MyCity » Ambulanta -> Arhiva Ambulante » Tencent :(

Tencent :(

Napisano na dan: 24.4.2016

Tencent :(
Sledeća strana Pagination

Idi na vrh

Poslao: 24 Apr 2016 12:53
Idi na vrh
offline
  • Marko
  • Pridružio: 24 Okt 2012
  • Poruke: 145

Pokupio sam nekako ga, kroz racunar sam provuko skeniranje bitdefender i Malwarebytes Anti-Malware ali mi se cini da ga nisam izbrisao, javio mi se problem gdje kada normalno startujem racunar kad treba da izbaci desktop stoji samo crn ekran, pa sam iz safe moda pogasio neke starup procese koji su mi bili sumljivi, sada sam uspio podic sistem u normalnom modu, ali i dalje mi ostaju negdje tragovi od tog malwera, ako bi neko imao par minuta da rijesim problem bio bih mu zahvalan

FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by MarkoPC1 (administrator) on MARKOPC1-PC (24-04-2016 13:35:53)
Running from C:\Users\MarkoPC1\Downloads
Loaded Profiles: MarkoPC1 (Available Profiles: MarkoPC1)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Link mogu videti samo ulogovani korisnici]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCRTP.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\seccenter.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\odscanui.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2016-01-29] (NVIDIA Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2016-04-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCTray.exe" /regrun
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [552920 2013-07-26] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1000488 2013-07-31] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [613696 2013-07-26] (Bitdefender)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMGCShellExt64.dll [2016-04-23] (Tencent)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2013-07-08] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2013-07-08] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2013-07-08] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2013-07-08] (Bitdefender)
AlternateShell:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5A0FA95E-2ECF-4CD1-B5F8-A4BAAEEBD1AB}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll [2013-07-24] (Bitdefender)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30] (Adobe Systems Incorporated)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll [2013-07-24] (Bitdefender)
BHO-x32: Ó¦Óñ¦Ò»¼ü°²×°²å¼þ -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @Bitdefender.com/PasswordManager;version=17.8 -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxnp.dll [2013-07-24] (Bitdefender)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\npQMExtensionsMozilla.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-21] (Google Inc.)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2013-08-02] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2013-08-02] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext

Chrome:
=======
CHR Profile: C:\Users\MarkoPC1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\MarkoPC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-21]
CHR Extension: (Google Docs) - C:\Users\MarkoPC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-21]
CHR Extension: (Google Drive) - C:\Users\MarkoPC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-21]
CHR Extension: (YouTube) - C:\Users\MarkoPC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-21]
CHR Extension: (Bitdefender Wallet) - C:\Users\MarkoPC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2016-04-24]
CHR Extension: (Google Sheets) - C:\Users\MarkoPC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-21]
CHR Extension: (Google Docs Offline) - C:\Users\MarkoPC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (AdBlock) - C:\Users\MarkoPC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MarkoPC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\MarkoPC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-21]
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2016-04-24]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [75584 2013-07-05] (Bitdefender)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2016-01-29] (NVIDIA Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [65824 2016-04-24] (Microsoft Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2016-01-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2016-01-29] (NVIDIA Corporation)
R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCRTP.exe [301656 2016-04-23] (Tencent)
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
S2 SwOffScheduler; C:\Program Files\Airytec\Switch Off\swoff.exe [173056 2014-09-23] (Airytec) [File not signed]
S2 SwOffWeb; C:\Program Files\Airytec\Switch Off\swoff.exe [173056 2014-09-23] (Airytec) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2013-06-19] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1505688 2013-07-24] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 QQRepair1ed; "C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepair1ed" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2013-07-19] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2013-07-19] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-02-22] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [109056 2013-01-29] (BitDefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-07-23] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [147232 2012-10-04] (BitDefender LLC)
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [36568 2013-09-30] (IObit)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-24] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2016-01-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2016-01-29] (NVIDIA Corporation)
S3 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [101472 2016-03-15] (Tencent)
R1 TAOKernelDriver; C:\Windows\system32\Drivers\TAOKernel64.sys [137976 2016-04-23] (Tencent Technology(Shenzhen) Company Limited)
R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87800 2016-04-23] (电脑管家)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [45304 2016-04-23] (电脑管家)
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMUdisk64.sys [X]
S2 QQSysMonX64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQSysMonX64.sys [X]
S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\softaal64.sys [X]
S3 TS888x64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TS888x64.sys [X]
S1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TSDefenseBT64.sys [X]
S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TsNetHlpX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-24 13:35 - 2016-04-24 13:37 - 00016292 _____ C:\Users\MarkoPC1\Downloads\FRST.txt
2016-04-24 13:35 - 2016-04-24 13:35 - 02375680 _____ (Farbar) C:\Users\MarkoPC1\Downloads\FRST64.exe
2016-04-24 13:35 - 2016-04-24 13:35 - 00000000 ____D C:\FRST
2016-04-24 13:20 - 2016-04-24 13:20 - 00000000 ____D C:\Windows\pss
2016-04-24 13:08 - 2016-04-24 13:12 - 00000842 _____ C:\Windows\ntbtlog.txt
2016-04-24 12:19 - 2016-04-24 12:19 - 00000403 _____ C:\Windows\system32\checkdnsid.xml
2016-04-24 12:14 - 2016-04-24 13:08 - 00000000 ____D C:\Users\Public\Documents\Stronghold AntiMalware
2016-04-24 12:13 - 2016-04-24 12:14 - 07609152 _____ (Security Stronghold ) C:\Users\MarkoPC1\Downloads\StrongholdAntiMalware.exe
2016-04-24 11:59 - 2016-04-24 11:59 - 00000385 _____ C:\Windows\system32\user_gensett.xml
2016-04-24 11:59 - 2016-04-24 11:59 - 00000385 _____ C:\Users\MarkoPC1\AppData\Roaminguser_gensett.xml
2016-04-24 11:57 - 2016-04-24 11:57 - 00000840 _____ C:\bdlog.txt
2016-04-24 11:56 - 2016-04-24 11:56 - 00451090 _____ C:\ProgramData\1461491348.bdinstall.bin
2016-04-24 11:54 - 2016-04-24 11:54 - 00002186 _____ C:\Users\Public\Desktop\Bitdefender Safepay.lnk
2016-04-24 11:54 - 2016-04-24 11:54 - 00002067 _____ C:\Users\Public\Desktop\Bitdefender Total Security.lnk
2016-04-24 11:54 - 2016-04-24 11:54 - 00000684 ____H C:\bdr-cf01
2016-04-24 11:54 - 2016-04-24 11:54 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2016-04-24 11:54 - 2016-04-24 11:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender
2016-04-24 11:54 - 2009-07-15 01:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2016-04-24 11:53 - 2016-04-24 11:59 - 00000000 ____D C:\Users\MarkoPC1\AppData\Roaming\Bitdefender
2016-04-24 11:53 - 2016-04-24 11:59 - 00000000 ____D C:\ProgramData\BDLogging
2016-04-24 11:53 - 2016-04-24 11:54 - 00253404 ____H C:\bdr-ld01
2016-04-24 11:53 - 2016-04-24 11:54 - 00009216 ____H C:\bdr-ld01.mbr
2016-04-24 11:53 - 2013-07-23 16:50 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2016-04-24 11:53 - 2013-07-19 18:08 - 00601360 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2016-04-24 11:53 - 2013-07-19 18:04 - 00727592 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2016-04-24 11:53 - 2013-06-25 18:20 - 38518480 ____H C:\bdr-im01.gz
2016-04-24 11:53 - 2013-02-22 19:46 - 00093600 _____ (BitDefender LLC) C:\Windows\system32\Drivers\BdfNdisf6.sys
2016-04-24 11:53 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2016-04-24 11:53 - 2012-08-15 15:28 - 02510608 ____H C:\bdr-bz01
2016-04-24 11:53 - 2012-04-17 14:34 - 00076944 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2016-04-24 11:53 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2016-04-24 11:52 - 2016-04-24 11:52 - 00181055 _____ C:\Users\MarkoPC1\Downloads\Malwarebytes Key.zip
2016-04-24 11:52 - 2016-04-24 11:52 - 00181055 _____ C:\Users\MarkoPC1\Downloads\Malwarebytes Key (1).zip
2016-04-24 11:49 - 2016-04-24 11:55 - 00000000 ____D C:\ProgramData\Bitdefender
2016-04-24 11:49 - 2016-04-24 11:53 - 00000000 ____D C:\Program Files\Bitdefender
2016-04-24 11:49 - 2016-04-24 11:49 - 00000000 ____D C:\Users\MarkoPC1\AppData\Roaming\QuickScan
2016-04-24 11:49 - 2016-04-24 11:49 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-04-24 11:49 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2016-04-24 11:49 - 2012-10-04 14:30 - 00147232 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2016-04-24 11:48 - 2016-04-24 11:48 - 00035824 _____ (Curio Laboratories) C:\Users\MarkoPC1\Downloads\RemoveOnRebootSetup.exe
2016-04-24 11:44 - 2016-04-24 11:44 - 00001180 _____ C:\Users\Public\Desktop\IObit Unlocker.lnk
2016-04-24 11:44 - 2016-04-24 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker
2016-04-24 11:44 - 2016-04-24 11:44 - 00000000 ____D C:\ProgramData\IObit
2016-04-24 11:44 - 2016-04-24 11:44 - 00000000 ____D C:\Program Files (x86)\IObit
2016-04-24 11:43 - 2016-04-24 11:43 - 02451912 _____ (IObit ) C:\Users\MarkoPC1\Downloads\unlocker-setup.exe
2016-04-24 11:38 - 2016-04-24 11:38 - 00003270 _____ C:\Windows\System32\Tasks\{E7C6B503-2ABF-4D4F-BB2B-6A31415706CE}
2016-04-24 10:54 - 2016-04-24 10:54 - 00000000 ____D C:\Users\MarkoPC1\AppData\LocalLow\uTorrent
2016-04-24 10:37 - 2016-04-24 12:46 - 00038520 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2016-04-24 10:37 - 2016-04-24 12:01 - 00000000 _RSHD C:\Windows\windows
2016-04-24 01:37 - 2016-04-24 01:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2016-04-24 01:36 - 2016-04-24 01:36 - 00000000 ____D C:\Users\MarkoPC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2016-04-23 23:54 - 2016-04-24 13:25 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-23 23:54 - 2016-04-24 10:55 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-23 23:54 - 2016-04-24 10:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-23 23:54 - 2016-04-24 10:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-23 23:54 - 2016-04-23 23:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-23 23:54 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-23 23:54 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-23 23:54 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-23 23:52 - 2016-04-23 23:53 - 00000000 ____D C:\Users\MarkoPC1\Downloads\Bitdefender Total Security 2014 x32 & x64
2016-04-23 23:49 - 2016-04-23 23:49 - 00000000 ____D C:\Users\MarkoPC1\Downloads\Malwarebytes Anti-Malware Premium 2.1.8.1057 Multilingual + KeyGen by FFF
2016-04-23 23:42 - 2016-04-23 23:42 - 00001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BS.Player PRO.lnk
2016-04-23 23:42 - 2016-04-23 23:42 - 00001143 _____ C:\Users\Public\Desktop\BS.Player PRO.lnk
2016-04-23 23:42 - 2016-04-23 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webteh
2016-04-23 23:40 - 2016-04-23 23:45 - 00000000 ____D C:\Users\MarkoPC1\AppData\Roaming\BSplayer PRO
2016-04-23 23:40 - 2016-04-23 23:40 - 00000000 ____D C:\Program Files (x86)\Webteh
2016-04-23 23:39 - 2016-04-23 23:39 - 00000000 ____D C:\Users\MarkoPC1\Downloads\Malwarebytes Anti-Malware Premium 2.1.8.1057 + KeyGen
2016-04-23 23:36 - 2016-04-23 23:36 - 00005120 _____ C:\Users\MarkoPC1\AppData\Roaming\GiftBag.db
2016-04-23 23:35 - 2016-04-24 12:45 - 00000000 ____D C:\ProgramData\TXQMPC
2016-04-23 23:35 - 2016-04-23 23:35 - 00137976 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
2016-04-23 23:35 - 2016-04-23 23:35 - 00087800 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2016-04-23 23:35 - 2016-04-23 23:35 - 00045304 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
2016-04-23 23:35 - 2016-04-23 23:35 - 00000000 ____D C:\Program Files\Common Files\Tencent
2016-04-23 23:35 - 2016-03-15 17:28 - 00101472 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
2016-04-23 23:34 - 2016-04-23 23:57 - 00000000 ____D C:\Users\MarkoPC1\AppData\Roaming\Tencent
2016-04-23 23:34 - 2016-04-23 23:38 - 00000000 ____D C:\ProgramData\Tencent
2016-04-23 23:34 - 2016-04-23 23:35 - 00000000 ____D C:\Users\MarkoPC1\Downloads\BS.Player Pro v2.68.1077 + Serials [ChattChitto RG]
2016-04-23 23:34 - 2016-04-23 23:34 - 00000000 ____D C:\Program Files (x86)\Tencent
2016-04-23 23:31 - 2016-04-23 23:31 - 00000000 ____D C:\Users\Public\Thunder Network
2016-04-23 23:31 - 2016-04-23 23:31 - 00000000 ____D C:\ProgramData\Thunder Network
2016-04-23 23:27 - 2016-04-24 11:00 - 00000000 ____D C:\Users\MarkoPC1\AppData\Local\Thunderbird
2016-04-23 23:27 - 2016-04-23 23:27 - 00001209 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2016-04-23 23:27 - 2016-04-23 23:27 - 00001197 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2016-04-23 23:27 - 2016-04-23 23:27 - 00000000 ____D C:\Users\MarkoPC1\Downloads\BS.Player PRO 2.68 Build 1077 Final + Keys [ATOM]
2016-04-23 23:27 - 2016-04-23 23:27 - 00000000 ____D C:\Users\MarkoPC1\AppData\Roaming\Thunderbird
2016-04-23 23:27 - 2016-04-23 23:27 - 00000000 ____D C:\Users\MarkoPC1\AppData\Roaming\Mozilla
2016-04-23 23:27 - 2016-04-23 23:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-04-23 23:27 - 2016-04-23 23:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-23 23:23 - 2016-04-23 23:25 - 34952296 _____ (Mozilla) C:\Users\MarkoPC1\Downloads\Thunderbird Setup 45.0.exe
2016-04-23 23:16 - 2016-04-24 11:23 - 00000000 ____D C:\Program Files\Recuva
2016-04-23 23:16 - 2016-04-23 23:16 - 00002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-04-23 23:16 - 2016-04-23 23:16 - 00001658 _____ C:\Users\Public\Desktop\Recuva.lnk
2016-04-23 23:16 - 2016-04-23 23:16 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-04-23 23:16 - 2016-04-23 23:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2016-04-23 23:16 - 2016-04-23 23:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-04-23 23:16 - 2016-04-23 23:16 - 00000000 ____D C:\Program Files\CCleaner
2016-04-23 23:12 - 2016-04-23 23:18 - 15799762 _____ C:\Users\MarkoPC1\Downloads\MusicBeeSetup_2_5_update1.zip
2016-04-23 23:11 - 2016-04-23 23:11 - 00000000 ____D C:\Users\MarkoPC1\Downloads\Recuva 1.52.1086 Professional + Serials {B4tman}
2016-04-23 23:05 - 2016-04-23 23:05 - 00245921 _____ C:\Users\MarkoPC1\Downloads\swoff351.exe
2016-04-23 23:05 - 2016-04-23 23:05 - 00000941 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Airytec Switch Off.lnk
2016-04-23 23:05 - 2016-04-23 23:05 - 00000000 ____D C:\Users\MarkoPC1\AppData\Roaming\Airytec
2016-04-23 23:05 - 2016-04-23 23:05 - 00000000 ____D C:\Program Files\Airytec
2016-04-13 20:03 - 2016-04-13 20:03 - 00000000 ____D C:\Users\MarkoPC1\AppData\Roaming\MK10
2016-04-13 20:03 - 2016-04-13 20:03 - 00000000 ____D C:\ProgramData\Steam
2016-04-13 20:02 - 2016-04-13 20:02 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-13 20:01 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2016-04-13 20:01 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2016-04-13 20:01 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2016-04-13 20:01 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2016-04-13 20:01 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2016-04-13 20:01 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2016-04-13 20:01 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2016-04-13 20:01 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2016-04-13 20:01 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2016-04-13 20:01 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2016-04-13 20:01 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2016-04-13 20:01 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2016-04-13 20:01 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2016-04-13 20:01 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2016-04-13 20:01 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2016-04-13 20:01 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2016-04-13 20:01 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2016-04-13 20:01 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2016-04-13 20:01 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2016-04-13 20:01 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2016-04-13 20:01 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2016-04-13 20:01 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2016-04-13 20:01 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2016-04-13 20:01 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2016-04-13 20:01 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2016-04-13 20:01 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2016-04-13 20:01 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2016-04-13 20:01 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2016-04-13 20:01 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2016-04-13 20:01 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2016-04-13 20:01 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2016-04-13 20:01 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2016-04-13 20:01 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2016-04-13 20:01 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2016-04-13 20:01 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2016-04-13 20:01 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2016-04-13 20:01 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2016-04-13 20:01 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2016-04-13 20:01 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2016-04-13 20:01 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2016-04-13 20:01 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2016-04-13 20:01 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2016-04-13 20:01 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2016-04-13 20:01 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2016-04-13 20:01 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2016-04-13 20:01 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2016-04-13 20:01 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2016-04-13 20:01 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2016-04-13 20:01 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2016-04-13 20:01 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2016-04-13 20:01 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2016-04-13 20:01 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2016-04-13 20:01 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2016-04-13 20:01 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2016-04-13 20:01 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2016-04-13 20:01 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2016-04-13 20:01 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2016-04-13 20:01 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2016-04-13 20:01 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2016-04-13 20:01 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2016-04-13 20:01 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2016-04-13 20:01 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2016-04-13 20:01 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2016-04-13 20:01 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2016-04-13 20:01 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2016-04-13 20:01 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2016-04-13 20:01 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2016-04-13 20:01 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2016-04-13 20:01 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2016-04-13 20:01 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2016-04-13 20:01 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2016-04-13 20:01 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2016-04-13 20:01 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2016-04-13 20:01 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2016-04-13 20:01 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2016-04-13 20:01 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2016-04-13 20:01 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2016-04-13 20:01 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2016-04-13 20:01 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2016-04-13 20:01 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2016-04-13 20:01 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2016-04-13 20:01 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2016-04-13 20:01 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2016-04-13 20:01 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2016-04-13 20:01 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2016-04-13 20:01 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2016-04-13 20:01 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2016-04-13 20:01 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2016-04-13 20:01 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2016-04-13 20:01 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2016-04-13 20:01 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2016-04-13 20:01 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2016-04-13 20:01 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2016-04-13 20:01 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2016-04-13 20:01 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2016-04-13 20:01 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2016-04-13 20:01 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2016-04-13 20:01 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2016-04-13 20:01 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2016-04-13 20:01 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2016-04-13 20:01 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2016-04-13 20:01 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2016-04-13 20:01 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2016-04-13 20:01 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2016-04-13 20:01 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2016-04-13 20:01 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2016-04-13 20:01 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2016-04-13 20:01 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2016-04-13 20:01 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2016-04-13 20:01 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2016-04-13 20:01 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2016-04-13 20:01 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2016-04-13 20:01 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2016-04-13 20:01 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2016-04-13 20:01 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2016-04-13 20:01 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2016-04-13 20:01 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2016-04-13 20:01 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2016-04-13 20:01 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2016-04-13 20:01 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2016-04-13 20:01 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2016-04-13 20:01 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2016-04-13 20:01 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2016-04-13 20:01 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2016-04-13 20:01 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2016-04-13 20:01 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2016-04-13 20:01 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2016-04-13 20:01 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2016-04-13 20:01 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2016-04-13 20:01 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2016-04-13 20:01 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2016-04-13 20:01 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2016-04-13 20:01 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2016-04-13 20:01 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2016-04-13 20:01 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2016-04-13 20:01 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2016-04-13 20:01 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2016-04-13 20:01 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2016-04-13 20:01 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2016-04-13 20:01 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2016-04-13 20:01 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2016-04-13 20:01 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2016-04-13 20:01 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2016-04-13 20:01 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2016-04-13 20:01 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2016-04-13 20:01 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2016-04-13 20:01 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2016-04-13 20:01 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2016-04-13 20:01 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2016-04-13 20:01 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2016-04-13 20:01 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2016-04-13 20:01 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2016-04-13 20:01 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2016-04-13 20:01 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2016-04-13 20:01 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2016-04-13 20:01 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2016-04-13 20:01 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2016-04-13 20:01 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2016-04-13 20:01 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2016-04-13 20:01 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2016-04-13 20:01 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2016-04-13 20:01 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2016-04-13 20:01 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2016-04-13 20:01 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2016-04-13 20:01 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2016-04-13 20:01 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2016-04-13 20:01 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2016-04-13 20:00 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2016-04-13 20:00 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2016-04-13 20:00 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2016-04-13 20:00 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2016-04-13 20:00 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2016-04-13 20:00 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2016-04-13 20:00 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2016-04-13 20:00 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2016-04-13 20:00 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2016-04-13 20:00 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2016-04-13 19:55 - 2016-04-13 20:01 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-04-10 18:33 - 2016-04-10 18:33 - 00000000 ____D C:\Windows\system32\appmgmt
2016-04-10 18:17 - 2016-04-10 18:17 - 00000000 ____D C:\Users\MarkoPC1\AppData\Roaming\Gadwin
2016-04-10 18:17 - 2016-04-10 18:17 - 00000000 ____D C:\Users\MarkoPC1\AppData\Local\Gadwin
2016-04-10 17:54 - 2016-04-10 17:55 - 13287142 _____ C:\Users\MarkoPC1\Downloads\PrintScreen542_Setup.zip
2016-04-07 21:37 - 2016-04-24 10:38 - 00021174 _____ C:\Users\MarkoPC1\AppData\Roaming\syr.exe.tmp
2016-04-06 18:03 - 2016-04-23 23:19 - 00000000 ____D C:\Users\MarkoPC1\AppData\Roaming\TeamViewer
2016-04-06 18:03 - 2016-04-06 18:04 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-04-06 18:03 - 2016-04-06 18:03 - 00001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-04-06 18:03 - 2016-04-06 18:03 - 00001031 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-04-06 18:00 - 2016-04-06 18:01 - 09788032 _____ (TeamViewer GmbH) C:\Users\MarkoPC1\Downloads\TeamViewer_Setup_sr.exe
2016-04-05 20:10 - 2016-04-05 20:10 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-24 13:31 - 2016-03-21 19:26 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-24 13:30 - 2009-07-14 06:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-24 13:30 - 2009-07-14 06:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-24 13:23 - 2016-03-21 19:26 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-24 13:22 - 2016-03-21 19:56 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-24 13:22 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-24 13:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Branding
2016-04-24 13:07 - 2016-03-21 19:32 - 00000000 ____D C:\Users\MarkoPC1\AppData\Roaming\uTorrent
2016-04-24 13:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-04-24 12:05 - 2009-07-14 07:13 - 00006166 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-24 11:26 - 2016-03-21 20:07 - 00000000 ____D C:\Riot Games
2016-04-24 11:26 - 2016-03-21 19:22 - 00000000 ____D C:\Users\MarkoPC1
2016-04-24 10:54 - 2016-03-21 19:33 - 00000000 ___SD C:\Users\MarkoPC1\AppData\LocalLow\Temp
2016-04-24 10:53 - 2016-03-21 19:26 - 00109232 _____ C:\Users\MarkoPC1\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-24 10:37 - 2009-07-14 04:34 - 00000253 _____ C:\Windows\system.ini
2016-04-24 10:36 - 2009-07-14 06:45 - 00416080 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-23 23:35 - 2016-03-21 19:22 - 00000000 ____D C:\Users\MarkoPC1\AppData\Local\VirtualStore
2016-04-23 23:19 - 2016-03-22 04:12 - 00000000 ____D C:\Windows\Panther
2016-04-23 22:37 - 2016-03-21 20:04 - 00000000 ____D C:\ProgramData\MCShield
2016-04-13 20:02 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-04-10 18:32 - 2016-03-21 19:29 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-10 18:32 - 2016-03-21 19:29 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-03 11:40 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\LiveKernelReports
2016-03-30 20:38 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD

==================== Files in the root of some directories =======

2016-04-23 23:36 - 2016-04-23 23:36 - 0005120 _____ () C:\Users\MarkoPC1\AppData\Roaming\GiftBag.db
2016-04-07 21:37 - 2016-04-24 10:38 - 0021174 _____ () C:\Users\MarkoPC1\AppData\Roaming\syr.exe.tmp
2016-04-24 11:56 - 2016-04-24 11:56 - 0451090 _____ () C:\ProgramData\1461491348.bdinstall.bin

Some files in TEMP:
====================
C:\Users\MarkoPC1\AppData\Local\Temp\certmgr.exe
C:\Users\MarkoPC1\AppData\Local\Temp\winfrmp.exe
C:\Users\MarkoPC1\AppData\Local\Temp\winsvrbr.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed


C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-18 01:55

==================== End of FRST.txt ============================

ADD
Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by MarkoPC1 (2016-04-24 13:40:00)
Running from C:\Users\MarkoPC1\Downloads
Windows 7 Ultimate (X64) (2016-03-21 17:21:19)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-353035015-1439127701-2073436898-500 - Administrator - Disabled)
Guest (S-1-5-21-353035015-1439127701-2073436898-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-353035015-1439127701-2073436898-1003 - Limited - Enabled)
MarkoPC1 (S-1-5-21-353035015-1439127701-2073436898-1001 - Administrator - Enabled) => C:\Users\MarkoPC1

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
AV: Bitdefender Antivirus (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
AS: Bitdefender Antispyware (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall (Enabled) {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-353035015-1439127701-2073436898-1001\...\uTorrent) (Version: 3.4.6.42094 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-353035015-1439127701-2073436898-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.6.42094 - BitTorrent Inc.)
Adobe Reader X (10.0.1) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)
Airytec Switch Off (HKLM\...\Airytec Switch Off) (Version: 3.5.1 - Airytec)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 17.15.0.682 - Bitdefender)
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.68.1077 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1 - IObit)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0 - Mozilla)
Mozilla Thunderbird 45.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.0 (x86 en-US)) (Version: 45.0 - Mozilla)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.95 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4BC70365-CF07-43AF-BADC-2AFF5D26AF24} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {9202F037-283F-4114-B5A4-59C448F97660} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-21] (Google Inc.)
Task: {96C6FD00-6C7E-4A8F-B9C1-3847481D2B52} - System32\Tasks\{E7C6B503-2ABF-4D4F-BB2B-6A31415706CE} => pcalua.exe -a "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\UninstallTips.exe" -d "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217"
Task: {CBC4DDAF-7A0A-47C3-B0CA-F6E0247AFDBC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-21] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-04-24 11:53 - 2013-06-19 12:45 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2016-04-24 11:53 - 2013-08-02 15:47 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui
2016-04-24 11:53 - 2011-11-14 20:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll
2016-04-24 11:53 - 2013-08-02 15:47 - 00004608 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui
2016-04-24 12:19 - 2016-04-24 12:19 - 01119064 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_02151_002\ashttpbr.mdl
2016-04-24 12:19 - 2016-04-24 12:19 - 00794832 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_02151_002\ashttpdsp.mdl
2016-04-24 12:19 - 2016-04-24 12:19 - 03038112 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_02151_002\ashttpph.mdl
2016-04-24 12:19 - 2016-04-24 12:19 - 01648408 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_02151_002\ashttprbl.mdl
2016-03-21 19:56 - 2016-01-29 12:49 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-04-24 11:53 - 2013-03-25 16:16 - 01117920 _____ () C:\Program Files\Bitdefender\Bitdefender SafeBox\System.Data.SQLite.dll
2016-04-24 11:53 - 2013-07-22 14:18 - 00099256 _____ () C:\Program Files\Bitdefender\Bitdefender\bdmetrics.dll
2016-04-24 11:53 - 2013-07-24 19:01 - 00480296 _____ () C:\Program Files\Bitdefender\Bitdefender\bdidntconp.dll
2016-04-24 11:53 - 2013-08-02 15:47 - 00201216 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\bdidntconp.ui
2016-04-23 23:35 - 2016-04-23 23:35 - 00088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\zlib.dll
2016-04-23 23:34 - 2016-04-23 23:34 - 00110064 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMAntiInject.dll
2016-04-23 23:35 - 2016-04-23 23:35 - 00482800 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\sqlite.dll
2016-04-23 23:35 - 2016-04-23 23:35 - 00100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\tinyxml.dll
2016-04-10 18:32 - 2016-04-06 12:04 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libglesv2.dll
2016-04-10 18:32 - 2016-04-06 12:04 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libegl.dll
2014-01-21 17:54 - 2016-03-21 20:08 - 01294336 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2016-04-20 15:35 - 2016-04-20 15:35 - 02308608 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.15\deploy\LoLLauncher.exe
2016-04-20 15:35 - 2016-04-20 15:35 - 04224512 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.55\deploy\LoLPatcher.exe
2016-04-20 15:35 - 2016-04-20 15:35 - 01396224 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.55\deploy\RiotLauncher.dll
2016-03-22 10:18 - 2016-03-22 10:18 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.198\deploy\LolClient.exe
2016-04-20 15:39 - 2016-04-20 15:39 - 04887216 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.198\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll
2016-04-20 15:39 - 2016-04-20 15:39 - 19397808 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.198\deploy\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\MarkoPC1\Downloads\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\MarkoPC1\Downloads\StrongholdAntiMalware.exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2016-04-24 11:53 - 00000967 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 keystone.mwbsys.com
127.0.0.1 sirius.mwbsys.com
127.0.0.1 bactem.mwbsys.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-353035015-1439127701-2073436898-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MarkoPC1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-353035015-1439127701-2073436898-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\MarkoPC1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^MarkoPC1^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SyriaM.lnk => C:\Windows\pss\SyriaM.lnk.Startup
MSCONFIG\startupfolder: C:^Users^MarkoPC1^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^winscript.wsh => C:\Windows\pss\winscript.wsh.Startup
MSCONFIG\startupreg: QQPCTray => "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCTRAY.EXE" /regrun /qqrepair
MSCONFIG\startupreg: Bdagent => "C:\Program Files\Bitdefender\Bitdefender\bdagent.exe"
MSCONFIG\startupreg: Bitdefender Wallet => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
MSCONFIG\startupreg: Bitdefender Wallet Agent => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
MSCONFIG\startupreg: Bitdefender Wallet Application Agent => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: MCShield Monitor => C:\Program Files (x86)\MCShield\MCShieldRTM.exe
MSCONFIG\startupreg: Stronghold AntiMalware => C:\Program Files (x86)\Stronghold AntiMalware\StrongholdAntiMalware.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{93772C62-8DF9-49E4-9989-F00A92F0E2AF}] => (Allow) C:\Users\MarkoPC1\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9CA5713F-90BE-4908-8019-E5FE211CC17F}] => (Allow) C:\Users\MarkoPC1\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{01DF4D73-151D-481C-8CBC-037BC3EDDFBF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8883D72B-09D3-4E18-8A6C-A4665006662B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{56F490DA-2D77-4209-A01A-F7210FB9C81B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{EC24FC18-DE5E-44BE-8177-60D5F2735251}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E6FF9CDB-40DB-4E2E-BC3F-7911246A856E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D8F4E7D1-7136-41F0-AB50-B46B6F8EB133}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4879DE48-8B1B-41B9-88CC-90AB915EA777}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{27EF0097-C349-4FDD-B406-7746BBD6181C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E1E5B291-60B4-4DE8-9576-AB5D7950AE00}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7DA989C5-5BEF-4FCD-A396-4D4F5DD54ED3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{320B5039-7F82-431C-8BA9-8BFFD26D1F1A}C:\users\markopc1\appdata\local\temp\ydvxcnuclj.exe] => (Block) C:\users\markopc1\appdata\local\temp\ydvxcnuclj.exe
FirewallRules: [UDP Query User{5FA2756B-0C33-4C42-AC82-EFA3F1C8D068}C:\users\markopc1\appdata\local\temp\ydvxcnuclj.exe] => (Block) C:\users\markopc1\appdata\local\temp\ydvxcnuclj.exe
FirewallRules: [TCP Query User{9F6823D8-879E-4718-BF1C-12B57655A00A}C:\program files (x86)\nvidia corporation\update core\nvbackend.exe] => (Allow) C:\program files (x86)\nvidia corporation\update core\nvbackend.exe
FirewallRules: [UDP Query User{361557FF-0FE3-41D8-99F3-088CCEEC3379}C:\program files (x86)\nvidia corporation\update core\nvbackend.exe] => (Allow) C:\program files (x86)\nvidia corporation\update core\nvbackend.exe
FirewallRules: [TCP Query User{6CFE60BA-ACD8-4846-B14D-0D85AC68BD5B}C:\users\markopc1\appdata\local\temp\ydvxcnuclj.exe] => (Block) C:\users\markopc1\appdata\local\temp\ydvxcnuclj.exe
FirewallRules: [UDP Query User{F152383D-7CDA-49B2-9DC0-C2E7CB1F271C}C:\users\markopc1\appdata\local\temp\ydvxcnuclj.exe] => (Block) C:\users\markopc1\appdata\local\temp\ydvxcnuclj.exe
FirewallRules: [TCP Query User{B1A04C5C-28B9-4383-8E27-A05D94711C90}C:\program files (x86)\mcshield\mcshieldrtm.exe] => (Block) C:\program files (x86)\mcshield\mcshieldrtm.exe
FirewallRules: [UDP Query User{1F25B6C6-0FA7-4078-9228-07286415407D}C:\program files (x86)\mcshield\mcshieldrtm.exe] => (Block) C:\program files (x86)\mcshield\mcshieldrtm.exe
FirewallRules: [{A7659057-B27A-4358-9E34-777AE9D10B51}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{FF76D7F4-3B43-4BDD-AC2F-BF681341504A}C:\users\markopc1\appdata\roaming\syr.exe] => (Block) C:\users\markopc1\appdata\roaming\syr.exe
FirewallRules: [UDP Query User{8152C58B-1C89-44F5-99F8-C2AB239FC291}C:\users\markopc1\appdata\roaming\syr.exe] => (Block) C:\users\markopc1\appdata\roaming\syr.exe
FirewallRules: [TCP Query User{20CE3800-78A3-40BB-AAA5-F754F65A0C11}C:\users\markopc1\appdata\roaming\microsoft\windows\start menu\programs\startup\9600794d5acd6f2a46fcd97f9ce78f46.exe] => (Allow) C:\users\markopc1\appdata\roaming\microsoft\windows\start menu\programs\startup\9600794d5acd6f2a46fcd97f9ce78f46.exe
FirewallRules: [UDP Query User{11861293-E507-4969-90E4-13EE57CD8832}C:\users\markopc1\appdata\roaming\microsoft\windows\start menu\programs\startup\9600794d5acd6f2a46fcd97f9ce78f46.exe] => (Allow) C:\users\markopc1\appdata\roaming\microsoft\windows\start menu\programs\startup\9600794d5acd6f2a46fcd97f9ce78f46.exe
FirewallRules: [TCP Query User{90E84223-1CB4-4E59-B089-0177ADE511D3}C:\program files (x86)\mcshield\mcshieldrtm.exe] => (Allow) C:\program files (x86)\mcshield\mcshieldrtm.exe
FirewallRules: [UDP Query User{BAA945AC-FBCC-47C9-B5AB-D4D2E79E5319}C:\program files (x86)\mcshield\mcshieldrtm.exe] => (Allow) C:\program files (x86)\mcshield\mcshieldrtm.exe
FirewallRules: [TCP Query User{7FED67A1-52CE-4E6B-A789-83BD9EA2C0B3}C:\program files (x86)\nvidia corporation\update core\nvbackend.exe] => (Allow) C:\program files (x86)\nvidia corporation\update core\nvbackend.exe
FirewallRules: [UDP Query User{85035320-B152-4531-9F47-3E69C7CED447}C:\program files (x86)\nvidia corporation\update core\nvbackend.exe] => (Allow) C:\program files (x86)\nvidia corporation\update core\nvbackend.exe
FirewallRules: [TCP Query User{85F3383D-AA24-4B07-AD97-14C984D161E6}C:\users\markopc1\appdata\roaming\microsoft\windows\start menu\programs\startup\9600794d5acd6f2a46fcd97f9ce78f46.exe] => (Block) C:\users\markopc1\appdata\roaming\microsoft\windows\start menu\programs\startup\9600794d5acd6f2a46fcd97f9ce78f46.exe
FirewallRules: [UDP Query User{50263648-7089-4B86-8A3B-71A371612D58}C:\users\markopc1\appdata\roaming\microsoft\windows\start menu\programs\startup\9600794d5acd6f2a46fcd97f9ce78f46.exe] => (Block) C:\users\markopc1\appdata\roaming\microsoft\windows\start menu\programs\startup\9600794d5acd6f2a46fcd97f9ce78f46.exe
FirewallRules: [TCP Query User{420BC626-707E-47CE-9DC3-3D7045F8D731}C:\windows\syswow64\runonce.exe] => (Allow) C:\windows\syswow64\runonce.exe
FirewallRules: [UDP Query User{80917CD4-1B2A-426A-B13A-8B32E658C253}C:\windows\syswow64\runonce.exe] => (Allow) C:\windows\syswow64\runonce.exe
FirewallRules: [TCP Query User{6FE297F2-7513-46E9-8ACF-97743E7DC948}C:\program files (x86)\mcshield\mcshieldds.exe] => (Allow) C:\program files (x86)\mcshield\mcshieldds.exe
FirewallRules: [UDP Query User{135138E1-C512-4FEC-BB6E-B8A5ABEEACD1}C:\program files (x86)\mcshield\mcshieldds.exe] => (Allow) C:\program files (x86)\mcshield\mcshieldds.exe
FirewallRules: [TCP Query User{529B2DB4-0249-4FFF-A16C-00CA2BEB25B8}C:\users\markopc1\appdata\roaming\microsoft\windows\start menu\programs\startup\a455f82212b121cdffc11586572b58ba.exe] => (Block) C:\users\markopc1\appdata\roaming\microsoft\windows\start menu\programs\startup\a455f82212b121cdffc11586572b58ba.exe
FirewallRules: [UDP Query User{E381D937-8D29-4A13-83AA-5E0226B93B48}C:\users\markopc1\appdata\roaming\microsoft\windows\start menu\programs\startup\a455f82212b121cdffc11586572b58ba.exe] => (Block) C:\users\markopc1\appdata\roaming\microsoft\windows\start menu\programs\startup\a455f82212b121cdffc11586572b58ba.exe
FirewallRules: [TCP Query User{3AD44EEA-C10F-4F23-A988-9DC419B78205}C:\windows\syswow64\netsh.exe] => (Block) C:\windows\syswow64\netsh.exe
FirewallRules: [UDP Query User{A29BE2BE-8A06-4E1F-9AFB-4E951A334A35}C:\windows\syswow64\netsh.exe] => (Block) C:\windows\syswow64\netsh.exe
FirewallRules: [{44215CB7-0695-4EF3-87C5-7E6BDCBA9541}] => (Allow) C:\Users\MarkoPC1\AppData\Local\Temp\3301355\download\MiniThunderPlatform.exe
FirewallRules: [{CE1EA139-C695-439C-98FA-F36FB119421D}] => (Allow) C:\Users\MarkoPC1\AppData\Local\Temp\3301355\download\MiniThunderPlatform.exe
FirewallRules: [{5324F21A-DD15-466B-875F-15B0E7915C8F}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCmgrInstallGuide.exe
FirewallRules: [{A5575523-D04B-45D4-91D3-0A10469CA409}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCTray.exe
FirewallRules: [{D83D94BE-4521-4805-A285-2615FB9DEF8F}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCMgr.exe
FirewallRules: [{EC09CB08-01F8-4DD0-A0DC-0552AFE58E1C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCRTP.exe
FirewallRules: [{963A4A15-8BE0-4EA7-A53D-646E0C6B74E5}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMDL.exe
FirewallRules: [{72782F49-04B5-43F5-BE8C-1701B64EFED8}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\bugreport.exe
FirewallRules: [{CA3999C2-231B-40FC-B6FA-D192E26DF2CD}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCFileOpen.exe
FirewallRules: [{3BE7864E-2134-47B3-8ADF-88063CE0FC6D}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCLeakScan.exe
FirewallRules: [{0741976A-7FA3-42E9-8C98-C36B66B3D077}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPConfig.exe
FirewallRules: [{42A2A6A8-A8EF-495F-A178-686A9F87FD7A}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCSoftMgr.exe
FirewallRules: [{38B6B014-A347-46CC-8E32-6051458057A9}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMNetMon\QQPCNetFlow.exe
FirewallRules: [{12A6CA22-442F-4438-BC39-9FF83701C0F8}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCBTU.exe
FirewallRules: [{C384B637-90FE-4870-92CD-BFC242E8CB23}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCClinic.exe
FirewallRules: [{AF2D1AE4-4791-4766-AA16-3B2E742EF0D0}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCLaunch.exe
FirewallRules: [{D1B5DF7B-B54B-4B3A-B056-D9AA64DC6845}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMUpdate\QQPCMgrUpdate.exe
FirewallRules: [{B97CE5B3-3926-4021-934E-1089DDDB3F24}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCSoftGame.exe
FirewallRules: [{74088051-B364-433E-B349-70BB14774983}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCSysOptimize.exe
FirewallRules: [{697D8EAB-743F-4C23-B14F-FC3075442269}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCUpdateAVLib.exe
FirewallRules: [{60644601-892A-4BE2-ADD0-E27B558FFE55}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQRepair.exe
FirewallRules: [{426484A3-0182-4F86-B84C-5D89D7959582}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\Uninst.exe
FirewallRules: [{51C44BB0-E374-48C2-8BA9-7CAB12FE383D}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCPatch.exe
FirewallRules: [{256AF6EA-EB4E-4E01-915B-86CDBE79E808}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TpkUpdate.exe
FirewallRules: [{53810B9D-B931-4FA4-BE03-3C186EA7C069}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMRouterMgr.exe
FirewallRules: [{24CF4179-DFC2-4AEA-B21F-42D888225EB9}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMAccountProtection.exe
FirewallRules: [{5F2BDDD6-69FF-4DA9-A4FE-33E9CD290299}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMAdBlock.exe
FirewallRules: [{3544522C-1045-48AC-BEB8-1250D135C0A0}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{3B35FB16-A3D3-4A3A-8D07-A20BEA228907}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{121787BA-B12F-40BB-8F84-1B964DF4640F}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\PLUGINS\CHECKPCMGRUPDATE.EXE
FirewallRules: [TCP Query User{254FD3EC-9D49-407C-A2F3-C0A82F8700EF}C:\users\markopc1\appdata\roaming\syr.exe] => (Allow) C:\users\markopc1\appdata\roaming\syr.exe
FirewallRules: [UDP Query User{318D4117-6083-469A-A1A7-B54EF3A82988}C:\users\markopc1\appdata\roaming\syr.exe] => (Allow) C:\users\markopc1\appdata\roaming\syr.exe

==================== Restore Points =========================

24-04-2016 11:22:17 Removed League of Legends

==================== Faulty Device Manager Devices =============

Name: TSDefenseBt
Description: TSDefenseBt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: TSDefenseBt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: TsNetHlpX64.sys
Description: TsNetHlpX64.sys
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: tsnethlpx64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: softaal
Description: softaal
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: softaal
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: PCI Serial Port
Description: PCI Serial Port
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: tencent QMUdisk
Description: tencent QMUdisk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: QMUdisk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/24/2016 01:24:20 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/24/2016 01:24:20 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/24/2016 01:24:20 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/24/2016 01:24:20 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/24/2016 01:24:20 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (04/24/2016 01:24:17 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/24/2016 01:24:17 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (HRESULT : 0x8004117f) (0x8004117f)

Error: (04/24/2016 01:24:17 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=1100}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/24/2016 01:24:16 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
0x%08x (0x8004117f - The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (HRESULT : 0x8004117f))

Error: (04/24/2016 12:15:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 848

Start Time: 01d19e0fd7f15eb5

Termination Time: 19

Application Path: C:\Windows\Explorer.EXE

Report Id: 6e40980d-0a05-11e6-ac1b-0019994823aa


System errors:
=============
Error: (04/24/2016 01:24:58 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (04/24/2016 01:24:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/24/2016 01:24:26 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (04/24/2016 01:23:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/24/2016 01:22:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The QQSysMonX64 service failed to start due to the following error:
%%2

Error: (04/24/2016 01:10:06 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (04/24/2016 01:10:06 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (04/24/2016 01:08:11 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084NVSvc{DCAB0989-1301-4319-BE5F-ADE89F88581C}

Error: (04/24/2016 01:07:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (04/24/2016 01:07:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 62%
Total physical RAM: 4846.42 MB
Available physical RAM: 1826.33 MB
Total Virtual: 9690.99 MB
Available Virtual: 6265.16 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:51.29 GB) (Free:19.91 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:148.56 GB) (Free:112.25 GB) NTFS
Drive e: () (Fixed) (Total:97.66 GB) (Free:76.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 5A0194D9)
Partition 1: (Not Active) - (Size=148.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 00059280)
Partition 1: (Active) - (Size=51.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



Poslao: 24 Apr 2016 17:14
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8628
  • Gde živiš: Novi Beograd

Zdravo,

Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok

Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"
Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S0].txt

--------

Zatim, postavi mi nove FRST izvestaje, odradices skeniranje kao i prvi put, samo mi Addition izvestaj prikaci, nemoj ga kopirati u poruku.



Poslao: 24 Apr 2016 20:14
Idi na vrh
offline
  • Marko
  • Pridružio: 24 Okt 2012
  • Poruke: 145

Napisano: 24 Apr 2016 21:13

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by MarkoPC1 (administrator) on MARKOPC1-PC (24-04-2016 21:11:33)
Running from C:\Users\MarkoPC1\Downloads
Loaded Profiles: MarkoPC1 (Available Profiles: MarkoPC1)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Link mogu videti samo ulogovani korisnici]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2016-01-29] (NVIDIA Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2016-04-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-10] (Adobe Systems Incorporated)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2016-04-24] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2016-04-24] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2016-04-24] (Bitdefender)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMGCShellExt64.dll No File
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2013-07-08] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2013-07-08] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2013-07-08] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2013-07-08] (Bitdefender)
AlternateShell:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5A0FA95E-2ECF-4CD1-B5F8-A4BAAEEBD1AB}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-353035015-1439127701-2073436898-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll [2016-04-24] (Bitdefender)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30] (Adobe Systems Incorporated)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll [2016-04-24] (Bitdefender)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-21] (Google Inc.)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2013-08-02] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2016-04-24]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext

Chrome:
=======
CHR Profile: C:\Users\MarkoPC1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\MarkoPC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-21]
CHR Extension: (Google Docs) - C:\Users\MarkoPC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-21]
CHR Extension: (Google Drive) - C:\Users\MarkoPC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-21]
CHR Extension: (YouTube) - C:\Users\MarkoPC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-21]
CHR Extension: (Bitdefender Wallet) - C:\Users\MarkoPC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2016-04-24]
CHR Extension: (Google Sheets) - C:\Users\MarkoPC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-21]
CHR Extension: (Google Docs Offline) - C:\Users\MarkoPC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (AdBlock) - C:\Users\MarkoPC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MarkoPC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\MarkoPC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-21]
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2016-04-24]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2016-04-24] (Bitdefender)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2016-01-29] (NVIDIA Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [65824 2016-04-24] (Microsoft Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2016-01-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2016-01-29] (NVIDIA Corporation)
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
S2 SwOffScheduler; C:\Program Files\Airytec\Switch Off\swoff.exe [173056 2014-09-23] (Airytec) [File not signed]
S2 SwOffWeb; C:\Program Files\Airytec\Switch Off\swoff.exe [173056 2014-09-23] (Airytec) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2016-04-24] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1538672 2016-04-24] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1288472 2016-04-24] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [263032 2016-04-24] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2016-04-24] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2016-04-24] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2016-04-24] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2016-04-24] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2016-04-24] (BitDefender LLC)
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [36568 2013-09-30] (IObit)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-24] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2016-01-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2016-01-29] (NVIDIA Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2016-04-24] (BitDefender S.R.L.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-24 21:09 - 2016-04-24 21:09 - 00010644 _____ C:\Users\MarkoPC1\Desktop\AdwCleaner[C1].txt
2016-04-24 20:59 - 2016-04-24 20:59 - 00003380 _____ C:\Windows\System32\Tasks\Bitdefender Migrate Tool
2016-04-24 20:59 - 2016-04-24 14:01 - 00074512 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll
2016-04-24 20:53 - 2016-04-24 20:55 - 00000000 ____D C:\AdwCleaner
2016-04-24 20:53 - 2016-04-24 20:52 - 03683904 _____ C:\Users\MarkoPC1\Desktop\AdwCleaner.exe
2016-04-24 20:52 - 2016-04-24 20:52 - 03683904 _____ C:\Users\MarkoPC1\Downloads\AdwCleaner.exe
2016-04-24 14:09 - 2016-04-24 14:09 - 00003498 _____ C:\Windows\System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8
2016-04-24 14:08 - 2016-04-24 14:08 - 00647752 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2016-04-24 14:08 - 2016-04-24 14:08 - 00000000 ____D C:\Program Files\Common Files\AV
2016-04-24 14:04 - 2016-04-24 14:04 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll
2016-04-24 14:01 - 2016-04-24 14:01 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll
2016-04-24 14:01 - 2016-04-24 14:01 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2016-04-24 13:40 - 2016-04-24 13:41 - 00035716 _____ C:\Users\MarkoPC1\Downloads\Addition.txt
2016-04-24 13:35 - 2016-04-24 21:11 - 00014522 _____ C:\Users\MarkoPC1\Downloads\FRST.txt
2016-04-24 13:35 - 2016-04-24 21:11 - 00000000 ____D C:\FRST
2016-04-24 13:35 - 2016-04-24 13:35 - 02375680 _____ (Farbar) C:\Users\MarkoPC1\Downloads\FRST64.exe
2016-04-24 13:20 - 2016-04-24 13:20 - 00000000 ____D C:\Windows\pss
2016-04-24 13:08 - 2016-04-24 13:12 - 00000842 _____ C:\Windows\ntbtlog.txt
2016-04-24 12:19 - 2016-04-24 19:54 - 00000403 _____ C:\Windows\system32\checkdnsid.xml
2016-04-24 12:14 - 2016-04-24 13:08 - 00000000 ____D C:\Users\Public\Documents\Stronghold AntiMalware
2016-04-24 12:13 - 2016-04-24 12:14 - 07609152 _____ (Security Stronghold ) C:\Users\MarkoPC1\Downloads\StrongholdAntiMalware.exe
2016-04-24 11:59 - 2016-04-24 11:59 - 00000385 _____ C:\Windows\system32\user_gensett.xml
2016-04-24 11:59 - 2016-04-24 11:59 - 00000385 _____ C:\Users\MarkoPC1\AppData\Roaminguser_gensett.xml
2016-04-24 11:57 - 2016-04-24 20:56 - 00001684 _____ C:\bdlog.txt
2016-04-24 11:56 - 2016-04-24 11:56 - 00451090 _____ C:\ProgramData\1461491348.bdinstall.bin
2016-04-24 11:54 - 2016-04-24 11:54 - 00002186 _____ C:\Users\Public\Desktop\Bitdefender Safepay.lnk
2016-04-24 11:54 - 2016-04-24 11:54 - 00002067 _____ C:\Users\Public\Desktop\Bitdefender Total Security.lnk
2016-04-24 11:54 - 2016-04-24 11:54 - 00000684 ____H C:\bdr-cf01
2016-04-24 11:54 - 2016-04-24 11:54 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2016-04-24 11:54 - 2016-04-24 11:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender
2016-04-24 11:54 - 2009-07-15 01:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2016-04-24 11:53 - 2016-04-24 14:04 - 00263032 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2016-04-24 11:53 - 2016-04-24 14:02 - 01288472 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2016-04-24 11:53 - 2016-04-24 14:01 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2016-04-24 11:53 - 2016-04-24 11:59 - 00000000 ____D C:\Users\MarkoPC1\AppData\Roaming\Bitdefender
2016-04-24 11:53 - 2016-04-24 11:59 - 00000000 ____D C:\ProgramData\BDLogging
2016-04-24 11:53 - 2016-04-24 11:54 - 00253404 ____H C:\bdr-ld01
2016-04-24 11:53 - 2016-04-24 11:54 - 00009216 ____H C:\bdr-ld01.mbr
2016-04-24 11:53 - 2013-06-25 18:20 - 38518480 ____H C:\bdr-im01.gz
2016-04-24 11:53 - 2013-02-22 19:46 - 00093600 _____ (BitDefender LLC) C:\Windows\system32\Drivers\BdfNdisf6.sys
2016-04-24 11:53 - 2012-08-15 15:28 - 02510608 ____H C:\bdr-bz01
2016-04-24 11:53 - 2012-04-17 14:34 - 00076944 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2016-04-24 11:53 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2016-04-24 11:52 - 2016-04-24 11:52 - 00181055 _____ C:\Users\MarkoPC1\Downloads\Malwarebytes Key.zip
2016-04-24 11:52 - 2016-04-24 11:52 - 00181055 _____ C:\Users\MarkoPC1\Downloads\Malwarebytes Key (1).zip
2016-04-24 11:49 - 2016-04-24 14:08 - 00000000 ____D C:\ProgramData\Bitdefender
2016-04-24 11:49 - 2016-04-24 14:05 - 00150256 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2016-04-24 11:49 - 2016-04-24 14:04 - 00452040 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2016-04-24 11:49 - 2016-04-24 11:53 - 00000000 ____D C:\Program Files\Bitdefender
2016-04-24 11:49 - 2016-04-24 11:49 - 00000000 ____D C:\Users\MarkoPC1\AppData\Roaming\QuickScan
2016-04-24 11:49 - 2016-04-24 11:49 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-04-24 11:48 - 2016-04-24 11:48 - 00035824 _____ (Curio Laboratories) C:\Users\MarkoPC1\Downloads\RemoveOnRebootSetup.exe
2016-04-24 11:44 - 2016-04-24 11:44 - 00001180 _____ C:\Users\Public\Desktop\IObit Unlocker.lnk
2016-04-24 11:44 - 2016-04-24 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker
2016-04-24 11:44 - 2016-04-24 11:44 - 00000000 ____D C:\ProgramData\IObit
2016-04-24 11:44 - 2016-04-24 11:44 - 00000000 ____D C:\Program Files (x86)\IObit
2016-04-24 11:43 - 2016-04-24 11:43 - 02451912 _____ (IObit ) C:\Users\MarkoPC1\Downloads\unlocker-setup.exe
2016-04-24 11:38 - 2016-04-24 11:38 - 00003270 _____ C:\Windows\System32\Tasks\{E7C6B503-2ABF-4D4F-BB2B-6A31415706CE}
2016-04-24 10:54 - 2016-04-24 10:54 - 00000000 ____D C:\Users\MarkoPC1\AppData\LocalLow\uTorrent
2016-04-24 10:37 - 2016-04-24 12:01 - 00000000 _RSHD C:\Windows\windows
2016-04-23 23:54 - 2016-04-24 20:59 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-23 23:54 - 2016-04-24 10:55 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-23 23:54 - 2016-04-24 10:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-23 23:54 - 2016-04-24 10:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-23 23:54 - 2016-04-23 23:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-23 23:54 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-23 23:54 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-23 23:54 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-23 23:52 - 2016-04-23 23:53 - 00000000 ____D C:\Users\MarkoPC1\Downloads\Bitdefender Total Security 2014 x32 & x64
2016-04-23 23:49 - 2016-04-23 23:49 - 00000000 ____D C:\Users\MarkoPC1\Downloads\Malwarebytes Anti-Malware Premium 2.1.8.1057 Multilingual + KeyGen by FFF
2016-04-23 23:42 - 2016-04-23 23:42 - 00001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BS.Player PRO.lnk
2016-04-23 23:42 - 2016-04-23 23:42 - 00001143 _____ C:\Users\Public\Desktop\BS.Player PRO.lnk
2016-04-23 23:42 - 2016-04-23 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webteh
2016-04-23 23:40 - 2016-04-23 23:45 - 00000000 ____D C:\Users\MarkoPC1\AppData\Roaming\BSplayer PRO
2016-04-23 23:40 - 2016-04-23 23:40 - 00000000 ____D C:\Program Files (x86)\Webteh
2016-04-23 23:39 - 2016-04-23 23:39 - 00000000 ____D C:\Users\MarkoPC1\Downloads\Malwarebytes Anti-Malware Premium 2.1.8.1057 + KeyGen
2016-04-23 23:36 - 2016-04-23 23:36 - 00005120 _____ C:\Users\MarkoPC1\AppData\Roaming\GiftBag.db
2016-04-23 23:34 - 2016-04-23 23:35 - 00000000 ____D C:\Users\MarkoPC1\Downloads\BS.Player Pro v2.68.1077 + Serials [ChattChitto RG]
2016-04-23 23:31 - 2016-04-23 23:31 - 00000000 ____D C:\Users\Public\Thunder Network
2016-04-23 23:31 - 2016-04-23 23:31 - 00000000 ____D C:\ProgramData\Thunder Network
2016-04-23 23:27 - 2016-04-24 11:00 - 00000000 ____D C:\Users\MarkoPC1\AppData\Local\Thunderbird
2016-04-23 23:27 - 2016-04-23 23:27 - 00001209 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2016-04-23 23:27 - 2016-04-23 23:27 - 00001197 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2016-04-23 23:27 - 2016-04-23 23:27 - 00000000 ____D C:\Users\MarkoPC1\Downloads\BS.Player PRO 2.68 Build 1077 Final + Keys [ATOM]
2016-04-23 23:27 - 2016-04-23 23:27 - 00000000 ____D C:\Users\MarkoPC1\AppData\Roaming\Thunderbird
2016-04-23 23:27 - 2016-04-23 23:27 - 00000000 ____D C:\Users\MarkoPC1\AppData\Roaming\Mozilla
2016-04-23 23:27 - 2016-04-23 23:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-04-23 23:27 - 2016-04-23 23:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-23 23:23 - 2016-04-23 23:25 - 34952296 _____ (Mozilla) C:\Users\MarkoPC1\Downloads\Thunderbird Setup 45.0.exe
2016-04-23 23:16 - 2016-04-24 11:23 - 00000000 ____D C:\Program Files\Recuva
2016-04-23 23:16 - 2016-04-23 23:16 - 00002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-04-23 23:16 - 2016-04-23 23:16 - 00001658 _____ C:\Users\Public\Desktop\Recuva.lnk
2016-04-23 23:16 - 2016-04-23 23:16 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-04-23 23:16 - 2016-04-23 23:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2016-04-23 23:16 - 2016-04-23 23:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-04-23 23:16 - 2016-04-23 23:16 - 00000000 ____D C:\Program Files\CCleaner
2016-04-23 23:12 - 2016-04-23 23:18 - 15799762 _____ C:\Users\MarkoPC1\Downloads\MusicBeeSetup_2_5_update1.zip
2016-04-23 23:11 - 2016-04-23 23:11 - 00000000 ____D C:\Users\MarkoPC1\Downloads\Recuva 1.52.1086 Professional + Serials {B4tman}
2016-04-23 23:05 - 2016-04-23 23:05 - 00245921 _____ C:\Users\MarkoPC1\Downloads\swoff351.exe
2016-04-23 23:05 - 2016-04-23 23:05 - 00000941 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Airytec Switch Off.lnk
2016-04-23 23:05 - 2016-04-23 23:05 - 00000000 ____D C:\Users\MarkoPC1\AppData\Roaming\Airytec
2016-04-23 23:05 - 2016-04-23 23:05 - 00000000 ____D C:\Program Files\Airytec
2016-04-13 20:03 - 2016-04-13 20:03 - 00000000 ____D C:\Users\MarkoPC1\AppData\Roaming\MK10
2016-04-13 20:03 - 2016-04-13 20:03 - 00000000 ____D C:\ProgramData\Steam
2016-04-13 20:02 - 2016-04-13 20:02 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-13 20:01 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2016-04-13 20:01 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2016-04-13 20:01 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2016-04-13 20:01 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2016-04-13 20:01 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2016-04-13 20:01 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2016-04-13 20:01 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2016-04-13 20:01 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2016-04-13 20:01 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2016-04-13 20:01 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2016-04-13 20:01 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2016-04-13 20:01 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2016-04-13 20:01 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2016-04-13 20:01 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2016-04-13 20:01 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2016-04-13 20:01 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2016-04-13 20:01 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2016-04-13 20:01 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2016-04-13 20:01 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2016-04-13 20:01 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2016-04-13 20:01 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2016-04-13 20:01 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2016-04-13 20:01 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2016-04-13 20:01 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2016-04-13 20:01 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2016-04-13 20:01 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2016-04-13 20:01 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2016-04-13 20:01 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2016-04-13 20:01 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2016-04-13 20:01 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2016-04-13 20:01 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2016-04-13 20:01 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2016-04-13 20:01 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2016-04-13 20:01 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2016-04-13 20:01 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2016-04-13 20:01 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2016-04-13 20:01 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2016-04-13 20:01 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2016-04-13 20:01 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2016-04-13 20:01 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2016-04-13 20:01 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2016-04-13 20:01 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2016-04-13 20:01 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2016-04-13 20:01 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2016-04-13 20:01 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2016-04-13 20:01 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2016-04-13 20:01 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2016-04-13 20:01 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2016-04-13 20:01 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2016-04-13 20:01 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2016-04-13 20:01 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2016-04-13 20:01 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2016-04-13 20:01 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2016-04-13 20:01 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2016-04-13 20:01 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2016-04-13 20:01 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2016-04-13 20:01 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2016-04-13 20:01 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2016-04-13 20:01 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2016-04-13 20:01 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2016-04-13 20:01 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2016-04-13 20:01 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2016-04-13 20:01 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2016-04-13 20:01 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2016-04-13 20:01 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2016-04-13 20:01 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2016-04-13 20:01 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2016-04-13 20:01 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2016-04-13 20:01 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2016-04-13 20:01 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2016-04-13 20:01 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2016-04-13 20:01 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2016-04-13 20:01 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2016-04-13 20:01 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2016-04-13 20:01 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2016-04-13 20:01 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2016-04-13 20:01 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2016-04-13 20:01 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2016-04-13 20:01 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2016-04-13 20:01 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2016-04-13 20:01 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2016-04-13 20:01 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2016-04-13 20:01 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2016-04-13 20:01 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2016-04-13 20:01 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2016-04-13 20:01 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2016-04-13 20:01 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2016-04-13 20:01 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2016-04-13 20:01 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2016-04-13 20:01 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2016-04-13 20:01 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2016-04-13 20:01 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2016-04-13 20:01 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2016-04-13 20:01 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2016-04-13 20:01 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2016-04-13 20:01 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2016-04-13 20:01 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2016-04-13 20:01 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2016-04-13 20:01 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2016-04-13 20:01 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2016-04-13 20:01 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2016-04-13 20:01 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2016-04-13 20:01 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2016-04-13 20:01 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2016-04-13 20:01 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2016-04-13 20:01 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2016-04-13 20:01 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2016-04-13 20:01 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2016-04-13 20:01 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2016-04-13 20:01 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2016-04-13 20:01 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2016-04-13 20:01 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2016-04-13 20:01 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2016-04-13 20:01 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2016-04-13 20:01 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2016-04-13 20:01 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2016-04-13 20:01 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2016-04-13 20:01 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2016-04-13 20:01 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2016-04-13 20:01 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2016-04-13 20:01 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2016-04-13 20:01 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2016-04-13 20:01 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2016-04-13 20:01 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2016-04-13 20:01 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2016-04-13 20:01 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2016-04-13 20:01 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2016-04-13 20:01 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2016-04-13 20:01 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2016-04-13 20:01 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2016-04-13 20:01 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2016-04-13 20:01 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2016-04-13 20:01 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2016-04-13 20:01 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2016-04-13 20:01 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2016-04-13 20:01 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2016-04-13 20:01 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2016-04-13 20:01 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2016-04-13 20:01 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2016-04-13 20:01 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2016-04-13 20:01 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2016-04-13 20:01 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2016-04-13 20:01 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2016-04-13 20:01 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2016-04-13 20:01 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2016-04-13 20:01 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2016-04-13 20:01 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2016-04-13 20:01 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2016-04-13 20:01 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2016-04-13 20:01 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2016-04-13 20:01 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2016-04-13 20:01 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2016-04-13 20:01 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2016-04-13 20:01 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2016-04-13 20:01 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2016-04-13 20:01 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2016-04-13 20:01 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2016-04-13 20:01 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2016-04-13 20:01 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2016-04-13 20:01 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2016-04-13 20:01 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2016-04-13 20:01 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2016-04-13 20:01 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2016-04-13 20:01 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2016-04-13 20:01 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2016-04-13 20:01 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2016-04-13 20:01 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2016-04-13 20:00 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2016-04-13 20:00 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2016-04-13 20:00 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2016-04-13 20:00 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2016-04-13 20:00 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2016-04-13 20:00 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2016-04-13 20:00 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2016-04-13 20:00 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2016-04-13 20:00 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2016-04-13 20:00 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2016-04-13 19:55 - 2016-04-13 20:01 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-04-10 18:33 - 2016-04-10 18:33 - 00000000 ____D C:\Windows\system32\appmgmt
2016-04-10 18:17 - 2016-04-10 18:17 - 00000000 ____D C:\Users\MarkoPC1\AppData\Roaming\Gadwin
2016-04-10 18:17 - 2016-04-10 18:17 - 00000000 ____D C:\Users\MarkoPC1\AppData\Local\Gadwin
2016-04-10 17:54 - 2016-04-10 17:55 - 13287142 _____ C:\Users\MarkoPC1\Downloads\PrintScreen542_Setup.zip
2016-04-07 21:37 - 2016-04-24 10:38 - 00021174 _____ C:\Users\MarkoPC1\AppData\Roaming\syr.exe.tmp
2016-04-06 18:03 - 2016-04-23 23:19 - 00000000 ____D C:\Users\MarkoPC1\AppData\Roaming\TeamViewer
2016-04-06 18:03 - 2016-04-06 18:04 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-04-06 18:03 - 2016-04-06 18:03 - 00001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-04-06 18:03 - 2016-04-06 18:03 - 00001031 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-04-06 18:00 - 2016-04-06 18:01 - 09788032 _____ (TeamViewer GmbH) C:\Users\MarkoPC1\Downloads\TeamViewer_Setup_sr.exe
2016-04-05 20:10 - 2016-04-05 20:10 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-24 21:05 - 2009-07-14 06:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-24 21:05 - 2009-07-14 06:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-24 20:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-04-24 20:58 - 2016-03-21 19:56 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-24 20:58 - 2016-03-21 19:26 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-24 20:58 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-24 20:31 - 2016-03-21 19:26 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-24 13:55 - 2016-03-21 20:04 - 00000000 ____D C:\ProgramData\MCShield
2016-04-24 13:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Branding
2016-04-24 13:07 - 2016-03-21 19:32 - 00000000 ____D C:\Users\MarkoPC1\AppData\Roaming\uTorrent
2016-04-24 12:05 - 2009-07-14 07:13 - 00006166 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-24 11:26 - 2016-03-21 20:07 - 00000000 ____D C:\Riot Games
2016-04-24 11:26 - 2016-03-21 19:22 - 00000000 ____D C:\Users\MarkoPC1
2016-04-24 10:54 - 2016-03-21 19:33 - 00000000 ___SD C:\Users\MarkoPC1\AppData\LocalLow\Temp
2016-04-24 10:53 - 2016-03-21 19:26 - 00109232 _____ C:\Users\MarkoPC1\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-24 10:37 - 2009-07-14 04:34 - 00000253 _____ C:\Windows\system.ini
2016-04-24 10:36 - 2009-07-14 06:45 - 00416080 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-23 23:35 - 2016-03-21 19:22 - 00000000 ____D C:\Users\MarkoPC1\AppData\Local\VirtualStore
2016-04-23 23:19 - 2016-03-22 04:12 - 00000000 ____D C:\Windows\Panther
2016-04-13 20:02 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-04-10 18:32 - 2016-03-21 19:29 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-10 18:32 - 2016-03-21 19:29 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-03 11:40 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\LiveKernelReports
2016-03-30 20:38 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD

==================== Files in the root of some directories =======

2016-04-23 23:36 - 2016-04-23 23:36 - 0005120 _____ () C:\Users\MarkoPC1\AppData\Roaming\GiftBag.db
2016-04-07 21:37 - 2016-04-24 10:38 - 0021174 _____ () C:\Users\MarkoPC1\AppData\Roaming\syr.exe.tmp
2016-04-24 11:56 - 2016-04-24 11:56 - 0451090 _____ () C:\ProgramData\1461491348.bdinstall.bin

Some files in TEMP:
====================
C:\Users\MarkoPC1\AppData\Local\Temp\certmgr.exe
C:\Users\MarkoPC1\AppData\Local\Temp\winfrmp.exe
C:\Users\MarkoPC1\AppData\Local\Temp\winsvrbr.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-18 01:55

==================== End of FRST.txt ============================
[Link mogu videti samo ulogovani korisnici]

Dopuna: 24 Apr 2016 21:14

[Link mogu videti samo ulogovani korisnici]

Poslao: 24 Apr 2016 20:44
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8628
  • Gde živiš: Novi Beograd

Deinstaliraj:
IObit Unlocker
Stronghold AntiMalware (ukoliko je instaliran i ukoliko mozes da ga nadjes)

------

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMGCShellExt64.dll No File
C:\Program Files (x86)\Tencent
Task: {96C6FD00-6C7E-4A8F-B9C1-3847481D2B52} - System32\Tasks\{E7C6B503-2ABF-4D4F-BB2B-6A31415706CE} => pcalua.exe -a "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\UninstallTips.exe" -d "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217"
EmptyTemp:


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

Poslao: 24 Apr 2016 21:04
Idi na vrh
offline
  • Marko
  • Pridružio: 24 Okt 2012
  • Poruke: 145

Stronghold AntiMalware sam danas izbrisao nakon sto mi se racunar nije htio normalno bootati pa sam ga iz safe moda izbrisao misleci da mozda on predstavlja problem, posto mi se to desilo nakon sto sam instaliro taj program

Poslao: 24 Apr 2016 21:23
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8628
  • Gde živiš: Novi Beograd

Pusti skkriptu koju sam ti dao, pa mi kazi stanje.

Poslao: 24 Apr 2016 22:03
Idi na vrh
offline
  • Marko
  • Pridružio: 24 Okt 2012
  • Poruke: 145

Sve ok, zahvaljujem

Poslao: 24 Apr 2016 22:17
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8628
  • Gde živiš: Novi Beograd

Ako tako kazes.

Sledeća procedura će implementirati završno čišćenje.



Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.

Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;
Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.

Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Ukoliko neki alat ili izveštaj nije uklonjen, slobodno ih obriši ručno.


Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)
- Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
- DelFix briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

MyCity » Ambulanta -> Arhiva Ambulante » Tencent :(

Ko je trenutno na forumu
 

Ukupno su 1834 korisnika na forumu :: 102 registrovanih, 10 sakrivenih i 1722 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 6018 - dana 19 Dec 2025 13:41

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, AK - 230, alberto, AMX72, Andy, antonije64, aramis s, Asparagus, babaroga, Bombarder, Boris BM, Boris90, boskelazo, boxbole, BZ, ccoogg123, cifra, cuki334, DaliborVukadinovic, DejanSt, del boy, Dimitrise93, Djokkinen, dolinalima, due, dzada, gobrad, gorankuba, goxin, iceburn, icemilos, ikan, Incognito, istina, Istman, Jager715510, Jan, Jaxupa, JK, Jomini, Jozo74, kaskadija, knutveliki, Koča, Kubovac, laki_bb, Lance Guest, littlebunny, lord sir giga, Marko Marković, Miki 24pbr, Miki01, mikrimaus, Milan A. Nikolic, mile.ilic75, milenko crazy north, MiljanXD, N.e.m.a.nj.a., nekdo, nemkea71, neutrino, nextyamb, niki-mini_maki, NiKoLa27, Nmr, opt1, Otto Grunf, Paklenica, Pale2025, Panter, pavle_pzs, PITT, PlayerOne, pobeda, precan, procesor, repac, ruma, saputnik plavetnila, skvara, suton, tomigun, travisrise, Username1000, vaci, Vatreni Zmaj, vensla, Vica1958, virked, Vlada1389, volimpivuvolimrakiju, vuksa72, Wepp, XBMC, yiyi, YU-UKI, Zastava, Zimbabwe, Zukov, |_MeD_|, 1453, 79693