Problémy s notebookem

[jaroskk]

Po provedení se zdálo o.k. Ale pak se stáhly a nainstalovaly aktualizace WIN a po restartu zase problémy s naběhnutím. Pomohl by upgrate na WIN 10?

[Reklama]

[jaro3]

Možná , ale jen čistá instalace..

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir i firewall.
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

[jaroskk]

RogueKiller V11.0.9.0 (x64) [Jan 24 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 8.1 (6.3.9600) 64 bits version
Spuštěno : Normální režim
Uživatel : Michala [Práva správce]
Started from : C:\Users\Michala\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 02/01/2016 19:57:55

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-75312684-3944875200-1680285378-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://toshiba13.msn.com/?pc=TEJB -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-75312684-3944875200-1680285378-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://toshiba13.msn.com/?pc=TEJB -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-75312684-3944875200-1680285378-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://toshiba13.msn.com/?pc=TEJB -> Nahrazeno (http://www.microsoft.com/isapi/redir.dl ... ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-75312684-3944875200-1680285378-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://toshiba13.msn.com/?pc=TEJB -> Nahrazeno (http://www.microsoft.com/isapi/redir.dl ... ar=msnhome)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 94.74.192.252 94.74.192.244 ([X][X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 94.74.192.252 94.74.192.244 ([X][X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7E285EA5-53F0-48D9-9B1E-FF503F68B990} | DhcpNameServer : 94.74.192.252 94.74.192.244 ([X][X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7E285EA5-53F0-48D9-9B1E-FF503F68B990} | DhcpNameServer : 94.74.192.252 94.74.192.244 ([X][X]) -> Nahrazeno ()

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: HGST HTS545050A7E380 +++++
--- User ---
[MBR] a84dd93b5b19931ceaddbccc47850486
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1024 MB
1 - [MAN-MOUNT] Basic data partition | Offset (sectors): 2099200 | Size: 100 MB
2 - [MAN-MOUNT] Basic data partition | Offset (sectors): 2304000 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2566144 | Size: 465868 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 956663808 | Size: 9819 MB
User = LL1 ... OK
User = LL2 ... OK

[jaroskk]

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Michala on po 01. 02. 2016 at 21:04:46,25.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Michala\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

1. 2. 2016 21:06:02 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\COMMON~1\MicroWorld deleted successfully
C:\Users\Michala\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
"C:\Windows\Installer\20181.msi" deleted

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{7D10462C-1B3F-49A6-BAEC-F65F47D70262}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7D10462C-1B3F-49A6-BAEC-F65F47D70262}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{7D10462C-1B3F-49A6-BAEC-F65F47D70262}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value
HKLM\SearchScopes\{7D10462C-1B3F-49A6-BAEC-F65F47D70262} - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TEJB
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{7D10462C-1B3F-49A6-BAEC-F65F47D70262}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value
HKLM\Wow6432Node\SearchScopes\{7D10462C-1B3F-49A6-BAEC-F65F47D70262} - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TEJB
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E40670FF068C9E042A033EF74AF101A3 deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FF07604E-C860-40E9-A230-E37FA41F103A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E40670FF068C9E042A033EF74AF101A3 deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Michala\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Michala\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=26 folders=29 35623184 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Michala\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Michala\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on po 01. 02. 2016 at 21:22:05,97 ======================

[jaroskk]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Michala (administrator) on PC-MISA (01-02-2016 21:25:03)
Running from C:\Users\Michala\Desktop
Loaded Profiles: Michala (Available Profiles: Michala)
Platform: Windows 8.1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
() C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.8.203.0\McCSPServiceHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe
(PortableApps.com) C:\Users\Michala\Desktop\Portable\FirefoxPortable\FirefoxPortable.exe
(Mozilla Corporation) C:\Users\Michala\Desktop\Portable\FirefoxPortable\App\Firefox64\firefox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\Core\mchost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-12] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-18] (TOSHIBA Corporation)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [383768 2002-04-12] (Alcor Micro Corp.)
HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 94.74.192.252 94.74.192.244
Tcpip\..\Interfaces\{7E285EA5-53F0-48D9-9B1E-FF503F68B990}: [DhcpNameServer] 94.74.192.252 94.74.192.244
Tcpip\..\Interfaces\{989D4FC0-B22C-4C7D-98BF-7E2BDB770D08}: [DhcpNameServer] 127.0.0.1

Internet Explorer:
==================
HKU\S-1-5-21-75312684-3944875200-1680285378-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-75312684-3944875200-1680285378-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/symbaloo_c
HKU\S-1-5-21-75312684-3944875200-1680285378-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_c
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-75312684-3944875200-1680285378-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-75312684-3944875200-1680285378-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-01-08] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-01-08] (McAfee, Inc.)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-01-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-01-08] ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-01-31] [not signed]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-22] (Windows (R) Win 7 DDK provider) [File not signed]
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2016-01-08] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-25] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe [1694152 2015-12-02] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [681680 2016-01-08] (McAfee, Inc.)
S2 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2015-11-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [380896 2016-01-04] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [275368 2015-11-18] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [902112 2015-12-14] (Intel Security, Inc.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-19] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2015-11-25] (McAfee, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2015-11-25] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351144 2015-11-25] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2015-11-25] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [846080 2015-11-25] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [539496 2015-11-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-11-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2015-11-25] (McAfee, Inc.)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-22] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-02 03:29 - 2016-02-02 03:29 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-02-02 03:15 - 2016-02-02 03:15 - 00000000 ____D C:\Users\Michala\AppData\Roaming\Macromedia
2016-02-02 03:13 - 2015-11-25 07:29 - 00419624 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mfeaack.sys
2016-02-02 03:12 - 2016-02-02 03:12 - 00003064 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2016-02-02 03:12 - 2016-02-02 03:12 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2016-02-02 03:11 - 2016-02-02 03:11 - 00000000 ____D C:\ProgramData\Intel Security
2016-02-02 03:11 - 2016-02-02 03:11 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2016-02-02 03:08 - 2016-02-02 03:08 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-02 03:08 - 2016-01-31 19:07 - 00003348 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2016-02-02 03:07 - 2016-02-02 03:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-02-01 21:25 - 2016-02-01 21:26 - 00013024 _____ C:\Users\Michala\Desktop\FRST.txt
2016-02-01 21:24 - 2016-02-01 21:25 - 00000000 ____D C:\FRST
2016-02-01 21:24 - 2016-02-01 21:03 - 02370560 _____ (Farbar) C:\Users\Michala\Desktop\FRST64.exe
2016-02-01 21:20 - 2016-02-01 21:04 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2016-02-01 21:04 - 2016-02-01 21:18 - 00000000 ____D C:\zoek_backup
2016-02-01 21:03 - 2016-02-01 21:03 - 02370560 _____ (Farbar) C:\Users\Michala\Downloads\FRST64.exe
2016-02-01 21:02 - 2016-02-01 21:02 - 01309184 _____ C:\Users\Michala\Downloads\zoek.exe
2016-02-01 21:00 - 2016-02-01 21:22 - 00000000 ____D C:\Users\Michala\AppData\Roaming\Mozilla
2016-02-01 21:00 - 2016-02-01 21:00 - 00000000 ____D C:\Users\Michala\AppData\Local\Mozilla
2016-02-01 20:59 - 2015-12-26 09:48 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-01 20:59 - 2015-12-26 09:48 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-01 20:12 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2016-02-01 20:12 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2016-02-01 20:08 - 2016-02-01 20:08 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-01 19:57 - 2016-02-01 21:02 - 00003974 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{72737371-9678-42AD-B88E-1189F5F577BC}
2016-02-01 19:57 - 2013-12-20 11:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-02-01 19:57 - 2013-12-20 11:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-02-01 19:54 - 2013-12-09 01:19 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2016-02-01 19:54 - 2013-12-09 00:55 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
2016-02-01 19:46 - 2013-12-11 08:55 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2016-02-01 19:45 - 2013-12-09 01:34 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-02-01 19:45 - 2013-12-09 01:04 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-02-01 19:45 - 2013-11-27 16:34 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-02-01 19:45 - 2013-11-27 16:27 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-02-01 19:45 - 2013-11-27 15:00 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-02-01 19:45 - 2013-11-27 14:47 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-02-01 19:45 - 2013-11-27 13:02 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys
2016-02-01 19:45 - 2013-11-27 11:24 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2016-02-01 19:45 - 2013-11-27 10:46 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2016-02-01 19:45 - 2013-11-27 10:41 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-02-01 19:45 - 2013-11-27 10:17 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-02-01 19:45 - 2013-11-27 10:10 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2016-02-01 19:45 - 2013-11-27 09:58 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-02-01 19:45 - 2013-11-27 09:56 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2016-02-01 19:45 - 2013-11-27 09:20 - 04106240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2016-02-01 19:45 - 2013-11-26 14:20 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-02-01 19:45 - 2013-11-26 14:20 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2016-02-01 19:45 - 2013-11-26 12:44 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2016-02-01 19:45 - 2013-11-25 02:45 - 00142680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-02-01 19:45 - 2013-11-25 02:32 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-02-01 19:45 - 2013-11-25 00:30 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-02-01 19:45 - 2013-11-25 00:28 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-02-01 19:45 - 2013-11-23 13:47 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2016-02-01 19:45 - 2013-11-23 08:13 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll
2016-02-01 19:45 - 2013-11-23 08:13 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2016-02-01 19:45 - 2013-11-23 08:08 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-02-01 19:45 - 2013-11-23 05:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2016-02-01 19:45 - 2013-11-23 04:19 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-02-01 19:45 - 2013-11-23 04:15 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-02-01 19:45 - 2013-11-21 07:58 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll
2016-02-01 19:45 - 2013-11-21 07:26 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-01 19:45 - 2013-11-15 15:59 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-02-01 19:45 - 2013-11-15 15:25 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-02-01 19:45 - 2013-11-15 15:08 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-02-01 19:45 - 2013-11-15 14:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-02-01 19:45 - 2013-10-31 01:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-02-01 19:45 - 2013-10-31 00:41 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-02-01 19:33 - 2016-02-01 19:37 - 00000000 ____D C:\Users\Michala\Desktop\Portable
2016-02-01 19:32 - 2013-10-19 09:53 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2016-02-01 19:32 - 2013-10-19 08:14 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2016-02-01 18:47 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2016-02-01 18:47 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2016-02-01 18:46 - 2013-12-09 01:27 - 02152448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-02-01 18:46 - 2013-12-09 00:54 - 01317376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-02-01 18:45 - 2013-11-23 05:34 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2016-02-01 18:45 - 2013-11-23 05:13 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2016-02-01 18:45 - 2013-10-13 03:48 - 00136536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2016-02-01 18:45 - 2013-10-12 22:48 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-02-01 18:45 - 2013-10-12 22:34 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-02-01 18:44 - 2014-03-06 10:19 - 01287576 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2016-02-01 18:44 - 2014-03-06 10:02 - 01109424 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-01 18:44 - 2014-03-06 07:17 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-01 18:44 - 2014-03-06 07:10 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2016-02-01 18:44 - 2013-10-05 15:21 - 01341288 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-02-01 18:44 - 2013-10-05 09:39 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-02-01 18:42 - 2014-01-07 06:00 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-02-01 18:42 - 2014-01-07 05:30 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-02-01 18:42 - 2013-11-21 07:42 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-02-01 18:42 - 2013-11-21 06:44 - 03936256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-02-01 18:41 - 2014-01-31 17:15 - 00311640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2016-02-01 18:41 - 2014-01-31 17:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-02-01 18:41 - 2014-01-31 17:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-02-01 18:41 - 2014-01-31 14:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-02-01 18:41 - 2014-01-31 10:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2016-02-01 18:41 - 2014-01-29 09:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2016-02-01 18:41 - 2014-01-29 09:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2016-02-01 18:41 - 2014-01-29 09:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-01 18:41 - 2014-01-29 09:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-02-01 18:41 - 2014-01-29 08:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-01 18:41 - 2014-01-29 08:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2016-02-01 18:41 - 2014-01-29 08:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2016-02-01 18:41 - 2014-01-29 07:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2016-02-01 18:41 - 2014-01-29 01:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2016-02-01 18:41 - 2014-01-27 20:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-02-01 18:41 - 2014-01-27 20:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2016-02-01 18:41 - 2014-01-27 20:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2016-02-01 18:41 - 2014-01-27 19:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-02-01 18:41 - 2014-01-27 19:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2016-02-01 18:41 - 2014-01-27 19:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2016-02-01 18:41 - 2014-01-27 19:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2016-02-01 18:41 - 2014-01-27 18:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2016-02-01 18:41 - 2014-01-27 18:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2016-02-01 18:41 - 2014-01-27 18:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2016-02-01 18:41 - 2014-01-27 16:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-02-01 18:41 - 2014-01-27 16:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-02-01 18:41 - 2014-01-27 12:45 - 00386722 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-02-01 18:41 - 2014-01-18 00:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-02-01 18:41 - 2014-01-17 22:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-02-01 18:41 - 2013-12-21 15:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-02-01 18:41 - 2013-12-21 09:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2016-02-01 18:40 - 2014-03-10 11:35 - 02008408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-02-01 18:40 - 2014-03-10 11:35 - 00377176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-02-01 18:40 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-02-01 18:40 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2016-02-01 18:40 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-02-01 18:40 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-02-01 18:40 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2016-02-01 18:40 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2016-02-01 18:39 - 2014-01-04 21:50 - 01462216 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2016-02-01 18:39 - 2014-01-04 20:22 - 01202888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2016-02-01 18:39 - 2014-01-04 15:30 - 13209088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-01 18:39 - 2014-01-04 15:23 - 11702272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-01 18:39 - 2014-01-04 15:03 - 00919040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-02-01 18:39 - 2014-01-04 14:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2016-02-01 18:39 - 2014-01-04 14:42 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-02-01 18:39 - 2014-01-04 14:40 - 07416832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-02-01 18:39 - 2014-01-04 14:36 - 00830976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2016-02-01 18:39 - 2014-01-04 14:28 - 04961792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-02-01 18:39 - 2013-12-21 03:10 - 00009701 _____ C:\WINDOWS\SysWOW64\connectedsearch-results.searchconnector-ms
2016-02-01 18:39 - 2013-12-21 03:10 - 00009701 _____ C:\WINDOWS\system32\connectedsearch-results.searchconnector-ms
2016-02-01 18:38 - 2014-04-19 12:15 - 21186352 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-01 18:38 - 2014-04-19 07:49 - 18644072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-01 18:36 - 2014-02-11 03:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-02-01 18:36 - 2014-02-11 03:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-02-01 18:32 - 2013-10-19 09:08 - 23212544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-01 18:32 - 2013-10-19 07:37 - 17142784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-01 18:32 - 2013-10-19 06:10 - 05765120 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-01 18:32 - 2013-10-19 05:37 - 12995584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-01 18:32 - 2013-10-19 04:56 - 11220992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-01 18:31 - 2013-10-23 12:29 - 00044936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-02-01 18:31 - 2013-10-23 12:21 - 00155480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2016-02-01 18:31 - 2013-10-23 12:13 - 00171864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_8086.dll
2016-02-01 18:31 - 2013-10-22 08:55 - 02328872 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-01 18:31 - 2013-10-22 07:03 - 02065448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-01 18:31 - 2013-10-22 06:15 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2016-02-01 18:31 - 2013-10-22 05:04 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2016-02-01 18:31 - 2013-10-22 04:56 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2016-02-01 18:31 - 2013-10-22 04:44 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2016-02-01 18:31 - 2013-10-22 03:38 - 01362944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-02-01 18:31 - 2013-10-22 03:22 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2016-02-01 18:31 - 2013-10-22 03:13 - 01704448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2016-02-01 18:31 - 2013-10-22 02:53 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2016-02-01 18:31 - 2013-10-19 07:02 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-02-01 18:31 - 2013-10-19 06:37 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2016-02-01 18:31 - 2013-10-19 06:19 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-02-01 18:31 - 2013-10-19 05:52 - 02166272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-01 18:31 - 2013-10-19 05:48 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-02-01 18:31 - 2013-10-19 05:44 - 04240384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-01 18:31 - 2013-10-19 05:31 - 01993728 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-02-01 18:31 - 2013-10-19 05:03 - 00531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-02-01 18:31 - 2013-10-19 04:55 - 01926656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-02-01 18:31 - 2013-10-19 04:53 - 02332160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-01 18:31 - 2013-10-19 04:26 - 01231360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-02-01 18:31 - 2013-10-19 04:23 - 01394176 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-01 18:31 - 2013-10-19 04:14 - 00888832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-02-01 18:31 - 2013-10-19 04:09 - 01818112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-01 18:31 - 2013-10-19 04:02 - 01156608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-01 18:31 - 2013-10-16 10:34 - 00518656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-02-01 18:31 - 2013-10-16 10:33 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-02-01 18:31 - 2013-10-13 04:06 - 00258904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2016-02-01 18:31 - 2013-10-13 03:43 - 00708616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-02-01 18:31 - 2013-10-10 17:26 - 00317616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-02-01 18:31 - 2013-10-10 17:26 - 00104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-02-01 18:31 - 2013-10-10 15:53 - 00235960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2016-02-01 18:31 - 2013-10-10 15:53 - 00088272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-02-01 18:31 - 2013-10-10 12:38 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-02-01 18:31 - 2013-10-08 11:28 - 00523096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-02-01 18:31 - 2013-10-08 07:46 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsetup.dll
2016-02-01 18:31 - 2013-10-08 06:58 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsetup.dll
2016-02-01 18:31 - 2013-10-08 06:50 - 00656384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-02-01 18:31 - 2013-10-08 06:48 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-02-01 18:31 - 2013-10-08 06:15 - 00492544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-02-01 18:31 - 2013-10-08 06:09 - 01160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-02-01 18:31 - 2013-10-08 05:50 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-02-01 18:31 - 2013-10-08 05:50 - 00762368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-02-01 18:31 - 2013-10-07 08:21 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-02-01 18:31 - 2013-10-07 03:13 - 03532288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-01 18:31 - 2013-10-05 16:25 - 00057176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2016-02-01 18:31 - 2013-10-05 15:21 - 00699840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-02-01 18:31 - 2013-10-05 13:05 - 00578952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-02-01 18:31 - 2013-10-05 12:01 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-02-01 18:31 - 2013-10-05 12:01 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-02-01 18:31 - 2013-10-05 12:00 - 01200640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-02-01 18:31 - 2013-10-05 10:36 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2016-02-01 18:31 - 2013-10-05 10:18 - 01011712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2016-02-01 18:31 - 2013-10-05 10:07 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-02-01 18:31 - 2013-10-05 09:56 - 01147904 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-02-01 18:31 - 2013-10-05 09:55 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\miutils.dll
2016-02-01 18:31 - 2013-10-05 09:40 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2016-02-01 18:31 - 2013-10-05 09:24 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\miutils.dll
2016-02-01 18:31 - 2013-10-05 09:21 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-02-01 18:31 - 2013-10-05 09:15 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2016-02-01 18:31 - 2013-10-05 08:43 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-02-01 18:31 - 2013-10-05 08:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2016-02-01 18:31 - 2013-10-04 09:10 - 00533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-02-01 18:31 - 2013-09-17 10:06 - 01067080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-02-01 18:31 - 2013-09-17 10:06 - 00465960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-02-01 18:31 - 2013-09-17 07:31 - 00883184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-02-01 18:31 - 2013-09-17 07:31 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-02-01 18:31 - 2013-09-17 05:37 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-02-01 18:31 - 2013-09-14 15:07 - 02134120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-02-01 18:31 - 2013-09-14 15:00 - 00391512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2016-02-01 18:31 - 2013-09-14 13:39 - 01799944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-02-01 18:31 - 2013-09-14 13:33 - 00345552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2016-02-01 18:31 - 2013-09-14 11:05 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2016-02-01 18:31 - 2013-09-14 10:11 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-02-01 18:31 - 2013-09-13 09:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ftp.exe
2016-02-01 18:31 - 2013-09-13 08:47 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ftp.exe
2016-02-01 18:31 - 2013-09-12 09:45 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2016-02-01 18:31 - 2013-09-12 09:08 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2016-02-01 18:31 - 2013-09-12 09:08 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-02-01 18:31 - 2013-09-12 09:02 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2016-02-01 18:31 - 2013-09-12 08:44 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2016-02-01 18:31 - 2013-09-12 08:37 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2016-02-01 18:31 - 2013-09-12 08:37 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2016-02-01 18:31 - 2013-09-12 08:21 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2016-02-01 18:31 - 2013-09-12 08:16 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2016-02-01 18:31 - 2013-09-12 08:01 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2016-02-01 18:31 - 2013-09-10 05:52 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\msched.dll
2016-02-01 18:27 - 2013-10-10 12:26 - 02801664 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-02-01 18:27 - 2013-10-10 12:05 - 01019392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-02-01 18:27 - 2013-10-10 11:34 - 01085952 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-02-01 18:27 - 2013-10-10 11:27 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-02-01 18:26 - 2016-02-01 19:27 - 00003846 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-02-01 18:26 - 2016-02-01 18:26 - 00004020 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse

[jaroskk]

2016-02-01 18:21 - 2014-02-11 04:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-02-01 18:21 - 2014-01-07 08:03 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-02-01 18:21 - 2014-01-07 06:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-02-01 18:21 - 2013-11-11 03:48 - 00039768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2016-02-01 18:21 - 2013-11-09 07:37 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-02-01 18:21 - 2013-11-09 06:56 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-02-01 18:21 - 2013-11-08 11:26 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2016-02-01 18:21 - 2013-11-08 05:43 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-02-01 18:21 - 2013-11-08 05:16 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2016-02-01 18:21 - 2013-11-08 05:15 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-02-01 18:21 - 2013-11-08 04:41 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-02-01 18:21 - 2013-11-08 04:14 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-02-01 18:21 - 2013-11-05 15:19 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-02-01 18:21 - 2013-11-05 14:17 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2016-02-01 18:21 - 2013-11-04 14:07 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2016-02-01 18:21 - 2013-11-04 11:32 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2016-02-01 18:21 - 2013-11-04 03:28 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2016-02-01 18:21 - 2013-11-01 12:39 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-02-01 18:21 - 2013-11-01 07:08 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-02-01 18:21 - 2013-11-01 06:57 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-02-01 18:21 - 2013-10-31 01:58 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-02-01 18:21 - 2013-10-31 01:42 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-01 18:21 - 2013-10-31 01:33 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-02-01 18:21 - 2013-10-31 01:33 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-02-01 18:21 - 2013-10-26 02:54 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2016-02-01 18:21 - 2013-10-24 10:31 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2016-02-01 18:21 - 2013-10-24 10:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2016-02-01 18:21 - 2013-10-17 12:21 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2016-02-01 18:21 - 2013-10-17 11:36 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2016-02-01 18:21 - 2013-10-15 09:54 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2016-02-01 18:21 - 2013-10-15 09:03 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2016-02-01 18:21 - 2013-10-10 12:53 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-02-01 18:21 - 2013-10-10 12:21 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-02-01 18:19 - 2014-01-08 02:46 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-02-01 18:19 - 2014-01-08 02:41 - 01530712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-01 18:19 - 2014-01-08 02:41 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-02-01 18:19 - 2014-01-04 16:54 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll
2016-02-01 18:19 - 2014-01-04 16:08 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2016-02-01 18:19 - 2014-01-04 15:08 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2016-02-01 18:19 - 2014-01-04 14:53 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2016-02-01 18:19 - 2014-01-03 00:54 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2016-02-01 18:19 - 2014-01-03 00:48 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2016-02-01 18:19 - 2014-01-01 02:55 - 01720560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-01 18:19 - 2014-01-01 02:52 - 00481944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-02-01 18:19 - 2014-01-01 01:56 - 01472048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-01 18:19 - 2014-01-01 01:55 - 00381168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-02-01 18:19 - 2014-01-01 00:59 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-02-01 18:19 - 2014-01-01 00:57 - 01214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-02-01 18:19 - 2014-01-01 00:56 - 00960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-02-01 18:19 - 2013-12-31 00:34 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2016-02-01 18:19 - 2013-12-31 00:33 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2016-02-01 18:19 - 2013-12-31 00:32 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2016-02-01 18:19 - 2013-12-31 00:31 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-01 18:19 - 2013-12-31 00:31 - 00914944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2016-02-01 18:19 - 2013-12-27 16:09 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-02-01 18:19 - 2013-12-27 09:57 - 00842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-02-01 18:19 - 2013-12-27 09:57 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-02-01 18:19 - 2013-12-27 09:23 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-02-01 18:19 - 2013-12-27 08:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-02-01 18:19 - 2013-12-27 08:03 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-02-01 18:19 - 2013-12-27 07:37 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-02-01 18:19 - 2013-12-21 08:21 - 00376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2016-02-01 18:19 - 2013-12-17 08:21 - 00408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-02-01 18:19 - 2013-12-14 07:31 - 13949440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-02-01 18:19 - 2013-12-14 07:19 - 18576384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-02-01 18:19 - 2013-12-13 11:54 - 00131160 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-02-01 18:19 - 2013-12-13 07:36 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-02-01 18:19 - 2013-12-13 06:32 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-02-01 18:19 - 2013-11-04 12:50 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-02-01 18:19 - 2013-11-04 02:30 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-02-01 18:19 - 2013-10-05 15:21 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-02-01 18:19 - 2013-10-05 15:21 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-02-01 18:19 - 2013-10-05 13:05 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-02-01 18:19 - 2013-10-05 13:05 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-02-01 18:14 - 2013-11-09 07:34 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2016-02-01 18:14 - 2013-11-09 07:34 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-02-01 18:14 - 2013-11-09 06:52 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-02-01 16:59 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-02-01 16:58 - 2013-10-16 16:58 - 01943536 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-02-01 16:58 - 2013-10-16 14:54 - 01581968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-02-01 16:57 - 2013-09-26 07:51 - 00669184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2016-02-01 16:57 - 2013-09-26 07:34 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmIndexer.dll
2016-02-01 16:57 - 2013-09-26 07:34 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmIndexer.dll
2016-02-01 16:57 - 2013-09-24 06:05 - 01245696 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2016-02-01 16:57 - 2013-09-21 07:33 - 11366912 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-02-01 16:56 - 2013-09-26 10:20 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\recimg.exe
2016-02-01 16:56 - 2013-09-25 11:25 - 00783504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-02-01 16:56 - 2013-09-25 09:58 - 00648648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-02-01 16:56 - 2013-09-25 06:40 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2016-02-01 16:56 - 2013-09-24 10:44 - 01286552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-02-01 16:56 - 2013-09-24 08:53 - 01018448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-02-01 16:56 - 2013-09-24 06:54 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-02-01 16:56 - 2013-09-24 06:10 - 01741824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-02-01 16:56 - 2013-09-24 04:56 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll
2016-02-01 16:56 - 2013-09-21 13:10 - 00579416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-02-01 16:56 - 2013-09-21 13:10 - 00236376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-02-01 16:56 - 2013-09-21 13:10 - 00151384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-02-01 16:56 - 2013-09-21 12:50 - 00528048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2016-02-01 16:56 - 2013-09-21 12:48 - 00534048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-02-01 16:56 - 2013-09-21 12:48 - 00123480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2016-02-01 16:56 - 2013-09-21 11:56 - 00101208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2016-02-01 16:56 - 2013-09-21 11:53 - 01534504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-02-01 16:56 - 2013-09-21 11:53 - 00996320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-01 16:56 - 2013-09-21 11:53 - 00934856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-02-01 16:56 - 2013-09-21 11:53 - 00366688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-02-01 16:56 - 2013-09-21 11:45 - 00171968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-02-01 16:56 - 2013-09-21 10:23 - 00427096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-02-01 16:56 - 2013-09-21 10:23 - 00098104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2016-02-01 16:56 - 2013-09-21 10:12 - 01092896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-02-01 16:56 - 2013-09-21 10:09 - 00796928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-02-01 16:56 - 2013-09-21 10:09 - 00312936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-02-01 16:56 - 2013-09-21 08:58 - 00675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-02-01 16:56 - 2013-09-21 08:57 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-02-01 16:56 - 2013-09-21 08:55 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2016-02-01 16:56 - 2013-09-21 08:50 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2016-02-01 16:56 - 2013-09-21 08:17 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2016-02-01 16:56 - 2013-09-21 07:55 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2016-02-01 16:56 - 2013-09-21 06:59 - 00940544 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-01 16:56 - 2013-09-21 06:57 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\livessp.dll
2016-02-01 16:56 - 2013-09-21 06:56 - 08712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2016-02-01 16:56 - 2013-09-21 06:43 - 00194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-02-01 16:56 - 2013-09-21 06:38 - 00365568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-02-01 16:56 - 2013-09-21 06:34 - 01555456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-02-01 16:56 - 2013-09-21 06:31 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-01 16:56 - 2013-09-21 06:26 - 00405504 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-02-01 16:56 - 2013-09-21 06:10 - 12028416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-02-01 16:56 - 2013-09-21 06:05 - 08875008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-02-01 16:56 - 2013-09-21 06:02 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-02-01 16:56 - 2013-09-21 05:54 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-02-01 16:56 - 2013-09-21 05:44 - 01662464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-02-01 16:56 - 2013-09-21 05:39 - 01455616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-02-01 16:56 - 2013-09-21 05:38 - 01057792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.dll
2016-02-01 16:56 - 2013-09-21 05:37 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-02-01 16:56 - 2013-09-21 05:36 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.dll
2016-02-01 16:56 - 2013-09-19 07:17 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmon.ocx
2016-02-01 16:56 - 2013-09-19 06:29 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sysmon.ocx
2016-02-01 16:56 - 2013-09-19 06:08 - 01150976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-02-01 16:56 - 2013-09-19 06:01 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2016-02-01 16:56 - 2013-09-19 05:37 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-02-01 16:56 - 2013-09-19 05:32 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2016-02-01 16:56 - 2013-09-19 05:27 - 01730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2016-02-01 16:56 - 2013-09-19 05:27 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-02-01 16:56 - 2013-09-19 05:25 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2016-02-01 16:56 - 2013-09-19 05:11 - 01344000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dui70.dll
2016-02-01 16:56 - 2013-09-19 05:10 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-02-01 16:56 - 2013-09-19 04:59 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-02-01 16:56 - 2013-09-19 04:55 - 00552448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-02-01 16:56 - 2013-09-19 04:34 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-02-01 16:56 - 2013-09-19 04:32 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-02-01 16:56 - 2013-09-17 10:18 - 00467800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-02-01 16:56 - 2013-09-17 06:15 - 01225728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-02-01 16:56 - 2013-09-17 06:00 - 00453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-02-01 16:56 - 2013-09-17 05:08 - 00738304 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2016-02-01 16:56 - 2013-09-14 15:06 - 00175960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\VerifierExt.sys
2016-02-01 16:56 - 2013-09-14 15:06 - 00066904 _____ (Microsoft Corporation) C:\WINDOWS\system32\PSHED.DLL
2016-02-01 16:56 - 2013-09-13 13:14 - 00872328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-02-01 16:56 - 2013-09-13 11:52 - 00698232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-02-01 16:56 - 2013-09-13 10:52 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsClassExtension.dll
2016-02-01 16:56 - 2013-09-13 09:54 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2016-02-01 16:56 - 2013-09-13 08:55 - 00233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-02-01 16:56 - 2013-09-13 08:30 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-02-01 16:56 - 2013-09-12 08:37 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2016-02-01 16:56 - 2013-09-11 10:32 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-02-01 16:56 - 2013-09-11 10:31 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-02-01 16:56 - 2013-09-11 10:31 - 00244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-02-01 16:56 - 2013-09-11 08:41 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2016-02-01 16:56 - 2013-09-11 08:09 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2016-02-01 16:56 - 2013-09-07 13:44 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdprint.dll
2016-02-01 16:56 - 2013-09-07 13:29 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-02-01 16:56 - 2013-09-07 12:45 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-02-01 16:56 - 2013-09-07 12:13 - 00248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-02-01 16:56 - 2013-09-07 12:07 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringMgr.dll
2016-02-01 16:56 - 2013-09-07 11:51 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2016-02-01 16:56 - 2013-09-07 11:51 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2016-02-01 16:56 - 2013-09-05 08:39 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2016-02-01 16:56 - 2013-09-05 07:42 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Utilman.exe
2016-02-01 16:56 - 2013-09-04 08:01 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll
2016-02-01 16:56 - 2013-09-04 07:16 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2016-02-01 16:56 - 2013-09-04 06:47 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2016-02-01 16:56 - 2013-09-04 06:12 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCoreConfProv.dll
2016-02-01 16:56 - 2013-09-04 05:57 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-02-01 16:56 - 2013-09-04 05:48 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2016-02-01 16:56 - 2013-09-04 05:35 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2016-02-01 16:56 - 2013-08-31 15:18 - 00205024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-02-01 16:56 - 2013-08-31 13:15 - 00180232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-02-01 16:56 - 2013-08-31 13:04 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\riched20.dll
2016-02-01 16:56 - 2013-08-30 08:31 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
2016-02-01 16:56 - 2013-08-28 08:55 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-02-01 16:56 - 2013-08-28 08:49 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2016-02-01 16:56 - 2013-08-28 08:09 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdsdwmdr.dll
2016-02-01 16:56 - 2013-08-27 07:09 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2016-02-01 16:56 - 2013-08-27 06:24 - 00813568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2016-02-01 16:56 - 2013-08-27 05:39 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2016-02-01 16:56 - 2013-08-27 05:35 - 00977408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2016-02-01 16:55 - 2013-09-26 09:24 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-02-01 16:55 - 2013-09-26 08:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2016-02-01 16:55 - 2013-09-26 08:14 - 00528896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2016-02-01 16:55 - 2013-09-25 08:32 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2016-02-01 16:55 - 2013-09-24 07:55 - 00284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2016-02-01 16:55 - 2013-09-24 06:59 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2016-02-01 16:55 - 2013-09-21 07:01 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll
2016-02-01 16:55 - 2013-09-21 06:37 - 00101376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-02-01 16:55 - 2013-09-21 06:20 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-02-01 16:55 - 2013-09-21 06:09 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-02-01 16:55 - 2013-09-21 05:38 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-02-01 16:55 - 2013-09-19 08:19 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersRes.dll
2016-02-01 16:55 - 2013-09-19 07:39 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.dll
2016-02-01 16:55 - 2013-09-19 07:27 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2016-02-01 16:55 - 2013-09-19 07:23 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WorkFoldersRes.dll
2016-02-01 16:55 - 2013-09-19 06:47 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.dll
2016-02-01 16:55 - 2013-09-17 07:58 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-02-01 16:55 - 2013-09-17 06:26 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-02-01 16:55 - 2013-09-17 05:09 - 01160704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-02-01 16:55 - 2013-09-17 04:28 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2016-02-01 16:55 - 2013-09-14 12:39 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-02-01 16:55 - 2013-09-13 09:10 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2016-02-01 16:55 - 2013-09-07 13:00 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdprint.dll
2016-02-01 16:55 - 2013-09-07 12:50 - 00482816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceCenter.dll
2016-02-01 16:55 - 2013-09-07 12:30 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2016-02-01 16:55 - 2013-09-07 12:22 - 00153600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll
2016-02-01 16:55 - 2013-09-05 06:40 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Utilman.exe
2016-02-01 16:55 - 2013-08-31 11:46 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\riched20.dll
2016-02-01 16:55 - 2013-08-31 11:00 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2016-02-01 16:55 - 2013-08-31 10:25 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2016-02-01 06:33 - 2016-02-01 06:33 - 00287936 _____ C:\WINDOWS\Minidump\020116-38000-01.dmp
2016-02-01 06:33 - 2016-02-01 06:33 - 00000000 ____D C:\WINDOWS\Minidump
2016-02-01 06:32 - 2016-02-01 06:32 - 370425531 _____ C:\WINDOWS\MEMORY.DMP
2016-01-31 21:03 - 2016-02-01 20:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-31 21:00 - 2016-01-31 21:00 - 00000000 ____D C:\Users\Michala\Downloads\MWAV-antivirus+návod+keygen
2016-01-31 20:59 - 2016-01-31 20:59 - 00625918 _____ C:\Users\Michala\Documents\pinfect.zip
2016-01-31 20:58 - 2016-01-31 20:58 - 00000000 ____D C:\WINDOWS\VDLL.DLL
2016-01-31 20:58 - 2016-01-31 20:58 - 00000000 ____D C:\WINDOWS\SysWOW64\runouce.exe
2016-01-31 20:58 - 2016-01-31 20:58 - 00000000 ____D C:\WINDOWS\rundll16.exe
2016-01-31 20:58 - 2016-01-31 20:58 - 00000000 ____D C:\WINDOWS\RUNDL132.EXE
2016-01-31 20:58 - 2016-01-31 20:58 - 00000000 ____D C:\WINDOWS\logo1_.exe
2016-01-31 20:58 - 2016-01-31 20:58 - 00000000 ____D C:\WINDOWS\logo_1.exe
2016-01-31 20:43 - 2016-01-31 20:43 - 00000000 ____D C:\ProgramData\MicroWorld
2016-01-31 20:34 - 2016-01-31 20:34 - 00000000 ____D C:\Users\Michala\AppData\Roaming\sMedio
2016-01-31 19:50 - 2016-02-01 15:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-31 19:50 - 2016-01-31 19:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-31 19:18 - 2016-02-01 19:44 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-01-31 19:18 - 2016-02-01 15:31 - 00000000 ____D C:\ProgramData\RogueKiller
2016-01-31 19:07 - 2016-01-31 19:21 - 00000000 ____D C:\AdwCleaner
2016-01-31 18:41 - 2016-01-31 18:41 - 00000911 _____ C:\Users\Michala\Desktop\Stažené soubory – zástupce.lnk
2016-01-31 18:41 - 2016-01-31 18:41 - 00000899 _____ C:\Users\Michala\Desktop\Dokumenty – zástupce.lnk
2016-01-31 18:40 - 2016-01-31 18:40 - 00000436 _____ C:\Users\Michala\Desktop\Tento počítač – zástupce.lnk
2016-01-31 18:37 - 2016-01-31 18:37 - 04166472 _____ (Crystal Dew World ) C:\Users\Michala\Downloads\CrystalDiskInfo6_7_0-en.exe
2016-01-31 18:36 - 2016-01-31 18:37 - 25144904 _____ C:\Users\Michala\Downloads\RogueKillerX64.exe
2016-01-31 18:36 - 2016-01-31 18:36 - 01609032 _____ (Malwarebytes) C:\Users\Michala\Downloads\JRT.exe
2016-01-31 18:35 - 2016-01-31 18:35 - 01508352 _____ C:\Users\Michala\Downloads\adwcle_5.032.exe
2016-01-31 00:17 - 2015-05-19 13:59 - 00207208 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2016-01-30 15:01 - 2016-01-30 15:01 - 00000000 ____D C:\Users\Michala\AppData\Local\ElevatedDiagnostics
2016-01-30 14:59 - 2016-01-30 14:59 - 00000000 ____D C:\ProgramData\ToshibaEurope
2016-01-30 14:56 - 2016-02-01 21:15 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-75312684-3944875200-1680285378-1001
2016-01-30 14:52 - 2016-01-30 14:52 - 00000000 ____D C:\Users\Michala\AppData\Local\TOSHIBA
2016-01-30 14:51 - 2016-01-30 14:51 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2016-01-30 14:50 - 2016-02-01 19:37 - 00000000 ____D C:\Users\Michala\AppData\Local\Packages
2016-01-30 14:50 - 2016-02-01 19:26 - 00000000 ____D C:\Users\Michala
2016-01-30 14:50 - 2016-01-30 14:50 - 00001433 _____ C:\Users\Michala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-30 14:50 - 2016-01-30 14:50 - 00000020 ___SH C:\Users\Michala\ntuser.ini
2016-01-30 14:50 - 2016-01-30 14:50 - 00000000 _SHDL C:\Users\Michala\Šablony
2016-01-30 14:50 - 2016-01-30 14:50 - 00000000 _SHDL C:\Users\Michala\Soubory cookie
2016-01-30 14:50 - 2016-01-30 14:50 - 00000000 _SHDL C:\Users\Michala\Poslední
2016-01-30 14:50 - 2016-01-30 14:50 - 00000000 _SHDL C:\Users\Michala\Okolní tiskárny
2016-01-30 14:50 - 2016-01-30 14:50 - 00000000 _SHDL C:\Users\Michala\Okolní síť
2016-01-30 14:50 - 2016-01-30 14:50 - 00000000 _SHDL C:\Users\Michala\Nabídka Start
2016-01-30 14:50 - 2016-01-30 14:50 - 00000000 _SHDL C:\Users\Michala\Dokumenty
2016-01-30 14:50 - 2016-01-30 14:50 - 00000000 _SHDL C:\Users\Michala\Documents\Obrázky
2016-01-30 14:50 - 2016-01-30 14:50 - 00000000 _SHDL C:\Users\Michala\Documents\Hudba
2016-01-30 14:50 - 2016-01-30 14:50 - 00000000 _SHDL C:\Users\Michala\Documents\Filmy
2016-01-30 14:50 - 2016-01-30 14:50 - 00000000 _SHDL C:\Users\Michala\Data aplikací
2016-01-30 14:50 - 2016-01-30 14:50 - 00000000 _SHDL C:\Users\Michala\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2016-01-30 14:50 - 2016-01-30 14:50 - 00000000 _SHDL C:\Users\Michala\AppData\Local\Data aplikací
2016-01-30 14:50 - 2016-01-30 14:50 - 00000000 ____D C:\Users\Michala\AppData\Roaming\Adobe
2016-01-30 14:48 - 2016-01-30 14:48 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-01-30 09:29 - 2016-01-30 09:29 - 00000000 _____ C:\Recovery.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-02 03:13 - 2013-11-28 01:37 - 00000000 ____D C:\Program Files\Common Files\mcafee
2016-02-02 03:13 - 2013-08-22 16:36 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-02-02 03:13 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-02-02 03:07 - 2013-11-28 01:38 - 00001871 _____ C:\Users\Public\Desktop\McAfee LiveSafe – Internet Security.lnk
2016-02-01 21:21 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-01 21:21 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-01 21:10 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-01 21:10 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-01 21:03 - 2013-09-19 18:02 - 04255064 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-01 21:03 - 2013-08-28 15:28 - 00797960 _____ C:\WINDOWS\system32\perfh015.dat
2016-02-01 21:03 - 2013-08-28 15:28 - 00163344 _____ C:\WINDOWS\system32\perfc015.dat
2016-02-01 21:03 - 2013-08-28 15:19 - 00742562 _____ C:\WINDOWS\system32\perfh00E.dat
2016-02-01 21:03 - 2013-08-28 15:19 - 00177650 _____ C:\WINDOWS\system32\perfc00E.dat
2016-02-01 21:03 - 2013-08-28 15:11 - 00541792 _____ C:\WINDOWS\system32\perfh008.dat
2016-02-01 21:03 - 2013-08-28 15:11 - 00088858 _____ C:\WINDOWS\system32\perfc008.dat
2016-02-01 21:03 - 2013-08-28 15:02 - 00739924 _____ C:\WINDOWS\system32\perfh005.dat
2016-02-01 21:03 - 2013-08-28 15:02 - 00151610 _____ C:\WINDOWS\system32\perfc005.dat
2016-02-01 21:03 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2016-02-01 20:58 - 2013-08-22 15:44 - 00336448 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-02-01 20:55 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-02-01 20:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2016-02-01 20:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-02-01 20:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-02-01 20:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-02-01 20:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2016-02-01 20:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager
2016-02-01 20:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera
2016-02-01 20:55 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Defender
2016-02-01 20:55 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-02-01 20:55 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-02-01 20:55 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-02-01 20:55 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-02-01 20:54 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-02-01 20:54 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-02-01 20:53 - 2013-08-22 16:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-01 15:24 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\registration
2016-02-01 15:23 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-01-31 19:17 - 2013-11-28 01:36 - 00000000 ____D C:\ProgramData\McAfee
2016-01-31 18:31 - 2013-09-20 19:34 - 00000000 ____D C:\WINDOWS\Panther
2016-01-30 18:07 - 2013-11-28 01:12 - 00002990 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2016-01-30 14:55 - 2013-09-19 18:05 - 00000000 ____D C:\ProgramData\Toshiba
2016-01-30 09:29 - 2013-08-22 16:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template

Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-09-20 02:50

==================== End of FRST.txt ============================

[jaroskk]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Michala (2016-02-01 21:26:23)
Running from C:\Users\Michala\Desktop
Windows 8.1 (X64) (2016-01-30 13:50:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-75312684-3944875200-1680285378-500 - Administrator - Disabled)
Guest (S-1-5-21-75312684-3944875200-1680285378-501 - Limited - Disabled)
Michala (S-1-5-21-75312684-3944875200-1680285378-1001 - Administrator - Enabled) => C:\Users\Michala

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus a Antispyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus a Antispyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.8.1245.73583 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 4.8.1245.73583 - Alcor Micro Corp.) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
DTS Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
IDT Audio Driver (HKLM\...\{588A747E-CFF6-46B3-9207-CD754F9473AF}) (Version: 6.10.6491.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3282 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.7080 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.300 - Qualcomm Atheros)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
TOSHIBA Addendum (HKLM-x32\...\{CE0374A6-B204-4336-8293-63FBB1DADBF4}) (Version: 1.00 - TOSHIBA)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{84FA4D2D-4273-4C66-BD3D-ADD3FE48DFA2}) (Version: 1.1.5.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.344 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.09.6400 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.5.0 - Toshiba Europe GmbH)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1E93F887-7773-4337-B487-E88BDB0144A4} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {3818E0EF-808A-4635-8B16-6304A6F0F523} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [2016-01-03] (McAfee, Inc.)
Task: {5030DB75-DABD-45A8-9052-90AB52B97038} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)
Task: {69156531-6C5D-45CE-B135-6AA01DA52AE9} - System32\Tasks\Toshiba\BlobDelivery => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.BlobDelivery.exe [2013-07-19] (Microsoft)
Task: {7F46723A-23DD-4B43-96BC-04ADD528E095} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\21.0\mcdatrep.exe [2016-02-01] (McAfee, Inc.)
Task: {823A453F-AE98-42A1-A4A0-2607D237D541} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {976A0D59-7A84-4194-8B4F-FE46D923CF80} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-07-19] (Toshiba Europe GmbH)
Task: {A60F1A1B-27DF-4B05-8FAA-841EA070E995} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [2016-02-01] (Microsoft Corporation)
Task: {AA5361EA-38D9-45E9-8A03-B7967F5BCAAE} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2013-08-28] (TODO: <Company name>)
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {C0E39471-6527-4321-8E07-9ED6A3D10921} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)
Task: {F02223F7-7627-42BF-AFFC-BC13F5EDC5FE} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {FD1F0F4B-9EE5-4085-8BD8-15158E75F893} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\21.0\mcdatrep.exe [2016-02-01] (McAfee, Inc.)
Task: {FFBF0334-DE30-4256-A091-4548AA73C859} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-01] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-03-27 21:53 - 2013-03-27 21:53 - 00163168 _____ () C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
2013-09-10 21:54 - 2013-09-10 21:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2013-09-19 18:33 - 2013-08-12 18:52 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-19 03:38 - 2012-07-19 03:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2016-02-01 21:22 - 2016-02-01 21:22 - 00011264 _____ () C:\Users\Michala\AppData\Local\Temp\nsy5E98.tmp\System.dll
2016-02-01 21:22 - 2016-02-01 21:22 - 00029696 _____ () C:\Users\Michala\AppData\Local\Temp\nsy5E98.tmp\registry.dll
2016-02-01 21:22 - 2016-02-01 21:22 - 00008704 _____ () C:\Users\Michala\AppData\Local\Temp\nsy5E98.tmp\newadvsplash.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2016-02-01 21:06 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts


127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-75312684-3944875200-1680285378-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Toshiba\standard.jpg
DNS Servers: 94.74.192.252 - 94.74.192.244
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{4DB0514A-BCD3-4301-AAEA-107C2D63B399}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{9E2B8E66-DA75-47D5-8F43-CD949972E95B}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{525BB892-8E10-49CA-8CEC-F59CAF8394BC}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{28C68800-6C90-4C16-BF60-E7513E6E13D9}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{E2436070-925A-4A73-91B9-66565B2ACEED}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{3BB46E09-3055-43CD-83AB-B4759F83C5DC}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

==================== Restore Points =========================

31-01-2016 19:33:06 JRT Pre-Junkware Removal
01-02-2016 21:05:30 zoek.exe restore point

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/01/2016 07:58:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC-Misa)
Description: Aplikaci winstore_cw5n1h2txyewy!Windows.Store se nepovedlo aktivovat, protože došlo k chybě: -2144927142. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (02/01/2016 08:19:54 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1360) SRUJet: Při otevírání souboru protokolu C:\WINDOWS\system32\SRU\SRU0001E.log došlo k chybě -1811 (0xfffff8ed).

Error: (02/02/2016 03:09:18 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014

Error: (02/02/2016 03:08:18 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014

Error: (02/02/2016 03:08:05 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014

Error: (02/02/2016 03:07:18 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014

Error: (02/02/2016 03:06:24 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014

Error: (02/02/2016 03:06:24 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014

Error: (02/02/2016 03:06:18 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014

Error: (02/02/2016 03:06:17 AM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014


System errors:
=============
Error: (02/01/2016 09:21:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba McAfee OOBE Service2 neuspěla při spuštění v důsledku následující chyby:
%%1083

Error: (02/01/2016 09:18:45 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (02/01/2016 09:18:44 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (02/01/2016 09:18:44 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (02/01/2016 09:18:44 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (02/01/2016 09:18:43 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (02/01/2016 08:58:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba McAfee OOBE Service2 neuspěla při spuštění v důsledku následující chyby:
%%1083

Error: (02/01/2016 06:25:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Zjišťování interaktivních služeb byla ukončena s následující chybou:
%%1

Error: (02/01/2016 06:39:33 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (02/01/2016 06:37:33 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU 1005M @ 1.90GHz
Percentage of memory in use: 35%
Total physical RAM: 3971.27 MB
Available physical RAM: 2543.48 MB
Total Virtual: 8067.27 MB
Available Virtual: 6576.71 MB

==================== Drives ================================

Drive c: (TI31216600A) (Fixed) (Total:454.95 GB) (Free:423.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

[jaroskk]

1 II 2016 21:41:38 - ***** Kontrola pro specifické ITW viry *****

01 II 2016 21:41:42 - ***** Test dokončen *****

01 II 2016 21:41:42 - Testovaných objektů: 65864
01 II 2016 21:41:42 - Kritických objektů: 13
01 II 2016 21:41:42 - Celkem vyléčených objektů: 0
01 II 2016 21:41:42 - Celkem přejmenováno: 0
01 II 2016 21:41:42 - Smazaných objektů: 0
01 II 2016 21:41:42 - Celkem chyb: 6
01 II 2016 21:41:42 - Uplynulý čas: 00:01:49
01 II 2016 21:41:42 - Datum vydání databáze: 06 Nov 2009
01 II 2016 21:41:42 - Verze virové databáze: 4481875

01 II 2016 21:41:42 - Test je dokončen

[jaroskk]

01 II 2016 21:40:43 - ***** Prohledávání registrů a souborů na přítomnost Adware/Spyware *****
01 II 2016 21:40:44 - Loading Spyware Signatures from new External Database [Name: C:\Users\Michala\AppData\Local\Temp\spydb.avs, Size: 920533]...
01 II 2016 21:40:44 - Indexed Spyware Databases Successfully Created...

01 II 2016 21:40:50 - Offending file found: C:\WINDOWS\system32\bi.dll
01 II 2016 21:40:50 - System found infected with VX2.aBetterInternet Spyware/Adware (bi.dll)! Action taken: Ponecháno, neodstraněno!.

01 II 2016 21:40:50 - Offending file found: C:\WINDOWS\system32\dabapi.dll
01 II 2016 21:40:50 - System found infected with combo Spyware/Adware (dabapi.dll)! Action taken: Ponecháno, neodstraněno!.

01 II 2016 21:40:52 - Offending file found: C:\Users\Michala\Desktop\Portable\FirefoxPortable\App\Firefox\uninstall\helper.exe
01 II 2016 21:40:52 - System found infected with Smitfraud Corrupted Adware/Spyware (helper.exe)! Action taken: Ponecháno, neodstraněno!.

01 II 2016 21:40:52 - Offending file found: C:\Users\Michala\Desktop\Portable\FirefoxPortable\App\Firefox64\uninstall\helper.exe
01 II 2016 21:40:52 - System found infected with Smitfraud Corrupted Adware/Spyware (helper.exe)! Action taken: Ponecháno, neodstraněno!.

01 II 2016 21:40:52 - Offending Folder found: C:\Users\Michala\Desktop\Portable\FirefoxPortable\Data\profile\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\locale\dsb
01 II 2016 21:40:52 - Objekt "EnergyPlugin Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.

01 II 2016 21:40:52 - Offending file found: C:\Users\Michala\Desktop\Portable\PidginPortable\App\Pidgin\pixmaps\pidgin\emotes\default\bad.png
01 II 2016 21:40:52 - System found infected with Fix Tool Corrupted Adware/Spyware (bad.png)! Action taken: Ponecháno, neodstraněno!.

01 II 2016 21:40:52 - Offending file found: C:\Users\Michala\Desktop\Portable\PidginPortable\App\Pidgin\plugins\tcl.dll
01 II 2016 21:40:52 - System found infected with SpywareStop Corrupted Adware/Spyware (tcl.dll)! Action taken: Ponecháno, neodstraněno!.

01 II 2016 21:40:52 - Offending file found: C:\Users\Michala\Desktop\Portable\PidginPortable\App\Pidgin\sqlite3.dll
01 II 2016 21:40:52 - System found infected with Lsas.Trojan-Spy.DOS.Keycopy Corrupted Adware/Spyware (sqlite3.dll)! Action taken: Ponecháno, neodstraněno!.

01 II 2016 21:40:52 - Offending file found: C:\Users\Michala\Desktop\Portable\Starter\Starter.exe
01 II 2016 21:40:52 - System found infected with PrecisionPop Spyware/Adware (Starter.exe)! Action taken: Ponecháno, neodstraněno!.

01 II 2016 21:40:52 - Offending file found: C:\Users\Michala\Desktop\Portable\VideoConverterPortable\App\VideoConverter\sqlite3.dll
01 II 2016 21:40:52 - System found infected with Lsas.Trojan-Spy.DOS.Keycopy Corrupted Adware/Spyware (sqlite3.dll)! Action taken: Ponecháno, neodstraněno!.

01 II 2016 21:40:52 - Offending Folder found: C:\Users\Michala\Desktop\Portable\VLCPortable\App\vlc\locale\ast
01 II 2016 21:40:52 - Objekt "AutoStartup Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.

01 II 2016 21:40:52 - Offending file found: C:\Users\Michala\Favorites\eBay.url
01 II 2016 21:40:52 - System found infected with ezula Spyware/Adware (eBay.url)! Action taken: Ponecháno, neodstraněno!.

01 II 2016 21:40:53 - Offending Folder found: C:\ProgramData\Microsoft\Windows\DeviceMetadataCache\dmrccache\en\4f0b9100-036b-424a-ac35-e5b8b2385614\DeviceInfo\dsb
01 II 2016 21:40:53 - Objekt "EnergyPlugin Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.

01 II 2016 21:40:53 - Offending Folder found: C:\ProgramData\Microsoft\Windows\DeviceMetadataCache\dmrccache\en\4f0b9100-036b-424a-ac35-e5b8b2385614\WindowsInfo\dsb
01 II 2016 21:40:53 - Objekt "EnergyPlugin Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.

01 II 2016 21:40:55 - Offending Registry Entry found: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cscript.exe
01 II 2016 21:40:55 - System found infected with combo Spyware/Adware (HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cscript.exe)! Action taken: Ponecháno, neodstraněno!.

01 II 2016 21:40:55 - Offending Registry Entry found: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe
01 II 2016 21:40:55 - System found infected with combo Spyware/Adware (HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe)! Action taken: Ponecháno, neodstraněno!.

01 II 2016 21:40:55 - Offending Registry Entry found: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe
01 II 2016 21:40:55 - System found infected with combo Spyware/Adware (HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe)! Action taken: Ponecháno, neodstraněno!.

01 II 2016 21:40:55 - Offending Registry Entry found: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscript.exe
01 II 2016 21:40:55 - System found infected with combo Spyware/Adware (HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscript.exe)! Action taken: Ponecháno, neodstraněno!.

01 II 2016 21:40:55 - Offending Registry Entry found: HKUS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
01 II 2016 21:40:55 - System found infected with combo Spyware/Adware (HKUS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall)! Action taken: Ponecháno, neodstraněno!.

[jaroskk]

Vše provedeno. Ale proč mi zase MWAV hlasi ty problemy? Viz, výše.

[jaroskk]

Po restartu zase problemy, WIN nenaběhl a musel jsem PC znovu obnovit z bodu obnoveni.

[jaro3]

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-75312684-3944875200-1680285378-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-75312684-3944875200-1680285378-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\Users\Michala\AppData\Local\Temp\nsy5E98.tmp\System.dll
C:\Users\Michala\AppData\Local\Temp\nsy5E98.tmp\registry.dll
C:\Users\Michala\AppData\Local\Temp\nsy5E98.tmp\newadvsplash.dll

+ všechny ty nálezy z MWAV

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/


Stáhni si Memtest:

Políčko , ve kterém je napsáno:
All unused RAM -ponech , jak je.
-dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.


Ještě zkontrolovat HDD na chyby ,popř. zkusit jeho defragmentaci ..


Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.