VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Virus se mi infikoval v alternativním vesmíru.

https://forum.viry.cz:443/viewtopic.php?t=148145

Stránka 1 z 2

Virus se mi infikoval v alternativním vesmíru.

Napsal: 01 bře 2016 15:08
od davidrohusch
Dobrý den. Řeším docela zajímavý problém. Moje IP adresa je na 2 blacklistech (Admin si to může ověřit.) S tím, že odesílání spamu z mé IP adresy je kritická blížící se k 0.001% celého spamu na internetu za den. Ale jak je možný, že se spam z mé IP adresy odesíla, i když mám vypojenou elektřinu? Je možný, aby někdo z mé IP adresy posílal spam bez toho, aby měl jakýkoli přístup k mému routeru? Nebo prostě jsem zešílel a jsem kapitánem vesmírné lodi? Děkuji.

Re: Virus se mi infikoval v alternativním vesmíru.

Napsal: 01 bře 2016 17:28
od Rudy
Zdravím!
Tak pokud máte wifi a někdo prolomil její zabezpečení, je klidně možné, že někdo jede na vaši IP. Můžeme zkontrolovat váš PC. Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Re: Virus se mi infikoval v alternativním vesmíru.

Napsal: 01 bře 2016 18:55
od davidrohusch
Také jsem přemýšlel o změně Ip adresy, neboť jak jsem říkal, spam odemne jde i přes vypnuté elektřině.

Kód: Vybrat vše

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-02-2016
Ran by David (administrator) on DAVID (01-03-2016 18:54:05)
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available Profiles: David)
Platform: Windows 8.1 Pro (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Scarlet.Crush Productions) C:\Program Files\Scarlet.Crush Productions\ScpService.exe
() C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Gigabyte Technology CO.) C:\Program Files\GIGABYTE\SmartRecovery2\RPMDaemon.exe
() C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [EasySettingBox] => C:\Program Files (x86)\Samsung\Easy Setting Box\EasySettingBox.exe [594944 2013-12-26] ()
HKLM\...\Run: [MsmqIntCert] => "C:\Windows\System32\regsvr32.exe" /s "C:\Windows\System32\mqrt.dll"
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4867784 2015-12-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-12-11] (Raptr, Inc)
HKLM-x32\...\Run: [EasySettingBox] => C:\Program Files (x86)\Samsung\Easy Setting Box\EasySettingBox.exe [594944 2013-12-26] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [DFX] => C:\Program Files (x86)\DFX\DFX.exe [1327096 2015-11-22] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.)
HKLM\...\RunOnce: [RPMKickstart] => C:\Program Files\GIGABYTE\SmartRecovery2\RPMKickstart.exe [2422272 2012-09-06] (Gigabyte Technology CO., LTD.)
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe [8192 2013-04-29] ()
HKU\S-1-5-21-398136189-1265110306-1008497695-1001\...\Run: [OscarEditor] => C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe [3340288 2012-03-20] ()
HKU\S-1-5-21-398136189-1265110306-1008497695-1001\...\Run: [GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [746648 2016-02-18] (Google Inc.)
HKU\S-1-5-21-398136189-1265110306-1008497695-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-398136189-1265110306-1008497695-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-398136189-1265110306-1008497695-1001\...\MountPoints2: {3b1cf69d-219e-11e5-8253-74d435774098} - "G:\setup_stronghold_crusader_extreme_hd_2.0.0.6.exe" 
HKU\S-1-5-21-398136189-1265110306-1008497695-1001\...\MountPoints2: {3b1cf6c9-219e-11e5-8253-74d435774098} - "D:\setup.exe" 
HKU\S-1-5-21-398136189-1265110306-1008497695-1001\...\MountPoints2: {3b1cfd5f-219e-11e5-8253-74d435774098} - "H:\setup.exe" 
HKU\S-1-5-21-398136189-1265110306-1008497695-1001\...\MountPoints2: {6194350c-b6d8-11e5-82a2-74d435774098} - "I:\autorun.exe" 
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk [2015-07-16]
ShortcutTarget: GameRanger.lnk -> C:\Users\David\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies)
BootExecute: autocheck autochk * sh4native Sh4Removal

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{B22C1844-9B2B-4F6B-BECB-A554BC0DD244}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{B22C1844-9B2B-4F6B-BECB-A554BC0DD244}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKU\S-1-5-21-398136189-1265110306-1008497695-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://seznam.cz/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-12] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-12] (Oracle Corporation)
Toolbar: HKLM-x32 - @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\SysWow64\Msdxm6.ocx [2000-04-21] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler-x32: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Windows\SysWow64\Msdxm6.ocx [2000-04-21] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\le5opsj6.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-31] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin HKU\S-1-5-21-398136189-1265110306-1008497695-1001: @nsroblox.roblox.com/launcher -> C:\Users\David\AppData\Local\Roblox\Versions\version-a1b8c1edf45b4959\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-398136189-1265110306-1008497695-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\David\AppData\Local\Roblox\Versions\version-a1b8c1edf45b4959\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-398136189-1265110306-1008497695-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\David\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-12] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\le5opsj6.default\user.js [2016-02-14]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)

Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.cz/
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Hide My IP Pro) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\albbiglcfndaaphglmeaejkhepckkfgf [2016-03-01]
CHR Extension: (Adblock Plus) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-16]
CHR Extension: (Chuck Anderson) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp [2015-11-03]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-16]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 Ds3Service; C:\Program Files\Scarlet.Crush Productions\ScpService.exe [381952 2014-03-13] (Scarlet.Crush Productions) [File not signed]
R2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16896 2015-04-14] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [16896 2016-02-25] (Microsoft Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [168448 2016-02-25] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3611808 2015-07-22] (INCA Internet Co., Ltd.)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-07] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2015-09-16] ()
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
S4 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe [102400 2013-02-22] (Gigabyte Technology CO., LTD.) [File not signed]
S4 UnsignedThemes; C:\Windows\unsignedthemes.exe [13824 2013-09-23] (The Within Network, LLC) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [102912 2015-07-15] (Advanced Micro Devices)
S3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2015-08-31] (Windows (R) Win 7 DDK provider)
R3 DFX12; C:\Windows\system32\drivers\dfx12x64.sys [29688 2015-11-12] (Windows (R) Win 7 DDK provider)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-07-05] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-11-12] (LogMeIn Inc.)
R3 Larmkanal; C:\Windows\system32\DRIVERS\Larmkanal.sys [33144 2015-04-23] (Adoriasoft LLC)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 PAC7302; C:\Windows\system32\DRIVERS\PAC7302.SYS [532480 2009-04-28] (PixArt Imaging Inc.)
R3 Phosgene; C:\Windows\system32\DRIVERS\Phosgene.sys [34168 2015-08-28] (Adoriasoft LLC)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
R2 uxstyle; C:\Windows\system32\Drivers\uxstyle.sys [31440 2013-09-23] (The Within Network, LLC)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2016-01-19] (Oracle Corporation)
R3 VCSVADHWSer; C:\Windows\system32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 X86BDA; C:\Windows\system32\DRIVERS\OEMDrv.sys [268416 2011-06-08] ( )
S3 cpuz138; \??\C:\Users\David\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-01 18:54 - 2016-03-01 18:54 - 00018518 _____ C:\Users\David\Desktop\FRST.txt
2016-03-01 18:52 - 2016-03-01 18:54 - 00000000 ____D C:\FRST
2016-03-01 18:52 - 2016-03-01 18:52 - 02371072 _____ (Farbar) C:\Users\David\Downloads\FRST64 (1).exe
2016-03-01 18:52 - 2016-03-01 18:52 - 02371072 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2016-03-01 18:47 - 2016-03-01 18:48 - 02206208 _____ ( ) C:\Users\David\Desktop\UNDERTALE PERFECT CLONE.exe
2016-03-01 18:31 - 2016-03-01 18:31 - 00016200 _____ C:\Users\David\Desktop\fEMALE 1.wav
2016-03-01 18:22 - 2016-03-01 18:22 - 00212816 _____ C:\Users\David\Downloads\textbox_engine_v4.zip
2016-03-01 18:19 - 2016-03-01 18:47 - 00000000 ____D C:\Users\David\AppData\Local\gm_ttt_98668
2016-03-01 17:30 - 2016-03-01 17:30 - 00003262 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2016-02-29 20:32 - 2016-02-29 20:32 - 00000824 _____ C:\Users\David\Desktop\RPG test.lnk
2016-02-29 20:32 - 2016-02-29 20:32 - 00000000 ____D C:\Users\David\RPG test
2016-02-29 15:45 - 2016-02-29 15:45 - 00063982 _____ C:\Users\David\Downloads\fg14x14hdtv.zip
2016-02-28 11:27 - 2016-02-28 11:27 - 00003402 _____ C:\Users\David\Desktop\second.txt
2016-02-28 11:11 - 2016-02-28 11:11 - 00003402 _____ C:\Users\David\Desktop\first.txt
2016-02-28 10:52 - 2016-02-28 10:52 - 01927444 _____ C:\Users\David\Downloads\WinMTR-v092.zip
2016-02-28 10:52 - 2015-04-29 10:24 - 00000000 ____D C:\Users\David\Desktop\WinMTR_x64
2016-02-27 20:25 - 2016-02-21 18:16 - 00000000 ____D C:\Users\David\Desktop\YandereSimFeb21stVer2
2016-02-27 19:42 - 2016-02-27 19:42 - 00005891 _____ C:\Users\David\Desktop\^0EB78B1443DF4BB5B0A1BC82C727861EE3E52514BC63ACE5E9^pimgpsh_thumbnail_win_distr.jpg
2016-02-27 17:51 - 2016-02-27 17:51 - 00012926 _____ C:\Users\David\AppData\Local\recently-used.xbel
2016-02-27 17:50 - 2016-02-27 17:51 - 00011739 _____ C:\Users\David\Desktop\^F6EF248B2568C0AA29620EEA1E4EA98DDD76E98FB5FAEA27F0^pimgpsh_thumbnail_win_distr.jpg
2016-02-27 16:47 - 2016-02-27 16:47 - 00000000 ____D C:\Users\David\AppData\Local\Zombie
2016-02-27 16:45 - 2016-02-27 16:46 - 02085376 _____ ( ) C:\Users\David\Downloads\ZombieTest.exe
2016-02-27 16:27 - 2016-02-27 16:57 - 574963461 _____ C:\Users\David\Downloads\YandereSimFeb21stVer2.rar
2016-02-27 11:31 - 2016-02-27 11:31 - 00015710 _____ C:\Users\David\Desktop\Process.txt
2016-02-27 11:31 - 2016-02-27 11:31 - 00004383 _____ C:\Users\David\Desktop\NetworkInfo.txt
2016-02-27 00:11 - 2016-02-27 00:11 - 00001017 _____ C:\Users\David\Downloads\Pacifist 9 (Dogi Fight).zip
2016-02-26 23:33 - 2016-02-26 23:33 - 00001181 _____ C:\Users\David\Desktop\DetermiToolkit.exe – zástupce.lnk
2016-02-26 18:38 - 2016-02-26 18:38 - 00001625 _____ C:\Users\Public\Desktop\League of Legends.lnk
2016-02-26 18:38 - 2016-02-26 18:38 - 00000000 ____D C:\Riot Games
2016-02-26 18:38 - 2016-02-26 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2016-02-26 18:38 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2016-02-26 18:38 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2016-02-26 18:38 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2016-02-26 18:37 - 2016-02-26 18:38 - 30993712 _____ (Riot Games) C:\Users\David\Downloads\LeagueofLegends_EUNE_Installer_9_15_2014.exe
2016-02-26 18:34 - 2016-02-26 18:34 - 00000000 ____D C:\Users\David\Desktop\Screenshots
2016-02-26 18:25 - 2016-02-15 18:31 - 00009457 _____ C:\Users\David\Desktop\2016-02-15T18-12-09_netlog.txt
2016-02-26 18:25 - 2016-01-03 21:27 - 00006941 _____ C:\Users\David\Desktop\2016-01-03T21-14-58_netlog.txt
2016-02-26 18:24 - 2015-11-06 21:12 - 00018605 _____ C:\Users\David\Desktop\2015-11-06T20-43-39_netlog.txt
2016-02-25 19:25 - 2016-02-25 19:27 - 00000000 ____D C:\Users\David\Desktop\Project2.gmx
2016-02-25 18:45 - 2016-02-25 18:45 - 00000000 ____D C:\ProgramData\KillPing
2016-02-25 18:43 - 2016-02-25 18:50 - 00000000 ____D C:\Program Files\Kill Ping
2016-02-25 18:43 - 2016-02-25 18:43 - 07730680 _____ (Kill Ping ) C:\Users\David\Downloads\Kill_Ping_0.0.36.19.exe
2016-02-25 18:43 - 2016-02-25 18:43 - 00000000 ____D C:\Users\David\AppData\Local\IsolatedStorage
2016-02-25 18:43 - 2016-02-25 18:43 - 00000000 ____D C:\ProgramData\Kill Ping
2016-02-25 18:16 - 2016-02-26 19:15 - 00000000 ____D C:\Users\David\AppData\Local\AMD
2016-02-25 18:16 - 2016-02-25 18:16 - 00000000 ____D C:\Program Files (x86)\AMD
2016-02-25 18:16 - 2016-02-25 18:16 - 00000000 _____ C:\Windows\ativpsrm.bin
2016-02-25 18:11 - 2016-02-25 18:13 - 263772800 _____ (AMD Inc.) C:\Users\David\Downloads\radeon-crimson-15.12-win8.1-64bit.exe
2016-02-25 18:10 - 2016-02-25 18:10 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-02-25 18:05 - 2016-02-25 18:05 - 00000000 ____D C:\Windows\SysWOW64\BestPractices
2016-02-25 18:05 - 2016-02-25 18:05 - 00000000 ____D C:\Windows\system32\msmq
2016-02-25 18:05 - 2016-02-25 18:05 - 00000000 ____D C:\Windows\system32\BestPractices
2016-02-25 18:05 - 2016-02-25 18:05 - 00000000 ____D C:\inetpub
2016-02-25 15:53 - 2016-02-25 15:53 - 09204041 _____ C:\Users\David\Downloads\Undertale - Papyrus date.mp4
2016-02-24 20:19 - 2016-02-24 20:19 - 02932415 _____ () C:\Users\David\Downloads\steen_papier_schaar.exe
2016-02-24 19:28 - 2016-02-24 19:56 - 00000000 ____D C:\Users\David\Desktop\Nová složka
2016-02-24 19:10 - 2016-02-24 19:10 - 14214664 _____ (EaseUS ) C:\Users\David\Downloads\drw_trial.exe
2016-02-24 19:10 - 2016-02-24 19:10 - 02085376 _____ ( ) C:\Users\David\Desktop\Kámen Nuzky papir-Default-1.0.0.exe
2016-02-24 13:59 - 2016-02-24 13:59 - 03686064 _____ (eVenture Limited ) C:\Users\David\Downloads\Hide.me-Setup-1.1.9.exe
2016-02-23 21:02 - 2016-02-23 21:02 - 04178797 _____ (Neo Generation Games) C:\Users\David\Downloads\UnderbattleEngineByNeoGenerationGames.exe
2016-02-23 19:57 - 2016-02-23 19:57 - 00114682 _____ C:\Users\David\Desktop\rock scicors paper.zip
2016-02-23 19:22 - 2016-02-23 19:22 - 08818688 _____ C:\Users\David\Downloads\hamachi.msi
2016-02-23 19:22 - 2016-02-23 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-02-23 19:22 - 2016-02-23 19:22 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2016-02-23 19:10 - 2016-02-23 19:10 - 00002162 _____ C:\Users\Public\Desktop\RollerCoaster Tycoon 2.lnk
2016-02-23 19:10 - 2016-02-23 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infogrames
2016-02-23 19:10 - 2016-02-23 19:10 - 00000000 ____D C:\Program Files (x86)\Infogrames
2016-02-23 17:04 - 2016-02-23 19:57 - 00000000 ____D C:\Users\David\Desktop\rock scicors paper
2016-02-23 17:02 - 2016-02-23 17:03 - 08587873 _____ C:\Users\David\Downloads\OpenRCT2-0.0.4.0-develop-7d158b9-windows.zip
2016-02-22 21:00 - 2016-02-22 21:01 - 03987566 _____ C:\Users\David\Desktop\Komiks 2.mp4
2016-02-22 20:49 - 2016-02-22 20:49 - 04380022 _____ C:\Users\David\Desktop\Komiks.mp4
2016-02-22 20:41 - 2016-02-22 20:41 - 06129344 _____ (CyberPower Tech, Inc. ) C:\Users\David\Downloads\FreeMP3WMAOGGConverter-CNET.exe
2016-02-22 20:41 - 2016-02-22 20:41 - 00000000 ____D C:\Users\David\AppData\Roaming\New Version Available
2016-02-22 20:41 - 2016-02-22 20:41 - 00000000 ____D C:\Users\David\AppData\Roaming\Free MP3 WMA OGG Converter
2016-02-22 17:12 - 2016-02-22 17:12 - 00014032 _____ C:\Users\David\Downloads\the.simpsons.s27.e14.gal.of.constant.sorrow.(2016).cze.1cd.(6518166).zip
2016-02-22 16:36 - 2016-02-22 16:36 - 00000954 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2016-02-22 16:36 - 2016-02-22 16:36 - 00000946 _____ C:\Users\David\Desktop\osu!.lnk
2016-02-22 16:34 - 2016-02-22 18:01 - 00000000 ____D C:\Users\David\AppData\Local\osu!
2016-02-22 16:34 - 2016-02-22 16:34 - 00000000 ____D C:\Users\David\Downloads\Localisation
2016-02-22 16:32 - 2016-02-22 16:32 - 04464696 _____ (ppy) C:\Users\David\Downloads\osu!install.exe
2016-02-21 21:24 - 2016-02-21 21:24 - 00021464 _____ C:\Users\David\Downloads\4gb_patch.zip
2016-02-21 21:22 - 2016-02-21 21:22 - 00852183 _____ C:\Users\David\Downloads\7z1512-extra.7z
2016-02-21 14:47 - 2016-02-21 14:48 - 00000000 ____D C:\Users\David\Downloads\Cannon Spike
2016-02-21 14:39 - 2016-02-21 14:44 - 134702644 _____ C:\Users\David\Downloads\Cannon Spike.rar
2016-02-21 14:30 - 2016-02-21 14:30 - 04418381 _____ C:\Users\David\Desktop\Nová složka (2).rar
2016-02-21 14:25 - 2016-02-21 14:25 - 00001224 _____ C:\Users\David\Desktop\UNDERTALE – zástupce.lnk
2016-02-21 13:34 - 2016-02-24 21:45 - 00150486 ____H C:\Users\David\Desktop\~WRL0060.tmp
2016-02-19 18:53 - 2016-02-19 18:53 - 00000000 ____D C:\Users\David\AppData\Roaming\SYSTEMAX Software Development
2016-02-19 18:53 - 2016-02-19 18:53 - 00000000 ____D C:\ProgramData\SYSTEMAX Software Development
2016-02-19 16:36 - 2016-02-19 16:36 - 00002760 _____ C:\Windows\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance
2016-02-18 16:54 - 2016-02-18 16:58 - 00000000 ____D C:\Program Files (x86)\DFX
2016-02-18 16:54 - 2016-02-18 16:54 - 00001682 _____ C:\Users\Public\Desktop\DFX.lnk
2016-02-18 16:54 - 2016-02-18 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DFX Audio Enhancer
2016-02-18 15:21 - 2016-02-18 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.1
2016-02-18 15:21 - 2016-02-18 15:21 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-02-18 15:21 - 2016-02-16 00:27 - 00125720 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-02-18 15:21 - 2016-02-16 00:26 - 00126232 _____ C:\Windows\system32\vulkan-1.dll
2016-02-18 15:21 - 2016-02-16 00:25 - 00045848 _____ C:\Windows\system32\vulkaninfo.exe
2016-02-18 15:21 - 2016-02-16 00:25 - 00042264 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-02-18 15:19 - 2016-02-25 18:13 - 00000000 ____D C:\AMD
2016-02-17 17:27 - 2016-02-17 17:40 - 00000000 ____D C:\Users\David\Desktop\Tutorial.gmx
2016-02-17 15:16 - 2016-02-17 15:16 - 00000000 ____D C:\Users\David\AppData\Local\DFX
2016-02-17 15:15 - 2016-02-17 15:15 - 00000000 ____D C:\Users\Guest\AppData\Roaming\vlc
2016-02-17 15:15 - 2016-02-17 15:15 - 00000000 ____D C:\Users\Guest
2016-02-17 15:15 - 2016-02-17 15:15 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
2016-02-16 21:43 - 2016-03-01 18:49 - 00000000 ___HD C:\44eZxd78YEXRM0yi
2016-02-16 21:43 - 2016-03-01 17:34 - 00030126 _____ C:\spyhunter.fix
2016-02-16 21:43 - 2016-02-16 21:05 - 00025984 _____ C:\Windows\SysWOW64\sh4native.exe
2016-02-16 21:38 - 2016-02-16 21:38 - 06926336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdvlk64.dll
2016-02-16 21:34 - 2016-02-16 21:34 - 05394432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdvlk32.dll
2016-02-16 20:57 - 2016-02-16 20:57 - 00000000 _____ C:\autoexec.bat
2016-02-16 20:55 - 2016-02-16 20:55 - 00209920 _____ C:\Windows\system32\GameManager64.dll
2016-02-16 20:55 - 2016-02-16 20:55 - 00186368 _____ C:\Windows\SysWOW64\GameManager32.dll
2016-02-16 17:09 - 2015-09-13 19:22 - 00563673 _____ C:\Users\David\Desktop\audio23.ogg
2016-02-16 17:08 - 2016-02-16 17:08 - 00371388 _____ C:\Users\David\Desktop\audioclip-1455638863.ogg
2016-02-16 17:07 - 2015-09-13 19:23 - 01043131 _____ C:\Users\David\Desktop\mus_ruins.ogg
2016-02-16 15:50 - 2016-02-16 15:50 - 00000000 ____D C:\Users\Default\AppData\Roaming\AVG
2016-02-16 15:50 - 2016-02-16 15:50 - 00000000 ____D C:\Users\Default\AppData\Local\AVG
2016-02-16 15:50 - 2016-02-16 15:50 - 00000000 ____D C:\Users\Default User\AppData\Roaming\AVG
2016-02-16 15:50 - 2016-02-16 15:50 - 00000000 ____D C:\Users\Default User\AppData\Local\AVG
2016-02-16 14:58 - 2016-02-16 14:58 - 03326372 _____ C:\Users\David\Desktop\toby fox - UNDERTALE Soundtrack - 72 Song That Might Play When You Fight Sans.ogg
2016-02-16 00:27 - 2016-02-16 00:27 - 00125720 _____ C:\Windows\SysWOW64\vulkan-1-1-0-3-1.dll
2016-02-16 00:26 - 2016-02-16 00:26 - 00126232 _____ C:\Windows\system32\vulkan-1-1-0-3-1.dll
2016-02-16 00:25 - 2016-02-16 00:25 - 00045848 _____ C:\Windows\system32\vulkaninfo-1-1-0-3-1.exe
2016-02-16 00:25 - 2016-02-16 00:25 - 00042264 _____ C:\Windows\SysWOW64\vulkaninfo-1-1-0-3-1.exe
2016-02-14 20:10 - 2016-02-14 20:10 - 00000000 ____D C:\Users\David\AppData\Local\TetrisAttackArmageddon
2016-02-14 15:07 - 2016-02-14 15:30 - 00000000 ____D C:\Users\David\VirtualBox VMs
2016-02-14 14:59 - 2016-02-14 14:59 - 03189760 _____ ( ) C:\Users\David\Desktop\slon kopie.exe
2016-02-14 01:37 - 2016-02-14 01:37 - 00000366 _____ C:\Windows\Tasks\0116pizUpdateInfo.job
2016-02-14 01:37 - 2016-02-14 01:37 - 00000000 ____D C:\ProgramData\Avg_Update_0116piz
2016-02-14 01:36 - 2016-02-16 16:28 - 00000000 ____D C:\Users\David\AppData\Roaming\AVG
2016-02-14 01:35 - 2016-02-25 18:13 - 00000000 ___HD C:\$AVG
2016-02-14 01:35 - 2016-02-14 01:35 - 00000000 ____D C:\Users\David\AppData\Roaming\TuneUp Software
2016-02-14 01:34 - 2016-02-25 18:16 - 00000000 ____D C:\ProgramData\Avg
2016-02-14 01:34 - 2016-02-25 18:16 - 00000000 ____D C:\Program Files (x86)\AVG
2016-02-14 01:34 - 2016-02-25 18:15 - 00000000 ____D C:\Users\David\AppData\Local\AvgSetupLog
2016-02-14 01:34 - 2016-02-25 18:14 - 00000000 ____D C:\Users\David\AppData\Local\Avg
2016-02-14 01:34 - 2016-02-25 18:14 - 00000000 ____D C:\ProgramData\MFAData
2016-02-14 01:34 - 2016-02-14 01:34 - 00000000 ____D C:\Users\David\AppData\Local\MFAData
2016-02-13 14:25 - 2016-02-13 14:25 - 11220086 _____ () C:\Users\David\Desktop\Underwater Submarine.exe
2016-02-13 13:45 - 2016-02-13 23:18 - 00000000 ____D C:\Users\David\Desktop\Project1.gmx
2016-02-13 00:24 - 2016-02-21 21:24 - 00000000 ____D C:\Users\David\Desktop\UNDERTALE TRANSLATE
2016-02-12 23:01 - 2016-02-12 23:02 - 02072064 _____ ( ) C:\Users\David\Desktop\RPG TEST 2.exe
2016-02-12 21:05 - 2016-02-12 22:59 - 00000494 _____ C:\Windows\ntbtlog.txt
2016-02-12 21:02 - 2016-02-12 21:02 - 00002747 _____ C:\Users\Public\Desktop\Skype.lnk
2016-02-12 21:02 - 2016-02-12 21:02 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-02-12 21:02 - 2016-02-12 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-02-12 20:59 - 2016-02-12 20:59 - 00000000 ____D C:\NPE
2016-02-12 13:59 - 2016-02-12 13:59 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-02-12 13:59 - 2016-02-12 13:59 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-12 13:59 - 2015-10-10 09:16 - 00110688 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2016-02-12 12:31 - 2016-02-12 12:51 - 00000000 ____D C:\KVRT_Data
2016-02-11 23:33 - 2016-02-11 23:33 - 00000000 ____D C:\Users\David\AppData\Local\CoherentLabs
2016-02-11 23:31 - 2016-02-11 23:31 - 01194185 _____ C:\Windows\unins001.exe
2016-02-11 23:31 - 2016-02-11 23:31 - 01194185 _____ C:\Windows\unins000.exe
2016-02-11 23:31 - 2016-02-11 23:31 - 00002821 _____ C:\Windows\unins001.dat
2016-02-11 23:31 - 2016-02-11 23:31 - 00002811 _____ C:\Windows\unins000.dat
2016-02-11 23:31 - 2016-02-11 23:31 - 00000000 ____D C:\Program Files (x86)\Phosgene
2016-02-11 23:31 - 2016-02-11 23:31 - 00000000 ____D C:\Program Files (x86)\Larmkanal
2016-02-11 23:31 - 2015-08-28 16:00 - 00034168 _____ (Adoriasoft LLC) C:\Windows\system32\Drivers\Phosgene.sys
2016-02-11 23:31 - 2015-04-23 17:32 - 00033144 _____ (Adoriasoft LLC) C:\Windows\system32\Drivers\Larmkanal.sys
2016-02-11 23:30 - 2016-02-11 23:30 - 00000000 ____D C:\Program Files (x86)\directx
2016-02-11 23:28 - 2016-02-12 13:08 - 00000000 ____D C:\Program Files (x86)\Holotech Studios
2016-02-11 22:10 - 2016-02-11 22:10 - 00000220 _____ C:\Users\David\Desktop\Source Filmmaker.url
2016-02-11 12:29 - 2016-02-11 12:29 - 00000219 _____ C:\Users\David\Desktop\Team Fortress 2.url
2016-02-10 13:15 - 2016-02-10 13:15 - 19156137 _____ C:\Users\David\Desktop\David.mp4
2016-02-09 21:23 - 2016-02-09 21:23 - 00001239 _____ C:\Users\David\Desktop\Play Jungle Heart.lnk
2016-02-09 21:23 - 2016-02-09 21:23 - 00001124 _____ C:\Users\David\Desktop\White Elephant Games.lnk
2016-02-09 21:23 - 2016-02-09 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\White Elephant
2016-02-09 21:23 - 2016-02-09 21:23 - 00000000 ____D C:\Program Files (x86)\White Elephant
2016-02-09 12:26 - 2016-03-01 17:31 - 00000000 ____D C:\Users\David\AppData\Local\CrashDumps
2016-02-09 11:59 - 2016-02-09 12:12 - 00000000 ____D C:\Users\David\Desktop\Nová složka (2)
2016-02-08 23:20 - 2016-02-25 17:53 - 00000000 ____D C:\Users\David\AppData\Local\Android
2016-02-08 15:51 - 2016-02-08 16:02 - 00226500 _____ C:\TDSSKiller.3.1.0.9_08.02.2016_15.51.40_log.txt
2016-02-08 15:30 - 2016-02-13 11:23 - 00000000 ____D C:\Users\David\AppData\Local\NPE
2016-02-08 13:55 - 2016-02-08 13:56 - 13056104 _____ C:\Users\David\Desktop\heavy vs spy.wav
2016-02-08 13:51 - 2016-02-08 13:52 - 05218096 _____ C:\Users\David\Desktop\I hate spikes.wav
2016-02-08 13:45 - 2016-02-08 13:45 - 01906220 _____ C:\Users\David\Desktop\WHATS A MIDI FILE(1).wav
2016-02-08 13:43 - 2016-02-08 13:44 - 01612965 _____ C:\Users\David\Desktop\Cammy's Theme [Arrange].ogg
2016-02-08 13:36 - 2012-01-19 19:09 - 00000000 ____D C:\Users\David\Desktop\MidiTool
2016-02-07 23:38 - 2016-02-07 23:38 - 00050031 _____ C:\Users\David\Desktop\megalovania.mid
2016-02-07 22:30 - 2016-02-07 22:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gigabyte
2016-02-07 19:03 - 2016-02-08 15:30 - 00000000 ____D C:\ProgramData\Norton
2016-02-07 19:03 - 2016-02-07 19:03 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-02-07 19:03 - 2016-02-07 19:03 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-02-07 16:55 - 2016-03-01 18:25 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-07 16:55 - 2016-02-09 19:25 - 00003802 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-07 16:34 - 2016-02-25 18:13 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-07 16:31 - 2016-02-07 16:31 - 00000000 ____D C:\ProgramData\CheckPoint
2016-02-04 18:14 - 2016-02-05 16:02 - 00000000 ____D C:\Users\David\AppData\Local\lolvochanger
2016-02-04 16:35 - 2016-02-04 16:45 - 00000000 ____D C:\Users\David\AppData\Roaming\Duelyst
2016-02-04 15:57 - 2016-02-07 21:19 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counterplay Games Inc
2016-02-04 15:57 - 2016-02-07 21:19 - 00000000 ____D C:\Users\David\AppData\Local\launcher
2016-02-04 15:57 - 2016-02-04 16:35 - 00000000 ____D C:\Users\David\.counterplay
2016-02-04 15:57 - 2016-02-04 15:57 - 00000000 ____D C:\Users\David\AppData\Roaming\DuelystLauncher
2016-02-04 15:57 - 2016-02-04 15:57 - 00000000 ____D C:\Users\David\AppData\Local\SquirrelTemp
2016-02-03 17:56 - 2016-02-03 17:57 - 00000000 ____D C:\Users\David\AppData\Local\gm_ttt_75545
2016-02-03 17:35 - 2016-02-03 17:36 - 00000000 ____D C:\Users\David\AppData\Local\gm_ttt_65595
2016-02-03 17:05 - 2016-02-03 17:05 - 00000000 ____D C:\ProgramData\0DB552820ACF02B51F081888F7877800
2016-02-03 16:40 - 2016-02-03 16:40 - 00000000 ____D C:\Users\David\AppData\Roaming\GameMaker-Studio
2016-02-01 19:37 - 2016-02-01 19:37 - 00000000 ____D C:\Users\David\AppData\LocalLow\Adobe
2016-02-01 19:28 - 2016-02-01 19:28 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-02-01 19:27 - 2016-02-07 16:14 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-02-01 19:27 - 2016-02-01 19:27 - 00001013 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2016-02-01 19:27 - 2016-02-01 19:27 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-02-01 19:27 - 2016-02-01 19:27 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-02-01 19:25 - 2016-02-07 16:14 - 00000000 ____D C:\ProgramData\Adobe
2016-02-01 19:23 - 2016-02-01 19:23 - 00001811 _____ C:\Users\David\Desktop\DOKUMENTY – zástupce.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-01 18:52 - 2015-07-02 17:10 - 00000000 __RDO C:\Users\David\SkyDrive
2016-03-01 18:51 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\inetsrv
2016-03-01 18:50 - 2015-07-02 18:12 - 00000000 ____D C:\Users\David\AppData\Roaming\Raptr
2016-03-01 18:50 - 2015-07-02 17:13 - 00000000 ____D C:\Users\David\AppData\Roaming\Skype
2016-03-01 18:49 - 2015-07-02 21:48 - 00000000 ____D C:\Program Files\Scarlet.Crush Productions
2016-03-01 18:49 - 2015-07-02 17:47 - 00026192 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2016-03-01 18:49 - 2015-07-02 17:42 - 00000968 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-01 18:49 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-01 18:48 - 2015-07-02 19:29 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-01 18:48 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-03-01 18:31 - 2015-07-10 22:07 - 00000000 ____D C:\Users\David\AppData\Roaming\Audacity
2016-03-01 18:17 - 2015-07-02 17:42 - 00000972 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-01 18:11 - 2015-07-02 17:15 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-398136189-1265110306-1008497695-1001
2016-03-01 17:29 - 2015-08-26 23:07 - 00000000 ____D C:\Program Files (x86)\Automatické vypnutí počítače
2016-03-01 16:36 - 2015-07-03 18:16 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-01 14:56 - 2015-07-02 17:11 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D9FFEED5-DA7F-45DB-8361-1B8868C862E3}
2016-02-29 20:48 - 2015-10-18 18:55 - 00000000 ____D C:\Users\David\.gimp-2.8
2016-02-29 20:32 - 2015-07-02 21:36 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-02-29 20:32 - 2015-07-02 17:06 - 00000000 ____D C:\Users\David
2016-02-29 15:52 - 2015-07-02 18:28 - 00000000 ____D C:\Users\David\AppData\Roaming\BitTorrent
2016-02-29 15:49 - 2016-01-25 15:57 - 00000000 ____D C:\Users\David\AppData\Roaming\vlc
2016-02-28 16:26 - 2015-07-18 21:14 - 00000000 ____D C:\Users\David\AppData\Roaming\TS3Client
2016-02-28 01:17 - 2016-01-22 18:20 - 00000000 ____D C:\Users\David\AppData\Local\UNDERTALE
2016-02-28 00:53 - 2015-08-13 20:16 - 00000000 ____D C:\Users\David\AppData\Local\Glyph
2016-02-28 00:51 - 2015-08-13 20:16 - 00000000 ____D C:\Program Files (x86)\Glyph
2016-02-27 17:51 - 2015-10-18 19:31 - 00000000 ____D C:\Users\David\AppData\Local\gtk-2.0
2016-02-27 11:19 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2016-02-26 19:15 - 2015-07-02 19:32 - 00000000 ____D C:\Users\David\AppData\Local\Battle.net
2016-02-26 19:15 - 2015-07-02 19:32 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-02-26 18:34 - 2015-07-02 20:18 - 00003287 _____ C:\Users\David\Desktop\game.cfg
2016-02-25 19:21 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2016-02-25 18:16 - 2015-11-26 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2016-02-25 18:16 - 2015-07-02 17:12 - 00000000 ____D C:\Program Files\AMD
2016-02-25 18:13 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-02-25 18:05 - 2015-07-02 17:18 - 00775724 _____ C:\Windows\system32\perfh005.dat
2016-02-25 18:05 - 2015-07-02 17:18 - 00164262 _____ C:\Windows\system32\perfc005.dat
2016-02-25 18:05 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2016-02-25 18:04 - 2015-07-18 11:39 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqsec.dll
2016-02-25 18:04 - 2015-07-18 11:39 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqad.dll
2016-02-25 18:04 - 2015-07-18 11:39 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqmigplugin.dll
2016-02-25 18:04 - 2015-07-18 11:39 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqcmiplugin.dll
2016-02-25 18:04 - 2015-07-18 11:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
2016-02-25 18:04 - 2015-07-18 11:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll
2016-02-25 18:04 - 2015-07-18 11:37 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
2016-02-25 18:04 - 2015-07-18 11:37 - 00015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
2016-02-25 18:04 - 2015-07-18 11:37 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
2016-02-25 18:04 - 2015-07-18 11:37 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
2016-02-25 18:04 - 2015-07-18 11:27 - 00236032 _____ (Microsoft Corporation) C:\Windows\system32\mqsec.dll
2016-02-25 18:04 - 2015-07-18 11:27 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\mqad.dll
2016-02-25 18:04 - 2015-07-18 11:27 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\mqcmiplugin.dll
2016-02-25 18:04 - 2015-07-18 11:27 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\mqmigplugin.dll
2016-02-25 18:04 - 2015-07-18 11:26 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
2016-02-25 18:04 - 2015-07-18 11:26 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
2016-02-25 18:04 - 2015-07-18 11:26 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll
2016-02-25 18:04 - 2015-07-18 11:26 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
2016-02-25 18:04 - 2015-07-18 11:26 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
2016-02-25 18:04 - 2015-07-18 11:26 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
2016-02-25 18:04 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2016-02-25 18:04 - 2013-08-22 12:44 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\mqoa.tlb
2016-02-25 18:04 - 2013-08-22 12:44 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\mqoa30.tlb
2016-02-25 18:04 - 2013-08-22 12:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\mqoa20.tlb
2016-02-25 18:04 - 2013-08-22 12:44 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\mqoa10.tlb
2016-02-25 18:04 - 2013-08-22 12:40 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mqac.sys
2016-02-25 18:04 - 2013-08-22 12:35 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\mqutil.dll
2016-02-25 18:04 - 2013-08-22 12:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\mqsvc.exe
2016-02-25 18:04 - 2013-08-22 12:32 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\infoctrs.dll
2016-02-25 18:04 - 2013-08-22 12:31 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\infoadmn.dll
2016-02-25 18:04 - 2013-08-22 12:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\mqbkup.exe
2016-02-25 18:04 - 2013-08-22 12:20 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\mqcertui.dll
2016-02-25 18:04 - 2013-08-22 11:53 - 00302080 _____ (Microsoft Corporation) C:\Windows\system32\mqoa.dll
2016-02-25 18:04 - 2013-08-22 11:51 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\mqtrig.dll
2016-02-25 18:04 - 2013-08-22 11:41 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\mqtgsvc.exe
2016-02-25 18:04 - 2013-08-22 11:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mqise.dll
2016-02-25 18:04 - 2013-08-22 11:23 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\mqrt.dll
2016-02-25 18:04 - 2013-08-22 11:19 - 00788992 _____ (Microsoft Corporation) C:\Windows\system32\mqsnap.dll
2016-02-25 18:04 - 2013-08-22 11:10 - 01408512 _____ (Microsoft Corporation) C:\Windows\system32\mqqm.dll
2016-02-25 18:04 - 2013-08-22 10:50 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\mqlogmgr.dll
2016-02-25 18:04 - 2013-08-22 07:59 - 00009096 _____ C:\Windows\system32\msmqtrc.mof
2016-02-25 18:04 - 2013-08-22 05:16 - 00095744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqoa.tlb
2016-02-25 18:04 - 2013-08-22 05:16 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqoa30.tlb
2016-02-25 18:04 - 2013-08-22 05:16 - 00054784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqoa20.tlb
2016-02-25 18:04 - 2013-08-22 05:16 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqoa10.tlb
2016-02-25 18:04 - 2013-08-22 05:06 - 00563712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqutil.dll
2016-02-25 18:04 - 2013-08-22 05:03 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infoctrs.dll
2016-02-25 18:04 - 2013-08-22 05:02 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infoadmn.dll
2016-02-25 18:04 - 2013-08-22 04:54 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqcertui.dll
2016-02-25 18:04 - 2013-08-22 04:31 - 00253440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqoa.dll
2016-02-25 18:04 - 2013-08-22 04:29 - 00165888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqtrig.dll
2016-02-25 18:04 - 2013-08-22 04:19 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqise.dll
2016-02-25 18:04 - 2013-08-22 04:08 - 00157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqrt.dll
2016-02-25 18:04 - 2013-08-22 04:05 - 00606720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqsnap.dll
2016-02-25 18:04 - 2013-08-22 00:55 - 00009096 _____ C:\Windows\SysWOW64\msmqtrc.mof
2016-02-24 18:53 - 2015-08-23 15:26 - 00000000 ____D C:\Windows\Minidump
2016-02-24 18:53 - 2015-07-02 17:02 - 00154991 ____N C:\Windows\Minidump\022416-39625-01.dmp
2016-02-24 14:01 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\tracing
2016-02-24 13:59 - 2015-07-02 17:42 - 00003944 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-24 13:59 - 2015-07-02 17:42 - 00003708 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-23 19:55 - 2015-07-03 17:08 - 00000000 ____D C:\Users\David\AppData\Local\LogMeIn Hamachi
2016-02-23 19:10 - 2015-07-02 17:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-23 16:31 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-02-23 16:28 - 2015-11-07 19:12 - 00000000 ____D C:\Users\David\AppData\Local\GameMaker-Studio
2016-02-21 19:24 - 2015-07-19 17:49 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2016-02-20 13:49 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
2016-02-20 11:18 - 2015-07-02 17:42 - 00002232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 23:12 - 2015-11-07 19:13 - 00000000 ____D C:\Users\David\AppData\Local\GameMakerPlayer
2016-02-18 22:26 - 2015-07-02 17:08 - 00000000 ____D C:\Users\David\AppData\Local\Packages
2016-02-18 18:21 - 2015-07-02 19:32 - 00000000 ____D C:\Users\David\AppData\Roaming\Battle.net
2016-02-18 18:21 - 2015-07-02 19:30 - 00000000 ____D C:\ProgramData\Battle.net
2016-02-18 16:57 - 2016-01-02 23:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-17 17:52 - 2015-08-24 19:07 - 00017920 _____ C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-17 15:15 - 2015-08-05 09:40 - 00000000 ____D C:\Users\Administrator
2016-02-16 21:42 - 2015-10-29 12:00 - 00003298 _____ C:\Windows\System32\Tasks\{549CDFA6-D09C-4081-B11F-B2A1D0253D50}
2016-02-16 21:42 - 2015-07-23 16:06 - 00000000 ____D C:\Program Files (x86)\GreenTree Applications
2016-02-16 20:52 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-02-15 17:10 - 2015-10-18 18:56 - 00000000 ____D C:\Users\David\.thumbnails
2016-02-14 17:35 - 2015-08-15 17:34 - 00000000 ____D C:\Users\David\.VirtualBox
2016-02-14 02:19 - 2015-07-02 17:08 - 00000000 ____D C:\Users\David\AppData\Local\VirtualStore
2016-02-14 02:11 - 2015-10-09 21:21 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Subtitle Workshop
2016-02-14 02:11 - 2015-09-06 12:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bubble Bobble Nostalgie
2016-02-14 02:11 - 2015-07-23 11:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Terraria [GOG.com]
2016-02-14 02:11 - 2015-07-02 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webteh
2016-02-14 02:08 - 2015-11-07 22:34 - 00000000 ____D C:\Users\David\AppData\Roaming\.minecraft
2016-02-14 02:07 - 2015-11-13 19:01 - 00000000 ___RD C:\Users\David\Desktop\Hry
2016-02-14 02:07 - 2015-11-07 19:12 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameMaker-Studio 1.4
2016-02-14 02:07 - 2015-10-25 18:49 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraUXThemePatcher
2016-02-14 02:07 - 2015-08-26 23:11 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BSRemote
2016-02-14 02:07 - 2015-08-22 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Akimbo
2016-02-14 02:07 - 2015-08-08 20:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YGOPro
2016-02-14 01:42 - 2015-08-26 23:11 - 00000000 ____D C:\Program Files (x86)\BSRemote
2016-02-14 01:40 - 2015-10-19 15:09 - 00000000 ____D C:\Users\David\AppData\Local\Razer
2016-02-14 01:40 - 2015-10-19 15:09 - 00000000 ____D C:\ProgramData\Razer
2016-02-13 11:21 - 2015-07-02 18:39 - 00000000 ____D C:\Program Files (x86)\Webteh
2016-02-13 01:45 - 2016-01-30 10:07 - 00005025 _____ C:\Users\David\Desktop\MOJE KRESBY – zástupce.lnk
2016-02-12 21:02 - 2015-07-02 17:13 - 00000000 ____D C:\ProgramData\Skype
2016-02-12 14:00 - 2015-07-05 01:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-12 13:59 - 2015-10-10 09:16 - 00000000 ____D C:\Users\David\.oracle_jre_usage
2016-02-11 23:47 - 2015-07-02 17:02 - 00158463 ____N C:\Windows\Minidump\021116-35187-01.dmp
2016-02-10 12:34 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-10 12:34 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2016-02-09 21:09 - 2015-07-02 17:08 - 01749406 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-08 23:22 - 2015-08-15 17:36 - 00000000 ____D C:\Users\David\.android
2016-02-08 15:30 - 2015-07-03 13:47 - 00000000 ____D C:\Fraps
2016-02-07 21:50 - 2015-08-24 21:03 - 00000000 ____D C:\ProgramData\VMware
2016-02-07 21:49 - 2015-08-24 21:06 - 00000000 ____D C:\Users\David\AppData\Roaming\VMware
2016-02-07 21:47 - 2015-11-28 13:19 - 00000000 ____D C:\Program Files (x86)\Red Kawa
2016-02-07 21:42 - 2015-12-22 18:40 - 00000000 ____D C:\Program Files\OBS
2016-02-07 21:39 - 2016-01-12 17:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dust An Elysian Tail
2016-02-07 20:54 - 2015-10-22 18:07 - 00000000 ____D C:\Games
2016-02-07 16:58 - 2015-07-02 21:09 - 00000000 ____D C:\Users\David\AppData\Local\Adobe
2016-02-07 16:14 - 2015-07-02 17:08 - 00000000 ____D C:\Users\David\AppData\Roaming\Adobe
2016-02-07 16:01 - 2015-10-29 12:01 - 00000000 ____D C:\Users\David\AppData\Local\ElevatedDiagnostics
2016-02-07 15:02 - 2015-09-16 15:22 - 00000000 ____D C:\Program Files (x86)\Origin
2016-02-07 15:02 - 2015-07-22 14:50 - 00000000 ____D C:\ProgramData\Origin
2016-02-03 20:18 - 2013-08-22 15:44 - 00482992 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-03 17:50 - 2015-11-07 20:23 - 00000000 ____D C:\Users\David\AppData\Local\gamemaker_studio
2016-02-03 16:47 - 2015-11-07 20:23 - 00000000 ____D C:\ProgramData\gamemaker_studio

==================== Files in the root of some directories =======

2015-08-24 19:01 - 2015-08-24 19:01 - 0000128 _____ () C:\Users\David\AppData\Roaming\Camdata.ini
2015-08-24 19:01 - 2015-08-24 19:01 - 0000408 _____ () C:\Users\David\AppData\Roaming\CamLayout.ini
2015-08-24 19:01 - 2015-08-24 19:01 - 0000408 _____ () C:\Users\David\AppData\Roaming\CamShapes.ini
2015-08-24 19:01 - 2015-08-24 19:01 - 0004547 _____ () C:\Users\David\AppData\Roaming\CamStudio.cfg
2015-08-24 18:58 - 2015-08-24 18:58 - 0000096 _____ () C:\Users\David\AppData\Roaming\version2.xml
2015-08-24 19:07 - 2016-02-17 17:52 - 0017920 _____ () C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-27 17:51 - 2016-02-27 17:51 - 0012926 _____ () C:\Users\David\AppData\Local\recently-used.xbel

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-01 17:34

==================== End of FRST.txt ============================
Dle CBL je pravděpodobné, že jsem obětí NATingu.

Také přemýšlím o reinstalaci Windows, neboť počítač mám z bazaru.

Re: Virus se mi infikoval v alternativním vesmíru.

Napsal: 01 bře 2016 18:58
od Rudy
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: Virus se mi infikoval v alternativním vesmíru.

Napsal: 01 bře 2016 19:11
od davidrohusch

Kód: Vybrat vše

# AdwCleaner v5.037 - Logfile created 01/03/2016 at 19:09:45
# Updated 28/02/2016 by Xplode
# Database : 2016-02-28.2 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : David - DAVID
# Running from : C:\Users\David\Desktop\adwcleaner_5.037.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\GreenTree Applications
[-] Folder Deleted : C:\ProgramData\0DB552820ACF02B51F081888F7877800
[-] Folder Deleted : C:\ProgramData\D83C629D-C688-4A07-8615-94974D65F157
[-] Folder Deleted : C:\Users\David\AppData\Local\eSupport.com

***** [ Files ] *****

[-] File Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] File Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_veohb.net_0.localstorage
[-] File Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_veohb.net_0.localstorage-journal

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : WINshell Event Notification
[-] Task Deleted : WINshell Event Logging

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\eSupport.com
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F7AE15D1-9F31-4DBB-88F6-3853CEF6B998}_is1

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1744 bytes] - [01/03/2016 19:09:45]
C:\AdwCleaner\AdwCleaner[S1].txt - [1735 bytes] - [01/03/2016 19:08:47]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1890 bytes] ##########

Re: Virus se mi infikoval v alternativním vesmíru.

Napsal: 01 bře 2016 19:23
od Rudy
Dejte nový log FRST.

Re: Virus se mi infikoval v alternativním vesmíru.

Napsal: 01 bře 2016 19:29
od davidrohusch

Kód: Vybrat vše

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-02-2016
Ran by David (administrator) on DAVID (01-03-2016 19:27:30)
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available Profiles: David)
Platform: Windows 8.1 Pro (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Scarlet.Crush Productions) C:\Program Files\Scarlet.Crush Productions\ScpService.exe
() C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Gigabyte Technology CO.) C:\Program Files\GIGABYTE\SmartRecovery2\RPMDaemon.exe
() C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [EasySettingBox] => C:\Program Files (x86)\Samsung\Easy Setting Box\EasySettingBox.exe [594944 2013-12-26] ()
HKLM\...\Run: [MsmqIntCert] => "C:\Windows\System32\regsvr32.exe" /s "C:\Windows\System32\mqrt.dll"
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4867784 2015-12-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-12-11] (Raptr, Inc)
HKLM-x32\...\Run: [EasySettingBox] => C:\Program Files (x86)\Samsung\Easy Setting Box\EasySettingBox.exe [594944 2013-12-26] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [DFX] => C:\Program Files (x86)\DFX\DFX.exe [1327096 2015-11-22] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.)
HKLM\...\RunOnce: [RPMKickstart] => C:\Program Files\GIGABYTE\SmartRecovery2\RPMKickstart.exe [2422272 2012-09-06] (Gigabyte Technology CO., LTD.)
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe [8192 2013-04-29] ()
HKU\S-1-5-21-398136189-1265110306-1008497695-1001\...\Run: [OscarEditor] => C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe [3340288 2012-03-20] ()
HKU\S-1-5-21-398136189-1265110306-1008497695-1001\...\Run: [GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [746648 2016-02-18] (Google Inc.)
HKU\S-1-5-21-398136189-1265110306-1008497695-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-398136189-1265110306-1008497695-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-398136189-1265110306-1008497695-1001\...\MountPoints2: {3b1cf69d-219e-11e5-8253-74d435774098} - "G:\setup_stronghold_crusader_extreme_hd_2.0.0.6.exe" 
HKU\S-1-5-21-398136189-1265110306-1008497695-1001\...\MountPoints2: {3b1cf6c9-219e-11e5-8253-74d435774098} - "D:\setup.exe" 
HKU\S-1-5-21-398136189-1265110306-1008497695-1001\...\MountPoints2: {3b1cfd5f-219e-11e5-8253-74d435774098} - "H:\setup.exe" 
HKU\S-1-5-21-398136189-1265110306-1008497695-1001\...\MountPoints2: {6194350c-b6d8-11e5-82a2-74d435774098} - "I:\autorun.exe" 
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk [2015-07-16]
ShortcutTarget: GameRanger.lnk -> C:\Users\David\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies)
BootExecute: autocheck autochk * sh4native Sh4Removal

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{B22C1844-9B2B-4F6B-BECB-A554BC0DD244}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{B22C1844-9B2B-4F6B-BECB-A554BC0DD244}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKU\S-1-5-21-398136189-1265110306-1008497695-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://seznam.cz/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-12] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-12] (Oracle Corporation)
Toolbar: HKLM-x32 - @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\SysWow64\Msdxm6.ocx [2000-04-21] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler-x32: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Windows\SysWow64\Msdxm6.ocx [2000-04-21] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\le5opsj6.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-31] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin HKU\S-1-5-21-398136189-1265110306-1008497695-1001: @nsroblox.roblox.com/launcher -> C:\Users\David\AppData\Local\Roblox\Versions\version-a1b8c1edf45b4959\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-398136189-1265110306-1008497695-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\David\AppData\Local\Roblox\Versions\version-a1b8c1edf45b4959\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-398136189-1265110306-1008497695-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\David\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-12] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\le5opsj6.default\user.js [2016-02-14]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)

Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.cz/
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Hide My IP Pro) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\albbiglcfndaaphglmeaejkhepckkfgf [2016-03-01]
CHR Extension: (Adblock Plus) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-16]
CHR Extension: (Chuck Anderson) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp [2015-11-03]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-16]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 Ds3Service; C:\Program Files\Scarlet.Crush Productions\ScpService.exe [381952 2014-03-13] (Scarlet.Crush Productions) [File not signed]
R2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16896 2015-04-14] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [16896 2016-02-25] (Microsoft Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [168448 2016-02-25] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3611808 2015-07-22] (INCA Internet Co., Ltd.)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-07] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2015-09-16] ()
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
S4 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe [102400 2013-02-22] (Gigabyte Technology CO., LTD.) [File not signed]
S4 UnsignedThemes; C:\Windows\unsignedthemes.exe [13824 2013-09-23] (The Within Network, LLC) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [102912 2015-07-15] (Advanced Micro Devices)
S3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2015-08-31] (Windows (R) Win 7 DDK provider)
R3 DFX12; C:\Windows\system32\drivers\dfx12x64.sys [29688 2015-11-12] (Windows (R) Win 7 DDK provider)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-07-05] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-11-12] (LogMeIn Inc.)
R3 Larmkanal; C:\Windows\system32\DRIVERS\Larmkanal.sys [33144 2015-04-23] (Adoriasoft LLC)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 PAC7302; C:\Windows\system32\DRIVERS\PAC7302.SYS [532480 2009-04-28] (PixArt Imaging Inc.)
R3 Phosgene; C:\Windows\system32\DRIVERS\Phosgene.sys [34168 2015-08-28] (Adoriasoft LLC)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
R2 uxstyle; C:\Windows\system32\Drivers\uxstyle.sys [31440 2013-09-23] (The Within Network, LLC)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2016-01-19] (Oracle Corporation)
R3 VCSVADHWSer; C:\Windows\system32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 X86BDA; C:\Windows\system32\DRIVERS\OEMDrv.sys [268416 2011-06-08] ( )
S3 cpuz138; \??\C:\Users\David\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-01 19:08 - 2016-03-01 19:09 - 00000000 ____D C:\AdwCleaner
2016-03-01 19:08 - 2016-03-01 19:08 - 01518592 _____ C:\Users\David\Desktop\adwcleaner_5.037.exe
2016-03-01 18:54 - 2016-03-01 19:27 - 00018707 _____ C:\Users\David\Desktop\FRST.txt
2016-03-01 18:52 - 2016-03-01 19:27 - 00000000 ____D C:\FRST
2016-03-01 18:52 - 2016-03-01 18:52 - 02371072 _____ (Farbar) C:\Users\David\Downloads\FRST64 (1).exe
2016-03-01 18:52 - 2016-03-01 18:52 - 02371072 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2016-03-01 18:47 - 2016-03-01 18:48 - 02206208 _____ ( ) C:\Users\David\Desktop\UNDERTALE PERFECT CLONE.exe
2016-03-01 18:31 - 2016-03-01 18:31 - 00016200 _____ C:\Users\David\Desktop\fEMALE 1.wav
2016-03-01 18:22 - 2016-03-01 18:22 - 00212816 _____ C:\Users\David\Downloads\textbox_engine_v4.zip
2016-03-01 18:19 - 2016-03-01 18:47 - 00000000 ____D C:\Users\David\AppData\Local\gm_ttt_98668
2016-03-01 17:30 - 2016-03-01 17:30 - 00003262 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2016-02-29 20:32 - 2016-02-29 20:32 - 00000824 _____ C:\Users\David\Desktop\RPG test.lnk
2016-02-29 20:32 - 2016-02-29 20:32 - 00000000 ____D C:\Users\David\RPG test
2016-02-29 15:45 - 2016-02-29 15:45 - 00063982 _____ C:\Users\David\Downloads\fg14x14hdtv.zip
2016-02-28 10:52 - 2016-02-28 10:52 - 01927444 _____ C:\Users\David\Downloads\WinMTR-v092.zip
2016-02-28 10:52 - 2015-04-29 10:24 - 00000000 ____D C:\Users\David\Desktop\WinMTR_x64
2016-02-27 20:25 - 2016-02-21 18:16 - 00000000 ____D C:\Users\David\Desktop\YandereSimFeb21stVer2
2016-02-27 19:42 - 2016-02-27 19:42 - 00005891 _____ C:\Users\David\Desktop\^0EB78B1443DF4BB5B0A1BC82C727861EE3E52514BC63ACE5E9^pimgpsh_thumbnail_win_distr.jpg
2016-02-27 17:51 - 2016-02-27 17:51 - 00012926 _____ C:\Users\David\AppData\Local\recently-used.xbel
2016-02-27 17:50 - 2016-02-27 17:51 - 00011739 _____ C:\Users\David\Desktop\^F6EF248B2568C0AA29620EEA1E4EA98DDD76E98FB5FAEA27F0^pimgpsh_thumbnail_win_distr.jpg
2016-02-27 16:47 - 2016-02-27 16:47 - 00000000 ____D C:\Users\David\AppData\Local\Zombie
2016-02-27 16:45 - 2016-02-27 16:46 - 02085376 _____ ( ) C:\Users\David\Downloads\ZombieTest.exe
2016-02-27 16:27 - 2016-02-27 16:57 - 574963461 _____ C:\Users\David\Downloads\YandereSimFeb21stVer2.rar
2016-02-27 11:31 - 2016-02-27 11:31 - 00015710 _____ C:\Users\David\Desktop\Process.txt
2016-02-27 11:31 - 2016-02-27 11:31 - 00004383 _____ C:\Users\David\Desktop\NetworkInfo.txt
2016-02-27 00:11 - 2016-02-27 00:11 - 00001017 _____ C:\Users\David\Downloads\Pacifist 9 (Dogi Fight).zip
2016-02-26 23:33 - 2016-02-26 23:33 - 00001181 _____ C:\Users\David\Desktop\DetermiToolkit.exe – zástupce.lnk
2016-02-26 18:38 - 2016-02-26 18:38 - 00001625 _____ C:\Users\Public\Desktop\League of Legends.lnk
2016-02-26 18:38 - 2016-02-26 18:38 - 00000000 ____D C:\Riot Games
2016-02-26 18:38 - 2016-02-26 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2016-02-26 18:38 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2016-02-26 18:38 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2016-02-26 18:38 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2016-02-26 18:37 - 2016-02-26 18:38 - 30993712 _____ (Riot Games) C:\Users\David\Downloads\LeagueofLegends_EUNE_Installer_9_15_2014.exe
2016-02-26 18:34 - 2016-02-26 18:34 - 00000000 ____D C:\Users\David\Desktop\Screenshots
2016-02-26 18:25 - 2016-02-15 18:31 - 00009457 _____ C:\Users\David\Desktop\2016-02-15T18-12-09_netlog.txt
2016-02-26 18:25 - 2016-01-03 21:27 - 00006941 _____ C:\Users\David\Desktop\2016-01-03T21-14-58_netlog.txt
2016-02-26 18:24 - 2015-11-06 21:12 - 00018605 _____ C:\Users\David\Desktop\2015-11-06T20-43-39_netlog.txt
2016-02-25 19:25 - 2016-02-25 19:27 - 00000000 ____D C:\Users\David\Desktop\Project2.gmx
2016-02-25 18:45 - 2016-02-25 18:45 - 00000000 ____D C:\ProgramData\KillPing
2016-02-25 18:43 - 2016-02-25 18:50 - 00000000 ____D C:\Program Files\Kill Ping
2016-02-25 18:43 - 2016-02-25 18:43 - 07730680 _____ (Kill Ping ) C:\Users\David\Downloads\Kill_Ping_0.0.36.19.exe
2016-02-25 18:43 - 2016-02-25 18:43 - 00000000 ____D C:\Users\David\AppData\Local\IsolatedStorage
2016-02-25 18:43 - 2016-02-25 18:43 - 00000000 ____D C:\ProgramData\Kill Ping
2016-02-25 18:16 - 2016-02-26 19:15 - 00000000 ____D C:\Users\David\AppData\Local\AMD
2016-02-25 18:16 - 2016-02-25 18:16 - 00000000 ____D C:\Program Files (x86)\AMD
2016-02-25 18:16 - 2016-02-25 18:16 - 00000000 _____ C:\Windows\ativpsrm.bin
2016-02-25 18:11 - 2016-02-25 18:13 - 263772800 _____ (AMD Inc.) C:\Users\David\Downloads\radeon-crimson-15.12-win8.1-64bit.exe
2016-02-25 18:05 - 2016-02-25 18:05 - 00000000 ____D C:\Windows\SysWOW64\BestPractices
2016-02-25 18:05 - 2016-02-25 18:05 - 00000000 ____D C:\Windows\system32\msmq
2016-02-25 18:05 - 2016-02-25 18:05 - 00000000 ____D C:\Windows\system32\BestPractices
2016-02-25 18:05 - 2016-02-25 18:05 - 00000000 ____D C:\inetpub
2016-02-25 15:53 - 2016-02-25 15:53 - 09204041 _____ C:\Users\David\Downloads\Undertale - Papyrus date.mp4
2016-02-24 20:19 - 2016-02-24 20:19 - 02932415 _____ () C:\Users\David\Downloads\steen_papier_schaar.exe
2016-02-24 19:28 - 2016-02-24 19:56 - 00000000 ____D C:\Users\David\Desktop\Nová složka
2016-02-24 19:10 - 2016-02-24 19:10 - 14214664 _____ (EaseUS ) C:\Users\David\Downloads\drw_trial.exe
2016-02-24 19:10 - 2016-02-24 19:10 - 02085376 _____ ( ) C:\Users\David\Desktop\Kámen Nuzky papir-Default-1.0.0.exe
2016-02-24 13:59 - 2016-02-24 13:59 - 03686064 _____ (eVenture Limited ) C:\Users\David\Downloads\Hide.me-Setup-1.1.9.exe
2016-02-23 21:02 - 2016-02-23 21:02 - 04178797 _____ (Neo Generation Games) C:\Users\David\Downloads\UnderbattleEngineByNeoGenerationGames.exe
2016-02-23 19:57 - 2016-02-23 19:57 - 00114682 _____ C:\Users\David\Desktop\rock scicors paper.zip
2016-02-23 19:22 - 2016-02-23 19:22 - 08818688 _____ C:\Users\David\Downloads\hamachi.msi
2016-02-23 19:22 - 2016-02-23 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-02-23 19:22 - 2016-02-23 19:22 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2016-02-23 19:10 - 2016-02-23 19:10 - 00002162 _____ C:\Users\Public\Desktop\RollerCoaster Tycoon 2.lnk
2016-02-23 19:10 - 2016-02-23 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infogrames
2016-02-23 19:10 - 2016-02-23 19:10 - 00000000 ____D C:\Program Files (x86)\Infogrames
2016-02-23 17:04 - 2016-02-23 19:57 - 00000000 ____D C:\Users\David\Desktop\rock scicors paper
2016-02-23 17:02 - 2016-02-23 17:03 - 08587873 _____ C:\Users\David\Downloads\OpenRCT2-0.0.4.0-develop-7d158b9-windows.zip
2016-02-22 21:00 - 2016-02-22 21:01 - 03987566 _____ C:\Users\David\Desktop\Komiks 2.mp4
2016-02-22 20:49 - 2016-02-22 20:49 - 04380022 _____ C:\Users\David\Desktop\Komiks.mp4
2016-02-22 20:41 - 2016-02-22 20:41 - 06129344 _____ (CyberPower Tech, Inc. ) C:\Users\David\Downloads\FreeMP3WMAOGGConverter-CNET.exe
2016-02-22 20:41 - 2016-02-22 20:41 - 00000000 ____D C:\Users\David\AppData\Roaming\New Version Available
2016-02-22 20:41 - 2016-02-22 20:41 - 00000000 ____D C:\Users\David\AppData\Roaming\Free MP3 WMA OGG Converter
2016-02-22 17:12 - 2016-02-22 17:12 - 00014032 _____ C:\Users\David\Downloads\the.simpsons.s27.e14.gal.of.constant.sorrow.(2016).cze.1cd.(6518166).zip
2016-02-22 16:36 - 2016-02-22 16:36 - 00000954 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2016-02-22 16:36 - 2016-02-22 16:36 - 00000946 _____ C:\Users\David\Desktop\osu!.lnk
2016-02-22 16:34 - 2016-02-22 18:01 - 00000000 ____D C:\Users\David\AppData\Local\osu!
2016-02-22 16:34 - 2016-02-22 16:34 - 00000000 ____D C:\Users\David\Downloads\Localisation
2016-02-22 16:32 - 2016-02-22 16:32 - 04464696 _____ (ppy) C:\Users\David\Downloads\osu!install.exe
2016-02-21 21:24 - 2016-02-21 21:24 - 00021464 _____ C:\Users\David\Downloads\4gb_patch.zip
2016-02-21 21:22 - 2016-02-21 21:22 - 00852183 _____ C:\Users\David\Downloads\7z1512-extra.7z
2016-02-21 14:47 - 2016-02-21 14:48 - 00000000 ____D C:\Users\David\Downloads\Cannon Spike
2016-02-21 14:39 - 2016-02-21 14:44 - 134702644 _____ C:\Users\David\Downloads\Cannon Spike.rar
2016-02-21 14:30 - 2016-02-21 14:30 - 04418381 _____ C:\Users\David\Desktop\Nová složka (2).rar
2016-02-21 14:25 - 2016-02-21 14:25 - 00001224 _____ C:\Users\David\Desktop\UNDERTALE – zástupce.lnk
2016-02-21 13:34 - 2016-02-24 21:45 - 00150486 ____H C:\Users\David\Desktop\~WRL0060.tmp
2016-02-19 18:53 - 2016-02-19 18:53 - 00000000 ____D C:\Users\David\AppData\Roaming\SYSTEMAX Software Development
2016-02-19 18:53 - 2016-02-19 18:53 - 00000000 ____D C:\ProgramData\SYSTEMAX Software Development
2016-02-19 16:36 - 2016-02-19 16:36 - 00002760 _____ C:\Windows\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance
2016-02-18 16:54 - 2016-02-18 16:58 - 00000000 ____D C:\Program Files (x86)\DFX
2016-02-18 16:54 - 2016-02-18 16:54 - 00001682 _____ C:\Users\Public\Desktop\DFX.lnk
2016-02-18 16:54 - 2016-02-18 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DFX Audio Enhancer
2016-02-18 15:21 - 2016-02-18 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.1
2016-02-18 15:21 - 2016-02-18 15:21 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-02-18 15:21 - 2016-02-16 00:27 - 00125720 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-02-18 15:21 - 2016-02-16 00:26 - 00126232 _____ C:\Windows\system32\vulkan-1.dll
2016-02-18 15:21 - 2016-02-16 00:25 - 00045848 _____ C:\Windows\system32\vulkaninfo.exe
2016-02-18 15:21 - 2016-02-16 00:25 - 00042264 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-02-18 15:19 - 2016-02-25 18:13 - 00000000 ____D C:\AMD
2016-02-17 17:27 - 2016-02-17 17:40 - 00000000 ____D C:\Users\David\Desktop\Tutorial.gmx
2016-02-17 15:16 - 2016-02-17 15:16 - 00000000 ____D C:\Users\David\AppData\Local\DFX
2016-02-17 15:15 - 2016-02-17 15:15 - 00000000 ____D C:\Users\Guest\AppData\Roaming\vlc
2016-02-17 15:15 - 2016-02-17 15:15 - 00000000 ____D C:\Users\Guest
2016-02-17 15:15 - 2016-02-17 15:15 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
2016-02-16 21:43 - 2016-03-01 18:49 - 00000000 ___HD C:\44eZxd78YEXRM0yi
2016-02-16 21:43 - 2016-03-01 17:34 - 00030126 _____ C:\spyhunter.fix
2016-02-16 21:43 - 2016-02-16 21:05 - 00025984 _____ C:\Windows\SysWOW64\sh4native.exe
2016-02-16 21:38 - 2016-02-16 21:38 - 06926336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdvlk64.dll
2016-02-16 21:34 - 2016-02-16 21:34 - 05394432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdvlk32.dll
2016-02-16 20:57 - 2016-02-16 20:57 - 00000000 _____ C:\autoexec.bat
2016-02-16 20:55 - 2016-02-16 20:55 - 00209920 _____ C:\Windows\system32\GameManager64.dll
2016-02-16 20:55 - 2016-02-16 20:55 - 00186368 _____ C:\Windows\SysWOW64\GameManager32.dll
2016-02-16 17:09 - 2015-09-13 19:22 - 00563673 _____ C:\Users\David\Desktop\audio23.ogg
2016-02-16 17:08 - 2016-02-16 17:08 - 00371388 _____ C:\Users\David\Desktop\audioclip-1455638863.ogg
2016-02-16 17:07 - 2015-09-13 19:23 - 01043131 _____ C:\Users\David\Desktop\mus_ruins.ogg
2016-02-16 15:50 - 2016-02-16 15:50 - 00000000 ____D C:\Users\Default\AppData\Roaming\AVG
2016-02-16 15:50 - 2016-02-16 15:50 - 00000000 ____D C:\Users\Default\AppData\Local\AVG
2016-02-16 15:50 - 2016-02-16 15:50 - 00000000 ____D C:\Users\Default User\AppData\Roaming\AVG
2016-02-16 15:50 - 2016-02-16 15:50 - 00000000 ____D C:\Users\Default User\AppData\Local\AVG
2016-02-16 14:58 - 2016-02-16 14:58 - 03326372 _____ C:\Users\David\Desktop\toby fox - UNDERTALE Soundtrack - 72 Song That Might Play When You Fight Sans.ogg
2016-02-16 00:27 - 2016-02-16 00:27 - 00125720 _____ C:\Windows\SysWOW64\vulkan-1-1-0-3-1.dll
2016-02-16 00:26 - 2016-02-16 00:26 - 00126232 _____ C:\Windows\system32\vulkan-1-1-0-3-1.dll
2016-02-16 00:25 - 2016-02-16 00:25 - 00045848 _____ C:\Windows\system32\vulkaninfo-1-1-0-3-1.exe
2016-02-16 00:25 - 2016-02-16 00:25 - 00042264 _____ C:\Windows\SysWOW64\vulkaninfo-1-1-0-3-1.exe
2016-02-14 20:10 - 2016-02-14 20:10 - 00000000 ____D C:\Users\David\AppData\Local\TetrisAttackArmageddon
2016-02-14 15:07 - 2016-02-14 15:30 - 00000000 ____D C:\Users\David\VirtualBox VMs
2016-02-14 14:59 - 2016-02-14 14:59 - 03189760 _____ ( ) C:\Users\David\Desktop\slon kopie.exe
2016-02-14 01:37 - 2016-02-14 01:37 - 00000366 _____ C:\Windows\Tasks\0116pizUpdateInfo.job
2016-02-14 01:37 - 2016-02-14 01:37 - 00000000 ____D C:\ProgramData\Avg_Update_0116piz
2016-02-14 01:36 - 2016-02-16 16:28 - 00000000 ____D C:\Users\David\AppData\Roaming\AVG
2016-02-14 01:35 - 2016-02-25 18:13 - 00000000 ___HD C:\$AVG
2016-02-14 01:35 - 2016-02-14 01:35 - 00000000 ____D C:\Users\David\AppData\Roaming\TuneUp Software
2016-02-14 01:34 - 2016-02-25 18:16 - 00000000 ____D C:\ProgramData\Avg
2016-02-14 01:34 - 2016-02-25 18:16 - 00000000 ____D C:\Program Files (x86)\AVG
2016-02-14 01:34 - 2016-02-25 18:15 - 00000000 ____D C:\Users\David\AppData\Local\AvgSetupLog
2016-02-14 01:34 - 2016-02-25 18:14 - 00000000 ____D C:\Users\David\AppData\Local\Avg
2016-02-14 01:34 - 2016-02-25 18:14 - 00000000 ____D C:\ProgramData\MFAData
2016-02-14 01:34 - 2016-02-14 01:34 - 00000000 ____D C:\Users\David\AppData\Local\MFAData
2016-02-13 14:25 - 2016-02-13 14:25 - 11220086 _____ () C:\Users\David\Desktop\Underwater Submarine.exe
2016-02-13 13:45 - 2016-02-13 23:18 - 00000000 ____D C:\Users\David\Desktop\Project1.gmx
2016-02-13 00:24 - 2016-02-21 21:24 - 00000000 ____D C:\Users\David\Desktop\UNDERTALE TRANSLATE
2016-02-12 23:01 - 2016-02-12 23:02 - 02072064 _____ ( ) C:\Users\David\Desktop\RPG TEST 2.exe
2016-02-12 21:05 - 2016-02-12 22:59 - 00000494 _____ C:\Windows\ntbtlog.txt
2016-02-12 21:02 - 2016-02-12 21:02 - 00002747 _____ C:\Users\Public\Desktop\Skype.lnk
2016-02-12 21:02 - 2016-02-12 21:02 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-02-12 21:02 - 2016-02-12 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-02-12 20:59 - 2016-02-12 20:59 - 00000000 ____D C:\NPE
2016-02-12 13:59 - 2016-02-12 13:59 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-02-12 13:59 - 2016-02-12 13:59 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-12 13:59 - 2015-10-10 09:16 - 00110688 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2016-02-12 12:31 - 2016-02-12 12:51 - 00000000 ____D C:\KVRT_Data
2016-02-11 23:33 - 2016-02-11 23:33 - 00000000 ____D C:\Users\David\AppData\Local\CoherentLabs
2016-02-11 23:31 - 2016-02-11 23:31 - 01194185 _____ C:\Windows\unins001.exe
2016-02-11 23:31 - 2016-02-11 23:31 - 01194185 _____ C:\Windows\unins000.exe
2016-02-11 23:31 - 2016-02-11 23:31 - 00002821 _____ C:\Windows\unins001.dat
2016-02-11 23:31 - 2016-02-11 23:31 - 00002811 _____ C:\Windows\unins000.dat
2016-02-11 23:31 - 2016-02-11 23:31 - 00000000 ____D C:\Program Files (x86)\Phosgene
2016-02-11 23:31 - 2016-02-11 23:31 - 00000000 ____D C:\Program Files (x86)\Larmkanal
2016-02-11 23:31 - 2015-08-28 16:00 - 00034168 _____ (Adoriasoft LLC) C:\Windows\system32\Drivers\Phosgene.sys
2016-02-11 23:31 - 2015-04-23 17:32 - 00033144 _____ (Adoriasoft LLC) C:\Windows\system32\Drivers\Larmkanal.sys
2016-02-11 23:30 - 2016-02-11 23:30 - 00000000 ____D C:\Program Files (x86)\directx
2016-02-11 23:28 - 2016-02-12 13:08 - 00000000 ____D C:\Program Files (x86)\Holotech Studios
2016-02-11 22:10 - 2016-02-11 22:10 - 00000220 _____ C:\Users\David\Desktop\Source Filmmaker.url
2016-02-11 12:29 - 2016-02-11 12:29 - 00000219 _____ C:\Users\David\Desktop\Team Fortress 2.url
2016-02-10 13:15 - 2016-02-10 13:15 - 19156137 _____ C:\Users\David\Desktop\David.mp4
2016-02-09 21:23 - 2016-02-09 21:23 - 00001239 _____ C:\Users\David\Desktop\Play Jungle Heart.lnk
2016-02-09 21:23 - 2016-02-09 21:23 - 00001124 _____ C:\Users\David\Desktop\White Elephant Games.lnk
2016-02-09 21:23 - 2016-02-09 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\White Elephant
2016-02-09 21:23 - 2016-02-09 21:23 - 00000000 ____D C:\Program Files (x86)\White Elephant
2016-02-09 12:26 - 2016-03-01 17:31 - 00000000 ____D C:\Users\David\AppData\Local\CrashDumps
2016-02-09 11:59 - 2016-02-09 12:12 - 00000000 ____D C:\Users\David\Desktop\Nová složka (2)
2016-02-08 23:20 - 2016-02-25 17:53 - 00000000 ____D C:\Users\David\AppData\Local\Android
2016-02-08 15:51 - 2016-02-08 16:02 - 00226500 _____ C:\TDSSKiller.3.1.0.9_08.02.2016_15.51.40_log.txt
2016-02-08 15:30 - 2016-02-13 11:23 - 00000000 ____D C:\Users\David\AppData\Local\NPE
2016-02-08 13:55 - 2016-02-08 13:56 - 13056104 _____ C:\Users\David\Desktop\heavy vs spy.wav
2016-02-08 13:51 - 2016-02-08 13:52 - 05218096 _____ C:\Users\David\Desktop\I hate spikes.wav
2016-02-08 13:45 - 2016-02-08 13:45 - 01906220 _____ C:\Users\David\Desktop\WHATS A MIDI FILE(1).wav
2016-02-08 13:43 - 2016-02-08 13:44 - 01612965 _____ C:\Users\David\Desktop\Cammy's Theme [Arrange].ogg
2016-02-08 13:36 - 2012-01-19 19:09 - 00000000 ____D C:\Users\David\Desktop\MidiTool
2016-02-07 23:38 - 2016-02-07 23:38 - 00050031 _____ C:\Users\David\Desktop\megalovania.mid
2016-02-07 22:30 - 2016-02-07 22:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gigabyte
2016-02-07 19:03 - 2016-02-08 15:30 - 00000000 ____D C:\ProgramData\Norton
2016-02-07 19:03 - 2016-02-07 19:03 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-02-07 19:03 - 2016-02-07 19:03 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-02-07 16:55 - 2016-03-01 19:25 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-07 16:55 - 2016-02-09 19:25 - 00003802 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-07 16:34 - 2016-02-25 18:13 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-07 16:31 - 2016-02-07 16:31 - 00000000 ____D C:\ProgramData\CheckPoint
2016-02-04 18:14 - 2016-02-05 16:02 - 00000000 ____D C:\Users\David\AppData\Local\lolvochanger
2016-02-04 16:35 - 2016-02-04 16:45 - 00000000 ____D C:\Users\David\AppData\Roaming\Duelyst
2016-02-04 15:57 - 2016-02-07 21:19 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counterplay Games Inc
2016-02-04 15:57 - 2016-02-07 21:19 - 00000000 ____D C:\Users\David\AppData\Local\launcher
2016-02-04 15:57 - 2016-02-04 16:35 - 00000000 ____D C:\Users\David\.counterplay
2016-02-04 15:57 - 2016-02-04 15:57 - 00000000 ____D C:\Users\David\AppData\Roaming\DuelystLauncher
2016-02-04 15:57 - 2016-02-04 15:57 - 00000000 ____D C:\Users\David\AppData\Local\SquirrelTemp
2016-02-03 17:56 - 2016-02-03 17:57 - 00000000 ____D C:\Users\David\AppData\Local\gm_ttt_75545
2016-02-03 17:35 - 2016-02-03 17:36 - 00000000 ____D C:\Users\David\AppData\Local\gm_ttt_65595
2016-02-03 16:40 - 2016-02-03 16:40 - 00000000 ____D C:\Users\David\AppData\Roaming\GameMaker-Studio
2016-02-01 19:37 - 2016-02-01 19:37 - 00000000 ____D C:\Users\David\AppData\LocalLow\Adobe
2016-02-01 19:28 - 2016-02-01 19:28 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-02-01 19:27 - 2016-02-07 16:14 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-02-01 19:27 - 2016-02-01 19:27 - 00001013 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2016-02-01 19:27 - 2016-02-01 19:27 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-02-01 19:27 - 2016-02-01 19:27 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-02-01 19:25 - 2016-02-07 16:14 - 00000000 ____D C:\ProgramData\Adobe
2016-02-01 19:23 - 2016-02-01 19:23 - 00001811 _____ C:\Users\David\Desktop\DOKUMENTY – zástupce.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-01 19:23 - 2015-07-02 17:13 - 00000000 ____D C:\Users\David\AppData\Roaming\Skype
2016-03-01 19:22 - 2015-07-02 17:10 - 00000000 __RDO C:\Users\David\SkyDrive
2016-03-01 19:17 - 2015-07-02 17:42 - 00000972 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-01 19:16 - 2015-07-02 17:15 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-398136189-1265110306-1008497695-1001
2016-03-01 19:12 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\inetsrv
2016-03-01 19:11 - 2015-07-02 18:12 - 00000000 ____D C:\Users\David\AppData\Roaming\Raptr
2016-03-01 19:10 - 2015-07-02 21:48 - 00000000 ____D C:\Program Files\Scarlet.Crush Productions
2016-03-01 19:10 - 2015-07-02 17:47 - 00026192 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2016-03-01 19:10 - 2015-07-02 17:42 - 00000968 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-01 19:10 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-01 18:48 - 2015-07-02 19:29 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-01 18:48 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-03-01 18:31 - 2015-07-10 22:07 - 00000000 ____D C:\Users\David\AppData\Roaming\Audacity
2016-03-01 17:29 - 2015-08-26 23:07 - 00000000 ____D C:\Program Files (x86)\Automatické vypnutí počítače
2016-03-01 16:36 - 2015-07-03 18:16 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-01 14:56 - 2015-07-02 17:11 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D9FFEED5-DA7F-45DB-8361-1B8868C862E3}
2016-02-29 20:48 - 2015-10-18 18:55 - 00000000 ____D C:\Users\David\.gimp-2.8
2016-02-29 20:32 - 2015-07-02 21:36 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-02-29 20:32 - 2015-07-02 17:06 - 00000000 ____D C:\Users\David
2016-02-29 15:52 - 2015-07-02 18:28 - 00000000 ____D C:\Users\David\AppData\Roaming\BitTorrent
2016-02-29 15:49 - 2016-01-25 15:57 - 00000000 ____D C:\Users\David\AppData\Roaming\vlc
2016-02-28 16:26 - 2015-07-18 21:14 - 00000000 ____D C:\Users\David\AppData\Roaming\TS3Client
2016-02-28 01:17 - 2016-01-22 18:20 - 00000000 ____D C:\Users\David\AppData\Local\UNDERTALE
2016-02-28 00:53 - 2015-08-13 20:16 - 00000000 ____D C:\Users\David\AppData\Local\Glyph
2016-02-28 00:51 - 2015-08-13 20:16 - 00000000 ____D C:\Program Files (x86)\Glyph
2016-02-27 17:51 - 2015-10-18 19:31 - 00000000 ____D C:\Users\David\AppData\Local\gtk-2.0
2016-02-27 11:19 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2016-02-26 19:15 - 2015-07-02 19:32 - 00000000 ____D C:\Users\David\AppData\Local\Battle.net
2016-02-26 19:15 - 2015-07-02 19:32 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-02-26 18:34 - 2015-07-02 20:18 - 00003287 _____ C:\Users\David\Desktop\game.cfg
2016-02-25 19:21 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2016-02-25 18:16 - 2015-11-26 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2016-02-25 18:16 - 2015-07-02 17:12 - 00000000 ____D C:\Program Files\AMD
2016-02-25 18:13 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-02-25 18:05 - 2015-07-02 17:18 - 00775724 _____ C:\Windows\system32\perfh005.dat
2016-02-25 18:05 - 2015-07-02 17:18 - 00164262 _____ C:\Windows\system32\perfc005.dat
2016-02-25 18:05 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2016-02-25 18:04 - 2015-07-18 11:39 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqsec.dll
2016-02-25 18:04 - 2015-07-18 11:39 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqad.dll
2016-02-25 18:04 - 2015-07-18 11:39 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqmigplugin.dll
2016-02-25 18:04 - 2015-07-18 11:39 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqcmiplugin.dll
2016-02-25 18:04 - 2015-07-18 11:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
2016-02-25 18:04 - 2015-07-18 11:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll
2016-02-25 18:04 - 2015-07-18 11:37 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
2016-02-25 18:04 - 2015-07-18 11:37 - 00015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
2016-02-25 18:04 - 2015-07-18 11:37 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
2016-02-25 18:04 - 2015-07-18 11:37 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
2016-02-25 18:04 - 2015-07-18 11:27 - 00236032 _____ (Microsoft Corporation) C:\Windows\system32\mqsec.dll
2016-02-25 18:04 - 2015-07-18 11:27 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\mqad.dll
2016-02-25 18:04 - 2015-07-18 11:27 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\mqcmiplugin.dll
2016-02-25 18:04 - 2015-07-18 11:27 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\mqmigplugin.dll
2016-02-25 18:04 - 2015-07-18 11:26 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
2016-02-25 18:04 - 2015-07-18 11:26 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
2016-02-25 18:04 - 2015-07-18 11:26 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll
2016-02-25 18:04 - 2015-07-18 11:26 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
2016-02-25 18:04 - 2015-07-18 11:26 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
2016-02-25 18:04 - 2015-07-18 11:26 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
2016-02-25 18:04 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2016-02-25 18:04 - 2013-08-22 12:44 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\mqoa.tlb
2016-02-25 18:04 - 2013-08-22 12:44 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\mqoa30.tlb
2016-02-25 18:04 - 2013-08-22 12:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\mqoa20.tlb
2016-02-25 18:04 - 2013-08-22 12:44 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\mqoa10.tlb
2016-02-25 18:04 - 2013-08-22 12:40 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mqac.sys
2016-02-25 18:04 - 2013-08-22 12:35 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\mqutil.dll
2016-02-25 18:04 - 2013-08-22 12:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\mqsvc.exe
2016-02-25 18:04 - 2013-08-22 12:32 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\infoctrs.dll
2016-02-25 18:04 - 2013-08-22 12:31 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\infoadmn.dll
2016-02-25 18:04 - 2013-08-22 12:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\mqbkup.exe
2016-02-25 18:04 - 2013-08-22 12:20 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\mqcertui.dll
2016-02-25 18:04 - 2013-08-22 11:53 - 00302080 _____ (Microsoft Corporation) C:\Windows\system32\mqoa.dll
2016-02-25 18:04 - 2013-08-22 11:51 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\mqtrig.dll
2016-02-25 18:04 - 2013-08-22 11:41 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\mqtgsvc.exe
2016-02-25 18:04 - 2013-08-22 11:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mqise.dll
2016-02-25 18:04 - 2013-08-22 11:23 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\mqrt.dll
2016-02-25 18:04 - 2013-08-22 11:19 - 00788992 _____ (Microsoft Corporation) C:\Windows\system32\mqsnap.dll
2016-02-25 18:04 - 2013-08-22 11:10 - 01408512 _____ (Microsoft Corporation) C:\Windows\system32\mqqm.dll
2016-02-25 18:04 - 2013-08-22 10:50 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\mqlogmgr.dll
2016-02-25 18:04 - 2013-08-22 07:59 - 00009096 _____ C:\Windows\system32\msmqtrc.mof
2016-02-25 18:04 - 2013-08-22 05:16 - 00095744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqoa.tlb
2016-02-25 18:04 - 2013-08-22 05:16 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqoa30.tlb
2016-02-25 18:04 - 2013-08-22 05:16 - 00054784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqoa20.tlb
2016-02-25 18:04 - 2013-08-22 05:16 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqoa10.tlb
2016-02-25 18:04 - 2013-08-22 05:06 - 00563712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqutil.dll
2016-02-25 18:04 - 2013-08-22 05:03 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infoctrs.dll
2016-02-25 18:04 - 2013-08-22 05:02 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infoadmn.dll
2016-02-25 18:04 - 2013-08-22 04:54 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqcertui.dll
2016-02-25 18:04 - 2013-08-22 04:31 - 00253440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqoa.dll
2016-02-25 18:04 - 2013-08-22 04:29 - 00165888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqtrig.dll
2016-02-25 18:04 - 2013-08-22 04:19 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqise.dll
2016-02-25 18:04 - 2013-08-22 04:08 - 00157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqrt.dll
2016-02-25 18:04 - 2013-08-22 04:05 - 00606720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqsnap.dll
2016-02-25 18:04 - 2013-08-22 00:55 - 00009096 _____ C:\Windows\SysWOW64\msmqtrc.mof
2016-02-24 18:53 - 2015-08-23 15:26 - 00000000 ____D C:\Windows\Minidump
2016-02-24 18:53 - 2015-07-02 17:02 - 00154991 ____N C:\Windows\Minidump\022416-39625-01.dmp
2016-02-24 14:01 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\tracing
2016-02-24 13:59 - 2015-07-02 17:42 - 00003944 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-24 13:59 - 2015-07-02 17:42 - 00003708 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-23 19:55 - 2015-07-03 17:08 - 00000000 ____D C:\Users\David\AppData\Local\LogMeIn Hamachi
2016-02-23 19:10 - 2015-07-02 17:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-23 16:31 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-02-23 16:28 - 2015-11-07 19:12 - 00000000 ____D C:\Users\David\AppData\Local\GameMaker-Studio
2016-02-21 19:24 - 2015-07-19 17:49 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2016-02-20 13:49 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
2016-02-20 11:18 - 2015-07-02 17:42 - 00002232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 23:12 - 2015-11-07 19:13 - 00000000 ____D C:\Users\David\AppData\Local\GameMakerPlayer
2016-02-18 22:26 - 2015-07-02 17:08 - 00000000 ____D C:\Users\David\AppData\Local\Packages
2016-02-18 18:21 - 2015-07-02 19:32 - 00000000 ____D C:\Users\David\AppData\Roaming\Battle.net
2016-02-18 18:21 - 2015-07-02 19:30 - 00000000 ____D C:\ProgramData\Battle.net
2016-02-18 16:57 - 2016-01-02 23:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-17 17:52 - 2015-08-24 19:07 - 00017920 _____ C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-17 15:15 - 2015-08-05 09:40 - 00000000 ____D C:\Users\Administrator
2016-02-16 21:42 - 2015-10-29 12:00 - 00003298 _____ C:\Windows\System32\Tasks\{549CDFA6-D09C-4081-B11F-B2A1D0253D50}
2016-02-16 20:52 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-02-15 17:10 - 2015-10-18 18:56 - 00000000 ____D C:\Users\David\.thumbnails
2016-02-14 17:35 - 2015-08-15 17:34 - 00000000 ____D C:\Users\David\.VirtualBox
2016-02-14 02:19 - 2015-07-02 17:08 - 00000000 ____D C:\Users\David\AppData\Local\VirtualStore
2016-02-14 02:11 - 2015-10-09 21:21 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Subtitle Workshop
2016-02-14 02:11 - 2015-09-06 12:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bubble Bobble Nostalgie
2016-02-14 02:11 - 2015-07-23 11:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Terraria [GOG.com]
2016-02-14 02:11 - 2015-07-02 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webteh
2016-02-14 02:08 - 2015-11-07 22:34 - 00000000 ____D C:\Users\David\AppData\Roaming\.minecraft
2016-02-14 02:07 - 2015-11-13 19:01 - 00000000 ___RD C:\Users\David\Desktop\Hry
2016-02-14 02:07 - 2015-11-07 19:12 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameMaker-Studio 1.4
2016-02-14 02:07 - 2015-10-25 18:49 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraUXThemePatcher
2016-02-14 02:07 - 2015-08-26 23:11 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BSRemote
2016-02-14 02:07 - 2015-08-22 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Akimbo
2016-02-14 02:07 - 2015-08-08 20:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YGOPro
2016-02-14 01:42 - 2015-08-26 23:11 - 00000000 ____D C:\Program Files (x86)\BSRemote
2016-02-14 01:40 - 2015-10-19 15:09 - 00000000 ____D C:\Users\David\AppData\Local\Razer
2016-02-14 01:40 - 2015-10-19 15:09 - 00000000 ____D C:\ProgramData\Razer
2016-02-13 11:21 - 2015-07-02 18:39 - 00000000 ____D C:\Program Files (x86)\Webteh
2016-02-13 01:45 - 2016-01-30 10:07 - 00005025 _____ C:\Users\David\Desktop\MOJE KRESBY – zástupce.lnk
2016-02-12 21:02 - 2015-07-02 17:13 - 00000000 ____D C:\ProgramData\Skype
2016-02-12 14:00 - 2015-07-05 01:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-12 13:59 - 2015-10-10 09:16 - 00000000 ____D C:\Users\David\.oracle_jre_usage
2016-02-11 23:47 - 2015-07-02 17:02 - 00158463 ____N C:\Windows\Minidump\021116-35187-01.dmp
2016-02-10 12:34 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-10 12:34 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2016-02-09 21:09 - 2015-07-02 17:08 - 01749406 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-08 23:22 - 2015-08-15 17:36 - 00000000 ____D C:\Users\David\.android
2016-02-08 15:30 - 2015-07-03 13:47 - 00000000 ____D C:\Fraps
2016-02-07 21:50 - 2015-08-24 21:03 - 00000000 ____D C:\ProgramData\VMware
2016-02-07 21:49 - 2015-08-24 21:06 - 00000000 ____D C:\Users\David\AppData\Roaming\VMware
2016-02-07 21:47 - 2015-11-28 13:19 - 00000000 ____D C:\Program Files (x86)\Red Kawa
2016-02-07 21:42 - 2015-12-22 18:40 - 00000000 ____D C:\Program Files\OBS
2016-02-07 21:39 - 2016-01-12 17:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dust An Elysian Tail
2016-02-07 20:54 - 2015-10-22 18:07 - 00000000 ____D C:\Games
2016-02-07 16:58 - 2015-07-02 21:09 - 00000000 ____D C:\Users\David\AppData\Local\Adobe
2016-02-07 16:14 - 2015-07-02 17:08 - 00000000 ____D C:\Users\David\AppData\Roaming\Adobe
2016-02-07 16:01 - 2015-10-29 12:01 - 00000000 ____D C:\Users\David\AppData\Local\ElevatedDiagnostics
2016-02-07 15:02 - 2015-09-16 15:22 - 00000000 ____D C:\Program Files (x86)\Origin
2016-02-07 15:02 - 2015-07-22 14:50 - 00000000 ____D C:\ProgramData\Origin
2016-02-03 20:18 - 2013-08-22 15:44 - 00482992 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-03 17:50 - 2015-11-07 20:23 - 00000000 ____D C:\Users\David\AppData\Local\gamemaker_studio
2016-02-03 16:47 - 2015-11-07 20:23 - 00000000 ____D C:\ProgramData\gamemaker_studio

==================== Files in the root of some directories =======

2015-08-24 19:01 - 2015-08-24 19:01 - 0000128 _____ () C:\Users\David\AppData\Roaming\Camdata.ini
2015-08-24 19:01 - 2015-08-24 19:01 - 0000408 _____ () C:\Users\David\AppData\Roaming\CamLayout.ini
2015-08-24 19:01 - 2015-08-24 19:01 - 0000408 _____ () C:\Users\David\AppData\Roaming\CamShapes.ini
2015-08-24 19:01 - 2015-08-24 19:01 - 0004547 _____ () C:\Users\David\AppData\Roaming\CamStudio.cfg
2015-08-24 18:58 - 2015-08-24 18:58 - 0000096 _____ () C:\Users\David\AppData\Roaming\version2.xml
2015-08-24 19:07 - 2016-02-17 17:52 - 0017920 _____ () C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-27 17:51 - 2016-02-27 17:51 - 0012926 _____ () C:\Users\David\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
C:\Users\David\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-01 17:34

==================== End of FRST.txt ============================

Re: Virus se mi infikoval v alternativním vesmíru.

Napsal: 01 bře 2016 20:20
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-398136189-1265110306-1008497695-1001\...\MountPoints2: {3b1cf69d-219e-11e5-8253-74d435774098} - "G:\setup_stronghold_crusader_extreme_hd_2.0.0.6.exe"
HKU\S-1-5-21-398136189-1265110306-1008497695-1001\...\MountPoints2: {3b1cf6c9-219e-11e5-8253-74d435774098} - "D:\setup.exe"
HKU\S-1-5-21-398136189-1265110306-1008497695-1001\...\MountPoints2: {3b1cfd5f-219e-11e5-8253-74d435774098} - "H:\setup.exe"
HKU\S-1-5-21-398136189-1265110306-1008497695-1001\...\MountPoints2: {6194350c-b6d8-11e5-82a2-74d435774098} - "I:\autorun.exe"
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\David\AppData\Local\Temp
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Virus se mi infikoval v alternativním vesmíru.

Napsal: 01 bře 2016 21:13
od davidrohusch

Kód: Vybrat vše

Fix result of Farbar Recovery Scan Tool (x64) Version:27-02-2016
Ran by David (2016-03-01 21:11:02) Run:1
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available Profiles: David)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-398136189-1265110306-1008497695-1001\...\MountPoints2: {3b1cf69d-219e-11e5-8253-74d435774098} - "G:\setup_stronghold_crusader_extreme_hd_2.0.0.6.exe"
HKU\S-1-5-21-398136189-1265110306-1008497695-1001\...\MountPoints2: {3b1cf6c9-219e-11e5-8253-74d435774098} - "D:\setup.exe"
HKU\S-1-5-21-398136189-1265110306-1008497695-1001\...\MountPoints2: {3b1cfd5f-219e-11e5-8253-74d435774098} - "H:\setup.exe"
HKU\S-1-5-21-398136189-1265110306-1008497695-1001\...\MountPoints2: {6194350c-b6d8-11e5-82a2-74d435774098} - "I:\autorun.exe"
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\David\AppData\Local\Temp
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
"HKU\S-1-5-21-398136189-1265110306-1008497695-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b1cf69d-219e-11e5-8253-74d435774098}" => key removed successfully
HKCR\CLSID\{3b1cf69d-219e-11e5-8253-74d435774098} => key not found. 
"HKU\S-1-5-21-398136189-1265110306-1008497695-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b1cf6c9-219e-11e5-8253-74d435774098}" => key removed successfully
HKCR\CLSID\{3b1cf6c9-219e-11e5-8253-74d435774098} => key not found. 
"HKU\S-1-5-21-398136189-1265110306-1008497695-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b1cfd5f-219e-11e5-8253-74d435774098}" => key removed successfully
HKCR\CLSID\{3b1cfd5f-219e-11e5-8253-74d435774098} => key not found. 
"HKU\S-1-5-21-398136189-1265110306-1008497695-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6194350c-b6d8-11e5-82a2-74d435774098}" => key removed successfully
HKCR\CLSID\{6194350c-b6d8-11e5-82a2-74d435774098} => key not found. 
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully

"C:\Users\David\AppData\Local\Temp" folder move:

Could not move "C:\Users\David\AppData\Local\Temp" => Scheduled to move on reboot.


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-03-01 21:12:45)

C:\Users\David\AppData\Local\Temp => moved successfully

==== End of Fixlog 21:12:45 ====

Re: Virus se mi infikoval v alternativním vesmíru.

Napsal: 01 bře 2016 21:43
od Rudy
Smazáno. Log by již měl být OK. Ještě by bylo dobré udělat kompletní sken MBAM: http://www.malwarebytes.org/mbam.php . Dejte log, předem nic nemažte.

Re: Virus se mi infikoval v alternativním vesmíru.

Napsal: 01 bře 2016 21:51
od davidrohusch
MalwareBytes používám takřka 3x týdně již od samotného pořizení počítače. Dvakrát to nedávno nalezlo Proxy viry, ať je to, co je to.

Kód: Vybrat vše

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 1. 3. 2016
Čas skenování: 21:45
Protokol: 
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2016.03.01.06
Databáze rootkitů: v2016.02.27.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: David

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 410966
Uplynulý čas: 4 min, 50 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Re: Virus se mi infikoval v alternativním vesmíru.

Napsal: 01 bře 2016 22:05
od Rudy
PC máte čistý.

Re: Virus se mi infikoval v alternativním vesmíru.

Napsal: 01 bře 2016 22:06
od davidrohusch
Děkuji. Ale stále potřebuji vyřešit problém s internetem. Stále je z mé IP adresy odesílán spam. Většinou když není žádný z počítačů zaplí

Re: Virus se mi infikoval v alternativním vesmíru.

Napsal: 01 bře 2016 22:11
od Rudy
Váš PC je neposílá. Nemá čím. A když nemáte zaplý žádný z PC, pak už vůbec ne. Ta IP je přímo vaše (veřejná), nebo je to IP routeru sítě, k níž jste připojen? V takovém případě to pak může způsobovat kterýkoli z PC, které jsou na tu síť připojeny.

Re: Virus se mi infikoval v alternativním vesmíru.

Napsal: 01 bře 2016 22:12
od davidrohusch
Jedná se o IP adresu routeru.(Ty Ip adresy, jak zobrazují webové strány typu mojeip.cz). A žiji v panelovém bytě.
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz