Vracející se havěť

[marecek]

Dobrý večer,
po instalaci Daemon Tools nějaký týden zpátky pro otevření ISO souboru se mi stále mění nastavení prohlížečů. Nikdy jsem s DT problém před tím neměl, takže jsem nečekal žádný podraz. Několikrát projeto ADW cleanerem a ESET scannerem, vždy se problémy vrátily po příštím spuštění počítače. Windows originální.

Kód: Vybrat vše

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Honza (administrator) on HONZA (15-03-2017 21:52:05)
Running from C:\Users\Honza\Desktop
Loaded Profiles: Honza (Available Profiles: Honza)
Platform: Windows 10 Home (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Pearhas\Application\chrome.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Graphisoft SE) C:\Program Files\GRAPHISOFT\BIM Server\Server Modules\1600\TeamworkServer\TeamworkServerManager.exe
(Graphisoft SE) C:\Program Files\GRAPHISOFT\BIM Server\Server Modules\1600\TeamworkServer\TeamworkServerMonitorService.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Graphisoft SE) C:\Program Files\GRAPHISOFT\BIM Server\Server Modules\1600\TeamworkServer\TeamworkServerInstance.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(IEC) C:\Program Files (x86)\BikaQRss\BikaQ.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CMedia) C:\Program Files\ASUS Xonar DGX Audio\Customapp\AsusAudioCenter.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\System\HsMgr64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(hxxp://www.amuleall.org/) C:\Program Files (x86)\amulell\ed2k.exe
() C:\Users\Honza\AppData\Roaming\Kyubey\Kyubey.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(forum.viry.cz) C:\Users\Honza\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2016-12-28] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2016-12-28] ()
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\S-1-5-21-1751909884-367361752-1588634989-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-09] (Valve Corporation)
HKU\S-1-5-21-1751909884-367361752-1588634989-1001\...\Run: [DAEMON Tools Lite Automount] => J:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-07] (Disc Soft Ltd)
HKU\S-1-5-21-1751909884-367361752-1588634989-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
HKU\S-1-5-21-1751909884-367361752-1588634989-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE [563416 2015-07-12] (ZONER software)
HKU\S-1-5-21-1751909884-367361752-1588634989-1001\...\MountPoints2: M - "M:\autorun.exe" 
HKU\S-1-5-21-1751909884-367361752-1588634989-1001\...\MountPoints2: {23f77a37-f43f-11e6-9be3-0015833d0a57} - "M:\autorun.exe" 
HKU\S-1-5-21-1751909884-367361752-1588634989-1001\...\MountPoints2: {e0bf407d-cdb1-11e6-9bca-0015833d0a57} - "L:\LaunchU3.exe" -a
HKLM\...\Providers\du03mv7b: C:\Program Files (x86)\Plocersp Log\local64spl.dll
ShellExecuteHooks: No Name - {2AB93E66-F441-11E6-826A-64006A5CFC23} - C:\Program Files (x86)\Ferory\Konekpujocult.dll -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2016-12-28]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{12c05d94-83c6-489b-90cf-052c3f1aac1a}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=1489605178&z=53a8c586d87462866cabf20g3zfbft9q8edwag7b5z&from=che0812&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR206512665126
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=1489605178&z=53a8c586d87462866cabf20g3zfbft9q8edwag7b5z&from=che0812&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR206512665126
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=ds&ts=1489605178&z=53a8c586d87462866cabf20g3zfbft9q8edwag7b5z&from=che0812&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR206512665126&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=ds&ts=1489605178&z=53a8c586d87462866cabf20g3zfbft9q8edwag7b5z&from=che0812&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR206512665126&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=1489605178&z=53a8c586d87462866cabf20g3zfbft9q8edwag7b5z&from=che0812&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR206512665126
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=1489605178&z=53a8c586d87462866cabf20g3zfbft9q8edwag7b5z&from=che0812&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR206512665126
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1489605178&z=53a8c586d87462866cabf20g3zfbft9q8edwag7b5z&from=che0812&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR206512665126&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1489605178&z=53a8c586d87462866cabf20g3zfbft9q8edwag7b5z&from=che0812&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR206512665126&q={searchTerms}
HKU\S-1-5-21-1751909884-367361752-1588634989-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=1489605178&z=53a8c586d87462866cabf20g3zfbft9q8edwag7b5z&from=che0812&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR206512665126
HKU\S-1-5-21-1751909884-367361752-1588634989-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=1489605178&z=53a8c586d87462866cabf20g3zfbft9q8edwag7b5z&from=che0812&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR206512665126
SearchScopes: HKU\S-1-5-21-1751909884-367361752-1588634989-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1489605178&z=53a8c586d87462866cabf20g3zfbft9q8edwag7b5z&from=che0812&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR206512665126&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1751909884-367361752-1588634989-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1489605178&z=53a8c586d87462866cabf20g3zfbft9q8edwag7b5z&from=che0812&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR206512665126&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1751909884-367361752-1588634989-1001 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p17_serp_ie_us_display?ie=UTF8&tagbase=bds-p17&tbrId=v1_abb-channel-17_64a6e42e_1201_1403_20161228_CZ_ie_ds_&tag=bds-p17-serp-us-ie-20&query={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2017-03-01] (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2017-03-01] (Sun Microsystems, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.startpageing123.com/?type=sc&ts=1489605178&z=53a8c586d87462866cabf20g3zfbft9q8edwag7b5z&from=che0812&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR206512665126

Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-1751909884-367361752-1588634989-1001 -> hxxp://www.startpageing123.com/?type=hp&ts=1488813342&z=e53315e19766e26479c864fg8z0beb0b7g4cccdz8b&from=che0812&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR206512665126

FireFox:
========
FF Plugin-x32: @graphisoft.com/GDL Web Plug-in -> C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll [2012-09-04] ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_32 -> C:\Windows\SysWOW64\npdeployJava1.dll [2017-03-01] (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2017-03-01] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxp://www.startpageing123.com/?type=hp&ts=1489605178&z=53a8c586d87462866cabf20g3zfbft9q8edwag7b5z&from=che0812&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR206512665126
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.startpageing123.com/?type=hp&ts=1489605178&z=53a8c586d87462866cabf20g3zfbft9q8edwag7b5z&from=che0812&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR206512665126"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.startpageing123.com/search/?type=ds&ts=1489605178&z=53a8c586d87462866cabf20g3zfbft9q8edwag7b5z&from=che0812&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR206512665126&q={searchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> startpageing123
CHR Profile: C:\Users\Honza\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-15] <==== ATTENTION
CHR Extension: (Prezentace Google) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-28]
CHR Extension: (Dokumenty Google) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-28]
CHR Extension: (Disk Google) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-28]
CHR Extension: (YouTube) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-28]
CHR Extension: (Tabulky Google) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-28]
CHR Extension: (Dokumenty Google offline) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-28]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
CHR Extension: (Gmail) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-28]
CHR Extension: (Chrome Media Router) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-12]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.startpageing123.com/?type=sc&ts=1489605178&z=53a8c586d87462866cabf20g3zfbft9q8edwag7b5z&from=che0812&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR206512665126

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1486344 2017-01-29] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2017-01-17] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; j:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-07] (Disc Soft Ltd)
R2 ed2kidle; C:\Program Files (x86)\amulell\ed2k.exe [214528 2017-03-10] (hxxp://www.amuleall.org/) [File not signed]
R2 Kyubey; C:\Users\Honza\AppData\Roaming\Kyubey\Kyubey.exe [114688 2017-03-15] () [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2017-02-17] ()
S3 TeamworkMessagingServer-v16.0; C:\Program Files\GRAPHISOFT\BIM Server\Server Modules\1600\TeamworkMessagingServer\bin\win32\wrapper.exe [204800 2012-09-04] () [File not signed]
R2 TeamworkServerManager-v16.0; C:\Program Files\GRAPHISOFT\BIM Server\Server Modules\1600\TeamworkServer\TeamworkServerManager.exe [1504256 2012-09-04] (Graphisoft SE) [File not signed]
R2 TeamworkServerMonitor-v16.0; C:\Program Files\GRAPHISOFT\BIM Server\Server Modules\1600\TeamworkServer\TeamworkServerMonitorService.exe [232448 2012-09-04] (Graphisoft SE) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2016-10-25] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-11-19] (Microsoft Corporation)
R2 WinSAPSvc; C:\Users\Honza\AppData\Roaming\WinSAPSvc\WinSAP.dll [184832 2017-03-15] (Windows) [File not signed]
R2 WinSnare; C:\Users\Honza\AppData\Roaming\WinSnare\WinSnare.dll [776704 2017-03-15] (InterSect Alliance Pty Ltd) [File not signed] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cmudaxp; C:\Windows\system32\drivers\cmudaxp.sys [2735616 2016-12-28] (C-Media Inc)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2017-02-17] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2017-02-17] (Disc Soft Ltd)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46016 2017-01-20] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-15 21:52 - 2017-03-15 21:52 - 00020791 _____ C:\Users\Honza\Desktop\FRST.txt
2017-03-15 21:51 - 2017-03-15 21:52 - 00000000 ____D C:\FRST
2017-03-15 21:50 - 2017-03-15 21:51 - 00112640 _____ (forum.viry.cz) C:\Users\Honza\Desktop\FRSTLauncher.exe
2017-03-15 21:50 - 2017-03-15 21:50 - 02424832 _____ (Farbar) C:\Users\Honza\Desktop\FRST64.exe
2017-03-15 21:44 - 2017-03-15 21:45 - 00000000 ____D C:\rsit
2017-03-15 21:44 - 2017-03-15 21:45 - 00000000 ____D C:\Program Files\trend micro
2017-03-15 21:44 - 2017-03-15 21:44 - 01222144 _____ C:\Users\Honza\Downloads\RSITx64.exe
2017-03-15 20:12 - 2017-03-15 20:12 - 00000000 ____D C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
2017-03-15 20:12 - 2017-03-15 20:12 - 00000000 ____D C:\Users\Honza\AppData\Roaming\aMule
2017-03-15 20:12 - 2017-03-15 20:12 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.3.1)
2017-03-15 20:12 - 2017-03-15 20:12 - 00000000 ____D C:\Program Files (x86)\amulell
2017-03-15 19:35 - 2017-03-15 19:35 - 00016148 _____ C:\Windows\system32\HONZA_Honza_HistoryPrediction.bin
2017-03-13 19:46 - 2017-03-15 20:13 - 00003662 _____ C:\Windows\System32\Tasks\Milimili
2017-03-13 19:46 - 2017-03-15 20:12 - 00000000 ____D C:\Users\Honza\AppData\Roaming\WinSnare
2017-03-13 19:46 - 2017-03-15 20:12 - 00000000 ____D C:\Users\Honza\AppData\Roaming\WinSAPSvc
2017-03-13 19:46 - 2017-03-13 19:46 - 00003320 _____ C:\Windows\System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel
2017-03-13 19:46 - 2017-03-13 19:46 - 00000000 ____D C:\Users\Honza\AppData\Roaming\Kyubey
2017-03-13 19:46 - 2017-03-13 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ
2017-03-13 19:46 - 2017-03-13 19:46 - 00000000 ____D C:\Program Files (x86)\MIO
2017-03-13 19:46 - 2017-03-13 19:46 - 00000000 ____D C:\Program Files (x86)\BikaQRss
2017-03-13 19:39 - 2017-03-15 20:12 - 00002124 _____ C:\Users\Honza\Desktop\chrome – zástupce.lnk
2017-03-12 18:48 - 2017-03-12 18:48 - 00000000 ____D C:\Users\Honza\AppData\Roaming\Reoqutybavich
2017-03-12 18:41 - 2017-03-12 18:41 - 00000004 ____H C:\ProgramData\cm-lock
2017-03-11 14:37 - 2017-02-23 09:17 - 00136064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-03-11 14:34 - 2017-02-23 23:55 - 00047664 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 40192056 _____ C:\Windows\system32\nvcompiler.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 34992184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 19007528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 16850256 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 14674896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 13799736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 11122728 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 11019888 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 09306312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 08990256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 03168192 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 02717752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 01985080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437878.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 01589696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437878.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 01052096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00989632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00959424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00946456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00910784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00721768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00687408 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00609728 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00605120 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00576008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00573632 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00515832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00499136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00483384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00447984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00207672 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00183136 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00177808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00152064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-03-11 14:34 - 2017-02-23 11:32 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2017-03-11 12:11 - 2017-03-11 12:11 - 00000221 _____ C:\Users\Honza\Desktop\DCS Black Shark.url
2017-03-11 12:06 - 2017-03-11 12:06 - 00000000 ____D C:\Users\Honza\AppData\Local\DCS
2017-03-11 12:05 - 2017-03-11 12:05 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2017-03-11 12:05 - 2017-03-11 12:05 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-03-11 12:05 - 2017-03-11 12:05 - 00000000 ____D C:\Program Files\MSBuild
2017-03-11 12:05 - 2017-03-11 12:05 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-03-11 12:05 - 2017-03-11 12:05 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-03-10 19:01 - 2017-03-10 19:01 - 00044326 _____ C:\Users\Honza\Downloads\3448_0001.pdf
2017-03-10 18:45 - 2017-03-10 19:14 - 00000000 ____D C:\Windows\Minidump
2017-03-10 18:45 - 2017-03-10 19:04 - 960657517 _____ C:\Windows\MEMORY.DMP
2017-03-10 15:18 - 2017-03-10 15:20 - 00000000 ___HD C:\$WINDOWS.~BT
2017-03-09 16:23 - 2017-03-09 16:23 - 00001086 _____ C:\Users\Public\Desktop\DCS World.lnk
2017-03-09 16:23 - 2017-03-09 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eagle Dynamics
2017-03-09 16:22 - 2017-03-09 16:22 - 06751112 _____ (Eagle Dynamics ) C:\Users\Honza\Downloads\DCS_World_Web_Installer.exe
2017-03-08 18:21 - 2017-03-08 18:21 - 00642558 _____ C:\Users\Honza\Documents\Vytápění obytných budov.pptx
2017-03-06 16:30 - 2017-03-06 16:30 - 00000000 ____D C:\Users\Honza\Documents\EugenSystems
2017-03-06 16:15 - 2017-03-06 16:15 - 00000388 _____ C:\Windows\SysWOW64\data.bin
2017-03-06 16:13 - 2017-03-15 20:12 - 00000000 ____D C:\Program Files (x86)\MK
2017-03-04 23:58 - 2017-03-04 23:58 - 00001447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2017-03-04 23:58 - 2017-03-04 23:58 - 00001378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2017-03-04 23:58 - 2017-03-04 23:58 - 00000000 ____D C:\Users\Honza\AppData\Roaming\WMM
2017-03-04 23:57 - 2017-03-04 23:57 - 26689458 _____ (videowinsoft.com ) C:\Users\Honza\Downloads\windows-movie-maker-2016.exe
2017-03-04 23:27 - 2017-03-04 23:27 - 22261618 _____ C:\Users\Honza\Downloads\bigwing1.ntrk
2017-03-04 20:34 - 2017-03-04 23:55 - 00000000 ____D C:\Users\Honza\AppData\Roaming\obs-studio
2017-03-04 20:34 - 2017-03-04 20:34 - 00001275 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2017-03-04 20:34 - 2017-03-04 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2017-03-04 20:33 - 2017-03-04 20:33 - 00000000 ____D C:\Program Files (x86)\obs-studio
2017-03-04 20:28 - 2017-03-04 20:33 - 113008856 _____ (obsproject.com) C:\Users\Honza\Downloads\OBS-Studio-18.0-Full-Installer.exe
2017-03-04 20:19 - 2017-03-04 20:19 - 00000000 ____D C:\Windows\SysWOW64\directx
2017-03-04 19:09 - 2017-03-04 19:09 - 00007302 _____ C:\Users\Honza\Downloads\conf.ini
2017-03-04 18:41 - 2017-03-04 18:54 - 520141774 _____ C:\Users\Honza\Downloads\Big Wing final full.rar
2017-03-04 18:12 - 2017-03-04 18:13 - 40376862 _____ C:\Users\Honza\Downloads\MSIAfterburnerSetup.zip
2017-03-04 18:10 - 2017-03-04 18:10 - 06718400 _____ C:\Users\Honza\Desktop\dokreslit.pln
2017-03-04 17:55 - 2017-03-04 17:55 - 00000000 ____D C:\Users\Honza\AppData\Local\GS-LW-Temp
2017-03-01 20:13 - 2017-03-01 20:43 - 11529632 _____ C:\Users\Honza\Desktop\novák.pln
2017-03-01 20:13 - 2017-03-01 20:30 - 11527888 _____ C:\Users\Honza\Desktop\novák.bpn
2017-03-01 19:20 - 2017-03-01 19:20 - 00000999 _____ C:\Users\Public\Desktop\BIMx pro ArchiCAD 16.lnk
2017-03-01 19:20 - 2017-03-01 19:20 - 00000744 _____ C:\Users\Public\Desktop\ArchiCAD 16.lnk
2017-03-01 19:19 - 2017-03-01 19:23 - 00000000 ____D C:\ArchiCAD 16
2017-03-01 19:19 - 2017-03-01 19:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArchiCAD 16
2017-03-01 19:18 - 2017-03-01 19:18 - 00476960 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2017-03-01 19:18 - 2017-03-01 19:18 - 00472864 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2017-03-01 19:18 - 2017-03-01 19:18 - 00149280 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2017-03-01 19:18 - 2017-03-01 19:18 - 00149280 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2017-03-01 19:18 - 2017-03-01 19:18 - 00000000 ____D C:\ProgramData\Sun
2017-03-01 19:16 - 2017-03-15 19:38 - 00004190 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{BA833D72-7AD3-461F-98A2-938E45E90F4D}
2017-03-01 19:16 - 2017-03-06 16:16 - 00000000 _____ C:\Windows\SysWOW64\4
2017-03-01 19:16 - 2017-03-06 16:16 - 00000000 _____ C:\Windows\SysWOW64\3
2017-03-01 19:16 - 2017-03-06 16:15 - 00000000 _____ C:\Windows\SysWOW64\1
2017-03-01 19:15 - 2017-03-01 19:15 - 00002058 _____ C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-01 19:08 - 2017-03-01 19:08 - 00002850 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-03-01 19:08 - 2017-03-01 19:08 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-03-01 19:08 - 2017-03-01 19:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-03-01 19:08 - 2017-03-01 19:08 - 00000000 ____D C:\Program Files\CCleaner
2017-03-01 19:00 - 2017-03-01 19:00 - 00000000 ____D C:\Users\Honza\AppData\Local\ESET
2017-03-01 18:59 - 2017-03-01 19:00 - 06751360 _____ (ESET spol. s r.o.) C:\Users\Honza\Downloads\esetonlinescanner_enu.exe
2017-03-01 18:51 - 2017-03-06 16:21 - 00001878 _____ C:\Program Files (x86)\metadata
2017-03-01 18:51 - 2017-03-01 18:51 - 04031440 _____ C:\Users\Honza\Downloads\adwcleaner_6.044.exe
2017-03-01 18:51 - 2017-03-01 18:51 - 00739392 _____ (Oracle Corporation) C:\Users\Honza\Downloads\JavaSetup8u121.exe
2017-03-01 18:41 - 2017-03-09 16:21 - 00016384 ___SH C:\Users\Honza\Desktop\Thumbs.db
2017-03-01 18:41 - 2017-03-01 15:16 - 00944968 _____ C:\Users\Honza\Desktop\novak.TIF
2017-02-26 20:01 - 2017-02-26 20:01 - 00000110 ____H C:\Users\Honza\Downloads\16904583_1597473606931165_9191330844699269529_o.jpg.uid-zps
2017-02-26 19:59 - 2017-02-26 19:59 - 00001500 _____ C:\Users\Honza\AppData\Local\recently-used.xbel
2017-02-26 19:59 - 2017-02-26 19:59 - 00000000 ____D C:\Users\Honza\AppData\Local\gtk-2.0
2017-02-26 19:51 - 2017-02-26 19:51 - 00000000 ____D C:\Users\Honza\.thumbnails
2017-02-26 19:50 - 2017-02-26 19:59 - 00000000 ____D C:\Users\Honza\.gimp-2.8
2017-02-26 19:50 - 2017-02-26 19:50 - 00000939 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2017-02-26 19:50 - 2017-02-26 19:50 - 00000000 ____D C:\Users\Honza\AppData\Local\gegl-0.2
2017-02-26 19:50 - 2017-02-26 19:50 - 00000000 ____D C:\Users\Honza\AppData\Local\fontconfig
2017-02-26 19:50 - 2017-02-26 19:50 - 00000000 ____D C:\Program Files\GIMP 2
2017-02-26 19:48 - 2017-02-26 19:49 - 77568952 _____ (The GIMP Team ) C:\Users\Honza\Downloads\gimp-2.8.20-setup.exe
2017-02-20 19:03 - 2017-03-06 16:42 - 00000000 ____D C:\Windows\system32\log
2017-02-20 19:02 - 2017-03-01 19:17 - 00002069 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-20 19:02 - 2017-03-01 19:17 - 00000000 ____D C:\Users\Honza\AppData\LocalLow\Mozilla
2017-02-20 19:02 - 2017-02-20 19:02 - 00000000 ____D C:\Users\Honza\AppData\Roaming\Mozilla
2017-02-20 18:47 - 2017-03-13 19:41 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
2017-02-20 18:45 - 2017-03-13 19:41 - 00000000 ____D C:\Program Files (x86)\du03mv7b
2017-02-18 15:05 - 2017-02-18 15:32 - 00006144 ___SH C:\Users\Honza\Documents\Thumbs.db
2017-02-18 12:56 - 2017-02-18 15:29 - 24250893 _____ C:\Users\Honza\Documents\Mělnické kostely.pptx
2017-02-17 21:46 - 2017-02-17 21:46 - 00281032 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2017-02-17 21:45 - 2017-02-17 21:45 - 00000000 ____D C:\Users\Honza\Documents\My Games
2017-02-17 21:45 - 2017-02-17 21:45 - 00000000 ____D C:\Users\Honza\AppData\Local\CrashRpt
2017-02-17 19:09 - 2017-02-17 21:46 - 00281032 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2017-02-17 19:09 - 2017-02-17 21:44 - 00189248 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2017-02-17 19:09 - 2017-02-17 21:44 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2017-02-17 19:09 - 2016-11-25 18:56 - 00912744 _____ C:\Windows\SysWOW64\pbsvc.exe
2017-02-17 19:08 - 2017-02-17 21:46 - 00000000 ____D C:\Users\Honza\AppData\Local\PunkBuster
2017-02-17 19:07 - 2017-02-17 19:07 - 00001306 _____ C:\Users\Honza\Desktop\Project Reality BF2.lnk
2017-02-17 19:07 - 2017-02-17 19:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project Reality
2017-02-17 19:02 - 2017-03-12 18:40 - 00000000 ____D C:\AdwCleaner
2017-02-17 18:58 - 2017-02-17 18:58 - 00000000 ____D C:\Users\Honza\AppData\Local\Disc_Soft_Ltd
2017-02-17 18:57 - 2017-03-04 20:21 - 00000000 ____D C:\Program Files (x86)\Plocersp Log
2017-02-17 18:57 - 2017-02-17 18:57 - 00006088 _____ C:\Windows\System32\Tasks\Plocersp Log
2017-02-17 18:57 - 2017-02-17 18:57 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2017-02-17 18:56 - 2017-03-13 19:41 - 00000000 ____D C:\Program Files (x86)\Ferory
2017-02-17 18:56 - 2017-03-08 17:55 - 00000000 ____D C:\Users\Honza\AppData\Roaming\DAEMON Tools Lite
2017-02-17 18:56 - 2017-02-17 18:57 - 00000000 ____D C:\Users\Honza\AppData\Local\Clokerent
2017-02-17 18:56 - 2017-02-17 18:56 - 00047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2017-02-17 18:56 - 2017-02-17 18:56 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2017-02-17 18:56 - 2017-02-17 18:56 - 00000888 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2017-02-17 18:56 - 2017-02-17 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2017-02-17 18:55 - 2017-02-17 18:55 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2017-02-17 18:54 - 2017-02-17 18:55 - 00694720 _____ (Disc Soft Ltd.) C:\Users\Honza\Downloads\DTLiteInstaller.exe
2017-02-16 13:01 - 2017-02-16 18:43 - 3866689536 _____ C:\Users\Honza\Downloads\prbf2_1.4.1.0_full.iso
2017-02-16 13:01 - 2017-02-16 13:01 - 00001030 _____ C:\Users\Honza\Desktop\µTorrent.lnk
2017-02-16 13:01 - 2017-02-16 13:01 - 00000000 ____D C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2017-02-16 13:00 - 2017-02-17 18:54 - 00000000 ____D C:\Users\Honza\AppData\Roaming\uTorrent
2017-02-16 13:00 - 2017-02-16 13:00 - 02168712 _____ (emc) C:\Users\Honza\Downloads\uTorrent221.exe
2017-02-16 13:00 - 2017-02-16 13:00 - 00039403 _____ C:\Users\Honza\Downloads\prbf2_1.4.1.0_full.iso.torrent
2017-02-14 18:39 - 2017-01-20 19:39 - 00156608 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-02-14 18:39 - 2017-01-20 19:39 - 00124352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-02-14 18:39 - 2017-01-20 19:39 - 00057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-15 19:43 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\AppReadiness
2017-03-15 19:42 - 2017-01-09 20:20 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-15 19:38 - 2016-12-28 19:19 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-15 19:38 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-13 23:11 - 2016-12-29 18:08 - 00000000 ____D C:\Users\Honza\AppData\Roaming\TS3Client
2017-03-13 19:44 - 2016-12-28 18:55 - 01742132 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-13 19:44 - 2015-07-10 17:02 - 00739094 _____ C:\Windows\system32\perfh005.dat
2017-03-13 19:44 - 2015-07-10 17:02 - 00145742 _____ C:\Windows\system32\perfc005.dat
2017-03-13 19:44 - 2015-07-10 12:02 - 00000000 ____D C:\Windows\INF
2017-03-13 19:38 - 2015-07-10 13:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-12 20:22 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\rescache
2017-03-12 18:40 - 2015-07-10 10:05 - 00131072 ___SH C:\Windows\system32\config\BBI
2017-03-12 18:36 - 2017-01-04 16:14 - 00000000 ____D C:\Users\Honza\AppData\Local\CrashDumps
2017-03-12 01:44 - 2016-12-28 18:54 - 00000000 ____D C:\Users\Honza
2017-03-11 23:22 - 2017-01-15 15:17 - 00000000 ____D C:\Program Files\VideoLAN
2017-03-11 23:21 - 2017-01-15 18:42 - 00000000 ____D C:\Users\Honza\AppData\Roaming\vlc
2017-03-11 22:54 - 2017-01-21 21:57 - 00000000 ____D C:\Users\Honza\AppData\Roaming\Mount&Blade Warband
2017-03-11 14:37 - 2016-12-28 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-03-11 14:37 - 2016-12-28 19:19 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-03-11 14:36 - 2016-12-28 19:19 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-03-11 14:22 - 2016-12-29 12:40 - 00004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-11 14:22 - 2016-12-29 12:40 - 00003994 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-11 14:22 - 2016-12-29 12:40 - 00003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-11 14:22 - 2016-12-29 12:40 - 00003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-11 14:22 - 2016-12-29 12:40 - 00003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-11 14:22 - 2016-12-29 12:40 - 00003696 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-11 14:22 - 2016-12-29 12:40 - 00003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-11 14:22 - 2016-12-29 12:40 - 00001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-03-11 14:22 - 2016-12-28 19:19 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-03-11 13:48 - 2016-12-29 12:30 - 00000000 ____D C:\Záloha
2017-03-11 12:11 - 2017-01-09 21:26 - 00000000 ____D C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-03-11 12:06 - 2015-07-10 11:55 - 00000000 ____D C:\Windows\CbsTemp
2017-03-11 12:05 - 2017-01-21 21:59 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2017-03-11 12:05 - 2017-01-21 21:59 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2017-03-11 12:05 - 2017-01-21 21:59 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2017-03-11 12:05 - 2017-01-21 21:59 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-03-11 12:05 - 2017-01-21 21:59 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2017-03-11 12:05 - 2017-01-21 21:59 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2017-03-11 12:05 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\SysWOW64\MUI
2017-03-11 12:05 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\MUI
2017-03-11 11:01 - 2016-12-28 18:54 - 00000000 ____D C:\Users\Honza\AppData\Local\Packages
2017-03-10 19:01 - 2016-12-28 18:54 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-10 18:49 - 2015-07-10 13:20 - 00342344 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-10 18:47 - 2017-01-14 10:07 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\mqrt.dll
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ___SD C:\Windows\SysWOW64\F12
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ___SD C:\Windows\system32\F12
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ___SD C:\Windows\system32\DiagSvcs
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ___RD C:\Windows\PurchaseDialog
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ___RD C:\Windows\PrintDialog
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ___RD C:\Windows\DevicesFlow
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\SysWOW64\setup
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\SysWOW64\oobe
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\setup
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\oobe
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\migwiz
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\Provisioning
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\L2Schemas
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files\Windows Portable Devices
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files\Windows Defender
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-03-10 18:47 - 2015-07-10 12:01 - 00635904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqsnap.dll
2017-03-10 18:47 - 2015-07-10 12:01 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqcertui.dll
2017-03-10 18:47 - 2015-07-10 10:07 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2017-03-10 18:47 - 2015-07-10 10:07 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2017-03-10 18:47 - 2015-07-10 10:05 - 00000000 ____D C:\Windows\SysWOW64\Dism
2017-03-10 18:47 - 2015-07-10 10:05 - 00000000 ____D C:\Windows\system32\Sysprep
2017-03-10 18:47 - 2015-07-10 10:05 - 00000000 ____D C:\Windows\system32\Dism
2017-03-10 18:46 - 2017-01-14 10:07 - 00813056 _____ (Microsoft Corporation) C:\Windows\system32\mqsnap.dll
2017-03-10 18:46 - 2017-01-14 10:07 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqrt.dll
2017-03-10 18:46 - 2017-01-14 10:07 - 00058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usoapi.dll
2017-03-10 18:46 - 2015-07-10 12:00 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\mqcertui.dll
2017-03-10 15:20 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2017-03-10 15:18 - 2015-07-10 04:50 - 00000000 ____D C:\Windows\Panther
2017-03-09 16:47 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-03-04 20:21 - 2016-12-28 21:35 - 00000000 ____D C:\Program Files (x86)\Java
2017-03-04 18:10 - 2016-12-28 22:00 - 00000000 ____D C:\Users\Honza\GRAPHISOFT
2017-03-01 19:25 - 2016-12-28 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GRAPHISOFT
2017-03-01 19:24 - 2016-12-28 21:50 - 00000000 ____D C:\Program Files\GRAPHISOFT
2017-03-01 19:24 - 2016-12-28 21:45 - 00055356 _____ C:\Windows\vpd.properties
2017-03-01 19:24 - 2016-12-28 21:35 - 00000000 ____D C:\Users\Honza\AppData\Roaming\Install.GS
2017-03-01 19:20 - 2017-01-02 11:50 - 00000000 ____D C:\Program Files (x86)\GRAPHISOFT
2017-03-01 19:18 - 2017-01-02 11:41 - 00157472 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2017-03-01 19:17 - 2017-01-02 11:50 - 00000000 ____D C:\ProgramData\Apple
2017-03-01 19:17 - 2016-12-28 23:39 - 00002240 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-01 19:15 - 2016-12-30 02:18 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-01 19:15 - 2016-12-30 02:18 - 00000000 ____D C:\Windows\system32\MRT
2017-03-01 18:44 - 2015-07-10 12:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-01 18:43 - 2016-12-28 19:58 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-02-27 20:24 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\LiveKernelReports
2017-02-26 19:47 - 2017-01-09 20:49 - 00164352 ___SH C:\Users\Honza\Downloads\Thumbs.db
2017-02-24 19:33 - 2016-12-28 19:19 - 14569528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-02-23 23:55 - 2017-02-12 18:10 - 01600056 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-02-23 23:55 - 2017-02-12 18:10 - 00217528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-02-23 19:35 - 2016-12-29 12:40 - 01880512 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-02-23 19:35 - 2016-12-29 12:40 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-02-23 19:35 - 2016-12-29 12:40 - 01468864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-02-23 19:35 - 2016-12-29 12:40 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-02-23 19:35 - 2016-12-29 12:40 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-02-23 15:30 - 2016-12-29 12:40 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-02-23 11:32 - 2017-02-12 18:10 - 28252608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-02-23 11:32 - 2017-02-12 18:10 - 20767912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-02-23 11:32 - 2016-12-29 13:05 - 00640272 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-02-23 11:32 - 2016-12-28 19:19 - 24490808 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2017-02-23 11:32 - 2016-12-28 19:19 - 00512960 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-02-23 11:32 - 2016-12-28 19:19 - 00418752 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-02-23 11:32 - 2016-12-28 19:19 - 00043566 _____ C:\Windows\system32\nvinfo.pb
2017-02-23 11:32 - 2016-12-28 19:18 - 04078008 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-02-23 11:32 - 2016-12-28 19:18 - 03596616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-02-23 09:43 - 2016-12-29 12:40 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-02-23 09:28 - 2016-12-29 13:07 - 00548288 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-02-23 09:28 - 2016-12-29 13:07 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-02-23 09:28 - 2016-12-28 19:19 - 06401984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-02-23 09:28 - 2016-12-28 19:19 - 02479160 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-02-23 09:28 - 2016-12-28 19:19 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-02-23 09:28 - 2016-12-28 19:19 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-02-23 09:28 - 2016-12-28 19:19 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-02-23 07:38 - 2016-12-28 19:19 - 07807027 _____ C:\Windows\system32\nvcoproc.bin
2017-02-23 00:28 - 2016-12-28 19:00 - 00003270 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-23 00:28 - 2016-12-28 18:56 - 00002422 _____ C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-23 00:28 - 2016-12-28 18:56 - 00000000 ___RD C:\Users\Honza\OneDrive
2017-02-22 19:55 - 2017-01-08 13:10 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-18 11:37 - 2017-02-09 16:03 - 00000000 ____D C:\Users\Honza\.junique
2017-02-18 11:37 - 2017-02-09 16:03 - 00000000 ____D C:\Program Files (x86)\ArmA3Sync
2017-02-17 21:45 - 2016-12-28 22:00 - 00000000 ____D C:\Users\Honza\AppData\Roaming\NVIDIA
2017-02-17 21:31 - 2017-02-11 20:37 - 00000000 ____D C:\Users\Honza\AppData\Local\Arma 3
2017-02-17 15:04 - 2017-02-11 20:48 - 00000000 ____D C:\Users\Honza\AppData\Local\Arma 3 Launcher
2017-02-14 16:37 - 2016-12-28 21:35 - 00000000 ____D C:\ProgramData\Oracle
2017-02-13 11:21 - 2017-01-07 10:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astra MS Software

==================== Files in the root of some directories =======

2017-03-01 18:51 - 2017-03-06 16:21 - 0001878 _____ () C:\Program Files (x86)\metadata
2017-02-26 19:59 - 2017-02-26 19:59 - 0001500 _____ () C:\Users\Honza\AppData\Local\recently-used.xbel
2017-03-12 18:41 - 2017-03-12 18:41 - 0000004 ____H () C:\ProgramData\cm-lock
2016-12-29 12:40 - 2017-02-14 18:39 - 0015939 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-29 12:40 - 2017-02-12 18:40 - 0021725 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Some files in TEMP:
====================
2017-02-12 18:11 - 2016-12-29 13:43 - 0860776 _____ (NVIDIA Corporation) C:\Users\Honza\AppData\Local\Temp\nvSCPAPI64.dll
2017-03-11 14:34 - 2016-12-29 13:43 - 0351680 _____ (NVIDIA Corporation) C:\Users\Honza\AppData\Local\Temp\nvStInst.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-09 16:34

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:465.27 GB) (Free:119.89 GB) NTFS
Drive i: (Rezervováno systémem) (Fixed) (Total:0.34 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive j: () (Fixed) (Total:930.73 GB) (Free:889.67 GB) NTFS
Drive k: () (Fixed) (Total:931.41 GB) (Free:923.08 GB) NTFS

Available physical RAM: 21853.59 MB
Total physical RAM: 24574.49 MB
Percentage of memory in use: 11%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 87A796BB)
Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DF9589FD)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7EE13934)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.3 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

  
***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Honza\Desktop" je 645 MB.
 
 
***** Startup Programs *****
 
 
***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    DisableNotifications    REG_DWORD    0x0
    EnableFirewall    REG_DWORD    0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    DisableNotifications    REG_DWORD    0x0
    EnableFirewall    REG_DWORD    0x1


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"="C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"="C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
 
***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

 
==================== End Of Log ==============================

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

[marecek]

Provedeno, ale jak jsem psal v OP, problémy se vrací po restartu.

Kód: Vybrat vše

# AdwCleaner v6.044 - Log vytvořen 16/03/2017 v 21:02:34
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-03-15.2 [Server]
# Operační systém : Windows 10 Home  (X64)
# Uživatelské jméno : Honza - HONZA
# Spuštěno z : C:\Users\Honza\Downloads\adwcleaner_6.044.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

[-] Služba smazána: FirefoxU
[-] Služba smazána: WinSAPSvc
[-] Služba smazána: ed2kidle
[-] Služba smazána: WinSnare
[-] Služba smazána: Kyubey


***** [ Složky ] *****

[-] Složka smazána: C:\Program Files (x86)\WinSnare(4.3.1)
[-] Složka smazána: C:\Users\Honza\AppData\Roaming\WinSAPSvc
[-] Složka smazána: C:\Users\Honza\AppData\Roaming\aMule
[-] Složka smazána: C:\Users\Honza\AppData\Roaming\WinSnare
[-] Složka smazána: C:\Users\Honza\AppData\Roaming\Kyubey
[-] Složka smazána: C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
[-] Složka smazána: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ
[-] Složka smazána: C:\Program Files (x86)\BikaQRss
[-] Složka smazána: C:\Program Files (x86)\amulell
[-] Složka smazána: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
[-] Složka smazána: C:\Program Files (x86)\Firefox
[#] Složka smazána po restartu: C:\Users\Honza\AppData\Roaming\WinSnare
[-] Složka smazána: C:\Program Files (x86)\reports
[-] Složka smazána: C:\Users\Honza\AppData\Roaming\Firefox
[-] Složka smazána: C:\Users\Honza\AppData\Local\Firefox


***** [ Soubory ] *****

[-] Soubor smazán: C:\Program Files (x86)\settings.dat
[-] Soubor smazán: C:\Users\Public\Documents\temp.dat
[-] Soubor smazán: C:\Users\Public\Documents\report.dat


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****

[-] Zástupce vyléčen: C:\Users\Honza\Desktop\chrome – zástupce.lnk
[-] Zástupce vyléčen: C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk
[-] Zástupce vyléčen: C:\Users\Honza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk


***** [ Naplánované úlohy ] *****

[-] Úloha smazána: Milimili
[-] Úloha smazána: BikaQ_FetchAndUpgrade_CanBeDel


***** [ Registry ] *****

[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[-] Klíč smazán: HKU\.DEFAULT\Software\ecb`nl
[-] Klíč smazán: HKU\S-1-5-21-1751909884-367361752-1588634989-1001\Software\WinSnare
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\ecb`nl
[#] Klíč smazán po restartu: HKCU\Software\WinSnare
[-] Klíč smazán: HKLM\SOFTWARE\ScreenShot
[-] Klíč smazán: HKLM\SOFTWARE\ecb`nl
[-] Klíč smazán: HKLM\SOFTWARE\startpageing123Software
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78A2D999-4673-4FCC-818E-57B0AF8F3B70}
[#] Klíč smazán po restartu: [x64] HKCU\Software\WinSnare
[-] Klíč smazán: [x64] HKLM\SOFTWARE\ecb`nl
[-] Klíč smazán: [x64] HKLM\SOFTWARE\InterSect Alliance
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\999D2A873764CCF418E8750BFAF8B307
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
[-] Data obnovena: HKU\S-1-5-21-1751909884-367361752-1588634989-1001\Software\Microsoft\Internet Explorer\Main [Start Page] 
[-] Data obnovena: HKU\S-1-5-21-1751909884-367361752-1588634989-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] 
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] 
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] 
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] 
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] 
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] 
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] 
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] 
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] 
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] 
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] 
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] 
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] 
[-] Klíč smazán: HKU\S-1-5-21-1751909884-367361752-1588634989-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: HKU\S-1-5-21-1751909884-367361752-1588634989-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data obnovena: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
[-] Data obnovena: HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
[-] Data obnovena: [x64] HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Klíč smazán: HKCU\SOFTWARE\Classes\ChromeHTML
[-] Klíč smazán: HKCU\SOFTWARE\Clients\StartMenuInternet\ChromeHTML


***** [ Prohlížeče ] *****

[-] [C:\Users\Honza\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Smazáno: startpageing123
[-] [C:\Users\Honza\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [startup_urls] Smazáno: hxxp://www.startpageing123.com/?type=hp&ts=1489605178&z=53a8c586d87462866cabf20g3zfbft9q8edwag7b5z&from=che0812&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR206512665126
[-] [C:\Users\Honza\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [favicon_url] Smazáno: hxxp://www.startpageing123.com/searchfavicon.ico
[-] [C:\Users\Honza\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [homepage] Smazáno: hxxp://www.startpageing123.com/?type=hp&ts=1489605178&z=53a8c586d87462866cabf20g3zfbft9q8edwag7b5z&from=che0812&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR206512665126


*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1834 Bajty] - [17/02/2017 19:09:56]
C:\AdwCleaner\AdwCleaner[C2].txt - [9077 Bajty] - [06/03/2017 16:42:10]
C:\AdwCleaner\AdwCleaner[C3].txt - [8110 Bajty] - [12/03/2017 18:40:16]
C:\AdwCleaner\AdwCleaner[C4].txt - [8125 Bajty] - [16/03/2017 21:02:34]
C:\AdwCleaner\AdwCleaner[S0].txt - [1987 Bajty] - [17/02/2017 19:03:26]
C:\AdwCleaner\AdwCleaner[S1].txt - [4823 Bajty] - [01/03/2017 18:53:10]
C:\AdwCleaner\AdwCleaner[S2].txt - [4689 Bajty] - [01/03/2017 18:56:22]
C:\AdwCleaner\AdwCleaner[S3].txt - [10316 Bajty] - [06/03/2017 16:41:25]
C:\AdwCleaner\AdwCleaner[S4].txt - [8750 Bajty] - [12/03/2017 18:35:39]
C:\AdwCleaner\AdwCleaner[S5].txt - [8765 Bajty] - [12/03/2017 18:37:41]
C:\AdwCleaner\AdwCleaner[S6].txt - [10655 Bajty] - [16/03/2017 21:02:17]

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [8711 Bajty] ##########

[Rudy]

Dejte nový log FRST.

[marecek]

Kód: Vybrat vše

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Honza (administrator) on HONZA (16-03-2017 22:11:20)
Running from C:\Users\Honza\Desktop
Loaded Profiles: Honza (Available Profiles: Honza)
Platform: Windows 10 Home (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Hipmy\Application\chrome.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Graphisoft SE) C:\Program Files\GRAPHISOFT\BIM Server\Server Modules\1600\TeamworkServer\TeamworkServerManager.exe
(Graphisoft SE) C:\Program Files\GRAPHISOFT\BIM Server\Server Modules\1600\TeamworkServer\TeamworkServerMonitorService.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Graphisoft SE) C:\Program Files\GRAPHISOFT\BIM Server\Server Modules\1600\TeamworkServer\TeamworkServerInstance.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Hipmy\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Hipmy\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Hipmy\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Hipmy\Application\chrome.exe
(CMedia) C:\Program Files\ASUS Xonar DGX Audio\Customapp\AsusAudioCenter.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\System\HsMgr64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Hipmy\Application\chrome.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Hipmy\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(TeamSpeak Systems GmbH) J:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(forum.viry.cz) C:\Users\Honza\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.17020_none_1152834562020692\TiWorker.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2016-12-28] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2016-12-28] ()
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\S-1-5-21-1751909884-367361752-1588634989-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-13] (Valve Corporation)
HKU\S-1-5-21-1751909884-367361752-1588634989-1001\...\Run: [DAEMON Tools Lite Automount] => J:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-07] (Disc Soft Ltd)
HKU\S-1-5-21-1751909884-367361752-1588634989-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
HKU\S-1-5-21-1751909884-367361752-1588634989-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE [563416 2015-07-12] (ZONER software)
HKU\S-1-5-21-1751909884-367361752-1588634989-1001\...\MountPoints2: M - "M:\autorun.exe" 
HKU\S-1-5-21-1751909884-367361752-1588634989-1001\...\MountPoints2: {23f77a37-f43f-11e6-9be3-0015833d0a57} - "M:\autorun.exe" 
HKU\S-1-5-21-1751909884-367361752-1588634989-1001\...\MountPoints2: {e0bf407d-cdb1-11e6-9bca-0015833d0a57} - "L:\LaunchU3.exe" -a
HKLM\...\Providers\du03mv7b: C:\Program Files (x86)\Plocersp Log\local64spl.dll
IFEO\taskmgr.exe: [Debugger] 
ShellExecuteHooks: No Name - {2AB93E66-F441-11E6-826A-64006A5CFC23} - C:\Program Files (x86)\Ferory\Konekpujocult.dll -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2016-12-28]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{12c05d94-83c6-489b-90cf-052c3f1aac1a}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1751909884-367361752-1588634989-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKU\S-1-5-21-1751909884-367361752-1588634989-1001 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p17_serp_ie_us_display?ie=UTF8&tagbase=bds-p17&tbrId=v1_abb-channel-17_64a6e42e_1201_1403_20161228_CZ_ie_ds_&tag=bds-p17-serp-us-ie-20&query={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2017-03-01] (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2017-03-01] (Sun Microsystems, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File

Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-1751909884-367361752-1588634989-1001 -> hxxp://www.startpageing123.com/?type=hp&ts=1488813342&z=e53315e19766e26479c864fg8z0beb0b7g4cccdz8b&from=che0812&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR206512665126

FireFox:
========
FF Plugin-x32: @graphisoft.com/GDL Web Plug-in -> C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll [2012-09-04] ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_32 -> C:\Windows\SysWOW64\npdeployJava1.dll [2017-03-01] (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2017-03-01] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxps://www.google.com/
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.startpageing123.com/search/?type=ds&ts=1489605178&z=53a8c586d87462866cabf20g3zfbft9q8edwag7b5z&from=che0812&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATR206512665126&q={searchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> startpageing123
CHR Profile: C:\Users\Honza\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-16] <==== ATTENTION
CHR Extension: (Prezentace Google) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-28]
CHR Extension: (Dokumenty Google) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-28]
CHR Extension: (Disk Google) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-28]
CHR Extension: (YouTube) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-28]
CHR Extension: (Tabulky Google) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-28]
CHR Extension: (Dokumenty Google offline) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-28]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
CHR Extension: (Gmail) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-28]
CHR Extension: (Chrome Media Router) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-12]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AppleSrv; C:\ProgramData\Apple\Apple Application\DeviceCfg.dll [118784 2017-03-15] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1486344 2017-01-29] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2017-01-17] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; j:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-07] (Disc Soft Ltd)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2017-02-17] ()
S3 TeamworkMessagingServer-v16.0; C:\Program Files\GRAPHISOFT\BIM Server\Server Modules\1600\TeamworkMessagingServer\bin\win32\wrapper.exe [204800 2012-09-04] () [File not signed]
R2 TeamworkServerManager-v16.0; C:\Program Files\GRAPHISOFT\BIM Server\Server Modules\1600\TeamworkServer\TeamworkServerManager.exe [1504256 2012-09-04] (Graphisoft SE) [File not signed]
R2 TeamworkServerMonitor-v16.0; C:\Program Files\GRAPHISOFT\BIM Server\Server Modules\1600\TeamworkServer\TeamworkServerMonitorService.exe [232448 2012-09-04] (Graphisoft SE) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2016-10-25] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-11-19] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cmudaxp; C:\Windows\system32\drivers\cmudaxp.sys [2735616 2016-12-28] (C-Media Inc)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2017-02-17] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2017-02-17] (Disc Soft Ltd)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46016 2017-01-20] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-16 22:11 - 2017-03-16 22:11 - 00017304 _____ C:\Users\Honza\Desktop\FRST.txt
2017-03-16 22:09 - 2017-03-16 22:09 - 02371386 _____ C:\Users\Honza\Desktop\Bf109F2_JG53_Blank.xcf
2017-03-16 22:09 - 2017-03-16 22:09 - 00004633 _____ C:\Users\Honza\AppData\Local\recently-used.xbel
2017-03-16 21:45 - 2017-03-16 21:45 - 01049654 _____ C:\Users\Honza\Desktop\Bf109F4_JG53_Blank.bmp
2017-03-16 21:45 - 2017-03-16 21:45 - 01049654 _____ C:\Users\Honza\Desktop\Bf109F2_JG53_Blank.bmp
2017-03-16 21:42 - 2017-03-16 21:44 - 43634729 _____ C:\Users\Honza\Downloads\Gotterdammerung-skins.zip
2017-03-16 21:31 - 2017-03-16 22:01 - 1481886101 _____ C:\Users\Honza\Downloads\FI2_Amber_2.0_Final.zip
2017-03-16 21:05 - 2017-03-16 21:05 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-03-16 21:04 - 2017-03-16 21:04 - 00016148 _____ C:\Windows\system32\HONZA_Honza_HistoryPrediction.bin
2017-03-16 21:03 - 2017-03-16 21:03 - 00000004 ____H C:\ProgramData\cm-lock
2017-03-15 22:10 - 2017-03-15 22:10 - 00002128 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-15 22:10 - 2017-03-15 22:10 - 00001999 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-15 22:10 - 2017-03-15 22:10 - 00000000 ____D C:\Users\Honza\AppData\Local\Hipmy
2017-03-15 22:10 - 2017-03-15 22:10 - 00000000 ____D C:\Program Files (x86)\Hipmy
2017-03-15 22:09 - 2017-03-15 22:09 - 00000000 ____D C:\Program Files (x86)\deskapp
2017-03-15 22:09 - 2017-03-15 22:09 - 00000000 ____D C:\Program Files (x86)\58C9AD79_cacayima
2017-03-15 21:51 - 2017-03-16 22:11 - 00000000 ____D C:\FRST
2017-03-15 21:50 - 2017-03-15 21:51 - 00112640 _____ (forum.viry.cz) C:\Users\Honza\Desktop\FRSTLauncher.exe
2017-03-15 21:50 - 2017-03-15 21:50 - 02424832 _____ (Farbar) C:\Users\Honza\Desktop\FRST64.exe
2017-03-15 21:44 - 2017-03-15 21:45 - 00000000 ____D C:\rsit
2017-03-15 21:44 - 2017-03-15 21:45 - 00000000 ____D C:\Program Files\trend micro
2017-03-15 21:44 - 2017-03-15 21:44 - 01222144 _____ C:\Users\Honza\Downloads\RSITx64.exe
2017-03-13 19:46 - 2017-03-13 19:46 - 00000000 ____D C:\Program Files (x86)\MIO
2017-03-13 19:39 - 2017-03-16 21:02 - 00001323 _____ C:\Users\Honza\Desktop\chrome – zástupce.lnk
2017-03-12 18:48 - 2017-03-12 18:48 - 00000000 ____D C:\Users\Honza\AppData\Roaming\Reoqutybavich
2017-03-11 14:37 - 2017-02-23 09:17 - 00136064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-03-11 14:34 - 2017-02-23 23:55 - 00047664 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 40192056 _____ C:\Windows\system32\nvcompiler.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 34992184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 19007528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 16850256 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 14674896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 13799736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 11122728 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 11019888 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 09306312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 08990256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 03168192 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 02717752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 01985080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437878.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 01589696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437878.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 01052096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00989632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00959424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00946456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00910784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00721768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00687408 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00609728 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00605120 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00576008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00573632 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00515832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00499136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00483384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00447984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00207672 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00183136 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00177808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00152064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-03-11 14:34 - 2017-02-23 11:32 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-03-11 14:34 - 2017-02-23 11:32 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2017-03-11 12:11 - 2017-03-11 12:11 - 00000221 _____ C:\Users\Honza\Desktop\DCS Black Shark.url
2017-03-11 12:06 - 2017-03-11 12:06 - 00000000 ____D C:\Users\Honza\AppData\Local\DCS
2017-03-11 12:05 - 2017-03-11 12:05 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2017-03-11 12:05 - 2017-03-11 12:05 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-03-11 12:05 - 2017-03-11 12:05 - 00000000 ____D C:\Program Files\MSBuild
2017-03-11 12:05 - 2017-03-11 12:05 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-03-11 12:05 - 2017-03-11 12:05 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-03-10 19:01 - 2017-03-10 19:01 - 00044326 _____ C:\Users\Honza\Downloads\3448_0001.pdf
2017-03-10 18:45 - 2017-03-10 19:14 - 00000000 ____D C:\Windows\Minidump
2017-03-10 18:45 - 2017-03-10 19:04 - 960657517 _____ C:\Windows\MEMORY.DMP
2017-03-10 15:18 - 2017-03-10 15:20 - 00000000 ___HD C:\$WINDOWS.~BT
2017-03-09 16:23 - 2017-03-09 16:23 - 00001086 _____ C:\Users\Public\Desktop\DCS World.lnk
2017-03-09 16:23 - 2017-03-09 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eagle Dynamics
2017-03-09 16:22 - 2017-03-09 16:22 - 06751112 _____ (Eagle Dynamics ) C:\Users\Honza\Downloads\DCS_World_Web_Installer.exe
2017-03-08 18:21 - 2017-03-08 18:21 - 00642558 _____ C:\Users\Honza\Documents\Vytápění obytných budov.pptx
2017-03-06 16:30 - 2017-03-06 16:30 - 00000000 ____D C:\Users\Honza\Documents\EugenSystems
2017-03-06 16:15 - 2017-03-06 16:15 - 00000388 _____ C:\Windows\SysWOW64\data.bin
2017-03-06 16:13 - 2017-03-15 20:12 - 00000000 ____D C:\Program Files (x86)\MK
2017-03-04 23:58 - 2017-03-04 23:58 - 00001447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2017-03-04 23:58 - 2017-03-04 23:58 - 00001378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2017-03-04 23:58 - 2017-03-04 23:58 - 00000000 ____D C:\Users\Honza\AppData\Roaming\WMM
2017-03-04 23:57 - 2017-03-04 23:57 - 26689458 _____ (videowinsoft.com ) C:\Users\Honza\Downloads\windows-movie-maker-2016.exe
2017-03-04 23:27 - 2017-03-04 23:27 - 22261618 _____ C:\Users\Honza\Downloads\bigwing1.ntrk
2017-03-04 20:34 - 2017-03-04 23:55 - 00000000 ____D C:\Users\Honza\AppData\Roaming\obs-studio
2017-03-04 20:34 - 2017-03-04 20:34 - 00001275 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2017-03-04 20:34 - 2017-03-04 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2017-03-04 20:33 - 2017-03-04 20:33 - 00000000 ____D C:\Program Files (x86)\obs-studio
2017-03-04 20:28 - 2017-03-04 20:33 - 113008856 _____ (obsproject.com) C:\Users\Honza\Downloads\OBS-Studio-18.0-Full-Installer.exe
2017-03-04 20:19 - 2017-03-04 20:19 - 00000000 ____D C:\Windows\SysWOW64\directx
2017-03-04 19:09 - 2017-03-04 19:09 - 00007302 _____ C:\Users\Honza\Downloads\conf.ini
2017-03-04 18:41 - 2017-03-04 18:54 - 520141774 _____ C:\Users\Honza\Downloads\Big Wing final full.rar
2017-03-04 18:12 - 2017-03-04 18:13 - 40376862 _____ C:\Users\Honza\Downloads\MSIAfterburnerSetup.zip
2017-03-04 18:10 - 2017-03-04 18:10 - 06718400 _____ C:\Users\Honza\Desktop\dokreslit.pln
2017-03-04 17:55 - 2017-03-04 17:55 - 00000000 ____D C:\Users\Honza\AppData\Local\GS-LW-Temp
2017-03-01 20:13 - 2017-03-01 20:43 - 11529632 _____ C:\Users\Honza\Desktop\novák.pln
2017-03-01 20:13 - 2017-03-01 20:30 - 11527888 _____ C:\Users\Honza\Desktop\novák.bpn
2017-03-01 19:20 - 2017-03-01 19:20 - 00000999 _____ C:\Users\Public\Desktop\BIMx pro ArchiCAD 16.lnk
2017-03-01 19:20 - 2017-03-01 19:20 - 00000744 _____ C:\Users\Public\Desktop\ArchiCAD 16.lnk
2017-03-01 19:19 - 2017-03-01 19:23 - 00000000 ____D C:\ArchiCAD 16
2017-03-01 19:19 - 2017-03-01 19:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArchiCAD 16
2017-03-01 19:18 - 2017-03-01 19:18 - 00476960 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2017-03-01 19:18 - 2017-03-01 19:18 - 00472864 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2017-03-01 19:18 - 2017-03-01 19:18 - 00149280 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2017-03-01 19:18 - 2017-03-01 19:18 - 00149280 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2017-03-01 19:18 - 2017-03-01 19:18 - 00000000 ____D C:\ProgramData\Sun
2017-03-01 19:16 - 2017-03-15 22:09 - 00000000 _____ C:\Windows\SysWOW64\4
2017-03-01 19:16 - 2017-03-15 22:09 - 00000000 _____ C:\Windows\SysWOW64\3
2017-03-01 19:16 - 2017-03-15 19:38 - 00004190 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{BA833D72-7AD3-461F-98A2-938E45E90F4D}
2017-03-01 19:16 - 2017-03-06 16:15 - 00000000 _____ C:\Windows\SysWOW64\1
2017-03-01 19:15 - 2017-03-01 19:15 - 00002058 _____ C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-01 19:08 - 2017-03-01 19:08 - 00002850 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-03-01 19:08 - 2017-03-01 19:08 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-03-01 19:08 - 2017-03-01 19:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-03-01 19:08 - 2017-03-01 19:08 - 00000000 ____D C:\Program Files\CCleaner
2017-03-01 19:00 - 2017-03-01 19:00 - 00000000 ____D C:\Users\Honza\AppData\Local\ESET
2017-03-01 18:59 - 2017-03-01 19:00 - 06751360 _____ (ESET spol. s r.o.) C:\Users\Honza\Downloads\esetonlinescanner_enu.exe
2017-03-01 18:51 - 2017-03-06 16:21 - 00001878 _____ C:\Program Files (x86)\metadata
2017-03-01 18:51 - 2017-03-01 18:51 - 04031440 _____ C:\Users\Honza\Downloads\adwcleaner_6.044.exe
2017-03-01 18:51 - 2017-03-01 18:51 - 00739392 _____ (Oracle Corporation) C:\Users\Honza\Downloads\JavaSetup8u121.exe
2017-03-01 18:41 - 2017-03-16 21:45 - 00332800 ___SH C:\Users\Honza\Desktop\Thumbs.db
2017-03-01 18:41 - 2017-03-01 15:16 - 00944968 _____ C:\Users\Honza\Desktop\novak.TIF
2017-02-26 20:01 - 2017-02-26 20:01 - 00000110 ____H C:\Users\Honza\Downloads\16904583_1597473606931165_9191330844699269529_o.jpg.uid-zps
2017-02-26 19:59 - 2017-03-16 22:09 - 00000000 ____D C:\Users\Honza\AppData\Local\gtk-2.0
2017-02-26 19:51 - 2017-02-26 19:51 - 00000000 ____D C:\Users\Honza\.thumbnails
2017-02-26 19:50 - 2017-03-16 22:10 - 00000000 ____D C:\Users\Honza\.gimp-2.8
2017-02-26 19:50 - 2017-02-26 19:50 - 00000939 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2017-02-26 19:50 - 2017-02-26 19:50 - 00000000 ____D C:\Users\Honza\AppData\Local\gegl-0.2
2017-02-26 19:50 - 2017-02-26 19:50 - 00000000 ____D C:\Users\Honza\AppData\Local\fontconfig
2017-02-26 19:50 - 2017-02-26 19:50 - 00000000 ____D C:\Program Files\GIMP 2
2017-02-26 19:48 - 2017-02-26 19:49 - 77568952 _____ (The GIMP Team ) C:\Users\Honza\Downloads\gimp-2.8.20-setup.exe
2017-02-20 19:03 - 2017-03-06 16:42 - 00000000 ____D C:\Windows\system32\log
2017-02-20 19:02 - 2017-03-15 22:10 - 00002069 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-20 19:02 - 2017-03-15 22:10 - 00000000 ____D C:\Users\Honza\AppData\LocalLow\Mozilla
2017-02-20 19:02 - 2017-02-20 19:02 - 00000000 ____D C:\Users\Honza\AppData\Roaming\Mozilla
2017-02-20 18:47 - 2017-03-13 19:41 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
2017-02-20 18:45 - 2017-03-13 19:41 - 00000000 ____D C:\Program Files (x86)\du03mv7b
2017-02-18 15:05 - 2017-02-18 15:32 - 00006144 ___SH C:\Users\Honza\Documents\Thumbs.db
2017-02-18 12:56 - 2017-02-18 15:29 - 24250893 _____ C:\Users\Honza\Documents\Mělnické kostely.pptx
2017-02-17 21:46 - 2017-02-17 21:46 - 00281032 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2017-02-17 21:45 - 2017-02-17 21:45 - 00000000 ____D C:\Users\Honza\Documents\My Games
2017-02-17 21:45 - 2017-02-17 21:45 - 00000000 ____D C:\Users\Honza\AppData\Local\CrashRpt
2017-02-17 19:09 - 2017-02-17 21:46 - 00281032 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2017-02-17 19:09 - 2017-02-17 21:44 - 00189248 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2017-02-17 19:09 - 2017-02-17 21:44 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2017-02-17 19:09 - 2016-11-25 18:56 - 00912744 _____ C:\Windows\SysWOW64\pbsvc.exe
2017-02-17 19:08 - 2017-02-17 21:46 - 00000000 ____D C:\Users\Honza\AppData\Local\PunkBuster
2017-02-17 19:07 - 2017-02-17 19:07 - 00001306 _____ C:\Users\Honza\Desktop\Project Reality BF2.lnk
2017-02-17 19:07 - 2017-02-17 19:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project Reality
2017-02-17 19:02 - 2017-03-16 21:02 - 00000000 ____D C:\AdwCleaner
2017-02-17 18:58 - 2017-02-17 18:58 - 00000000 ____D C:\Users\Honza\AppData\Local\Disc_Soft_Ltd
2017-02-17 18:57 - 2017-03-04 20:21 - 00000000 ____D C:\Program Files (x86)\Plocersp Log
2017-02-17 18:57 - 2017-02-17 18:57 - 00006088 _____ C:\Windows\System32\Tasks\Plocersp Log
2017-02-17 18:57 - 2017-02-17 18:57 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2017-02-17 18:56 - 2017-03-13 19:41 - 00000000 ____D C:\Program Files (x86)\Ferory
2017-02-17 18:56 - 2017-03-08 17:55 - 00000000 ____D C:\Users\Honza\AppData\Roaming\DAEMON Tools Lite
2017-02-17 18:56 - 2017-02-17 18:57 - 00000000 ____D C:\Users\Honza\AppData\Local\Clokerent
2017-02-17 18:56 - 2017-02-17 18:56 - 00047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2017-02-17 18:56 - 2017-02-17 18:56 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2017-02-17 18:56 - 2017-02-17 18:56 - 00000888 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2017-02-17 18:56 - 2017-02-17 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2017-02-17 18:55 - 2017-02-17 18:55 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2017-02-17 18:54 - 2017-02-17 18:55 - 00694720 _____ (Disc Soft Ltd.) C:\Users\Honza\Downloads\DTLiteInstaller.exe
2017-02-16 13:01 - 2017-02-16 18:43 - 3866689536 _____ C:\Users\Honza\Downloads\prbf2_1.4.1.0_full.iso
2017-02-16 13:01 - 2017-02-16 13:01 - 00001030 _____ C:\Users\Honza\Desktop\µTorrent.lnk
2017-02-16 13:01 - 2017-02-16 13:01 - 00000000 ____D C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2017-02-16 13:00 - 2017-02-17 18:54 - 00000000 ____D C:\Users\Honza\AppData\Roaming\uTorrent
2017-02-16 13:00 - 2017-02-16 13:00 - 02168712 _____ (emc) C:\Users\Honza\Downloads\uTorrent221.exe
2017-02-16 13:00 - 2017-02-16 13:00 - 00039403 _____ C:\Users\Honza\Downloads\prbf2_1.4.1.0_full.iso.torrent
2017-02-14 18:39 - 2017-01-20 19:39 - 00156608 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-02-14 18:39 - 2017-01-20 19:39 - 00124352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-02-14 18:39 - 2017-01-20 19:39 - 00057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-16 22:08 - 2015-07-10 11:55 - 00000000 ____D C:\Windows\CbsTemp
2017-03-16 22:02 - 2016-12-29 18:08 - 00000000 ____D C:\Users\Honza\AppData\Roaming\TS3Client
2017-03-16 21:31 - 2017-01-09 20:20 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-16 21:12 - 2017-01-09 20:49 - 00197120 ___SH C:\Users\Honza\Downloads\Thumbs.db
2017-03-16 21:11 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-16 21:11 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\AppReadiness
2017-03-16 21:09 - 2016-12-28 18:55 - 01742132 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-16 21:09 - 2015-07-10 17:02 - 00739094 _____ C:\Windows\system32\perfh005.dat
2017-03-16 21:09 - 2015-07-10 17:02 - 00145742 _____ C:\Windows\system32\perfc005.dat
2017-03-16 21:09 - 2015-07-10 12:02 - 00000000 ____D C:\Windows\INF
2017-03-16 21:04 - 2016-12-28 19:19 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-16 21:03 - 2015-07-10 13:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-16 21:02 - 2015-07-10 10:05 - 00131072 ___SH C:\Windows\system32\config\BBI
2017-03-15 22:10 - 2017-01-02 11:50 - 00000000 ____D C:\ProgramData\Apple
2017-03-15 22:10 - 2016-12-28 23:39 - 00002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-12 20:22 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\rescache
2017-03-12 18:36 - 2017-01-04 16:14 - 00000000 ____D C:\Users\Honza\AppData\Local\CrashDumps
2017-03-12 01:44 - 2016-12-28 18:54 - 00000000 ____D C:\Users\Honza
2017-03-11 23:22 - 2017-01-15 15:17 - 00000000 ____D C:\Program Files\VideoLAN
2017-03-11 23:21 - 2017-01-15 18:42 - 00000000 ____D C:\Users\Honza\AppData\Roaming\vlc
2017-03-11 22:54 - 2017-01-21 21:57 - 00000000 ____D C:\Users\Honza\AppData\Roaming\Mount&Blade Warband
2017-03-11 14:37 - 2016-12-28 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-03-11 14:37 - 2016-12-28 19:19 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-03-11 14:36 - 2016-12-28 19:19 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-03-11 14:22 - 2016-12-29 12:40 - 00004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-11 14:22 - 2016-12-29 12:40 - 00003994 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-11 14:22 - 2016-12-29 12:40 - 00003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-11 14:22 - 2016-12-29 12:40 - 00003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-11 14:22 - 2016-12-29 12:40 - 00003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-11 14:22 - 2016-12-29 12:40 - 00003696 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-11 14:22 - 2016-12-29 12:40 - 00003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-11 14:22 - 2016-12-29 12:40 - 00001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-03-11 14:22 - 2016-12-28 19:19 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-03-11 13:48 - 2016-12-29 12:30 - 00000000 ____D C:\Záloha
2017-03-11 12:11 - 2017-01-09 21:26 - 00000000 ____D C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-03-11 12:05 - 2017-01-21 21:59 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2017-03-11 12:05 - 2017-01-21 21:59 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2017-03-11 12:05 - 2017-01-21 21:59 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2017-03-11 12:05 - 2017-01-21 21:59 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-03-11 12:05 - 2017-01-21 21:59 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2017-03-11 12:05 - 2017-01-21 21:59 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2017-03-11 12:05 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\SysWOW64\MUI
2017-03-11 12:05 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\MUI
2017-03-11 11:01 - 2016-12-28 18:54 - 00000000 ____D C:\Users\Honza\AppData\Local\Packages
2017-03-10 19:01 - 2016-12-28 18:54 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-10 18:49 - 2015-07-10 13:20 - 00342344 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-10 18:47 - 2017-01-14 10:07 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\mqrt.dll
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ___SD C:\Windows\SysWOW64\F12
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ___SD C:\Windows\system32\F12
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ___SD C:\Windows\system32\DiagSvcs
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ___RD C:\Windows\PurchaseDialog
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ___RD C:\Windows\PrintDialog
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ___RD C:\Windows\DevicesFlow
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\SysWOW64\setup
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\SysWOW64\oobe
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\setup
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\oobe
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\migwiz
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\Provisioning
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\L2Schemas
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files\Windows Portable Devices
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files\Windows Defender
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2017-03-10 18:47 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-03-10 18:47 - 2015-07-10 12:01 - 00635904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqsnap.dll
2017-03-10 18:47 - 2015-07-10 12:01 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqcertui.dll
2017-03-10 18:47 - 2015-07-10 10:07 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2017-03-10 18:47 - 2015-07-10 10:07 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2017-03-10 18:47 - 2015-07-10 10:05 - 00000000 ____D C:\Windows\SysWOW64\Dism
2017-03-10 18:47 - 2015-07-10 10:05 - 00000000 ____D C:\Windows\system32\Sysprep
2017-03-10 18:47 - 2015-07-10 10:05 - 00000000 ____D C:\Windows\system32\Dism
2017-03-10 18:46 - 2017-01-14 10:07 - 00813056 _____ (Microsoft Corporation) C:\Windows\system32\mqsnap.dll
2017-03-10 18:46 - 2017-01-14 10:07 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqrt.dll
2017-03-10 18:46 - 2017-01-14 10:07 - 00058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usoapi.dll
2017-03-10 18:46 - 2015-07-10 12:00 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\mqcertui.dll
2017-03-10 15:20 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2017-03-10 15:18 - 2015-07-10 04:50 - 00000000 ____D C:\Windows\Panther
2017-03-09 16:47 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-03-04 20:21 - 2016-12-28 21:35 - 00000000 ____D C:\Program Files (x86)\Java
2017-03-04 18:10 - 2016-12-28 22:00 - 00000000 ____D C:\Users\Honza\GRAPHISOFT
2017-03-01 19:25 - 2016-12-28 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GRAPHISOFT
2017-03-01 19:24 - 2016-12-28 21:50 - 00000000 ____D C:\Program Files\GRAPHISOFT
2017-03-01 19:24 - 2016-12-28 21:45 - 00055356 _____ C:\Windows\vpd.properties
2017-03-01 19:24 - 2016-12-28 21:35 - 00000000 ____D C:\Users\Honza\AppData\Roaming\Install.GS
2017-03-01 19:20 - 2017-01-02 11:50 - 00000000 ____D C:\Program Files (x86)\GRAPHISOFT
2017-03-01 19:18 - 2017-01-02 11:41 - 00157472 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2017-03-01 19:15 - 2016-12-30 02:18 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-01 19:15 - 2016-12-30 02:18 - 00000000 ____D C:\Windows\system32\MRT
2017-03-01 18:44 - 2015-07-10 12:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-01 18:43 - 2016-12-28 19:58 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-02-27 20:24 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\LiveKernelReports
2017-02-24 19:33 - 2016-12-28 19:19 - 14569528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-02-23 23:55 - 2017-02-12 18:10 - 01600056 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-02-23 23:55 - 2017-02-12 18:10 - 00217528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-02-23 19:35 - 2016-12-29 12:40 - 01880512 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-02-23 19:35 - 2016-12-29 12:40 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-02-23 19:35 - 2016-12-29 12:40 - 01468864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-02-23 19:35 - 2016-12-29 12:40 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-02-23 19:35 - 2016-12-29 12:40 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-02-23 15:30 - 2016-12-29 12:40 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-02-23 11:32 - 2017-02-12 18:10 - 28252608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-02-23 11:32 - 2017-02-12 18:10 - 20767912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-02-23 11:32 - 2016-12-29 13:05 - 00640272 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-02-23 11:32 - 2016-12-28 19:19 - 24490808 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2017-02-23 11:32 - 2016-12-28 19:19 - 00512960 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-02-23 11:32 - 2016-12-28 19:19 - 00418752 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-02-23 11:32 - 2016-12-28 19:19 - 00043566 _____ C:\Windows\system32\nvinfo.pb
2017-02-23 11:32 - 2016-12-28 19:18 - 04078008 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-02-23 11:32 - 2016-12-28 19:18 - 03596616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-02-23 09:43 - 2016-12-29 12:40 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-02-23 09:28 - 2016-12-29 13:07 - 00548288 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-02-23 09:28 - 2016-12-29 13:07 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-02-23 09:28 - 2016-12-28 19:19 - 06401984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-02-23 09:28 - 2016-12-28 19:19 - 02479160 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-02-23 09:28 - 2016-12-28 19:19 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-02-23 09:28 - 2016-12-28 19:19 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-02-23 09:28 - 2016-12-28 19:19 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-02-23 07:38 - 2016-12-28 19:19 - 07807027 _____ C:\Windows\system32\nvcoproc.bin
2017-02-23 00:28 - 2016-12-28 19:00 - 00003270 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-23 00:28 - 2016-12-28 18:56 - 00002422 _____ C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-23 00:28 - 2016-12-28 18:56 - 00000000 ___RD C:\Users\Honza\OneDrive
2017-02-22 19:55 - 2017-01-08 13:10 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-18 11:37 - 2017-02-09 16:03 - 00000000 ____D C:\Users\Honza\.junique
2017-02-18 11:37 - 2017-02-09 16:03 - 00000000 ____D C:\Program Files (x86)\ArmA3Sync
2017-02-17 21:45 - 2016-12-28 22:00 - 00000000 ____D C:\Users\Honza\AppData\Roaming\NVIDIA
2017-02-17 21:31 - 2017-02-11 20:37 - 00000000 ____D C:\Users\Honza\AppData\Local\Arma 3
2017-02-17 15:04 - 2017-02-11 20:48 - 00000000 ____D C:\Users\Honza\AppData\Local\Arma 3 Launcher
2017-02-14 16:37 - 2016-12-28 21:35 - 00000000 ____D C:\ProgramData\Oracle

==================== Files in the root of some directories =======

2017-03-01 18:51 - 2017-03-06 16:21 - 0001878 _____ () C:\Program Files (x86)\metadata
2017-03-16 22:09 - 2017-03-16 22:09 - 0004633 _____ () C:\Users\Honza\AppData\Local\recently-used.xbel
2017-03-16 21:03 - 2017-03-16 21:03 - 0000004 ____H () C:\ProgramData\cm-lock
2016-12-29 12:40 - 2017-02-14 18:39 - 0015939 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-29 12:40 - 2017-02-12 18:40 - 0021725 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Some files in TEMP:
====================
2017-02-12 18:11 - 2016-12-29 13:43 - 0860776 _____ (NVIDIA Corporation) C:\Users\Honza\AppData\Local\Temp\nvSCPAPI64.dll
2017-03-11 14:34 - 2016-12-29 13:43 - 0351680 _____ (NVIDIA Corporation) C:\Users\Honza\AppData\Local\Temp\nvStInst.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

  
***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Honza\Desktop" je 650 MB.
 
 
***** Startup Programs *****
 
 
***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    DisableNotifications    REG_DWORD    0x0
    EnableFirewall    REG_DWORD    0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    DisableNotifications    REG_DWORD    0x0
    EnableFirewall    REG_DWORD    0x1


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"="C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"="C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
 
***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

 
==================== End Of Log ==============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\S-1-5-21-1751909884-367361752-1588634989-1001\...\MountPoints2: M - "M:\autorun.exe"
HKU\S-1-5-21-1751909884-367361752-1588634989-1001\...\MountPoints2: {23f77a37-f43f-11e6-9be3-0015833d0a57} - "M:\autorun.exe"
HKU\S-1-5-21-1751909884-367361752-1588634989-1001\...\MountPoints2: {e0bf407d-cdb1-11e6-9bca-0015833d0a57} - "L:\LaunchU3.exe" -a
HKLM\...\Providers\du03mv7b: C:\Program Files (x86)\Plocersp Log\local64spl.dll
IFEO\taskmgr.exe: [Debugger]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1751909884-367361752-1588634989-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
Gallery\AlbumDownloadProtocolHandler.dll No File
Edge HomeButtonPage: HKU\S-1-5-21-1751909884-367361752-1588634989-1001 -> hxxp://www.startpageing123.com/?type=hp&ts=148 ... 6512665126
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> startpageing123
CHR Profile: C:\Users\Honza\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-16] <==== ATTENTION
C:\Users\Honza\AppData\Local\Temp

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[marecek]

Kód: Vybrat vše

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Honza (17-03-2017 21:17:30) Run:1
Running from C:\Users\Honza\Desktop
Loaded Profiles: Honza (Available Profiles: Honza)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\S-1-5-21-1751909884-367361752-1588634989-1001\...\MountPoints2: M - "M:\autorun.exe"
HKU\S-1-5-21-1751909884-367361752-1588634989-1001\...\MountPoints2: {23f77a37-f43f-11e6-9be3-0015833d0a57} - "M:\autorun.exe"
HKU\S-1-5-21-1751909884-367361752-1588634989-1001\...\MountPoints2: {e0bf407d-cdb1-11e6-9bca-0015833d0a57} - "L:\LaunchU3.exe" -a
HKLM\...\Providers\du03mv7b: C:\Program Files (x86)\Plocersp Log\local64spl.dll
IFEO\taskmgr.exe: [Debugger]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1751909884-367361752-1588634989-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
Gallery\AlbumDownloadProtocolHandler.dll No File
Edge HomeButtonPage: HKU\S-1-5-21-1751909884-367361752-1588634989-1001 -> hxxp://www.startpageing123.com/?type=hp ... 6512665126
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.startpageing123.com/search/? ... 2665126&q={searchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> startpageing123
CHR Profile: C:\Users\Honza\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-16] <==== ATTENTION
C:\Users\Honza\AppData\Local\Temp

EmptyTemp:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-1751909884-367361752-1588634989-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M => key removed successfully
HKU\S-1-5-21-1751909884-367361752-1588634989-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23f77a37-f43f-11e6-9be3-0015833d0a57} => key removed successfully
HKCR\CLSID\{23f77a37-f43f-11e6-9be3-0015833d0a57} => key not found. 
HKU\S-1-5-21-1751909884-367361752-1588634989-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0bf407d-cdb1-11e6-9bca-0015833d0a57} => key removed successfully
HKCR\CLSID\{e0bf407d-cdb1-11e6-9bca-0015833d0a57} => key not found. 
HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\du03mv7b => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order du03mv7b => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-1751909884-367361752-1588634989-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
Gallery\AlbumDownloadProtocolHandler.dll No File => Error: No automatic fix found for this entry.
HKU\S-1-5-21-1751909884-367361752-1588634989-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\\HomeButtonPage => value removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => moved successfully

"C:\Users\Honza\AppData\Local\Temp" folder move:

Could not move "C:\Users\Honza\AppData\Local\Temp" => Scheduled to move on reboot.


=========== EmptyTemp: ==========

BITS transfer queue => 85592 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12055356 B
Java, Flash, Steam htmlcache => 54539831 B
Windows/system/drivers => 4229384 B
Edge => 6009864 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 6 B
systemprofile32 => 21744294 B
LocalService => 0 B
NetworkService => 0 B
Honza => 306009670 B
UpdatusUser => 0 B

RecycleBin => 152 B
EmptyTemp: => 385.9 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 17-03-2017 21:19:28)

C:\Users\Honza\AppData\Local\Temp => moved successfully

==== End of Fixlog 21:19:29 ====

[Rudy]

Smazáno. Změnilo se něco nyní?

[marecek]

Ještě jsem znovu použil ADW Cleaner a zase něco našel, i když podstatně méně než dříve.

Kód: Vybrat vše

# AdwCleaner v6.044 - Log vytvořen 18/03/2017 v 18:23:31
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-03-17.2 [Server]
# Operační systém : Windows 10 Home  (X64)
# Uživatelské jméno : Honza - HONZA
# Spuštěno z : C:\Users\Honza\Downloads\adwcleaner_6.044.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****



***** [ Soubory ] *****

[-] Soubor smazán: C:\Users\Public\Documents\temp.dat


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****

[-] Klíč smazán: HKU\.DEFAULT\Software\ecb`nl
[-] Klíč smazán: HKU\S-1-5-21-1751909884-367361752-1588634989-1001\Software\deskapp
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\ecb`nl
[#] Klíč smazán po restartu: HKCU\Software\deskapp
[-] Klíč smazán: HKLM\SOFTWARE\ecb`nl
[-] Klíč smazán: HKLM\SOFTWARE\{84416237-6490-494D-9AD6-4994DD978971}
[#] Klíč smazán po restartu: [x64] HKCU\Software\deskapp
[-] Klíč smazán: [x64] HKLM\SOFTWARE\ecb`nl


***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1834 Bajty] - [17/02/2017 19:09:56]
C:\AdwCleaner\AdwCleaner[C2].txt - [9077 Bajty] - [06/03/2017 16:42:10]
C:\AdwCleaner\AdwCleaner[C3].txt - [8110 Bajty] - [12/03/2017 18:40:16]
C:\AdwCleaner\AdwCleaner[C4].txt - [8862 Bajty] - [16/03/2017 21:02:34]
C:\AdwCleaner\AdwCleaner[C5].txt - [1611 Bajty] - [18/03/2017 18:23:31]
C:\AdwCleaner\AdwCleaner[S0].txt - [1987 Bajty] - [17/02/2017 19:03:26]
C:\AdwCleaner\AdwCleaner[S1].txt - [4823 Bajty] - [01/03/2017 18:53:10]
C:\AdwCleaner\AdwCleaner[S2].txt - [4689 Bajty] - [01/03/2017 18:56:22]
C:\AdwCleaner\AdwCleaner[S3].txt - [10316 Bajty] - [06/03/2017 16:41:25]
C:\AdwCleaner\AdwCleaner[S4].txt - [8750 Bajty] - [12/03/2017 18:35:39]
C:\AdwCleaner\AdwCleaner[S5].txt - [8765 Bajty] - [12/03/2017 18:37:41]
C:\AdwCleaner\AdwCleaner[S6].txt - [10655 Bajty] - [16/03/2017 21:02:17]
C:\AdwCleaner\AdwCleaner[S7].txt - [2529 Bajty] - [18/03/2017 18:21:39]

########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [2270 Bajty] ##########

[Rudy]

Vše smažte.

[marecek]

Smazal jsem, dnes ráno jsem znova spustil scan a zase to našlo 6 hrozeb.

[Rudy]

Tak to odněkud stahujete. Vyčistíme prohlížeče. Spusťte tyto skeny:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

[marecek]

Kód: Vybrat vše

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Honza on 19.03.2017 at 17:22:49,32.
Microsoft Windows 10 Home 10.0.10240  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Honza\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

19.03.2017 17:23:25 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp. 
# 
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 
# 
# This file contains the mappings of IP addresses to host names. Each 
# entry should be kept on an individual line. The IP address should 
# be placed in the first column followed by the corresponding host name. 
# The IP address and the host name should be separated by at least one 
# space. 
# 
# Additionally, comments (such as these) may be inserted on individual 
# lines or following the machine name denoted by a '#' symbol. 
# 
# For example: 
# 
#      102.54.94.97     rhino.acme.com          # source server 
#       38.25.63.10     x.acme.com              # x client host 
 
127.0.0.1       localhost 

==== Empty Folders Check ======================

C:\PROGRA~2\58C9AD79_cacayima deleted successfully
C:\PROGRA~2\deskapp deleted successfully
C:\PROGRA~2\MK deleted successfully
C:\Program Files\VideoLAN deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\Honza\AppData\Local\DCS deleted successfully
C:\Users\Honza\AppData\Local\GHISLER deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\58C9AD79_cacayima not found
C:\PROGRA~2\deskapp not found
C:\PROGRA~2\MK not found
C:\PROGRA~3\Package Cache deleted
C:\Users\Honza\AppData\Local\CrashRpt deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
"C:\Windows\Installer\ad71e60.msi" deleted
"C:\ProgramData\cm-lock" not deleted

==== Chromium Look ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} Amazon  Url="https://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p17_serp_ie_us_display?ie=UTF8&tagbase=bds-p17&tbrId=v1_abb-channel-17_64a6e42e_1201_1403_20161228_CZ_ie_ds_&tag=bds-p17-serp-us-ie-20&query={searchTerms}"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D19498A1D6C64DA4EB89121FE9A469B7 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1A89491D-6C6D-4AD4-BE98-21F19E4A967B} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D19498A1D6C64DA4EB89121FE9A469B7 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Honza\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Honza\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=32 folders=39 43338059 bytes)

==== Empty Temp Folders ======================

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Honza\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\ProgramData\cm-lock"  not deleted

==== EOF on 19.03.2017 at 17:37:47,69 ======================

Kód: Vybrat vše

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows 10 Home x64 
Ran by Honza (Administrator) on 19.03.2017 at 17:38:51,15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0 




Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.03.2017 at 17:39:32,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Rudy]

Změnilo se něco teď?

[marecek]

Zatím to vypadá dobře, kdyžtak napíšu. Děkuji za pomoc, moc si vážím toho co děláte.