svez win10 na novom ssd-u

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Danas sam pazario ssd drajv, i instalirao windows 10 na njemu. Vidim da se odmah uvalio neki toolbar u Mozili a i neki program, sve je na kineskom jeziku i nista ne razumem, koji se startuje zajedno sa window-som. Instalirao sam Avast, prijavljuje neki rootkit (ili tako nesto)... Ocigledno ima nekih problema. Ako neko ima vremena da pomogne, bio bih veoma zahvalan.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2016
Ran by Belphegor (administrator) on DESKTOP-6KQ2O7D (03-06-2016 12:10:06)
Running from C:\Users\Belphegor\Desktop
Loaded Profiles: Belphegor (Available Profiles: Belphegor)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\QQPCRTP.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16719_none_11647d1561f368c0\TiWorker.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\QQPCTray.exe [362304 2016-06-03] (Tencent)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400064 2016-06-03] (AVAST Software)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3847194904-1008630732-2715752188-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-04-29] (Valve Corporation)
AppInit_DLLs: C:\ProgramData\Ronzap\Scotdox.dll => C:\ProgramData\Ronzap\Scotdox.dll [363008 2016-06-03] ()
AppInit_DLLs-x32: C:\ProgramData\Ronzap\Lotstock.dll => No File
ShellExecuteHooks: - {98C066AB-D735-4339-9E52-A34875141B56} - C:\Users\Belphegor\AppData\Local\Microsoft\Windows\INetCookies\plumach.dll [421048 2016-06-03] ()
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\QMGCShellExt64.dll [2016-06-03] (Tencent)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-06-03] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 212.200.191.166 212.200.190.166
Tcpip\..\Interfaces\{c29636a2-d7db-46c4-b3f3-ba96a3fedebb}: [DhcpNameServer] 212.200.191.166 212.200.190.166

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avast.com/AV772/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3847194904-1008630732-2715752188-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
HKU\S-1-5-21-3847194904-1008630732-2715752188-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avast.com/AV772/
HKU\S-1-5-21-3847194904-1008630732-2715752188-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://search.avast.com/AV772/
HKU\S-1-5-21-3847194904-1008630732-2715752188-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWucCHW-Qax8yjRKlMxs1TsAF5r5Hd23nQNhqbirDhzvhWHoJXnIVZ2Bi9GehCKidY_edtjGu-crZU3A6a1jSUuRTlXAZnZPX-s_LkYoSelZGtdQ-66nqb6ljX5dSDqNyUR0mRNT4yu3h6ERa5Cy2kg3790kFooByi3tFiFB9O&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWucCHW-Qax8yjRKlMxs1TsAF5r5Hd23nQNhqbirDhzvhWHoJXnIVZ2Bi9GehCKidY_edtjGu-crZU3A6a1jSUuRTlXAZnZPX-s_LkYoSelZGtdQ-66nqb6ljX5dSDqNyUR0mRNT4yu3h6ERa5Cy2kg3790kFooByi3tFiFB9O&q={searchTerms}
SearchScopes: HKLM-x32 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3847194904-1008630732-2715752188-1001 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3847194904-1008630732-2715752188-1001 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3847194904-1008630732-2715752188-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWucCHW-Qax8yjRKlMxs1TsAF5r5Hd23nQNhqbirDhzvhWHoJXnIVZ2Bi9GehCKidY_edtjGu-crZU3A6a1jSUuRTlXAZnZPX-s_LkYoSelZGtdQ-66nqb6ljX5dSDqNyUR0mRNT4yu3h6ERa5Cy2kg3790kFooByi3tFiFB9O&q={searchTerms}
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\TSWebMon64.dat [2016-06-03] (Tencent)
BHO-x32: No Name -> {6E727987-C8EA-44DA-8749-310C0FBE3C3E} -> No File

FireFox:
========
FF ProfilePath: C:\Users\Belphegor\AppData\Roaming\Profiles\idd6j4e4.default
FF NewTab: about:newtab
FF DefaultSearchEngine: hohosearch
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=hohosearch
FF DefaultSearchUrl: hxxps://search.avast.com/AV772/search/web?q={searchTerms}
FF SearchEngineOrder.1: Avast Search
FF SelectedSearchEngine: Avast Search
FF Homepage: hxxps://www.google.rs/?gws_rd=cr,ssl&ei=xNJRV52PBqqY6ATbo5DADQ
FF Keyword.URL: hxxp://d2ucfwpxlh3zh3.cloudfront.net/chrome.php?uid=25A3512433712890FC91503324C9CEF4&ptid=amz&ts=AHEqB3YrC3MmBE..&v=20160603&mode=ffexttoolbar&q=
FF Plugin-x32: @baidu.com/npxbdcntb -> C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\npxbdcntb.dll [No File]
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\npQMExtensionsMozilla.dll [2016-06-03] (Tencent Technology (Shenzhen) Company Limited)
FF SearchPlugin: C:\Users\Belphegor\AppData\Roaming\Mozilla\Firefox\Profiles\ozbkzgwd.default\searchplugins\avast-search.xml [2016-06-03]
FF SearchPlugin: C:\Users\Belphegor\AppData\Roaming\Profiles\idd6j4e4.default\searchplugins\avast-search.xml [2016-06-03]
FF SearchPlugin: C:\Users\Belphegor\AppData\Roaming\Profiles\idd6j4e4.default\searchplugins\vfu7e69u.xml [2016-06-03]
FF Extension: GsearchFinder - C:\Users\Belphegor\AppData\Roaming\Profiles\idd6j4e4.default\Extensions\@A3592ADB-854A-443A-854E-EB92130D470D.xpi [2016-06-03]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-03] (AVAST Software)
S2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe [792064 2016-06-03] () [File not signed]
R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\QQPCRTP.exe [313936 2016-06-03] (Tencent)
U2 QQRepaira0a; C:\Program Files (x86)\Tencent\QQPCMGR\QQRepaira0a [147176 2016-06-03] ()
S2 QQRepairFixSVC; C:\Program Files (x86)\Tencent\QQPCMGR\QQRepairFixSVC [147176 2016-06-03] ()
S4 Ronzap; C:\ProgramData\\Ronzap\\Ronzap.exe [792064 2016-06-03] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S2 sdnprvService; "C:\Program Files (x86)\Sudient\sdnprvService.html5" {79740E79-A383-47A7-B513-3DF6563D007F} {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-06-03] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-06-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-06-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-06-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-06-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-06-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-06-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-06-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-06-03] (AVAST Software)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-06-03] ()
R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\QMUdisk64.sys [184952 2016-05-18] (Tencent)
R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\QQSysMonX64.sys [154744 2016-06-03] (电脑管家)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
R1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\softaal64.sys [44664 2016-06-03] (Tencent)
R1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\SRepairDrv [179320 2016-06-03] ()
R3 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [99480 2016-06-03] (Tencent)
R2 TAOKernelDriver; C:\Windows\system32\Drivers\TAOKernelEx64.sys [143992 2016-06-03] (Tencent Technology(Shenzhen) Company Limited)
R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [97400 2016-06-03] (电脑管家)
R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\TS888x64.sys [38520 2016-06-03] (Tencent)
S1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\TSDefenseBT64.sys [28984 2016-06-03] (Tencent)
R2 tsnethlpx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\TsNetHlpX64.sys [57976 2016-06-03] ()
R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\TSSysKit64.sys [96888 2016-06-03] (电脑管家)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-03 20:08 - 2016-06-03 11:27 - 00000000 ____D C:\Windows\Panther
2016-06-03 19:10 - 2016-06-03 19:10 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-06-03 12:10 - 2016-06-03 12:10 - 00012505 _____ C:\Users\Belphegor\Desktop\FRST.txt
2016-06-03 12:09 - 2016-06-03 12:10 - 00000000 ____D C:\FRST
2016-06-03 12:09 - 2016-06-03 12:09 - 02384384 _____ (Farbar) C:\Users\Belphegor\Desktop\FRST64.exe
2016-06-03 12:02 - 2016-06-03 12:02 - 00000000 ____D C:\Users\Belphegor\AppData\Local\Steam
2016-06-03 12:02 - 2016-06-03 12:02 - 00000000 ____D C:\Users\Belphegor\AppData\Local\CEF
2016-06-03 11:59 - 2016-06-03 12:07 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-03 11:59 - 2016-06-03 11:59 - 00001036 _____ C:\Users\Public\Desktop\Steam.lnk
2016-06-03 11:59 - 2016-06-03 11:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-06-03 11:58 - 2016-06-03 11:58 - 00016148 _____ C:\Windows\system32\DESKTOP-6KQ2O7D_Belphegor_HistoryPrediction.bin
2016-06-03 11:51 - 2016-06-03 11:51 - 00004020 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1464979864
2016-06-03 11:51 - 2016-06-03 11:51 - 00001082 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-06-03 11:51 - 2016-06-03 11:51 - 00001082 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-06-03 11:50 - 2016-06-03 11:50 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-06-03 11:48 - 2016-06-03 11:48 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-06-03 11:48 - 2016-06-03 11:48 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-06-03 11:48 - 2016-06-03 11:48 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-06-03 11:48 - 2016-06-03 11:48 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-06-03 11:48 - 2016-06-03 11:48 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-06-03 11:48 - 2016-06-03 11:48 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-06-03 11:48 - 2016-06-03 11:48 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-06-03 11:48 - 2016-06-03 11:48 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-06-03 11:48 - 2016-06-03 11:48 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-06-03 11:48 - 2016-06-03 11:48 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-06-03 11:48 - 2016-06-03 11:48 - 00004006 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-06-03 11:48 - 2016-06-03 11:48 - 00001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2016-06-03 11:48 - 2016-06-03 11:48 - 00001967 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-06-03 11:48 - 2016-06-03 11:48 - 00000000 ____D C:\Users\Belphegor\AppData\Roaming\AVAST Software
2016-06-03 11:46 - 2016-06-03 11:50 - 00000000 ____D C:\ProgramData\AVAST Software
2016-06-03 11:46 - 2016-06-03 11:50 - 00000000 ____D C:\Program Files\AVAST Software
2016-06-03 11:33 - 2016-06-03 11:33 - 00003530 _____ C:\Windows\System32\Tasks\{AC9BB7E1-E7FD-4F5E-9F39-3459F2D9603E}
2016-06-03 11:30 - 2016-06-03 11:30 - 00000000 ____D C:\Program Files (x86)\Sudient
2016-06-03 11:30 - 2016-06-03 11:30 - 00000000 ____D C:\Program Files (x86)\Pwaied
2016-06-03 11:30 - 2016-06-03 11:30 - 00000000 ____D C:\Program Files (x86)\Mujoge
2016-06-03 11:29 - 2016-06-03 11:29 - 00003614 _____ C:\Windows\System32\Tasks\{ABC53C3C-E1D6-4B06-A73C-7817417AF139}
2016-06-03 11:27 - 2016-06-03 11:58 - 00038520 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2016-06-03 11:27 - 2016-06-03 11:27 - 00000258 __RSH C:\Users\Belphegor\ntuser.pol
2016-06-03 11:27 - 2016-06-03 11:27 - 00000000 ___HD C:\$WINDOWS.~BT
2016-06-03 11:17 - 2016-06-03 11:21 - 00000000 ____D C:\Windows\system32\MRT
2016-06-03 11:17 - 2016-06-03 11:17 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-03 11:17 - 2016-06-03 11:17 - 03941528 _____ (Logitech, Inc.) C:\Windows\system32\LogiLDA.DLL
2016-06-03 11:17 - 2016-06-03 11:17 - 02466968 _____ (Logitech, Inc.) C:\Windows\system32\LdaCx2.dll
2016-06-03 11:17 - 2016-06-03 11:17 - 00837584 _____ (Microsoft Corporation) C:\Windows\system32\msvcr110.dll
2016-06-03 11:17 - 2016-06-03 11:17 - 00670160 _____ (Microsoft Corporation) C:\Windows\system32\msvcp110.dll
2016-06-03 11:17 - 2016-06-03 11:17 - 00362976 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib110.dll
2016-06-03 11:14 - 2016-06-03 11:14 - 01576280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2016-06-03 11:14 - 2016-06-03 11:14 - 00213352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-06-03 11:14 - 2016-06-03 11:14 - 00048992 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-06-03 11:13 - 2016-06-03 11:13 - 00000000 _____ C:\autoexec.bat
2016-06-03 11:11 - 2016-06-03 11:11 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-06-03 11:00 - 2016-06-03 11:00 - 00030400 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2016-06-03 11:00 - 2016-06-03 11:00 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2016-06-03 10:55 - 2016-06-03 10:56 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-06-03 10:55 - 2016-06-03 10:55 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-06-03 10:55 - 2016-06-03 10:55 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-03 10:55 - 2016-06-03 10:55 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-06-03 10:55 - 2016-05-20 01:03 - 00213952 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-06-03 10:55 - 2016-05-20 01:03 - 00201664 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-06-03 10:55 - 2016-05-19 19:08 - 06348344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-06-03 10:55 - 2016-05-19 19:08 - 02454976 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-06-03 10:55 - 2016-05-19 19:08 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-06-03 10:55 - 2016-05-19 19:08 - 01352760 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-06-03 10:55 - 2016-05-19 19:08 - 00533560 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-06-03 10:55 - 2016-05-19 19:08 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-06-03 10:55 - 2016-05-19 19:08 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-06-03 10:55 - 2016-05-19 19:08 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-06-03 10:55 - 2016-05-18 01:37 - 06448223 _____ C:\Windows\system32\nvcoproc.bin
2016-06-03 10:55 - 2016-05-03 19:23 - 00129824 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-06-03 10:55 - 2016-05-03 19:22 - 00130848 _____ C:\Windows\system32\vulkan-1.dll
2016-06-03 10:55 - 2016-05-03 19:22 - 00045344 _____ C:\Windows\system32\vulkaninfo.exe
2016-06-03 10:55 - 2016-05-03 19:22 - 00040224 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-06-03 10:54 - 2016-06-03 10:56 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-03 10:54 - 2016-05-22 14:02 - 13509184 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-06-03 10:54 - 2016-05-20 01:03 - 39977920 _____ C:\Windows\system32\nvcompiler.dll
2016-06-03 10:54 - 2016-05-20 01:03 - 35117112 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-06-03 10:54 - 2016-05-20 01:03 - 31639096 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-06-03 10:54 - 2016-05-20 01:03 - 25401280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-06-03 10:54 - 2016-05-20 01:03 - 21802816 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-06-03 10:54 - 2016-05-20 01:03 - 21346520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-06-03 10:54 - 2016-05-20 01:03 - 20305768 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-06-03 10:54 - 2016-05-20 01:03 - 18145256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-06-03 10:54 - 2016-05-20 01:03 - 17740664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-06-03 10:54 - 2016-05-20 01:03 - 17662432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-06-03 10:54 - 2016-05-20 01:03 - 17379520 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-06-03 10:54 - 2016-05-20 01:03 - 14410024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-06-03 10:54 - 2016-05-20 01:03 - 10642912 _____ C:\Windows\system32\nvptxJitCompiler.dll
2016-06-03 10:54 - 2016-05-20 01:03 - 08733280 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-06-03 10:54 - 2016-05-20 01:03 - 03811440 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-06-03 10:54 - 2016-05-20 01:03 - 03371648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-06-03 10:54 - 2016-05-20 01:03 - 02791360 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-06-03 10:54 - 2016-05-20 01:03 - 02419768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-06-03 10:54 - 2016-05-20 01:03 - 01922496 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436822.dll
2016-06-03 10:54 - 2016-05-20 01:03 - 01573432 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436822.dll
2016-06-03 10:54 - 2016-05-20 01:03 - 00985024 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-06-03 10:54 - 2016-05-20 01:03 - 00909760 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-06-03 10:54 - 2016-05-20 01:03 - 00772152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-06-03 10:54 - 2016-05-20 01:03 - 00708032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-06-03 10:54 - 2016-05-20 01:03 - 00669952 _____ C:\Windows\system32\nvfatbinaryLoader.dll
2016-06-03 10:54 - 2016-05-20 01:03 - 00565208 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-06-03 10:54 - 2016-05-20 01:03 - 00549240 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-06-03 10:54 - 2016-05-20 01:03 - 00452616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-06-03 10:54 - 2016-05-20 01:03 - 00178136 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-06-03 10:54 - 2016-05-20 01:03 - 00155952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-06-03 10:54 - 2016-05-20 01:03 - 00153416 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-06-03 10:54 - 2016-05-20 01:03 - 00131768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-06-03 10:54 - 2016-05-20 01:03 - 00040084 _____ C:\Windows\system32\nvinfo.pb
2016-06-03 10:54 - 2016-05-20 01:03 - 00000594 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-06-03 10:54 - 2016-05-20 01:03 - 00000594 _____ C:\Windows\system32\nv-vk64.json
2016-06-03 10:53 - 2016-06-03 10:55 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-06-03 10:53 - 2016-06-03 10:53 - 00000000 ____D C:\NVIDIA
2016-06-03 10:45 - 2016-06-03 10:52 - 368561048 _____ (NVIDIA Corporation) C:\Users\Belphegor\Downloads\368.22-desktop-win10-64bit-international-whql.exe
2016-06-03 10:40 - 2016-06-03 10:47 - 00000000 ____D C:\Users\Belphegor\AppData\Local\Mozilla
2016-06-03 10:40 - 2016-06-03 10:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-03 10:37 - 2016-06-03 10:37 - 00242120 _____ C:\Users\Belphegor\Downloads\Firefox Setup Stub 46.0.1.exe
2016-06-03 10:37 - 2016-06-03 10:37 - 00000000 ____D C:\Users\Belphegor\AppData\Roaming\Macromedia
2016-06-03 10:35 - 2009-04-02 05:30 - 00010296 _____ C:\Windows\SysWOW64\Drivers\ASUSHWIO.SYS
2016-06-03 10:33 - 2016-06-03 11:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-06-03 10:33 - 2016-06-03 11:52 - 00000000 ____D C:\Program Files (x86)\7-Zip
2016-06-03 10:32 - 2016-06-03 12:10 - 00000388 _____ C:\Windows\Tasks\PED_Torrent_Search.job
2016-06-03 10:32 - 2016-06-03 11:58 - 00000370 _____ C:\Windows\Tasks\Update Service for Torrent Search.job
2016-06-03 10:32 - 2016-06-03 11:27 - 00000370 _____ C:\Windows\Tasks\Update Service for Torrent Search2.job
2016-06-03 10:32 - 2016-06-03 10:32 - 00003448 _____ C:\Windows\System32\Tasks\PED_Torrent_Search
2016-06-03 10:32 - 2016-06-03 10:32 - 00003076 _____ C:\Windows\System32\Tasks\Update Service for Torrent Search2
2016-06-03 10:32 - 2016-06-03 10:32 - 00002772 _____ C:\Windows\System32\Tasks\Update Service for Torrent Search
2016-06-03 10:32 - 2016-06-03 10:32 - 00001980 __RSH C:\ProgramData\ntuser.pol
2016-06-03 10:32 - 2016-06-03 10:32 - 00000000 ____D C:\ProgramData\Torrent_Search_PED
2016-06-03 10:32 - 2016-06-03 10:32 - 00000000 ____D C:\Program Files (x86)\Torrent Search
2016-06-03 10:29 - 2016-06-03 10:29 - 00000000 ____D C:\Program Files\BitTorrent
2016-06-03 10:28 - 2016-06-03 11:58 - 00000000 ____D C:\ProgramData\TXQMPC
2016-06-03 10:28 - 2016-06-03 11:29 - 00000000 ____D C:\ProgramData\Ronzap
2016-06-03 10:28 - 2016-06-03 11:27 - 00000000 ____D C:\ProgramData\Tencent
2016-06-03 10:28 - 2016-06-03 10:41 - 00000000 ____D C:\Users\Belphegor\AppData\Roaming\Mozilla
2016-06-03 10:28 - 2016-06-03 10:28 - 06859776 _____ C:\Users\Belphegor\AppData\Roaming\agent.dat
2016-06-03 10:28 - 2016-06-03 10:28 - 02279413 _____ C:\Users\Belphegor\AppData\Roaming\DripZentom.bin
2016-06-03 10:28 - 2016-06-03 10:28 - 01756999 _____ C:\Users\Belphegor\AppData\Roaming\Haysaillax.tst
2016-06-03 10:28 - 2016-06-03 10:28 - 00848437 _____ C:\Users\Belphegor\AppData\Roaming\Soltouch.bin
2016-06-03 10:28 - 2016-06-03 10:28 - 00189639 _____ () C:\Users\Belphegor\AppData\Roaming\BioSailex.bin
2016-06-03 10:28 - 2016-06-03 10:28 - 00143992 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernelEx64.sys
2016-06-03 10:28 - 2016-06-03 10:28 - 00126464 _____ C:\Users\Belphegor\AppData\Roaming\noah.dat
2016-06-03 10:28 - 2016-06-03 10:28 - 00126464 _____ C:\Users\Belphegor\AppData\Roaming\lobby.dat
2016-06-03 10:28 - 2016-06-03 10:28 - 00099480 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
2016-06-03 10:28 - 2016-06-03 10:28 - 00097400 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2016-06-03 10:28 - 2016-06-03 10:28 - 00072820 _____ C:\Users\Belphegor\AppData\Roaming\Joytontip.tst
2016-06-03 10:28 - 2016-06-03 10:28 - 00067776 _____ C:\Users\Belphegor\AppData\Roaming\Config.xml
2016-06-03 10:28 - 2016-06-03 10:28 - 00054272 _____ C:\Users\Belphegor\AppData\Roaming\ApplicationHosting.dat
2016-06-03 10:28 - 2016-06-03 10:28 - 00018432 _____ C:\Users\Belphegor\AppData\Roaming\Main.dat
2016-06-03 10:28 - 2016-06-03 10:28 - 00005568 _____ C:\Users\Belphegor\AppData\Roaming\md.xml
2016-06-03 10:28 - 2016-06-03 10:28 - 00002397 _____ C:\Windows\SysWOW64\findit.xml
2016-06-03 10:28 - 2016-06-03 10:28 - 00000000 ____D C:\Users\Belphegor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2016-06-03 10:28 - 2016-06-03 10:28 - 00000000 ____D C:\Users\Belphegor\AppData\Local\PeerDistRepub
2016-06-03 10:28 - 2016-06-03 10:28 - 00000000 ____D C:\ProgramData\Ronzaps
2016-06-03 10:28 - 2016-06-03 10:28 - 00000000 ____D C:\ProgramData\CloudPrinter
2016-06-03 10:28 - 2016-06-03 10:28 - 00000000 ____D C:\Program Files\Common Files\Tencent
2016-06-03 10:28 - 2016-06-03 10:28 - 00000000 ____D C:\Program Files (x86)\Tencent
2016-06-03 10:28 - 2016-06-03 10:27 - 00792064 _____ C:\Users\Belphegor\AppData\Roaming\Joytontip.exe
2016-06-03 10:28 - 2016-06-03 10:27 - 00792064 _____ C:\Users\Belphegor\AppData\Roaming\Haysaillax.exe
2016-06-03 10:27 - 2016-06-03 10:27 - 00128512 _____ C:\Users\Belphegor\AppData\Roaming\Installer.dat
2016-06-03 10:27 - 2016-06-03 10:27 - 00019584 _____ C:\Users\Belphegor\AppData\Roaming\InstallationConfiguration.xml
2016-06-03 10:26 - 2016-06-03 10:57 - 00000000 ____D C:\Users\Belphegor\AppData\Roaming\Tencent
2016-06-03 10:26 - 2016-06-03 10:36 - 00000000 ____D C:\Users\Belphegor\AppData\Local\MicrosoftEdge
2016-06-03 10:25 - 2016-06-03 10:26 - 00000000 ____D C:\Users\Belphegor\AppData\LocalLow\Baidu
2016-06-03 10:24 - 2016-06-03 11:58 - 00000000 ____D C:\Users\Belphegor\AppData\Roaming\Baidu
2016-06-03 10:24 - 2016-06-03 10:25 - 00000000 ____D C:\ProgramData\Baidu
2016-06-03 10:23 - 2016-06-03 12:04 - 00830266 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-03 10:22 - 2016-06-03 11:30 - 00008980 _____ C:\Windows\System32\Tasks\Sudient Provider
2016-06-03 10:22 - 2016-06-03 10:22 - 00000000 ____D C:\extensions
2016-06-03 10:21 - 2016-06-03 11:44 - 00000000 ____D C:\Program Files\Windows 10 KMS Activator Ultimate 2015 v1.2
2016-06-03 10:19 - 2016-06-03 10:19 - 00002379 _____ C:\Users\Belphegor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-06-03 10:19 - 2016-06-03 10:19 - 00000000 ___RD C:\Users\Belphegor\OneDrive
2016-06-03 10:19 - 2016-06-03 10:19 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-06-03 10:18 - 2016-06-03 10:18 - 00000000 ____D C:\Users\Belphegor\AppData\Local\Publishers
2016-06-03 10:17 - 2016-06-03 11:36 - 00000000 ____D C:\Users\Belphegor
2016-06-03 10:17 - 2016-06-03 10:34 - 00000000 ____D C:\Users\Belphegor\AppData\Local\Packages
2016-06-03 10:17 - 2016-06-03 10:28 - 00000000 ____D C:\Users\Belphegor\AppData\Local\VirtualStore
2016-06-03 10:17 - 2016-06-03 10:17 - 00016148 _____ C:\Windows\system32\DESKTOP-6KQ2O7D_defaultuser0_HistoryPrediction.bin
2016-06-03 10:17 - 2016-06-03 10:17 - 00000020 ___SH C:\Users\Belphegor\ntuser.ini
2016-06-03 10:17 - 2016-06-03 10:17 - 00000000 _SHDL C:\Users\Belphegor\My Documents
2016-06-03 10:17 - 2016-06-03 10:17 - 00000000 _SHDL C:\Users\Belphegor\Documents\My Videos
2016-06-03 10:17 - 2016-06-03 10:17 - 00000000 _SHDL C:\Users\Belphegor\Documents\My Pictures
2016-06-03 10:17 - 2016-06-03 10:17 - 00000000 _SHDL C:\Users\Belphegor\Documents\My Music
2016-06-03 10:17 - 2016-06-03 10:17 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-03 10:17 - 2016-06-03 10:17 - 00000000 ____D C:\Users\Belphegor\AppData\Roaming\Adobe
2016-06-03 10:17 - 2016-06-03 10:17 - 00000000 ____D C:\Users\Belphegor\AppData\Local\TileDataLayer
2016-06-03 10:15 - 2015-12-01 00:01 - 02115936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-06-03 10:15 - 2015-11-17 23:36 - 04532304 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-03 10:15 - 2015-11-17 22:56 - 04047280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-06-03 10:15 - 2015-08-18 21:50 - 00609592 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2016-06-03 10:14 - 2015-07-21 20:52 - 00988672 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2016-06-03 10:13 - 2016-06-03 10:13 - 00000000 ____D C:\Windows\CSC
2016-06-03 10:13 - 2015-07-10 03:59 - 02718208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-03 20:08 - 2015-07-10 04:04 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-06-03 19:11 - 2015-07-10 02:05 - 00000000 ____D C:\Windows\system32\Sysprep
2016-06-03 12:04 - 2015-07-10 04:02 - 00000000 ____D C:\Windows\INF
2016-06-03 11:58 - 2015-07-10 05:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-03 11:57 - 2015-07-10 02:05 - 00065536 ___SH C:\Windows\system32\config\BBI
2016-06-03 11:52 - 2015-07-10 03:55 - 00000000 ____D C:\Windows\CbsTemp
2016-06-03 11:27 - 2015-07-10 05:20 - 00197768 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-03 11:25 - 2015-07-10 04:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-03 11:25 - 2015-07-10 04:04 - 00000000 ____D C:\Windows\AppReadiness
2016-06-03 10:55 - 2015-07-10 04:04 - 00000000 ____D C:\Windows\Help
2016-06-03 10:34 - 2015-07-10 04:04 - 00000000 ___RD C:\Windows\DevicesFlow
2016-06-03 10:32 - 2015-07-10 04:04 - 00000000 ____D C:\Windows\system32\GroupPolicy
2016-06-03 10:17 - 2015-07-10 04:04 - 00000000 ___RD C:\Windows\PurchaseDialog
2016-06-03 10:17 - 2015-07-10 04:04 - 00000000 ___RD C:\Windows\PrintDialog
2016-06-03 10:17 - 2015-07-10 04:04 - 00000000 ___RD C:\Windows\MiracastView
2016-06-03 10:17 - 2015-07-10 04:04 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-06-03 10:15 - 2015-07-10 04:04 - 00000000 ____D C:\Windows\system32\oobe
2016-06-03 10:14 - 2015-07-10 04:04 - 00000000 ____D C:\Windows\rescache
2016-06-03 10:13 - 2015-07-10 04:04 - 00000000 ____D C:\Windows\system32\spool
2016-06-03 10:13 - 2015-07-10 04:04 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-05-11 12:50 - 2015-07-10 04:06 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-11 12:50 - 2015-07-10 04:06 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2016-06-03 10:28 - 2016-06-03 10:28 - 6859776 _____ () C:\Users\Belphegor\AppData\Roaming\agent.dat
2016-06-03 10:28 - 2016-06-03 10:28 - 0054272 _____ () C:\Users\Belphegor\AppData\Roaming\ApplicationHosting.dat
2016-06-03 10:28 - 2016-06-03 10:28 - 0189639 _____ () C:\Users\Belphegor\AppData\Roaming\BioSailex.bin
2016-06-03 10:28 - 2016-06-03 10:28 - 0067776 _____ () C:\Users\Belphegor\AppData\Roaming\Config.xml
2016-06-03 10:28 - 2016-06-03 10:28 - 2279413 _____ () C:\Users\Belphegor\AppData\Roaming\DripZentom.bin
2016-06-03 10:28 - 2016-06-03 10:27 - 0792064 _____ () C:\Users\Belphegor\AppData\Roaming\Haysaillax.exe
2016-06-03 10:28 - 2016-06-03 10:28 - 1756999 _____ () C:\Users\Belphegor\AppData\Roaming\Haysaillax.tst
2016-06-03 10:27 - 2016-06-03 10:27 - 0019584 _____ () C:\Users\Belphegor\AppData\Roaming\InstallationConfiguration.xml
2016-06-03 10:27 - 2016-06-03 10:27 - 0128512 _____ () C:\Users\Belphegor\AppData\Roaming\Installer.dat
2016-06-03 10:28 - 2016-06-03 10:27 - 0792064 _____ () C:\Users\Belphegor\AppData\Roaming\Joytontip.exe
2016-06-03 10:28 - 2016-06-03 10:28 - 0072820 _____ () C:\Users\Belphegor\AppData\Roaming\Joytontip.tst
2016-06-03 10:28 - 2016-06-03 10:28 - 0126464 _____ () C:\Users\Belphegor\AppData\Roaming\lobby.dat
2016-06-03 10:28 - 2016-06-03 10:28 - 0018432 _____ () C:\Users\Belphegor\AppData\Roaming\Main.dat
2016-06-03 10:28 - 2016-06-03 10:28 - 0005568 _____ () C:\Users\Belphegor\AppData\Roaming\md.xml
2016-06-03 10:28 - 2016-06-03 10:28 - 0126464 _____ () C:\Users\Belphegor\AppData\Roaming\noah.dat
2016-06-03 10:28 - 2016-06-03 10:28 - 0848437 _____ () C:\Users\Belphegor\AppData\Roaming\Soltouch.bin
2016-06-03 10:29 - 2016-06-03 10:29 - 0001150 _____ () C:\Users\Belphegor\AppData\Roaming\uninstall_temp.ico

Some files in TEMP:
====================
C:\Users\Belphegor\AppData\Local\Temp\BDWebAdapterZip.dll
C:\Users\Belphegor\AppData\Local\Temp\file.exe
C:\Users\Belphegor\AppData\Local\Temp\KMSPico__11516_il62964.exe
C:\Users\Belphegor\AppData\Local\Temp\linker.exe
C:\Users\Belphegor\AppData\Local\Temp\nsb39B8.exe
C:\Users\Belphegor\AppData\Local\Temp\win10kms2016__2827_il28992.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-03 19:10

==================== End of FRST.txt ============================


https://www.mycity.rs/must-login.png

• 1Ovo se svidja korisniku: morando
  
  Registruj se da bi pohvalio/la poruku!

Zdravo,

Pokupio si kineza sa aktivatorom za Win, ocito.

Deinstaliraj:
SnapDo
TSearch
--------
Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok

Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"
Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S0].txt

------

Zatim postavi nove FRST logove (i Addition log) kao prvi put.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2016
Ran by Belphegor (administrator) on DESKTOP-6KQ2O7D (03-06-2016 21:51:55)
Running from C:\Users\Belphegor\Desktop
Loaded Profiles: Belphegor (Available Profiles: Belphegor)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16719_none_11647d1561f368c0\TiWorker.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\QQPCTray.exe" /regrun
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400064 2016-06-03] (AVAST Software)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3847194904-1008630732-2715752188-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-04-30] (Valve Corporation)
ShellExecuteHooks: - {98C066AB-D735-4339-9E52-A34875141B56} - C:\Users\Belphegor\AppData\Local\Microsoft\Windows\INetCookies\plumach.dll [421048 2016-06-03] ()
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\QMGCShellExt64.dll No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-06-03] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 212.200.191.166 212.200.190.166
Tcpip\..\Interfaces\{c29636a2-d7db-46c4-b3f3-ba96a3fedebb}: [DhcpNameServer] 212.200.191.166 212.200.190.166

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avast.com/AV772/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3847194904-1008630732-2715752188-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
HKU\S-1-5-21-3847194904-1008630732-2715752188-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avast.com/AV772/
HKU\S-1-5-21-3847194904-1008630732-2715752188-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://search.avast.com/AV772/
HKU\S-1-5-21-3847194904-1008630732-2715752188-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWucCHW-Qax8yjRKlMxs1TsAF5r5Hd23nQNhqbirDhzvhWHoJXnIVZ2Bi9GehCKidY_edtjGu-crZU3A6a1jSUuRTlXAZnZPX-s_LkYoSelZGtdQ-66nqb6ljX5dSDqNyUR0mRNT4yu3h6ERa5Cy2kg3790kFooByi3tFiFB9O&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKLM-x32 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3847194904-1008630732-2715752188-1001 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3847194904-1008630732-2715752188-1001 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\TSWebMon64.dat => No File

FireFox:
========
FF ProfilePath: C:\Users\Belphegor\AppData\Roaming\Profiles\idd6j4e4.default
FF NewTab: about:newtab
FF DefaultSearchEngine: hohosearch
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=hohosearch
FF DefaultSearchUrl: hxxps://search.avast.com/AV772/search/web?q={searchTerms}
FF SearchEngineOrder.1: Avast Search
FF SelectedSearchEngine: Avast Search
FF Homepage: hxxps://www.google.rs/?gws_rd=cr,ssl&ei=xNJRV52PBqqY6ATbo5DADQ
FF Keyword.URL: hxxp://d2ucfwpxlh3zh3.cloudfront.net/chrome.php?uid=25A3512433712890FC91503324C9CEF4&ptid=amz&ts=AHEqB3YrC3MmBE..&v=20160603&mode=ffexttoolbar&q=
FF Plugin-x32: @baidu.com/npxbdcntb -> C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\npxbdcntb.dll [No File]
FF SearchPlugin: C:\Users\Belphegor\AppData\Roaming\Mozilla\Firefox\Profiles\ozbkzgwd.default\searchplugins\avast-search.xml [2016-06-03]
FF SearchPlugin: C:\Users\Belphegor\AppData\Roaming\Profiles\idd6j4e4.default\searchplugins\avast-search.xml [2016-06-03]
FF SearchPlugin: C:\Users\Belphegor\AppData\Roaming\Profiles\idd6j4e4.default\searchplugins\vfu7e69u.xml [2016-06-03]
FF Extension: GsearchFinder - C:\Users\Belphegor\AppData\Roaming\Profiles\idd6j4e4.default\Extensions\@A3592ADB-854A-443A-854E-EB92130D470D.xpi [2016-06-03]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-03] (AVAST Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S2 QQRepaira0a; "C:\Program Files (x86)\Tencent\QQPCMGR\QQRepaira0a" [X]
S2 sdnprvService; "C:\Program Files (x86)\Sudient\sdnprvService.html5" {79740E79-A383-47A7-B513-3DF6563D007F} {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-06-03] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-06-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-06-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-06-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-06-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-06-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-06-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-06-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-06-03] (AVAST Software)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-06-03] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
S1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\SRepairDrv [179320 2016-06-03] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\TSDefenseBT64.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-04 05:08 - 2016-06-03 20:27 - 00000000 ____D C:\Windows\Panther
2016-06-04 04:10 - 2016-06-04 04:10 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-06-03 21:50 - 2016-06-03 21:50 - 00016148 _____ C:\Windows\system32\DESKTOP-6KQ2O7D_Belphegor_HistoryPrediction.bin
2016-06-03 21:50 - 2016-06-03 21:50 - 00000000 ____D C:\ProgramData\Tencent
2016-06-03 21:49 - 2016-06-03 21:49 - 00000000 ____D C:\ProgramData\TXQMPC
2016-06-03 21:46 - 2016-06-03 21:48 - 00000000 ____D C:\AdwCleaner
2016-06-03 21:46 - 2016-06-03 21:46 - 03677248 _____ C:\Users\Belphegor\Desktop\AdwCleaner.exe
2016-06-03 21:10 - 2016-06-03 21:51 - 00009638 _____ C:\Users\Belphegor\Desktop\FRST.txt
2016-06-03 21:10 - 2016-06-03 21:11 - 00022740 _____ C:\Users\Belphegor\Desktop\Addition.txt
2016-06-03 21:09 - 2016-06-03 21:51 - 00000000 ____D C:\FRST
2016-06-03 21:09 - 2016-06-03 21:09 - 02384384 _____ (Farbar) C:\Users\Belphegor\Desktop\FRST64.exe
2016-06-03 21:02 - 2016-06-03 21:02 - 00000000 ____D C:\Users\Belphegor\AppData\Local\Steam
2016-06-03 21:02 - 2016-06-03 21:02 - 00000000 ____D C:\Users\Belphegor\AppData\Local\CEF
2016-06-03 20:59 - 2016-06-03 21:50 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-03 20:59 - 2016-06-03 20:59 - 00001036 _____ C:\Users\Public\Desktop\Steam.lnk
2016-06-03 20:59 - 2016-06-03 20:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-06-03 20:51 - 2016-06-03 20:51 - 00004020 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1464979864
2016-06-03 20:51 - 2016-06-03 20:51 - 00001082 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-06-03 20:51 - 2016-06-03 20:51 - 00001082 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-06-03 20:50 - 2016-06-03 20:50 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-06-03 20:48 - 2016-06-03 20:48 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-06-03 20:48 - 2016-06-03 20:48 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-06-03 20:48 - 2016-06-03 20:48 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-06-03 20:48 - 2016-06-03 20:48 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-06-03 20:48 - 2016-06-03 20:48 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-06-03 20:48 - 2016-06-03 20:48 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-06-03 20:48 - 2016-06-03 20:48 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-06-03 20:48 - 2016-06-03 20:48 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-06-03 20:48 - 2016-06-03 20:48 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-06-03 20:48 - 2016-06-03 20:48 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-06-03 20:48 - 2016-06-03 20:48 - 00004006 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-06-03 20:48 - 2016-06-03 20:48 - 00001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2016-06-03 20:48 - 2016-06-03 20:48 - 00001967 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-06-03 20:48 - 2016-06-03 20:48 - 00000000 ____D C:\Users\Belphegor\AppData\Roaming\AVAST Software
2016-06-03 20:46 - 2016-06-03 20:50 - 00000000 ____D C:\ProgramData\AVAST Software
2016-06-03 20:46 - 2016-06-03 20:50 - 00000000 ____D C:\Program Files\AVAST Software
2016-06-03 20:30 - 2016-06-03 20:30 - 00000000 ____D C:\Program Files (x86)\Sudient
2016-06-03 20:30 - 2016-06-03 20:30 - 00000000 ____D C:\Program Files (x86)\Pwaied
2016-06-03 20:30 - 2016-06-03 20:30 - 00000000 ____D C:\Program Files (x86)\Mujoge
2016-06-03 20:27 - 2016-06-03 20:27 - 00000258 __RSH C:\Users\Belphegor\ntuser.pol
2016-06-03 20:27 - 2016-06-03 20:27 - 00000000 ___HD C:\$WINDOWS.~BT
2016-06-03 20:17 - 2016-06-03 20:21 - 00000000 ____D C:\Windows\system32\MRT
2016-06-03 20:17 - 2016-06-03 20:17 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-03 20:17 - 2016-06-03 20:17 - 03941528 _____ (Logitech, Inc.) C:\Windows\system32\LogiLDA.DLL
2016-06-03 20:17 - 2016-06-03 20:17 - 02466968 _____ (Logitech, Inc.) C:\Windows\system32\LdaCx2.dll
2016-06-03 20:17 - 2016-06-03 20:17 - 00837584 _____ (Microsoft Corporation) C:\Windows\system32\msvcr110.dll
2016-06-03 20:17 - 2016-06-03 20:17 - 00670160 _____ (Microsoft Corporation) C:\Windows\system32\msvcp110.dll
2016-06-03 20:17 - 2016-06-03 20:17 - 00362976 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib110.dll
2016-06-03 20:14 - 2016-06-03 20:14 - 01576280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2016-06-03 20:14 - 2016-06-03 20:14 - 00213352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-06-03 20:14 - 2016-06-03 20:14 - 00048992 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-06-03 20:13 - 2016-06-03 20:13 - 00000000 _____ C:\autoexec.bat
2016-06-03 20:11 - 2016-06-03 20:11 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-06-03 20:00 - 2016-06-03 20:00 - 00030400 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2016-06-03 20:00 - 2016-06-03 20:00 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2016-06-03 19:55 - 2016-06-03 19:56 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-06-03 19:55 - 2016-06-03 19:55 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-06-03 19:55 - 2016-06-03 19:55 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-03 19:55 - 2016-06-03 19:55 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-06-03 19:55 - 2016-05-20 10:03 - 00213952 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-06-03 19:55 - 2016-05-20 10:03 - 00201664 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-06-03 19:55 - 2016-05-20 04:08 - 06348344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-06-03 19:55 - 2016-05-20 04:08 - 02454976 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-06-03 19:55 - 2016-05-20 04:08 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-06-03 19:55 - 2016-05-20 04:08 - 01352760 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-06-03 19:55 - 2016-05-20 04:08 - 00533560 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-06-03 19:55 - 2016-05-20 04:08 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-06-03 19:55 - 2016-05-20 04:08 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-06-03 19:55 - 2016-05-20 04:08 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-06-03 19:55 - 2016-05-18 10:37 - 06448223 _____ C:\Windows\system32\nvcoproc.bin
2016-06-03 19:55 - 2016-05-04 04:23 - 00129824 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-06-03 19:55 - 2016-05-04 04:22 - 00130848 _____ C:\Windows\system32\vulkan-1.dll
2016-06-03 19:55 - 2016-05-04 04:22 - 00045344 _____ C:\Windows\system32\vulkaninfo.exe
2016-06-03 19:55 - 2016-05-04 04:22 - 00040224 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-06-03 19:54 - 2016-06-03 19:56 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-03 19:54 - 2016-05-22 23:02 - 13509184 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-06-03 19:54 - 2016-05-20 10:03 - 39977920 _____ C:\Windows\system32\nvcompiler.dll
2016-06-03 19:54 - 2016-05-20 10:03 - 35117112 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-06-03 19:54 - 2016-05-20 10:03 - 31639096 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-06-03 19:54 - 2016-05-20 10:03 - 25401280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-06-03 19:54 - 2016-05-20 10:03 - 21802816 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-06-03 19:54 - 2016-05-20 10:03 - 21346520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-06-03 19:54 - 2016-05-20 10:03 - 20305768 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-06-03 19:54 - 2016-05-20 10:03 - 18145256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-06-03 19:54 - 2016-05-20 10:03 - 17740664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-06-03 19:54 - 2016-05-20 10:03 - 17662432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-06-03 19:54 - 2016-05-20 10:03 - 17379520 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-06-03 19:54 - 2016-05-20 10:03 - 14410024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-06-03 19:54 - 2016-05-20 10:03 - 10642912 _____ C:\Windows\system32\nvptxJitCompiler.dll
2016-06-03 19:54 - 2016-05-20 10:03 - 08733280 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-06-03 19:54 - 2016-05-20 10:03 - 03811440 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-06-03 19:54 - 2016-05-20 10:03 - 03371648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-06-03 19:54 - 2016-05-20 10:03 - 02791360 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-06-03 19:54 - 2016-05-20 10:03 - 02419768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-06-03 19:54 - 2016-05-20 10:03 - 01922496 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436822.dll
2016-06-03 19:54 - 2016-05-20 10:03 - 01573432 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436822.dll
2016-06-03 19:54 - 2016-05-20 10:03 - 00985024 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-06-03 19:54 - 2016-05-20 10:03 - 00909760 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-06-03 19:54 - 2016-05-20 10:03 - 00772152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-06-03 19:54 - 2016-05-20 10:03 - 00708032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-06-03 19:54 - 2016-05-20 10:03 - 00669952 _____ C:\Windows\system32\nvfatbinaryLoader.dll
2016-06-03 19:54 - 2016-05-20 10:03 - 00565208 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-06-03 19:54 - 2016-05-20 10:03 - 00549240 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-06-03 19:54 - 2016-05-20 10:03 - 00452616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-06-03 19:54 - 2016-05-20 10:03 - 00178136 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-06-03 19:54 - 2016-05-20 10:03 - 00155952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-06-03 19:54 - 2016-05-20 10:03 - 00153416 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-06-03 19:54 - 2016-05-20 10:03 - 00131768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-06-03 19:54 - 2016-05-20 10:03 - 00040084 _____ C:\Windows\system32\nvinfo.pb
2016-06-03 19:54 - 2016-05-20 10:03 - 00000594 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-06-03 19:54 - 2016-05-20 10:03 - 00000594 _____ C:\Windows\system32\nv-vk64.json
2016-06-03 19:53 - 2016-06-03 19:55 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-06-03 19:53 - 2016-06-03 19:53 - 00000000 ____D C:\NVIDIA
2016-06-03 19:45 - 2016-06-03 19:52 - 368561048 _____ (NVIDIA Corporation) C:\Users\Belphegor\Downloads\368.22-desktop-win10-64bit-international-whql.exe
2016-06-03 19:40 - 2016-06-03 19:47 - 00000000 ____D C:\Users\Belphegor\AppData\Local\Mozilla
2016-06-03 19:40 - 2016-06-03 19:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-03 19:37 - 2016-06-03 19:37 - 00242120 _____ C:\Users\Belphegor\Downloads\Firefox Setup Stub 46.0.1.exe
2016-06-03 19:37 - 2016-06-03 19:37 - 00000000 ____D C:\Users\Belphegor\AppData\Roaming\Macromedia
2016-06-03 19:35 - 2009-04-02 14:30 - 00010296 _____ C:\Windows\SysWOW64\Drivers\ASUSHWIO.SYS
2016-06-03 19:33 - 2016-06-03 20:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-06-03 19:33 - 2016-06-03 20:52 - 00000000 ____D C:\Program Files (x86)\7-Zip
2016-06-03 19:32 - 2016-06-03 19:32 - 00001980 __RSH C:\ProgramData\ntuser.pol
2016-06-03 19:29 - 2016-06-03 19:29 - 00000000 ____D C:\Program Files\BitTorrent
2016-06-03 19:28 - 2016-06-03 19:41 - 00000000 ____D C:\Users\Belphegor\AppData\Roaming\Mozilla
2016-06-03 19:28 - 2016-06-03 19:28 - 06859776 _____ C:\Users\Belphegor\AppData\Roaming\agent.dat
2016-06-03 19:28 - 2016-06-03 19:28 - 02279413 _____ C:\Users\Belphegor\AppData\Roaming\DripZentom.bin
2016-06-03 19:28 - 2016-06-03 19:28 - 01756999 _____ C:\Users\Belphegor\AppData\Roaming\Haysaillax.tst
2016-06-03 19:28 - 2016-06-03 19:28 - 00848437 _____ C:\Users\Belphegor\AppData\Roaming\Soltouch.bin
2016-06-03 19:28 - 2016-06-03 19:28 - 00189639 _____ () C:\Users\Belphegor\AppData\Roaming\BioSailex.bin
2016-06-03 19:28 - 2016-06-03 19:28 - 00126464 _____ C:\Users\Belphegor\AppData\Roaming\noah.dat
2016-06-03 19:28 - 2016-06-03 19:28 - 00126464 _____ C:\Users\Belphegor\AppData\Roaming\lobby.dat
2016-06-03 19:28 - 2016-06-03 19:28 - 00097400 ____N (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2016-06-03 19:28 - 2016-06-03 19:28 - 00072820 _____ C:\Users\Belphegor\AppData\Roaming\Joytontip.tst
2016-06-03 19:28 - 2016-06-03 19:28 - 00067776 _____ C:\Users\Belphegor\AppData\Roaming\Config.xml
2016-06-03 19:28 - 2016-06-03 19:28 - 00054272 _____ C:\Users\Belphegor\AppData\Roaming\ApplicationHosting.dat
2016-06-03 19:28 - 2016-06-03 19:28 - 00018432 _____ C:\Users\Belphegor\AppData\Roaming\Main.dat
2016-06-03 19:28 - 2016-06-03 19:28 - 00005568 _____ C:\Users\Belphegor\AppData\Roaming\md.xml
2016-06-03 19:28 - 2016-06-03 19:28 - 00000000 ____D C:\Users\Belphegor\AppData\Local\PeerDistRepub
2016-06-03 19:28 - 2016-06-03 19:28 - 00000000 ____D C:\Program Files (x86)\Tencent
2016-06-03 19:28 - 2016-06-03 19:27 - 00792064 _____ C:\Users\Belphegor\AppData\Roaming\Joytontip.exe
2016-06-03 19:28 - 2016-06-03 19:27 - 00792064 _____ C:\Users\Belphegor\AppData\Roaming\Haysaillax.exe
2016-06-03 19:27 - 2016-06-03 19:27 - 00128512 _____ C:\Users\Belphegor\AppData\Roaming\Installer.dat
2016-06-03 19:27 - 2016-06-03 19:27 - 00019584 _____ C:\Users\Belphegor\AppData\Roaming\InstallationConfiguration.xml
2016-06-03 19:26 - 2016-06-03 19:36 - 00000000 ____D C:\Users\Belphegor\AppData\Local\MicrosoftEdge
2016-06-03 19:25 - 2016-06-03 19:26 - 00000000 ____D C:\Users\Belphegor\AppData\LocalLow\Baidu
2016-06-03 19:24 - 2016-06-03 20:58 - 00000000 ____D C:\Users\Belphegor\AppData\Roaming\Baidu
2016-06-03 19:24 - 2016-06-03 19:25 - 00000000 ____D C:\ProgramData\Baidu
2016-06-03 19:23 - 2016-06-03 21:04 - 00830266 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-03 19:22 - 2016-06-03 20:30 - 00008980 _____ C:\Windows\System32\Tasks\Sudient Provider
2016-06-03 19:21 - 2016-06-03 20:44 - 00000000 ____D C:\Program Files\Windows 10 KMS Activator Ultimate 2015 v1.2
2016-06-03 19:19 - 2016-06-03 19:19 - 00002379 _____ C:\Users\Belphegor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-06-03 19:19 - 2016-06-03 19:19 - 00000000 ___RD C:\Users\Belphegor\OneDrive
2016-06-03 19:19 - 2016-06-03 19:19 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-06-03 19:18 - 2016-06-03 19:18 - 00000000 ____D C:\Users\Belphegor\AppData\Local\Publishers
2016-06-03 19:17 - 2016-06-03 20:36 - 00000000 ____D C:\Users\Belphegor
2016-06-03 19:17 - 2016-06-03 19:34 - 00000000 ____D C:\Users\Belphegor\AppData\Local\Packages
2016-06-03 19:17 - 2016-06-03 19:28 - 00000000 ____D C:\Users\Belphegor\AppData\Local\VirtualStore
2016-06-03 19:17 - 2016-06-03 19:17 - 00016148 _____ C:\Windows\system32\DESKTOP-6KQ2O7D_defaultuser0_HistoryPrediction.bin
2016-06-03 19:17 - 2016-06-03 19:17 - 00000020 ___SH C:\Users\Belphegor\ntuser.ini
2016-06-03 19:17 - 2016-06-03 19:17 - 00000000 _SHDL C:\Users\Belphegor\My Documents
2016-06-03 19:17 - 2016-06-03 19:17 - 00000000 _SHDL C:\Users\Belphegor\Documents\My Videos
2016-06-03 19:17 - 2016-06-03 19:17 - 00000000 _SHDL C:\Users\Belphegor\Documents\My Pictures
2016-06-03 19:17 - 2016-06-03 19:17 - 00000000 _SHDL C:\Users\Belphegor\Documents\My Music
2016-06-03 19:17 - 2016-06-03 19:17 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-03 19:17 - 2016-06-03 19:17 - 00000000 ____D C:\Users\Belphegor\AppData\Roaming\Adobe
2016-06-03 19:17 - 2016-06-03 19:17 - 00000000 ____D C:\Users\Belphegor\AppData\Local\TileDataLayer
2016-06-03 19:15 - 2015-12-01 09:01 - 02115936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-06-03 19:15 - 2015-11-18 08:36 - 04532304 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-03 19:15 - 2015-11-18 07:56 - 04047280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-06-03 19:15 - 2015-08-19 06:50 - 00609592 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2016-06-03 19:14 - 2015-07-22 05:52 - 00988672 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2016-06-03 19:13 - 2016-06-03 19:13 - 00000000 ____D C:\Windows\CSC
2016-06-03 19:13 - 2015-07-10 12:59 - 02718208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2016-05-04 04:23 - 2016-05-04 04:23 - 00129824 _____ C:\Windows\SysWOW64\vulkan-1-1-0-11-1.dll
2016-05-04 04:22 - 2016-05-04 04:22 - 00130848 _____ C:\Windows\system32\vulkan-1-1-0-11-1.dll
2016-05-04 04:22 - 2016-05-04 04:22 - 00045344 _____ C:\Windows\system32\vulkaninfo-1-1-0-11-1.exe
2016-05-04 04:22 - 2016-05-04 04:22 - 00040224 _____ C:\Windows\SysWOW64\vulkaninfo-1-1-0-11-1.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-04 05:08 - 2015-07-10 13:04 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-06-04 04:11 - 2015-07-10 11:05 - 00000000 ____D C:\Windows\system32\Sysprep
2016-06-03 21:50 - 2015-07-10 14:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-03 21:49 - 2015-07-10 11:05 - 00065536 ___SH C:\Windows\system32\config\BBI
2016-06-03 21:04 - 2015-07-10 13:02 - 00000000 ____D C:\Windows\INF
2016-06-03 20:52 - 2015-07-10 12:55 - 00000000 ____D C:\Windows\CbsTemp
2016-06-03 20:27 - 2015-07-10 14:20 - 00197768 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-03 20:25 - 2015-07-10 13:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-03 20:25 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\AppReadiness
2016-06-03 19:55 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\Help
2016-06-03 19:34 - 2015-07-10 13:04 - 00000000 ___RD C:\Windows\DevicesFlow
2016-06-03 19:32 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\system32\GroupPolicy
2016-06-03 19:17 - 2015-07-10 13:04 - 00000000 ___RD C:\Windows\PurchaseDialog
2016-06-03 19:17 - 2015-07-10 13:04 - 00000000 ___RD C:\Windows\PrintDialog
2016-06-03 19:17 - 2015-07-10 13:04 - 00000000 ___RD C:\Windows\MiracastView
2016-06-03 19:17 - 2015-07-10 13:04 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-06-03 19:15 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\system32\oobe
2016-06-03 19:14 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\rescache
2016-06-03 19:13 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\system32\spool
2016-06-03 19:13 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-05-11 21:50 - 2015-07-10 13:06 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-11 21:50 - 2015-07-10 13:06 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2016-06-03 19:28 - 2016-06-03 19:28 - 6859776 _____ () C:\Users\Belphegor\AppData\Roaming\agent.dat
2016-06-03 19:28 - 2016-06-03 19:28 - 0054272 _____ () C:\Users\Belphegor\AppData\Roaming\ApplicationHosting.dat
2016-06-03 19:28 - 2016-06-03 19:28 - 0189639 _____ () C:\Users\Belphegor\AppData\Roaming\BioSailex.bin
2016-06-03 19:28 - 2016-06-03 19:28 - 0067776 _____ () C:\Users\Belphegor\AppData\Roaming\Config.xml
2016-06-03 19:28 - 2016-06-03 19:28 - 2279413 _____ () C:\Users\Belphegor\AppData\Roaming\DripZentom.bin
2016-06-03 19:28 - 2016-06-03 19:27 - 0792064 _____ () C:\Users\Belphegor\AppData\Roaming\Haysaillax.exe
2016-06-03 19:28 - 2016-06-03 19:28 - 1756999 _____ () C:\Users\Belphegor\AppData\Roaming\Haysaillax.tst
2016-06-03 19:27 - 2016-06-03 19:27 - 0019584 _____ () C:\Users\Belphegor\AppData\Roaming\InstallationConfiguration.xml
2016-06-03 19:27 - 2016-06-03 19:27 - 0128512 _____ () C:\Users\Belphegor\AppData\Roaming\Installer.dat
2016-06-03 19:28 - 2016-06-03 19:27 - 0792064 _____ () C:\Users\Belphegor\AppData\Roaming\Joytontip.exe
2016-06-03 19:28 - 2016-06-03 19:28 - 0072820 _____ () C:\Users\Belphegor\AppData\Roaming\Joytontip.tst
2016-06-03 19:28 - 2016-06-03 19:28 - 0126464 _____ () C:\Users\Belphegor\AppData\Roaming\lobby.dat
2016-06-03 19:28 - 2016-06-03 19:28 - 0018432 _____ () C:\Users\Belphegor\AppData\Roaming\Main.dat
2016-06-03 19:28 - 2016-06-03 19:28 - 0005568 _____ () C:\Users\Belphegor\AppData\Roaming\md.xml
2016-06-03 19:28 - 2016-06-03 19:28 - 0126464 _____ () C:\Users\Belphegor\AppData\Roaming\noah.dat
2016-06-03 19:28 - 2016-06-03 19:28 - 0848437 _____ () C:\Users\Belphegor\AppData\Roaming\Soltouch.bin
2016-06-03 19:29 - 2016-06-03 19:29 - 0001150 _____ () C:\Users\Belphegor\AppData\Roaming\uninstall_temp.ico

Some files in TEMP:
====================
C:\Users\Belphegor\AppData\Local\Temp\BDWebAdapterZip.dll
C:\Users\Belphegor\AppData\Local\Temp\file.exe
C:\Users\Belphegor\AppData\Local\Temp\KMSPico__11516_il62964.exe
C:\Users\Belphegor\AppData\Local\Temp\linker.exe
C:\Users\Belphegor\AppData\Local\Temp\nsb39B8.exe
C:\Users\Belphegor\AppData\Local\Temp\win10kms2016__2827_il28992.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-04 04:10

==================== End of FRST.txt ============================
https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

• 1Ovo se svidja korisniku: morando
  
  Registruj se da bi pohvalio/la poruku!

Postavio si mi stari Addition log, da li imas novi?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 03 Jun 2016 22:39

Pa ponovo sam pokrenuo Farbar (koji je na desktop-u), da bi dobio nove fajlove. Medjutim sad vidim da ne ne apdejtuje (ne kreira novi).

Dopuna: 04 Jun 2016 15:43

Evo ponovo fajlova. Sinoc stvarno nije hteo da napravi Additions.txt, a sad hoce.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2016
Ran by Belphegor (administrator) on DESKTOP-6KQ2O7D (04-06-2016 15:41:22)
Running from C:\Users\Belphegor\Desktop
Loaded Profiles: Belphegor (Available Profiles: Belphegor)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\QQPCTray.exe" /regrun
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400064 2016-06-03] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3847194904-1008630732-2715752188-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-04-30] (Valve Corporation)
ShellExecuteHooks: - {98C066AB-D735-4339-9E52-A34875141B56} - C:\Users\Belphegor\AppData\Local\Microsoft\Windows\INetCookies\plumach.dll [421048 2016-06-03] ()
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\QMGCShellExt64.dll No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-06-03] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 212.200.191.166 212.200.190.166
Tcpip\..\Interfaces\{c29636a2-d7db-46c4-b3f3-ba96a3fedebb}: [DhcpNameServer] 212.200.191.166 212.200.190.166

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avast.com/AV772/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3847194904-1008630732-2715752188-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
HKU\S-1-5-21-3847194904-1008630732-2715752188-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avast.com/AV772/
HKU\S-1-5-21-3847194904-1008630732-2715752188-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://search.avast.com/AV772/
HKU\S-1-5-21-3847194904-1008630732-2715752188-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWucCHW-Qax8yjRKlMxs1TsAF5r5Hd23nQNhqbirDhzvhWHoJXnIVZ2Bi9GehCKidY_edtjGu-crZU3A6a1jSUuRTlXAZnZPX-s_LkYoSelZGtdQ-66nqb6ljX5dSDqNyUR0mRNT4yu3h6ERa5Cy2kg3790kFooByi3tFiFB9O&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKLM-x32 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3847194904-1008630732-2715752188-1001 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3847194904-1008630732-2715752188-1001 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\TSWebMon64.dat => No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-03] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-03] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Belphegor\AppData\Roaming\Profiles\idd6j4e4.default
FF NewTab: about:newtab
FF DefaultSearchEngine: hohosearch
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=hohosearch
FF DefaultSearchUrl: hxxps://search.avast.com/AV772/search/web?q={searchTerms}
FF SearchEngineOrder.1: Avast Search
FF SelectedSearchEngine: Avast Search
FF Homepage: hxxps://www.google.rs/?gws_rd=cr,ssl&ei=xNJRV52PBqqY6ATbo5DADQ
FF Keyword.URL: hxxp://d2ucfwpxlh3zh3.cloudfront.net/chrome.php?uid=25A3512433712890FC91503324C9CEF4&ptid=amz&ts=AHEqB3YrC3MmBE..&v=20160603&mode=ffexttoolbar&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-06-03] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-06-03] ()
FF Plugin-x32: @baidu.com/npxbdcntb -> C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\npxbdcntb.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-03] (Oracle Corporation)
FF SearchPlugin: C:\Users\Belphegor\AppData\Roaming\Mozilla\Firefox\Profiles\ozbkzgwd.default\searchplugins\avast-search.xml [2016-06-03]
FF SearchPlugin: C:\Users\Belphegor\AppData\Roaming\Profiles\idd6j4e4.default\searchplugins\avast-search.xml [2016-06-03]
FF SearchPlugin: C:\Users\Belphegor\AppData\Roaming\Profiles\idd6j4e4.default\searchplugins\vfu7e69u.xml [2016-06-03]
FF Extension: GsearchFinder - C:\Users\Belphegor\AppData\Roaming\Profiles\idd6j4e4.default\Extensions\@A3592ADB-854A-443A-854E-EB92130D470D.xpi [2016-06-03]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-03] (AVAST Software)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [985280 2015-07-22] (@ByELDI) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S2 QQRepaira0a; "C:\Program Files (x86)\Tencent\QQPCMGR\QQRepaira0a" [X]
S2 sdnprvService; "C:\Program Files (x86)\Sudient\sdnprvService.html5" {79740E79-A383-47A7-B513-3DF6563D007F} {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-06-03] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-06-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-06-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-06-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-06-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-06-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-06-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-06-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-06-03] (AVAST Software)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-06-03] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
S1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\SRepairDrv [179320 2016-06-03] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\TSDefenseBT64.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-04 15:35 - 2016-06-04 15:35 - 00016148 _____ C:\Windows\system32\DESKTOP-6KQ2O7D_Belphegor_HistoryPrediction.bin
2016-06-04 05:08 - 2016-06-03 20:27 - 00000000 ____D C:\Windows\Panther
2016-06-04 04:10 - 2016-06-04 04:10 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-06-03 22:41 - 2016-06-03 22:41 - 00000000 ____D C:\Users\Belphegor\AppData\Roaming\NVIDIA
2016-06-03 22:34 - 2016-06-03 22:34 - 01576280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2016-06-03 22:34 - 2016-06-03 22:34 - 00213352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-06-03 22:34 - 2016-06-03 22:34 - 00048992 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-06-03 22:32 - 2016-06-03 22:32 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-06-03 22:32 - 2016-06-03 22:32 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-03 22:32 - 2016-06-03 22:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan
2016-06-03 22:32 - 2016-06-03 22:32 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-06-03 22:32 - 2016-03-22 06:08 - 00213952 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-06-03 22:32 - 2016-03-22 06:08 - 00201664 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-06-03 22:32 - 2016-03-22 04:37 - 06369728 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-06-03 22:32 - 2016-03-22 04:37 - 02994744 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-06-03 22:32 - 2016-03-22 04:37 - 02561472 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-06-03 22:32 - 2016-03-22 04:37 - 01265720 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-06-03 22:32 - 2016-03-22 04:37 - 00530880 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-06-03 22:32 - 2016-03-22 04:37 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-06-03 22:32 - 2016-03-22 04:37 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-06-03 22:32 - 2016-03-22 04:37 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-06-03 22:32 - 2016-03-18 13:44 - 06253721 _____ C:\Windows\system32\nvcoproc.bin
2016-06-03 22:32 - 2016-03-16 23:30 - 00128792 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-06-03 22:32 - 2016-03-16 23:29 - 00127768 _____ C:\Windows\system32\vulkan-1.dll
2016-06-03 22:32 - 2016-03-16 23:29 - 00041752 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-06-03 22:32 - 2016-03-16 23:28 - 00045848 _____ C:\Windows\system32\vulkaninfo.exe
2016-06-03 22:31 - 2016-03-25 03:23 - 12659136 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-06-03 22:31 - 2016-03-22 06:08 - 42923576 _____ C:\Windows\system32\nvcompiler.dll
2016-06-03 22:31 - 2016-03-22 06:08 - 37567424 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-06-03 22:31 - 2016-03-22 06:08 - 31594432 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-06-03 22:31 - 2016-03-22 06:08 - 25350080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-06-03 22:31 - 2016-03-22 06:08 - 21364536 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-06-03 22:31 - 2016-03-22 06:08 - 20906168 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-06-03 22:31 - 2016-03-22 06:08 - 20074728 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-06-03 22:31 - 2016-03-22 06:08 - 17755928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-06-03 22:31 - 2016-03-22 06:08 - 17369448 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-06-03 22:31 - 2016-03-22 06:08 - 17349776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-06-03 22:31 - 2016-03-22 06:08 - 17328008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-06-03 22:31 - 2016-03-22 06:08 - 14226672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-06-03 22:31 - 2016-03-22 06:08 - 10550552 _____ C:\Windows\system32\nvptxJitCompiler.dll
2016-06-03 22:31 - 2016-03-22 06:08 - 08659472 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-06-03 22:31 - 2016-03-22 06:08 - 03685280 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-06-03 22:31 - 2016-03-22 06:08 - 03263480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-06-03 22:31 - 2016-03-22 06:08 - 02614208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-06-03 22:31 - 2016-03-22 06:08 - 02260024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-06-03 22:31 - 2016-03-22 06:08 - 01922496 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436472.dll
2016-06-03 22:31 - 2016-03-22 06:08 - 01571776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436472.dll
2016-06-03 22:31 - 2016-03-22 06:08 - 00960056 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-06-03 22:31 - 2016-03-22 06:08 - 00889400 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-06-03 22:31 - 2016-03-22 06:08 - 00751552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-06-03 22:31 - 2016-03-22 06:08 - 00695864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-06-03 22:31 - 2016-03-22 06:08 - 00678520 _____ C:\Windows\system32\nvfatbinaryLoader.dll
2016-06-03 22:31 - 2016-03-22 06:08 - 00572096 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-06-03 22:31 - 2016-03-22 06:08 - 00546328 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-06-03 22:31 - 2016-03-22 06:08 - 00448824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-06-03 22:31 - 2016-03-22 06:08 - 00176064 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-06-03 22:31 - 2016-03-22 06:08 - 00153392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-06-03 22:31 - 2016-03-22 06:08 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-06-03 22:31 - 2016-03-22 06:08 - 00129208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-06-03 22:31 - 2016-03-22 06:08 - 00038050 _____ C:\Windows\system32\nvinfo.pb
2016-06-03 22:31 - 2016-03-22 06:08 - 00000139 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-06-03 22:31 - 2016-03-22 06:08 - 00000139 _____ C:\Windows\system32\nv-vk64.json
2016-06-03 22:20 - 2016-06-03 22:20 - 00000000 ____D C:\Users\Belphegor\AppData\Roaming\Sun
2016-06-03 22:20 - 2016-06-03 22:20 - 00000000 ____D C:\Users\Belphegor\AppData\LocalLow\Sun
2016-06-03 22:20 - 2016-06-03 22:20 - 00000000 ____D C:\Users\Belphegor\.oracle_jre_usage
2016-06-03 22:20 - 2016-06-03 22:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-06-03 22:20 - 2016-06-03 22:19 - 00097344 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-06-03 22:19 - 2016-06-03 22:20 - 00000000 ____D C:\ProgramData\Oracle
2016-06-03 22:19 - 2016-06-03 22:19 - 00000000 ____D C:\Program Files (x86)\Java
2016-06-03 22:18 - 2016-06-03 22:18 - 00000000 ____D C:\Users\Belphegor\AppData\LocalLow\Oracle
2016-06-03 22:15 - 2016-06-03 22:15 - 529782350 _____ C:\Windows\MEMORY.DMP
2016-06-03 22:15 - 2016-06-03 22:15 - 00411328 _____ C:\Windows\Minidump\060316-10125-01.dmp
2016-06-03 22:15 - 2016-06-03 22:15 - 00000000 ____D C:\Windows\Minidump
2016-06-03 22:12 - 2016-06-03 23:21 - 00000000 ____D C:\Users\Belphegor\AppData\LocalLow\Heroes and Generals
2016-06-03 22:03 - 2016-06-03 22:03 - 00000000 ____D C:\Users\Belphegor\AppData\Roaming\HeroesAndGeneralsDesktop
2016-06-03 22:03 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2016-06-03 22:03 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2016-06-03 22:03 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2016-06-03 22:03 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2016-06-03 22:03 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2016-06-03 22:03 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2016-06-03 22:03 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2016-06-03 22:03 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2016-06-03 22:03 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2016-06-03 22:03 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2016-06-03 22:03 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2016-06-03 22:03 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2016-06-03 22:03 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2016-06-03 22:03 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2016-06-03 22:03 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2016-06-03 22:03 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2016-06-03 22:03 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2016-06-03 22:03 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2016-06-03 22:03 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2016-06-03 22:03 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2016-06-03 22:03 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2016-06-03 22:03 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2016-06-03 22:03 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2016-06-03 22:03 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2016-06-03 22:03 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2016-06-03 22:03 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2016-06-03 22:03 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2016-06-03 22:03 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2016-06-03 22:03 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2016-06-03 22:03 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2016-06-03 22:03 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2016-06-03 22:03 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2016-06-03 22:03 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2016-06-03 22:03 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2016-06-03 22:03 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2016-06-03 22:03 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2016-06-03 22:03 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2016-06-03 22:03 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2016-06-03 22:03 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2016-06-03 22:03 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2016-06-03 22:03 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2016-06-03 22:03 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2016-06-03 22:03 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2016-06-03 22:03 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2016-06-03 22:03 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2016-06-03 22:03 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2016-06-03 22:03 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2016-06-03 22:03 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2016-06-03 22:03 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2016-06-03 22:03 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2016-06-03 22:03 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2016-06-03 22:03 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2016-06-03 22:03 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2016-06-03 22:03 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2016-06-03 22:03 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2016-06-03 22:03 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2016-06-03 22:03 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2016-06-03 22:03 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2016-06-03 22:03 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2016-06-03 22:03 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2016-06-03 22:03 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2016-06-03 22:03 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2016-06-03 22:03 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2016-06-03 22:03 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2016-06-03 22:03 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2016-06-03 22:03 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2016-06-03 22:03 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2016-06-03 22:03 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2016-06-03 22:03 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2016-06-03 22:03 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2016-06-03 22:03 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2016-06-03 22:03 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2016-06-03 22:03 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2016-06-03 22:03 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2016-06-03 22:03 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2016-06-03 22:03 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2016-06-03 22:03 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2016-06-03 22:03 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2016-06-03 22:03 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2016-06-03 22:03 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2016-06-03 22:03 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2016-06-03 22:03 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2016-06-03 22:03 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2016-06-03 22:03 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2016-06-03 22:03 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2016-06-03 22:03 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2016-06-03 22:03 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2016-06-03 22:03 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2016-06-03 22:03 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2016-06-03 22:03 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2016-06-03 22:03 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2016-06-03 22:03 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2016-06-03 22:03 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2016-06-03 22:03 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2016-06-03 22:03 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2016-06-03 22:03 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2016-06-03 22:03 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2016-06-03 22:03 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2016-06-03 22:03 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2016-06-03 22:03 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2016-06-03 22:03 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2016-06-03 22:03 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2016-06-03 22:03 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2016-06-03 22:03 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2016-06-03 22:03 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2016-06-03 22:03 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2016-06-03 22:03 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2016-06-03 22:03 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2016-06-03 22:03 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2016-06-03 22:03 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2016-06-03 22:03 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2016-06-03 22:03 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2016-06-03 22:03 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2016-06-03 22:03 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2016-06-03 22:03 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2016-06-03 22:03 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2016-06-03 22:03 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2016-06-03 22:03 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2016-06-03 22:03 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2016-06-03 22:03 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2016-06-03 22:03 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2016-06-03 22:03 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2016-06-03 22:03 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2016-06-03 22:03 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2016-06-03 22:03 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2016-06-03 22:03 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2016-06-03 22:03 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2016-06-03 22:03 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2016-06-03 22:03 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2016-06-03 22:03 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2016-06-03 22:03 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2016-06-03 22:03 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2016-06-03 22:03 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2016-06-03 22:03 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2016-06-03 22:03 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2016-06-03 22:03 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2016-06-03 22:03 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2016-06-03 22:03 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2016-06-03 22:03 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2016-06-03 22:03 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2016-06-03 22:03 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2016-06-03 22:03 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2016-06-03 22:03 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2016-06-03 22:03 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2016-06-03 22:03 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2016-06-03 22:03 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2016-06-03 22:03 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2016-06-03 22:03 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2016-06-03 22:03 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2016-06-03 22:03 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2016-06-03 22:03 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2016-06-03 22:03 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2016-06-03 22:03 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2016-06-03 22:03 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2016-06-03 22:03 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2016-06-03 22:03 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2016-06-03 22:03 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2016-06-03 22:03 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2016-06-03 22:03 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2016-06-03 22:03 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2016-06-03 22:03 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2016-06-03 22:03 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2016-06-03 22:03 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2016-06-03 22:03 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2016-06-03 22:03 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2016-06-03 22:03 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2016-06-03 22:03 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2016-06-03 22:03 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2016-06-03 22:03 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2016-06-03 22:03 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2016-06-03 22:03 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2016-06-03 22:03 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2016-06-03 22:03 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2016-06-03 22:03 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2016-06-03 22:03 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2016-06-03 22:03 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2016-06-03 22:03 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2016-06-03 22:03 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2016-06-03 22:03 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2016-06-03 22:03 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2016-06-03 22:03 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2016-06-03 22:03 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2016-06-03 22:01 - 2016-06-03 22:01 - 00000000 ____D C:\Users\Belphegor\AppData\Local\Macromedia
2016-06-03 21:59 - 2016-06-03 21:59 - 00000000 ____D C:\Users\Belphegor\AppData\Local\Adobe
2016-06-03 21:57 - 2016-06-03 21:57 - 00004608 _____ C:\Windows\SECOH-QAD.exe
2016-06-03 21:57 - 2016-06-03 21:57 - 00003584 _____ C:\Windows\SECOH-QAD.dll
2016-06-03 21:57 - 2016-06-03 21:57 - 00003484 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart
2016-06-03 21:57 - 2016-06-03 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2016-06-03 21:57 - 2016-06-03 21:57 - 00000000 ____D C:\Program Files\KMSpico
2016-06-03 21:57 - 2010-12-06 04:16 - 00090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll
2016-06-03 21:56 - 2016-06-03 21:56 - 00000000 ____D C:\Program Files (x86)\KMSpico
2016-06-03 21:55 - 2016-06-03 21:58 - 00000000 ____D C:\Users\Belphegor\AppData\LocalLow\BitTorrent
2016-06-03 21:55 - 2016-06-03 21:55 - 00000000 ____D C:\Users\Belphegor\Downloads\WINDOWS 10 PROPER ACTIVATOR (KMSpico v10.0.102040 Beta) [GloDLS]
2016-06-03 21:54 - 2016-06-03 21:58 - 00000000 ____D C:\Users\Belphegor\AppData\Roaming\BitTorrent
2016-06-03 21:50 - 2016-06-03 21:50 - 00000000 ____D C:\ProgramData\Tencent
2016-06-03 21:49 - 2016-06-03 21:49 - 00000000 ____D C:\ProgramData\TXQMPC
2016-06-03 21:46 - 2016-06-03 21:48 - 00000000 ____D C:\AdwCleaner
2016-06-03 21:46 - 2016-06-03 21:46 - 03677248 _____ C:\Users\Belphegor\Desktop\AdwCleaner.exe
2016-06-03 21:10 - 2016-06-04 15:41 - 00010953 _____ C:\Users\Belphegor\Desktop\FRST.txt
2016-06-03 21:09 - 2016-06-04 15:41 - 00000000 ____D C:\FRST
2016-06-03 21:09 - 2016-06-03 21:09 - 02384384 _____ (Farbar) C:\Users\Belphegor\Desktop\FRST64.exe
2016-06-03 21:02 - 2016-06-03 21:02 - 00000000 ____D C:\Users\Belphegor\AppData\Local\Steam
2016-06-03 21:02 - 2016-06-03 21:02 - 00000000 ____D C:\Users\Belphegor\AppData\Local\CEF
2016-06-03 20:59 - 2016-06-04 15:36 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-03 20:59 - 2016-06-03 20:59 - 00001036 _____ C:\Users\Public\Desktop\Steam.lnk
2016-06-03 20:59 - 2016-06-03 20:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-06-03 20:51 - 2016-06-03 20:51 - 00004020 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1464979864
2016-06-03 20:51 - 2016-06-03 20:51 - 00001082 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-06-03 20:51 - 2016-06-03 20:51 - 00001082 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-06-03 20:50 - 2016-06-03 20:50 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-06-03 20:48 - 2016-06-03 22:33 - 00004280 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-06-03 20:48 - 2016-06-03 20:48 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-06-03 20:48 - 2016-06-03 20:48 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-06-03 20:48 - 2016-06-03 20:48 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-06-03 20:48 - 2016-06-03 20:48 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-06-03 20:48 - 2016-06-03 20:48 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-06-03 20:48 - 2016-06-03 20:48 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-06-03 20:48 - 2016-06-03 20:48 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-06-03 20:48 - 2016-06-03 20:48 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-06-03 20:48 - 2016-06-03 20:48 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-06-03 20:48 - 2016-06-03 20:48 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-06-03 20:48 - 2016-06-03 20:48 - 00001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2016-06-03 20:48 - 2016-06-03 20:48 - 00001967 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-06-03 20:48 - 2016-06-03 20:48 - 00000000 ____D C:\Users\Belphegor\AppData\Roaming\AVAST Software
2016-06-03 20:46 - 2016-06-03 20:50 - 00000000 ____D C:\ProgramData\AVAST Software
2016-06-03 20:46 - 2016-06-03 20:50 - 00000000 ____D C:\Program Files\AVAST Software
2016-06-03 20:30 - 2016-06-03 20:30 - 00000000 ____D C:\Program Files (x86)\Sudient
2016-06-03 20:30 - 2016-06-03 20:30 - 00000000 ____D C:\Program Files (x86)\Pwaied
2016-06-03 20:30 - 2016-06-03 20:30 - 00000000 ____D C:\Program Files (x86)\Mujoge
2016-06-03 20:27 - 2016-06-03 20:27 - 00000258 __RSH C:\Users\Belphegor\ntuser.pol
2016-06-03 20:27 - 2016-06-03 20:27 - 00000000 ___HD C:\$WINDOWS.~BT
2016-06-03 20:17 - 2016-06-03 20:21 - 00000000 ____D C:\Windows\system32\MRT
2016-06-03 20:17 - 2016-06-03 20:17 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-03 20:17 - 2016-06-03 20:17 - 03941528 _____ (Logitech, Inc.) C:\Windows\system32\LogiLDA.DLL
2016-06-03 20:17 - 2016-06-03 20:17 - 02466968 _____ (Logitech, Inc.) C:\Windows\system32\LdaCx2.dll
2016-06-03 20:17 - 2016-06-03 20:17 - 00837584 _____ (Microsoft Corporation) C:\Windows\system32\msvcr110.dll
2016-06-03 20:17 - 2016-06-03 20:17 - 00670160 _____ (Microsoft Corporation) C:\Windows\system32\msvcp110.dll
2016-06-03 20:17 - 2016-06-03 20:17 - 00362976 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib110.dll
2016-06-03 20:13 - 2016-06-03 20:13 - 00000000 _____ C:\autoexec.bat
2016-06-03 20:11 - 2016-06-03 20:11 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-06-03 20:00 - 2016-06-03 20:00 - 00030400 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2016-06-03 20:00 - 2016-06-03 20:00 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2016-06-03 19:55 - 2016-06-03 22:32 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-06-03 19:54 - 2016-06-03 19:56 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-03 19:53 - 2016-06-03 22:32 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-06-03 19:53 - 2016-06-03 19:53 - 00000000 ____D C:\NVIDIA
2016-06-03 19:45 - 2016-06-03 19:52 - 368561048 _____ (NVIDIA Corporation) C:\Users\Belphegor\Downloads\368.22-desktop-win10-64bit-international-whql.exe
2016-06-03 19:40 - 2016-06-03 19:47 - 00000000 ____D C:\Users\Belphegor\AppData\Local\Mozilla
2016-06-03 19:40 - 2016-06-03 19:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-03 19:37 - 2016-06-03 19:37 - 00242120 _____ C:\Users\Belphegor\Downloads\Firefox Setup Stub 46.0.1.exe
2016-06-03 19:37 - 2016-06-03 19:37 - 00000000 ____D C:\Users\Belphegor\AppData\Roaming\Macromedia
2016-06-03 19:35 - 2009-04-02 14:30 - 00010296 _____ C:\Windows\SysWOW64\Drivers\ASUSHWIO.SYS
2016-06-03 19:33 - 2016-06-03 20:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-06-03 19:33 - 2016-06-03 20:52 - 00000000 ____D C:\Program Files (x86)\7-Zip
2016-06-03 19:32 - 2016-06-03 19:32 - 00001980 __RSH C:\ProgramData\ntuser.pol
2016-06-03 19:29 - 2016-06-03 19:29 - 00000000 ____D C:\Program Files\BitTorrent
2016-06-03 19:28 - 2016-06-03 19:41 - 00000000 ____D C:\Users\Belphegor\AppData\Roaming\Mozilla
2016-06-03 19:28 - 2016-06-03 19:28 - 06859776 _____ C:\Users\Belphegor\AppData\Roaming\agent.dat
2016-06-03 19:28 - 2016-06-03 19:28 - 02279413 _____ C:\Users\Belphegor\AppData\Roaming\DripZentom.bin
2016-06-03 19:28 - 2016-06-03 19:28 - 01756999 _____ C:\Users\Belphegor\AppData\Roaming\Haysaillax.tst
2016-06-03 19:28 - 2016-06-03 19:28 - 00848437 _____ C:\Users\Belphegor\AppData\Roaming\Soltouch.bin
2016-06-03 19:28 - 2016-06-03 19:28 - 00189639 _____ () C:\Users\Belphegor\AppData\Roaming\BioSailex.bin
2016-06-03 19:28 - 2016-06-03 19:28 - 00126464 _____ C:\Users\Belphegor\AppData\Roaming\noah.dat
2016-06-03 19:28 - 2016-06-03 19:28 - 00126464 _____ C:\Users\Belphegor\AppData\Roaming\lobby.dat
2016-06-03 19:28 - 2016-06-03 19:28 - 00097400 ____N (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2016-06-03 19:28 - 2016-06-03 19:28 - 00072820 _____ C:\Users\Belphegor\AppData\Roaming\Joytontip.tst
2016-06-03 19:28 - 2016-06-03 19:28 - 00067776 _____ C:\Users\Belphegor\AppData\Roaming\Config.xml
2016-06-03 19:28 - 2016-06-03 19:28 - 00054272 _____ C:\Users\Belphegor\AppData\Roaming\ApplicationHosting.dat
2016-06-03 19:28 - 2016-06-03 19:28 - 00018432 _____ C:\Users\Belphegor\AppData\Roaming\Main.dat
2016-06-03 19:28 - 2016-06-03 19:28 - 00005568 _____ C:\Users\Belphegor\AppData\Roaming\md.xml
2016-06-03 19:28 - 2016-06-03 19:28 - 00000000 ____D C:\Users\Belphegor\AppData\Local\PeerDistRepub
2016-06-03 19:28 - 2016-06-03 19:28 - 00000000 ____D C:\Program Files (x86)\Tencent
2016-06-03 19:28 - 2016-06-03 19:27 - 00792064 _____ C:\Users\Belphegor\AppData\Roaming\Joytontip.exe
2016-06-03 19:28 - 2016-06-03 19:27 - 00792064 _____ C:\Users\Belphegor\AppData\Roaming\Haysaillax.exe
2016-06-03 19:27 - 2016-06-03 19:27 - 00128512 _____ C:\Users\Belphegor\AppData\Roaming\Installer.dat
2016-06-03 19:27 - 2016-06-03 19:27 - 00019584 _____ C:\Users\Belphegor\AppData\Roaming\InstallationConfiguration.xml
2016-06-03 19:26 - 2016-06-03 19:36 - 00000000 ____D C:\Users\Belphegor\AppData\Local\MicrosoftEdge
2016-06-03 19:25 - 2016-06-03 19:26 - 00000000 ____D C:\Users\Belphegor\AppData\LocalLow\Baidu
2016-06-03 19:24 - 2016-06-03 20:58 - 00000000 ____D C:\Users\Belphegor\AppData\Roaming\Baidu
2016-06-03 19:24 - 2016-06-03 19:25 - 00000000 ____D C:\ProgramData\Baidu
2016-06-03 19:23 - 2016-06-03 22:40 - 00830266 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-03 19:22 - 2016-06-03 20:30 - 00008980 _____ C:\Windows\System32\Tasks\Sudient Provider
2016-06-03 19:21 - 2016-06-03 20:44 - 00000000 ____D C:\Program Files\Windows 10 KMS Activator Ultimate 2015 v1.2
2016-06-03 19:19 - 2016-06-03 19:19 - 00002379 _____ C:\Users\Belphegor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-06-03 19:19 - 2016-06-03 19:19 - 00000000 ___RD C:\Users\Belphegor\OneDrive
2016-06-03 19:19 - 2016-06-03 19:19 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-06-03 19:18 - 2016-06-03 19:18 - 00000000 ____D C:\Users\Belphegor\AppData\Local\Publishers
2016-06-03 19:17 - 2016-06-04 13:07 - 00000000 ____D C:\Users\Belphegor
2016-06-03 19:17 - 2016-06-03 19:34 - 00000000 ____D C:\Users\Belphegor\AppData\Local\Packages
2016-06-03 19:17 - 2016-06-03 19:28 - 00000000 ____D C:\Users\Belphegor\AppData\Local\VirtualStore
2016-06-03 19:17 - 2016-06-03 19:17 - 00016148 _____ C:\Windows\system32\DESKTOP-6KQ2O7D_defaultuser0_HistoryPrediction.bin
2016-06-03 19:17 - 2016-06-03 19:17 - 00000020 ___SH C:\Users\Belphegor\ntuser.ini
2016-06-03 19:17 - 2016-06-03 19:17 - 00000000 _SHDL C:\Users\Belphegor\My Documents
2016-06-03 19:17 - 2016-06-03 19:17 - 00000000 _SHDL C:\Users\Belphegor\Documents\My Videos
2016-06-03 19:17 - 2016-06-03 19:17 - 00000000 _SHDL C:\Users\Belphegor\Documents\My Pictures
2016-06-03 19:17 - 2016-06-03 19:17 - 00000000 _SHDL C:\Users\Belphegor\Documents\My Music
2016-06-03 19:17 - 2016-06-03 19:17 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-03 19:17 - 2016-06-03 19:17 - 00000000 ____D C:\Users\Belphegor\AppData\Roaming\Adobe
2016-06-03 19:17 - 2016-06-03 19:17 - 00000000 ____D C:\Users\Belphegor\AppData\Local\TileDataLayer
2016-06-03 19:15 - 2015-12-01 09:01 - 02115936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-06-03 19:15 - 2015-11-18 08:36 - 04532304 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-03 19:15 - 2015-11-18 07:56 - 04047280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-06-03 19:15 - 2015-08-19 06:50 - 00609592 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2016-06-03 19:14 - 2015-07-22 05:52 - 00988672 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2016-06-03 19:13 - 2016-06-03 19:13 - 00000000 ____D C:\Windows\CSC
2016-06-03 19:13 - 2015-07-10 12:59 - 02718208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-04 15:35 - 2015-07-10 14:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-04 12:09 - 2015-07-10 13:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-04 05:08 - 2015-07-10 13:04 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-06-04 04:11 - 2015-07-10 11:05 - 00000000 ____D C:\Windows\system32\Sysprep
2016-06-04 00:39 - 2015-07-10 12:55 - 00000000 ____D C:\Windows\CbsTemp
2016-06-03 22:40 - 2015-07-10 13:02 - 00000000 ____D C:\Windows\INF
2016-06-03 22:33 - 2015-07-10 11:05 - 00065536 ___SH C:\Windows\system32\config\BBI
2016-06-03 22:32 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\Help
2016-06-03 22:25 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\Cursors
2016-06-03 20:27 - 2015-07-10 14:20 - 00197768 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-03 20:25 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\AppReadiness
2016-06-03 19:34 - 2015-07-10 13:04 - 00000000 ___RD C:\Windows\DevicesFlow
2016-06-03 19:32 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\system32\GroupPolicy
2016-06-03 19:17 - 2015-07-10 13:04 - 00000000 ___RD C:\Windows\PurchaseDialog
2016-06-03 19:17 - 2015-07-10 13:04 - 00000000 ___RD C:\Windows\PrintDialog
2016-06-03 19:17 - 2015-07-10 13:04 - 00000000 ___RD C:\Windows\MiracastView
2016-06-03 19:17 - 2015-07-10 13:04 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-06-03 19:15 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\system32\oobe
2016-06-03 19:14 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\rescache
2016-06-03 19:13 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\system32\spool
2016-06-03 19:13 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-05-11 21:50 - 2015-07-10 13:06 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-11 21:50 - 2015-07-10 13:06 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2016-06-03 19:28 - 2016-06-03 19:28 - 6859776 _____ () C:\Users\Belphegor\AppData\Roaming\agent.dat
2016-06-03 19:28 - 2016-06-03 19:28 - 0054272 _____ () C:\Users\Belphegor\AppData\Roaming\ApplicationHosting.dat
2016-06-03 19:28 - 2016-06-03 19:28 - 0189639 _____ () C:\Users\Belphegor\AppData\Roaming\BioSailex.bin
2016-06-03 19:28 - 2016-06-03 19:28 - 0067776 _____ () C:\Users\Belphegor\AppData\Roaming\Config.xml
2016-06-03 19:28 - 2016-06-03 19:28 - 2279413 _____ () C:\Users\Belphegor\AppData\Roaming\DripZentom.bin
2016-06-03 19:28 - 2016-06-03 19:27 - 0792064 _____ () C:\Users\Belphegor\AppData\Roaming\Haysaillax.exe
2016-06-03 19:28 - 2016-06-03 19:28 - 1756999 _____ () C:\Users\Belphegor\AppData\Roaming\Haysaillax.tst
2016-06-03 19:27 - 2016-06-03 19:27 - 0019584 _____ () C:\Users\Belphegor\AppData\Roaming\InstallationConfiguration.xml
2016-06-03 19:27 - 2016-06-03 19:27 - 0128512 _____ () C:\Users\Belphegor\AppData\Roaming\Installer.dat
2016-06-03 19:28 - 2016-06-03 19:27 - 0792064 _____ () C:\Users\Belphegor\AppData\Roaming\Joytontip.exe
2016-06-03 19:28 - 2016-06-03 19:28 - 0072820 _____ () C:\Users\Belphegor\AppData\Roaming\Joytontip.tst
2016-06-03 19:28 - 2016-06-03 19:28 - 0126464 _____ () C:\Users\Belphegor\AppData\Roaming\lobby.dat
2016-06-03 19:28 - 2016-06-03 19:28 - 0018432 _____ () C:\Users\Belphegor\AppData\Roaming\Main.dat
2016-06-03 19:28 - 2016-06-03 19:28 - 0005568 _____ () C:\Users\Belphegor\AppData\Roaming\md.xml
2016-06-03 19:28 - 2016-06-03 19:28 - 0126464 _____ () C:\Users\Belphegor\AppData\Roaming\noah.dat
2016-06-03 19:28 - 2016-06-03 19:28 - 0848437 _____ () C:\Users\Belphegor\AppData\Roaming\Soltouch.bin
2016-06-03 19:29 - 2016-06-03 19:29 - 0001150 _____ () C:\Users\Belphegor\AppData\Roaming\uninstall_temp.ico

Some files in TEMP:
====================
C:\Users\Belphegor\AppData\Local\Temp\BDWebAdapterZip.dll
C:\Users\Belphegor\AppData\Local\Temp\file.exe
C:\Users\Belphegor\AppData\Local\Temp\KMSPico__11516_il62964.exe
C:\Users\Belphegor\AppData\Local\Temp\linker.exe
C:\Users\Belphegor\AppData\Local\Temp\nsb39B8.exe
C:\Users\Belphegor\AppData\Local\Temp\win10kms2016__2827_il28992.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-04 04:10

==================== End of FRST.txt ============================

https://www.mycity.rs/must-login.png

• 1Ovo se svidja korisniku: morando
  
  Registruj se da bi pohvalio/la poruku!

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

createrestorepoint:
HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\QQPCTray.exe" /regrun
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\QMGCShellExt64.dll No File
AppInit_DLLs: C:\ProgramData\Ronzap\Scotdox.dll => C:\ProgramData\Ronzap\Scotdox.dll [363008 2016-06-03] ()
AppInit_DLLs-x32: C:\ProgramData\Ronzap\Lotstock.dll => No File
ShellExecuteHooks: - {98C066AB-D735-4339-9E52-A34875141B56} - C:\Users\Belphegor\AppData\Local\Microsoft\Windows\INetCookies\plumach.dll [421048 2016-06-03] ()
HKU\S-1-5-21-3847194904-1008630732-2715752188-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWucCHW-Qax8yjRKlMxs1TsAF5r5Hd23nQNhqbirDhzvhWHoJXnIVZ2Bi9GehCKidY_edtjGu-crZU3A6a1jSUuRTlXAZnZPX-s_LkYoSelZGtdQ-66nqb6ljX5dSDqNyUR0mRNT4yu3h6ERa5Cy2kg3790kFooByi3tFiFB9O&q={searchTerms}
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\TSWebMon64.dat => No File
FF DefaultSearchEngine: hohosearch
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=hohosearch
FF Homepage: hxxps://www.google.rs/?gws_rd=cr,ssl&ei=xNJRV52PBqqY6ATbo5DADQ
FF Keyword.URL: hxxp://d2ucfwpxlh3zh3.cloudfront.net/chrome.php?uid=25A3512433712890FC91503324C9CEF4&ptid=amz&ts=AHEqB3YrC3MmBE..&v=20160603&mode=ffexttoolbar&q=
FF Plugin-x32: @baidu.com/npxbdcntb -> C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\npxbdcntb.dll [No File]
FF SearchPlugin: C:\Users\Belphegor\AppData\Roaming\Profiles\idd6j4e4.default\searchplugins\vfu7e69u.xml [2016-06-03]
FF Extension: GsearchFinder - C:\Users\Belphegor\AppData\Roaming\Profiles\idd6j4e4.default\Extensions\@A3592ADB-854A-443A-854E-EB92130D470D.xpi [2016-06-03]
C:\Program Files (x86)\Tencent
C:\ProgramData\Tencent
C:\ProgramData\TXQMPC
2016-06-03 20:30 - 2016-06-03 20:30 - 00000000 ____D C:\Program Files (x86)\Sudient
2016-06-03 20:30 - 2016-06-03 20:30 - 00000000 ____D C:\Program Files (x86)\Pwaied
2016-06-03 20:30 - 2016-06-03 20:30 - 00000000 ____D C:\Program Files (x86)\Mujoge
2016-06-03 19:28 - 2016-06-03 19:28 - 06859776 _____ C:\Users\Belphegor\AppData\Roaming\agent.dat
2016-06-03 19:28 - 2016-06-03 19:28 - 02279413 _____ C:\Users\Belphegor\AppData\Roaming\DripZentom.bin
2016-06-03 19:28 - 2016-06-03 19:28 - 01756999 _____ C:\Users\Belphegor\AppData\Roaming\Haysaillax.tst
2016-06-03 19:28 - 2016-06-03 19:28 - 00848437 _____ C:\Users\Belphegor\AppData\Roaming\Soltouch.bin
2016-06-03 19:28 - 2016-06-03 19:28 - 00189639 _____ () C:\Users\Belphegor\AppData\Roaming\BioSailex.bin
2016-06-03 19:28 - 2016-06-03 19:28 - 00126464 _____ C:\Users\Belphegor\AppData\Roaming\noah.dat
2016-06-03 19:28 - 2016-06-03 19:28 - 00126464 _____ C:\Users\Belphegor\AppData\Roaming\lobby.dat
2016-06-03 19:28 - 2016-06-03 19:28 - 00072820 _____ C:\Users\Belphegor\AppData\Roaming\Joytontip.tst
2016-06-03 19:28 - 2016-06-03 19:28 - 00067776 _____ C:\Users\Belphegor\AppData\Roaming\Config.xml
2016-06-03 19:28 - 2016-06-03 19:28 - 00054272 _____ C:\Users\Belphegor\AppData\Roaming\ApplicationHosting.dat
2016-06-03 19:28 - 2016-06-03 19:28 - 00018432 _____ C:\Users\Belphegor\AppData\Roaming\Main.dat
2016-06-03 19:28 - 2016-06-03 19:28 - 00005568 _____ C:\Users\Belphegor\AppData\Roaming\md.xml
2016-06-03 19:28 - 2016-06-03 19:28 - 00000000 ____D C:\Users\Belphegor\AppData\Local\PeerDistRepub
2016-06-03 19:28 - 2016-06-03 19:28 - 00000000 ____D C:\Program Files (x86)\Tencent
2016-06-03 19:28 - 2016-06-03 19:27 - 00792064 _____ C:\Users\Belphegor\AppData\Roaming\Joytontip.exe
2016-06-03 19:28 - 2016-06-03 19:27 - 00792064 _____ C:\Users\Belphegor\AppData\Roaming\Haysaillax.exe
2016-06-03 19:27 - 2016-06-03 19:27 - 00128512 _____ C:\Users\Belphegor\AppData\Roaming\Installer.dat
2016-06-03 19:27 - 2016-06-03 19:27 - 00019584 _____ C:\Users\Belphegor\AppData\Roaming\InstallationConfiguration.xml
2016-06-03 19:25 - 2016-06-03 19:26 - 00000000 ____D C:\Users\Belphegor\AppData\LocalLow\Baidu
2016-06-03 19:24 - 2016-06-03 20:58 - 00000000 ____D C:\Users\Belphegor\AppData\Roaming\Baidu
2016-06-03 19:24 - 2016-06-03 19:25 - 00000000 ____D C:\ProgramData\Baidu
2016-06-03 19:22 - 2016-06-03 20:30 - 00008980 _____ C:\Windows\System32\Tasks\Sudient Provider
S2 QQRepaira0a; "C:\Program Files (x86)\Tencent\QQPCMGR\QQRepaira0a" [X]
S2 sdnprvService; "C:\Program Files (x86)\Sudient\sdnprvService.html5" {79740E79-A383-47A7-B513-3DF6563D007F} {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} [X]
S1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\TSDefenseBT64.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
S1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\SRepairDrv [179320 2016-06-03] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-06-03] ()
Unlock: C:\Windows\system32\Drivers\TFsFltX64.sys
C:\Windows\system32\Drivers\TFsFltX64.sys
Unlock: C:\Windows\System32\DRIVERS\EsgScanner.sys
C:\Windows\System32\DRIVERS\EsgScanner.sys
AlternateDataStreams: C:\Users\Belphegor:Heroes & Generals [38]
Task: {2E3FEE0C-62D1-45E7-8659-16F5A40FDF94} - System32\Tasks\Sudient Provider => C:\Program Files (x86)\Sudient\sdnprvTask.exe [2016-06-03] () <==== ATTENTION
C:\Program Files (x86)\Sudient
EmptyTemp:


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Fix result of Farbar Recovery Scan Tool (x64) Version:03-06-2016
Ran by Belphegor (2016-06-04 19:55:20) Run:1
Running from C:\Users\Belphegor\Desktop
Loaded Profiles: Belphegor (Available Profiles: Belphegor)
Boot Mode: Normal
==============================================

fixlist content:
*****************
createrestorepoint:
HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\QQPCTray.exe" /regrun
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\QMGCShellExt64.dll No File
AppInit_DLLs: C:\ProgramData\Ronzap\Scotdox.dll => C:\ProgramData\Ronzap\Scotdox.dll [363008 2016-06-03] ()
AppInit_DLLs-x32: C:\ProgramData\Ronzap\Lotstock.dll => No File
ShellExecuteHooks: - {98C066AB-D735-4339-9E52-A34875141B56} - C:\Users\Belphegor\AppData\Local\Microsoft\Windows\INetCookies\plumach.dll [421048 2016-06-03] ()
HKU\S-1-5-21-3847194904-1008630732-2715752188-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWucCHW-Qax8yjRKlMxs1TsAF5r5Hd23nQNhqbirDhzvhWHoJXnIVZ2Bi9GehCKidY_edtjGu-crZU3A6a1jSUuRTlXAZnZPX-s_LkYoSelZGtdQ-66nqb6ljX5dSDqNyUR0mRNT4yu3h6ERa5Cy2kg3790kFooByi3tFiFB9O&q={searchTerms}
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\TSWebMon64.dat => No File
FF DefaultSearchEngine: hohosearch
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=hohosearch
FF Homepage: hxxps://www.google.rs/?gws_rd=cr,ssl&ei=xNJRV52PBqqY6ATbo5DADQ
FF Keyword.URL: hxxp://d2ucfwpxlh3zh3.cloudfront.net/chrome.php?uid=25A3512433712890FC91503324C9CEF4&ptid=amz&ts=AHEqB3YrC3MmBE..&v=20160603&mode=ffexttoolbar&q=
FF Plugin-x32: @baidu.com/npxbdcntb -> C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\npxbdcntb.dll [No File]
FF SearchPlugin: C:\Users\Belphegor\AppData\Roaming\Profiles\idd6j4e4.default\searchplugins\vfu7e69u.xml [2016-06-03]
FF Extension: GsearchFinder - C:\Users\Belphegor\AppData\Roaming\Profiles\idd6j4e4.default\Extensions\@A3592ADB-854A-443A-854E-EB92130D470D.xpi [2016-06-03]
C:\Program Files (x86)\Tencent
C:\ProgramData\Tencent
C:\ProgramData\TXQMPC
2016-06-03 20:30 - 2016-06-03 20:30 - 00000000 ____D C:\Program Files (x86)\Sudient
2016-06-03 20:30 - 2016-06-03 20:30 - 00000000 ____D C:\Program Files (x86)\Pwaied
2016-06-03 20:30 - 2016-06-03 20:30 - 00000000 ____D C:\Program Files (x86)\Mujoge
2016-06-03 19:28 - 2016-06-03 19:28 - 06859776 _____ C:\Users\Belphegor\AppData\Roaming\agent.dat
2016-06-03 19:28 - 2016-06-03 19:28 - 02279413 _____ C:\Users\Belphegor\AppData\Roaming\DripZentom.bin
2016-06-03 19:28 - 2016-06-03 19:28 - 01756999 _____ C:\Users\Belphegor\AppData\Roaming\Haysaillax.tst
2016-06-03 19:28 - 2016-06-03 19:28 - 00848437 _____ C:\Users\Belphegor\AppData\Roaming\Soltouch.bin
2016-06-03 19:28 - 2016-06-03 19:28 - 00189639 _____ () C:\Users\Belphegor\AppData\Roaming\BioSailex.bin
2016-06-03 19:28 - 2016-06-03 19:28 - 00126464 _____ C:\Users\Belphegor\AppData\Roaming\noah.dat
2016-06-03 19:28 - 2016-06-03 19:28 - 00126464 _____ C:\Users\Belphegor\AppData\Roaming\lobby.dat
2016-06-03 19:28 - 2016-06-03 19:28 - 00072820 _____ C:\Users\Belphegor\AppData\Roaming\Joytontip.tst
2016-06-03 19:28 - 2016-06-03 19:28 - 00067776 _____ C:\Users\Belphegor\AppData\Roaming\Config.xml
2016-06-03 19:28 - 2016-06-03 19:28 - 00054272 _____ C:\Users\Belphegor\AppData\Roaming\ApplicationHosting.dat
2016-06-03 19:28 - 2016-06-03 19:28 - 00018432 _____ C:\Users\Belphegor\AppData\Roaming\Main.dat
2016-06-03 19:28 - 2016-06-03 19:28 - 00005568 _____ C:\Users\Belphegor\AppData\Roaming\md.xml
2016-06-03 19:28 - 2016-06-03 19:28 - 00000000 ____D C:\Users\Belphegor\AppData\Local\PeerDistRepub
2016-06-03 19:28 - 2016-06-03 19:28 - 00000000 ____D C:\Program Files (x86)\Tencent
2016-06-03 19:28 - 2016-06-03 19:27 - 00792064 _____ C:\Users\Belphegor\AppData\Roaming\Joytontip.exe
2016-06-03 19:28 - 2016-06-03 19:27 - 00792064 _____ C:\Users\Belphegor\AppData\Roaming\Haysaillax.exe
2016-06-03 19:27 - 2016-06-03 19:27 - 00128512 _____ C:\Users\Belphegor\AppData\Roaming\Installer.dat
2016-06-03 19:27 - 2016-06-03 19:27 - 00019584 _____ C:\Users\Belphegor\AppData\Roaming\InstallationConfiguration.xml
2016-06-03 19:25 - 2016-06-03 19:26 - 00000000 ____D C:\Users\Belphegor\AppData\LocalLow\Baidu
2016-06-03 19:24 - 2016-06-03 20:58 - 00000000 ____D C:\Users\Belphegor\AppData\Roaming\Baidu
2016-06-03 19:24 - 2016-06-03 19:25 - 00000000 ____D C:\ProgramData\Baidu
2016-06-03 19:22 - 2016-06-03 20:30 - 00008980 _____ C:\Windows\System32\Tasks\Sudient Provider
S2 QQRepaira0a; "C:\Program Files (x86)\Tencent\QQPCMGR\QQRepaira0a" [X]
S2 sdnprvService; "C:\Program Files (x86)\Sudient\sdnprvService.html5" {79740E79-A383-47A7-B513-3DF6563D007F} {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} [X]
S1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\TSDefenseBT64.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
S1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\SRepairDrv [179320 2016-06-03] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-06-03] ()
Unlock: C:\Windows\system32\Drivers\TFsFltX64.sys
C:\Windows\system32\Drivers\TFsFltX64.sys
Unlock: C:\Windows\System32\DRIVERS\EsgScanner.sys
C:\Windows\System32\DRIVERS\EsgScanner.sys
AlternateDataStreams: C:\Users\Belphegor:Heroes & Generals [38]
Task: {2E3FEE0C-62D1-45E7-8659-16F5A40FDF94} - System32\Tasks\Sudient Provider => C:\Program Files (x86)\Sudient\sdnprvTask.exe [2016-06-03] () <==== ATTENTION
C:\Program Files (x86)\Sudient
EmptyTemp:
*****************

Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ QQPCTray => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.QMDeskTopGCIcon" => key removed successfully
"HKCR\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}" => key removed successfully
"C:\ProgramData\Ronzap\Scotdox.dll" => Value data not found.
"C:\ProgramData\Ronzap\Lotstock.dll" => Value data not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{98C066AB-D735-4339-9E52-A34875141B56} => value removed successfully
"HKCR\CLSID\{98C066AB-D735-4339-9E52-A34875141B56}" => key removed successfully
HKU\S-1-5-21-3847194904-1008630732-2715752188-1001\Software\Microsoft\Internet Explorer\Main\\SearchAssistant => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}" => key removed successfully
"HKCR\CLSID\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}" => key removed successfully
Firefox DefaultSearchEngine removed successfully
Firefox DefaultSearchEngine.US removed successfully
Firefox "homepage" removed successfully
Firefox "Keyword.URL" removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@baidu.com/npxbdcntb" => key removed successfully
C:\Users\Belphegor\AppData\Roaming\Profiles\idd6j4e4.default\searchplugins\vfu7e69u.xml => moved successfully
C:\Users\Belphegor\AppData\Roaming\Profiles\idd6j4e4.default\Extensions\@A3592ADB-854A-443A-854E-EB92130D470D.xpi => moved successfully
C:\Program Files (x86)\Tencent => moved successfully
C:\ProgramData\Tencent => moved successfully
C:\ProgramData\TXQMPC => moved successfully
C:\Program Files (x86)\Sudient => moved successfully
C:\Program Files (x86)\Pwaied => moved successfully
C:\Program Files (x86)\Mujoge => moved successfully
C:\Users\Belphegor\AppData\Roaming\agent.dat => moved successfully
C:\Users\Belphegor\AppData\Roaming\DripZentom.bin => moved successfully
C:\Users\Belphegor\AppData\Roaming\Haysaillax.tst => moved successfully
C:\Users\Belphegor\AppData\Roaming\Soltouch.bin => moved successfully
C:\Users\Belphegor\AppData\Roaming\BioSailex.bin => moved successfully
C:\Users\Belphegor\AppData\Roaming\noah.dat => moved successfully
C:\Users\Belphegor\AppData\Roaming\lobby.dat => moved successfully
C:\Users\Belphegor\AppData\Roaming\Joytontip.tst => moved successfully
C:\Users\Belphegor\AppData\Roaming\Config.xml => moved successfully
C:\Users\Belphegor\AppData\Roaming\ApplicationHosting.dat => moved successfully
C:\Users\Belphegor\AppData\Roaming\Main.dat => moved successfully
C:\Users\Belphegor\AppData\Roaming\md.xml => moved successfully
C:\Users\Belphegor\AppData\Local\PeerDistRepub => moved successfully
"C:\Program Files (x86)\Tencent" => not found.
C:\Users\Belphegor\AppData\Roaming\Joytontip.exe => moved successfully
C:\Users\Belphegor\AppData\Roaming\Haysaillax.exe => moved successfully
C:\Users\Belphegor\AppData\Roaming\Installer.dat => moved successfully
C:\Users\Belphegor\AppData\Roaming\InstallationConfiguration.xml => moved successfully
C:\Users\Belphegor\AppData\LocalLow\Baidu => moved successfully
C:\Users\Belphegor\AppData\Roaming\Baidu => moved successfully
C:\ProgramData\Baidu => moved successfully
C:\Windows\System32\Tasks\Sudient Provider => moved successfully
QQRepaira0a => service removed successfully
sdnprvService => service removed successfully
TSDefenseBt => service removed successfully
wfpcapture => service removed successfully
SRepairDrv => service removed successfully
EsgScanner => service removed successfully
"C:\Windows\system32\Drivers\TFsFltX64.sys" => was unlocked
C:\Windows\system32\Drivers\TFsFltX64.sys => moved successfully
"C:\Windows\System32\DRIVERS\EsgScanner.sys" => was unlocked
C:\Windows\System32\DRIVERS\EsgScanner.sys => moved successfully
C:\Users\Belphegor => ":Heroes & Generals" ADS removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E3FEE0C-62D1-45E7-8659-16F5A40FDF94}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E3FEE0C-62D1-45E7-8659-16F5A40FDF94}" => key removed successfully
C:\Windows\System32\Tasks\Sudient Provider => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Sudient Provider" => key removed successfully
"C:\Program Files (x86)\Sudient" => not found.
EmptyTemp: => 489.1 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 19:56:04 ====

• 1Ovo se svidja korisniku: morando
  
  Registruj se da bi pohvalio/la poruku!

Kakvo je sad stanje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sad je super.

• 1Ovo se svidja korisniku: morando
  
  Registruj se da bi pohvalio/la poruku!

Odlicno.

• Sledeća procedura će implementirati završno čišćenje.



Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.

Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;
Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.

Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Ukoliko neki alat ili izveštaj nije uklonjen, slobodno ih obriši ručno.


Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)
- Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
- DelFix briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.