Users\David\AppData\Local\Packages\windows_ie_ac_001\AC\{6E68E600-84CA-5261-BB66-BEF0B537DBCA} deleted
C:\Users\David\AppData\Local\Packages\windows_ie_ac_001\AC\{72DA8B0A-97E9-DB3D-49F3-438588B88C3C} deleted
C:\Users\David\AppData\Local\Packages\windows_ie_ac_001\AC\{B60C263D-A10C-9CD5-9DDD-CDA68BC975AD} deleted
C:\Users\David\AppData\Local\Packages\windows_ie_ac_001\AC\{C4795868-E31D-837F-8A3F-02A0E4922486} deleted
C:\Users\David\AppData\Local\Packages\windows_ie_ac_001\AC\{CBCD1E34-0ADD-E268-55AE-294EBFD9DCFE} deleted
C:\Users\David\AppData\Local\Packages\windows_ie_ac_001\AC\{D71B506C-335E-57AA-F637-D89EB812FC4E} deleted
C:\Users\David\AppData\Local\Packages\windows_ie_ac_001\AC\{ECF1AE37-D062-7632-35FA-B52798C53E56} deleted
C:\PROGRA~3\Supersoftware App deleted
C:\found.000 deleted
C:\found.001 deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\David\AppData\Local\Unity deleted
C:\Users\David\AppData\Local\CrashRpt deleted
C:\Users\David\AppData\LocalLow\Unity deleted
C:\Users\David\AppData\LocalLow\{54810F29-70D0-8099-15FC-BBBEDE3823E6} deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted
C:\WINDOWS\Syswow64\InstallUtil.InstallLog deleted
C:\WINDOWS\SysWow64\AI_RecycleBin deleted
C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\tuof9e21.default\extensions\staged deleted
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\47cmes1v.default\extensions\0jjq@xsml.net deleted
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\47cmes1v.default\extensions\0vkYXO0ff3@f.com deleted
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\47cmes1v.default\extensions\9ex8k@oak-.com deleted
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\47cmes1v.default\extensions\aeyidkvc@thpgtx.co.uk deleted
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\47cmes1v.default\extensions\dviyuii@uuyuuie.org deleted
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\47cmes1v.default\extensions\iaa.eya@wzbwpc-.com deleted
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\47cmes1v.default\extensions\lbppwvpes@aiyeyd.edu deleted
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\47cmes1v.default\extensions\lk-y@eyykhw-.edu deleted
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\47cmes1v.default\extensions\oueii@rdwmxdnl.edu deleted
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\47cmes1v.default\extensions\r_a@zgmoi-.org deleted
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\47cmes1v.default\extensions\sj6ysqd@cnludj.org deleted
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\47cmes1v.default\extensions\t.co5lo@svaaegqlpt-.co.uk deleted
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\47cmes1v.default\extensions\v-kieyuo@uuiacos-gp.net deleted
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\47cmes1v.default\extensions\yueoiao@rjjpiyui.edu deleted
"C:\Users\David\AppData\Roaming\BYAIAMUF" deleted
"C:\Users\David\AppData\Roaming\GNOK" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\47cmes1v.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\tuof9e21.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\47cmes1v.default
- Bing Search - %ProfilePath%\extensions\bingsearch.full@microsoft.com.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\David\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\David\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Pavel\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================


HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
fcfenmboojpjinhpgggodefccipikbpd - No path found[]

Chrome Media Router - David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE13&ocid=UE13DHP"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE13&ocid=UE13DHP"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{01193B10-6E79-4DF4-A835-0C1BA940087A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1dc1313f-d99c-4130-95c0-accc73fe954b deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\6c8bbd56-e335-48e2-9792-d5380b61d2e1 deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\David\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\David\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\David\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\David\AppData\Local\Opera Software\Opera Stable\Cache will be emptied at reboot
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=7770 folders=1497 1834444689 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\David\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\David\AppData\Local\Opera Software\Opera Stable\Cache\data_0" deleted
"C:\Users\David\AppData\Local\Opera Software\Opera Stable\Cache\data_1" deleted
"C:\Users\David\AppData\Local\Opera Software\Opera Stable\Cache\data_2" deleted
"C:\Users\David\AppData\Local\Opera Software\Opera Stable\Cache\data_3" deleted
"C:\Users\David\AppData\Local\Opera Software\Opera Stable\Cache\index" deleted

==== EOF on st 13. 09. 2017 at 16:48:48,09 ======================

Nebrazsi
nováček
Příspěvky: 31
Registrován: září 17
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod Nebrazsi » 13 zář 2017 16:56

Jakého rázu by se měly týkat ty problémy? Žádné zatím nepozoruji.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 36683
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 13 zář 2017 18:30

Pak je vše OK.

Vlož nový log z HJT
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Nebrazsi
nováček
Příspěvky: 31
Registrován: září 17
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod Nebrazsi » 13 zář 2017 20:53

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:52:28, on 13. 9. 2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0953)

FIREFOX: 41.0 (x86 cs)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
C:\Users\David\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Users\David\Desktop\HijackThis (5).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkI ... id=UE13DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [WindowsDriverScan64] C:\Program Files (x86)\Adobe Arkalis\Arkalis.lnk
O4 - HKLM\..\Run: [WindowsDriverScan86] C:\Program Files (x86)\Adobe Arkalis\Arkalis86.lnk
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [BingSvc] C:\Users\David\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - Global Startup: PC Auto Backup.lnk = C:\Program Files (x86)\Samsung\PC Auto Backup\AutoBackup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Unknown owner - C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000 (c2wts) - Unknown owner - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe (file missing)
O23 - Service: Connect2 Hotspot Service (connect2hotspot) - Lenovo - C:\Program Files (x86)\Lenovo\Connect2\Connect2.Service.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\WINDOWS\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark - C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: System Interface Foundation Service (ImControllerService) - Lenovo Group Limited - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Wireless Bluetooth(R) 4.0 Radio Management - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
O23 - Service: Intel(R) Update Manager (iumsvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

--
End of file - 12804 bytes

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 36683
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 13 zář 2017 22:19

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"


Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

http://ccm.net/download/download-24087-delfix

https://www.bleepingcomputer.com/download/delfix/

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Nebrazsi
nováček
Příspěvky: 31
Registrován: září 17
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod Nebrazsi » 15 zář 2017 18:43

# DelFix v1.013 - Logfile created 15/09/2017 at 18:34:04
# Updated 17/04/2016 by Xplode
# Username : David - LENOVO-PC
# Operating System : Windows 10 Home (64 bits)

~ Removing disinfection tools ...

Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\Users\David\Desktop\AdwCleaner.exe
Deleted : C:\Users\David\Desktop\JRT.exe
Deleted : C:\Users\David\Desktop\JRT.txt
Deleted : C:\Users\David\Desktop\HijackThis (5).exe
Deleted : C:\Users\David\Desktop\hijackthis.log
Deleted : C:\Users\David\Desktop\RogueKiller_portable32.exe
Deleted : C:\Users\David\Desktop\RogueKiller_portable64.exe
Deleted : C:\Users\David\Desktop\zoek.exe
Deleted : C:\Users\David\Downloads\HijackThis (1).exe
Deleted : C:\Users\David\Downloads\HijackThis (2).exe
Deleted : C:\Users\David\Downloads\HijackThis (3).exe
Deleted : C:\Users\David\Downloads\HijackThis (4).exe
Deleted : C:\Users\David\Downloads\HijackThis.exe
Deleted : C:\Users\David\Downloads\TFC.exe
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #74 [Windows Update | 09/13/2017 15:03:57]
Deleted : RP #75 [Windows Update | 09/13/2017 15:08:41]

New restore point created !

########## - EOF - ##########

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 36683
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 15 zář 2017 18:55

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Nebrazsi
nováček
Příspěvky: 31
Registrován: září 17
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod Nebrazsi » 15 zář 2017 21:03

Problémy asi nejsou, počítač se možná trochu pomaleji spouští, ale je to asi spíš pocitové.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 36683
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 16 zář 2017 09:43

Takže ještě tohle:

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.


Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Nebrazsi
nováček
Příspěvky: 31
Registrován: září 17
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod Nebrazsi » 17 zář 2017 19:32

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-09-17 18:34:00
-----------------------------
18:34:00.518 OS Version: Windows x64 6.2.9200
18:34:00.518 Number of processors: 8 586 0x3C03
18:34:00.519 ComputerName: LENOVO-PC UserName: David
18:34:11.308 Initialize success
18:34:11.429 VM: initialized successfully
18:34:11.430 VM: Intel CPU BiosDisabled
18:59:02.759 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000037
18:59:02.759 Disk 0 Vendor: ST1000LM014-1EJ164 LVD3 Size: 953869MB BusType: 11
18:59:02.947 Disk 0 MBR read successfully
18:59:02.947 Disk 0 MBR scan
18:59:02.947 Disk 0 unknown MBR code
18:59:02.962 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
18:59:02.999 Disk 0 scanning C:\WINDOWS\system32\drivers
18:59:22.004 Service scanning
18:59:31.136 Service MpKslac30d8fb C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C830A2E-0F58-4189-BE22-D8EDB842ED2B}\MpKslac30d8fb.sys **LOCKED** 32
18:59:42.847 Modules scanning
18:59:42.863 Disk 0 trace - called modules:
18:59:42.878 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys
18:59:43.410 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffd88786c0d060]
18:59:43.410 3 CLASSPNP.SYS[fffff806a3965efb] -> nt!IofCallDriver -> \Device\00000037[0xffffd88784ba3060]
18:59:43.441 Disk 0 statistics 63023/0/0 @ 2,09 MB/s
18:59:43.441 Scan finished successfully
19:17:59.620 Disk 0 MBR has been saved successfully to "C:\Users\David\Documents\MBR.dat"
19:17:59.635 The log file has been saved successfully to "C:\Users\David\Documents\aswMBR.txt"

Nebrazsi
nováček
Příspěvky: 31
Registrován: září 17
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod Nebrazsi » 17 zář 2017 19:33

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-09-2017
Ran by David (administrator) on LENOVO-PC (17-09-2017 19:22:53)
Running from C:\Users\David\AppData\Local\Temp\scoped_dir1716_12843
Loaded Profiles: David (Available Profiles: David & Pavel)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo(beijing) Limited) C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(© 2015 Microsoft Corporation) C:\Users\David\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Lenovo) C:\Users\David\AppData\Local\Apps\2.0\XQP6H40D.C3E\79K6Y2T7.XZN\lsb...tion_2d7b41b05b24775e_0001.0006_4ccd0b1bea5227ca\LSB.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1561_none_7ef6e89821f9a6be\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Opera Software) C:\Program Files (x86)\Opera\47.0.2631.80\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\47.0.2631.80\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\47.0.2631.80\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\47.0.2631.80\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\47.0.2631.80\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\47.0.2631.80\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\47.0.2631.80\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\47.0.2631.80\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\47.0.2631.80\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\47.0.2631.80\opera.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13545032 2013-05-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [UMonit64] => C:\windows\SysWOW64\UMonit64.exe******************************************************************************************************************************* [40960 2013-04-09] ()
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-12-06] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-12-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [LenovoUtility] => C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe [911272 2017-07-27] (Lenovo(beijing) Limited)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-28] (Microsoft Corporation)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-31] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-09] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [WindowsDriverScan64] => C:\Program Files (x86)\Adobe Arkalis\Arkalis.lnk [1512 2014-12-06] ()
HKLM-x32\...\Run: [WindowsDriverScan86] => C:\Program Files (x86)\Adobe Arkalis\Arkalis86.lnk [1501 2014-08-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2017-06-29] (LogMeIn Inc.)
HKU\S-1-5-21-796992282-1497323788-1039345266-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3098944 2017-09-15] (Electronic Arts)
HKU\S-1-5-21-796992282-1497323788-1039345266-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-796992282-1497323788-1039345266-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)
HKU\S-1-5-21-796992282-1497323788-1039345266-1002\...\Run: [BingSvc] => C:\Users\David\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PC Auto Backup.lnk [2014-04-23]
ShortcutTarget: PC Auto Backup.lnk -> C:\Program Files (x86)\Samsung\PC Auto Backup\AutoBackup.exe (Samsung)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{0e4cf215-1e92-4b4c-8eed-75f31d1f2d76}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1628cbdf-29ab-4f1f-a3d2-c72b690e0556}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKU\S-1-5-21-796992282-1497323788-1039345266-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
SearchScopes: HKU\S-1-5-21-796992282-1497323788-1039345266-1002 -> {01193B10-6E79-4DF4-A835-0C1BA940087A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-796992282-1497323788-1039345266-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-11-21] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-21] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\47cmes1v.default [2017-09-13]
FF NewTab: Mozilla\Firefox\Profiles\47cmes1v.default -> about:newtab
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\47cmes1v.default -> Bing
FF Homepage: Mozilla\Firefox\Profiles\47cmes1v.default -> about:home
FF Extension: (Bing Search) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\47cmes1v.default\Extensions\bingsearch.full@microsoft.com.xpi [2017-09-06]
FF Extension: (Adblock Plus) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\47cmes1v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-27]
FF Extension: (No Name) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\47cmes1v.default\extensions\a46EV5@gmail.com [not found]
FF Extension: (No Name) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\47cmes1v.default\extensions\ffext_basicvideoext@startpage24 [not found]
FF SearchPlugin: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\47cmes1v.default\searchplugins\bing-.xml [2017-09-06]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-12] ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [2015-04-23] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-12] ()
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [2015-04-23] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-16] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-03-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-03-17] (NVIDIA Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-08-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-796992282-1497323788-1039345266-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\David\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]

Chrome:
=======
CHR DefaultProfile: Default
CHR HKU\S-1-5-21-796992282-1497323788-1039345266-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2016-08-30] (Microsoft Corporation)
S2 connect2hotspot; C:\Program Files (x86)\Lenovo\Connect2\Connect2.Service.exe [100680 2017-02-08] (Lenovo)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [235744 2015-06-12] (EasyAntiCheat Ltd)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-12-10] (Futuremark)
S2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [57160 2017-06-05] (Lenovo Group Limited)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-16] (Intel Corporation)
S3 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-18] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-18] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-03-17] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-08-18] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2098528 2017-09-15] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2977640 2017-09-15] (Electronic Arts)
R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23928 2017-08-16] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-08-01] (Microsoft Corporation)
S2 Bonjour Service; C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cpuz138; C:\Users\David\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [24640 2017-09-13] (CPUID) [File not signed] <==== ATTENTION
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2014-07-23] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-08-24] ()
R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [22280 2013-05-16] (ELAN Microelectronic Corp.)
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2016-06-07] (LogMeIn Inc.)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-09-06] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253888 2017-09-06] (Malwarebytes)
R1 MpKslac30d8fb; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C830A2E-0F58-4189-BE22-D8EDB842ED2B}\MpKslac30d8fb.sys [44928 2017-09-17] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2016-07-16] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_9d398ade04905fdb\nvlddmkm.sys [14574640 2017-03-17] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-08-18] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-07-26] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-08-18] (NVIDIA Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-09-12] (Zemana Ltd.)
U3 aswMBR; C:\Users\David\AppData\Local\Temp\aswMBR.sys [62728 2017-09-17] () [File not signed] <==== ATTENTION
U3 aswVmm; C:\Users\David\AppData\Local\Temp\aswVmm.sys [224896 2017-09-17] () <==== ATTENTION
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-17 19:22 - 2017-09-17 19:22 - 000000000 ____D C:\FRST
2017-09-17 19:20 - 2017-09-17 19:22 - 002399744 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2017-09-17 19:17 - 2017-09-17 19:17 - 000001699 _____ C:\Users\David\Documents\aswMBR.txt
2017-09-17 19:17 - 2017-09-17 19:17 - 000000512 _____ C:\Users\David\Documents\MBR.dat
2017-09-17 18:33 - 2017-09-17 18:33 - 005200384 _____ (AVAST Software) C:\Users\David\Desktop\aswmbr.exe
2017-09-15 18:34 - 2017-09-15 18:39 - 000001267 _____ C:\DelFix.txt
2017-09-15 18:33 - 2017-09-15 18:33 - 000797760 _____ C:\Users\David\Desktop\delfix_1.013.exe
2017-09-14 22:08 - 2017-09-14 22:08 - 000000042 _____ C:\Users\David\Downloads\wifi.txt
2017-09-14 19:11 - 2017-09-14 19:11 - 000000000 ____D C:\Users\David\Desktop\backups
2017-09-13 16:41 - 2017-09-13 15:20 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2017-09-13 16:22 - 2017-09-13 16:48 - 000000000 ____D C:\zoek
2017-09-12 19:15 - 2017-09-17 19:22 - 000431386 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-09-12 19:15 - 2017-09-14 19:15 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-09-12 19:15 - 2017-09-14 19:06 - 000093955 _____ C:\WINDOWS\ZAM.krnl.trace
2017-09-12 19:15 - 2017-09-12 19:15 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-09-12 19:12 - 2017-09-12 19:12 - 000000000 ____D C:\Users\David\AppData\Local\Zemana
2017-09-11 16:20 - 2017-09-11 16:20 - 000000000 ____D C:\Users\David\Desktop\Protein
2017-09-09 02:54 - 2017-09-09 02:54 - 000000076 _____ C:\Users\David\Desktop\Nový textový dokument (5).txt
2017-09-09 01:42 - 2017-09-12 20:10 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-09-09 01:42 - 2017-09-09 03:12 - 000000000 ____D C:\ProgramData\RogueKiller
2017-09-07 16:29 - 2017-09-07 16:29 - 000000000 ____D C:\ProgramData\Sophos
2017-09-07 16:24 - 2017-09-07 16:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-09-07 16:24 - 2017-09-07 16:24 - 000000000 ____D C:\Program Files (x86)\Sophos
2017-09-06 20:36 - 2017-09-06 20:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-09-06 20:18 - 2017-09-13 16:46 - 000000008 __RSH C:\ProgramData\ntuser.pol
2017-09-05 17:33 - 2017-09-06 20:53 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-09-05 17:33 - 2017-09-05 17:33 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-09-05 17:32 - 2017-09-06 21:00 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-05 17:32 - 2017-09-06 21:00 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-09-05 17:32 - 2017-09-05 17:32 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-05 17:32 - 2017-09-05 17:32 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-05 17:32 - 2017-08-24 11:27 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-09-05 17:29 - 2017-09-05 17:32 - 066347240 _____ (Malwarebytes ) C:\Users\David\Downloads\mb3-setup-consumer-3.2.2.2018.exe
2017-09-05 16:52 - 2017-09-05 16:52 - 000050688 _____ (Atribune.org) C:\Users\David\Downloads\ATF-Cleaner.exe
2017-09-05 00:50 - 2017-09-05 00:50 - 000000000 ____D C:\Users\David\Desktop\httpswww.youtube.comwatchv=IX5Bf4zgRsE
2017-09-04 17:33 - 2017-09-04 17:33 - 000000043 _____ C:\Users\David\Desktop\Wow Keybinding Guide.txt
2017-09-04 16:54 - 2017-09-04 16:58 - 000000034 _____ C:\Users\David\Desktop\fb stranka.txt
2017-09-04 12:25 - 2017-09-04 12:25 - 000000000 ____D C:\Users\David\Desktop\sluchatka
2017-09-03 23:29 - 2017-08-01 21:27 - 000118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-09-03 23:29 - 2017-08-01 21:22 - 000360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-09-03 23:29 - 2017-08-01 21:21 - 000857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-03 23:29 - 2017-08-01 21:20 - 000557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-09-03 23:29 - 2017-08-01 21:18 - 008169536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-03 23:29 - 2017-08-01 21:18 - 004260064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-03 23:29 - 2017-08-01 21:18 - 001983408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-09-03 23:29 - 2017-08-01 21:18 - 001702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-09-03 23:29 - 2017-08-01 21:18 - 000092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-03 23:29 - 2017-08-01 21:17 - 022220856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-03 23:29 - 2017-08-01 21:17 - 001072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-09-03 23:29 - 2017-08-01 21:17 - 000244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-03 23:29 - 2017-08-01 21:13 - 002532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-03 23:29 - 2017-08-01 20:53 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-03 23:29 - 2017-08-01 20:52 - 000237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-09-03 23:29 - 2017-08-01 20:46 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-09-03 23:29 - 2017-08-01 20:45 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2017-09-03 23:29 - 2017-08-01 20:45 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-09-03 23:29 - 2017-08-01 20:43 - 000963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2017-09-03 23:29 - 2017-08-01 20:42 - 006288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-09-03 23:29 - 2017-08-01 20:38 - 013441536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-09-03 23:29 - 2017-08-01 20:35 - 001908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-03 23:29 - 2017-08-01 20:32 - 004596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-09-03 23:29 - 2017-08-01 20:32 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-09-03 23:29 - 2017-08-01 20:27 - 008076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-03 23:29 - 2017-08-01 20:27 - 004149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-09-03 23:29 - 2017-08-01 20:27 - 002538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-09-03 23:29 - 2017-08-01 20:27 - 001984000 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-03 23:29 - 2017-08-01 20:27 - 000903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-09-03 23:29 - 2017-08-01 20:27 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-09-03 23:29 - 2017-08-01 20:24 - 003299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-09-03 23:29 - 2017-08-01 20:24 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-09-03 23:29 - 2017-08-01 19:20 - 002264344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-03 23:29 - 2017-08-01 19:20 - 001431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-09-03 23:29 - 2017-08-01 19:20 - 000781144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-03 23:29 - 2017-08-01 19:20 - 000116576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-09-03 23:29 - 2017-08-01 19:19 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-09-03 23:29 - 2017-08-01 19:19 - 000577976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-03 23:29 - 2017-08-01 19:19 - 000339896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-03 23:29 - 2017-08-01 19:19 - 000266080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-03 23:29 - 2017-08-01 19:19 - 000120416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-09-03 23:29 - 2017-08-01 19:18 - 000139104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-03 23:29 - 2017-08-01 19:16 - 006665952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-03 23:29 - 2017-08-01 19:16 - 004023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-03 23:29 - 2017-08-01 19:16 - 001845512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-09-03 23:29 - 2017-08-01 19:15 - 020967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-03 23:29 - 2017-08-01 19:15 - 001360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-09-03 23:29 - 2017-08-01 19:15 - 001277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-09-03 23:29 - 2017-08-01 19:15 - 000981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-09-03 23:29 - 2017-08-01 19:10 - 000306800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2017-09-03 23:29 - 2017-08-01 19:07 - 005686784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-03 23:29 - 2017-08-01 18:59 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-09-03 23:29 - 2017-08-01 18:58 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-09-03 23:29 - 2017-08-01 18:56 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-09-03 23:29 - 2017-08-01 18:56 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2017-09-03 23:29 - 2017-08-01 18:55 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-09-03 23:29 - 2017-08-01 18:54 - 000505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-09-03 23:29 - 2017-08-01 18:54 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-09-03 23:29 - 2017-08-01 18:54 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-09-03 23:29 - 2017-08-01 18:53 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-09-03 23:29 - 2017-08-01 18:52 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOMEX.dll
2017-09-03 23:29 - 2017-08-01 18:52 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2017-09-03 23:29 - 2017-08-01 18:51 - 000483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2017-09-03 23:29 - 2017-08-01 18:51 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2017-09-03 23:29 - 2017-08-01 18:51 - 000388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2017-09-03 23:29 - 2017-08-01 18:51 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-09-03 23:29 - 2017-08-01 18:51 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-03 23:29 - 2017-08-01 18:50 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-09-03 23:29 - 2017-08-01 18:50 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-09-03 23:29 - 2017-08-01 18:50 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-03 23:29 - 2017-08-01 18:50 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-09-03 23:29 - 2017-08-01 18:49 - 004615168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-09-03 23:29 - 2017-08-01 18:48 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-09-03 23:29 - 2017-08-01 18:48 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-09-03 23:29 - 2017-08-01 18:47 - 000846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2017-09-03 23:29 - 2017-08-01 18:47 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sbe.dll
2017-09-03 23:29 - 2017-08-01 18:47 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2017-09-03 23:29 - 2017-08-01 18:47 - 000396288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-03 23:29 - 2017-08-01 18:47 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-09-03 23:29 - 2017-08-01 18:45 - 002333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-09-03 23:29 - 2017-08-01 18:45 - 001985536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certmgr.dll
2017-09-03 23:29 - 2017-08-01 18:41 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2017-09-03 23:29 - 2017-08-01 18:39 - 007626240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-03 23:29 - 2017-08-01 18:39 - 001255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-03 23:29 - 2017-08-01 18:38 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2017-09-03 23:29 - 2017-08-01 18:37 - 012349440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-09-03 23:29 - 2017-08-01 18:37 - 003520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2017-09-03 23:29 - 2017-08-01 18:37 - 002641920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-09-03 23:29 - 2017-08-01 18:37 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comuid.dll
2017-09-03 23:29 - 2017-08-01 18:37 - 000468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2017-09-03 23:29 - 2017-08-01 18:36 - 007468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-03 23:29 - 2017-08-01 18:35 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-09-03 23:29 - 2017-08-01 18:34 - 001170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-09-03 23:29 - 2017-08-01 18:34 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-03 23:29 - 2017-08-01 18:34 - 000709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-09-03 23:29 - 2017-08-01 18:33 - 000589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-09-03 23:29 - 2017-08-01 18:32 - 002682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-09-03 23:29 - 2017-08-01 18:32 - 002648576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-09-03 23:29 - 2017-08-01 18:31 - 001988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-09-03 23:29 - 2017-08-01 18:31 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-09-03 23:29 - 2017-08-01 18:31 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-09-03 23:29 - 2017-08-01 18:31 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-09-03 23:29 - 2017-08-01 18:31 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-09-03 23:29 - 2017-08-01 18:31 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2017-09-03 23:29 - 2017-08-01 18:30 - 002997248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-03 23:29 - 2017-08-01 18:30 - 002482688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-03 23:29 - 2017-08-01 18:30 - 001886720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-09-03 23:29 - 2017-08-01 18:30 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-09-03 23:29 - 2017-08-01 18:30 - 001013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-09-03 23:29 - 2017-08-01 18:30 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-09-03 23:29 - 2017-08-01 18:30 - 000711168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-09-03 23:29 - 2017-08-01 18:29 - 003106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-09-03 23:29 - 2017-08-01 18:28 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-09-03 23:29 - 2017-08-01 16:15 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-09-03 23:29 - 2017-08-01 16:15 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-09-03 23:29 - 2017-08-01 16:15 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-09-03 23:29 - 2017-08-01 16:15 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-09-03 23:29 - 2017-08-01 16:15 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-09-03 23:29 - 2017-08-01 16:15 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-09-03 23:29 - 2017-08-01 16:15 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-09-03 23:29 - 2017-08-01 16:15 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-09-03 23:29 - 2017-08-01 16:15 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-09-03 23:29 - 2017-08-01 16:15 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-09-03 23:29 - 2017-08-01 16:15 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-09-03 23:29 - 2017-08-01 16:15 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-09-03 23:29 - 2017-08-01 16:15 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-09-03 23:29 - 2017-08-01 16:15 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-09-03 23:29 - 2017-08-01 16:15 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-09-03 23:29 - 2017-07-12 08:17 - 000081760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-09-03 23:29 - 2017-07-12 08:15 - 002213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-03 23:29 - 2017-07-12 08:15 - 000496872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-09-03 23:29 - 2017-07-12 08:12 - 001706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-03 23:29 - 2017-07-12 08:12 - 001573280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-03 23:29 - 2017-07-12 08:09 - 001181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-03 23:29 - 2017-07-12 08:01 - 000715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-09-03 23:29 - 2017-07-12 08:00 - 000095584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2017-09-03 23:29 - 2017-07-12 07:59 - 000857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-09-03 23:29 - 2017-07-12 07:59 - 000148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-09-03 23:29 - 2017-07-12 07:56 - 000277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-09-03 23:29 - 2017-07-12 07:55 - 000607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-09-03 23:29 - 2017-07-12 07:55 - 000111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-09-03 23:29 - 2017-07-12 07:52 - 004312760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-03 23:29 - 2017-07-12 07:35 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dabapi.dll
2017-09-03 23:29 - 2017-07-12 07:32 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2017-09-03 23:29 - 2017-07-12 07:32 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\frprov.dll
2017-09-03 23:29 - 2017-07-12 07:31 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-09-03 23:29 - 2017-07-12 07:31 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfnet.dll
2017-09-03 23:29 - 2017-07-12 07:30 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2017-09-03 23:29 - 2017-07-12 07:29 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-03 23:29 - 2017-07-12 07:29 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\httpapi.dll
2017-09-03 23:29 - 2017-07-12 07:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-09-03 23:29 - 2017-07-12 07:24 - 000124928 _____ (Microsoft Corporation)


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: CommonCrawl [Bot] a 6 hostů