Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

FINAL.VBS - Skrývání souborů na USB, zástupci přes CMD

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
DanielChoutka
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 26 pro 2016 09:25

FINAL.VBS - Skrývání souborů na USB, zástupci přes CMD

#1 Příspěvek od DanielChoutka »

Dobrý den, mám tu menší (větší) problém s virem final.vbs.
Na všech připojených flash discích skryje soubory, a pak na ně ukazuje zástupci, kteří vedou přes CMD.
Zároveň na vytvoří system volume information, ke které mám zakázaný přístup.

Screen http://prntscr.com/dnygeu

FRST: (Addition v příloze)
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by Daniel (administrator) on THINKCENTRE (26-12-2016 09:30:26)
Running from C:\Users\Daniel\Desktop
Loaded Profiles: Daniel (Available Profiles: Daniel)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\55.0.2883.17\remoting_host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\55.0.2883.17\remoting_host.exe
(Monect) C:\Program Files (x86)\PC Remote Receiver\MonectServerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(eM Client s.r.o.) C:\Program Files (x86)\eM Client\MailClient.exe
(Unified Intents AB) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Temp\Rar$EXa0.150\Chrome-bin\chrome.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Temp\Rar$EXa0.150\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Temp\Rar$EXa0.150\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Temp\Rar$EXa0.150\Chrome-bin\chrome.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Temp\Rar$EXa0.150\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Temp\Rar$EXa0.150\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Temp\Rar$EXa0.150\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Temp\Rar$EXa0.150\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Temp\Rar$EXa0.150\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Temp\Rar$EXa0.150\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Temp\Rar$EXa0.150\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Temp\Rar$EXa0.150\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Temp\Rar$EXa0.150\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Temp\Rar$EXa0.150\Chrome-bin\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
() C:\Program Files (x86)\Gaming Keyboard\Monitor.EXE
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Unified Intents AB) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe
() C:\Program Files (x86)\Gaming Keyboard\OSD.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Alexandru Rosianu) C:\Users\Daniel\AppData\Local\messengerfordesktop\app-2.0.1\Messenger for Desktop.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Alexandru Rosianu) C:\Users\Daniel\AppData\Local\messengerfordesktop\app-2.0.1\Messenger for Desktop.exe
(Alexandru Rosianu) C:\Users\Daniel\AppData\Local\messengerfordesktop\app-2.0.1\Messenger for Desktop.exe
(GIGABYTE Technology Co.,Ltd.) C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe
(Alexandru Rosianu) C:\Users\Daniel\AppData\Local\messengerfordesktop\app-2.0.1\Messenger for Desktop.exe
(eM Client s.r.o.) C:\Program Files (x86)\eM Client\MailClient.exe
(The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Cortex\Cef\CefSharp.BrowserSubprocess.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\FPSRunner32.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\x64\FPSRunner64.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzFpsApplet\RzFpsApplet.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Daniel\AppData\Local\Razer\InGameEngine\cache\RzFpsApplet\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\Daniel\AppData\Local\Razer\InGameEngine\cache\RzFpsApplet\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\Daniel\AppData\Local\Razer\InGameEngine\cache\RzFpsApplet\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\Daniel\AppData\Local\Razer\InGameEngine\cache\RzFpsApplet\rzcefrenderprocess.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Temp\Rar$EXa0.150\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Temp\Rar$EXa0.150\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Temp\Rar$EXa0.150\Chrome-bin\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Temp\Rar$EXa0.150\Chrome-bin\chrome.exe
(eM Client s.r.o.) C:\Program Files (x86)\eM Client\MailClient.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Temp\Rar$EXa0.150\Chrome-bin\chrome.exe
(forum.viry.cz) C:\Users\Daniel\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe [222160 2016-09-28] (Razer Inc.)
HKLM-x32\...\Run: [final] => wscript.exe //B "C:\Users\Daniel\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112200 2016-11-11] (VMware, Inc.)
HKLM-x32\...\Run: [Gaming Keyboard] => C:\Program Files (x86)\Gaming Keyboard\Monitor.EXE [184320 2012-02-14] ()
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-963179264-3770265574-2228904462-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-963179264-3770265574-2228904462-1001\...\Run: [eM Client] => C:\Program Files (x86)\eM Client\MailClient.exe [24742760 2016-10-21] (eM Client s.r.o.)
HKU\S-1-5-21-963179264-3770265574-2228904462-1001\...\Run: [Unified Remote V3] => C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [4340992 2016-07-06] (Unified Intents AB)
HKU\S-1-5-21-963179264-3770265574-2228904462-1001\...\Run: [Messenger for Desktop] => "C:\Users\Daniel\AppData\Local\messengerfordesktop\Update.exe" --processStart "Messenger for Desktop.exe" --process-start-args "--os-startup"
HKU\S-1-5-21-963179264-3770265574-2228904462-1001\...\Run: [final] => wscript.exe //B "C:\Users\Daniel\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKU\S-1-5-21-963179264-3770265574-2228904462-1001\...\Run: [xwidget] => C:\SkinPack\RocketDock\Xwidget\xwidget.exe
HKU\S-1-5-21-963179264-3770265574-2228904462-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [12541936 2016-11-08] (Plex, Inc.)
HKU\S-1-5-21-963179264-3770265574-2228904462-1001\...\Run: [Flvto YouTube Downloader] => "C:\Users\Daniel\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.Redesign.exe" /minimize
HKU\S-1-5-21-963179264-3770265574-2228904462-1001\...\Run: [GoogleChromeAutoLaunch_9CB2B8404301F8169D10E27C4B481A41] => C:\Users\Daniel\AppData\Local\Temp\Rar$EXa0.150\Chrome-bin\chrome.exe [1104728 2016-12-08] (Google Inc.) <===== ATTENTION
HKU\S-1-5-21-963179264-3770265574-2228904462-1001\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-963179264-3770265574-2228904462-1001\...\MountPoints2: {28519125-b938-11e6-96e4-005056c00008} - E:\AutoRunLauncher.exe
HKU\S-1-5-21-963179264-3770265574-2228904462-1001\...\MountPoints2: {2c4697d4-a358-11e6-81be-000272c8c6d3} - F:\autorun.exe "00 Hraj!.html"
HKU\S-1-5-21-963179264-3770265574-2228904462-1001\...\MountPoints2: {2c4697e1-a358-11e6-81be-000272c8c6d3} - F:\autorun.exe "00 Hraj!.html"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2016-12-15]
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\Launcher.exe (GIGABYTE Technology Co.,Ltd.)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\final.vbs [2016-11-01] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.102.1
Tcpip\..\Interfaces\{077A9497-2819-4087-BF5E-5270299A5BA1}: [DhcpNameServer] 192.168.102.1
Tcpip\..\Interfaces\{6E6C166B-A526-4709-98C7-ADCF4DB201C8}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{D213DD4B-4EEE-4AF2-9CEB-08B17124919A}: [DhcpNameServer] 192.168.142.2

Internet Explorer:
==================
HKU\S-1-5-21-963179264-3770265574-2228904462-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-28] (Oracle Corporation)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-08-14] (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-28] (Oracle Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-08-14] (Skype Technologies S.A.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-08-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-08-14] (Skype Technologies S.A.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: wiwcmfih.default
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wiwcmfih.default [2016-11-12]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\Daniel\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wiwcmfih.default\Extensions\langpack-cs@bluegriffon.org.xpi [2016-11-06] [not signed]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\Daniel\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wiwcmfih.default\Extensions\langpack-de@bluegriffon.org.xpi [2016-11-06] [not signed]
FF Extension: (English (US) Language Pack) - C:\Users\Daniel\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wiwcmfih.default\Extensions\langpack-en-US@bluegriffon.org.xpi [2016-11-06] [not signed]
FF Extension: (Español (España) Language Pack) - C:\Users\Daniel\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wiwcmfih.default\Extensions\langpack-es-ES@bluegriffon.org.xpi [2016-11-06] [not signed]
FF Extension: (Finnish Language Pack) - C:\Users\Daniel\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wiwcmfih.default\Extensions\langpack-fi@bluegriffon.org.xpi [2016-11-06] [not signed]
FF Extension: (Français Language Pack) - C:\Users\Daniel\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wiwcmfih.default\Extensions\langpack-fr@bluegriffon.org.xpi [2016-11-06] [not signed]
FF Extension: (Galego (España) Language Pack) - C:\Users\Daniel\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wiwcmfih.default\Extensions\langpack-gl@bluegriffon.org.xpi [2016-11-06] [not signed]
FF Extension: (Hebrew (IL) Language Pack) - C:\Users\Daniel\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wiwcmfih.default\Extensions\langpack-he@bluegriffon.org.xpi [2016-11-06] [not signed]
FF Extension: (Magyar (HU) Language Pack) - C:\Users\Daniel\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wiwcmfih.default\Extensions\langpack-hu@bluegriffon.org.xpi [2016-11-06] [not signed]
FF Extension: (Italiano (IT) Language Pack) - C:\Users\Daniel\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wiwcmfih.default\Extensions\langpack-it@bluegriffon.org.xpi [2016-11-06] [not signed]
FF Extension: (Japanese Language Pack) - C:\Users\Daniel\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wiwcmfih.default\Extensions\langpack-ja@bluegriffon.org.xpi [2016-11-06] [not signed]
FF Extension: (Korean (KR) Language Pack) - C:\Users\Daniel\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wiwcmfih.default\Extensions\langpack-ko@bluegriffon.org.xpi [2016-11-06] [not signed]
FF Extension: (Nederlands (NL) Language Pack) - C:\Users\Daniel\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wiwcmfih.default\Extensions\langpack-nl@bluegriffon.org.xpi [2016-11-06] [not signed]
FF Extension: (Polski Language Pack) - C:\Users\Daniel\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wiwcmfih.default\Extensions\langpack-pl@bluegriffon.org.xpi [2016-11-06] [not signed]
FF Extension: (Russian (RU) Language Pack) - C:\Users\Daniel\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wiwcmfih.default\Extensions\langpack-ru@bluegriffon.org.xpi [2016-11-06] [not signed]
FF Extension: (Slovenski jezik Language Pack) - C:\Users\Daniel\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wiwcmfih.default\Extensions\langpack-sl@bluegriffon.org.xpi [2016-11-06] [not signed]
FF Extension: (српски (sr) Language Pack) - C:\Users\Daniel\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wiwcmfih.default\Extensions\langpack-sr@bluegriffon.org.xpi [2016-11-06] [not signed]
FF Extension: (Svenska (SE) Language Pack) - C:\Users\Daniel\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wiwcmfih.default\Extensions\langpack-sv-SE@bluegriffon.org.xpi [2016-11-06] [not signed]
FF Extension: (Chinese Simplified (zh-CN) Language Pack) - C:\Users\Daniel\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wiwcmfih.default\Extensions\langpack-zh-CN@bluegriffon.org.xpi [2016-11-06] [not signed]
FF Extension: (Traditional Chinese (zh-TW) Language Pack) - C:\Users\Daniel\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wiwcmfih.default\Extensions\langpack-zh-TW@bluegriffon.org.xpi [2016-11-06] [not signed]
FF HKU\S-1-5-21-963179264-3770265574-2228904462-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-28] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> ichro.me/redirect
CHR StartupUrls: Default -> "hxxp://en.94994.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default [2016-12-26]
CHR Extension: (QR kód) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaephdgbinagkeepamlbkhkfbiaedabm [2016-10-23]
CHR Extension: (Překladač Google) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-10-23]
CHR Extension: (Prezentace Google) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-23]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2016-12-25]
CHR Extension: (Dokumenty Google) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-23]
CHR Extension: (Disk Google) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-23]
CHR Extension: (Screenshot Webpages) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk [2016-10-23]
CHR Extension: (Web Developer) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2016-10-23]
CHR Extension: (Earth View from Google Earth) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhloflhklmhfpedakmangadcdofhnnoh [2016-10-23]
CHR Extension: (Hootsuite Hootlet) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn [2016-10-23]
CHR Extension: (YouTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-23]
CHR Extension: (Oznámení Google+) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\boemmnepglcoinjcdlfcpcbmhiecichi [2016-10-23]
CHR Extension: (Note Anywhere) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohahkiiknkelflnjjlipnaeapefmjbh [2016-10-23]
CHR Extension: (usecubes) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpbhakojlbckohllnekbaoilljblfpbi [2016-11-02]
CHR Extension: (Telegram) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhggbfdinjmjhajaheehoeibfljjno [2016-10-23]
CHR Extension: (Adblock na Youtube™) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-10-23]
CHR Extension: (TimeDoser) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmkneeaihlcdllananjlkmppnkdahdcc [2016-10-23]
CHR Extension: (RealtimeBoard Extension) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecfnenchgjbicgaooadfdmcojkcmjblk [2016-10-23]
CHR Extension: (Floating for YouTube™ Extension) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\egncdnniomonjgpjbapalkckojhkfddk [2016-10-23]
CHR Extension: (Video Downloader professional) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-10-26]
CHR Extension: (utf-8 and unicode characters) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcemphgmjnjpmmdhcedhjiegickfbiia [2016-10-23]
CHR Extension: (Palette Creator!) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdadlpmlbimjjlpdknpjoejgedagffhg [2016-10-23]
CHR Extension: (Full Page Screen Capture) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2016-11-29]
CHR Extension: (Separator (empty space)) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fekhjdkapdcigodkgfnnniodadejecgd [2016-10-23]
CHR Extension: (Tabulky Google) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-23]
CHR Extension: (Vzdálená plocha Chrome) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-10-23]
CHR Extension: (HTTPS Everywhere) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-12-21]
CHR Extension: (VideoCast (VLC/Chromecast)) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclhodkofgoighinmongpkpncdpalejb [2016-10-23]
CHR Extension: (Celá obrazovka Flash) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejijbmhbanhbllpkhfojmimfolkjgdl [2016-10-23]
CHR Extension: (Dokumenty Google offline) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-23]
CHR Extension: (AdBlock) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-23]
CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2016-12-03]
CHR Extension: (Uložit na Disk Google) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2016-10-23]
CHR Extension: (Tlačítko Pin It) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-11-02]
CHR Extension: (2048) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hekhdfjankbhklfkjmnmnefcacndeoll [2016-10-23]
CHR Extension: (My New Tab) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkamannimdppjgaefkfadajfacnajmoe [2016-10-23]
CHR Extension: (Windscribe - Free VPN and Ad Block) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2016-11-13]
CHR Extension: (Download Shutdown) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\igfmbhdbojmlaclcokamjiilmpoibmlk [2016-11-02]
CHR Extension: (Weather) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihbiedpeaicgipncdnnkikeehnjiddck [2016-10-23]
CHR Extension: (Domino Effect) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikmfjgddabnbkckaihnjboeimnmlpkom [2016-10-23]
CHR Extension: (ČSFD.cz Linker) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilkpfiojmnphjpjjbknfbgajfgihjgmj [2016-10-23]
CHR Extension: (SoundCloud) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2016-10-23]
CHR Extension: (Roomstyler 3D planner) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfnniehafojoidolddmhfnpnbiolbppi [2016-10-23]
CHR Extension: (DOSBox for Google Chrome™) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhceknlmaggijlkkcemdaghpniimajhd [2016-10-23]
CHR Extension: (Floating for YouTube™) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjphmlaoffndcnecccgemfdaaoighkel [2016-10-23]
CHR Extension: (Who Is Hosting?) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jojicnfhgajfeddfalfahidfeicmmdgo [2016-10-23]
CHR Extension: (Flatbook) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kadbillinepbjlgenaliokdhejdmmlgp [2016-12-23]
CHR Extension: (Mailvelope) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajibbejlbohfaggdiogboambcijhkke [2016-12-23]
CHR Extension: (Tabbie - Material New Tab Page) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckhddfnffeofnfjcpdffpeiljicclbd [2016-10-23]
CHR Extension: (Chromium Wheel Smooth Scroller) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb [2016-10-23]
CHR Extension: (HomeworkSimplified) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjehgfjdlamgemlkljpklaiiamnbeemk [2016-10-23]
CHR Extension: (Sketchpad 3.5) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkghjbajgkcialbbimbifdcjilhcgoim [2016-10-23]
CHR Extension: (Hootsuite) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2016-10-23]
CHR Extension: (Hangouts Google) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-12-23]
CHR Extension: (DotVPN — a better way to VPN) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpiecbcckbofpmkkkdibbllpinceiihk [2016-12-19]
CHR Extension: (Momentum) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2016-12-11]
CHR Extension: (Raindrop.io - Smart Bookmarks) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldgfbffkinooeloadekpmfoklnobpien [2016-10-23]
CHR Extension: (Skype) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-11-18]
CHR Extension: (Nákresy Google) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2016-10-23]
CHR Extension: (Ghostery) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-10-28]
CHR Extension: (Vlajka země IP domény) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlpapfcfoakknnhkfpencomejbcecdfp [2016-10-23]
CHR Extension: (Ears: Bass Boost, EQ Any Audio!) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfdfiepdkbnoanddpianalelglmfooik [2016-12-23]
CHR Extension: (OneDrive) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2016-11-16]
CHR Extension: (České znaky) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nipbfgjelgfmhomikiffppkdpmienjnp [2016-10-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-23]
CHR Extension: (Můj motiv Chrome) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2016-10-23]
CHR Extension: (iChrome) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oghkljobbhapacbahlneolfclkniiami [2016-12-17]
CHR Extension: (GoogleGIFs) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ommpbgoliokoijimalcokhciffhapkdf [2016-11-10]
CHR Extension: (RealtimeBoard: Whiteboard for Collaboration) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\opfmbdmhambgleempeofcjjhjclimccg [2016-10-23]
CHR Extension: (Gravit) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdagghjnpkeagmlbilmjmclfhjeaapaa [2016-10-23]
CHR Extension: (Spořič dat) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmgfdlgomnbgkofeojodiodmgpgmkac [2016-10-23]
CHR Extension: (Fabulous! Customize Popular Websites) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\phakiphhfacalfioninjbkaiikkacglf [2016-12-23]
CHR Extension: (Gmail) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-08-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\55.0.2883.17\remoting_host.exe [76392 2016-10-16] (Google Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MonectServerService; C:\Program Files (x86)\PC Remote Receiver\MonectServerService.exe [83456 2016-07-20] (Monect) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2016-12-13] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2016-12-13] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-11] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-12-13] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [427064 2016-12-13] (NVIDIA Corporation)
R2 ovpnagent; C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe [949480 2016-08-29] ()
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1897456 2016-11-08] (Plex, Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] ()
R2 RemoteServerWin; C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [4340992 2016-07-06] (Unified Intents AB)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [133376 2016-09-28] (Razer Inc.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23416 2016-12-10] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12472904 2016-11-11] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2014-08-28] ()
R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [93176 2016-09-14] (Intel Corporation)
R3 monectdevices; C:\Windows\System32\DRIVERS\monectdevices.sys [15768 2013-12-03] ()
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2016-12-13] (NVIDIA Corporation)
R3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2016-06-15] (The OpenVPN Project)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
R3 SgamingkbFltr; C:\Windows\System32\drivers\GKS16Fltr.sys [14848 2011-12-20] (LXD Development, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2016-10-26] () [File not signed]
S3 uvhid; C:\Windows\System32\DRIVERS\uvhid.sys [27064 2016-07-06] (Windows (R) Win 7 DDK provider)
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [93248 2016-09-30] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2016-10-20] (WinISO.com)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-26 09:30 - 2016-12-26 09:31 - 00036694 _____ C:\Users\Daniel\Desktop\FRST.txt
2016-12-26 09:29 - 2016-12-26 09:30 - 00000000 ____D C:\FRST
2016-12-26 09:29 - 2016-12-26 09:29 - 00112640 _____ (forum.viry.cz) C:\Users\Daniel\Desktop\FRSTLauncher.exe
2016-12-26 09:28 - 2016-12-26 09:28 - 02420736 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2016-12-25 22:58 - 2016-12-25 22:58 - 00797760 _____ C:\Users\Daniel\Downloads\delfix_1.013.exe
2016-12-25 22:52 - 2016-12-25 22:52 - 00001076 _____ C:\Users\Public\Desktop\MCShield Real-Time Monitor.lnk
2016-12-25 22:51 - 2016-12-26 09:04 - 00000000 ____D C:\ProgramData\MCShield
2016-12-25 22:51 - 2016-12-25 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2016-12-25 22:51 - 2016-12-25 22:51 - 00000000 ____D C:\Program Files (x86)\MCShield
2016-12-25 22:50 - 2016-12-25 22:51 - 02856736 _____ (MyCity) C:\Users\Daniel\Downloads\MCShield-Setup.exe
2016-12-25 13:22 - 2016-12-25 15:37 - 00000000 ____D C:\ESD
2016-12-25 13:21 - 2016-12-25 13:21 - 00000000 ___HD C:\$Windows.~WS
2016-12-25 13:21 - 2016-12-25 13:21 - 00000000 ____D C:\$WINDOWS.~BT
2016-12-25 13:20 - 2016-12-25 13:20 - 18309328 _____ (Microsoft Corporation) C:\Users\Daniel\Downloads\MediaCreationTool.exe
2016-12-25 12:49 - 2016-12-25 12:49 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinuxLive USB Creator
2016-12-25 12:49 - 2016-12-25 12:49 - 00000000 ____D C:\Program Files (x86)\LinuxLive USB Creator
2016-12-25 12:45 - 2016-12-25 12:47 - 06160320 _____ (LinuxLive USB Creator) C:\Users\Daniel\Downloads\LinuxLive USB Creator 2.9.4.exe
2016-12-25 12:02 - 2016-12-25 12:17 - 1440743424 _____ C:\Users\Daniel\Downloads\Fedora-Workstation-Live-x86_64-25-1.3.iso
2016-12-25 12:02 - 2016-12-25 12:02 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fedora Media Writer
2016-12-25 12:02 - 2016-12-25 12:02 - 00000000 ____D C:\Program Files (x86)\Fedora Media Writer
2016-12-25 12:01 - 2016-12-25 12:01 - 16579072 _____ C:\Users\Daniel\Downloads\FedoraMediaWriter-win32-4.0.7.exe
2016-12-25 11:43 - 2016-12-25 11:43 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\SkypePM
2016-12-25 11:43 - 2016-12-25 11:43 - 00000000 ____D C:\Users\Daniel\AppData\Local\Skype
2016-12-25 11:36 - 2016-12-25 11:36 - 00000000 ____D C:\Users\Daniel\AppData\Local\Tvsukernel
2016-12-25 11:33 - 2016-12-25 11:33 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2016-12-24 21:27 - 2016-12-24 21:27 - 00000000 ____D C:\Users\Daniel\Desktop\Koš ^2
2016-12-24 15:13 - 2016-12-24 15:13 - 01617340 ____R C:\Users\Daniel\Desktop\Pass-def.def.zip
2016-12-24 15:11 - 2016-12-24 15:19 - 00000000 ____D C:\Users\Daniel\Desktop\Auto-Hacking-USB-master
2016-12-24 15:10 - 2016-12-24 15:10 - 01616917 _____ C:\Users\Daniel\Downloads\Auto-Hacking-USB-master.zip
2016-12-24 14:55 - 2016-12-24 14:55 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\MultiCommander
2016-12-24 14:54 - 2016-12-24 14:55 - 00000000 ____D C:\Program Files\MultiCommander (x64)
2016-12-24 14:54 - 2016-12-24 14:54 - 00001828 _____ C:\Users\Public\Desktop\MultiCommander (x64).lnk
2016-12-24 14:54 - 2016-12-24 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiCommander
2016-12-24 14:53 - 2016-12-24 14:54 - 07601071 _____ (Mathias Svensson) C:\Users\Daniel\Downloads\MultiCommander_x64_(6.9.0.2303).exe
2016-12-24 14:45 - 2016-12-24 14:45 - 00866816 _____ C:\Users\Daniel\Downloads\links-0.98.exe
2016-12-24 14:43 - 2016-12-24 14:43 - 00895304 _____ (Red Hat) C:\Users\Daniel\Downloads\cygwin1.dll
2016-12-24 14:43 - 2016-12-24 14:43 - 00635904 _____ C:\Users\Daniel\Downloads\cygcrypto.dll
2016-12-24 14:43 - 2016-12-24 14:43 - 00159744 _____ C:\Users\Daniel\Downloads\cygssl.dll
2016-12-24 14:43 - 2016-12-24 14:43 - 00000000 ____D C:\Users\Daniel\Downloads\.links
2016-12-24 12:48 - 2016-12-24 12:48 - 05434038 _____ C:\Users\Daniel\Downloads\187572-gta-online-hud-v3-2016-low-pc-gtasa.zip
2016-12-24 12:46 - 2016-12-24 12:46 - 01970975 _____ C:\Users\Daniel\Downloads\192454-gta-v-hud-by-dk22pac-sa-style-gtasa.zip
2016-12-24 11:57 - 2016-12-24 11:57 - 06290624 _____ C:\Users\Daniel\Downloads\151218-gta-v-hud-v0.925-next-gen-edition-gtasa.zip
2016-12-24 11:56 - 2016-12-24 11:56 - 01744737 _____ C:\Users\Daniel\Downloads\106712-asi-loader-gtasa.zip
2016-12-24 11:47 - 2016-12-24 11:47 - 01684067 _____ C:\Users\Daniel\Downloads\16039-save-v-lyubom-meste-gtasa.zip
2016-12-24 11:40 - 2016-12-24 11:40 - 00025653 _____ C:\Users\Daniel\Downloads\driveby.zip
2016-12-24 11:28 - 2016-12-24 11:28 - 00022505 _____ C:\Users\Daniel\Downloads\Cheat_Menu_V3.zip
2016-12-24 10:52 - 2016-12-24 10:52 - 00067949 _____ C:\Users\Daniel\Downloads\teleportmarker.zip
2016-12-24 10:22 - 2016-12-24 10:22 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2016-12-23 23:31 - 2016-12-23 23:31 - 00620923 _____ C:\Users\Daniel\Downloads\142590-first-person-mod-v2-gtasa-manual.zip
2016-12-23 15:49 - 2016-12-23 15:50 - 108279664 _____ (Microsoft Corporation) C:\Users\Daniel\Downloads\directx.exe
2016-12-23 15:14 - 2016-12-23 15:14 - 00000846 _____ C:\Users\Public\Desktop\Updating Garrys Mod.lnk
2016-12-23 15:14 - 2016-12-23 15:14 - 00000836 _____ C:\Users\Public\Desktop\Garrys Mod.lnk
2016-12-23 15:02 - 2016-12-23 15:48 - 00000000 ____D C:\Program Files\Garrys Mod
2016-12-23 14:15 - 2016-12-23 15:40 - 00000000 ____D C:\Users\Daniel\Downloads\gmod
2016-12-23 12:18 - 2016-12-25 23:18 - 00005110 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2016-12-23 12:18 - 2016-12-23 12:18 - 00003844 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-23 12:18 - 2016-12-23 12:18 - 00001412 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-12-23 12:18 - 2016-12-23 12:18 - 00000000 ____D C:\Users\Daniel\AppData\Local\Chromium
2016-12-23 12:18 - 2016-12-13 00:39 - 01855032 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-12-23 12:18 - 2016-12-13 00:39 - 01756728 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-12-23 12:18 - 2016-12-13 00:39 - 01454136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-12-23 12:18 - 2016-12-13 00:39 - 01318968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-12-23 12:18 - 2016-12-13 00:39 - 00121912 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-12-23 12:17 - 2016-12-23 12:17 - 00004248 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-23 12:17 - 2016-12-23 12:17 - 00003840 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-23 12:17 - 2016-12-23 12:17 - 00003840 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-23 12:17 - 2016-12-23 12:17 - 00003832 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-23 12:17 - 2016-12-23 12:17 - 00003656 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-23 12:17 - 2016-12-23 12:17 - 00003596 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-23 12:17 - 2016-12-12 15:36 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2016-12-22 19:53 - 2016-12-22 19:53 - 07511377 _____ C:\Users\Daniel\Downloads\lwjgl-release-3.1.0-custom.zip
2016-12-22 19:42 - 2016-12-22 19:42 - 01982056 _____ C:\Users\Daniel\Downloads\OptiFine_1.11.2_HD_U_B5.jar
2016-12-22 19:19 - 2016-12-22 22:43 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\.minecraft
2016-12-22 19:18 - 2016-12-22 19:18 - 01680054 _____ (Titan Launcher) C:\Users\Daniel\Desktop\Minecraft Launcher.exe
2016-12-21 20:49 - 2016-12-21 20:49 - 00000000 ____D C:\Users\Daniel\Desktop\New folder (2)
2016-12-21 20:47 - 2016-12-21 20:47 - 02696017 _____ C:\Users\Daniel\Downloads\alci_imgeditor.rar
2016-12-21 20:34 - 2016-12-21 20:36 - 11420293 _____ C:\Users\Daniel\Downloads\PimpmyCar_Final_manual.zip
2016-12-21 20:33 - 2016-12-21 20:33 - 00001843 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\GAMI starten.lnk
2016-12-21 20:33 - 2016-12-21 20:33 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GAMI
2016-12-21 20:33 - 2016-12-21 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMI
2016-12-21 20:32 - 2016-12-21 20:33 - 00000000 ____D C:\Program Files (x86)\GAMI
2016-12-21 20:32 - 2016-12-21 20:32 - 01203553 _____ C:\Windows\unins000.exe
2016-12-21 20:32 - 2016-12-21 20:32 - 00008089 _____ C:\Windows\unins000.dat
2016-12-21 20:31 - 2016-12-21 20:31 - 00894870 _____ (Seemann, Deji, Alien ) C:\Users\Daniel\Downloads\CLEO4_setup.exe
2016-12-21 20:30 - 2016-12-21 20:31 - 04732231 _____ C:\Users\Daniel\Downloads\Pimp_my_Car_final.zip
2016-12-21 18:52 - 2016-12-21 18:52 - 00131705 _____ C:\Users\Daniel\Downloads\Fotky_Google-2016-03-21.zip
2016-12-21 18:51 - 2016-12-21 18:51 - 00391260 _____ C:\Users\Daniel\Downloads\FotkyzPC.zip
2016-12-21 18:37 - 2016-12-21 18:37 - 23459832 _____ C:\Users\Daniel\Downloads\VIDEO0012.3gp
2016-12-21 18:32 - 2016-12-21 18:32 - 39545351 _____ C:\Users\Daniel\Downloads\los-pedofilos-na-rozcesti-2011.rar
2016-12-21 16:14 - 2016-12-13 00:39 - 00157752 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-12-21 16:14 - 2016-12-13 00:39 - 00125496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-12-21 16:14 - 2016-12-13 00:39 - 00047672 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-12-20 21:13 - 2016-12-20 21:14 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Android Open Source Project
2016-12-20 21:13 - 2016-12-20 21:13 - 00000016 _____ C:\Users\Daniel\.emulator_console_auth_token
2016-12-20 21:12 - 2016-12-20 21:12 - 00000000 ____D C:\Program Files\Intel
2016-12-20 21:12 - 2016-09-14 14:14 - 00093176 _____ (Intel Corporation) C:\Windows\system32\Drivers\IntelHaxm.sys
2016-12-20 20:43 - 2016-12-20 20:43 - 00001077 _____ C:\Users\Daniel\Desktop\Remix OS Player.lnk
2016-12-20 20:43 - 2016-12-20 20:43 - 00000000 ____D C:\Users\Daniel\AppData\Local\Jide_Technology_Co.,_Ltd
2016-12-20 20:18 - 2016-12-20 20:18 - 00000000 ____D C:\Program Files\Remix OS - Player
2016-12-20 20:17 - 2016-12-20 20:17 - 02691584 _____ (Jide Technology Co., Ltd) C:\Users\Daniel\Downloads\RemixOSPlayerInstaller-B2016103101.exe
2016-12-20 20:17 - 2016-12-20 20:17 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Jide
2016-12-20 16:35 - 2016-12-20 16:40 - 14322247 _____ C:\Users\Daniel\Downloads\1453591141_HD Particle.rar
2016-12-20 14:46 - 2016-12-20 14:46 - 00000103 ____H C:\Users\Daniel\Documents\.~lock.Zlatí úhoři.odt#
2016-12-19 21:16 - 2016-12-19 21:22 - 00000000 ____D C:\Users\Daniel\Desktop\Plakáty
2016-12-18 18:06 - 2016-12-25 22:33 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Kodi
2016-12-18 15:03 - 2016-12-18 15:03 - 00000231 _____ C:\Windows\cdplayer.ini
2016-12-18 14:11 - 2016-12-18 14:11 - 02064000 _____ (GreenTree Applications SRL) C:\Users\Daniel\Downloads\FrpSetup.exe
2016-12-18 14:11 - 2016-12-18 14:11 - 00001534 _____ C:\ProgramData\ss.ini
2016-12-18 14:11 - 2016-12-18 14:11 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP MP3 Converter
2016-12-18 14:11 - 2016-12-18 14:11 - 00000000 ____D C:\ProgramData\FreeRIP MP3 Converter
2016-12-18 14:11 - 2016-12-18 14:11 - 00000000 ____D C:\Program Files (x86)\FreeRIP
2016-12-18 13:00 - 2016-12-18 13:00 - 00000000 ____D C:\Users\Daniel\Desktop\Trainery
2016-12-18 12:59 - 2016-12-18 12:59 - 00036259 _____ C:\Users\Daniel\Downloads\CarSpawner.zip
2016-12-18 12:58 - 2016-12-18 13:09 - 10193527 _____ C:\Users\Daniel\Downloads\1481764215_BMW_M6_GT3_2016.7z
2016-12-18 12:56 - 2016-12-18 13:15 - 26291405 _____ C:\Users\Daniel\Downloads\1400252141_GTA V Textures for GTA SA V3 FINAL Standard Version by M7.rar
2016-12-17 21:34 - 2016-12-17 21:34 - 04498888 _____ (HTTrack ) C:\Users\Daniel\Downloads\httrack_x64-3.48.22.exe
2016-12-17 21:20 - 2016-12-17 21:20 - 00354657 _____ C:\Users\Daniel\Downloads\gta_gxt_editor_1.zip
2016-12-17 11:57 - 2016-12-19 19:31 - 00000000 ____D C:\Users\Daniel\Desktop\Terraria.v1.3.4.4
2016-12-17 11:56 - 2016-12-17 11:56 - 154399158 _____ C:\Users\Daniel\Downloads\Terraria.v1.3.4.4.rar
2016-12-17 11:52 - 2016-12-17 11:52 - 00064189 _____ C:\Users\Daniel\Downloads\Builder3.4.4.1.zip
2016-12-16 23:19 - 2016-12-18 04:37 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\DivX
2016-12-16 23:17 - 2016-12-18 04:37 - 00000000 ____D C:\Program Files (x86)\DivX
2016-12-16 23:16 - 2016-12-18 04:37 - 00000000 ____D C:\ProgramData\DivX
2016-12-16 23:08 - 2016-12-16 23:08 - 00000000 ____D C:\Users\Daniel\Documents\InstantCDDVD
2016-12-16 20:31 - 2016-12-19 21:22 - 00000000 ____D C:\Users\Daniel\Desktop\New folder
2016-12-16 18:07 - 2016-12-16 18:07 - 00954219 _____ C:\Users\Daniel\Downloads\cfg-studio-2.rar
2016-12-16 18:04 - 2016-12-16 18:04 - 00018685 _____ C:\Users\Daniel\Downloads\1118604094_SAhandlingeditor.rar
2016-12-16 18:00 - 2016-12-16 18:00 - 00478505 _____ C:\Users\Daniel\Downloads\MSCOMCTL.zip
2016-12-16 17:57 - 2016-12-16 17:57 - 00018685 _____ C:\Users\Daniel\Downloads\SAhandlingeditor.rar
2016-12-16 17:36 - 2016-12-16 17:42 - 09649411 _____ C:\Users\Daniel\Downloads\1452673036_Fast and Furious V.3.rar
2016-12-16 17:36 - 2016-12-16 17:41 - 13152763 _____ C:\Users\Daniel\Downloads\1479852722_NDOT pack.rar
2016-12-16 17:20 - 2016-12-16 17:20 - 00004359 _____ C:\Users\Daniel\Downloads\Supervehicles.rar
2016-12-16 16:05 - 2016-12-16 16:05 - 00105275 _____ C:\Users\Daniel\Downloads\spmn140 (1).zip
2016-12-15 15:15 - 2016-12-15 15:15 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2016-12-15 15:02 - 2016-12-15 15:02 - 07054336 _____ C:\Users\Daniel\Downloads\xnafx40_redist.msi
2016-12-15 15:01 - 2016-12-15 15:02 - 62008080 _____ (Microsoft Corporation) C:\Users\Daniel\Downloads\NDP462-KB3151800-x86-x64-AllOS-ENU.exe
2016-12-15 14:42 - 2016-12-16 23:06 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\NVIDIA
2016-12-15 14:16 - 2016-12-15 14:17 - 00000000 ____D C:\Program files (Portable)
2016-12-15 14:09 - 2016-12-15 14:14 - 626254910 _____ C:\Users\Daniel\Downloads\GTA SA.exe
2016-12-15 14:01 - 2016-12-11 19:23 - 00134712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-12-15 14:00 - 2016-12-26 09:09 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-15 14:00 - 2016-12-15 14:00 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-12-15 14:00 - 2016-12-12 15:37 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2016-12-15 14:00 - 2016-12-12 03:37 - 00213952 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-12-15 14:00 - 2016-12-12 03:37 - 00203320 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-12-15 14:00 - 2016-12-11 19:47 - 06384576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-12-15 14:00 - 2016-12-11 19:47 - 02475968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-12-15 14:00 - 2016-12-11 19:47 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-12-15 14:00 - 2016-12-11 19:47 - 00548408 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-12-15 14:00 - 2016-12-11 19:47 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-12-15 14:00 - 2016-12-11 19:47 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-12-15 14:00 - 2016-12-11 19:47 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-12-15 14:00 - 2016-12-09 09:52 - 07639617 _____ C:\Windows\system32\nvcoproc.bin
2016-12-15 14:00 - 2016-09-09 19:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-12-15 14:00 - 2016-09-09 19:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll
2016-12-15 14:00 - 2016-09-09 19:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-12-15 14:00 - 2016-09-09 19:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2016-12-15 13:56 - 2016-12-12 03:37 - 40125496 _____ C:\Windows\system32\nvcompiler.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 35222976 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 34703416 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 28138432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 19947472 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 17436808 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 17376896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 14410472 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 14073400 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-12-15 13:56 - 2016-12-12 03:37 - 10912744 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 10795312 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 10345696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 09151216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 08913328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 08753832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 03941536 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 03640376 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 03479744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 03206080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 01953336 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437633.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 01595456 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437633.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 01036224 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 00975416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 00944184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 00896056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 00683640 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 00572888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 00521096 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 00491536 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 00438208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 00435904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 00407248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 00388544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 00212936 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-12-15 13:56 - 2016-12-12 03:37 - 00170688 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 00153184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 00131536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 00046024 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-12-15 13:56 - 2016-12-12 03:37 - 00041334 _____ C:\Windows\system32\nvinfo.pb
2016-12-15 13:56 - 2016-12-12 03:37 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-12-15 13:56 - 2016-12-12 03:37 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2016-12-15 13:51 - 2016-12-23 12:25 - 00000000 ____D C:\Users\Daniel\AppData\Local\Nvidia Corporation
2016-12-15 13:47 - 2016-12-15 13:47 - 04723841 _____ C:\Users\Daniel\Downloads\GTA_SA_v1.0_US_HOODLUM_No-CD_Fixed_EXE.rar
2016-12-15 13:46 - 2016-12-25 15:49 - 00000000 ____D C:\Users\Daniel\AppData\Local\CrashDumps
2016-12-15 13:39 - 2016-12-26 09:06 - 00000000 ____D C:\Users\Daniel\Documents\temp
2016-12-15 13:39 - 2016-12-15 13:39 - 00000000 ____D C:\GvTemp
2016-12-15 09:16 - 2016-12-23 12:18 - 00000000 ____D C:\Users\Daniel\AppData\Local\NVIDIA
2016-12-15 09:16 - 2016-12-23 12:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-12-15 09:15 - 2016-12-23 12:18 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-12-15 09:14 - 2016-12-23 12:18 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-12-15 09:09 - 2016-12-23 12:18 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-12-15 09:09 - 2016-12-15 09:09 - 00002751 _____ C:\Users\Public\Desktop\GIGABYTE OC_GURU.lnk
2016-12-15 09:09 - 2016-12-15 09:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2016-12-15 09:09 - 2016-12-15 09:09 - 00000000 ____D C:\Program Files (x86)\GIGABYTE
2016-12-14 20:18 - 2016-12-14 20:18 - 00082361 _____ C:\Users\Daniel\Downloads\Militar_Savegame.zip
2016-12-14 20:13 - 2016-12-14 20:13 - 00053774 _____ C:\Users\Daniel\Downloads\100% save.rar
2016-12-14 20:02 - 2016-12-24 12:05 - 00000000 ____D C:\Users\Daniel\Documents\GTA San Andreas User Files
2016-12-14 19:44 - 2016-12-18 12:49 - 00000814 _____ C:\Users\Daniel\Desktop\Kodi Portable.lnk
2016-12-14 19:43 - 2016-12-25 22:14 - 00000000 ____D C:\Users\Daniel\Desktop\Kodi
2016-12-14 19:38 - 2016-12-14 19:39 - 01858212 _____ C:\Users\Daniel\Downloads\newSwr3s_U.S_S_2.0.6.zip
2016-12-14 19:30 - 2016-12-14 19:30 - 00001910 _____ C:\Users\Public\Desktop\GTA San Andreas.lnk
2016-12-14 19:30 - 2016-12-14 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2016-12-14 19:30 - 2016-12-14 19:30 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-12-14 18:27 - 2016-12-14 18:27 - 00150938 _____ C:\Users\Daniel\Downloads\natalie.s12.rar
2016-12-14 18:26 - 2016-12-14 18:27 - 01276075 _____ C:\Users\Daniel\Downloads\Nahe fotky mych kamaradek.rar
2016-12-14 18:24 - 2016-12-18 04:37 - 00000000 ____D C:\Users\Daniel\Downloads\GTA SA
2016-12-14 18:14 - 2016-12-14 18:14 - 00000000 ____D C:\Users\Daniel\AppData\Local\4kdownload.com
2016-12-14 18:05 - 2016-12-14 18:08 - 31343344 _____ (Open Media LLC ) C:\Users\Daniel\Downloads\4kvideodownloader_4.1.exe
2016-12-14 17:51 - 2016-12-23 15:24 - 00003733 _____ C:\Users\Daniel\AppData\Roaming\downloads.json
2016-12-14 17:51 - 2016-12-14 18:04 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\.driveapi
2016-12-14 17:50 - 2016-12-14 17:51 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\FlvtoConverter
2016-12-14 17:50 - 2016-12-14 17:50 - 00002233 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flvto YouTube Downloader.lnk
2016-12-14 17:50 - 2016-12-14 17:50 - 00001368 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall Flvto YouTube Downloader.lnk
2016-12-14 17:50 - 2016-12-14 17:50 - 00000000 ____D C:\Users\Daniel\Documents\YouTubeDownloads
2016-12-14 17:45 - 2016-12-14 17:45 - 00276144 _____ (Hotger) C:\Users\Daniel\Downloads\FYDLoad_inconv2_9.exe
2016-12-13 18:50 - 2016-12-13 21:05 - 00020613 _____ C:\Users\Daniel\Documents\Zlatí úhoři.odt
2016-12-12 20:22 - 2016-12-12 20:22 - 00001247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTML Compiler.lnk
2016-12-12 20:22 - 2016-12-12 20:22 - 00000000 ____D C:\Users\Daniel\Documents\HtmlCompiler
2016-12-12 20:22 - 2016-12-12 20:22 - 00000000 ____D C:\Program Files (x86)\David Esperalta
2016-12-12 20:13 - 2016-12-14 17:45 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\DMCache
2016-12-12 20:13 - 2016-12-12 20:22 - 00000000 ____D C:\Users\Daniel\Downloads\Compressed
2016-12-12 20:13 - 2016-12-12 20:13 - 00000000 ____D C:\Users\Daniel\Downloads\Video
2016-12-12 20:13 - 2016-12-12 20:13 - 00000000 ____D C:\ProgramData\IDM
2016-12-12 20:12 - 2016-12-12 20:13 - 03799124 _____ C:\Users\Daniel\Downloads\!D_M_6.25.X_Uni_2o!6_updated.rar
2016-12-12 20:12 - 2016-12-12 20:12 - 06924992 _____ (Tonec Inc.) C:\Users\Daniel\Downloads\idman627build1.exe
2016-12-12 17:19 - 2016-12-12 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour Print Services
2016-12-12 17:19 - 2016-12-12 17:19 - 00000000 ____D C:\Program Files\Bonjour Print Services
2016-12-12 17:17 - 2016-12-12 17:17 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-12-12 17:17 - 2016-12-12 17:17 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-12-12 17:17 - 2016-12-12 17:17 - 00000000 ____D C:\Users\Daniel\AppData\Local\Apple
2016-12-12 17:17 - 2016-12-12 17:17 - 00000000 ____D C:\ProgramData\Apple
2016-12-12 17:17 - 2016-12-12 17:17 - 00000000 ____D C:\Program Files\Bonjour
2016-12-12 17:17 - 2016-12-12 17:17 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-12-12 17:17 - 2016-12-12 17:17 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-12-12 17:15 - 2016-12-12 17:15 - 05436744 _____ (Apple Inc.) C:\Users\Daniel\Downloads\BonjourPSSetup.exe
2016-12-12 16:31 - 2016-12-12 16:31 - 00015648 _____ C:\Windows\system32\Drivers\nvflash.sys
2016-12-12 16:29 - 2016-12-12 16:29 - 02109224 _____ (techPowerUp (http://www.techpowerup.com)) C:\Users\Daniel\Downloads\GPU-Z.1.15.0.exe
2016-12-11 14:41 - 2016-12-11 14:44 - 87266194 _____ C:\Users\Daniel\Downloads\kodi-16.1-Jarvis.exe
2016-12-11 11:23 - 2016-12-11 14:12 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Spotify
2016-12-11 10:45 - 2016-12-11 11:06 - 00353488 _____ (Spotify Ltd) C:\Users\Daniel\Downloads\SpotifySetup.exe
2016-12-09 20:40 - 2016-12-12 21:33 - 00000000 ____D C:\Users\Daniel\Desktop\Rozdělanej bordel
2016-12-08 16:48 - 2016-12-08 16:48 - 02155599 _____ C:\Users\Daniel\Downloads\KeenNextEditor.zip
2016-12-08 16:48 - 2016-12-08 16:48 - 00101408 _____ C:\Users\Daniel\Downloads\TED5.zip
2016-12-08 16:02 - 2016-12-08 16:02 - 00000000 ____D C:\Users\Daniel\Desktop\Tor Browser
2016-12-08 15:56 - 2016-12-08 15:57 - 50689640 _____ C:\Users\Daniel\Downloads\torbrowser-install-6.0.7_en-US.exe
2016-12-07 17:54 - 2016-12-07 17:54 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Need for Speed World
2016-12-06 19:07 - 2016-12-17 19:55 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\vlc
2016-12-06 19:06 - 2016-12-06 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-12-06 19:06 - 2016-12-06 19:06 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-12-06 19:05 - 2016-12-06 19:05 - 30533688 _____ C:\Users\Daniel\Downloads\vlc-2.2.4-win32.exe
2016-12-05 15:03 - 2016-12-05 15:03 - 00012965 _____ C:\Users\Daniel\Downloads\[CzT]Need_for_Speed_World_2016_.torrent
2016-12-04 12:15 - 2016-12-04 12:15 - 00000000 ____D C:\Users\Daniel\.oracle_jre_usage
2016-12-04 08:54 - 2016-12-25 22:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-04 08:54 - 2016-12-13 17:59 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-04 08:54 - 2016-12-13 17:59 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-04 08:54 - 2016-12-13 17:59 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-04 08:54 - 2016-12-13 17:59 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-04 08:52 - 2016-12-04 08:52 - 00001941 _____ C:\Users\Daniel\Desktop\NFS - World Offline.lnk
2016-12-04 08:42 - 2016-12-04 08:52 - 00000000 ____D C:\Program Files (x86)\NFS World
2016-12-04 08:39 - 2016-12-04 08:39 - 2652067249 _____ C:\Users\Daniel\Downloads\NFSWO_v1.2_Setup_Release.exe
2016-12-03 17:27 - 2016-12-14 20:02 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-12-03 17:27 - 2016-12-03 17:27 - 00002297 _____ C:\Users\Public\Desktop\The Simpsons Hit & Run.lnk
2016-12-03 17:26 - 2016-12-03 17:26 - 00000000 ____D C:\Program Files (x86)\directx
2016-12-03 17:16 - 2016-12-03 17:16 - 00000000 ____D C:\Program Files (x86)\Vivendi Universal Games
2016-12-03 17:15 - 2016-12-03 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vivendi Universal Games
2016-12-03 17:03 - 2016-12-03 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2016-12-03 17:03 - 2016-12-03 17:03 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2016-12-03 17:02 - 2016-12-03 17:02 - 01710680 _____ C:\Users\Daniel\Downloads\SetupVCD5500.exe
2016-12-03 16:50 - 2012-12-01 11:04 - 00000000 ____D C:\Users\Daniel\Desktop\CD1
2016-12-03 16:49 - 2012-12-01 11:11 - 00000000 ____D C:\Users\Daniel\Desktop\CD3
2016-12-03 16:47 - 2012-12-01 11:09 - 00000000 ____D C:\Users\Daniel\Desktop\CD2
2016-12-03 10:17 - 2016-12-03 10:17 - 00105275 _____ C:\Users\Daniel\Downloads\spmn140.zip
2016-12-01 21:53 - 2016-12-01 21:53 - 00002277 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivateTunnel.lnk
2016-12-01 21:53 - 2016-12-01 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN Technologies
2016-12-01 21:51 - 2016-12-01 21:52 - 30899792 _____ (OpenVPN Technologies) C:\Users\Daniel\Downloads\privatetunnel-win-2.8.exe
2016-12-01 21:51 - 2016-12-01 21:51 - 00008150 _____ C:\Users\Daniel\Downloads\CZ_CESKEVPN_CZ.ovpn
2016-12-01 17:15 - 2016-12-01 17:15 - 00041523 _____ C:\Users\Daniel\Downloads\youtube_mp3_chrome.crx
2016-11-30 15:11 - 2016-12-09 15:06 - 00000000 ____D C:\Users\Daniel\AppData\LocalLow\uTorrent
2016-11-29 18:36 - 2016-11-29 18:36 - 00018957 _____ C:\Users\Daniel\Documents\Novy2.html
2016-11-27 11:00 - 2016-11-27 11:00 - 00000000 ____D C:\Program Files\Keypirinha
2016-11-27 10:58 - 2016-11-27 10:58 - 09685002 _____ C:\Users\Daniel\Downloads\keypirinha-2.9.9-x64-portable.zip
2016-11-26 23:45 - 2016-11-26 23:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gaming Keyboard
2016-11-26 23:45 - 2016-11-26 23:45 - 00000000 ____D C:\Program Files (x86)\Gaming Keyboard
2016-11-26 23:45 - 2011-12-20 09:26 - 00014848 _____ (LXD Development, Inc.) C:\Windows\system32\Drivers\GKS16Fltr.sys
2016-11-26 23:44 - 2016-11-26 23:44 - 13056788 _____ C:\Users\Daniel\Downloads\zm-k400gkw111612eng.zip
2016-11-26 21:17 - 2016-11-26 21:17 - 00000000 ____D C:\Users\Daniel\Documents\Autodesk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-26 09:25 - 2016-10-23 19:50 - 00000390 _____ C:\Windows\Tasks\update-sys.job
2016-12-26 09:20 - 2016-11-01 17:10 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2016-12-26 09:13 - 2016-10-28 10:40 - 00000000 ____D C:\Users\Daniel\AppData\Local\Adobe
2016-12-26 09:11 - 2009-07-14 05:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-26 09:11 - 2009-07-14 05:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-26 09:10 - 2016-11-02 21:37 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2C9829BF-5A8F-4591-85B2-0A6A203E9D12}
2016-12-26 09:08 - 2016-10-23 19:21 - 00000000 ____D C:\Users\Daniel\AppData\Local\Deployment
2016-12-26 09:05 - 2016-11-09 16:01 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Messenger for Desktop
2016-12-26 09:05 - 2016-11-02 21:32 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\eM Client
2016-12-26 09:03 - 2016-11-20 13:41 - 00000000 ____D C:\ProgramData\VMware
2016-12-26 09:01 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-25 23:16 - 2016-11-10 19:29 - 00000000 ___DX C:\Users\Daniel\Desktop\Simpsonovi
2016-12-25 21:59 - 2009-07-14 06:13 - 00786150 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-25 21:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-12-25 13:21 - 2016-10-23 22:05 - 00000000 ____D C:\Windows\Panther
2016-12-25 12:35 - 2016-11-03 21:19 - 00000000 ____D C:\ProgramData\Unified Remote
2016-12-25 12:29 - 2016-10-23 19:50 - 00000390 _____ C:\Windows\Tasks\update-S-1-5-21-963179264-3770265574-2228904462-1001.job
2016-12-25 11:39 - 2016-11-10 15:15 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\obs-studio
2016-12-25 11:35 - 2016-10-28 16:56 - 00000000 ____D C:\ProgramData\Lenovo
2016-12-25 11:35 - 2016-10-28 16:56 - 00000000 ____D C:\Program Files (x86)\Lenovo
2016-12-25 11:34 - 2016-10-28 16:57 - 00000000 ____D C:\Windows\System32\Tasks\TVT
2016-12-24 10:43 - 2016-10-28 10:40 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Adobe
2016-12-23 15:51 - 2016-11-04 19:59 - 00000000 ____D C:\Users\Daniel\Desktop\Direct - X 11
2016-12-20 21:13 - 2016-10-23 12:40 - 00000000 ____D C:\Users\Daniel
2016-12-18 14:08 - 2016-11-11 15:54 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\MusicBee
2016-12-18 04:37 - 2016-11-06 10:55 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\PSpad
2016-12-18 04:37 - 2016-10-26 14:33 - 00000000 ____D C:\Users\Public\Documents\Pinnacle
2016-12-18 04:37 - 2010-11-21 08:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-12-18 04:37 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2016-12-17 21:35 - 2016-11-04 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack
2016-12-17 21:35 - 2016-11-04 19:09 - 00000000 ____D C:\Program Files\WinHTTrack
2016-12-17 20:30 - 2016-10-23 19:21 - 00003384 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-17 20:30 - 2016-10-23 19:21 - 00003256 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-17 20:06 - 2016-10-23 19:21 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-16 23:23 - 2016-10-26 14:44 - 00000000 ____D C:\Users\Daniel\AppData\Local\Pinnacle
2016-12-16 23:23 - 2016-10-26 14:43 - 00000632 _____ C:\Users\Daniel\AppData\Roaming\THINKCENTRE.MTBF.txt
2016-12-16 23:08 - 2016-11-05 13:54 - 00000000 ____D C:\Users\Daniel\Documents\Pinnacle Studio
2016-12-15 15:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\LiveKernelReports
2016-12-15 15:07 - 2016-10-26 14:31 - 00769672 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-12-15 14:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help
2016-12-15 09:09 - 2016-10-26 11:18 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-13 17:59 - 2016-10-28 17:40 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-12 16:39 - 2016-11-20 14:30 - 00000000 ____D C:\Users\Daniel\AppData\Local\VMware
2016-12-12 16:38 - 2016-11-20 14:30 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\VMware
2016-12-09 21:41 - 2016-11-03 18:21 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\uTorrent
2016-12-08 18:19 - 2016-11-15 15:36 - 00000000 ____D C:\Users\Daniel\Documents\Commander Genius
2016-12-04 12:19 - 2016-11-23 18:02 - 00000000 ____D C:\wamp64
2016-12-01 21:57 - 2016-11-12 08:46 - 00000000 ____D C:\Users\Daniel\AppData\Local\PrivateTunnel
2016-11-29 19:08 - 2016-10-26 17:53 - 00000132 _____ C:\Users\Daniel\AppData\Roaming\Adobe Formát PNG CS6 – předvolby
2016-11-26 22:53 - 2016-11-25 15:01 - 00000000 ____D C:\Program Files\ViPER4Windows

==================== Files in the root of some directories =======

2016-10-26 17:37 - 2016-10-26 17:37 - 0000132 _____ () C:\Users\Daniel\AppData\Roaming\Adobe Formát BMP CS6 – předvolby
2016-10-26 17:53 - 2016-11-29 19:08 - 0000132 _____ () C:\Users\Daniel\AppData\Roaming\Adobe Formát PNG CS6 – předvolby
2016-12-14 17:51 - 2016-12-23 15:24 - 0003733 _____ () C:\Users\Daniel\AppData\Roaming\downloads.json
2016-10-26 14:43 - 2016-12-16 23:23 - 0000632 _____ () C:\Users\Daniel\AppData\Roaming\THINKCENTRE.MTBF.txt
2016-11-05 15:44 - 2016-11-05 15:46 - 308516124 _____ () C:\Users\Daniel\AppData\Local\ACCCx3_9_1_335.zip.aamdownload
2016-11-05 15:44 - 2016-11-05 15:46 - 0003455 _____ () C:\Users\Daniel\AppData\Local\ACCCx3_9_1_335.zip.aamdownload.aamd
2016-10-26 14:45 - 2016-11-07 21:45 - 0003584 _____ () C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-23 19:50 - 2016-10-23 19:50 - 0000003 _____ () C:\Users\Daniel\AppData\Local\updater.log
2016-10-23 19:50 - 2016-10-23 19:50 - 0000424 _____ () C:\Users\Daniel\AppData\Local\UserProducts.xml
2016-10-28 10:32 - 2016-10-28 10:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-23 12:18 - 2016-12-26 09:04 - 0002938 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-23 12:18 - 2016-12-25 23:18 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
2016-12-18 14:11 - 2016-12-18 14:11 - 0001534 _____ () C:\ProgramData\ss.ini

Files to move or delete:
====================
C:\Users\Daniel\AppData\Local\Temp\Rar$EXa0.150\Chrome-bin\chrome.exe


Some files in TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\552DEBB8-EC87-4DD8-B20C-15523B27F226.exe
C:\Users\Daniel\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\Daniel\AppData\Local\Temp\bitool.dll
C:\Users\Daniel\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Daniel\AppData\Local\Temp\filmora_full846.exe
C:\Users\Daniel\AppData\Local\Temp\ICReinstall_SkinPacks.exe
C:\Users\Daniel\AppData\Local\Temp\keydown01.exe
C:\Users\Daniel\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Daniel\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Daniel\AppData\Local\Temp\nvStInst.exe
C:\Users\Daniel\AppData\Local\Temp\p11898.exe
C:\Users\Daniel\AppData\Local\Temp\SIntf16.dll
C:\Users\Daniel\AppData\Local\Temp\SIntf32.dll
C:\Users\Daniel\AppData\Local\Temp\SIntfNT.dll
C:\Users\Daniel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Daniel\AppData\Local\Temp\UnSigner.exe
C:\Users\Daniel\AppData\Local\Temp\usbca.exe
C:\Users\Daniel\AppData\Local\Temp\Welcome.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================

Vhd Resizer (HKLM-x32\...\{8FAA57C5-7BD1-4285-B4B1-36D7337D7BE5}) (Version: 1.0.42 - Xcarab)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\update-S-1-5-21-963179264-3770265574-2228904462-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Daniel\Desktop" je 8411 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================
Přílohy
Addition.zip
(14.28 KiB) Staženo 73 x
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119672
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: FINAL.VBS - Skrývání souborů na USB, zástupci přes CMD

#2 Příspěvek od Rudy »

Zdravím!
Jak je na tom váš oper. systém s legalitou?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
DanielChoutka
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 26 pro 2016 09:25

Re: FINAL.VBS - Skrývání souborů na USB, zástupci přes CMD

#3 Příspěvek od DanielChoutka »

Rudy píše:Zdravím!
Jak je na tom váš oper. systém s legalitou?
Legální OEM :)
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119672
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: FINAL.VBS - Skrývání souborů na USB, zástupci přes CMD

#4 Příspěvek od Rudy »

OK. Udělejte následující sken:

Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:
CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s
a klikněte na >Prohledat<. Dejte oba logy.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
DanielChoutka
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 26 pro 2016 09:25

Re: FINAL.VBS - Skrývání souborů na USB, zástupci přes CMD

#5 Příspěvek od DanielChoutka »

Omlouvám se za menší zpoždění, vypli nám net.
Logy zazipované v příloze.

Ještě se musím přiznat, mám klíč injectnutý přes Daz windows loader. Ale myslím, že jen klíč, bootloader by být upravený neměl.
Přílohy
OTL.zip
(50.61 KiB) Staženo 79 x
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119672
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: FINAL.VBS - Skrývání souborů na USB, zástupci přes CMD

#6 Příspěvek od Rudy »

Spusťte znovu OTL jako správce.
Do spodniho okna vlozte nasledujici text:
:OTL
MOD - [2016.12.27 18:49:13 | 000,402,432 | ---- | M] () -- \\?\C:\Users\Daniel\AppData\Local\Temp\85C2.tmp.node
MOD - [2016.12.27 18:46:55 | 000,402,432 | ---- | M] () -- \\?\C:\Users\Daniel\AppData\Local\Temp\694D.tmp.node
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-963179264-3770265574-2228904462-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaephdgbinagkeepamlbkhkfbiaedabm\1.5_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.6_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk\1.2_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4.7_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhloflhklmhfpedakmangadcdofhnnoh\2.12.0_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn\4.2.50_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\boemmnepglcoinjcdlfcpcbmhiecichi\1.1.0.618_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohahkiiknkelflnjjlipnaeapefmjbh\0.6.9_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpbhakojlbckohllnekbaoilljblfpbi\6.2.1_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhggbfdinjmjhajaheehoeibfljjno\0.5.4_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk\4.1.0_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmkneeaihlcdllananjlkmppnkdahdcc\0.0.9.4_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecfnenchgjbicgaooadfdmcojkcmjblk\1.0.86_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\egncdnniomonjgpjbapalkckojhkfddk\0.7.2_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil\1.97.54_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcemphgmjnjpmmdhcedhjiegickfbiia\2.2_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdadlpmlbimjjlpdknpjoejgedagffhg\0.2.1.5_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl\2.2_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fekhjdkapdcigodkgfnnniodadejecgd\1.0_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\52.0.2743.48_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2016.12.19_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclhodkofgoighinmongpkpncdpalejb\1.1.0_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejijbmhbanhbllpkhfojmimfolkjgdl\2.1_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\3.8.2_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm\4.1.3_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne\2.1.1_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\2.0.5_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hekhdfjankbhklfkjmnmnefcacndeoll\1.2_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkamannimdppjgaefkfadajfacnajmoe\1.0.1_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb\1.1.31_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\igfmbhdbojmlaclcokamjiilmpoibmlk\3.1.3_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihbiedpeaicgipncdnnkikeehnjiddck\1.1_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikmfjgddabnbkckaihnjboeimnmlpkom\1.55.8_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilkpfiojmnphjpjjbknfbgajfgihjgmj\1.0.5_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp\2_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfnniehafojoidolddmhfnpnbiolbppi\6.0_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhceknlmaggijlkkcemdaghpniimajhd\0.1.5_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjphmlaoffndcnecccgemfdaaoighkel\0.7.0_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jojicnfhgajfeddfalfahidfeicmmdgo\1.9.3_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kadbillinepbjlgenaliokdhejdmmlgp\3.7.75_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajibbejlbohfaggdiogboambcijhkke\1.6.4_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckhddfnffeofnfjcpdffpeiljicclbd\1.1.2_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb\1.4.2_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjehgfjdlamgemlkljpklaiiamnbeemk\12.202.10.28441_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkghjbajgkcialbbimbifdcjilhcgoim\3.5.2.23_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij\5.245_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2016.1219.943.1_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpiecbcckbofpmkkkdibbllpinceiihk\2.2.7_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpiecbcckbofpmkkkdibbllpinceiihk\2.2.8_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpiecbcckbofpmkkkdibbllpinceiihk\2.2.8_1\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca\0.92.1_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldgfbffkinooeloadekpmfoklnobpien\5.1.80_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.5.0.9167_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mefhakmgclhhfbdadeojlkbllmecialg\0.992_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme\1.1_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\7.1.0.49_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlpapfcfoakknnhkfpencomejbcecdfp\0.1.6_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfdfiepdkbnoanddpianalelglmfooik\1.2.6_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk\1.0.4_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nipbfgjelgfmhomikiffppkdpmienjnp\2.4_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.1_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oghkljobbhapacbahlneolfclkniiami\3.0.0.19_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ommpbgoliokoijimalcokhciffhapkdf\1.1_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\opfmbdmhambgleempeofcjjhjclimccg\1.38.1.6_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdagghjnpkeagmlbilmjmclfhjeaapaa\2.0.0.2_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmgfdlgomnbgkofeojodiodmgpgmkac\2.0.2_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\phakiphhfacalfioninjbkaiikkacglf\207_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5516.1005.0.3_0\
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [final] wscript.exe //B "C:\Users\Daniel\AppData\Local\Temp\final.vbs" File not found
O4 - HKU\S-1-5-21-963179264-3770265574-2228904462-1001..\Run: [xwidget] C:\SkinPack\RocketDock\Xwidget\xwidget.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\final.vbs ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\{28519125-b938-11e6-96e4-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{28519125-b938-11e6-96e4-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRunLauncher.exe
O33 - MountPoints2\{2c4697d4-a358-11e6-81be-000272c8c6d3}\Shell - "" = AutoRun
O33 - MountPoints2\{2c4697d4-a358-11e6-81be-000272c8c6d3}\Shell\AutoRun\command - "" = F:\autorun.exe "00 Hraj!.html"
O33 - MountPoints2\{2c4697e1-a358-11e6-81be-000272c8c6d3}\Shell - "" = AutoRun
O33 - MountPoints2\{2c4697e1-a358-11e6-81be-000272c8c6d3}\Shell\AutoRun\command - "" = F:\autorun.exe "00 Hraj!.html"


:files
C:\Program Files (x86)\Skype\Toolbars
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]
[CreateRestorePoint]
Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
DanielChoutka
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 26 pro 2016 09:25

Re: FINAL.VBS - Skrývání souborů na USB, zástupci přes CMD

#7 Příspěvek od DanielChoutka »

Úkon proveden, zazipováno, otevřu chrome... Zmizela půlka rozšíření... Když jsem projížděl ten skript, nějak jsem to očekával. Ale zarazilo mě to, že zmizel ovladač od síťáku...
Až ho nainstaluju, oyvu se a uploudnu log.
Nahoru
DanielChoutka
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 26 pro 2016 09:25

Re: FINAL.VBS - Skrývání souborů na USB, zástupci přes CMD

#8 Příspěvek od DanielChoutka »

Aha... Ovladače jsou OK ale Windows píše, že nemůže automaticky najít proxy...
Nevíte co s tím?
Nahoru
DanielChoutka
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 26 pro 2016 09:25

Re: FINAL.VBS - Skrývání souborů na USB, zástupci přes CMD

#9 Příspěvek od DanielChoutka »

Další log...
Přílohy
OTL2.zip
(214.99 KiB) Staženo 67 x
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119672
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: FINAL.VBS - Skrývání souborů na USB, zástupci přes CMD

#10 Příspěvek od Rudy »

DanielChoutka píše:Aha... Ovladače jsou OK ale Windows píše, že nemůže automaticky najít proxy...
Nevíte co s tím?
Bylo to ukrutně zahnojené a muselo se smazat skoro celé nastavení. Budete muset, pokud používáte proxynu, celé znova nastavit.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
DanielChoutka
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 26 pro 2016 09:25

Re: FINAL.VBS - Skrývání souborů na USB, zástupci přes CMD

#11 Příspěvek od DanielChoutka »

Tak moc děkuju :3
A jinak, může se zaptat kolik vám vlastně je? A ty patche děláte manuálně?
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119672
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: FINAL.VBS - Skrývání souborů na USB, zástupci přes CMD

#12 Příspěvek od Rudy »

Mne osobně 62. Jsou tu ale i mladší (a i starší). To co dávám do řešení (postupy), mám předepsáno v texťáku a kopíruji. Samozřejmě kromě jednotlivých položek, které dávám do mazání. Ty kopíruji přímo z logu. Jinak sem chodím relaxovat. :) Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
DanielChoutka
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 26 pro 2016 09:25

Re: FINAL.VBS - Skrývání souborů na USB, zástupci přes CMD

#13 Příspěvek od DanielChoutka »

:offtopic: Páni! Respekt :) Mému otci je také 62 (mě 13) a je rád, že ví, co je to nová záložka :D
A jinak, kolik ty vaše templaty zabírají? Asi mi je nepošlete že? :)
Jak koukám, co vy tady děláte, já si řikám ajťák a umim jen-tak PHPko HTMLko a kaskády :D V tomhle bych se nevyznal...
Vážně respekt :)
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119672
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: FINAL.VBS - Skrývání souborů na USB, zástupci přes CMD

#14 Příspěvek od Rudy »

Já nejsem ajťák. Jsem jen elektro slaboproudař, který se momentálně živí elektrickými revizemi. Dříve jsem pracoval na TV vysílači. Kromě toho mám živnost na servis elektroniky, vč. PC. Mám to texťáku asi 55kB velkém a vyznám se v tom jen já. Byl by vám k ničemu je třeba se vyznat hlavně v logách a vědět, co na jaký problém použít. :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“