Dobrý večer, rád bych vás požádal o pomoc s odstraněním škůdce, který mi (vypadá to, že pouze ve FF otevírá reklamní stránky). Můj uBlock zaznamenal i stránku, která provede redirekt a doména je Wonderlandads...
Zde jest log a můj dík:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-05-2017
Ran by necro (administrator) on X4 (06-05-2017 21:24:29)
Running from C:\Users\necro\Desktop
Loaded Profiles: necro (Available Profiles: necro)
Platform: Windows 10 Pro Version 1703 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(ANDREA VACONDIO) C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\runonce.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows10Upgrade\Windows10UpgraderApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.675.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.99.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(forum.viry.cz) C:\Users\necro\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [454792 2016-05-25] (Power Software Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2389767171-3205384170-2924529595-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-26] (Valve Corporation)
HKU\S-1-5-21-2389767171-3205384170-2924529595-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2389767171-3205384170-2924529595-1001\...\RunOnce: [Uninstall 17.3.6799.0327\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\necro\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64"
HKU\S-1-5-21-2389767171-3205384170-2924529595-1001\...\RunOnce: [Uninstall 17.3.6799.0327] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\necro\AppData\Local\Microsoft\OneDrive\17.3.6799.0327"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2017-03-12]
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{b5fbcd0b-dcab-4cbf-b1d5-263fd2ffab55}: [DhcpNameServer] 192.168.100.1
Internet Explorer:
==================
HKU\S-1-5-21-2389767171-3205384170-2924529595-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-2389767171-3205384170-2924529595-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-05] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-05] (Oracle Corporation)
FireFox:
========
FF DefaultProfile: 23zg2mxx.default-1494074872078
FF ProfilePath: C:\Users\necro\AppData\Roaming\Mozilla\Firefox\Profiles\23zg2mxx.default-1494074872078 [2017-05-06]
FF Extension: (uBlock Origin) - C:\Users\necro\AppData\Roaming\Mozilla\Firefox\Profiles\23zg2mxx.default-1494074872078\Extensions\uBlock0@raymondhill.net.xpi [2017-05-06]
FF Extension: (Shield Recipe Client) - C:\Users\necro\AppData\Roaming\Mozilla\Firefox\Profiles\23zg2mxx.default-1494074872078\features\{969250c6-15c3-46a2-9b89-b4c0867dcb2c}\shield-recipe-client@mozilla.org.xpi [2017-05-06]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-12] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-12] ()
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2389767171-3205384170-2924529595-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\necro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2836296 2017-02-14] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2146704 2017-04-18] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3115928 2017-04-18] (Electronic Arts)
R2 PDFsam Manager; C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe [1050224 2015-11-13] (ANDREA VACONDIO)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2016-11-13] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10888944 2017-04-25] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2016-09-16] (VIA Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [132272 2017-02-14] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [106768 2017-02-14] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2016-10-13] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180544 2017-02-14] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [49672 2017-02-14] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [77616 2017-02-14] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [96856 2017-02-14] (ESET)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2016-12-14] ()
S3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [102856 2017-05-06] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-05-06] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2017-05-06] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-05-06] (Malwarebytes)
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2016-09-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)
S3 NVVADARM; C:\WINDOWS\system32\drivers\nvvadarm.sys [40256 2014-09-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 RTL8023x64; C:\WINDOWS\System32\drivers\Rtnic64.sys [51712 2017-03-18] (Realtek Semiconductor Corporation )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 VMfilt; C:\WINDOWS\system32\drivers\VMfilt64.sys [42192 2016-09-16] (Creative Technology Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 ykinw8; C:\WINDOWS\System32\drivers\ykinx64.sys [288768 2017-03-18] (Marvell)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-06 21:24 - 2017-05-06 21:24 - 00015315 _____ C:\Users\necro\Desktop\FRST.txt
2017-05-06 21:24 - 2017-05-06 21:24 - 00000000 ____D C:\FRST
2017-05-06 21:23 - 2017-05-06 21:23 - 00015327 _____ C:\Users\necro\Desktop\LM.bat
2017-05-06 21:22 - 2017-05-06 21:23 - 00029696 _____ C:\Users\necro\AppData\Local\MSGBOX.EXE
2017-05-06 21:22 - 2017-05-06 21:22 - 00112640 _____ (forum.viry.cz) C:\Users\necro\Desktop\FRSTLauncher.exe
2017-05-06 21:21 - 2017-05-06 21:21 - 02429440 _____ (Farbar) C:\Users\necro\Desktop\FRST64.exe
2017-05-06 20:45 - 2017-05-06 20:45 - 00000000 ___HD C:\OneDriveTemp
2017-05-06 20:43 - 2017-05-06 20:43 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-05-06 20:41 - 2017-05-06 20:41 - 00000020 ___SH C:\Users\necro\ntuser.ini
2017-05-06 19:22 - 2017-05-06 19:22 - 00000000 ____D C:\Windows.old
2017-05-06 19:21 - 2017-05-06 19:21 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 01627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-05-06 19:21 - 2017-05-06 19:21 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00387416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-05-06 19:21 - 2017-05-06 19:21 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-05-06 19:21 - 2017-05-06 19:21 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 23680512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 20506112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 20374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 08321440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 08246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 06761048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 04848440 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02651648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02444184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-06 19:20 - 2017-05-06 19:20 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-06 19:20 - 2017-05-06 19:20 - 01885696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01452960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01411640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01323880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 01103872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01074688 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01024416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00986592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00626520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-05-06 19:20 - 2017-05-06 19:20 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-05-06 19:20 - 2017-05-06 19:20 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00206232 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-05-06 19:20 - 2017-05-06 19:20 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-05-06 19:16 - 2017-05-06 19:16 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-05-06 19:16 - 2017-05-06 19:16 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-05-06 19:16 - 2017-03-17 23:00 - 05739008 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0009.dll
2017-05-06 19:16 - 2017-03-17 22:59 - 02629120 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0009.dll
2017-05-06 19:16 - 2017-03-17 22:48 - 06348288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0009.dll
2017-05-06 19:16 - 2017-03-17 22:43 - 02629120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0009.dll
2017-05-06 19:16 - 2017-03-17 22:35 - 05484544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0009.dll
2017-05-06 19:10 - 2017-05-06 19:10 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-05-06 19:10 - 2017-05-06 18:25 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-05-06 19:08 - 2017-05-06 19:08 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2017-05-06 19:08 - 2017-05-06 19:08 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-05-06 19:08 - 2017-05-06 19:08 - 00000000 ____D C:\Program Files\MSBuild
2017-05-06 19:08 - 2017-05-06 19:08 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-05-06 19:08 - 2017-05-06 18:37 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-05-06 19:08 - 2017-02-10 12:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-05-06 19:08 - 2017-02-10 12:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-05-06 19:08 - 2017-02-10 12:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-05-06 19:08 - 2017-02-10 12:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-05-06 19:08 - 2017-02-10 12:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-05-06 19:08 - 2017-02-10 12:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-05-06 18:49 - 2017-05-06 18:50 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-05-06 18:49 - 2017-05-06 18:50 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-05-06 18:46 - 2017-05-06 18:46 - 01791806 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-06 18:45 - 2017-05-06 20:45 - 00003264 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-05-06 18:45 - 2017-05-06 18:45 - 00003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-05-06 18:45 - 2017-05-06 18:45 - 00003362 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-05-06 18:45 - 2017-05-06 18:45 - 00002594 _____ C:\WINDOWS\System32\Tasks\news1freeorgvcomm
2017-05-06 18:45 - 2017-05-06 18:45 - 00002128 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2017-05-06 18:45 - 2017-05-06 18:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-06 18:45 - 2017-05-06 18:45 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-05-06 18:45 - 2017-05-06 18:45 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-05-06 18:36 - 2017-05-06 18:36 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-05-06 18:36 - 2017-05-06 18:36 - 00000000 ____D C:\ProgramData\USOShared
2017-05-06 18:32 - 2017-05-06 18:37 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-05-06 18:30 - 2017-05-06 20:43 - 00000000 ____D C:\Users\necro
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Šablony
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Soubory cookie
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Poslední
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Okolní tiskárny
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Okolní síť
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Nabídka Start
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Dokumenty
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Documents\Obrázky
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Documents\Hudba
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Documents\Filmy
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Data aplikací
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\AppData\Local\Data aplikací
2017-05-06 18:29 - 2017-05-06 18:33 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-05-06 18:29 - 2017-05-06 18:33 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-05-06 18:29 - 2017-05-06 18:33 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-05-06 18:29 - 2017-05-06 18:29 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2017-05-06 18:29 - 2017-05-06 18:29 - 00000000 ____D C:\Program Files\VIA
2017-05-06 18:29 - 2016-12-29 14:44 - 06386232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-05-06 18:29 - 2016-12-29 14:44 - 02477624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-05-06 18:29 - 2016-12-29 14:44 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-05-06 18:29 - 2016-12-29 14:44 - 00546752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-05-06 18:29 - 2016-12-29 14:44 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-05-06 18:29 - 2016-12-29 14:44 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-05-06 18:29 - 2016-12-29 14:44 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-05-06 18:29 - 2016-12-19 09:26 - 07651057 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-05-06 18:28 - 2017-05-06 18:28 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-05-06 18:28 - 2017-03-18 22:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-05-06 18:25 - 2017-05-06 20:40 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-06 18:25 - 2017-05-06 18:38 - 00217328 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-06 17:52 - 2017-05-06 17:52 - 00001568 _____ C:\EsgInstallerResumeAction_8cd65407ae08cb56a786a82cb034ae18
2017-05-06 17:35 - 2017-05-06 20:41 - 00000000 ___DC C:\WINDOWS\Panther
2017-05-06 17:35 - 2017-05-06 17:44 - 00000000 ___HD C:\$WINDOWS.~BT
2017-05-06 17:33 - 2017-05-06 17:35 - 00000036 _____ C:\WINDOWS\progress.ini
2017-05-06 17:27 - 2017-05-06 20:41 - 00000000 ____D C:\Windows10Upgrade
2017-05-06 17:27 - 2017-05-06 20:40 - 00000000 ___HD C:\$GetCurrent
2017-05-06 17:27 - 2017-05-06 17:27 - 00000731 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pomocník při upgradu na Windows 10.lnk
2017-05-06 17:26 - 2017-05-06 17:27 - 06385872 _____ (Microsoft Corporation) C:\Users\necro\Downloads\Windows10Upgrade9252.exe
2017-05-06 16:35 - 2017-05-06 16:35 - 00000000 ____D C:\Users\necro\AppData\Roaming\Enigma Software Group
2017-05-06 16:35 - 2017-05-06 16:35 - 00000000 ____D C:\sh4ldr
2017-05-06 16:35 - 2017-05-06 16:35 - 00000000 _____ C:\autoexec.bat
2017-05-06 16:34 - 2017-05-06 16:34 - 00000000 ____D C:\Program Files\Enigma Software Group
2017-05-06 15:21 - 2017-05-06 15:27 - 00001051 _____ C:\runcheck.txt
2017-05-06 15:21 - 2017-05-06 15:21 - 00000000 ____D C:\zoek_backup
2017-05-06 14:54 - 2017-05-06 15:21 - 01309184 _____ C:\Users\necro\Downloads\zoek.exe
2017-05-06 14:52 - 2017-05-06 14:52 - 09390672 _____ (Piriform Ltd) C:\Users\necro\Downloads\ccsetup529.exe
2017-05-06 14:37 - 2017-05-06 14:37 - 00388608 _____ (Trend Micro Inc.) C:\Users\necro\Downloads\hijackthis.exe
2017-05-06 14:05 - 2017-05-06 20:44 - 00000000 ____D C:\Users\necro\AppData\LocalLow\Mozilla
2017-05-06 14:05 - 2017-05-06 14:09 - 00000000 ____D C:\Users\necro\AppData\Local\Mozilla
2017-05-06 14:05 - 2017-05-06 14:05 - 00000000 ____D C:\Users\necro\AppData\Roaming\Mozilla
2017-05-06 14:05 - 2017-05-06 14:05 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-05-06 14:05 - 2017-05-06 14:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-06 14:04 - 2017-05-06 14:04 - 46872456 _____ (Mozilla) C:\Users\necro\Downloads\Firefox Setup 53.0.2.exe
2017-05-06 13:57 - 2017-05-06 13:57 - 00048892 _____ C:\Users\necro\Desktop\bookmarks-2017-05-06.json
2017-05-06 13:26 - 2017-05-06 13:26 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-06 11:26 - 2017-05-06 18:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-05-06 11:26 - 2017-05-06 13:44 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-05-06 11:26 - 2017-05-06 11:26 - 00001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-05-06 11:26 - 2017-05-06 11:26 - 00001452 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-05-06 11:26 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2017-05-06 11:25 - 2017-05-06 13:26 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-05-06 11:17 - 2017-05-06 11:21 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-05-06 11:17 - 2017-05-06 11:21 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-05-06 11:17 - 2017-05-06 11:21 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-05-06 11:17 - 2017-05-06 11:20 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-06 11:17 - 2017-05-06 11:20 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-05-06 11:17 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-05-06 11:16 - 2017-05-06 11:16 - 54199488 _____ (Malwarebytes ) C:\Users\necro\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2017-05-06 11:16 - 2017-05-06 11:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-06 10:40 - 2017-05-06 11:00 - 00000000 ____D C:\Users\necro\AppData\Local\{12A8CCFE-3C33-4995-BAD8-074E4C5B22FD}
2017-05-06 01:20 - 2017-05-06 01:20 - 00007605 _____ C:\Users\necro\AppData\Local\Resmon.ResmonCfg
2017-05-05 23:58 - 2017-05-05 23:58 - 00000000 ____D C:\Users\necro\AppData\Local\AdAwareDesktop
2017-05-05 23:55 - 2017-05-05 23:55 - 00000000 ____D C:\Users\necro\AppData\Local\AdAwareUpdater
2017-05-05 23:54 - 2017-05-05 23:54 - 00000000 ____D C:\ProgramData\Lavasoft
2017-05-05 23:54 - 2017-05-05 23:54 - 00000000 ____D C:\Program Files\Common Files\adaware
2017-05-05 22:57 - 2017-05-06 18:31 - 00000000 ____D C:\Users\necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2017-05-05 22:57 - 2017-05-06 13:09 - 00000000 ____D C:\Users\necro\AppData\Local\Ubisoft Game Launcher
2017-05-05 22:57 - 2017-05-05 22:57 - 00001278 _____ C:\Users\necro\Desktop\Uplay.lnk
2017-05-05 22:57 - 2017-05-05 22:57 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2017-05-05 20:40 - 2017-05-06 01:16 - 00000000 ____D C:\AdwCleaner
2017-05-05 19:17 - 2017-05-05 19:17 - 00000000 ____D C:\Users\necro\AppData\Roaming\ESET
2017-05-05 19:14 - 2017-05-05 19:14 - 00000000 ____D C:\Users\necro\AppData\LocalLow\Unity
2017-05-05 19:14 - 2017-05-05 19:14 - 00000000 ____D C:\Users\necro\AppData\Local\Unity
2017-05-05 08:03 - 2017-05-05 08:03 - 00707298 _____ C:\Users\necro\Downloads\2286711.ppt
2017-05-01 13:18 - 2017-05-01 13:18 - 00048560 _____ C:\Users\necro\Downloads\nodemcu-cs.pdf
2017-04-15 23:19 - 2017-04-15 23:19 - 00000000 ____D C:\Users\necro\AppData\Roaming\The Creative Assembly
2017-04-15 22:27 - 2017-05-02 21:23 - 00000000 ____D C:\Napoleon---Total-War
2017-04-15 13:27 - 2017-04-15 13:29 - 00000000 ____D C:\Users\necro\Documents\Caribbean!
2017-04-15 13:27 - 2017-04-15 13:28 - 00000000 ____D C:\Users\necro\AppData\Roaming\Caribbean!
2017-04-15 13:27 - 2017-04-15 13:27 - 00000000 ____D C:\Users\necro\Documents\SkidRow
2017-04-15 13:08 - 2017-04-15 13:08 - 00000000 ____D C:\Users\necro\AppData\Roaming\NVIDIA
2017-04-12 19:30 - 2017-03-28 07:37 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcWnsListener.dll
2017-04-12 19:30 - 2017-03-28 07:28 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-06 21:14 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-06 21:14 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-06 20:58 - 2016-09-16 23:55 - 00000000 ____D C:\Users\necro\AppData\Local\Packages
2017-05-06 20:49 - 2016-09-18 14:12 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-06 20:45 - 2016-09-16 23:57 - 00002391 _____ C:\Users\necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-05-06 20:45 - 2016-09-16 23:57 - 00000000 ___RD C:\Users\necro\OneDrive
2017-05-06 20:42 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF
2017-05-06 20:42 - 2017-02-06 23:44 - 00000000 ____D C:\Users\necro\AppData\Local\ConnectedDevicesPlatform
2017-05-06 20:41 - 2017-03-18 23:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-05-06 20:41 - 2017-01-27 00:04 - 00000412 __RSH C:\ProgramData\ntuser.pol
2017-05-06 20:41 - 2016-11-21 06:46 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-06 19:24 - 2017-03-18 23:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-05-06 19:22 - 2017-03-18 23:06 - 00000000 ____D C:\WINDOWS\Setup
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\en-GB
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-05-06 19:21 - 2017-03-18 22:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-06 19:21 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-05-06 19:17 - 2017-03-20 06:40 - 00000000 ____D C:\WINDOWS\OCR
2017-05-06 19:15 - 2017-03-20 06:41 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\system32\winrm
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\system32\WCN
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\system32\slmgr
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\IME
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-05-06 19:15 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\servicing
2017-05-06 19:08 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-05-06 19:08 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\MUI
2017-05-06 18:54 - 2016-09-19 04:36 - 00000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2017-05-06 18:52 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache
2017-05-06 18:52 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows NT
2017-05-06 18:51 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-05-06 18:51 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Registration
2017-05-06 18:51 - 2017-03-18 13:40 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2017-05-06 18:48 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-05-06 18:46 - 2017-03-20 06:39 - 00757646 _____ C:\WINDOWS\system32\perfh005.dat
2017-05-06 18:46 - 2017-03-20 06:39 - 00152942 _____ C:\WINDOWS\system32\perfc005.dat
2017-05-06 18:45 - 2017-03-20 06:41 - 00000000 ____D C:\WINDOWS\HoloShell
2017-05-06 18:45 - 2016-09-19 04:22 - 00023020 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-05-06 18:44 - 2017-03-18 23:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-05-06 18:39 - 2017-03-12 18:32 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-06 18:37 - 2017-03-18 13:40 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-05-06 18:37 - 2017-03-12 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-05-06 18:37 - 2017-01-23 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY
2017-05-06 18:37 - 2017-01-07 19:00 - 00000000 ____D C:\Users\necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Razor
2017-05-06 18:37 - 2016-12-04 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm Launcher
2017-05-06 18:37 - 2016-11-26 19:24 - 00000000 ____D C:\Users\necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mount&Blade Warband
2017-05-06 18:37 - 2016-11-24 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-05-06 18:37 - 2016-11-08 19:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFsam Basic
2017-05-06 18:37 - 2016-10-16 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-05-06 18:37 - 2016-09-27 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
2017-05-06 18:37 - 2016-09-18 14:13 - 00000000 ____D C:\Users\necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-05-06 18:37 - 2016-09-18 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-05-06 18:37 - 2016-09-18 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-05-06 18:37 - 2016-09-17 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2017-05-06 18:37 - 2016-09-17 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-05-06 18:37 - 2016-09-17 16:37 - 00000000 ____D C:\WINDOWS\SHELLNEW
2017-05-06 18:37 - 2016-09-17 14:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icewind Dale Enhanced Edition [GOG.com]
2017-05-06 18:37 - 2016-09-17 12:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2017-05-06 18:36 - 2017-03-18 23:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-05-06 18:36 - 2017-03-18 23:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-06 18:34 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-05-06 18:34 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-05-06 18:34 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-05-06 18:34 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-05-06 18:34 - 2017-03-11 19:52 - 00000000 ____D C:\WINDOWS\SysWOW64\Futuremark
2017-05-06 18:34 - 2016-11-09 04:30 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-05-06 18:33 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-05-06 18:33 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-05-06 18:33 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Common Files\System
2017-05-06 18:33 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-05-06 18:33 - 2017-03-12 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2017-05-06 18:33 - 2017-03-11 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
2017-05-06 18:33 - 2016-12-25 18:46 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-05-06 18:33 - 2016-11-09 04:30 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2017-05-06 18:33 - 2016-11-04 19:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-05-06 18:32 - 2015-07-10 13:04 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-05-06 18:29 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Help
2017-05-06 18:29 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-05-06 16:58 - 2017-03-12 22:12 - 00000000 ____D C:\Users\necro\AppData\Local\CrashDumps
2017-05-06 14:37 - 2016-09-16 23:55 - 00000000 ____D C:\Users\necro\AppData\Local\VirtualStore
2017-05-06 13:23 - 2016-09-17 02:39 - 00532136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-05-05 23:02 - 2016-09-21 19:25 - 00000000 ____D C:\Users\necro\Documents\My Games
2017-05-05 22:57 - 2016-09-19 20:28 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-05 21:09 - 2016-10-16 18:12 - 00000000 ____D C:\ProgramData\Oracle
2017-05-05 21:03 - 2016-10-16 18:12 - 00000000 ____D C:\Program Files (x86)\Java
2017-05-05 21:02 - 2016-10-16 18:12 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-05-05 19:49 - 2016-12-04 22:22 - 00000000 ____D C:\Program Files (x86)\FirestormLauncher
2017-05-05 19:33 - 2016-09-18 14:27 - 00000000 ____D C:\Users\necro\AppData\Local\Steam
2017-05-04 12:02 - 2016-09-17 00:17 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-05-02 21:22 - 2016-09-17 00:10 - 00000000 ____D C:\Users\necro\AppData\Local\Battle.net
2017-05-02 21:22 - 2016-09-17 00:09 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-05-02 21:12 - 2016-09-17 21:33 - 00215128 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2017-05-02 21:12 - 2016-09-17 21:32 - 00215128 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2017-05-02 18:32 - 2016-12-22 21:42 - 00001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-05-02 18:32 - 2016-12-22 21:42 - 00001028 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-04-28 21:38 - 2016-09-20 20:17 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-28 18:38 - 2016-11-12 00:52 - 00000000 ____D C:\Users\necro\AppData\Roaming\Origin
2017-04-24 19:11 - 2016-10-16 17:59 - 00000000 ____D C:\Users\necro\Downloads\Subs
2017-04-21 20:43 - 2016-09-17 21:32 - 00348360 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2017-04-21 20:42 - 2016-11-12 00:50 - 00000000 ____D C:\ProgramData\Origin
2017-04-18 21:08 - 2016-11-12 00:51 - 00000000 ____D C:\Program Files (x86)\Origin
2017-04-12 23:14 - 2016-11-24 20:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-04-12 23:14 - 2016-11-24 20:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-04-11 23:02 - 2016-09-17 14:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-11 23:00 - 2016-09-17 14:00 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-11 22:58 - 2015-07-10 13:04 - 00000167 _____ C:\WINDOWS\win.ini
==================== Files in the root of some directories =======
2017-03-11 20:40 - 2017-03-12 19:03 - 1307648 _____ () C:\Users\necro\AppData\Local\file__0.localstorage
2017-05-06 21:22 - 2017-05-06 21:23 - 0029696 _____ () C:\Users\necro\AppData\Local\MSGBOX.EXE
2017-01-23 20:55 - 2017-01-23 20:55 - 0000600 _____ () C:\Users\necro\AppData\Local\PUTTY.RND
2017-05-06 01:20 - 2017-05-06 01:20 - 0007605 _____ () C:\Users\necro\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-05-06 18:25
==================== End of FRST.txt ============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Samovolné otevírání stránek
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119609
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Samovolné otevírání stránek
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Samovolné otevírání stránek
Tuto aplikaci jsem již zkoušel, občas něco najde a odstraní, občas nic nenajde, nicméně problém přetrvává. Nyní zase našla, uznávám, že ranec 
Provedeno dle návodu:
# AdwCleaner v6.046 - Log vytvořen 06/05/2017 v 22:37:24
# Aktualizováno dne 24/04/2017 z Malwarebytes
# Databáze : 2017-05-05.1 [Místní]
# Operační systém : Windows 10 Pro (X64)
# Uživatelské jméno : necro - X4
# Spuštěno z : C:\Users\necro\Downloads\adwcleaner_6.046.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
[-] Složka smazána: C:\Users\necro\AppData\Local\{12A8CCFE-3C33-4995-BAD8-074E4C5B22FD}
[-] Složka smazána: C:\Users\necro\AppData\Roaming\Enigma Software Group
[-] Složka smazána: C:\Program Files\Enigma Software Group
[-] Složka smazána: C:\sh4ldr
***** [ Soubory ] *****
[-] Soubor smazán: C:\Users\necro\Downloads\ReimageRepair.exe
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
***** [ Registry ] *****
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Klíč smazán: HKLM\SOFTWARE\Reimage
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter
[-] Klíč smazán: [x64] HKLM\SOFTWARE\EnigmaSoftwareGroup
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\slunecnice.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.slunecnice.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.solvusoft.com
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\slunecnice.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.slunecnice.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.solvusoft.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.solvusoft.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.solvusoft.com
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [3895 Bajty] - [05/05/2017 20:51:37]
C:\AdwCleaner\AdwCleaner[C2].txt - [1365 Bajty] - [05/05/2017 22:45:57]
C:\AdwCleaner\AdwCleaner[C3].txt - [5629 Bajty] - [06/05/2017 22:37:24]
C:\AdwCleaner\AdwCleaner[S0].txt - [3912 Bajty] - [05/05/2017 20:44:23]
C:\AdwCleaner\AdwCleaner[S1].txt - [1619 Bajty] - [05/05/2017 22:05:58]
C:\AdwCleaner\AdwCleaner[S2].txt - [1650 Bajty] - [05/05/2017 22:51:04]
C:\AdwCleaner\AdwCleaner[S3].txt - [1725 Bajty] - [05/05/2017 22:53:18]
C:\AdwCleaner\AdwCleaner[S4].txt - [1798 Bajty] - [05/05/2017 23:53:07]
C:\AdwCleaner\AdwCleaner[S5].txt - [1871 Bajty] - [06/05/2017 01:16:58]
C:\AdwCleaner\AdwCleaner[S6].txt - [6306 Bajty] - [06/05/2017 22:36:43]
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [6213 Bajty] ##########
Provedeno dle návodu:# AdwCleaner v6.046 - Log vytvořen 06/05/2017 v 22:37:24
# Aktualizováno dne 24/04/2017 z Malwarebytes
# Databáze : 2017-05-05.1 [Místní]
# Operační systém : Windows 10 Pro (X64)
# Uživatelské jméno : necro - X4
# Spuštěno z : C:\Users\necro\Downloads\adwcleaner_6.046.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
[-] Složka smazána: C:\Users\necro\AppData\Local\{12A8CCFE-3C33-4995-BAD8-074E4C5B22FD}
[-] Složka smazána: C:\Users\necro\AppData\Roaming\Enigma Software Group
[-] Složka smazána: C:\Program Files\Enigma Software Group
[-] Složka smazána: C:\sh4ldr
***** [ Soubory ] *****
[-] Soubor smazán: C:\Users\necro\Downloads\ReimageRepair.exe
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
***** [ Registry ] *****
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Klíč smazán: HKLM\SOFTWARE\Reimage
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter
[-] Klíč smazán: [x64] HKLM\SOFTWARE\EnigmaSoftwareGroup
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\slunecnice.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.slunecnice.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.solvusoft.com
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\slunecnice.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.slunecnice.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.solvusoft.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.solvusoft.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.solvusoft.com
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [3895 Bajty] - [05/05/2017 20:51:37]
C:\AdwCleaner\AdwCleaner[C2].txt - [1365 Bajty] - [05/05/2017 22:45:57]
C:\AdwCleaner\AdwCleaner[C3].txt - [5629 Bajty] - [06/05/2017 22:37:24]
C:\AdwCleaner\AdwCleaner[S0].txt - [3912 Bajty] - [05/05/2017 20:44:23]
C:\AdwCleaner\AdwCleaner[S1].txt - [1619 Bajty] - [05/05/2017 22:05:58]
C:\AdwCleaner\AdwCleaner[S2].txt - [1650 Bajty] - [05/05/2017 22:51:04]
C:\AdwCleaner\AdwCleaner[S3].txt - [1725 Bajty] - [05/05/2017 22:53:18]
C:\AdwCleaner\AdwCleaner[S4].txt - [1798 Bajty] - [05/05/2017 23:53:07]
C:\AdwCleaner\AdwCleaner[S5].txt - [1871 Bajty] - [06/05/2017 01:16:58]
C:\AdwCleaner\AdwCleaner[S6].txt - [6306 Bajty] - [06/05/2017 22:36:43]
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [6213 Bajty] ##########
Re: Samovolné otevírání stránek
PS nyní vyskočila reklama.. 
-
Rudy
- Site Admin
- Příspěvky: 119609
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Samovolné otevírání stránek
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Samovolné otevírání stránek
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-05-2017
Ran by necro (administrator) on X4 (07-05-2017 12:06:03)
Running from C:\Users\necro\Desktop
Loaded Profiles: necro (Available Profiles: necro)
Platform: Windows 10 Pro Version 1703 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(ANDREA VACONDIO) C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.675.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.99.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\necro\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [454792 2016-05-25] (Power Software Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2389767171-3205384170-2924529595-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-26] (Valve Corporation)
HKU\S-1-5-21-2389767171-3205384170-2924529595-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2017-03-12]
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{b5fbcd0b-dcab-4cbf-b1d5-263fd2ffab55}: [DhcpNameServer] 192.168.100.1
Internet Explorer:
==================
HKU\S-1-5-21-2389767171-3205384170-2924529595-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-2389767171-3205384170-2924529595-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-05] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-05] (Oracle Corporation)
FireFox:
========
FF DefaultProfile: 23zg2mxx.default-1494074872078
FF ProfilePath: C:\Users\necro\AppData\Roaming\Mozilla\Firefox\Profiles\23zg2mxx.default-1494074872078 [2017-05-07]
FF Extension: (uBlock Origin) - C:\Users\necro\AppData\Roaming\Mozilla\Firefox\Profiles\23zg2mxx.default-1494074872078\Extensions\uBlock0@raymondhill.net.xpi [2017-05-06]
FF Extension: (Shield Recipe Client) - C:\Users\necro\AppData\Roaming\Mozilla\Firefox\Profiles\23zg2mxx.default-1494074872078\features\{969250c6-15c3-46a2-9b89-b4c0867dcb2c}\shield-recipe-client@mozilla.org.xpi [2017-05-06]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-12] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-12] ()
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2389767171-3205384170-2924529595-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\necro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2836296 2017-02-14] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2146704 2017-04-18] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3115928 2017-04-18] (Electronic Arts)
R2 PDFsam Manager; C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe [1050224 2015-11-13] (ANDREA VACONDIO)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2016-11-13] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10888944 2017-04-25] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2016-09-16] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [132272 2017-02-14] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [106768 2017-02-14] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2016-10-13] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180544 2017-02-14] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [49672 2017-02-14] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [77616 2017-02-14] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [96856 2017-02-14] (ESET)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2016-12-14] ()
S3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [102856 2017-05-06] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-05-06] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2017-05-06] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-05-06] (Malwarebytes)
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2016-09-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)
S3 NVVADARM; C:\WINDOWS\system32\drivers\nvvadarm.sys [40256 2014-09-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 RTL8023x64; C:\WINDOWS\System32\drivers\Rtnic64.sys [51712 2017-03-18] (Realtek Semiconductor Corporation )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 VMfilt; C:\WINDOWS\system32\drivers\VMfilt64.sys [42192 2016-09-16] (Creative Technology Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 ykinw8; C:\WINDOWS\System32\drivers\ykinx64.sys [288768 2017-03-18] (Marvell)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-07 10:03 - 2015-07-10 13:02 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170507-100300.backup
2017-05-06 22:44 - 2017-05-06 22:44 - 00000000 ____D C:\Users\necro\AppData\Local\DBG
2017-05-06 22:37 - 2017-05-06 22:37 - 00000000 ____D C:\Users\necro\AppData\Local\PeerDistRepub
2017-05-06 22:34 - 2017-05-06 22:34 - 04102600 _____ C:\Users\necro\Desktop\adwcleaner_6.046.exe
2017-05-06 21:24 - 2017-05-07 12:07 - 00014720 _____ C:\Users\necro\Desktop\FRST.txt
2017-05-06 21:24 - 2017-05-07 12:06 - 00000000 ____D C:\FRST
2017-05-06 21:22 - 2017-05-06 21:23 - 00001376 _____ C:\Users\necro\Desktop\Rkill.txt
2017-05-06 21:22 - 2017-05-06 21:22 - 00112640 _____ (forum.viry.cz) C:\Users\necro\Desktop\FRSTLauncher.exe
2017-05-06 21:21 - 2017-05-06 21:21 - 02429440 _____ (Farbar) C:\Users\necro\Desktop\FRST64.exe
2017-05-06 20:45 - 2017-05-06 20:45 - 00000000 ___HD C:\OneDriveTemp
2017-05-06 20:43 - 2017-05-06 20:43 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-05-06 20:41 - 2017-05-06 20:41 - 00000020 ___SH C:\Users\necro\ntuser.ini
2017-05-06 19:22 - 2017-05-06 19:22 - 00000000 ____D C:\Windows.old
2017-05-06 19:21 - 2017-05-06 19:21 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 01627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-05-06 19:21 - 2017-05-06 19:21 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00387416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-05-06 19:21 - 2017-05-06 19:21 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-05-06 19:21 - 2017-05-06 19:21 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 23680512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 20506112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 20374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 08321440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 08246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 06761048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 04848440 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02651648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02444184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-06 19:20 - 2017-05-06 19:20 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-06 19:20 - 2017-05-06 19:20 - 01885696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01452960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01411640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01323880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 01103872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01074688 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01024416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00986592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00626520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-05-06 19:20 - 2017-05-06 19:20 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-05-06 19:20 - 2017-05-06 19:20 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00206232 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-05-06 19:20 - 2017-05-06 19:20 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-05-06 19:16 - 2017-05-06 19:16 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-05-06 19:16 - 2017-05-06 19:16 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-05-06 19:16 - 2017-03-17 23:00 - 05739008 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0009.dll
2017-05-06 19:16 - 2017-03-17 22:59 - 02629120 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0009.dll
2017-05-06 19:16 - 2017-03-17 22:48 - 06348288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0009.dll
2017-05-06 19:16 - 2017-03-17 22:43 - 02629120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0009.dll
2017-05-06 19:16 - 2017-03-17 22:35 - 05484544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0009.dll
2017-05-06 19:10 - 2017-05-06 19:10 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-05-06 19:10 - 2017-05-06 18:25 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-05-06 19:08 - 2017-05-06 19:08 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2017-05-06 19:08 - 2017-05-06 19:08 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-05-06 19:08 - 2017-05-06 19:08 - 00000000 ____D C:\Program Files\MSBuild
2017-05-06 19:08 - 2017-05-06 19:08 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-05-06 19:08 - 2017-05-06 18:37 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-05-06 19:08 - 2017-02-10 12:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-05-06 19:08 - 2017-02-10 12:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-05-06 19:08 - 2017-02-10 12:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-05-06 19:08 - 2017-02-10 12:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-05-06 19:08 - 2017-02-10 12:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-05-06 19:08 - 2017-02-10 12:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-05-06 18:49 - 2017-05-06 18:50 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-05-06 18:49 - 2017-05-06 18:50 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-05-06 18:46 - 2017-05-06 22:45 - 01817844 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-06 18:45 - 2017-05-06 22:53 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-05-06 18:45 - 2017-05-06 22:39 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-06 18:45 - 2017-05-06 20:45 - 00003264 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-05-06 18:45 - 2017-05-06 18:45 - 00003362 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-05-06 18:45 - 2017-05-06 18:45 - 00002594 _____ C:\WINDOWS\System32\Tasks\news1freeorgvcomm
2017-05-06 18:45 - 2017-05-06 18:45 - 00002128 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2017-05-06 18:45 - 2017-05-06 18:45 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-05-06 18:45 - 2017-05-06 18:45 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-05-06 18:36 - 2017-05-06 18:36 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-05-06 18:36 - 2017-05-06 18:36 - 00000000 ____D C:\ProgramData\USOShared
2017-05-06 18:32 - 2017-05-06 18:37 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-05-06 18:30 - 2017-05-06 22:41 - 00000000 ____D C:\Users\necro
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Šablony
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Soubory cookie
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Poslední
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Okolní tiskárny
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Okolní síť
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Nabídka Start
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Dokumenty
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Documents\Obrázky
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Documents\Hudba
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Documents\Filmy
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Data aplikací
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\AppData\Local\Data aplikací
2017-05-06 18:29 - 2017-05-06 18:33 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-05-06 18:29 - 2017-05-06 18:33 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-05-06 18:29 - 2017-05-06 18:33 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-05-06 18:29 - 2017-05-06 18:29 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2017-05-06 18:29 - 2017-05-06 18:29 - 00000000 ____D C:\Program Files\VIA
2017-05-06 18:29 - 2016-12-29 14:44 - 06386232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-05-06 18:29 - 2016-12-29 14:44 - 02477624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-05-06 18:29 - 2016-12-29 14:44 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-05-06 18:29 - 2016-12-29 14:44 - 00546752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-05-06 18:29 - 2016-12-29 14:44 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-05-06 18:29 - 2016-12-29 14:44 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-05-06 18:29 - 2016-12-29 14:44 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-05-06 18:29 - 2016-12-19 09:26 - 07651057 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-05-06 18:28 - 2017-05-06 18:28 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-05-06 18:28 - 2017-03-18 22:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-05-06 18:25 - 2017-05-07 12:01 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-06 18:25 - 2017-05-06 22:40 - 00390768 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-06 17:52 - 2017-05-06 17:52 - 00001568 _____ C:\EsgInstallerResumeAction_8cd65407ae08cb56a786a82cb034ae18
2017-05-06 17:35 - 2017-05-06 20:41 - 00000000 ___DC C:\WINDOWS\Panther
2017-05-06 17:35 - 2017-05-06 17:44 - 00000000 ___HD C:\$WINDOWS.~BT
2017-05-06 17:33 - 2017-05-06 17:35 - 00000036 _____ C:\WINDOWS\progress.ini
2017-05-06 17:27 - 2017-05-06 20:41 - 00000000 ____D C:\Windows10Upgrade
2017-05-06 17:27 - 2017-05-06 20:40 - 00000000 ___HD C:\$GetCurrent
2017-05-06 17:27 - 2017-05-06 17:27 - 00000731 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pomocník při upgradu na Windows 10.lnk
2017-05-06 17:26 - 2017-05-06 17:27 - 06385872 _____ (Microsoft Corporation) C:\Users\necro\Downloads\Windows10Upgrade9252.exe
2017-05-06 16:35 - 2017-05-06 16:35 - 00000000 _____ C:\autoexec.bat
2017-05-06 15:21 - 2017-05-06 15:27 - 00001051 _____ C:\runcheck.txt
2017-05-06 14:54 - 2017-05-06 15:21 - 01309184 _____ C:\Users\necro\Downloads\zoek.exe
2017-05-06 14:54 - 2017-05-06 15:18 - 01663672 _____ (Malwarebytes) C:\Users\necro\Downloads\JRT.exe
2017-05-06 14:52 - 2017-05-06 14:52 - 09390672 _____ (Piriform Ltd) C:\Users\necro\Downloads\ccsetup529.exe
2017-05-06 14:37 - 2017-05-06 14:37 - 00388608 _____ (Trend Micro Inc.) C:\Users\necro\Downloads\hijackthis.exe
2017-05-06 14:05 - 2017-05-07 12:04 - 00000000 ____D C:\Users\necro\AppData\LocalLow\Mozilla
2017-05-06 14:05 - 2017-05-06 14:09 - 00000000 ____D C:\Users\necro\AppData\Local\Mozilla
2017-05-06 14:05 - 2017-05-06 14:05 - 00000000 ____D C:\Users\necro\AppData\Roaming\Mozilla
2017-05-06 14:05 - 2017-05-06 14:05 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-05-06 14:05 - 2017-05-06 14:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-06 14:04 - 2017-05-06 14:04 - 46872456 _____ (Mozilla) C:\Users\necro\Downloads\Firefox Setup 53.0.2.exe
2017-05-06 13:57 - 2017-05-06 13:57 - 00048892 _____ C:\Users\necro\Desktop\bookmarks-2017-05-06.json
2017-05-06 13:26 - 2017-05-06 13:26 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-06 11:26 - 2017-05-06 18:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-05-06 11:26 - 2017-05-06 13:44 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-05-06 11:26 - 2017-05-06 11:26 - 00001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-05-06 11:26 - 2017-05-06 11:26 - 00001452 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-05-06 11:26 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2017-05-06 11:25 - 2017-05-06 13:26 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-05-06 11:17 - 2017-05-06 11:21 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-05-06 11:17 - 2017-05-06 11:21 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-05-06 11:17 - 2017-05-06 11:21 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-05-06 11:17 - 2017-05-06 11:20 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-06 11:17 - 2017-05-06 11:20 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-05-06 11:17 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-05-06 11:16 - 2017-05-06 11:16 - 54199488 _____ (Malwarebytes ) C:\Users\necro\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2017-05-06 11:16 - 2017-05-06 11:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-06 01:20 - 2017-05-06 01:20 - 00007605 _____ C:\Users\necro\AppData\Local\Resmon.ResmonCfg
2017-05-05 23:58 - 2017-05-05 23:58 - 00000000 ____D C:\Users\necro\AppData\Local\AdAwareDesktop
2017-05-05 23:55 - 2017-05-05 23:55 - 00000000 ____D C:\Users\necro\AppData\Local\AdAwareUpdater
2017-05-05 23:54 - 2017-05-05 23:54 - 00000000 ____D C:\ProgramData\Lavasoft
2017-05-05 23:54 - 2017-05-05 23:54 - 00000000 ____D C:\Program Files\Common Files\adaware
2017-05-05 22:57 - 2017-05-06 18:31 - 00000000 ____D C:\Users\necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2017-05-05 22:57 - 2017-05-06 13:09 - 00000000 ____D C:\Users\necro\AppData\Local\Ubisoft Game Launcher
2017-05-05 22:57 - 2017-05-05 22:57 - 00001278 _____ C:\Users\necro\Desktop\Uplay.lnk
2017-05-05 22:57 - 2017-05-05 22:57 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2017-05-05 20:40 - 2017-05-07 09:57 - 00000000 ____D C:\AdwCleaner
2017-05-05 19:17 - 2017-05-05 19:17 - 00000000 ____D C:\Users\necro\AppData\Roaming\ESET
2017-05-05 19:14 - 2017-05-05 19:14 - 00000000 ____D C:\Users\necro\AppData\LocalLow\Unity
2017-05-05 19:14 - 2017-05-05 19:14 - 00000000 ____D C:\Users\necro\AppData\Local\Unity
2017-05-05 08:03 - 2017-05-05 08:03 - 00707298 _____ C:\Users\necro\Downloads\2286711.ppt
2017-05-01 13:18 - 2017-05-01 13:18 - 00048560 _____ C:\Users\necro\Downloads\nodemcu-cs.pdf
2017-04-15 23:19 - 2017-04-15 23:19 - 00000000 ____D C:\Users\necro\AppData\Roaming\The Creative Assembly
2017-04-15 13:27 - 2017-04-15 13:29 - 00000000 ____D C:\Users\necro\Documents\Caribbean!
2017-04-15 13:27 - 2017-04-15 13:28 - 00000000 ____D C:\Users\necro\AppData\Roaming\Caribbean!
2017-04-15 13:27 - 2017-04-15 13:27 - 00000000 ____D C:\Users\necro\Documents\SkidRow
2017-04-15 13:08 - 2017-04-15 13:08 - 00000000 ____D C:\Users\necro\AppData\Roaming\NVIDIA
2017-04-12 19:30 - 2017-03-28 07:37 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcWnsListener.dll
2017-04-12 19:30 - 2017-03-28 07:28 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-07 04:09 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-05-07 04:09 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF
2017-05-07 00:39 - 2017-03-18 22:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-06 23:09 - 2016-09-18 14:12 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-06 22:45 - 2017-03-20 06:39 - 00771022 _____ C:\WINDOWS\system32\perfh005.dat
2017-05-06 22:45 - 2017-03-20 06:39 - 00156956 _____ C:\WINDOWS\system32\perfc005.dat
2017-05-06 22:42 - 2016-09-16 23:57 - 00000000 ___RD C:\Users\necro\OneDrive
2017-05-06 22:40 - 2017-01-27 00:04 - 00000412 __RSH C:\ProgramData\ntuser.pol
2017-05-06 22:39 - 2017-03-12 18:32 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-06 22:38 - 2017-03-18 13:40 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-05-06 22:37 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Registration
2017-05-06 21:14 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-06 21:14 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-06 20:58 - 2016-09-16 23:55 - 00000000 ____D C:\Users\necro\AppData\Local\Packages
2017-05-06 20:45 - 2016-09-16 23:57 - 00002391 _____ C:\Users\necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-05-06 20:42 - 2017-02-06 23:44 - 00000000 ____D C:\Users\necro\AppData\Local\ConnectedDevicesPlatform
2017-05-06 20:41 - 2017-03-18 23:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-05-06 20:41 - 2016-11-21 06:46 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-06 19:24 - 2017-03-18 23:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-05-06 19:22 - 2017-03-18 23:06 - 00000000 ____D C:\WINDOWS\Setup
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\en-GB
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-05-06 19:21 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-05-06 19:17 - 2017-03-20 06:40 - 00000000 ____D C:\WINDOWS\OCR
2017-05-06 19:15 - 2017-03-20 06:41 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\system32\winrm
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\system32\WCN
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\system32\slmgr
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\IME
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-05-06 19:15 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\servicing
2017-05-06 19:08 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-05-06 19:08 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\MUI
2017-05-06 18:54 - 2016-09-19 04:36 - 00000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2017-05-06 18:52 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache
2017-05-06 18:52 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows NT
2017-05-06 18:51 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-05-06 18:51 - 2017-03-18 13:40 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2017-05-06 18:48 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-05-06 18:45 - 2017-03-20 06:41 - 00000000 ____D C:\WINDOWS\HoloShell
2017-05-06 18:45 - 2016-09-19 04:22 - 00023020 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-05-06 18:44 - 2017-03-18 23:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-05-06 18:37 - 2017-03-12 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-05-06 18:37 - 2017-01-23 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY
2017-05-06 18:37 - 2017-01-07 19:00 - 00000000 ____D C:\Users\necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Razor
2017-05-06 18:37 - 2016-12-04 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm Launcher
2017-05-06 18:37 - 2016-11-26 19:24 - 00000000 ____D C:\Users\necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mount&Blade Warband
2017-05-06 18:37 - 2016-11-24 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-05-06 18:37 - 2016-11-08 19:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFsam Basic
2017-05-06 18:37 - 2016-10-16 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-05-06 18:37 - 2016-09-27 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
2017-05-06 18:37 - 2016-09-18 14:13 - 00000000 ____D C:\Users\necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-05-06 18:37 - 2016-09-18 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-05-06 18:37 - 2016-09-18 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-05-06 18:37 - 2016-09-17 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2017-05-06 18:37 - 2016-09-17 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-05-06 18:37 - 2016-09-17 16:37 - 00000000 ____D C:\WINDOWS\SHELLNEW
2017-05-06 18:37 - 2016-09-17 14:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icewind Dale Enhanced Edition [GOG.com]
2017-05-06 18:37 - 2016-09-17 12:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2017-05-06 18:36 - 2017-03-18 23:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-05-06 18:36 - 2017-03-18 23:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-06 18:34 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-05-06 18:34 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-05-06 18:34 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-05-06 18:34 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-05-06 18:34 - 2017-03-11 19:52 - 00000000 ____D C:\WINDOWS\SysWOW64\Futuremark
2017-05-06 18:34 - 2016-11-09 04:30 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-05-06 18:33 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-05-06 18:33 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-05-06 18:33 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Common Files\System
2017-05-06 18:33 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-05-06 18:33 - 2017-03-12 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2017-05-06 18:33 - 2017-03-11 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
2017-05-06 18:33 - 2016-12-25 18:46 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-05-06 18:33 - 2016-11-09 04:30 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2017-05-06 18:33 - 2016-11-04 19:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-05-06 18:32 - 2015-07-10 13:04 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-05-06 18:29 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Help
2017-05-06 18:29 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-05-06 16:58 - 2017-03-12 22:12 - 00000000 ____D C:\Users\necro\AppData\Local\CrashDumps
2017-05-06 14:37 - 2016-09-16 23:55 - 00000000 ____D C:\Users\necro\AppData\Local\VirtualStore
2017-05-06 13:23 - 2016-09-17 02:39 - 00532136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-05-05 23:02 - 2016-09-21 19:25 - 00000000 ____D C:\Users\necro\Documents\My Games
2017-05-05 22:57 - 2016-09-19 20:28 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-05 21:09 - 2016-10-16 18:12 - 00000000 ____D C:\ProgramData\Oracle
2017-05-05 21:03 - 2016-10-16 18:12 - 00000000 ____D C:\Program Files (x86)\Java
2017-05-05 21:02 - 2016-10-16 18:12 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-05-05 19:49 - 2016-12-04 22:22 - 00000000 ____D C:\Program Files (x86)\FirestormLauncher
2017-05-05 19:33 - 2016-09-18 14:27 - 00000000 ____D C:\Users\necro\AppData\Local\Steam
2017-05-04 12:02 - 2016-09-17 00:17 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-05-02 21:22 - 2016-09-17 00:10 - 00000000 ____D C:\Users\necro\AppData\Local\Battle.net
2017-05-02 21:22 - 2016-09-17 00:09 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-05-02 21:12 - 2016-09-17 21:33 - 00215128 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2017-05-02 21:12 - 2016-09-17 21:32 - 00215128 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2017-05-02 18:32 - 2016-12-22 21:42 - 00001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-05-02 18:32 - 2016-12-22 21:42 - 00001028 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-04-28 21:38 - 2016-09-20 20:17 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-28 18:38 - 2016-11-12 00:52 - 00000000 ____D C:\Users\necro\AppData\Roaming\Origin
2017-04-24 19:11 - 2016-10-16 17:59 - 00000000 ____D C:\Users\necro\Downloads\Subs
2017-04-21 20:43 - 2016-09-17 21:32 - 00348360 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2017-04-21 20:42 - 2016-11-12 00:50 - 00000000 ____D C:\ProgramData\Origin
2017-04-18 21:08 - 2016-11-12 00:51 - 00000000 ____D C:\Program Files (x86)\Origin
2017-04-12 23:14 - 2016-11-24 20:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-04-12 23:14 - 2016-11-24 20:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-04-11 23:02 - 2016-09-17 14:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-11 23:00 - 2016-09-17 14:00 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-11 22:58 - 2015-07-10 13:04 - 00000167 _____ C:\WINDOWS\win.ini
==================== Files in the root of some directories =======
2017-03-11 20:40 - 2017-03-12 19:03 - 1307648 _____ () C:\Users\necro\AppData\Local\file__0.localstorage
2017-01-23 20:55 - 2017-01-23 20:55 - 0000600 _____ () C:\Users\necro\AppData\Local\PUTTY.RND
2017-05-06 01:20 - 2017-05-06 01:20 - 0007605 _____ () C:\Users\necro\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Smart Security 10.0.390.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: ESET Smart Security 10.0.390.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\necro\Desktop" je 834 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDFSSvc.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdate.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
==================== End Of Log ==============================
Ran by necro (administrator) on X4 (07-05-2017 12:06:03)
Running from C:\Users\necro\Desktop
Loaded Profiles: necro (Available Profiles: necro)
Platform: Windows 10 Pro Version 1703 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(ANDREA VACONDIO) C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.675.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.99.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\necro\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [454792 2016-05-25] (Power Software Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2389767171-3205384170-2924529595-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-26] (Valve Corporation)
HKU\S-1-5-21-2389767171-3205384170-2924529595-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2017-03-12]
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{b5fbcd0b-dcab-4cbf-b1d5-263fd2ffab55}: [DhcpNameServer] 192.168.100.1
Internet Explorer:
==================
HKU\S-1-5-21-2389767171-3205384170-2924529595-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-2389767171-3205384170-2924529595-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-05] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-05] (Oracle Corporation)
FireFox:
========
FF DefaultProfile: 23zg2mxx.default-1494074872078
FF ProfilePath: C:\Users\necro\AppData\Roaming\Mozilla\Firefox\Profiles\23zg2mxx.default-1494074872078 [2017-05-07]
FF Extension: (uBlock Origin) - C:\Users\necro\AppData\Roaming\Mozilla\Firefox\Profiles\23zg2mxx.default-1494074872078\Extensions\uBlock0@raymondhill.net.xpi [2017-05-06]
FF Extension: (Shield Recipe Client) - C:\Users\necro\AppData\Roaming\Mozilla\Firefox\Profiles\23zg2mxx.default-1494074872078\features\{969250c6-15c3-46a2-9b89-b4c0867dcb2c}\shield-recipe-client@mozilla.org.xpi [2017-05-06]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-12] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-12] ()
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2389767171-3205384170-2924529595-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\necro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2836296 2017-02-14] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2146704 2017-04-18] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3115928 2017-04-18] (Electronic Arts)
R2 PDFsam Manager; C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe [1050224 2015-11-13] (ANDREA VACONDIO)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2016-11-13] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10888944 2017-04-25] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2016-09-16] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [132272 2017-02-14] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [106768 2017-02-14] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2016-10-13] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180544 2017-02-14] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [49672 2017-02-14] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [77616 2017-02-14] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [96856 2017-02-14] (ESET)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2016-12-14] ()
S3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [102856 2017-05-06] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-05-06] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2017-05-06] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-05-06] (Malwarebytes)
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2016-09-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)
S3 NVVADARM; C:\WINDOWS\system32\drivers\nvvadarm.sys [40256 2014-09-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 RTL8023x64; C:\WINDOWS\System32\drivers\Rtnic64.sys [51712 2017-03-18] (Realtek Semiconductor Corporation )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 VMfilt; C:\WINDOWS\system32\drivers\VMfilt64.sys [42192 2016-09-16] (Creative Technology Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 ykinw8; C:\WINDOWS\System32\drivers\ykinx64.sys [288768 2017-03-18] (Marvell)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-07 10:03 - 2015-07-10 13:02 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170507-100300.backup
2017-05-06 22:44 - 2017-05-06 22:44 - 00000000 ____D C:\Users\necro\AppData\Local\DBG
2017-05-06 22:37 - 2017-05-06 22:37 - 00000000 ____D C:\Users\necro\AppData\Local\PeerDistRepub
2017-05-06 22:34 - 2017-05-06 22:34 - 04102600 _____ C:\Users\necro\Desktop\adwcleaner_6.046.exe
2017-05-06 21:24 - 2017-05-07 12:07 - 00014720 _____ C:\Users\necro\Desktop\FRST.txt
2017-05-06 21:24 - 2017-05-07 12:06 - 00000000 ____D C:\FRST
2017-05-06 21:22 - 2017-05-06 21:23 - 00001376 _____ C:\Users\necro\Desktop\Rkill.txt
2017-05-06 21:22 - 2017-05-06 21:22 - 00112640 _____ (forum.viry.cz) C:\Users\necro\Desktop\FRSTLauncher.exe
2017-05-06 21:21 - 2017-05-06 21:21 - 02429440 _____ (Farbar) C:\Users\necro\Desktop\FRST64.exe
2017-05-06 20:45 - 2017-05-06 20:45 - 00000000 ___HD C:\OneDriveTemp
2017-05-06 20:43 - 2017-05-06 20:43 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-05-06 20:41 - 2017-05-06 20:41 - 00000020 ___SH C:\Users\necro\ntuser.ini
2017-05-06 19:22 - 2017-05-06 19:22 - 00000000 ____D C:\Windows.old
2017-05-06 19:21 - 2017-05-06 19:21 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 01627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-05-06 19:21 - 2017-05-06 19:21 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00387416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-05-06 19:21 - 2017-05-06 19:21 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-05-06 19:21 - 2017-05-06 19:21 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 23680512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 20506112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 20374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 08321440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 08246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 06761048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 04848440 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02651648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02444184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-06 19:20 - 2017-05-06 19:20 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-06 19:20 - 2017-05-06 19:20 - 01885696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01452960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01411640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01323880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 01103872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01074688 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01024416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00986592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00626520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-05-06 19:20 - 2017-05-06 19:20 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-05-06 19:20 - 2017-05-06 19:20 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00206232 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-05-06 19:20 - 2017-05-06 19:20 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-05-06 19:16 - 2017-05-06 19:16 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-05-06 19:16 - 2017-05-06 19:16 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-05-06 19:16 - 2017-03-17 23:00 - 05739008 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0009.dll
2017-05-06 19:16 - 2017-03-17 22:59 - 02629120 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0009.dll
2017-05-06 19:16 - 2017-03-17 22:48 - 06348288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0009.dll
2017-05-06 19:16 - 2017-03-17 22:43 - 02629120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0009.dll
2017-05-06 19:16 - 2017-03-17 22:35 - 05484544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0009.dll
2017-05-06 19:10 - 2017-05-06 19:10 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-05-06 19:10 - 2017-05-06 18:25 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-05-06 19:08 - 2017-05-06 19:08 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2017-05-06 19:08 - 2017-05-06 19:08 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-05-06 19:08 - 2017-05-06 19:08 - 00000000 ____D C:\Program Files\MSBuild
2017-05-06 19:08 - 2017-05-06 19:08 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-05-06 19:08 - 2017-05-06 18:37 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-05-06 19:08 - 2017-02-10 12:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-05-06 19:08 - 2017-02-10 12:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-05-06 19:08 - 2017-02-10 12:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-05-06 19:08 - 2017-02-10 12:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-05-06 19:08 - 2017-02-10 12:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-05-06 19:08 - 2017-02-10 12:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-05-06 18:49 - 2017-05-06 18:50 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-05-06 18:49 - 2017-05-06 18:50 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-05-06 18:46 - 2017-05-06 22:45 - 01817844 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-06 18:45 - 2017-05-06 22:53 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-05-06 18:45 - 2017-05-06 22:39 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-06 18:45 - 2017-05-06 20:45 - 00003264 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-05-06 18:45 - 2017-05-06 18:45 - 00003362 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-05-06 18:45 - 2017-05-06 18:45 - 00002594 _____ C:\WINDOWS\System32\Tasks\news1freeorgvcomm
2017-05-06 18:45 - 2017-05-06 18:45 - 00002128 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2017-05-06 18:45 - 2017-05-06 18:45 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-05-06 18:45 - 2017-05-06 18:45 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-05-06 18:36 - 2017-05-06 18:36 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-05-06 18:36 - 2017-05-06 18:36 - 00000000 ____D C:\ProgramData\USOShared
2017-05-06 18:32 - 2017-05-06 18:37 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-05-06 18:30 - 2017-05-06 22:41 - 00000000 ____D C:\Users\necro
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Šablony
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Soubory cookie
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Poslední
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Okolní tiskárny
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Okolní síť
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Nabídka Start
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Dokumenty
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Documents\Obrázky
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Documents\Hudba
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Documents\Filmy
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Data aplikací
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\AppData\Local\Data aplikací
2017-05-06 18:29 - 2017-05-06 18:33 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-05-06 18:29 - 2017-05-06 18:33 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-05-06 18:29 - 2017-05-06 18:33 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-05-06 18:29 - 2017-05-06 18:29 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2017-05-06 18:29 - 2017-05-06 18:29 - 00000000 ____D C:\Program Files\VIA
2017-05-06 18:29 - 2016-12-29 14:44 - 06386232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-05-06 18:29 - 2016-12-29 14:44 - 02477624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-05-06 18:29 - 2016-12-29 14:44 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-05-06 18:29 - 2016-12-29 14:44 - 00546752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-05-06 18:29 - 2016-12-29 14:44 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-05-06 18:29 - 2016-12-29 14:44 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-05-06 18:29 - 2016-12-29 14:44 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-05-06 18:29 - 2016-12-19 09:26 - 07651057 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-05-06 18:28 - 2017-05-06 18:28 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-05-06 18:28 - 2017-03-18 22:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-05-06 18:25 - 2017-05-07 12:01 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-06 18:25 - 2017-05-06 22:40 - 00390768 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-06 17:52 - 2017-05-06 17:52 - 00001568 _____ C:\EsgInstallerResumeAction_8cd65407ae08cb56a786a82cb034ae18
2017-05-06 17:35 - 2017-05-06 20:41 - 00000000 ___DC C:\WINDOWS\Panther
2017-05-06 17:35 - 2017-05-06 17:44 - 00000000 ___HD C:\$WINDOWS.~BT
2017-05-06 17:33 - 2017-05-06 17:35 - 00000036 _____ C:\WINDOWS\progress.ini
2017-05-06 17:27 - 2017-05-06 20:41 - 00000000 ____D C:\Windows10Upgrade
2017-05-06 17:27 - 2017-05-06 20:40 - 00000000 ___HD C:\$GetCurrent
2017-05-06 17:27 - 2017-05-06 17:27 - 00000731 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pomocník při upgradu na Windows 10.lnk
2017-05-06 17:26 - 2017-05-06 17:27 - 06385872 _____ (Microsoft Corporation) C:\Users\necro\Downloads\Windows10Upgrade9252.exe
2017-05-06 16:35 - 2017-05-06 16:35 - 00000000 _____ C:\autoexec.bat
2017-05-06 15:21 - 2017-05-06 15:27 - 00001051 _____ C:\runcheck.txt
2017-05-06 14:54 - 2017-05-06 15:21 - 01309184 _____ C:\Users\necro\Downloads\zoek.exe
2017-05-06 14:54 - 2017-05-06 15:18 - 01663672 _____ (Malwarebytes) C:\Users\necro\Downloads\JRT.exe
2017-05-06 14:52 - 2017-05-06 14:52 - 09390672 _____ (Piriform Ltd) C:\Users\necro\Downloads\ccsetup529.exe
2017-05-06 14:37 - 2017-05-06 14:37 - 00388608 _____ (Trend Micro Inc.) C:\Users\necro\Downloads\hijackthis.exe
2017-05-06 14:05 - 2017-05-07 12:04 - 00000000 ____D C:\Users\necro\AppData\LocalLow\Mozilla
2017-05-06 14:05 - 2017-05-06 14:09 - 00000000 ____D C:\Users\necro\AppData\Local\Mozilla
2017-05-06 14:05 - 2017-05-06 14:05 - 00000000 ____D C:\Users\necro\AppData\Roaming\Mozilla
2017-05-06 14:05 - 2017-05-06 14:05 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-05-06 14:05 - 2017-05-06 14:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-06 14:04 - 2017-05-06 14:04 - 46872456 _____ (Mozilla) C:\Users\necro\Downloads\Firefox Setup 53.0.2.exe
2017-05-06 13:57 - 2017-05-06 13:57 - 00048892 _____ C:\Users\necro\Desktop\bookmarks-2017-05-06.json
2017-05-06 13:26 - 2017-05-06 13:26 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-06 11:26 - 2017-05-06 18:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-05-06 11:26 - 2017-05-06 13:44 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-05-06 11:26 - 2017-05-06 11:26 - 00001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-05-06 11:26 - 2017-05-06 11:26 - 00001452 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-05-06 11:26 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2017-05-06 11:25 - 2017-05-06 13:26 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-05-06 11:17 - 2017-05-06 11:21 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-05-06 11:17 - 2017-05-06 11:21 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-05-06 11:17 - 2017-05-06 11:21 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-05-06 11:17 - 2017-05-06 11:20 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-06 11:17 - 2017-05-06 11:20 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-05-06 11:17 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-05-06 11:16 - 2017-05-06 11:16 - 54199488 _____ (Malwarebytes ) C:\Users\necro\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2017-05-06 11:16 - 2017-05-06 11:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-06 01:20 - 2017-05-06 01:20 - 00007605 _____ C:\Users\necro\AppData\Local\Resmon.ResmonCfg
2017-05-05 23:58 - 2017-05-05 23:58 - 00000000 ____D C:\Users\necro\AppData\Local\AdAwareDesktop
2017-05-05 23:55 - 2017-05-05 23:55 - 00000000 ____D C:\Users\necro\AppData\Local\AdAwareUpdater
2017-05-05 23:54 - 2017-05-05 23:54 - 00000000 ____D C:\ProgramData\Lavasoft
2017-05-05 23:54 - 2017-05-05 23:54 - 00000000 ____D C:\Program Files\Common Files\adaware
2017-05-05 22:57 - 2017-05-06 18:31 - 00000000 ____D C:\Users\necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2017-05-05 22:57 - 2017-05-06 13:09 - 00000000 ____D C:\Users\necro\AppData\Local\Ubisoft Game Launcher
2017-05-05 22:57 - 2017-05-05 22:57 - 00001278 _____ C:\Users\necro\Desktop\Uplay.lnk
2017-05-05 22:57 - 2017-05-05 22:57 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2017-05-05 20:40 - 2017-05-07 09:57 - 00000000 ____D C:\AdwCleaner
2017-05-05 19:17 - 2017-05-05 19:17 - 00000000 ____D C:\Users\necro\AppData\Roaming\ESET
2017-05-05 19:14 - 2017-05-05 19:14 - 00000000 ____D C:\Users\necro\AppData\LocalLow\Unity
2017-05-05 19:14 - 2017-05-05 19:14 - 00000000 ____D C:\Users\necro\AppData\Local\Unity
2017-05-05 08:03 - 2017-05-05 08:03 - 00707298 _____ C:\Users\necro\Downloads\2286711.ppt
2017-05-01 13:18 - 2017-05-01 13:18 - 00048560 _____ C:\Users\necro\Downloads\nodemcu-cs.pdf
2017-04-15 23:19 - 2017-04-15 23:19 - 00000000 ____D C:\Users\necro\AppData\Roaming\The Creative Assembly
2017-04-15 13:27 - 2017-04-15 13:29 - 00000000 ____D C:\Users\necro\Documents\Caribbean!
2017-04-15 13:27 - 2017-04-15 13:28 - 00000000 ____D C:\Users\necro\AppData\Roaming\Caribbean!
2017-04-15 13:27 - 2017-04-15 13:27 - 00000000 ____D C:\Users\necro\Documents\SkidRow
2017-04-15 13:08 - 2017-04-15 13:08 - 00000000 ____D C:\Users\necro\AppData\Roaming\NVIDIA
2017-04-12 19:30 - 2017-03-28 07:37 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcWnsListener.dll
2017-04-12 19:30 - 2017-03-28 07:28 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-07 04:09 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-05-07 04:09 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF
2017-05-07 00:39 - 2017-03-18 22:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-06 23:09 - 2016-09-18 14:12 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-06 22:45 - 2017-03-20 06:39 - 00771022 _____ C:\WINDOWS\system32\perfh005.dat
2017-05-06 22:45 - 2017-03-20 06:39 - 00156956 _____ C:\WINDOWS\system32\perfc005.dat
2017-05-06 22:42 - 2016-09-16 23:57 - 00000000 ___RD C:\Users\necro\OneDrive
2017-05-06 22:40 - 2017-01-27 00:04 - 00000412 __RSH C:\ProgramData\ntuser.pol
2017-05-06 22:39 - 2017-03-12 18:32 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-06 22:38 - 2017-03-18 13:40 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-05-06 22:37 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Registration
2017-05-06 21:14 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-06 21:14 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-06 20:58 - 2016-09-16 23:55 - 00000000 ____D C:\Users\necro\AppData\Local\Packages
2017-05-06 20:45 - 2016-09-16 23:57 - 00002391 _____ C:\Users\necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-05-06 20:42 - 2017-02-06 23:44 - 00000000 ____D C:\Users\necro\AppData\Local\ConnectedDevicesPlatform
2017-05-06 20:41 - 2017-03-18 23:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-05-06 20:41 - 2016-11-21 06:46 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-06 19:24 - 2017-03-18 23:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-05-06 19:22 - 2017-03-18 23:06 - 00000000 ____D C:\WINDOWS\Setup
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\en-GB
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-05-06 19:21 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-05-06 19:17 - 2017-03-20 06:40 - 00000000 ____D C:\WINDOWS\OCR
2017-05-06 19:15 - 2017-03-20 06:41 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\system32\winrm
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\system32\WCN
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\system32\slmgr
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\IME
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-05-06 19:15 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\servicing
2017-05-06 19:08 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-05-06 19:08 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\MUI
2017-05-06 18:54 - 2016-09-19 04:36 - 00000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2017-05-06 18:52 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache
2017-05-06 18:52 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows NT
2017-05-06 18:51 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-05-06 18:51 - 2017-03-18 13:40 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2017-05-06 18:48 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-05-06 18:45 - 2017-03-20 06:41 - 00000000 ____D C:\WINDOWS\HoloShell
2017-05-06 18:45 - 2016-09-19 04:22 - 00023020 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-05-06 18:44 - 2017-03-18 23:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-05-06 18:37 - 2017-03-12 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-05-06 18:37 - 2017-01-23 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY
2017-05-06 18:37 - 2017-01-07 19:00 - 00000000 ____D C:\Users\necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Razor
2017-05-06 18:37 - 2016-12-04 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm Launcher
2017-05-06 18:37 - 2016-11-26 19:24 - 00000000 ____D C:\Users\necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mount&Blade Warband
2017-05-06 18:37 - 2016-11-24 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-05-06 18:37 - 2016-11-08 19:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFsam Basic
2017-05-06 18:37 - 2016-10-16 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-05-06 18:37 - 2016-09-27 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
2017-05-06 18:37 - 2016-09-18 14:13 - 00000000 ____D C:\Users\necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-05-06 18:37 - 2016-09-18 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-05-06 18:37 - 2016-09-18 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-05-06 18:37 - 2016-09-17 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2017-05-06 18:37 - 2016-09-17 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-05-06 18:37 - 2016-09-17 16:37 - 00000000 ____D C:\WINDOWS\SHELLNEW
2017-05-06 18:37 - 2016-09-17 14:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icewind Dale Enhanced Edition [GOG.com]
2017-05-06 18:37 - 2016-09-17 12:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2017-05-06 18:36 - 2017-03-18 23:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-05-06 18:36 - 2017-03-18 23:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-06 18:34 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-05-06 18:34 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-05-06 18:34 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-05-06 18:34 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-05-06 18:34 - 2017-03-11 19:52 - 00000000 ____D C:\WINDOWS\SysWOW64\Futuremark
2017-05-06 18:34 - 2016-11-09 04:30 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-05-06 18:33 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-05-06 18:33 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-05-06 18:33 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Common Files\System
2017-05-06 18:33 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-05-06 18:33 - 2017-03-12 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2017-05-06 18:33 - 2017-03-11 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
2017-05-06 18:33 - 2016-12-25 18:46 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-05-06 18:33 - 2016-11-09 04:30 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2017-05-06 18:33 - 2016-11-04 19:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-05-06 18:32 - 2015-07-10 13:04 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-05-06 18:29 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Help
2017-05-06 18:29 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-05-06 16:58 - 2017-03-12 22:12 - 00000000 ____D C:\Users\necro\AppData\Local\CrashDumps
2017-05-06 14:37 - 2016-09-16 23:55 - 00000000 ____D C:\Users\necro\AppData\Local\VirtualStore
2017-05-06 13:23 - 2016-09-17 02:39 - 00532136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-05-05 23:02 - 2016-09-21 19:25 - 00000000 ____D C:\Users\necro\Documents\My Games
2017-05-05 22:57 - 2016-09-19 20:28 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-05 21:09 - 2016-10-16 18:12 - 00000000 ____D C:\ProgramData\Oracle
2017-05-05 21:03 - 2016-10-16 18:12 - 00000000 ____D C:\Program Files (x86)\Java
2017-05-05 21:02 - 2016-10-16 18:12 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-05-05 19:49 - 2016-12-04 22:22 - 00000000 ____D C:\Program Files (x86)\FirestormLauncher
2017-05-05 19:33 - 2016-09-18 14:27 - 00000000 ____D C:\Users\necro\AppData\Local\Steam
2017-05-04 12:02 - 2016-09-17 00:17 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-05-02 21:22 - 2016-09-17 00:10 - 00000000 ____D C:\Users\necro\AppData\Local\Battle.net
2017-05-02 21:22 - 2016-09-17 00:09 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-05-02 21:12 - 2016-09-17 21:33 - 00215128 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2017-05-02 21:12 - 2016-09-17 21:32 - 00215128 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2017-05-02 18:32 - 2016-12-22 21:42 - 00001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-05-02 18:32 - 2016-12-22 21:42 - 00001028 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-04-28 21:38 - 2016-09-20 20:17 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-28 18:38 - 2016-11-12 00:52 - 00000000 ____D C:\Users\necro\AppData\Roaming\Origin
2017-04-24 19:11 - 2016-10-16 17:59 - 00000000 ____D C:\Users\necro\Downloads\Subs
2017-04-21 20:43 - 2016-09-17 21:32 - 00348360 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2017-04-21 20:42 - 2016-11-12 00:50 - 00000000 ____D C:\ProgramData\Origin
2017-04-18 21:08 - 2016-11-12 00:51 - 00000000 ____D C:\Program Files (x86)\Origin
2017-04-12 23:14 - 2016-11-24 20:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-04-12 23:14 - 2016-11-24 20:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-04-11 23:02 - 2016-09-17 14:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-11 23:00 - 2016-09-17 14:00 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-11 22:58 - 2015-07-10 13:04 - 00000167 _____ C:\WINDOWS\win.ini
==================== Files in the root of some directories =======
2017-03-11 20:40 - 2017-03-12 19:03 - 1307648 _____ () C:\Users\necro\AppData\Local\file__0.localstorage
2017-01-23 20:55 - 2017-01-23 20:55 - 0000600 _____ () C:\Users\necro\AppData\Local\PUTTY.RND
2017-05-06 01:20 - 2017-05-06 01:20 - 0007605 _____ () C:\Users\necro\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Smart Security 10.0.390.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: ESET Smart Security 10.0.390.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\necro\Desktop" je 834 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDFSSvc.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdate.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
==================== End Of Log ==============================
-
Rudy
- Site Admin
- Příspěvky: 119609
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Samovolné otevírání stránek
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
HKU\S-1-5-21-2389767171-3205384170-2924529595-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Samovolné otevírání stránek
Fix result of Farbar Recovery Scan Tool (x64) Version: 07-05-2017
Ran by necro (07-05-2017 12:56:23) Run:1
Running from C:\Users\necro\Desktop
Loaded Profiles: necro (Available Profiles: necro)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
HKU\S-1-5-21-2389767171-3205384170-2924529595-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
EmptyTemp:
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found.
"C:\WINDOWS\system32\GroupPolicy\User" => not found.
HKU\S-1-5-21-2389767171-3205384170-2924529595-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
=========== EmptyTemp: ==========
BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7469044 B
Java, Flash, Steam htmlcache => 35460500 B
Windows/system/drivers => 685951 B
Edge => 262593798 B
Chrome => 0 B
Firefox => 380047805 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 3266 B
NetworkService => 14280 B
necro => 10299861 B
RecycleBin => 68767269 B
EmptyTemp: => 735.7 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 12:56:45 ====
Ran by necro (07-05-2017 12:56:23) Run:1
Running from C:\Users\necro\Desktop
Loaded Profiles: necro (Available Profiles: necro)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
HKU\S-1-5-21-2389767171-3205384170-2924529595-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
EmptyTemp:
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found.
"C:\WINDOWS\system32\GroupPolicy\User" => not found.
HKU\S-1-5-21-2389767171-3205384170-2924529595-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
=========== EmptyTemp: ==========
BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7469044 B
Java, Flash, Steam htmlcache => 35460500 B
Windows/system/drivers => 685951 B
Edge => 262593798 B
Chrome => 0 B
Firefox => 380047805 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 3266 B
NetworkService => 14280 B
necro => 10299861 B
RecycleBin => 68767269 B
EmptyTemp: => 735.7 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 12:56:45 ====
-
Rudy
- Site Admin
- Příspěvky: 119609
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Samovolné otevírání stránek
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Samovolné otevírání stránek
Nikoliv, stále se zhruba jednou do hodiny otevře odkaz s reklamou
-
Rudy
- Site Admin
- Příspěvky: 119609
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Samovolné otevírání stránek
Spusťte ještě tyto skeny:
1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize
Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.
a
2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize
autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;
Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.
a
2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Samovolné otevírání stránek
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by necro on po 08. 05. 2017 at 7:38:52,93.
Microsoft Windows 10 Pro 10.0.15063 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\necro\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2017-05-06-132418.log 970 bytes
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\LocalLow deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\LocalLow deleted successfully
C:\Users\necro\AppData\Local\DBG deleted successfully
C:\Users\necro\AppData\Local\PeerDistRepub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\necro\AppData\Roaming\Mozilla\Firefox\Profiles\23zg2mxx.default-1494074872078\prefs.js:
Added to C:\Users\necro\AppData\Roaming\Mozilla\Firefox\Profiles\23zg2mxx.default-1494074872078\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Deleting Files \ Folders ======================
C:\found.000 deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\necro\AppData\Local\Unity deleted
C:\Users\necro\AppData\LocalLow\Unity deleted
C:\Users\necro\Downloads\UO_Renaissance_Client_Full.exe deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\necro\AppData\Roaming\Mozilla\Firefox\Profiles\23zg2mxx.default-1494074872078
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions ======================
ProfilePath: C:\Users\necro\AppData\Roaming\Mozilla\Firefox\Profiles\23zg2mxx.default-1494074872078
- uBlock Origin - %ProfilePath%\extensions\uBlock0@raymondhill.net.xpi
AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\necro\AppData\Roaming\Mozilla\Firefox\Profiles\23zg2mxx.default-1494074872078
F3CA2CB85343242C90065137BED6357D - c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll - Silverlight Plug-In
906061B57CF52CFE36F307F255B4D44E - c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrlui.dll - Microsoft® Silverlight
==== Chromium Look ======================
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IESR02"
==== Reset Google Chrome ======================
Nothing found to reset
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{85204665-3317-4953-BDB8-3BB60C75C130} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\necro\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\necro\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
C:\Users\necro\AppData\Local\Mozilla\Firefox\Profiles\23zg2mxx.default-1494074872078\cache2 will be emptied at reboot
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=53 folders=51 389781944 bytes)
==== Empty Temp Folders ======================
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\necro\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on po 08. 05. 2017 at 8:01:09,69 ======================
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Pro x64
Ran by necro (Administrator) on po 08. 05. 2017 at 8:03:34,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on po 08. 05. 2017 at 8:06:08,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tool run by necro on po 08. 05. 2017 at 7:38:52,93.
Microsoft Windows 10 Pro 10.0.15063 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\necro\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2017-05-06-132418.log 970 bytes
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\LocalLow deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\LocalLow deleted successfully
C:\Users\necro\AppData\Local\DBG deleted successfully
C:\Users\necro\AppData\Local\PeerDistRepub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\necro\AppData\Roaming\Mozilla\Firefox\Profiles\23zg2mxx.default-1494074872078\prefs.js:
Added to C:\Users\necro\AppData\Roaming\Mozilla\Firefox\Profiles\23zg2mxx.default-1494074872078\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Deleting Files \ Folders ======================
C:\found.000 deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\necro\AppData\Local\Unity deleted
C:\Users\necro\AppData\LocalLow\Unity deleted
C:\Users\necro\Downloads\UO_Renaissance_Client_Full.exe deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\necro\AppData\Roaming\Mozilla\Firefox\Profiles\23zg2mxx.default-1494074872078
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions ======================
ProfilePath: C:\Users\necro\AppData\Roaming\Mozilla\Firefox\Profiles\23zg2mxx.default-1494074872078
- uBlock Origin - %ProfilePath%\extensions\uBlock0@raymondhill.net.xpi
AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\necro\AppData\Roaming\Mozilla\Firefox\Profiles\23zg2mxx.default-1494074872078
F3CA2CB85343242C90065137BED6357D - c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll - Silverlight Plug-In
906061B57CF52CFE36F307F255B4D44E - c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrlui.dll - Microsoft® Silverlight
==== Chromium Look ======================
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IESR02"
==== Reset Google Chrome ======================
Nothing found to reset
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{85204665-3317-4953-BDB8-3BB60C75C130} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\necro\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\necro\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
C:\Users\necro\AppData\Local\Mozilla\Firefox\Profiles\23zg2mxx.default-1494074872078\cache2 will be emptied at reboot
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=53 folders=51 389781944 bytes)
==== Empty Temp Folders ======================
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\necro\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on po 08. 05. 2017 at 8:01:09,69 ======================
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Pro x64
Ran by necro (Administrator) on po 08. 05. 2017 at 8:03:34,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on po 08. 05. 2017 at 8:06:08,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Re: Samovolné otevírání stránek
A nyní ruská stránka s reklamou
-
Rudy
- Site Admin
- Příspěvky: 119609
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Samovolné otevírání stránek
FF zazálohujte pomocí MozBackup: http://www.stahuj.centrum.cz/utility_a_ ... mozbackup/ . Pak FF kompletně odinstalujte vč. jeho profilu (podadresáře Mozilla v c:\users\necro\appdata\local, c:\users\necro\appdata\roaming, c:\users\necro\data aplikací, c:\users\necro\local settings a v c:\program data musí být smazány). Potom udělejte novou, čistou instalaci FF a zpět ze zálohy nakopírujte pouze záložky a hesla.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Samovolné otevírání stránek
Dnes přeinstalováno + vymazáno vše s pojmenováním firefox/mozilla, instalace proveda do jiné složky a zatím to vypadá ok, dám vědět večer.
Přispějete na provoz fóra?