Dobrý den, prosím pomoc!
Nějak jsem si do pc (Win 10) stáhnul havěť jménem cmdsrvs. Jednak si to na disku vytvořilo složku Applications a jednak mi několik procesů tohoto jména neustále běží (a je tam spousta svchost) a je to ještě asi bůhvíkde jinde. Ty procesy vypnout nejdou a ta složka samozřejmě nejde smazat. Zkoušel jsem nějaké antimalware atd., ale tohle svinstvo se pořád drží, už fakt nevím, co s tím, je to zoufalý...
Please help, díky moc!!!
Poslal bych vám rovnou nějakej log, ale nevím, kterej program atd.
Update: Dneska složka smazat jde, ale stejně mám podezření na viry, prosím pomoc. Děkuju...
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Neodstranitelný virus cmdsrvs – pls help
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Neodstranitelný virus cmdsrvs – pls help
Naposledy upravil(a) jamillos dne 09 bře 2018 16:41, celkem upraveno 1 x.
-
Rudy
- Site Admin
- Příspěvky: 118251
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Neodstranitelný virus cmdsrvs – pls help
Zdravím!
Dejte log FRST: https://forum.viry.cz/viewtopic.php?f=13&t=152707 .
Dejte log FRST: https://forum.viry.cz/viewtopic.php?f=13&t=152707 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Neodstranitelný virus cmdsrvs – pls help
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.03.2018
Ran by DF (administrator) on DESKTOP-EORD0IQ (09-03-2018 16:24:12)
Running from C:\Users\DF\Desktop
Loaded Profiles: DF (Available Profiles: defaultuser0 & DF)
Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHDCPSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHeciSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxEM.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(forum.viry.cz) C:\Users\DF\Desktop\FRSTLauncher.exe
(Opera Software) C:\Program Files\Opera\51.0.2830.40\opera_autoupdate.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [599896 2015-06-10] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830232 2016-03-08] (Conexant Systems, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-08] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3694548718-1825946254-3049225486-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-3694548718-1825946254-3049225486-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\SysWOW64\3PLANE~1.SCR [749632 2013-10-20] (3Planesoft)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.106.4.1 10.106.47.1
Tcpip\..\Interfaces\{4038fa66-0d36-4b65-8251-4a580cd01e27}: [DhcpNameServer] 10.106.4.1 10.106.47.1
Tcpip\..\Interfaces\{76f534f5-6748-42cc-b11b-80df3dbdddf3}: [DhcpNameServer] 169.254.177.95
Internet Explorer:
==================
HKU\S-1-5-21-3694548718-1825946254-3049225486-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-3694548718-1825946254-3049225486-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10454__171204__yaie&p={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-22] (Oracle Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2013-03-11] (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-22] (Oracle Corporation)
Edge:
======
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.9.0_neutral__d55gg7py3s0m0 [2017-06-22]
FireFox:
========
FF DefaultProfile: 4mte9l68.default
FF ProfilePath: C:\Users\DF\AppData\Roaming\Mozilla\Firefox\Profiles\4mte9l68.default [2018-03-08]
FF Extension: (Adblock Plus) - C:\Users\DF\AppData\Roaming\Mozilla\Firefox\Profiles\4mte9l68.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-02-28]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-15] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-22] (Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
Opera:
=======
OPR Extension: (SmoothScroll) - C:\Users\DF\AppData\Roaming\Opera Software\Opera Stable\Extensions\giapppmfepkcnkmphikjdibgekehlfhj [2018-02-28]
OPR Extension: (Download with JDownloader) - C:\Users\DF\AppData\Roaming\Opera Software\Opera Stable\Extensions\jjbbcngfknmgdlekfofhaagmogeifbpc [2018-02-28]
OPR Extension: (Adblock Plus) - C:\Users\DF\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2018-01-30]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7556704 2018-03-08] (AVAST Software)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [325880 2015-12-14] (Windows (R) Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-08] (AVAST Software)
S3 Disc Soft Pro Bus Service; C:\Program Files\DAEMON Tools Pro\DiscSoftBusServicePro.exe [1392320 2016-10-19] (Disc Soft Ltd)
R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1585784 2016-05-23] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2016-03-02] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-03-02] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [215328 2016-05-16] (Intel Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation)
R2 SAService; C:\Windows\system32\SAsrv.exe [427224 2015-04-17] (Conexant Systems, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AsusSGDrv; C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys [138744 2015-08-17] (ASUS Corporation)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [196648 2018-03-08] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [227504 2018-03-08] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199440 2018-03-08] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343752 2018-03-08] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57680 2018-03-08] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [215320 2018-03-08] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-03-08] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [146656 2018-03-08] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110328 2018-03-08] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84368 2018-03-08] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026696 2018-03-08] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460520 2018-03-08] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [205976 2018-03-08] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380528 2018-03-08] (AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [70208 2016-05-23] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [65088 2016-05-23] (Intel Corporation)
R3 dtproscsibus; C:\WINDOWS\System32\drivers\dtproscsibus.sys [30264 2017-06-18] (Disc Soft Ltd)
R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [343608 2016-05-23] (Intel Corporation)
S3 farmntio; C:\Windows\system32\drivers\farmntio.sys [25144 2014-03-25] () [File not signed]
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_bdb672bcf02c0cf0\nvlddmkm.sys [16936048 2017-10-28] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-11] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-10-27] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [937728 2016-05-17] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
U0 Partizan; system32\drivers\Partizan.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-03-09 16:24 - 2018-03-09 16:24 - 000014771 _____ C:\Users\DF\Desktop\FRST.txt
2018-03-09 16:23 - 2018-03-09 16:24 - 000000000 ____D C:\FRST
2018-03-09 16:22 - 2018-03-09 16:22 - 000112640 _____ (forum.viry.cz) C:\Users\DF\Desktop\FRSTLauncher.exe
2018-03-09 16:21 - 2018-03-09 16:21 - 002403328 _____ (Farbar) C:\Users\DF\Desktop\FRST64.exe
2018-03-08 23:16 - 2018-03-08 23:16 - 000380768 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-03-08 23:00 - 2018-03-08 22:51 - 000007019 _____ C:\WINDOWS\system32\Drivers\etc\hosts.old
2018-03-08 22:58 - 2018-03-08 23:03 - 000000000 ____D C:\Users\DF\Documents\RegRun2
2018-03-08 22:58 - 2018-03-08 23:01 - 000000000 ____D C:\Users\Public\Documents\regruninfo
2018-03-08 22:58 - 2018-03-08 22:59 - 000000002 RSHOT C:\WINDOWS\winstart.bat
2018-03-08 22:58 - 2018-03-08 22:59 - 000000002 RSHOT C:\WINDOWS\SysWOW64\CONFIG.NT
2018-03-08 22:58 - 2018-03-08 22:59 - 000000002 RSHOT C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2018-03-08 22:58 - 2016-11-01 13:08 - 000015016 _____ (Greatis Software, LLC.) C:\WINDOWS\SysWOW64\Drivers\UnHackMeDrv.sys
2018-03-08 22:58 - 2015-12-28 11:32 - 000049968 _____ (Greatis Software) C:\WINDOWS\system32\partizan.exe
2018-03-08 22:51 - 2018-03-08 23:22 - 000000080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\uTorrent.lnk
2018-03-08 22:51 - 2018-03-08 23:21 - 000000080 _____ C:\Users\DF\AppData\Roaming\Microsoft\Windows\Start Menu\uTorrent.lnk
2018-03-08 21:34 - 2018-03-08 23:20 - 000000000 ____D C:\ProgramData\tiser
2018-03-08 21:34 - 2018-03-08 21:39 - 000000000 ____D C:\ProgramData\0163fa1137
2018-03-08 21:33 - 2018-03-08 22:18 - 000000000 ____D C:\Users\DF\AppData\Local\AdService
2018-03-08 21:33 - 2018-03-08 21:33 - 000140800 _____ C:\Users\DF\AppData\Local\installer.dat
2018-03-08 20:45 - 2018-03-08 20:45 - 000000000 ____D C:\Users\DF\AppData\Local\Microsoft Help
2018-03-08 20:42 - 2018-03-08 20:45 - 000000000 ____D C:\Users\DF\AppData\Roaming\Bonjour
2018-03-08 20:42 - 2018-03-08 20:42 - 000000000 ____D C:\Users\DF\AppData\Local\Bonjour service
2018-03-08 19:22 - 2018-03-08 23:21 - 000001256 _____ C:\Users\DF\Desktop\3Planesoft Screensaver Manager.lnk
2018-03-08 19:22 - 2018-03-08 19:22 - 000000000 ____D C:\Users\DF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3Planesoft 3D Screensavers All in One
2018-03-08 19:22 - 2018-03-08 19:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Planesoft
2018-03-08 19:22 - 2018-03-08 19:22 - 000000000 ____D C:\ProgramData\3Planesoft
2018-03-08 19:22 - 2018-03-08 19:22 - 000000000 ____D C:\Program Files (x86)\3Planesoft Screensaver Manager
2018-03-08 19:22 - 2013-10-20 14:11 - 000749632 _____ (3Planesoft) C:\WINDOWS\SysWOW64\3Planesoft_Screensaver_Manager.scr
2018-03-08 19:22 - 2013-04-05 15:16 - 002530328 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Water_Clock_3D_Screensaver.scr
2018-03-08 19:22 - 2013-04-04 17:21 - 002525728 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Vintage_Aircraft_3D_Screensaver.scr
2018-03-08 19:22 - 2013-04-04 17:18 - 002535968 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Winter_Wonderland_3D_Screensaver.scr
2018-03-08 19:22 - 2013-02-06 11:11 - 002519576 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Zodiac_Clock_3D_Screensaver.scr
2018-03-08 19:22 - 2013-02-06 11:09 - 002621984 _____ (3Planesoft) C:\WINDOWS\SysWOW64\White_Christmas_3D_Screensaver.scr
2018-03-08 19:22 - 2013-02-06 11:09 - 002551832 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Wildflowers_3D_Screensaver.scr
2018-03-08 19:22 - 2013-02-06 11:08 - 000981024 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Western_Railway_3D_Screensaver.scr
2018-03-08 19:22 - 2013-02-06 11:07 - 002509328 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Watermill_3D_Screensaver.scr
2018-03-08 19:22 - 2013-02-06 11:06 - 000953896 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Voyage_of_Columbus_3D_Screensaver.scr
2018-03-08 19:22 - 2013-02-06 11:03 - 002653728 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Venice_Carnival_3D_Screensaver.scr
2018-03-08 19:21 - 2013-10-21 19:12 - 002591256 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Starry_Night_3D_Screensaver.scr
2018-03-08 19:21 - 2013-10-21 19:11 - 002828344 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Sky_Citadel_3D_Screensaver.scr
2018-03-08 19:21 - 2013-10-21 19:10 - 002723344 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Sharks_3D_Screensaver.scr
2018-03-08 19:21 - 2013-10-21 17:19 - 002729528 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Tiger_Sharks_3D_Screensaver.scr
2018-03-08 19:21 - 2013-04-02 10:01 - 002540056 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Steam_Clock_3D_Screensaver.scr
2018-03-08 19:21 - 2013-03-01 11:14 - 002532376 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Snow_Village_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 11:03 - 002678312 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Valentine_Musicbox_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 11:02 - 002526736 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Valentine_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 11:01 - 002528800 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Tyrannosaurus_Rex_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 11:01 - 002511384 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Tropical_Fish_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 11:00 - 002635296 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Titanic_Memories_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:59 - 000825368 _____ (3Planesoft) C:\WINDOWS\SysWOW64\The_One_Ring_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:58 - 000981536 _____ (3Planesoft) C:\WINDOWS\SysWOW64\The_Lost_Watch_II_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:57 - 002827296 _____ (3Planesoft) C:\WINDOWS\SysWOW64\The_Lost_Watch_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:57 - 002689568 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Thanksgiving_Day_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:56 - 002653208 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Sunny_Patio_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:56 - 002532376 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Sweethearts_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:55 - 002535448 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Sun_Village_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:54 - 002765336 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Summer_Forest_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:53 - 002660888 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Stonehenge_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:53 - 002527776 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Stock_Car_Racing_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:51 - 002532888 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Springtime_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:51 - 000956960 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Spirit_of_Fire_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:49 - 004640288 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Skeleton_Clock_3D_Screensaver.scr
2018-03-08 19:20 - 2013-10-21 19:10 - 002658376 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Sharks_-_Great_White_3D_Screensaver.scr
2018-03-08 19:20 - 2013-10-21 19:09 - 002634272 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Futuristic_City_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:48 - 002541592 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Santa_Claus_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:47 - 002644504 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Sandy_Beach_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:46 - 002638368 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Orbital_Sunset_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:46 - 000946704 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Nautilus_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:45 - 000956944 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Nature_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:44 - 002531880 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Mountain_Waterfall_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:43 - 002535968 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Medieval_Castle_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:43 - 002531872 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Mechanical_Clock_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:42 - 000973856 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Mayan_Waterfall_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:42 - 000972832 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Lighthouse_Point_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:41 - 000817168 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Lantern_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:40 - 002668560 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Lake_Tree_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:40 - 000951824 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Lagoon_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:39 - 002545680 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Koi_Fish_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:39 - 002516496 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Ice_Clock_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:38 - 002534936 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Haunted_House_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:38 - 000942608 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Halloween_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:36 - 002679840 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Great_Pyramids_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:36 - 002534928 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Grassland_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:35 - 002664472 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Grand_Canyon_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:34 - 002522632 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Fog_Lake_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:34 - 000970256 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Galleon_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:33 - 002775576 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Fog_Horses_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:32 - 002519080 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Fireside_Christmas_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:32 - 000991752 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Flag_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:31 - 002671120 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Fireplace_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:31 - 002525216 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Faraway_Planet_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:30 - 000954392 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Fantasy_Moon_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:29 - 002637320 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Earth_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:29 - 000973344 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Dutch_Windmills_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:28 - 002693648 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Dolphins_3D_Screensaver.scr
2018-03-08 19:19 - 2018-03-08 19:22 - 000000000 ____D C:\Program Files (x86)\3Planesoft 3D Screensavers All in One
2018-03-08 19:19 - 2013-04-05 16:46 - 002527256 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Deep_Space_3D_Screensaver.scr
2018-03-08 19:19 - 2013-04-04 17:19 - 002536992 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Caribbean_Islands_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:27 - 002559000 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Digital_Clock_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:27 - 000957968 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Discovery_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:25 - 002532368 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Cyberfish_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:25 - 000947736 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Cuckoo_Clock_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:24 - 000980000 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Crystal_Fireplace_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:23 - 002510872 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Coral_Clock_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:23 - 002504216 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Coral_Reef_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:22 - 000953368 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Clock_Tower_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:21 - 002646048 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Christmas_Evening_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:21 - 002526240 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Christmas_Bells_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:20 - 000951312 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Christmas_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:19 - 002610208 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Blooming_Sakura_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:18 - 000971304 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Battleship_Missouri_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:17 - 002656792 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Autumn_Forest_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:17 - 002541600 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Autumn_Wonderland_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:16 - 002512928 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Ancient_Castle_3D_Screensaver.scr
2018-03-08 19:19 - 2009-07-15 18:54 - 001289216 _____ C:\WINDOWS\SysWOW64\Christmas Tree 3D Screensaver.exe
2018-03-08 19:19 - 2003-11-28 15:19 - 000187904 _____ C:\WINDOWS\SysWOW64\Christmas Tree 3D Screensaver.scr
2018-03-07 20:33 - 2018-03-08 23:21 - 000000743 _____ C:\Users\DF\Desktop\The Painscreek Killings.lnk
2018-03-07 18:48 - 2018-03-07 18:48 - 000000000 ____D C:\Users\DF\AppData\LocalLow\EQ Studios
2018-02-28 17:10 - 2018-02-28 17:10 - 000000000 ____D C:\Users\DF\AppData\Local\com.add0n.native_client
2018-02-28 17:08 - 2018-02-28 17:08 - 013088554 _____ C:\Users\DF\Downloads\windows.zip
2018-02-28 17:08 - 2018-02-28 17:08 - 013088554 _____ C:\Users\DF\Downloads\windows(1).zip
2018-02-26 20:43 - 2018-02-26 20:43 - 000000000 ____D C:\Users\DF\hitman
2018-02-26 10:19 - 2018-03-08 23:21 - 000001221 _____ C:\Users\DF\Desktop\Prey.lnk
2018-02-24 08:55 - 2018-03-07 18:37 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2018-02-24 08:54 - 2018-02-24 08:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2018-02-23 05:15 - 2018-03-08 23:23 - 000001051 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-02-23 05:15 - 2018-03-08 21:58 - 000000000 ____D C:\Users\DF\AppData\LocalLow\Mozilla
2018-02-23 05:15 - 2018-02-23 05:19 - 000000000 ____D C:\Users\DF\AppData\Local\Mozilla
2018-02-23 05:15 - 2018-02-23 05:15 - 000000000 ____D C:\Users\DF\AppData\Roaming\Mozilla
2018-02-23 05:15 - 2018-02-23 05:15 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-02-23 05:15 - 2018-02-23 05:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-22 16:15 - 2018-02-22 16:15 - 000000000 ____D C:\Users\DF\AppData\Local\ElevatedDiagnostics
2018-02-21 20:30 - 2018-03-08 23:21 - 000001564 _____ C:\Users\DF\Desktop\Windows Media Player.lnk
2018-02-21 19:58 - 2018-03-08 23:21 - 000001300 _____ C:\Users\DF\Desktop\Media Player Classic.lnk
2018-02-21 15:58 - 2018-02-21 15:58 - 000000000 ___HD C:\ProgramData\CanonIJScan
2018-02-21 15:57 - 2018-02-21 15:57 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-02-21 15:56 - 2018-02-21 15:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series
2018-02-21 15:56 - 2012-07-04 11:55 - 001354240 _____ (CANON INC.) C:\WINDOWS\system32\CNC280C.dll
2018-02-21 15:56 - 2012-07-04 11:55 - 000112128 _____ (CANON INC.) C:\WINDOWS\system32\CNC280I.dll
2018-02-21 15:56 - 2012-07-04 11:29 - 000106496 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC280U.dll
2018-02-21 15:56 - 2012-04-18 13:24 - 000103424 _____ (Canon Inc.) C:\WINDOWS\system32\CNC280O.dll
2018-02-21 15:56 - 2010-03-18 19:26 - 000348672 _____ (CANON INC.) C:\WINDOWS\system32\CNC280L.dll
2018-02-21 15:56 - 2010-03-18 19:25 - 000307200 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC280L.dll
2018-02-21 15:56 - 2009-11-13 14:38 - 000012800 _____ C:\WINDOWS\SysWOW64\CNC1746D.TBL
2018-02-21 15:56 - 2008-08-25 18:02 - 000017920 _____ (CANON INC.) C:\WINDOWS\system32\CNHMCA6.dll
2018-02-21 15:56 - 2008-08-25 18:02 - 000015872 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNHMCA.dll
2018-02-21 15:41 - 2018-02-21 15:41 - 000000000 ___HD C:\ProgramData\CanonIJEGV
2018-02-21 15:38 - 2018-02-21 15:38 - 000000000 ____D C:\Users\DF\AppData\Local\Canon Easy-PhotoPrint EX
2018-02-21 15:37 - 2018-02-21 15:58 - 000000000 ____D C:\Users\DF\AppData\Roaming\Canon
2018-02-21 15:32 - 2018-02-21 15:32 - 000000000 ___HD C:\ProgramData\CanonIJEPPEX2
2018-02-21 15:32 - 2018-02-21 15:32 - 000000000 ___HD C:\ProgramData\CanonEPP
2018-02-21 15:31 - 2018-02-21 15:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registrace uživatele zařízení Canon MP280 series
2018-02-21 15:31 - 2018-02-21 15:31 - 000000000 ____D C:\ProgramData\CanonIJMSetup
2018-02-21 15:20 - 2018-02-21 15:20 - 000000000 ____D C:\Program Files\Common Files\CANON
2018-02-21 15:19 - 2018-03-08 23:21 - 000002154 _____ C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
2018-02-21 15:19 - 2018-02-21 15:19 - 000000000 ____D C:\ProgramData\CanonIJWSpt
2018-02-21 15:18 - 2018-02-21 15:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2018-02-21 15:18 - 2018-02-21 15:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series Manual
2018-02-21 15:18 - 2018-02-21 15:18 - 000000000 ____D C:\Program Files\Canon
2018-02-21 15:17 - 2018-02-21 15:17 - 000000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2018-02-21 15:17 - 2018-02-21 15:17 - 000000000 ___HD C:\Program Files\CanonBJ
2018-02-21 15:16 - 2018-02-21 15:16 - 000000000 ___HD C:\ProgramData\CanonBJ
2018-02-21 15:16 - 2012-03-14 05:00 - 000385024 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMAA.DLL
2018-02-21 15:15 - 2018-02-21 15:43 - 000000000 ____D C:\Program Files (x86)\Canon
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-03-09 16:23 - 2017-06-18 15:18 - 000000000 ____D C:\My i-net stuff
2018-03-09 16:04 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-09 15:44 - 2017-02-22 17:44 - 000000200 _____ C:\Users\DF\AppData\Roaming\sp_data.sys
2018-03-09 15:29 - 2017-12-04 09:07 - 000000000 ____D C:\Users\DF\AppData\LocalLow\uTorrent
2018-03-09 15:29 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-09 15:29 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-09 15:29 - 2017-07-01 11:07 - 000000000 ____D C:\Users\DF\AppData\Roaming\uTorrent
2018-03-09 15:27 - 2017-02-22 16:45 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-09 15:25 - 2017-06-18 18:25 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2018-03-09 15:24 - 2017-12-22 10:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-09 15:24 - 2017-02-22 17:41 - 000000000 __SHD C:\Users\DF\IntelGraphicsProfiles
2018-03-08 23:39 - 2017-09-29 09:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-03-08 23:27 - 2017-06-18 15:30 - 000000000 ____D C:\X-Files
2018-03-08 23:25 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-03-08 23:25 - 2017-09-29 14:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-08 23:25 - 2017-06-18 20:27 - 000000000 ____D C:\Users\DF\AppData\Roaming\MPC-HC
2018-03-08 23:25 - 2017-06-18 19:25 - 000000000 ____D C:\Users\DF\AppData\Roaming\DAEMON Tools Pro
2018-03-08 23:25 - 2017-06-18 17:12 - 000000000 ____D C:\Users\DF\AppData\Roaming\Free Download Manager
2018-03-08 23:23 - 2017-12-22 10:39 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-03-08 23:23 - 2017-07-31 06:00 - 000000908 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grand Theft Auto V.lnk
2018-03-08 23:23 - 2017-06-29 20:11 - 000001156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2018-03-08 23:23 - 2017-06-19 19:37 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-03-08 23:23 - 2017-06-18 13:24 - 000002025 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-03-08 23:22 - 2017-12-22 10:59 - 000002384 _____ C:\Users\DF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-08 23:22 - 2017-06-18 13:19 - 000001053 _____ C:\Users\DF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Volitelné funkce.lnk
2018-03-08 23:22 - 2017-02-22 16:49 - 000001963 _____ C:\ProgramData\Microsoft\Windows\Start Menu\SmartAudio.lnk
2018-03-08 23:21 - 2017-12-22 12:19 - 000000405 _____ C:\Users\DF\Desktop\Control Panel.lnk
2018-03-08 23:21 - 2017-12-22 10:32 - 000389104 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-08 23:21 - 2017-07-31 06:00 - 000000940 _____ C:\Users\Public\Desktop\Grand Theft Auto V.lnk
2018-03-08 23:21 - 2017-07-05 11:01 - 000001417 _____ C:\Users\DF\Desktop\Shutdown.lnk
2018-03-08 23:21 - 2017-06-22 16:00 - 000001002 _____ C:\Users\DF\Desktop\4K Video Downloader.lnk
2018-03-08 23:21 - 2017-06-20 21:51 - 000001190 _____ C:\Users\DF\Desktop\Paint.lnk
2018-03-08 23:21 - 2017-06-19 17:56 - 000000855 _____ C:\Users\DF\Desktop\Fraps.lnk
2018-03-08 23:21 - 2017-06-19 17:43 - 000001277 _____ C:\Users\DF\Desktop\Format Factory.lnk
2018-03-08 23:21 - 2017-06-19 16:50 - 000001173 _____ C:\Users\DF\Desktop\WinMend Folder Hidden.lnk
2018-03-08 23:21 - 2017-06-19 16:19 - 000002833 _____ C:\Users\Public\Desktop\Nero StartSmart.lnk
2018-03-08 23:21 - 2017-06-18 19:25 - 000001812 _____ C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
2018-03-08 23:21 - 2017-06-18 17:46 - 000002737 _____ C:\Users\DF\Desktop\Microsoft Office Word 2003.lnk
2018-03-08 23:21 - 2017-06-18 17:12 - 000001142 _____ C:\Users\DF\Desktop\Free Download Manager.lnk
2018-03-08 23:21 - 2017-06-18 17:10 - 000001145 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-03-08 23:21 - 2017-06-18 17:03 - 000001241 _____ C:\Users\DF\Desktop\Lingea Lexicon.lnk
2018-03-08 23:21 - 2017-06-18 15:30 - 000000747 _____ C:\Users\DF\Desktop\X-Files.lnk
2018-03-08 23:21 - 2017-06-18 15:19 - 000000812 _____ C:\Users\DF\Desktop\My i-net stuff.lnk
2018-03-08 23:21 - 2017-06-18 14:04 - 000001149 _____ C:\Users\DF\Desktop\Notepad.lnk
2018-03-08 23:21 - 2017-06-18 13:37 - 000001212 _____ C:\Users\Public\Desktop\Opera.lnk
2018-03-08 23:21 - 2017-02-27 17:23 - 000000745 _____ C:\Users\DF\Desktop\Dokumenty.lnk
2018-03-08 23:21 - 2017-02-27 17:22 - 000000436 _____ C:\Users\DF\Desktop\Tento počítač.lnk
2018-03-08 23:16 - 2017-12-22 10:51 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-03-08 23:16 - 2017-12-22 08:36 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-03-08 23:16 - 2017-11-09 21:39 - 000196648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-03-08 23:16 - 2017-06-18 13:24 - 000460520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-03-08 23:16 - 2017-06-18 13:24 - 000380528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-03-08 23:16 - 2017-06-18 13:24 - 000205976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-03-08 23:16 - 2017-06-18 13:24 - 000146656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-03-08 23:16 - 2017-06-18 13:24 - 000110328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-03-08 23:16 - 2017-06-18 13:24 - 000084368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-03-08 23:16 - 2017-06-18 13:24 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-03-08 23:15 - 2017-12-22 08:35 - 000215320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-03-08 23:15 - 2017-06-18 13:24 - 001026696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-03-08 23:15 - 2017-06-18 13:24 - 000343752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-03-08 23:15 - 2017-06-18 13:24 - 000227504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-03-08 23:15 - 2017-06-18 13:24 - 000199440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-03-08 23:15 - 2017-06-18 13:24 - 000057680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-03-08 23:12 - 2017-06-18 19:04 - 000000000 ____D C:\Users\DF\Documents\Download
2018-03-08 22:29 - 2017-09-29 14:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-03-08 22:29 - 2017-09-29 14:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-03-08 22:29 - 2017-06-18 17:41 - 000000000 ____D C:\WINDOWS\SHELLNEW
2018-03-08 22:29 - 2017-02-22 17:08 - 000000000 ____D C:\Program Files\Microsoft Office
2018-03-08 22:29 - 2016-11-14 03:29 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-03-08 22:28 - 2017-09-29 14:46 - 000000000 ____D C:\Program Files\Common Files\system
2018-03-08 22:28 - 2016-07-16 12:47 - 000000076 _____ C:\WINDOWS\win.ini
2018-03-08 22:22 - 2017-06-19 18:01 - 000000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2018-03-08 22:06 - 2017-12-08 12:24 - 000000904 _____ C:\WINDOWS\Tasks\WinmendUpdateTask_DF.job
2018-03-08 20:40 - 2017-12-22 10:51 - 000003622 _____ C:\WINDOWS\System32\Tasks\WinmendUpdateTask_DF
2018-03-08 16:27 - 2017-12-22 10:32 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-08 07:28 - 2017-06-18 15:45 - 000000000 ____D C:\Users\DF\Documents\Pics
2018-03-07 20:34 - 2017-06-18 15:33 - 000307200 _____ C:\Users\DF\Documents\db3 - games.mdb
2018-03-07 20:31 - 2017-06-20 20:10 - 000000000 ____D C:\Users\DF\Documents\Games
2018-03-07 18:36 - 2017-06-24 09:40 - 000000000 ___HD C:\WINDOWS\msdownld.tmp
2018-03-07 18:22 - 2017-06-24 05:45 - 000000000 ____D C:\Games
2018-03-02 15:21 - 2017-12-22 10:51 - 000003958 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1497789448
2018-03-02 15:21 - 2017-06-18 13:37 - 000000000 ____D C:\Program Files\Opera
2018-03-01 15:15 - 2017-12-22 10:51 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-02-27 16:21 - 2017-06-18 15:33 - 000020480 _____ C:\Users\DF\Documents\Placení.xls
2018-02-26 21:30 - 2017-12-22 10:37 - 000000000 ____D C:\Users\DF
2018-02-23 18:35 - 2017-06-18 15:33 - 000700416 _____ C:\Users\DF\Documents\db1 - music.mdb
2018-02-23 18:34 - 2017-06-18 15:45 - 000000000 ____D C:\Users\DF\Documents\Music - playlists
2018-02-21 16:01 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-02-21 15:57 - 2017-09-29 14:46 - 000000000 __RSD C:\WINDOWS\media
2018-02-21 15:34 - 2017-12-22 10:51 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-02-19 17:51 - 2017-12-22 08:36 - 000061304 ____N () C:\WINDOWS\SMSS-PFRO6810.tmp
2018-02-15 16:35 - 2017-12-22 10:51 - 000003226 _____ C:\WINDOWS\System32\Tasks\klcp_update
2018-02-15 16:35 - 2017-06-18 20:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2018-02-15 16:35 - 2017-06-18 20:26 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2018-02-14 16:22 - 2017-06-18 21:20 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-02-14 16:20 - 2017-10-11 15:12 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-02-14 16:20 - 2017-06-18 21:19 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-02-13 16:52 - 2017-06-18 17:10 - 000000000 ____D C:\Users\DF\AppData\Roaming\vlc
2018-02-07 17:50 - 2017-09-29 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp
==================== Files in the root of some directories =======
2017-02-22 17:44 - 2018-03-09 15:44 - 000000200 _____ () C:\Users\DF\AppData\Roaming\sp_data.sys
2018-03-08 21:33 - 2018-03-08 21:33 - 000140800 _____ () C:\Users\DF\AppData\Local\installer.dat
Some files in TEMP:
====================
2018-03-08 17:17 - 2018-03-08 17:17 - 000043520 ____N () C:\Users\DF\AppData\Local\Temp\proxy_vole4799743532630143281.dll
2018-03-08 17:17 - 2018-03-08 17:17 - 000043520 ____N () C:\Users\DF\AppData\Local\Temp\proxy_vole7418002494624113677.dll
2018-03-08 06:54 - 2018-03-08 06:54 - 006359392 _____ () C:\Users\DF\AppData\Local\Temp\setup.dll
2018-03-08 21:34 - 2018-03-08 21:34 - 048475783 _____ (My Company, Inc. ) C:\Users\DF\AppData\Local\Temp\setups.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\WinmendUpdateTask_DF.job => C:\Program Files (x86)\WinMend\Folder Hidden\LiveUpdate.exe
Task: C:\WINDOWS\Tasks\WpsExternal_20161114022915.job => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\DF\Desktop" je 2 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
==================== End Of Log ==============================
Ran by DF (administrator) on DESKTOP-EORD0IQ (09-03-2018 16:24:12)
Running from C:\Users\DF\Desktop
Loaded Profiles: DF (Available Profiles: defaultuser0 & DF)
Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHDCPSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHeciSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxEM.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(forum.viry.cz) C:\Users\DF\Desktop\FRSTLauncher.exe
(Opera Software) C:\Program Files\Opera\51.0.2830.40\opera_autoupdate.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [599896 2015-06-10] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830232 2016-03-08] (Conexant Systems, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-08] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3694548718-1825946254-3049225486-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-3694548718-1825946254-3049225486-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\SysWOW64\3PLANE~1.SCR [749632 2013-10-20] (3Planesoft)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.106.4.1 10.106.47.1
Tcpip\..\Interfaces\{4038fa66-0d36-4b65-8251-4a580cd01e27}: [DhcpNameServer] 10.106.4.1 10.106.47.1
Tcpip\..\Interfaces\{76f534f5-6748-42cc-b11b-80df3dbdddf3}: [DhcpNameServer] 169.254.177.95
Internet Explorer:
==================
HKU\S-1-5-21-3694548718-1825946254-3049225486-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-3694548718-1825946254-3049225486-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10454__171204__yaie&p={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-22] (Oracle Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2013-03-11] (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-22] (Oracle Corporation)
Edge:
======
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.9.0_neutral__d55gg7py3s0m0 [2017-06-22]
FireFox:
========
FF DefaultProfile: 4mte9l68.default
FF ProfilePath: C:\Users\DF\AppData\Roaming\Mozilla\Firefox\Profiles\4mte9l68.default [2018-03-08]
FF Extension: (Adblock Plus) - C:\Users\DF\AppData\Roaming\Mozilla\Firefox\Profiles\4mte9l68.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-02-28]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-15] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-22] (Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
Opera:
=======
OPR Extension: (SmoothScroll) - C:\Users\DF\AppData\Roaming\Opera Software\Opera Stable\Extensions\giapppmfepkcnkmphikjdibgekehlfhj [2018-02-28]
OPR Extension: (Download with JDownloader) - C:\Users\DF\AppData\Roaming\Opera Software\Opera Stable\Extensions\jjbbcngfknmgdlekfofhaagmogeifbpc [2018-02-28]
OPR Extension: (Adblock Plus) - C:\Users\DF\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2018-01-30]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7556704 2018-03-08] (AVAST Software)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [325880 2015-12-14] (Windows (R) Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-08] (AVAST Software)
S3 Disc Soft Pro Bus Service; C:\Program Files\DAEMON Tools Pro\DiscSoftBusServicePro.exe [1392320 2016-10-19] (Disc Soft Ltd)
R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1585784 2016-05-23] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2016-03-02] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-03-02] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [215328 2016-05-16] (Intel Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation)
R2 SAService; C:\Windows\system32\SAsrv.exe [427224 2015-04-17] (Conexant Systems, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AsusSGDrv; C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys [138744 2015-08-17] (ASUS Corporation)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [196648 2018-03-08] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [227504 2018-03-08] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199440 2018-03-08] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343752 2018-03-08] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57680 2018-03-08] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [215320 2018-03-08] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-03-08] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [146656 2018-03-08] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110328 2018-03-08] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84368 2018-03-08] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026696 2018-03-08] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460520 2018-03-08] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [205976 2018-03-08] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380528 2018-03-08] (AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [70208 2016-05-23] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [65088 2016-05-23] (Intel Corporation)
R3 dtproscsibus; C:\WINDOWS\System32\drivers\dtproscsibus.sys [30264 2017-06-18] (Disc Soft Ltd)
R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [343608 2016-05-23] (Intel Corporation)
S3 farmntio; C:\Windows\system32\drivers\farmntio.sys [25144 2014-03-25] () [File not signed]
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_bdb672bcf02c0cf0\nvlddmkm.sys [16936048 2017-10-28] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-11] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-10-27] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [937728 2016-05-17] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
U0 Partizan; system32\drivers\Partizan.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-03-09 16:24 - 2018-03-09 16:24 - 000014771 _____ C:\Users\DF\Desktop\FRST.txt
2018-03-09 16:23 - 2018-03-09 16:24 - 000000000 ____D C:\FRST
2018-03-09 16:22 - 2018-03-09 16:22 - 000112640 _____ (forum.viry.cz) C:\Users\DF\Desktop\FRSTLauncher.exe
2018-03-09 16:21 - 2018-03-09 16:21 - 002403328 _____ (Farbar) C:\Users\DF\Desktop\FRST64.exe
2018-03-08 23:16 - 2018-03-08 23:16 - 000380768 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-03-08 23:00 - 2018-03-08 22:51 - 000007019 _____ C:\WINDOWS\system32\Drivers\etc\hosts.old
2018-03-08 22:58 - 2018-03-08 23:03 - 000000000 ____D C:\Users\DF\Documents\RegRun2
2018-03-08 22:58 - 2018-03-08 23:01 - 000000000 ____D C:\Users\Public\Documents\regruninfo
2018-03-08 22:58 - 2018-03-08 22:59 - 000000002 RSHOT C:\WINDOWS\winstart.bat
2018-03-08 22:58 - 2018-03-08 22:59 - 000000002 RSHOT C:\WINDOWS\SysWOW64\CONFIG.NT
2018-03-08 22:58 - 2018-03-08 22:59 - 000000002 RSHOT C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2018-03-08 22:58 - 2016-11-01 13:08 - 000015016 _____ (Greatis Software, LLC.) C:\WINDOWS\SysWOW64\Drivers\UnHackMeDrv.sys
2018-03-08 22:58 - 2015-12-28 11:32 - 000049968 _____ (Greatis Software) C:\WINDOWS\system32\partizan.exe
2018-03-08 22:51 - 2018-03-08 23:22 - 000000080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\uTorrent.lnk
2018-03-08 22:51 - 2018-03-08 23:21 - 000000080 _____ C:\Users\DF\AppData\Roaming\Microsoft\Windows\Start Menu\uTorrent.lnk
2018-03-08 21:34 - 2018-03-08 23:20 - 000000000 ____D C:\ProgramData\tiser
2018-03-08 21:34 - 2018-03-08 21:39 - 000000000 ____D C:\ProgramData\0163fa1137
2018-03-08 21:33 - 2018-03-08 22:18 - 000000000 ____D C:\Users\DF\AppData\Local\AdService
2018-03-08 21:33 - 2018-03-08 21:33 - 000140800 _____ C:\Users\DF\AppData\Local\installer.dat
2018-03-08 20:45 - 2018-03-08 20:45 - 000000000 ____D C:\Users\DF\AppData\Local\Microsoft Help
2018-03-08 20:42 - 2018-03-08 20:45 - 000000000 ____D C:\Users\DF\AppData\Roaming\Bonjour
2018-03-08 20:42 - 2018-03-08 20:42 - 000000000 ____D C:\Users\DF\AppData\Local\Bonjour service
2018-03-08 19:22 - 2018-03-08 23:21 - 000001256 _____ C:\Users\DF\Desktop\3Planesoft Screensaver Manager.lnk
2018-03-08 19:22 - 2018-03-08 19:22 - 000000000 ____D C:\Users\DF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3Planesoft 3D Screensavers All in One
2018-03-08 19:22 - 2018-03-08 19:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Planesoft
2018-03-08 19:22 - 2018-03-08 19:22 - 000000000 ____D C:\ProgramData\3Planesoft
2018-03-08 19:22 - 2018-03-08 19:22 - 000000000 ____D C:\Program Files (x86)\3Planesoft Screensaver Manager
2018-03-08 19:22 - 2013-10-20 14:11 - 000749632 _____ (3Planesoft) C:\WINDOWS\SysWOW64\3Planesoft_Screensaver_Manager.scr
2018-03-08 19:22 - 2013-04-05 15:16 - 002530328 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Water_Clock_3D_Screensaver.scr
2018-03-08 19:22 - 2013-04-04 17:21 - 002525728 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Vintage_Aircraft_3D_Screensaver.scr
2018-03-08 19:22 - 2013-04-04 17:18 - 002535968 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Winter_Wonderland_3D_Screensaver.scr
2018-03-08 19:22 - 2013-02-06 11:11 - 002519576 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Zodiac_Clock_3D_Screensaver.scr
2018-03-08 19:22 - 2013-02-06 11:09 - 002621984 _____ (3Planesoft) C:\WINDOWS\SysWOW64\White_Christmas_3D_Screensaver.scr
2018-03-08 19:22 - 2013-02-06 11:09 - 002551832 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Wildflowers_3D_Screensaver.scr
2018-03-08 19:22 - 2013-02-06 11:08 - 000981024 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Western_Railway_3D_Screensaver.scr
2018-03-08 19:22 - 2013-02-06 11:07 - 002509328 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Watermill_3D_Screensaver.scr
2018-03-08 19:22 - 2013-02-06 11:06 - 000953896 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Voyage_of_Columbus_3D_Screensaver.scr
2018-03-08 19:22 - 2013-02-06 11:03 - 002653728 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Venice_Carnival_3D_Screensaver.scr
2018-03-08 19:21 - 2013-10-21 19:12 - 002591256 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Starry_Night_3D_Screensaver.scr
2018-03-08 19:21 - 2013-10-21 19:11 - 002828344 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Sky_Citadel_3D_Screensaver.scr
2018-03-08 19:21 - 2013-10-21 19:10 - 002723344 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Sharks_3D_Screensaver.scr
2018-03-08 19:21 - 2013-10-21 17:19 - 002729528 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Tiger_Sharks_3D_Screensaver.scr
2018-03-08 19:21 - 2013-04-02 10:01 - 002540056 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Steam_Clock_3D_Screensaver.scr
2018-03-08 19:21 - 2013-03-01 11:14 - 002532376 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Snow_Village_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 11:03 - 002678312 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Valentine_Musicbox_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 11:02 - 002526736 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Valentine_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 11:01 - 002528800 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Tyrannosaurus_Rex_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 11:01 - 002511384 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Tropical_Fish_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 11:00 - 002635296 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Titanic_Memories_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:59 - 000825368 _____ (3Planesoft) C:\WINDOWS\SysWOW64\The_One_Ring_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:58 - 000981536 _____ (3Planesoft) C:\WINDOWS\SysWOW64\The_Lost_Watch_II_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:57 - 002827296 _____ (3Planesoft) C:\WINDOWS\SysWOW64\The_Lost_Watch_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:57 - 002689568 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Thanksgiving_Day_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:56 - 002653208 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Sunny_Patio_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:56 - 002532376 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Sweethearts_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:55 - 002535448 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Sun_Village_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:54 - 002765336 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Summer_Forest_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:53 - 002660888 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Stonehenge_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:53 - 002527776 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Stock_Car_Racing_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:51 - 002532888 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Springtime_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:51 - 000956960 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Spirit_of_Fire_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:49 - 004640288 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Skeleton_Clock_3D_Screensaver.scr
2018-03-08 19:20 - 2013-10-21 19:10 - 002658376 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Sharks_-_Great_White_3D_Screensaver.scr
2018-03-08 19:20 - 2013-10-21 19:09 - 002634272 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Futuristic_City_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:48 - 002541592 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Santa_Claus_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:47 - 002644504 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Sandy_Beach_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:46 - 002638368 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Orbital_Sunset_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:46 - 000946704 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Nautilus_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:45 - 000956944 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Nature_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:44 - 002531880 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Mountain_Waterfall_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:43 - 002535968 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Medieval_Castle_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:43 - 002531872 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Mechanical_Clock_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:42 - 000973856 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Mayan_Waterfall_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:42 - 000972832 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Lighthouse_Point_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:41 - 000817168 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Lantern_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:40 - 002668560 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Lake_Tree_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:40 - 000951824 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Lagoon_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:39 - 002545680 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Koi_Fish_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:39 - 002516496 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Ice_Clock_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:38 - 002534936 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Haunted_House_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:38 - 000942608 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Halloween_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:36 - 002679840 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Great_Pyramids_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:36 - 002534928 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Grassland_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:35 - 002664472 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Grand_Canyon_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:34 - 002522632 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Fog_Lake_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:34 - 000970256 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Galleon_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:33 - 002775576 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Fog_Horses_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:32 - 002519080 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Fireside_Christmas_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:32 - 000991752 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Flag_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:31 - 002671120 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Fireplace_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:31 - 002525216 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Faraway_Planet_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:30 - 000954392 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Fantasy_Moon_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:29 - 002637320 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Earth_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:29 - 000973344 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Dutch_Windmills_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:28 - 002693648 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Dolphins_3D_Screensaver.scr
2018-03-08 19:19 - 2018-03-08 19:22 - 000000000 ____D C:\Program Files (x86)\3Planesoft 3D Screensavers All in One
2018-03-08 19:19 - 2013-04-05 16:46 - 002527256 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Deep_Space_3D_Screensaver.scr
2018-03-08 19:19 - 2013-04-04 17:19 - 002536992 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Caribbean_Islands_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:27 - 002559000 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Digital_Clock_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:27 - 000957968 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Discovery_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:25 - 002532368 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Cyberfish_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:25 - 000947736 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Cuckoo_Clock_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:24 - 000980000 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Crystal_Fireplace_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:23 - 002510872 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Coral_Clock_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:23 - 002504216 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Coral_Reef_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:22 - 000953368 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Clock_Tower_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:21 - 002646048 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Christmas_Evening_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:21 - 002526240 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Christmas_Bells_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:20 - 000951312 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Christmas_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:19 - 002610208 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Blooming_Sakura_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:18 - 000971304 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Battleship_Missouri_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:17 - 002656792 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Autumn_Forest_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:17 - 002541600 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Autumn_Wonderland_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:16 - 002512928 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Ancient_Castle_3D_Screensaver.scr
2018-03-08 19:19 - 2009-07-15 18:54 - 001289216 _____ C:\WINDOWS\SysWOW64\Christmas Tree 3D Screensaver.exe
2018-03-08 19:19 - 2003-11-28 15:19 - 000187904 _____ C:\WINDOWS\SysWOW64\Christmas Tree 3D Screensaver.scr
2018-03-07 20:33 - 2018-03-08 23:21 - 000000743 _____ C:\Users\DF\Desktop\The Painscreek Killings.lnk
2018-03-07 18:48 - 2018-03-07 18:48 - 000000000 ____D C:\Users\DF\AppData\LocalLow\EQ Studios
2018-02-28 17:10 - 2018-02-28 17:10 - 000000000 ____D C:\Users\DF\AppData\Local\com.add0n.native_client
2018-02-28 17:08 - 2018-02-28 17:08 - 013088554 _____ C:\Users\DF\Downloads\windows.zip
2018-02-28 17:08 - 2018-02-28 17:08 - 013088554 _____ C:\Users\DF\Downloads\windows(1).zip
2018-02-26 20:43 - 2018-02-26 20:43 - 000000000 ____D C:\Users\DF\hitman
2018-02-26 10:19 - 2018-03-08 23:21 - 000001221 _____ C:\Users\DF\Desktop\Prey.lnk
2018-02-24 08:55 - 2018-03-07 18:37 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2018-02-24 08:54 - 2018-02-24 08:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2018-02-23 05:15 - 2018-03-08 23:23 - 000001051 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-02-23 05:15 - 2018-03-08 21:58 - 000000000 ____D C:\Users\DF\AppData\LocalLow\Mozilla
2018-02-23 05:15 - 2018-02-23 05:19 - 000000000 ____D C:\Users\DF\AppData\Local\Mozilla
2018-02-23 05:15 - 2018-02-23 05:15 - 000000000 ____D C:\Users\DF\AppData\Roaming\Mozilla
2018-02-23 05:15 - 2018-02-23 05:15 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-02-23 05:15 - 2018-02-23 05:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-22 16:15 - 2018-02-22 16:15 - 000000000 ____D C:\Users\DF\AppData\Local\ElevatedDiagnostics
2018-02-21 20:30 - 2018-03-08 23:21 - 000001564 _____ C:\Users\DF\Desktop\Windows Media Player.lnk
2018-02-21 19:58 - 2018-03-08 23:21 - 000001300 _____ C:\Users\DF\Desktop\Media Player Classic.lnk
2018-02-21 15:58 - 2018-02-21 15:58 - 000000000 ___HD C:\ProgramData\CanonIJScan
2018-02-21 15:57 - 2018-02-21 15:57 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-02-21 15:56 - 2018-02-21 15:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series
2018-02-21 15:56 - 2012-07-04 11:55 - 001354240 _____ (CANON INC.) C:\WINDOWS\system32\CNC280C.dll
2018-02-21 15:56 - 2012-07-04 11:55 - 000112128 _____ (CANON INC.) C:\WINDOWS\system32\CNC280I.dll
2018-02-21 15:56 - 2012-07-04 11:29 - 000106496 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC280U.dll
2018-02-21 15:56 - 2012-04-18 13:24 - 000103424 _____ (Canon Inc.) C:\WINDOWS\system32\CNC280O.dll
2018-02-21 15:56 - 2010-03-18 19:26 - 000348672 _____ (CANON INC.) C:\WINDOWS\system32\CNC280L.dll
2018-02-21 15:56 - 2010-03-18 19:25 - 000307200 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC280L.dll
2018-02-21 15:56 - 2009-11-13 14:38 - 000012800 _____ C:\WINDOWS\SysWOW64\CNC1746D.TBL
2018-02-21 15:56 - 2008-08-25 18:02 - 000017920 _____ (CANON INC.) C:\WINDOWS\system32\CNHMCA6.dll
2018-02-21 15:56 - 2008-08-25 18:02 - 000015872 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNHMCA.dll
2018-02-21 15:41 - 2018-02-21 15:41 - 000000000 ___HD C:\ProgramData\CanonIJEGV
2018-02-21 15:38 - 2018-02-21 15:38 - 000000000 ____D C:\Users\DF\AppData\Local\Canon Easy-PhotoPrint EX
2018-02-21 15:37 - 2018-02-21 15:58 - 000000000 ____D C:\Users\DF\AppData\Roaming\Canon
2018-02-21 15:32 - 2018-02-21 15:32 - 000000000 ___HD C:\ProgramData\CanonIJEPPEX2
2018-02-21 15:32 - 2018-02-21 15:32 - 000000000 ___HD C:\ProgramData\CanonEPP
2018-02-21 15:31 - 2018-02-21 15:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registrace uživatele zařízení Canon MP280 series
2018-02-21 15:31 - 2018-02-21 15:31 - 000000000 ____D C:\ProgramData\CanonIJMSetup
2018-02-21 15:20 - 2018-02-21 15:20 - 000000000 ____D C:\Program Files\Common Files\CANON
2018-02-21 15:19 - 2018-03-08 23:21 - 000002154 _____ C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
2018-02-21 15:19 - 2018-02-21 15:19 - 000000000 ____D C:\ProgramData\CanonIJWSpt
2018-02-21 15:18 - 2018-02-21 15:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2018-02-21 15:18 - 2018-02-21 15:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series Manual
2018-02-21 15:18 - 2018-02-21 15:18 - 000000000 ____D C:\Program Files\Canon
2018-02-21 15:17 - 2018-02-21 15:17 - 000000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2018-02-21 15:17 - 2018-02-21 15:17 - 000000000 ___HD C:\Program Files\CanonBJ
2018-02-21 15:16 - 2018-02-21 15:16 - 000000000 ___HD C:\ProgramData\CanonBJ
2018-02-21 15:16 - 2012-03-14 05:00 - 000385024 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMAA.DLL
2018-02-21 15:15 - 2018-02-21 15:43 - 000000000 ____D C:\Program Files (x86)\Canon
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-03-09 16:23 - 2017-06-18 15:18 - 000000000 ____D C:\My i-net stuff
2018-03-09 16:04 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-09 15:44 - 2017-02-22 17:44 - 000000200 _____ C:\Users\DF\AppData\Roaming\sp_data.sys
2018-03-09 15:29 - 2017-12-04 09:07 - 000000000 ____D C:\Users\DF\AppData\LocalLow\uTorrent
2018-03-09 15:29 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-09 15:29 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-09 15:29 - 2017-07-01 11:07 - 000000000 ____D C:\Users\DF\AppData\Roaming\uTorrent
2018-03-09 15:27 - 2017-02-22 16:45 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-09 15:25 - 2017-06-18 18:25 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2018-03-09 15:24 - 2017-12-22 10:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-09 15:24 - 2017-02-22 17:41 - 000000000 __SHD C:\Users\DF\IntelGraphicsProfiles
2018-03-08 23:39 - 2017-09-29 09:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-03-08 23:27 - 2017-06-18 15:30 - 000000000 ____D C:\X-Files
2018-03-08 23:25 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-03-08 23:25 - 2017-09-29 14:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-08 23:25 - 2017-06-18 20:27 - 000000000 ____D C:\Users\DF\AppData\Roaming\MPC-HC
2018-03-08 23:25 - 2017-06-18 19:25 - 000000000 ____D C:\Users\DF\AppData\Roaming\DAEMON Tools Pro
2018-03-08 23:25 - 2017-06-18 17:12 - 000000000 ____D C:\Users\DF\AppData\Roaming\Free Download Manager
2018-03-08 23:23 - 2017-12-22 10:39 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-03-08 23:23 - 2017-07-31 06:00 - 000000908 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grand Theft Auto V.lnk
2018-03-08 23:23 - 2017-06-29 20:11 - 000001156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2018-03-08 23:23 - 2017-06-19 19:37 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-03-08 23:23 - 2017-06-18 13:24 - 000002025 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-03-08 23:22 - 2017-12-22 10:59 - 000002384 _____ C:\Users\DF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-08 23:22 - 2017-06-18 13:19 - 000001053 _____ C:\Users\DF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Volitelné funkce.lnk
2018-03-08 23:22 - 2017-02-22 16:49 - 000001963 _____ C:\ProgramData\Microsoft\Windows\Start Menu\SmartAudio.lnk
2018-03-08 23:21 - 2017-12-22 12:19 - 000000405 _____ C:\Users\DF\Desktop\Control Panel.lnk
2018-03-08 23:21 - 2017-12-22 10:32 - 000389104 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-08 23:21 - 2017-07-31 06:00 - 000000940 _____ C:\Users\Public\Desktop\Grand Theft Auto V.lnk
2018-03-08 23:21 - 2017-07-05 11:01 - 000001417 _____ C:\Users\DF\Desktop\Shutdown.lnk
2018-03-08 23:21 - 2017-06-22 16:00 - 000001002 _____ C:\Users\DF\Desktop\4K Video Downloader.lnk
2018-03-08 23:21 - 2017-06-20 21:51 - 000001190 _____ C:\Users\DF\Desktop\Paint.lnk
2018-03-08 23:21 - 2017-06-19 17:56 - 000000855 _____ C:\Users\DF\Desktop\Fraps.lnk
2018-03-08 23:21 - 2017-06-19 17:43 - 000001277 _____ C:\Users\DF\Desktop\Format Factory.lnk
2018-03-08 23:21 - 2017-06-19 16:50 - 000001173 _____ C:\Users\DF\Desktop\WinMend Folder Hidden.lnk
2018-03-08 23:21 - 2017-06-19 16:19 - 000002833 _____ C:\Users\Public\Desktop\Nero StartSmart.lnk
2018-03-08 23:21 - 2017-06-18 19:25 - 000001812 _____ C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
2018-03-08 23:21 - 2017-06-18 17:46 - 000002737 _____ C:\Users\DF\Desktop\Microsoft Office Word 2003.lnk
2018-03-08 23:21 - 2017-06-18 17:12 - 000001142 _____ C:\Users\DF\Desktop\Free Download Manager.lnk
2018-03-08 23:21 - 2017-06-18 17:10 - 000001145 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-03-08 23:21 - 2017-06-18 17:03 - 000001241 _____ C:\Users\DF\Desktop\Lingea Lexicon.lnk
2018-03-08 23:21 - 2017-06-18 15:30 - 000000747 _____ C:\Users\DF\Desktop\X-Files.lnk
2018-03-08 23:21 - 2017-06-18 15:19 - 000000812 _____ C:\Users\DF\Desktop\My i-net stuff.lnk
2018-03-08 23:21 - 2017-06-18 14:04 - 000001149 _____ C:\Users\DF\Desktop\Notepad.lnk
2018-03-08 23:21 - 2017-06-18 13:37 - 000001212 _____ C:\Users\Public\Desktop\Opera.lnk
2018-03-08 23:21 - 2017-02-27 17:23 - 000000745 _____ C:\Users\DF\Desktop\Dokumenty.lnk
2018-03-08 23:21 - 2017-02-27 17:22 - 000000436 _____ C:\Users\DF\Desktop\Tento počítač.lnk
2018-03-08 23:16 - 2017-12-22 10:51 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-03-08 23:16 - 2017-12-22 08:36 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-03-08 23:16 - 2017-11-09 21:39 - 000196648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-03-08 23:16 - 2017-06-18 13:24 - 000460520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-03-08 23:16 - 2017-06-18 13:24 - 000380528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-03-08 23:16 - 2017-06-18 13:24 - 000205976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-03-08 23:16 - 2017-06-18 13:24 - 000146656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-03-08 23:16 - 2017-06-18 13:24 - 000110328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-03-08 23:16 - 2017-06-18 13:24 - 000084368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-03-08 23:16 - 2017-06-18 13:24 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-03-08 23:15 - 2017-12-22 08:35 - 000215320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-03-08 23:15 - 2017-06-18 13:24 - 001026696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-03-08 23:15 - 2017-06-18 13:24 - 000343752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-03-08 23:15 - 2017-06-18 13:24 - 000227504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-03-08 23:15 - 2017-06-18 13:24 - 000199440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-03-08 23:15 - 2017-06-18 13:24 - 000057680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-03-08 23:12 - 2017-06-18 19:04 - 000000000 ____D C:\Users\DF\Documents\Download
2018-03-08 22:29 - 2017-09-29 14:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-03-08 22:29 - 2017-09-29 14:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-03-08 22:29 - 2017-06-18 17:41 - 000000000 ____D C:\WINDOWS\SHELLNEW
2018-03-08 22:29 - 2017-02-22 17:08 - 000000000 ____D C:\Program Files\Microsoft Office
2018-03-08 22:29 - 2016-11-14 03:29 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-03-08 22:28 - 2017-09-29 14:46 - 000000000 ____D C:\Program Files\Common Files\system
2018-03-08 22:28 - 2016-07-16 12:47 - 000000076 _____ C:\WINDOWS\win.ini
2018-03-08 22:22 - 2017-06-19 18:01 - 000000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2018-03-08 22:06 - 2017-12-08 12:24 - 000000904 _____ C:\WINDOWS\Tasks\WinmendUpdateTask_DF.job
2018-03-08 20:40 - 2017-12-22 10:51 - 000003622 _____ C:\WINDOWS\System32\Tasks\WinmendUpdateTask_DF
2018-03-08 16:27 - 2017-12-22 10:32 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-08 07:28 - 2017-06-18 15:45 - 000000000 ____D C:\Users\DF\Documents\Pics
2018-03-07 20:34 - 2017-06-18 15:33 - 000307200 _____ C:\Users\DF\Documents\db3 - games.mdb
2018-03-07 20:31 - 2017-06-20 20:10 - 000000000 ____D C:\Users\DF\Documents\Games
2018-03-07 18:36 - 2017-06-24 09:40 - 000000000 ___HD C:\WINDOWS\msdownld.tmp
2018-03-07 18:22 - 2017-06-24 05:45 - 000000000 ____D C:\Games
2018-03-02 15:21 - 2017-12-22 10:51 - 000003958 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1497789448
2018-03-02 15:21 - 2017-06-18 13:37 - 000000000 ____D C:\Program Files\Opera
2018-03-01 15:15 - 2017-12-22 10:51 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-02-27 16:21 - 2017-06-18 15:33 - 000020480 _____ C:\Users\DF\Documents\Placení.xls
2018-02-26 21:30 - 2017-12-22 10:37 - 000000000 ____D C:\Users\DF
2018-02-23 18:35 - 2017-06-18 15:33 - 000700416 _____ C:\Users\DF\Documents\db1 - music.mdb
2018-02-23 18:34 - 2017-06-18 15:45 - 000000000 ____D C:\Users\DF\Documents\Music - playlists
2018-02-21 16:01 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-02-21 15:57 - 2017-09-29 14:46 - 000000000 __RSD C:\WINDOWS\media
2018-02-21 15:34 - 2017-12-22 10:51 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-02-19 17:51 - 2017-12-22 08:36 - 000061304 ____N () C:\WINDOWS\SMSS-PFRO6810.tmp
2018-02-15 16:35 - 2017-12-22 10:51 - 000003226 _____ C:\WINDOWS\System32\Tasks\klcp_update
2018-02-15 16:35 - 2017-06-18 20:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2018-02-15 16:35 - 2017-06-18 20:26 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2018-02-14 16:22 - 2017-06-18 21:20 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-02-14 16:20 - 2017-10-11 15:12 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-02-14 16:20 - 2017-06-18 21:19 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-02-13 16:52 - 2017-06-18 17:10 - 000000000 ____D C:\Users\DF\AppData\Roaming\vlc
2018-02-07 17:50 - 2017-09-29 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp
==================== Files in the root of some directories =======
2017-02-22 17:44 - 2018-03-09 15:44 - 000000200 _____ () C:\Users\DF\AppData\Roaming\sp_data.sys
2018-03-08 21:33 - 2018-03-08 21:33 - 000140800 _____ () C:\Users\DF\AppData\Local\installer.dat
Some files in TEMP:
====================
2018-03-08 17:17 - 2018-03-08 17:17 - 000043520 ____N () C:\Users\DF\AppData\Local\Temp\proxy_vole4799743532630143281.dll
2018-03-08 17:17 - 2018-03-08 17:17 - 000043520 ____N () C:\Users\DF\AppData\Local\Temp\proxy_vole7418002494624113677.dll
2018-03-08 06:54 - 2018-03-08 06:54 - 006359392 _____ () C:\Users\DF\AppData\Local\Temp\setup.dll
2018-03-08 21:34 - 2018-03-08 21:34 - 048475783 _____ (My Company, Inc. ) C:\Users\DF\AppData\Local\Temp\setups.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\WinmendUpdateTask_DF.job => C:\Program Files (x86)\WinMend\Folder Hidden\LiveUpdate.exe
Task: C:\WINDOWS\Tasks\WpsExternal_20161114022915.job => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\DF\Desktop" je 2 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
==================== End Of Log ==============================
- Přílohy
-
- Addition.rar
- (10.2 KiB) Staženo 64 x
-
Rudy
- Site Admin
- Příspěvky: 118251
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Neodstranitelný virus cmdsrvs – pls help
Teď spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Neodstranitelný virus cmdsrvs – pls help
# AdwCleaner 7.0.8.0 - Logfile created on Fri Mar 09 17:05:08 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services deleted.
***** [ Folders ] *****
Deleted: C:\ProgramData\Application Data\lavasoft\web companion
Deleted: C:\ProgramData\\tiser
Deleted: C:\Users\DF\AppData\Local\AdService
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
***** [ Files ] *****
No malicious files deleted.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks deleted.
***** [ Registry ] *****
Deleted: [Key] - HKU\S-1-5-21-3694548718-1825946254-3049225486-1001\Software\APN PIP
Deleted: [Key] - HKCU\Software\APN PIP
Deleted: [Key] - HKLM\SOFTWARE\PIP
Deleted: [Key] - HKU\S-1-5-21-3694548718-1825946254-3049225486-1001\Software\PIP
Deleted: [Key] - HKCU\Software\PIP
Deleted: [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion
Deleted: [Key] - HKU\S-1-5-21-3694548718-1825946254-3049225486-1001\Software\Lavasoft\Web Companion
Deleted: [Key] - HKCU\Software\Lavasoft\Web Companion
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKU\S-1-5-21-3694548718-1825946254-3049225486-1001\Software\NetBox
Deleted: [Key] - HKCU\Software\NetBox
Deleted: [Key] - HKLM\SOFTWARE\Mail.Ru
Deleted: [Key] - HKU\S-1-5-21-3694548718-1825946254-3049225486-1001\Software\Mail.Ru
Deleted: [Key] - HKU\S-1-5-21-3694548718-1825946254-3049225486-1001\Software\AppDataLow\Software\Mail.Ru
Deleted: [Key] - HKCU\Software\Mail.Ru
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Mail.Ru
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe
Deleted: [Key] - HKU\S-1-5-21-3694548718-1825946254-3049225486-1001\Software\SetupCompany
Deleted: [Key] - HKCU\Software\SetupCompany
Deleted: [Key] - HKU\S-1-5-21-3694548718-1825946254-3049225486-1001\Software\GenericTools
Deleted: [Key] - HKCU\Software\GenericTools
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries deleted.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries deleted.
*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
*************************
C:/AdwCleaner/AdwCleaner[S0].txt - [3051 B] - [2018/3/9 17:3:0]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services deleted.
***** [ Folders ] *****
Deleted: C:\ProgramData\Application Data\lavasoft\web companion
Deleted: C:\ProgramData\\tiser
Deleted: C:\Users\DF\AppData\Local\AdService
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
***** [ Files ] *****
No malicious files deleted.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks deleted.
***** [ Registry ] *****
Deleted: [Key] - HKU\S-1-5-21-3694548718-1825946254-3049225486-1001\Software\APN PIP
Deleted: [Key] - HKCU\Software\APN PIP
Deleted: [Key] - HKLM\SOFTWARE\PIP
Deleted: [Key] - HKU\S-1-5-21-3694548718-1825946254-3049225486-1001\Software\PIP
Deleted: [Key] - HKCU\Software\PIP
Deleted: [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion
Deleted: [Key] - HKU\S-1-5-21-3694548718-1825946254-3049225486-1001\Software\Lavasoft\Web Companion
Deleted: [Key] - HKCU\Software\Lavasoft\Web Companion
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKU\S-1-5-21-3694548718-1825946254-3049225486-1001\Software\NetBox
Deleted: [Key] - HKCU\Software\NetBox
Deleted: [Key] - HKLM\SOFTWARE\Mail.Ru
Deleted: [Key] - HKU\S-1-5-21-3694548718-1825946254-3049225486-1001\Software\Mail.Ru
Deleted: [Key] - HKU\S-1-5-21-3694548718-1825946254-3049225486-1001\Software\AppDataLow\Software\Mail.Ru
Deleted: [Key] - HKCU\Software\Mail.Ru
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Mail.Ru
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe
Deleted: [Key] - HKU\S-1-5-21-3694548718-1825946254-3049225486-1001\Software\SetupCompany
Deleted: [Key] - HKCU\Software\SetupCompany
Deleted: [Key] - HKU\S-1-5-21-3694548718-1825946254-3049225486-1001\Software\GenericTools
Deleted: [Key] - HKCU\Software\GenericTools
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries deleted.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries deleted.
*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
*************************
C:/AdwCleaner/AdwCleaner[S0].txt - [3051 B] - [2018/3/9 17:3:0]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
-
Rudy
- Site Admin
- Příspěvky: 118251
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Neodstranitelný virus cmdsrvs – pls help
OK. Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Neodstranitelný virus cmdsrvs – pls help
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.03.2018
Ran by DF (administrator) on DESKTOP-EORD0IQ (09-03-2018 18:57:24)
Running from C:\Users\DF\Desktop
Loaded Profiles: DF (Available Profiles: defaultuser0 & DF)
Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHDCPSvc.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHeciSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxEM.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(forum.viry.cz) C:\Users\DF\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [599896 2015-06-10] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830232 2016-03-08] (Conexant Systems, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-08] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3694548718-1825946254-3049225486-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-3694548718-1825946254-3049225486-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\SysWOW64\3PLANE~1.SCR [749632 2013-10-20] (3Planesoft)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.106.4.1 10.106.47.1
Tcpip\..\Interfaces\{4038fa66-0d36-4b65-8251-4a580cd01e27}: [DhcpNameServer] 10.106.4.1 10.106.47.1
Tcpip\..\Interfaces\{76f534f5-6748-42cc-b11b-80df3dbdddf3}: [DhcpNameServer] 169.254.177.95
Internet Explorer:
==================
HKU\S-1-5-21-3694548718-1825946254-3049225486-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-3694548718-1825946254-3049225486-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10454__171204__yaie&p={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-22] (Oracle Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2013-03-11] (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-22] (Oracle Corporation)
Edge:
======
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.9.0_neutral__d55gg7py3s0m0 [2017-06-22]
FireFox:
========
FF DefaultProfile: 4mte9l68.default
FF ProfilePath: C:\Users\DF\AppData\Roaming\Mozilla\Firefox\Profiles\4mte9l68.default [2018-03-08]
FF Extension: (Adblock Plus) - C:\Users\DF\AppData\Roaming\Mozilla\Firefox\Profiles\4mte9l68.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-02-28]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-15] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-22] (Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
Opera:
=======
OPR Extension: (SmoothScroll) - C:\Users\DF\AppData\Roaming\Opera Software\Opera Stable\Extensions\giapppmfepkcnkmphikjdibgekehlfhj [2018-02-28]
OPR Extension: (Download with JDownloader) - C:\Users\DF\AppData\Roaming\Opera Software\Opera Stable\Extensions\jjbbcngfknmgdlekfofhaagmogeifbpc [2018-02-28]
OPR Extension: (Adblock Plus) - C:\Users\DF\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2018-01-30]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7556704 2018-03-08] (AVAST Software)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [325880 2015-12-14] (Windows (R) Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-08] (AVAST Software)
S3 Disc Soft Pro Bus Service; C:\Program Files\DAEMON Tools Pro\DiscSoftBusServicePro.exe [1392320 2016-10-19] (Disc Soft Ltd)
R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1585784 2016-05-23] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2016-03-02] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-03-02] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [215328 2016-05-16] (Intel Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation)
R2 SAService; C:\Windows\system32\SAsrv.exe [427224 2015-04-17] (Conexant Systems, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AsusSGDrv; C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys [138744 2015-08-17] (ASUS Corporation)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [196648 2018-03-08] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [227504 2018-03-08] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199440 2018-03-08] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343752 2018-03-08] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57680 2018-03-08] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [215320 2018-03-08] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-03-08] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [146656 2018-03-08] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110328 2018-03-08] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84368 2018-03-08] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026696 2018-03-08] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460520 2018-03-08] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [205976 2018-03-08] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380528 2018-03-08] (AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [70208 2016-05-23] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [65088 2016-05-23] (Intel Corporation)
R3 dtproscsibus; C:\WINDOWS\System32\drivers\dtproscsibus.sys [30264 2017-06-18] (Disc Soft Ltd)
R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [343608 2016-05-23] (Intel Corporation)
S3 farmntio; C:\Windows\system32\drivers\farmntio.sys [25144 2014-03-25] () [File not signed]
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_bdb672bcf02c0cf0\nvlddmkm.sys [16936048 2017-10-28] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-11] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-10-27] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [937728 2016-05-17] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
U0 Partizan; system32\drivers\Partizan.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-03-09 18:01 - 2018-03-09 18:05 - 000000000 ____D C:\AdwCleaner
2018-03-09 17:39 - 2018-03-09 17:39 - 008222496 _____ (Malwarebytes) C:\Users\DF\Desktop\adwcleaner_7.0.8.0.exe
2018-03-09 16:24 - 2018-03-09 18:57 - 000014810 _____ C:\Users\DF\Desktop\FRST.txt
2018-03-09 16:23 - 2018-03-09 16:24 - 000000000 ____D C:\FRST
2018-03-09 16:22 - 2018-03-09 16:22 - 000112640 _____ (forum.viry.cz) C:\Users\DF\Desktop\FRSTLauncher.exe
2018-03-09 16:21 - 2018-03-09 16:21 - 002403328 _____ (Farbar) C:\Users\DF\Desktop\FRST64.exe
2018-03-08 23:16 - 2018-03-08 23:16 - 000380768 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-03-08 23:00 - 2018-03-08 22:51 - 000007019 _____ C:\WINDOWS\system32\Drivers\etc\hosts.old
2018-03-08 22:58 - 2018-03-08 23:03 - 000000000 ____D C:\Users\DF\Documents\RegRun2
2018-03-08 22:58 - 2018-03-08 23:01 - 000000000 ____D C:\Users\Public\Documents\regruninfo
2018-03-08 22:58 - 2018-03-08 22:59 - 000000002 RSHOT C:\WINDOWS\winstart.bat
2018-03-08 22:58 - 2018-03-08 22:59 - 000000002 RSHOT C:\WINDOWS\SysWOW64\CONFIG.NT
2018-03-08 22:58 - 2018-03-08 22:59 - 000000002 RSHOT C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2018-03-08 22:58 - 2016-11-01 13:08 - 000015016 _____ (Greatis Software, LLC.) C:\WINDOWS\SysWOW64\Drivers\UnHackMeDrv.sys
2018-03-08 22:58 - 2015-12-28 11:32 - 000049968 _____ (Greatis Software) C:\WINDOWS\system32\partizan.exe
2018-03-08 22:51 - 2018-03-08 23:22 - 000000080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\uTorrent.lnk
2018-03-08 22:51 - 2018-03-08 23:21 - 000000080 _____ C:\Users\DF\AppData\Roaming\Microsoft\Windows\Start Menu\uTorrent.lnk
2018-03-08 21:34 - 2018-03-08 21:39 - 000000000 ____D C:\ProgramData\0163fa1137
2018-03-08 21:33 - 2018-03-08 21:33 - 000140800 _____ C:\Users\DF\AppData\Local\installer.dat
2018-03-08 20:45 - 2018-03-08 20:45 - 000000000 ____D C:\Users\DF\AppData\Local\Microsoft Help
2018-03-08 20:42 - 2018-03-08 20:45 - 000000000 ____D C:\Users\DF\AppData\Roaming\Bonjour
2018-03-08 20:42 - 2018-03-08 20:42 - 000000000 ____D C:\Users\DF\AppData\Local\Bonjour service
2018-03-08 19:22 - 2018-03-08 23:21 - 000001256 _____ C:\Users\DF\Desktop\3Planesoft Screensaver Manager.lnk
2018-03-08 19:22 - 2018-03-08 19:22 - 000000000 ____D C:\Users\DF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3Planesoft 3D Screensavers All in One
2018-03-08 19:22 - 2018-03-08 19:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Planesoft
2018-03-08 19:22 - 2018-03-08 19:22 - 000000000 ____D C:\ProgramData\3Planesoft
2018-03-08 19:22 - 2018-03-08 19:22 - 000000000 ____D C:\Program Files (x86)\3Planesoft Screensaver Manager
2018-03-08 19:22 - 2013-10-20 14:11 - 000749632 _____ (3Planesoft) C:\WINDOWS\SysWOW64\3Planesoft_Screensaver_Manager.scr
2018-03-08 19:22 - 2013-04-05 15:16 - 002530328 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Water_Clock_3D_Screensaver.scr
2018-03-08 19:22 - 2013-04-04 17:21 - 002525728 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Vintage_Aircraft_3D_Screensaver.scr
2018-03-08 19:22 - 2013-04-04 17:18 - 002535968 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Winter_Wonderland_3D_Screensaver.scr
2018-03-08 19:22 - 2013-02-06 11:11 - 002519576 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Zodiac_Clock_3D_Screensaver.scr
2018-03-08 19:22 - 2013-02-06 11:09 - 002621984 _____ (3Planesoft) C:\WINDOWS\SysWOW64\White_Christmas_3D_Screensaver.scr
2018-03-08 19:22 - 2013-02-06 11:09 - 002551832 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Wildflowers_3D_Screensaver.scr
2018-03-08 19:22 - 2013-02-06 11:08 - 000981024 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Western_Railway_3D_Screensaver.scr
2018-03-08 19:22 - 2013-02-06 11:07 - 002509328 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Watermill_3D_Screensaver.scr
2018-03-08 19:22 - 2013-02-06 11:06 - 000953896 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Voyage_of_Columbus_3D_Screensaver.scr
2018-03-08 19:22 - 2013-02-06 11:03 - 002653728 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Venice_Carnival_3D_Screensaver.scr
2018-03-08 19:21 - 2013-10-21 19:12 - 002591256 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Starry_Night_3D_Screensaver.scr
2018-03-08 19:21 - 2013-10-21 19:11 - 002828344 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Sky_Citadel_3D_Screensaver.scr
2018-03-08 19:21 - 2013-10-21 19:10 - 002723344 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Sharks_3D_Screensaver.scr
2018-03-08 19:21 - 2013-10-21 17:19 - 002729528 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Tiger_Sharks_3D_Screensaver.scr
2018-03-08 19:21 - 2013-04-02 10:01 - 002540056 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Steam_Clock_3D_Screensaver.scr
2018-03-08 19:21 - 2013-03-01 11:14 - 002532376 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Snow_Village_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 11:03 - 002678312 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Valentine_Musicbox_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 11:02 - 002526736 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Valentine_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 11:01 - 002528800 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Tyrannosaurus_Rex_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 11:01 - 002511384 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Tropical_Fish_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 11:00 - 002635296 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Titanic_Memories_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:59 - 000825368 _____ (3Planesoft) C:\WINDOWS\SysWOW64\The_One_Ring_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:58 - 000981536 _____ (3Planesoft) C:\WINDOWS\SysWOW64\The_Lost_Watch_II_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:57 - 002827296 _____ (3Planesoft) C:\WINDOWS\SysWOW64\The_Lost_Watch_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:57 - 002689568 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Thanksgiving_Day_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:56 - 002653208 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Sunny_Patio_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:56 - 002532376 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Sweethearts_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:55 - 002535448 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Sun_Village_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:54 - 002765336 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Summer_Forest_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:53 - 002660888 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Stonehenge_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:53 - 002527776 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Stock_Car_Racing_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:51 - 002532888 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Springtime_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:51 - 000956960 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Spirit_of_Fire_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:49 - 004640288 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Skeleton_Clock_3D_Screensaver.scr
2018-03-08 19:20 - 2013-10-21 19:10 - 002658376 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Sharks_-_Great_White_3D_Screensaver.scr
2018-03-08 19:20 - 2013-10-21 19:09 - 002634272 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Futuristic_City_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:48 - 002541592 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Santa_Claus_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:47 - 002644504 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Sandy_Beach_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:46 - 002638368 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Orbital_Sunset_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:46 - 000946704 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Nautilus_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:45 - 000956944 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Nature_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:44 - 002531880 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Mountain_Waterfall_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:43 - 002535968 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Medieval_Castle_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:43 - 002531872 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Mechanical_Clock_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:42 - 000973856 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Mayan_Waterfall_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:42 - 000972832 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Lighthouse_Point_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:41 - 000817168 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Lantern_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:40 - 002668560 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Lake_Tree_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:40 - 000951824 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Lagoon_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:39 - 002545680 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Koi_Fish_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:39 - 002516496 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Ice_Clock_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:38 - 002534936 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Haunted_House_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:38 - 000942608 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Halloween_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:36 - 002679840 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Great_Pyramids_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:36 - 002534928 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Grassland_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:35 - 002664472 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Grand_Canyon_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:34 - 002522632 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Fog_Lake_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:34 - 000970256 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Galleon_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:33 - 002775576 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Fog_Horses_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:32 - 002519080 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Fireside_Christmas_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:32 - 000991752 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Flag_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:31 - 002671120 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Fireplace_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:31 - 002525216 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Faraway_Planet_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:30 - 000954392 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Fantasy_Moon_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:29 - 002637320 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Earth_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:29 - 000973344 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Dutch_Windmills_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:28 - 002693648 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Dolphins_3D_Screensaver.scr
2018-03-08 19:19 - 2018-03-08 19:22 - 000000000 ____D C:\Program Files (x86)\3Planesoft 3D Screensavers All in One
2018-03-08 19:19 - 2013-04-05 16:46 - 002527256 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Deep_Space_3D_Screensaver.scr
2018-03-08 19:19 - 2013-04-04 17:19 - 002536992 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Caribbean_Islands_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:27 - 002559000 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Digital_Clock_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:27 - 000957968 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Discovery_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:25 - 002532368 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Cyberfish_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:25 - 000947736 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Cuckoo_Clock_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:24 - 000980000 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Crystal_Fireplace_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:23 - 002510872 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Coral_Clock_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:23 - 002504216 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Coral_Reef_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:22 - 000953368 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Clock_Tower_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:21 - 002646048 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Christmas_Evening_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:21 - 002526240 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Christmas_Bells_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:20 - 000951312 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Christmas_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:19 - 002610208 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Blooming_Sakura_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:18 - 000971304 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Battleship_Missouri_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:17 - 002656792 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Autumn_Forest_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:17 - 002541600 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Autumn_Wonderland_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:16 - 002512928 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Ancient_Castle_3D_Screensaver.scr
2018-03-08 19:19 - 2009-07-15 18:54 - 001289216 _____ C:\WINDOWS\SysWOW64\Christmas Tree 3D Screensaver.exe
2018-03-08 19:19 - 2003-11-28 15:19 - 000187904 _____ C:\WINDOWS\SysWOW64\Christmas Tree 3D Screensaver.scr
2018-03-07 20:33 - 2018-03-08 23:21 - 000000743 _____ C:\Users\DF\Desktop\The Painscreek Killings.lnk
2018-03-07 18:48 - 2018-03-07 18:48 - 000000000 ____D C:\Users\DF\AppData\LocalLow\EQ Studios
2018-02-28 17:10 - 2018-02-28 17:10 - 000000000 ____D C:\Users\DF\AppData\Local\com.add0n.native_client
2018-02-28 17:08 - 2018-02-28 17:08 - 013088554 _____ C:\Users\DF\Downloads\windows.zip
2018-02-28 17:08 - 2018-02-28 17:08 - 013088554 _____ C:\Users\DF\Downloads\windows(1).zip
2018-02-26 20:43 - 2018-02-26 20:43 - 000000000 ____D C:\Users\DF\hitman
2018-02-26 10:19 - 2018-03-08 23:21 - 000001221 _____ C:\Users\DF\Desktop\Prey.lnk
2018-02-24 08:55 - 2018-03-07 18:37 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2018-02-24 08:54 - 2018-02-24 08:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2018-02-23 05:15 - 2018-03-08 23:23 - 000001051 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-02-23 05:15 - 2018-03-08 21:58 - 000000000 ____D C:\Users\DF\AppData\LocalLow\Mozilla
2018-02-23 05:15 - 2018-02-23 05:19 - 000000000 ____D C:\Users\DF\AppData\Local\Mozilla
2018-02-23 05:15 - 2018-02-23 05:15 - 000000000 ____D C:\Users\DF\AppData\Roaming\Mozilla
2018-02-23 05:15 - 2018-02-23 05:15 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-02-23 05:15 - 2018-02-23 05:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-22 16:15 - 2018-02-22 16:15 - 000000000 ____D C:\Users\DF\AppData\Local\ElevatedDiagnostics
2018-02-21 20:30 - 2018-03-08 23:21 - 000001564 _____ C:\Users\DF\Desktop\Windows Media Player.lnk
2018-02-21 19:58 - 2018-03-08 23:21 - 000001300 _____ C:\Users\DF\Desktop\Media Player Classic.lnk
2018-02-21 15:58 - 2018-02-21 15:58 - 000000000 ___HD C:\ProgramData\CanonIJScan
2018-02-21 15:57 - 2018-02-21 15:57 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-02-21 15:56 - 2018-02-21 15:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series
2018-02-21 15:56 - 2012-07-04 11:55 - 001354240 _____ (CANON INC.) C:\WINDOWS\system32\CNC280C.dll
2018-02-21 15:56 - 2012-07-04 11:55 - 000112128 _____ (CANON INC.) C:\WINDOWS\system32\CNC280I.dll
2018-02-21 15:56 - 2012-07-04 11:29 - 000106496 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC280U.dll
2018-02-21 15:56 - 2012-04-18 13:24 - 000103424 _____ (Canon Inc.) C:\WINDOWS\system32\CNC280O.dll
2018-02-21 15:56 - 2010-03-18 19:26 - 000348672 _____ (CANON INC.) C:\WINDOWS\system32\CNC280L.dll
2018-02-21 15:56 - 2010-03-18 19:25 - 000307200 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC280L.dll
2018-02-21 15:56 - 2009-11-13 14:38 - 000012800 _____ C:\WINDOWS\SysWOW64\CNC1746D.TBL
2018-02-21 15:56 - 2008-08-25 18:02 - 000017920 _____ (CANON INC.) C:\WINDOWS\system32\CNHMCA6.dll
2018-02-21 15:56 - 2008-08-25 18:02 - 000015872 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNHMCA.dll
2018-02-21 15:41 - 2018-02-21 15:41 - 000000000 ___HD C:\ProgramData\CanonIJEGV
2018-02-21 15:38 - 2018-02-21 15:38 - 000000000 ____D C:\Users\DF\AppData\Local\Canon Easy-PhotoPrint EX
2018-02-21 15:37 - 2018-02-21 15:58 - 000000000 ____D C:\Users\DF\AppData\Roaming\Canon
2018-02-21 15:32 - 2018-02-21 15:32 - 000000000 ___HD C:\ProgramData\CanonIJEPPEX2
2018-02-21 15:32 - 2018-02-21 15:32 - 000000000 ___HD C:\ProgramData\CanonEPP
2018-02-21 15:31 - 2018-02-21 15:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registrace uživatele zařízení Canon MP280 series
2018-02-21 15:31 - 2018-02-21 15:31 - 000000000 ____D C:\ProgramData\CanonIJMSetup
2018-02-21 15:20 - 2018-02-21 15:20 - 000000000 ____D C:\Program Files\Common Files\CANON
2018-02-21 15:19 - 2018-03-08 23:21 - 000002154 _____ C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
2018-02-21 15:19 - 2018-02-21 15:19 - 000000000 ____D C:\ProgramData\CanonIJWSpt
2018-02-21 15:18 - 2018-02-21 15:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2018-02-21 15:18 - 2018-02-21 15:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series Manual
2018-02-21 15:18 - 2018-02-21 15:18 - 000000000 ____D C:\Program Files\Canon
2018-02-21 15:17 - 2018-02-21 15:17 - 000000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2018-02-21 15:17 - 2018-02-21 15:17 - 000000000 ___HD C:\Program Files\CanonBJ
2018-02-21 15:16 - 2018-02-21 15:16 - 000000000 ___HD C:\ProgramData\CanonBJ
2018-02-21 15:16 - 2012-03-14 05:00 - 000385024 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMAA.DLL
2018-02-21 15:15 - 2018-02-21 15:43 - 000000000 ____D C:\Program Files (x86)\Canon
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-03-09 18:17 - 2017-12-22 10:51 - 000003958 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1497789448
2018-03-09 18:17 - 2017-06-18 13:37 - 000000000 ____D C:\Program Files\Opera
2018-03-09 18:12 - 2017-02-22 17:44 - 000000200 _____ C:\Users\DF\AppData\Roaming\sp_data.sys
2018-03-09 18:07 - 2017-02-22 16:45 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-09 18:06 - 2017-12-22 10:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-09 18:06 - 2017-06-18 18:25 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2018-03-09 18:06 - 2017-02-22 17:41 - 000000000 __SHD C:\Users\DF\IntelGraphicsProfiles
2018-03-09 18:05 - 2017-12-04 08:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2018-03-09 18:05 - 2017-09-29 09:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-03-09 17:39 - 2017-06-18 15:18 - 000000000 ____D C:\My i-net stuff
2018-03-09 17:15 - 2017-12-04 09:07 - 000000000 ____D C:\Users\DF\AppData\LocalLow\uTorrent
2018-03-09 17:15 - 2017-07-01 11:07 - 000000000 ____D C:\Users\DF\AppData\Roaming\uTorrent
2018-03-09 17:15 - 2017-06-18 19:04 - 000000000 ____D C:\Users\DF\Documents\Download
2018-03-09 16:04 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-09 15:29 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-09 15:29 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-08 23:27 - 2017-06-18 15:30 - 000000000 ____D C:\X-Files
2018-03-08 23:25 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-03-08 23:25 - 2017-09-29 14:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-08 23:25 - 2017-06-18 20:27 - 000000000 ____D C:\Users\DF\AppData\Roaming\MPC-HC
2018-03-08 23:25 - 2017-06-18 19:25 - 000000000 ____D C:\Users\DF\AppData\Roaming\DAEMON Tools Pro
2018-03-08 23:25 - 2017-06-18 17:12 - 000000000 ____D C:\Users\DF\AppData\Roaming\Free Download Manager
2018-03-08 23:23 - 2017-12-22 10:39 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-03-08 23:23 - 2017-07-31 06:00 - 000000908 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grand Theft Auto V.lnk
2018-03-08 23:23 - 2017-06-29 20:11 - 000001156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2018-03-08 23:23 - 2017-06-19 19:37 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-03-08 23:23 - 2017-06-18 13:24 - 000002025 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-03-08 23:22 - 2017-12-22 10:59 - 000002384 _____ C:\Users\DF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-08 23:22 - 2017-06-18 13:19 - 000001053 _____ C:\Users\DF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Volitelné funkce.lnk
2018-03-08 23:22 - 2017-02-22 16:49 - 000001963 _____ C:\ProgramData\Microsoft\Windows\Start Menu\SmartAudio.lnk
2018-03-08 23:21 - 2017-12-22 12:19 - 000000405 _____ C:\Users\DF\Desktop\Control Panel.lnk
2018-03-08 23:21 - 2017-12-22 10:32 - 000389104 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-08 23:21 - 2017-07-31 06:00 - 000000940 _____ C:\Users\Public\Desktop\Grand Theft Auto V.lnk
2018-03-08 23:21 - 2017-07-05 11:01 - 000001417 _____ C:\Users\DF\Desktop\Shutdown.lnk
2018-03-08 23:21 - 2017-06-22 16:00 - 000001002 _____ C:\Users\DF\Desktop\4K Video Downloader.lnk
2018-03-08 23:21 - 2017-06-20 21:51 - 000001190 _____ C:\Users\DF\Desktop\Paint.lnk
2018-03-08 23:21 - 2017-06-19 17:56 - 000000855 _____ C:\Users\DF\Desktop\Fraps.lnk
2018-03-08 23:21 - 2017-06-19 17:43 - 000001277 _____ C:\Users\DF\Desktop\Format Factory.lnk
2018-03-08 23:21 - 2017-06-19 16:50 - 000001173 _____ C:\Users\DF\Desktop\WinMend Folder Hidden.lnk
2018-03-08 23:21 - 2017-06-19 16:19 - 000002833 _____ C:\Users\Public\Desktop\Nero StartSmart.lnk
2018-03-08 23:21 - 2017-06-18 19:25 - 000001812 _____ C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
2018-03-08 23:21 - 2017-06-18 17:46 - 000002737 _____ C:\Users\DF\Desktop\Microsoft Office Word 2003.lnk
2018-03-08 23:21 - 2017-06-18 17:12 - 000001142 _____ C:\Users\DF\Desktop\Free Download Manager.lnk
2018-03-08 23:21 - 2017-06-18 17:10 - 000001145 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-03-08 23:21 - 2017-06-18 17:03 - 000001241 _____ C:\Users\DF\Desktop\Lingea Lexicon.lnk
2018-03-08 23:21 - 2017-06-18 15:30 - 000000747 _____ C:\Users\DF\Desktop\X-Files.lnk
2018-03-08 23:21 - 2017-06-18 15:19 - 000000812 _____ C:\Users\DF\Desktop\My i-net stuff.lnk
2018-03-08 23:21 - 2017-06-18 14:04 - 000001149 _____ C:\Users\DF\Desktop\Notepad.lnk
2018-03-08 23:21 - 2017-06-18 13:37 - 000001212 _____ C:\Users\Public\Desktop\Opera.lnk
2018-03-08 23:21 - 2017-02-27 17:23 - 000000745 _____ C:\Users\DF\Desktop\Dokumenty.lnk
2018-03-08 23:21 - 2017-02-27 17:22 - 000000436 _____ C:\Users\DF\Desktop\Tento počítač.lnk
2018-03-08 23:16 - 2017-12-22 10:51 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-03-08 23:16 - 2017-12-22 08:36 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-03-08 23:16 - 2017-11-09 21:39 - 000196648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-03-08 23:16 - 2017-06-18 13:24 - 000460520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-03-08 23:16 - 2017-06-18 13:24 - 000380528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-03-08 23:16 - 2017-06-18 13:24 - 000205976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-03-08 23:16 - 2017-06-18 13:24 - 000146656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-03-08 23:16 - 2017-06-18 13:24 - 000110328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-03-08 23:16 - 2017-06-18 13:24 - 000084368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-03-08 23:16 - 2017-06-18 13:24 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-03-08 23:15 - 2017-12-22 08:35 - 000215320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-03-08 23:15 - 2017-06-18 13:24 - 001026696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-03-08 23:15 - 2017-06-18 13:24 - 000343752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-03-08 23:15 - 2017-06-18 13:24 - 000227504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-03-08 23:15 - 2017-06-18 13:24 - 000199440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-03-08 23:15 - 2017-06-18 13:24 - 000057680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-03-08 22:29 - 2017-09-29 14:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-03-08 22:29 - 2017-09-29 14:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-03-08 22:29 - 2017-06-18 17:41 - 000000000 ____D C:\WINDOWS\SHELLNEW
2018-03-08 22:29 - 2017-02-22 17:08 - 000000000 ____D C:\Program Files\Microsoft Office
2018-03-08 22:29 - 2016-11-14 03:29 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-03-08 22:28 - 2017-09-29 14:46 - 000000000 ____D C:\Program Files\Common Files\system
2018-03-08 22:28 - 2016-07-16 12:47 - 000000076 _____ C:\WINDOWS\win.ini
2018-03-08 22:22 - 2017-06-19 18:01 - 000000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2018-03-08 22:06 - 2017-12-08 12:24 - 000000904 _____ C:\WINDOWS\Tasks\WinmendUpdateTask_DF.job
2018-03-08 20:40 - 2017-12-22 10:51 - 000003622 _____ C:\WINDOWS\System32\Tasks\WinmendUpdateTask_DF
2018-03-08 16:27 - 2017-12-22 10:32 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-08 07:28 - 2017-06-18 15:45 - 000000000 ____D C:\Users\DF\Documents\Pics
2018-03-07 20:34 - 2017-06-18 15:33 - 000307200 _____ C:\Users\DF\Documents\db3 - games.mdb
2018-03-07 20:31 - 2017-06-20 20:10 - 000000000 ____D C:\Users\DF\Documents\Games
2018-03-07 18:36 - 2017-06-24 09:40 - 000000000 ___HD C:\WINDOWS\msdownld.tmp
2018-03-07 18:22 - 2017-06-24 05:45 - 000000000 ____D C:\Games
2018-03-01 15:15 - 2017-12-22 10:51 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-02-27 16:21 - 2017-06-18 15:33 - 000020480 _____ C:\Users\DF\Documents\Placení.xls
2018-02-26 21:30 - 2017-12-22 10:37 - 000000000 ____D C:\Users\DF
2018-02-23 18:35 - 2017-06-18 15:33 - 000700416 _____ C:\Users\DF\Documents\db1 - music.mdb
2018-02-23 18:34 - 2017-06-18 15:45 - 000000000 ____D C:\Users\DF\Documents\Music - playlists
2018-02-21 16:01 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-02-21 15:57 - 2017-09-29 14:46 - 000000000 __RSD C:\WINDOWS\media
2018-02-21 15:34 - 2017-12-22 10:51 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-02-19 17:51 - 2017-12-22 08:36 - 000061304 ____N () C:\WINDOWS\SMSS-PFRO6810.tmp
2018-02-15 16:35 - 2017-12-22 10:51 - 000003226 _____ C:\WINDOWS\System32\Tasks\klcp_update
2018-02-15 16:35 - 2017-06-18 20:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2018-02-15 16:35 - 2017-06-18 20:26 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2018-02-14 16:22 - 2017-06-18 21:20 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-02-14 16:20 - 2017-10-11 15:12 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-02-14 16:20 - 2017-06-18 21:19 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-02-13 16:52 - 2017-06-18 17:10 - 000000000 ____D C:\Users\DF\AppData\Roaming\vlc
2018-02-07 17:50 - 2017-09-29 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp
==================== Files in the root of some directories =======
2017-02-22 17:44 - 2018-03-09 18:12 - 000000200 _____ () C:\Users\DF\AppData\Roaming\sp_data.sys
2018-03-08 21:33 - 2018-03-08 21:33 - 000140800 _____ () C:\Users\DF\AppData\Local\installer.dat
Some files in TEMP:
====================
2018-03-09 17:18 - 2018-03-09 17:18 - 000043520 ____N () C:\Users\DF\AppData\Local\Temp\proxy_vole6380012226383270424.dll
2018-03-08 06:54 - 2018-03-08 06:54 - 006359392 _____ () C:\Users\DF\AppData\Local\Temp\setup.dll
2018-03-08 21:34 - 2018-03-08 21:34 - 048475783 _____ (My Company, Inc. ) C:\Users\DF\AppData\Local\Temp\setups.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-03-06 15:44
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: (OS) (Fixed) (Total:930.75 GB) (Free:522.58 GB) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{717bcf91-1454-49b0-b9b6-d5c083d34017}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.23 GB) FAT32
\\?\Volume{d57f6eff-61c4-41b5-ab9b-79115d9d6e4c}\ (RECOVERY) (Fixed) (Total:0.49 GB) (Free:0.1 GB) NTFS
Available physical RAM: 9800.63 MB
Total physical RAM: 12168.48 MB
Percentage of memory in use: 19%
==================== MBR and Partition Table ==================
Disk: 0 (Size: 931.5 GB) (Disk ID: C2A188A2)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\WinmendUpdateTask_DF.job => C:\Program Files (x86)\WinMend\Folder Hidden\LiveUpdate.exe
Task: C:\WINDOWS\Tasks\WpsExternal_20161114022915.job => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\DF\Desktop" je 10 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
==================== End Of Log ==============================
Ran by DF (administrator) on DESKTOP-EORD0IQ (09-03-2018 18:57:24)
Running from C:\Users\DF\Desktop
Loaded Profiles: DF (Available Profiles: defaultuser0 & DF)
Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHDCPSvc.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHeciSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxEM.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(forum.viry.cz) C:\Users\DF\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [599896 2015-06-10] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830232 2016-03-08] (Conexant Systems, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-08] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3694548718-1825946254-3049225486-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-3694548718-1825946254-3049225486-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\SysWOW64\3PLANE~1.SCR [749632 2013-10-20] (3Planesoft)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.106.4.1 10.106.47.1
Tcpip\..\Interfaces\{4038fa66-0d36-4b65-8251-4a580cd01e27}: [DhcpNameServer] 10.106.4.1 10.106.47.1
Tcpip\..\Interfaces\{76f534f5-6748-42cc-b11b-80df3dbdddf3}: [DhcpNameServer] 169.254.177.95
Internet Explorer:
==================
HKU\S-1-5-21-3694548718-1825946254-3049225486-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-3694548718-1825946254-3049225486-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10454__171204__yaie&p={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-22] (Oracle Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2013-03-11] (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-22] (Oracle Corporation)
Edge:
======
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.9.0_neutral__d55gg7py3s0m0 [2017-06-22]
FireFox:
========
FF DefaultProfile: 4mte9l68.default
FF ProfilePath: C:\Users\DF\AppData\Roaming\Mozilla\Firefox\Profiles\4mte9l68.default [2018-03-08]
FF Extension: (Adblock Plus) - C:\Users\DF\AppData\Roaming\Mozilla\Firefox\Profiles\4mte9l68.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-02-28]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-15] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-22] (Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
Opera:
=======
OPR Extension: (SmoothScroll) - C:\Users\DF\AppData\Roaming\Opera Software\Opera Stable\Extensions\giapppmfepkcnkmphikjdibgekehlfhj [2018-02-28]
OPR Extension: (Download with JDownloader) - C:\Users\DF\AppData\Roaming\Opera Software\Opera Stable\Extensions\jjbbcngfknmgdlekfofhaagmogeifbpc [2018-02-28]
OPR Extension: (Adblock Plus) - C:\Users\DF\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2018-01-30]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7556704 2018-03-08] (AVAST Software)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [325880 2015-12-14] (Windows (R) Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-08] (AVAST Software)
S3 Disc Soft Pro Bus Service; C:\Program Files\DAEMON Tools Pro\DiscSoftBusServicePro.exe [1392320 2016-10-19] (Disc Soft Ltd)
R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1585784 2016-05-23] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2016-03-02] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-03-02] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [215328 2016-05-16] (Intel Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation)
R2 SAService; C:\Windows\system32\SAsrv.exe [427224 2015-04-17] (Conexant Systems, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AsusSGDrv; C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys [138744 2015-08-17] (ASUS Corporation)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [196648 2018-03-08] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [227504 2018-03-08] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199440 2018-03-08] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343752 2018-03-08] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57680 2018-03-08] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [215320 2018-03-08] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-03-08] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [146656 2018-03-08] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110328 2018-03-08] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84368 2018-03-08] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026696 2018-03-08] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460520 2018-03-08] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [205976 2018-03-08] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380528 2018-03-08] (AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [70208 2016-05-23] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [65088 2016-05-23] (Intel Corporation)
R3 dtproscsibus; C:\WINDOWS\System32\drivers\dtproscsibus.sys [30264 2017-06-18] (Disc Soft Ltd)
R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [343608 2016-05-23] (Intel Corporation)
S3 farmntio; C:\Windows\system32\drivers\farmntio.sys [25144 2014-03-25] () [File not signed]
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_bdb672bcf02c0cf0\nvlddmkm.sys [16936048 2017-10-28] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-11] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-10-27] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [937728 2016-05-17] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
U0 Partizan; system32\drivers\Partizan.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-03-09 18:01 - 2018-03-09 18:05 - 000000000 ____D C:\AdwCleaner
2018-03-09 17:39 - 2018-03-09 17:39 - 008222496 _____ (Malwarebytes) C:\Users\DF\Desktop\adwcleaner_7.0.8.0.exe
2018-03-09 16:24 - 2018-03-09 18:57 - 000014810 _____ C:\Users\DF\Desktop\FRST.txt
2018-03-09 16:23 - 2018-03-09 16:24 - 000000000 ____D C:\FRST
2018-03-09 16:22 - 2018-03-09 16:22 - 000112640 _____ (forum.viry.cz) C:\Users\DF\Desktop\FRSTLauncher.exe
2018-03-09 16:21 - 2018-03-09 16:21 - 002403328 _____ (Farbar) C:\Users\DF\Desktop\FRST64.exe
2018-03-08 23:16 - 2018-03-08 23:16 - 000380768 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-03-08 23:00 - 2018-03-08 22:51 - 000007019 _____ C:\WINDOWS\system32\Drivers\etc\hosts.old
2018-03-08 22:58 - 2018-03-08 23:03 - 000000000 ____D C:\Users\DF\Documents\RegRun2
2018-03-08 22:58 - 2018-03-08 23:01 - 000000000 ____D C:\Users\Public\Documents\regruninfo
2018-03-08 22:58 - 2018-03-08 22:59 - 000000002 RSHOT C:\WINDOWS\winstart.bat
2018-03-08 22:58 - 2018-03-08 22:59 - 000000002 RSHOT C:\WINDOWS\SysWOW64\CONFIG.NT
2018-03-08 22:58 - 2018-03-08 22:59 - 000000002 RSHOT C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2018-03-08 22:58 - 2016-11-01 13:08 - 000015016 _____ (Greatis Software, LLC.) C:\WINDOWS\SysWOW64\Drivers\UnHackMeDrv.sys
2018-03-08 22:58 - 2015-12-28 11:32 - 000049968 _____ (Greatis Software) C:\WINDOWS\system32\partizan.exe
2018-03-08 22:51 - 2018-03-08 23:22 - 000000080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\uTorrent.lnk
2018-03-08 22:51 - 2018-03-08 23:21 - 000000080 _____ C:\Users\DF\AppData\Roaming\Microsoft\Windows\Start Menu\uTorrent.lnk
2018-03-08 21:34 - 2018-03-08 21:39 - 000000000 ____D C:\ProgramData\0163fa1137
2018-03-08 21:33 - 2018-03-08 21:33 - 000140800 _____ C:\Users\DF\AppData\Local\installer.dat
2018-03-08 20:45 - 2018-03-08 20:45 - 000000000 ____D C:\Users\DF\AppData\Local\Microsoft Help
2018-03-08 20:42 - 2018-03-08 20:45 - 000000000 ____D C:\Users\DF\AppData\Roaming\Bonjour
2018-03-08 20:42 - 2018-03-08 20:42 - 000000000 ____D C:\Users\DF\AppData\Local\Bonjour service
2018-03-08 19:22 - 2018-03-08 23:21 - 000001256 _____ C:\Users\DF\Desktop\3Planesoft Screensaver Manager.lnk
2018-03-08 19:22 - 2018-03-08 19:22 - 000000000 ____D C:\Users\DF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3Planesoft 3D Screensavers All in One
2018-03-08 19:22 - 2018-03-08 19:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Planesoft
2018-03-08 19:22 - 2018-03-08 19:22 - 000000000 ____D C:\ProgramData\3Planesoft
2018-03-08 19:22 - 2018-03-08 19:22 - 000000000 ____D C:\Program Files (x86)\3Planesoft Screensaver Manager
2018-03-08 19:22 - 2013-10-20 14:11 - 000749632 _____ (3Planesoft) C:\WINDOWS\SysWOW64\3Planesoft_Screensaver_Manager.scr
2018-03-08 19:22 - 2013-04-05 15:16 - 002530328 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Water_Clock_3D_Screensaver.scr
2018-03-08 19:22 - 2013-04-04 17:21 - 002525728 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Vintage_Aircraft_3D_Screensaver.scr
2018-03-08 19:22 - 2013-04-04 17:18 - 002535968 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Winter_Wonderland_3D_Screensaver.scr
2018-03-08 19:22 - 2013-02-06 11:11 - 002519576 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Zodiac_Clock_3D_Screensaver.scr
2018-03-08 19:22 - 2013-02-06 11:09 - 002621984 _____ (3Planesoft) C:\WINDOWS\SysWOW64\White_Christmas_3D_Screensaver.scr
2018-03-08 19:22 - 2013-02-06 11:09 - 002551832 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Wildflowers_3D_Screensaver.scr
2018-03-08 19:22 - 2013-02-06 11:08 - 000981024 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Western_Railway_3D_Screensaver.scr
2018-03-08 19:22 - 2013-02-06 11:07 - 002509328 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Watermill_3D_Screensaver.scr
2018-03-08 19:22 - 2013-02-06 11:06 - 000953896 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Voyage_of_Columbus_3D_Screensaver.scr
2018-03-08 19:22 - 2013-02-06 11:03 - 002653728 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Venice_Carnival_3D_Screensaver.scr
2018-03-08 19:21 - 2013-10-21 19:12 - 002591256 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Starry_Night_3D_Screensaver.scr
2018-03-08 19:21 - 2013-10-21 19:11 - 002828344 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Sky_Citadel_3D_Screensaver.scr
2018-03-08 19:21 - 2013-10-21 19:10 - 002723344 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Sharks_3D_Screensaver.scr
2018-03-08 19:21 - 2013-10-21 17:19 - 002729528 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Tiger_Sharks_3D_Screensaver.scr
2018-03-08 19:21 - 2013-04-02 10:01 - 002540056 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Steam_Clock_3D_Screensaver.scr
2018-03-08 19:21 - 2013-03-01 11:14 - 002532376 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Snow_Village_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 11:03 - 002678312 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Valentine_Musicbox_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 11:02 - 002526736 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Valentine_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 11:01 - 002528800 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Tyrannosaurus_Rex_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 11:01 - 002511384 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Tropical_Fish_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 11:00 - 002635296 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Titanic_Memories_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:59 - 000825368 _____ (3Planesoft) C:\WINDOWS\SysWOW64\The_One_Ring_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:58 - 000981536 _____ (3Planesoft) C:\WINDOWS\SysWOW64\The_Lost_Watch_II_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:57 - 002827296 _____ (3Planesoft) C:\WINDOWS\SysWOW64\The_Lost_Watch_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:57 - 002689568 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Thanksgiving_Day_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:56 - 002653208 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Sunny_Patio_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:56 - 002532376 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Sweethearts_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:55 - 002535448 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Sun_Village_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:54 - 002765336 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Summer_Forest_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:53 - 002660888 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Stonehenge_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:53 - 002527776 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Stock_Car_Racing_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:51 - 002532888 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Springtime_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:51 - 000956960 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Spirit_of_Fire_3D_Screensaver.scr
2018-03-08 19:21 - 2013-02-06 10:49 - 004640288 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Skeleton_Clock_3D_Screensaver.scr
2018-03-08 19:20 - 2013-10-21 19:10 - 002658376 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Sharks_-_Great_White_3D_Screensaver.scr
2018-03-08 19:20 - 2013-10-21 19:09 - 002634272 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Futuristic_City_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:48 - 002541592 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Santa_Claus_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:47 - 002644504 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Sandy_Beach_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:46 - 002638368 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Orbital_Sunset_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:46 - 000946704 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Nautilus_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:45 - 000956944 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Nature_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:44 - 002531880 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Mountain_Waterfall_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:43 - 002535968 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Medieval_Castle_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:43 - 002531872 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Mechanical_Clock_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:42 - 000973856 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Mayan_Waterfall_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:42 - 000972832 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Lighthouse_Point_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:41 - 000817168 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Lantern_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:40 - 002668560 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Lake_Tree_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:40 - 000951824 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Lagoon_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:39 - 002545680 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Koi_Fish_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:39 - 002516496 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Ice_Clock_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:38 - 002534936 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Haunted_House_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:38 - 000942608 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Halloween_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:36 - 002679840 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Great_Pyramids_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:36 - 002534928 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Grassland_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:35 - 002664472 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Grand_Canyon_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:34 - 002522632 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Fog_Lake_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:34 - 000970256 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Galleon_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:33 - 002775576 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Fog_Horses_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:32 - 002519080 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Fireside_Christmas_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:32 - 000991752 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Flag_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:31 - 002671120 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Fireplace_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:31 - 002525216 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Faraway_Planet_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:30 - 000954392 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Fantasy_Moon_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:29 - 002637320 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Earth_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:29 - 000973344 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Dutch_Windmills_3D_Screensaver.scr
2018-03-08 19:20 - 2013-02-06 10:28 - 002693648 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Dolphins_3D_Screensaver.scr
2018-03-08 19:19 - 2018-03-08 19:22 - 000000000 ____D C:\Program Files (x86)\3Planesoft 3D Screensavers All in One
2018-03-08 19:19 - 2013-04-05 16:46 - 002527256 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Deep_Space_3D_Screensaver.scr
2018-03-08 19:19 - 2013-04-04 17:19 - 002536992 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Caribbean_Islands_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:27 - 002559000 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Digital_Clock_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:27 - 000957968 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Discovery_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:25 - 002532368 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Cyberfish_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:25 - 000947736 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Cuckoo_Clock_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:24 - 000980000 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Crystal_Fireplace_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:23 - 002510872 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Coral_Clock_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:23 - 002504216 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Coral_Reef_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:22 - 000953368 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Clock_Tower_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:21 - 002646048 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Christmas_Evening_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:21 - 002526240 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Christmas_Bells_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:20 - 000951312 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Christmas_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:19 - 002610208 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Blooming_Sakura_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:18 - 000971304 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Battleship_Missouri_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:17 - 002656792 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Autumn_Forest_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:17 - 002541600 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Autumn_Wonderland_3D_Screensaver.scr
2018-03-08 19:19 - 2013-02-06 10:16 - 002512928 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Ancient_Castle_3D_Screensaver.scr
2018-03-08 19:19 - 2009-07-15 18:54 - 001289216 _____ C:\WINDOWS\SysWOW64\Christmas Tree 3D Screensaver.exe
2018-03-08 19:19 - 2003-11-28 15:19 - 000187904 _____ C:\WINDOWS\SysWOW64\Christmas Tree 3D Screensaver.scr
2018-03-07 20:33 - 2018-03-08 23:21 - 000000743 _____ C:\Users\DF\Desktop\The Painscreek Killings.lnk
2018-03-07 18:48 - 2018-03-07 18:48 - 000000000 ____D C:\Users\DF\AppData\LocalLow\EQ Studios
2018-02-28 17:10 - 2018-02-28 17:10 - 000000000 ____D C:\Users\DF\AppData\Local\com.add0n.native_client
2018-02-28 17:08 - 2018-02-28 17:08 - 013088554 _____ C:\Users\DF\Downloads\windows.zip
2018-02-28 17:08 - 2018-02-28 17:08 - 013088554 _____ C:\Users\DF\Downloads\windows(1).zip
2018-02-26 20:43 - 2018-02-26 20:43 - 000000000 ____D C:\Users\DF\hitman
2018-02-26 10:19 - 2018-03-08 23:21 - 000001221 _____ C:\Users\DF\Desktop\Prey.lnk
2018-02-24 08:55 - 2018-03-07 18:37 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2018-02-24 08:54 - 2018-02-24 08:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2018-02-23 05:15 - 2018-03-08 23:23 - 000001051 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-02-23 05:15 - 2018-03-08 21:58 - 000000000 ____D C:\Users\DF\AppData\LocalLow\Mozilla
2018-02-23 05:15 - 2018-02-23 05:19 - 000000000 ____D C:\Users\DF\AppData\Local\Mozilla
2018-02-23 05:15 - 2018-02-23 05:15 - 000000000 ____D C:\Users\DF\AppData\Roaming\Mozilla
2018-02-23 05:15 - 2018-02-23 05:15 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-02-23 05:15 - 2018-02-23 05:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-22 16:15 - 2018-02-22 16:15 - 000000000 ____D C:\Users\DF\AppData\Local\ElevatedDiagnostics
2018-02-21 20:30 - 2018-03-08 23:21 - 000001564 _____ C:\Users\DF\Desktop\Windows Media Player.lnk
2018-02-21 19:58 - 2018-03-08 23:21 - 000001300 _____ C:\Users\DF\Desktop\Media Player Classic.lnk
2018-02-21 15:58 - 2018-02-21 15:58 - 000000000 ___HD C:\ProgramData\CanonIJScan
2018-02-21 15:57 - 2018-02-21 15:57 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-02-21 15:56 - 2018-02-21 15:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series
2018-02-21 15:56 - 2012-07-04 11:55 - 001354240 _____ (CANON INC.) C:\WINDOWS\system32\CNC280C.dll
2018-02-21 15:56 - 2012-07-04 11:55 - 000112128 _____ (CANON INC.) C:\WINDOWS\system32\CNC280I.dll
2018-02-21 15:56 - 2012-07-04 11:29 - 000106496 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC280U.dll
2018-02-21 15:56 - 2012-04-18 13:24 - 000103424 _____ (Canon Inc.) C:\WINDOWS\system32\CNC280O.dll
2018-02-21 15:56 - 2010-03-18 19:26 - 000348672 _____ (CANON INC.) C:\WINDOWS\system32\CNC280L.dll
2018-02-21 15:56 - 2010-03-18 19:25 - 000307200 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC280L.dll
2018-02-21 15:56 - 2009-11-13 14:38 - 000012800 _____ C:\WINDOWS\SysWOW64\CNC1746D.TBL
2018-02-21 15:56 - 2008-08-25 18:02 - 000017920 _____ (CANON INC.) C:\WINDOWS\system32\CNHMCA6.dll
2018-02-21 15:56 - 2008-08-25 18:02 - 000015872 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNHMCA.dll
2018-02-21 15:41 - 2018-02-21 15:41 - 000000000 ___HD C:\ProgramData\CanonIJEGV
2018-02-21 15:38 - 2018-02-21 15:38 - 000000000 ____D C:\Users\DF\AppData\Local\Canon Easy-PhotoPrint EX
2018-02-21 15:37 - 2018-02-21 15:58 - 000000000 ____D C:\Users\DF\AppData\Roaming\Canon
2018-02-21 15:32 - 2018-02-21 15:32 - 000000000 ___HD C:\ProgramData\CanonIJEPPEX2
2018-02-21 15:32 - 2018-02-21 15:32 - 000000000 ___HD C:\ProgramData\CanonEPP
2018-02-21 15:31 - 2018-02-21 15:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registrace uživatele zařízení Canon MP280 series
2018-02-21 15:31 - 2018-02-21 15:31 - 000000000 ____D C:\ProgramData\CanonIJMSetup
2018-02-21 15:20 - 2018-02-21 15:20 - 000000000 ____D C:\Program Files\Common Files\CANON
2018-02-21 15:19 - 2018-03-08 23:21 - 000002154 _____ C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
2018-02-21 15:19 - 2018-02-21 15:19 - 000000000 ____D C:\ProgramData\CanonIJWSpt
2018-02-21 15:18 - 2018-02-21 15:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2018-02-21 15:18 - 2018-02-21 15:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series Manual
2018-02-21 15:18 - 2018-02-21 15:18 - 000000000 ____D C:\Program Files\Canon
2018-02-21 15:17 - 2018-02-21 15:17 - 000000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2018-02-21 15:17 - 2018-02-21 15:17 - 000000000 ___HD C:\Program Files\CanonBJ
2018-02-21 15:16 - 2018-02-21 15:16 - 000000000 ___HD C:\ProgramData\CanonBJ
2018-02-21 15:16 - 2012-03-14 05:00 - 000385024 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMAA.DLL
2018-02-21 15:15 - 2018-02-21 15:43 - 000000000 ____D C:\Program Files (x86)\Canon
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-03-09 18:17 - 2017-12-22 10:51 - 000003958 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1497789448
2018-03-09 18:17 - 2017-06-18 13:37 - 000000000 ____D C:\Program Files\Opera
2018-03-09 18:12 - 2017-02-22 17:44 - 000000200 _____ C:\Users\DF\AppData\Roaming\sp_data.sys
2018-03-09 18:07 - 2017-02-22 16:45 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-09 18:06 - 2017-12-22 10:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-09 18:06 - 2017-06-18 18:25 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2018-03-09 18:06 - 2017-02-22 17:41 - 000000000 __SHD C:\Users\DF\IntelGraphicsProfiles
2018-03-09 18:05 - 2017-12-04 08:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2018-03-09 18:05 - 2017-09-29 09:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-03-09 17:39 - 2017-06-18 15:18 - 000000000 ____D C:\My i-net stuff
2018-03-09 17:15 - 2017-12-04 09:07 - 000000000 ____D C:\Users\DF\AppData\LocalLow\uTorrent
2018-03-09 17:15 - 2017-07-01 11:07 - 000000000 ____D C:\Users\DF\AppData\Roaming\uTorrent
2018-03-09 17:15 - 2017-06-18 19:04 - 000000000 ____D C:\Users\DF\Documents\Download
2018-03-09 16:04 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-09 15:29 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-09 15:29 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-08 23:27 - 2017-06-18 15:30 - 000000000 ____D C:\X-Files
2018-03-08 23:25 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-03-08 23:25 - 2017-09-29 14:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-08 23:25 - 2017-06-18 20:27 - 000000000 ____D C:\Users\DF\AppData\Roaming\MPC-HC
2018-03-08 23:25 - 2017-06-18 19:25 - 000000000 ____D C:\Users\DF\AppData\Roaming\DAEMON Tools Pro
2018-03-08 23:25 - 2017-06-18 17:12 - 000000000 ____D C:\Users\DF\AppData\Roaming\Free Download Manager
2018-03-08 23:23 - 2017-12-22 10:39 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-03-08 23:23 - 2017-07-31 06:00 - 000000908 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grand Theft Auto V.lnk
2018-03-08 23:23 - 2017-06-29 20:11 - 000001156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2018-03-08 23:23 - 2017-06-19 19:37 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-03-08 23:23 - 2017-06-18 13:24 - 000002025 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-03-08 23:22 - 2017-12-22 10:59 - 000002384 _____ C:\Users\DF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-08 23:22 - 2017-06-18 13:19 - 000001053 _____ C:\Users\DF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Volitelné funkce.lnk
2018-03-08 23:22 - 2017-02-22 16:49 - 000001963 _____ C:\ProgramData\Microsoft\Windows\Start Menu\SmartAudio.lnk
2018-03-08 23:21 - 2017-12-22 12:19 - 000000405 _____ C:\Users\DF\Desktop\Control Panel.lnk
2018-03-08 23:21 - 2017-12-22 10:32 - 000389104 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-08 23:21 - 2017-07-31 06:00 - 000000940 _____ C:\Users\Public\Desktop\Grand Theft Auto V.lnk
2018-03-08 23:21 - 2017-07-05 11:01 - 000001417 _____ C:\Users\DF\Desktop\Shutdown.lnk
2018-03-08 23:21 - 2017-06-22 16:00 - 000001002 _____ C:\Users\DF\Desktop\4K Video Downloader.lnk
2018-03-08 23:21 - 2017-06-20 21:51 - 000001190 _____ C:\Users\DF\Desktop\Paint.lnk
2018-03-08 23:21 - 2017-06-19 17:56 - 000000855 _____ C:\Users\DF\Desktop\Fraps.lnk
2018-03-08 23:21 - 2017-06-19 17:43 - 000001277 _____ C:\Users\DF\Desktop\Format Factory.lnk
2018-03-08 23:21 - 2017-06-19 16:50 - 000001173 _____ C:\Users\DF\Desktop\WinMend Folder Hidden.lnk
2018-03-08 23:21 - 2017-06-19 16:19 - 000002833 _____ C:\Users\Public\Desktop\Nero StartSmart.lnk
2018-03-08 23:21 - 2017-06-18 19:25 - 000001812 _____ C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
2018-03-08 23:21 - 2017-06-18 17:46 - 000002737 _____ C:\Users\DF\Desktop\Microsoft Office Word 2003.lnk
2018-03-08 23:21 - 2017-06-18 17:12 - 000001142 _____ C:\Users\DF\Desktop\Free Download Manager.lnk
2018-03-08 23:21 - 2017-06-18 17:10 - 000001145 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-03-08 23:21 - 2017-06-18 17:03 - 000001241 _____ C:\Users\DF\Desktop\Lingea Lexicon.lnk
2018-03-08 23:21 - 2017-06-18 15:30 - 000000747 _____ C:\Users\DF\Desktop\X-Files.lnk
2018-03-08 23:21 - 2017-06-18 15:19 - 000000812 _____ C:\Users\DF\Desktop\My i-net stuff.lnk
2018-03-08 23:21 - 2017-06-18 14:04 - 000001149 _____ C:\Users\DF\Desktop\Notepad.lnk
2018-03-08 23:21 - 2017-06-18 13:37 - 000001212 _____ C:\Users\Public\Desktop\Opera.lnk
2018-03-08 23:21 - 2017-02-27 17:23 - 000000745 _____ C:\Users\DF\Desktop\Dokumenty.lnk
2018-03-08 23:21 - 2017-02-27 17:22 - 000000436 _____ C:\Users\DF\Desktop\Tento počítač.lnk
2018-03-08 23:16 - 2017-12-22 10:51 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-03-08 23:16 - 2017-12-22 08:36 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-03-08 23:16 - 2017-11-09 21:39 - 000196648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-03-08 23:16 - 2017-06-18 13:24 - 000460520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-03-08 23:16 - 2017-06-18 13:24 - 000380528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-03-08 23:16 - 2017-06-18 13:24 - 000205976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-03-08 23:16 - 2017-06-18 13:24 - 000146656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-03-08 23:16 - 2017-06-18 13:24 - 000110328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-03-08 23:16 - 2017-06-18 13:24 - 000084368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-03-08 23:16 - 2017-06-18 13:24 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-03-08 23:15 - 2017-12-22 08:35 - 000215320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-03-08 23:15 - 2017-06-18 13:24 - 001026696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-03-08 23:15 - 2017-06-18 13:24 - 000343752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-03-08 23:15 - 2017-06-18 13:24 - 000227504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-03-08 23:15 - 2017-06-18 13:24 - 000199440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-03-08 23:15 - 2017-06-18 13:24 - 000057680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-03-08 22:29 - 2017-09-29 14:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-03-08 22:29 - 2017-09-29 14:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-03-08 22:29 - 2017-06-18 17:41 - 000000000 ____D C:\WINDOWS\SHELLNEW
2018-03-08 22:29 - 2017-02-22 17:08 - 000000000 ____D C:\Program Files\Microsoft Office
2018-03-08 22:29 - 2016-11-14 03:29 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-03-08 22:28 - 2017-09-29 14:46 - 000000000 ____D C:\Program Files\Common Files\system
2018-03-08 22:28 - 2016-07-16 12:47 - 000000076 _____ C:\WINDOWS\win.ini
2018-03-08 22:22 - 2017-06-19 18:01 - 000000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2018-03-08 22:06 - 2017-12-08 12:24 - 000000904 _____ C:\WINDOWS\Tasks\WinmendUpdateTask_DF.job
2018-03-08 20:40 - 2017-12-22 10:51 - 000003622 _____ C:\WINDOWS\System32\Tasks\WinmendUpdateTask_DF
2018-03-08 16:27 - 2017-12-22 10:32 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-08 07:28 - 2017-06-18 15:45 - 000000000 ____D C:\Users\DF\Documents\Pics
2018-03-07 20:34 - 2017-06-18 15:33 - 000307200 _____ C:\Users\DF\Documents\db3 - games.mdb
2018-03-07 20:31 - 2017-06-20 20:10 - 000000000 ____D C:\Users\DF\Documents\Games
2018-03-07 18:36 - 2017-06-24 09:40 - 000000000 ___HD C:\WINDOWS\msdownld.tmp
2018-03-07 18:22 - 2017-06-24 05:45 - 000000000 ____D C:\Games
2018-03-01 15:15 - 2017-12-22 10:51 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-02-27 16:21 - 2017-06-18 15:33 - 000020480 _____ C:\Users\DF\Documents\Placení.xls
2018-02-26 21:30 - 2017-12-22 10:37 - 000000000 ____D C:\Users\DF
2018-02-23 18:35 - 2017-06-18 15:33 - 000700416 _____ C:\Users\DF\Documents\db1 - music.mdb
2018-02-23 18:34 - 2017-06-18 15:45 - 000000000 ____D C:\Users\DF\Documents\Music - playlists
2018-02-21 16:01 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-02-21 15:57 - 2017-09-29 14:46 - 000000000 __RSD C:\WINDOWS\media
2018-02-21 15:34 - 2017-12-22 10:51 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-02-19 17:51 - 2017-12-22 08:36 - 000061304 ____N () C:\WINDOWS\SMSS-PFRO6810.tmp
2018-02-15 16:35 - 2017-12-22 10:51 - 000003226 _____ C:\WINDOWS\System32\Tasks\klcp_update
2018-02-15 16:35 - 2017-06-18 20:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2018-02-15 16:35 - 2017-06-18 20:26 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2018-02-14 16:22 - 2017-06-18 21:20 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-02-14 16:20 - 2017-10-11 15:12 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-02-14 16:20 - 2017-06-18 21:19 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-02-13 16:52 - 2017-06-18 17:10 - 000000000 ____D C:\Users\DF\AppData\Roaming\vlc
2018-02-07 17:50 - 2017-09-29 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp
==================== Files in the root of some directories =======
2017-02-22 17:44 - 2018-03-09 18:12 - 000000200 _____ () C:\Users\DF\AppData\Roaming\sp_data.sys
2018-03-08 21:33 - 2018-03-08 21:33 - 000140800 _____ () C:\Users\DF\AppData\Local\installer.dat
Some files in TEMP:
====================
2018-03-09 17:18 - 2018-03-09 17:18 - 000043520 ____N () C:\Users\DF\AppData\Local\Temp\proxy_vole6380012226383270424.dll
2018-03-08 06:54 - 2018-03-08 06:54 - 006359392 _____ () C:\Users\DF\AppData\Local\Temp\setup.dll
2018-03-08 21:34 - 2018-03-08 21:34 - 048475783 _____ (My Company, Inc. ) C:\Users\DF\AppData\Local\Temp\setups.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-03-06 15:44
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: (OS) (Fixed) (Total:930.75 GB) (Free:522.58 GB) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{717bcf91-1454-49b0-b9b6-d5c083d34017}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.23 GB) FAT32
\\?\Volume{d57f6eff-61c4-41b5-ab9b-79115d9d6e4c}\ (RECOVERY) (Fixed) (Total:0.49 GB) (Free:0.1 GB) NTFS
Available physical RAM: 9800.63 MB
Total physical RAM: 12168.48 MB
Percentage of memory in use: 19%
==================== MBR and Partition Table ==================
Disk: 0 (Size: 931.5 GB) (Disk ID: C2A188A2)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\WinmendUpdateTask_DF.job => C:\Program Files (x86)\WinMend\Folder Hidden\LiveUpdate.exe
Task: C:\WINDOWS\Tasks\WpsExternal_20161114022915.job => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\DF\Desktop" je 10 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
==================== End Of Log ==============================
- Přílohy
-
- Addition.rar
- (10.95 KiB) Staženo 63 x
-
Rudy
- Site Admin
- Příspěvky: 118251
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Neodstranitelný virus cmdsrvs – pls help
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
U0 Partizan; system32\drivers\Partizan.sys [X]
C:\Users\DF\AppData\Roaming\Bonjour
C:\WINDOWS\LastGood.Tmp
C:\Users\DF\AppData\Local\Temp
Main Services (HKLM\...\{CCDF2023-BC8F-4A8E-A3EC-E2740C879398}) (Version: 2.0.13 - System Native) Hidden <==== ATTENTION
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {E1F19737-3900-4BF7-A905-8AC391FA526A} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
EmptyTemp:
Hosts:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Neodstranitelný virus cmdsrvs – pls help
Fix result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by DF (09-03-2018 20:06:05) Run:1
Running from C:\Users\DF\Desktop
Loaded Profiles: DF (Available Profiles: defaultuser0 & DF)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
U0 Partizan; system32\drivers\Partizan.sys [X]
C:\Users\DF\AppData\Roaming\Bonjour
C:\WINDOWS\LastGood.Tmp
C:\Users\DF\AppData\Local\Temp
Main Services (HKLM\...\{CCDF2023-BC8F-4A8E-A3EC-E2740C879398}) (Version: 2.0.13 - System Native) Hidden <==== ATTENTION
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {E1F19737-3900-4BF7-A905-8AC391FA526A} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
EmptyTemp:
Hosts:
End
*****************
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
"HKLM\System\CurrentControlSet\Services\Partizan" => removed successfully
Partizan => service removed successfully
C:\Users\DF\AppData\Roaming\Bonjour => moved successfully
C:\WINDOWS\LastGood.Tmp => moved successfully
"C:\Users\DF\AppData\Local\Temp" folder move:
Could not move "C:\Users\DF\AppData\Local\Temp" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CCDF2023-BC8F-4A8E-A3EC-E2740C879398}\\SystemComponent" => removed successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1F19737-3900-4BF7-A905-8AC391FA526A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1F19737-3900-4BF7-A905-8AC391FA526A}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 149052493 B
Java, Flash, Steam htmlcache => 1080 B
Windows/system/drivers => 144665972 B
Edge => 9741 B
Chrome => 0 B
Firefox => 16672838 B
Opera => 193191622 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 3266 B
NetworkService => 0 B
defaultuser0 => 0 B
DF => 154448686 B
RecycleBin => 0 B
EmptyTemp: => 635.1 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 09-03-2018 20:07:47)
C:\Users\DF\AppData\Local\Temp => moved successfully
Result of scheduled keys to remove after reboot:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
==== End of Fixlog 20:07:48 ====
Ran by DF (09-03-2018 20:06:05) Run:1
Running from C:\Users\DF\Desktop
Loaded Profiles: DF (Available Profiles: defaultuser0 & DF)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
U0 Partizan; system32\drivers\Partizan.sys [X]
C:\Users\DF\AppData\Roaming\Bonjour
C:\WINDOWS\LastGood.Tmp
C:\Users\DF\AppData\Local\Temp
Main Services (HKLM\...\{CCDF2023-BC8F-4A8E-A3EC-E2740C879398}) (Version: 2.0.13 - System Native) Hidden <==== ATTENTION
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {E1F19737-3900-4BF7-A905-8AC391FA526A} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
EmptyTemp:
Hosts:
End
*****************
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
"HKLM\System\CurrentControlSet\Services\Partizan" => removed successfully
Partizan => service removed successfully
C:\Users\DF\AppData\Roaming\Bonjour => moved successfully
C:\WINDOWS\LastGood.Tmp => moved successfully
"C:\Users\DF\AppData\Local\Temp" folder move:
Could not move "C:\Users\DF\AppData\Local\Temp" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CCDF2023-BC8F-4A8E-A3EC-E2740C879398}\\SystemComponent" => removed successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1F19737-3900-4BF7-A905-8AC391FA526A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1F19737-3900-4BF7-A905-8AC391FA526A}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 149052493 B
Java, Flash, Steam htmlcache => 1080 B
Windows/system/drivers => 144665972 B
Edge => 9741 B
Chrome => 0 B
Firefox => 16672838 B
Opera => 193191622 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 3266 B
NetworkService => 0 B
defaultuser0 => 0 B
DF => 154448686 B
RecycleBin => 0 B
EmptyTemp: => 635.1 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 09-03-2018 20:07:47)
C:\Users\DF\AppData\Local\Temp => moved successfully
Result of scheduled keys to remove after reboot:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
==== End of Fixlog 20:07:48 ====
-
Rudy
- Site Admin
- Příspěvky: 118251
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Neodstranitelný virus cmdsrvs – pls help
Smazáno. Log by již měl být OK.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Neodstranitelný virus cmdsrvs – pls help
Díky moc, ještě tam hodím finální Ccleaner + restart. Měl bych ještě dotaz či dva.
1) Na ploše mi zbyly věci, který samozřemě smažu, ale chci se zeptat na adwcleaner. Samozřejmě jakožto laik nemůžu nijak zvlášť řešit logy, ale zdá se mi, že jako nástroj občasnýho monitoringu (tzn. "cleaningu") by to nebylo špatný. Na Malwarebytes Anti-Malware nemám prachy.
2) Na disku C mi zůstala složka "FRST" a má 290 MB. Jdu ji mazat; mimochodem, půjde to?
3) V Dokumentech mi zbyla složka "RegRun2". Viz 2)
4) Rudy a všichní ostatní - chtěl bych vám moc poděkovat. Za x posledních let už jsem tu řešil několik problémů na různých kompech - a vždycky jste mi pomohli... s profesionálním přístupem, ve svým volným čase a zadarmo, což je neuvěřitelný. Vážej si toho ty lidi vůbec?
Anyway... kdyby se ještě něco sr**o, ozvu se. Zatím díky moc.
1) Na ploše mi zbyly věci, který samozřemě smažu, ale chci se zeptat na adwcleaner. Samozřejmě jakožto laik nemůžu nijak zvlášť řešit logy, ale zdá se mi, že jako nástroj občasnýho monitoringu (tzn. "cleaningu") by to nebylo špatný. Na Malwarebytes Anti-Malware nemám prachy.
2) Na disku C mi zůstala složka "FRST" a má 290 MB. Jdu ji mazat; mimochodem, půjde to?
3) V Dokumentech mi zbyla složka "RegRun2". Viz 2)
4) Rudy a všichní ostatní - chtěl bych vám moc poděkovat. Za x posledních let už jsem tu řešil několik problémů na různých kompech - a vždycky jste mi pomohli... s profesionálním přístupem, ve svým volným čase a zadarmo, což je neuvěřitelný. Vážej si toho ty lidi vůbec?
Anyway... kdyby se ještě něco sr**o, ozvu se. Zatím díky moc.
-
Rudy
- Site Admin
- Příspěvky: 118251
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Neodstranitelný virus cmdsrvs – pls help
Můžete vše smazat. ADW si klidně ponechte, nesmaže nic, co byste mohl potřebovat. Celkem dost často ale vychází nové verze, při spuštění budete vyzván k instalaci. Ozavt se samozřejmě můžete, stále tu někdo je. Většina lidí si naší pomoci váží. Těch, kteří se nám to snaží narušovat, je jen pár. Rádo se staloi!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Neodstranitelný virus cmdsrvs – pls help
Zatím vše vypadá dokonale, ještě jednou díky.
Poslal jsem pozornost za skvělou práci. Good night.
Poslal jsem pozornost za skvělou práci. Good night.
-
Rudy
- Site Admin
- Příspěvky: 118251
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Neodstranitelný virus cmdsrvs – pls help
Nemáte zač a za příspěvek děkujeme. Hezký den!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?