VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

ADWARE+dodatocna kontrola

https://forum.viry.cz:443/viewtopic.php?t=149835

Stránka 1 z 2

ADWARE+dodatocna kontrola

Napsal: 27 srp 2016 10:54
od xXxJurajxXx
Nazdar furt mi tu vibehuju reklamy co sa otvaraju v novych oknach. Uz ma to dost stve skontroloval som uz 3x pocitac hlbkovou kontrolou, naslo sice asi 10 konov, odstranilo ich ale problem stale pretrvava. :/ Odinstaloval som aj nezname programy a nic.

Btw: stale mi antivir ukazuje stranku http://stoppblock.net ze prerusene spojenie trojsky kon. Nikdy som na tej stranke nebol a ani nechcem ist, neni to v tom ten problem?

Re: ADWARE+dodatocna kontrola

Napsal: 28 srp 2016 13:42
od Rudy
Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=24&t=132509 . Zároveň přesouvám vaše vlákno do správné sekce.

Re: ADWARE+dodatocna kontrola

Napsal: 28 srp 2016 18:17
od xXxJurajxXx
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-08-2016
Ran by Juraj (administrator) on JURAJ-PC (28-08-2016 19:03:37)
Running from C:\Users\Juraj\Desktop
Loaded Profiles: Juraj (Available Profiles: Juraj)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\System32\PnkBstrA.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.97.31.0\OverwolfBrowser.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.97.31.0\OverwolfHelper.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.97.31.0\OverwolfHelper64.exe
(Valve Corporation) D:\Steam\Steam.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(Andy OS, inc.) C:\Program Files\Andy\HandyAndy.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.97.31.0\OverwolfBrowser.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.97.31.0\OverwolfBrowser.exe
(Ubisoft) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe
(Ubisoft) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayWebCore.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.97.31.0\OverwolfBrowser.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Ulead Systems\Ulead GIF Animator 5 Trial\ga_main.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Ulead Systems\Ulead GIF Animator 5 Trial\ga_main.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Ulead Systems\Ulead GIF Animator 5 Trial\ga_main.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(forum.viry.cz) C:\Users\Juraj\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-21] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [298776 2015-12-19] (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1863964426-3214914518-2053773727-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [247344 2016-08-14] ()
HKU\S-1-5-21-1863964426-3214914518-2053773727-1000\...\MountPoints2: {e872f350-0d49-11e6-bb44-806e6f6e6963} - E:\Setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-04-29] (Microsoft Corporation)
ShellExecuteHooks: - {7AD1C0F5-07A2-40E5-8608-C6EAA0FF362F} - No File [ ]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HandyAndy.lnk [2016-08-04]
ShortcutTarget: HandyAndy.lnk -> C:\Program Files\Andy\HandyAndy.exe (Andy OS, inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-1863964426-3214914518-2053773727-1000] => hxxp://stoppblock.net/wpad.dat?d042fcc3f5ad639e8a633333c5f8ba8013641596
Hosts: 127.0.0.1 clients2.google.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{06288460-D31E-4CE0-9EEF-A31CAF2BD8B3}: [DhcpNameServer] 192.168.1.1
ManualProxies: 0hxxp://stoppblock.net/wpad.dat?d042fcc3f5ad639e8a633333c5f8ba8013641596

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=ds&ts=14 ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=ds&ts=14 ... earchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=ds&ts=14 ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=ds&ts=14 ... earchTerms}
HKU\S-1-5-21-1863964426-3214914518-2053773727-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuELOv6gcKLJwcuqUSUXMrHX-2desIuPG7m1DZsIn45ub0CNHCv97QTGHfBH-0-d6l0VcxYzFQ6JAe9O9DCxZzJ0UgwCEIjSHMi75xFxhGv1zer6FMtM9KEbXGP7MWIIxqqYh-yuSemM1DxD27kgCXJP0ayvYuaMTo5E2c_mSmq0,&q={searchTerms}
HKU\S-1-5-21-1863964426-3214914518-2053773727-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=146651381 ... 482816482X
HKU\S-1-5-21-1863964426-3214914518-2053773727-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuELOv6gcKLJwcuqUSUXMrHX-2desIuPG7m1DZsIn45ub0CNHCv97QTGHfBH-0-d6l0VcxYzFQ6JAe9O9DCxZzJ0UgwCEIjSHMi75xFxhGv1zer6FMtM9KEbXGP7MWIIxqqYh-yuSemM1DxD27kgCXJP0ayvYuaMTo5E2c_mSmq0,&q={searchTerms}
HKU\S-1-5-21-1863964426-3214914518-2053773727-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuELOv6gcKLJwcuqUSUXMrHX-2desIuPG7m1DZsIn45ub0CNHCv97QTGHfBH-0-d6l0VcxYzFQ6JAe9O9DCxZzJ0UgwCEIjSHMi75xFxhGv1zer6FMtM9KEbXGP7MWIIxqqYh-yuSemM1DxD27kgCXJP0ayvYuaMTo5E2c_mSmq0,&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=14 ... earchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=14 ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuELOv6gcKLJwcuqUSUXMrHX-2desIuPG7m1DZsIn45ub0CNHCv97QTGHfBH-0-d6l0VcxYzFQ6JAe9O9DCxZzJ0UgwCEIjSHMi75xFxhGv1zer6FMtM9KEbXGP7MWIIxqqYh-yuSemM1DxD27kgCXJP0ayvYuaMTo5E2c_mSmq0,&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=14 ... earchTerms}
SearchScopes: HKU\S-1-5-21-1863964426-3214914518-2053773727-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuELOv6gcKLJwcuqUSUXMrHX-2desIuPG7m1DZsIn45ub0CNHCv97QTGHfBH-0-d6l0VcxYzFQ6JAe9O9DCxZzJ0UgwCEIjSHMi75xFxhGv1zer6FMtM9KEbXGP7MWIIxqqYh-yuSemM1DxD27kgCXJP0ayvYuaMTo5E2c_mSmq0,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1863964426-3214914518-2053773727-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=14 ... earchTerms}
SearchScopes: HKU\S-1-5-21-1863964426-3214914518-2053773727-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuELOv6gcKLJwcuqUSUXMrHX-2desIuPG7m1DZsIn45ub0CNHCv97QTGHfBH-0-d6l0VcxYzFQ6JAe9O9DCxZzJ0UgwCEIjSHMi75xFxhGv1zer6FMtM9KEbXGP7MWIIxqqYh-yuSemM1DxD27kgCXJP0ayvYuaMTo5E2c_mSmq0,&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-22] (NVIDIA Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Juraj\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
CHR HKLM-x32\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASRockIOMon; C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [463112 2014-07-31] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1362464 2016-06-29] ()
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [245544 2016-01-20] (EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2542216 2016-06-10] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-06-11] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1310448 2016-08-14] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2016-06-21] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-06-20] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe shuz -f "C:\ProgramData\\CloudPrinter\\CloudPrinter.dat" -l -a

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2016-04-28] (ASRock Incorporation)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [40200 2013-08-02] (ASRock Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263336 2016-06-28] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197288 2016-06-28] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [153248 2016-06-28] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [208552 2016-06-28] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61608 2016-06-28] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84640 2016-06-28] (ESET)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-05-28] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [177952 2015-06-12] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [54904 2016-06-01] (电脑管家)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
S3 AsrSetupDrv; \??\C:\Windows\SysWOW64\Drivers\AsrSetupDrv.sys [X]
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\QMUdisk64.sys [X]
S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\softaal64.sys [X]
S1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\SRepairDrv [X]
S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\TsNetHlpX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-28 19:03 - 2016-08-28 19:03 - 00018650 _____ C:\Users\Juraj\Desktop\FRST.txt
2016-08-28 19:03 - 2016-08-28 19:03 - 00000000 ____D C:\FRST
2016-08-28 19:01 - 2016-08-28 19:01 - 02396672 _____ (Farbar) C:\Users\Juraj\Desktop\FRST64.exe
2016-08-28 19:01 - 2016-08-28 19:01 - 00112640 _____ (forum.viry.cz) C:\Users\Juraj\Desktop\FRSTLauncher.exe
2016-08-27 22:25 - 2016-08-27 22:26 - 00000089 _____ C:\Windows\ulead32.ini
2016-08-27 22:24 - 2016-08-27 22:24 - 00000000 ____D C:\Windows\Vbox
2016-08-27 22:24 - 2016-08-27 22:24 - 00000000 ____D C:\ProgramData\Ulead Systems
2016-08-27 22:24 - 2016-08-27 22:24 - 00000000 ____D C:\Program Files (x86)\Ulead Systems
2016-08-27 22:23 - 2016-08-27 22:23 - 00000000 ____D C:\Windows\Noslip
2016-08-27 22:08 - 2016-08-27 22:09 - 00000000 ____D C:\Users\Juraj\AppData\Roaming\HandBrake
2016-08-27 22:08 - 2016-08-27 22:08 - 00000000 ____D C:\Users\Juraj\AppData\Roaming\HandBrake Team
2016-08-22 19:31 - 2016-08-25 14:07 - 00000000 ____D C:\Users\Juraj\BrawlhallaReplays
2016-08-22 18:45 - 2016-08-22 18:45 - 00000000 ____D C:\Users\Juraj\AppData\Roaming\BrawlhallaAir
2016-08-22 18:44 - 2016-08-22 18:44 - 00000202 _____ C:\Users\Juraj\Desktop\Brawlhalla.url
2016-08-20 18:12 - 2016-08-20 18:12 - 00003728 _____ C:\Windows\System32\Tasks\Overwolf Updater Task
2016-08-20 18:12 - 2016-08-20 18:12 - 00001085 _____ C:\Users\Public\Desktop\Overwolf.lnk
2016-08-20 18:12 - 2016-08-20 18:12 - 00000000 ____D C:\Users\Juraj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2016-08-20 18:11 - 2016-08-20 18:13 - 00000000 ____D C:\ProgramData\Overwolf
2016-08-20 18:11 - 2016-08-20 18:12 - 00000000 ____D C:\Program Files (x86)\Overwolf
2016-08-20 18:10 - 2016-08-25 19:05 - 00000000 ____D C:\Users\Juraj\AppData\Local\Overwolf
2016-08-20 03:14 - 2016-08-20 03:14 - 00003588 _____ C:\Windows\System32\Tasks\Maxthon Update
2016-08-20 03:14 - 2016-08-20 03:14 - 00001085 _____ C:\Users\Public\Desktop\Maxthon Cloud Browser.lnk
2016-08-20 03:14 - 2016-08-20 03:14 - 00000000 ____D C:\Users\Juraj\AppData\Roaming\Maxthon3
2016-08-20 03:14 - 2016-08-20 03:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxthon Cloud Browser
2016-08-20 03:14 - 2016-08-20 03:14 - 00000000 ____D C:\Program Files (x86)\Maxthon
2016-08-20 03:12 - 2016-08-20 03:12 - 01558792 _____ (Maxthon International ltd.) C:\Users\Juraj\Downloads\mxsetup.exe
2016-08-19 22:54 - 2016-08-19 22:54 - 00000000 ____D C:\Users\Juraj\Desktop\spraygen
2016-08-19 22:40 - 2016-07-08 17:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-08-19 22:40 - 2016-07-08 17:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-08-12 23:44 - 2016-08-12 23:44 - 00002027 _____ C:\Users\Public\Desktop\ESET Ochrana online platieb.lnk
2016-08-12 23:44 - 2016-08-12 23:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-08-12 23:44 - 2016-08-12 23:44 - 00000000 ____D C:\ProgramData\ESET
2016-08-12 23:44 - 2016-08-12 23:44 - 00000000 ____D C:\Program Files\ESET
2016-08-12 23:34 - 2016-08-02 16:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-12 23:34 - 2016-08-02 16:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-12 23:34 - 2016-08-02 08:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-12 23:34 - 2016-08-02 08:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-12 23:34 - 2016-08-02 08:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-12 23:34 - 2016-08-02 08:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-12 23:34 - 2016-08-02 08:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-12 23:34 - 2016-08-02 08:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-12 23:34 - 2016-08-02 08:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-12 23:34 - 2016-08-02 08:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-12 23:34 - 2016-08-02 08:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-12 23:34 - 2016-08-02 08:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-12 23:34 - 2016-08-02 08:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-12 23:34 - 2016-08-02 08:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-12 23:34 - 2016-08-02 08:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-12 23:34 - 2016-08-02 08:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-12 23:34 - 2016-08-02 08:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-12 23:34 - 2016-08-02 08:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-12 23:34 - 2016-08-02 08:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-12 23:34 - 2016-08-02 08:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-12 23:34 - 2016-08-02 08:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-12 23:34 - 2016-08-02 08:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-08-12 23:34 - 2016-08-02 08:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-12 23:34 - 2016-08-02 07:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-12 23:34 - 2016-08-02 07:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-12 23:34 - 2016-08-02 07:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-12 23:34 - 2016-08-02 07:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-12 23:34 - 2016-08-02 07:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-12 23:34 - 2016-08-02 07:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-12 23:34 - 2016-08-02 07:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-08-12 23:34 - 2016-08-02 07:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-12 23:34 - 2016-08-02 07:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-08-12 23:34 - 2016-08-02 07:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-08-12 23:34 - 2016-08-02 07:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-08-12 23:34 - 2016-08-02 07:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-12 23:34 - 2016-08-02 07:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-08-12 23:34 - 2016-08-02 07:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-08-12 23:34 - 2016-08-02 07:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-08-12 23:34 - 2016-08-02 07:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-12 23:34 - 2016-08-02 07:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-08-12 23:34 - 2016-08-02 07:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-08-12 23:34 - 2016-08-02 07:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-12 23:34 - 2016-08-02 07:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-12 23:34 - 2016-08-02 07:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-12 23:34 - 2016-08-02 07:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-12 23:34 - 2016-08-02 07:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-12 23:34 - 2016-08-02 07:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-08-12 23:34 - 2016-08-02 07:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-12 23:34 - 2016-08-02 07:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-12 23:34 - 2016-08-02 07:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-08-12 23:34 - 2016-08-02 07:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-08-12 23:34 - 2016-08-02 07:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-08-12 23:34 - 2016-08-02 07:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-08-12 23:34 - 2016-08-02 07:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-12 23:34 - 2016-08-02 07:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-08-12 23:34 - 2016-08-02 07:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-12 23:34 - 2016-08-02 07:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-08-12 23:34 - 2016-08-02 07:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-12 23:34 - 2016-08-02 07:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-12 23:34 - 2016-08-02 07:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-08-12 23:34 - 2016-08-02 07:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-12 23:34 - 2016-08-02 07:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-12 23:34 - 2016-08-02 06:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-12 23:34 - 2016-08-02 06:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-12 23:34 - 2016-08-02 06:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-12 23:34 - 2016-08-02 06:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-12 23:34 - 2016-07-08 17:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-12 23:34 - 2016-07-08 17:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-12 23:34 - 2016-07-08 17:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-12 23:34 - 2016-07-08 17:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-12 23:34 - 2016-07-08 17:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-12 23:34 - 2016-07-08 17:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-12 23:34 - 2016-07-08 17:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-12 23:34 - 2016-07-08 17:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-12 23:34 - 2016-07-08 17:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-12 23:34 - 2016-07-08 17:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-12 23:34 - 2016-07-08 17:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-12 23:34 - 2016-07-08 17:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-12 23:34 - 2016-07-08 17:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-12 23:34 - 2016-07-08 17:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-12 23:34 - 2016-07-08 17:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-12 23:34 - 2016-07-08 17:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-12 23:34 - 2016-07-08 17:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-12 23:34 - 2016-07-08 17:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-08-12 23:34 - 2016-07-08 17:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-12 23:34 - 2016-07-08 17:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-12 23:34 - 2016-07-08 17:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-08-12 23:34 - 2016-07-08 17:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-08-12 23:34 - 2016-07-08 17:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-08-12 23:34 - 2016-07-08 17:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-12 23:34 - 2016-07-08 17:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-12 23:34 - 2016-07-08 17:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-12 23:34 - 2016-07-08 17:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-12 23:34 - 2016-07-08 17:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-08-12 23:34 - 2016-07-08 17:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-08-12 23:34 - 2016-07-08 17:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-08-12 23:34 - 2016-07-08 17:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-08-12 23:34 - 2016-07-08 17:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-08-12 23:34 - 2016-07-08 17:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-08-12 23:34 - 2016-07-08 17:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-08-12 23:34 - 2016-07-08 17:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-08-12 23:34 - 2016-07-08 17:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-12 23:34 - 2016-07-08 16:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-12 23:34 - 2016-07-08 16:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-12 23:34 - 2016-07-08 16:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-12 23:34 - 2016-07-08 16:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-08-12 23:34 - 2016-07-08 16:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-12 23:34 - 2016-07-08 16:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-08-12 23:33 - 2016-07-08 17:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-05 22:12 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2016-08-05 22:12 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2016-08-05 22:01 - 2016-04-14 15:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-08-05 22:01 - 2016-04-14 15:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-08-05 22:01 - 2016-04-09 06:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-08-05 22:01 - 2016-04-09 05:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-08-05 22:01 - 2015-12-08 23:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-08-05 22:01 - 2015-12-08 21:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-08-05 22:01 - 2015-11-10 20:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-08-05 22:01 - 2015-11-10 20:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-08-05 22:01 - 2015-11-10 20:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-08-05 22:01 - 2015-07-30 20:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-08-05 22:01 - 2015-07-30 19:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-08-05 22:01 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2016-08-05 22:01 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2016-08-05 21:38 - 2016-08-05 21:38 - 00000000 ____D C:\Windows\Panther
2016-08-05 00:01 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2016-08-04 23:59 - 2016-08-04 23:59 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2016-08-04 23:59 - 2016-08-04 23:59 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2016-08-04 23:59 - 2016-08-04 23:59 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2016-08-04 23:59 - 2016-08-04 23:59 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2016-08-04 23:59 - 2016-08-04 23:59 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2016-08-04 23:59 - 2016-08-04 23:59 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-08-04 23:59 - 2016-08-04 23:59 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2016-08-04 23:59 - 2016-08-04 23:59 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2016-08-04 23:59 - 2016-08-04 23:59 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2016-08-04 23:59 - 2016-08-04 23:59 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2016-08-04 23:59 - 2016-08-04 23:59 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2016-08-04 23:59 - 2016-08-04 23:59 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2016-08-04 23:59 - 2016-08-04 23:59 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2016-08-04 23:59 - 2016-08-04 23:59 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2016-08-04 23:59 - 2016-08-04 23:59 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-08-04 23:59 - 2016-08-04 23:59 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2016-08-04 23:59 - 2016-08-04 23:59 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-08-04 23:59 - 2016-08-04 23:59 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2016-08-04 23:59 - 2016-08-04 23:59 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2016-08-04 23:59 - 2016-08-04 23:59 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2016-08-04 23:59 - 2016-08-04 23:59 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2016-08-04 23:59 - 2016-08-04 23:59 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2016-08-04 23:59 - 2016-08-04 23:59 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2016-08-04 23:59 - 2016-08-04 23:59 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2016-08-04 23:59 - 2016-08-04 23:59 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2016-08-04 23:59 - 2016-08-04 23:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2016-08-04 23:59 - 2016-08-04 23:59 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2016-08-04 23:59 - 2016-08-04 23:59 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2016-08-04 23:59 - 2016-08-04 23:59 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2016-08-04 23:59 - 2016-08-04 23:59 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2016-08-04 23:59 - 2016-08-04 23:59 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-08-04 23:59 - 2016-08-04 23:59 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2016-08-04 23:59 - 2016-08-04 23:59 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2016-08-04 23:59 - 2016-08-04 23:59 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2016-08-04 23:59 - 2016-08-04 23:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2016-08-04 23:59 - 2016-08-04 23:59 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2016-08-04 23:59 - 2016-08-04 23:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2016-08-04 23:59 - 2016-08-04 23:59 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2016-08-04 23:59 - 2016-08-04 23:59 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-08-04 23:59 - 2016-08-04 23:59 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2016-08-04 23:59 - 2016-08-04 23:59 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-08-04 23:59 - 2016-08-04 23:59 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2016-08-04 23:58 - 2016-08-04 23:58 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2016-08-04 23:58 - 2016-08-04 23:58 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2016-08-04 16:51 - 2016-04-14 17:17 - 00934080 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2016-08-04 16:51 - 2016-04-14 17:17 - 00392896 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2016-08-04 16:51 - 2016-04-14 17:17 - 00358080 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2016-08-04 16:51 - 2016-04-14 17:17 - 00066752 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2016-08-04 16:51 - 2016-04-14 17:17 - 00033472 _____ (VMware, Inc.) C:\Windows\system32\Drivers\VMkbd.sys
2016-08-04 16:51 - 2016-04-14 16:53 - 00026816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2016-08-04 16:51 - 2016-03-10 08:03 - 00057536 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2016-08-04 16:51 - 2015-11-05 19:25 - 00075512 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2016-08-04 16:51 - 2015-11-05 19:25 - 00068288 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2016-08-04 16:51 - 2015-11-05 19:25 - 00064192 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2016-08-04 16:50 - 2016-08-04 16:51 - 00000000 ____D C:\Program Files (x86)\VMware
2016-08-04 16:50 - 2016-08-04 16:50 - 00001493 _____ C:\Users\Public\Desktop\Start Andy.lnk
2016-08-04 16:50 - 2016-08-04 16:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2016-08-04 16:50 - 2016-08-04 16:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andy
2016-08-04 16:50 - 2016-08-04 16:50 - 00000000 ____D C:\Program Files\Common Files\VMware
2016-08-04 16:49 - 2016-08-26 19:29 - 00000000 ____D C:\Users\Juraj\AppData\Roaming\Andy
2016-08-04 16:49 - 2016-08-04 16:49 - 00000000 ____D C:\Users\Juraj\Andy
2016-08-04 16:49 - 2016-08-04 16:49 - 00000000 ____D C:\Program Files\Andy
2016-08-04 15:21 - 2016-08-04 15:22 - 02624529 _____ C:\Users\Juraj\Desktop\ESET-Smart-Security-9-+-CRACK-(Patrik559).zip
2016-08-04 14:29 - 2016-08-04 14:29 - 00000000 ____D C:\Users\Juraj\AppData\Local\ESET
2016-08-04 14:18 - 2016-08-04 16:33 - 00000000 ____D C:\ProgramData\Logic Handler
2016-08-04 14:18 - 2016-08-04 16:33 - 00000000 ____D C:\Program Files\BitTorrent
2016-08-04 14:18 - 2016-08-04 14:18 - 00041472 _____ C:\Users\Juraj\AppData\Local\Lottexon.dat
2016-08-04 14:18 - 2016-08-04 14:18 - 00003630 _____ C:\Windows\System32\Tasks\snp
2016-08-04 14:18 - 2016-08-04 14:18 - 00002401 _____ C:\Windows\SysWOW64\findit.xml
2016-08-04 14:18 - 2016-08-04 14:18 - 00000187 _____ C:\Users\Juraj\AppData\Local\Lottexon.exe.config
2016-08-04 14:18 - 2016-08-04 14:18 - 00000000 ____D C:\Users\Juraj\AppData\Roaming\Mozilla
2016-08-04 14:18 - 2016-08-04 14:18 - 00000000 ____D C:\ProgramData\Ronzaps
2016-08-04 14:17 - 2016-08-04 16:33 - 00000000 ____D C:\ProgramData\CloudPrinter
2016-08-04 14:17 - 2016-08-04 14:17 - 07129600 _____ C:\Users\Juraj\AppData\Roaming\agent.dat
2016-08-04 14:17 - 2016-08-04 14:17 - 01906688 _____ C:\Users\Juraj\AppData\Roaming\SailSolofind.tst
2016-08-04 14:17 - 2016-08-04 14:17 - 00848437 _____ C:\Users\Juraj\AppData\Roaming\ApZunfind.bin
2016-08-04 14:17 - 2016-08-04 14:17 - 00129024 _____ C:\Users\Juraj\AppData\Roaming\Installer.dat
2016-08-04 14:17 - 2016-08-04 14:17 - 00126464 _____ C:\Users\Juraj\AppData\Roaming\noah.dat
2016-08-04 14:17 - 2016-08-04 14:17 - 00126464 _____ C:\Users\Juraj\AppData\Roaming\lobby.dat
2016-08-04 14:17 - 2016-08-04 14:17 - 00072714 _____ C:\Users\Juraj\AppData\Roaming\Redtrax.tst
2016-08-04 14:17 - 2016-08-04 14:17 - 00070752 _____ C:\Users\Juraj\AppData\Roaming\Config.xml
2016-08-04 14:17 - 2016-08-04 14:17 - 00054272 _____ C:\Users\Juraj\AppData\Roaming\ApplicationHosting.dat
2016-08-04 14:17 - 2016-08-04 14:17 - 00019536 _____ C:\Users\Juraj\AppData\Roaming\InstallationConfiguration.xml
2016-08-04 14:17 - 2016-08-04 14:17 - 00018432 _____ C:\Users\Juraj\AppData\Roaming\Main.dat
2016-08-04 14:17 - 2016-08-04 14:17 - 00005568 _____ C:\Users\Juraj\AppData\Roaming\md.xml
2016-08-03 00:33 - 2016-08-03 00:33 - 00003132 _____ C:\Windows\System32\Tasks\{F03D0920-E087-4236-AB96-1721C875694F}
2016-08-02 23:57 - 2016-08-02 23:57 - 00000000 ____D C:\Users\Juraj\AppData\Local\Apple
2016-08-02 23:56 - 2016-08-02 23:56 - 00000000 ____D C:\Users\Juraj\AppData\LocalLow\Apple Computer
2016-08-02 00:04 - 2016-08-02 00:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\LuckyBrowse
2016-08-02 00:03 - 2016-08-02 00:03 - 00003062 _____ C:\Windows\System32\Tasks\LuckyBrowse
2016-08-02 00:03 - 2016-08-02 00:03 - 00000000 ____D C:\ProgramData\LuckyBrowse
2016-08-02 00:03 - 2016-08-02 00:03 - 00000000 ____D C:\Program Files (x86)\LuckyBrowse
2016-08-01 17:32 - 2016-08-01 17:32 - 00000202 _____ C:\Users\Juraj\Desktop\Robocraft.url
2016-07-30 20:32 - 2016-07-30 20:32 - 00000000 ___RD C:\Users\Juraj\Documents\Scanned Documents
2016-07-30 20:32 - 2016-07-30 20:32 - 00000000 ____D C:\Users\Juraj\Documents\Fax
2016-07-30 13:43 - 2016-07-30 13:43 - 00000000 ____D C:\Users\Juraj\AppData\Roaming\Frontier Developments
2016-07-30 13:43 - 2016-07-30 13:43 - 00000000 ____D C:\Users\Juraj\AppData\Local\Frontier Developments
2016-07-30 13:37 - 2016-08-07 22:02 - 00000000 ____D C:\Users\Juraj\AppData\Local\Frontier_Developments
2016-07-30 03:18 - 2016-07-30 03:18 - 00000202 _____ C:\Users\Juraj\Desktop\Elite Dangerous.url

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-28 16:21 - 2009-07-14 06:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-28 16:21 - 2009-07-14 06:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-27 22:27 - 2016-04-28 16:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-08-27 22:05 - 2016-04-28 15:53 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-27 13:20 - 2016-07-17 00:44 - 00000000 ____D C:\Users\Juraj\AppData\Local\Ubisoft Game Launcher
2016-08-26 18:27 - 2016-07-03 20:24 - 00000000 ____D C:\ProgramData\VMware
2016-08-25 20:37 - 2016-07-03 20:26 - 00000000 ____D C:\Users\Juraj\AppData\Roaming\VMware
2016-08-25 19:05 - 2016-07-03 15:41 - 00002966 _____ C:\Windows\System32\Tasks\AsrSP.exe
2016-08-25 19:04 - 2016-04-28 16:44 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-25 19:04 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-22 19:31 - 2016-04-28 15:24 - 00000000 ____D C:\Users\Juraj
2016-08-22 18:44 - 2016-05-05 20:01 - 00000000 ____D C:\Users\Juraj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-08-20 18:11 - 2016-06-28 17:47 - 00000002 _____ C:\END
2016-08-20 10:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-08-13 10:25 - 2009-07-14 06:45 - 05057720 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-13 10:05 - 2016-04-29 00:05 - 00000000 ____D C:\Windows\system32\MRT
2016-08-13 10:02 - 2016-04-29 00:05 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-12 23:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-08-07 17:17 - 2009-07-14 07:13 - 00787674 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-06 10:19 - 2016-06-01 20:09 - 00000290 __RSH C:\ProgramData\ntuser.pol
2016-08-06 10:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-08-05 21:38 - 2016-04-28 15:25 - 00001429 _____ C:\Users\Juraj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-08-04 16:50 - 2016-04-28 15:56 - 00792280 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-08-04 16:26 - 2016-06-21 14:57 - 00000000 ____D C:\ProgramData\HwinpH
2016-08-04 14:14 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-08-04 14:12 - 2016-06-08 19:51 - 00000000 ____D C:\Users\Juraj\AppData\Roaming\uTorrent
2016-08-03 00:50 - 2016-05-30 20:54 - 00000000 ____D C:\Users\Juraj\AppData\LocalLow\uTorrent
2016-08-03 00:36 - 2016-04-28 16:46 - 00000000 ____D C:\Users\Juraj\AppData\Local\CrashDumps
2016-08-02 00:03 - 2016-05-01 17:30 - 00000836 _____ C:\Users\Juraj\Desktop\ Crossout Launcher.lnk
2016-08-01 14:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2016-08-04 14:17 - 2016-08-04 14:17 - 7129600 _____ () C:\Users\Juraj\AppData\Roaming\agent.dat
2016-08-04 14:17 - 2016-08-04 14:17 - 0054272 _____ () C:\Users\Juraj\AppData\Roaming\ApplicationHosting.dat
2016-08-04 14:17 - 2016-08-04 14:17 - 0848437 _____ () C:\Users\Juraj\AppData\Roaming\ApZunfind.bin
2016-08-04 14:17 - 2016-08-04 14:17 - 0070752 _____ () C:\Users\Juraj\AppData\Roaming\Config.xml
2016-08-04 14:17 - 2016-08-04 14:17 - 0019536 _____ () C:\Users\Juraj\AppData\Roaming\InstallationConfiguration.xml
2016-08-04 14:17 - 2016-08-04 14:17 - 0129024 _____ () C:\Users\Juraj\AppData\Roaming\Installer.dat
2016-08-04 14:17 - 2016-08-04 14:17 - 0126464 _____ () C:\Users\Juraj\AppData\Roaming\lobby.dat
2016-08-04 14:17 - 2016-08-04 14:17 - 0018432 _____ () C:\Users\Juraj\AppData\Roaming\Main.dat
2016-08-04 14:17 - 2016-08-04 14:17 - 0005568 _____ () C:\Users\Juraj\AppData\Roaming\md.xml
2016-08-04 14:17 - 2016-08-04 14:17 - 0126464 _____ () C:\Users\Juraj\AppData\Roaming\noah.dat
2016-08-04 14:17 - 2016-08-04 14:17 - 0072714 _____ () C:\Users\Juraj\AppData\Roaming\Redtrax.tst
2016-08-04 14:17 - 2016-08-04 14:17 - 1906688 _____ () C:\Users\Juraj\AppData\Roaming\SailSolofind.tst
2016-08-04 14:18 - 2016-08-04 14:18 - 0001150 _____ () C:\Users\Juraj\AppData\Roaming\uninstall_temp.ico
2016-08-04 14:18 - 2016-08-04 14:18 - 0041472 _____ () C:\Users\Juraj\AppData\Local\Lottexon.dat
2016-08-04 14:18 - 2016-08-04 14:18 - 0000187 _____ () C:\Users\Juraj\AppData\Local\Lottexon.exe.config
2016-06-22 19:01 - 2016-06-22 19:01 - 0007605 _____ () C:\Users\Juraj\AppData\Local\Resmon.ResmonCfg
2016-04-28 16:01 - 2016-04-28 16:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Juraj\AppData\Local\Temp\ads.exe
C:\Users\Juraj\AppData\Local\Temp\avguirn_08923616762.exe
C:\Users\Juraj\AppData\Local\Temp\ccsetup521.exe
C:\Users\Juraj\AppData\Local\Temp\core.exe
C:\Users\Juraj\AppData\Local\Temp\eset_smart_security_live_installer.exe
C:\Users\Juraj\AppData\Local\Temp\HandBrake-0.10.5-x86_64-Win_GUI-1.exe
C:\Users\Juraj\AppData\Local\Temp\inbazahireglpn.ru_World.exe
C:\Users\Juraj\AppData\Local\Temp\inbezahireglpn.ru_World.exe
C:\Users\Juraj\AppData\Local\Temp\OperaSetup.exe
C:\Users\Juraj\AppData\Local\Temp\OverwolfInstaller.exe
C:\Users\Juraj\AppData\Local\Temp\QuickTimeInstaller(1).exe
C:\Users\Juraj\AppData\Local\Temp\QuickTimeInstaller(2).exe
C:\Users\Juraj\AppData\Local\Temp\QuickTimeInstaller.exe
C:\Users\Juraj\AppData\Local\Temp\QuickTime_Alternative_320.exe
C:\Users\Juraj\AppData\Local\Temp\QuickTime_Alternative_322.exe
C:\Users\Juraj\AppData\Local\Temp\setup.exe
C:\Users\Juraj\AppData\Local\Temp\UGA505t.exe
C:\Users\Juraj\AppData\Local\Temp\UplayInstaller.exe
C:\Users\Juraj\AppData\Local\Temp\utils.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: ESET Smart Security 9.0.385.1 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 9.0.385.1 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personálny firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Juraj\Desktop" je 43 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================




Dúfam že takto :)

Re: ADWARE+dodatocna kontrola

Napsal: 28 srp 2016 18:37
od Rudy
OK, to je ono. Otevřte poznámkový blok a zkopírujte do něj:
Start
HKU\S-1-5-21-1863964426-3214914518-2053773727-1000\...\MountPoints2: {e872f350-0d49-11e6-bb44-806e6f6e6963} - E:\Setup.exe
ShellExecuteHooks: - {7AD1C0F5-07A2-40E5-8608-C6EAA0FF362F} - No File [ ]
AutoConfigURL: [S-1-5-21-1863964426-3214914518-2053773727-1000] => hxxp://stoppblock.net/wpad.dat?d042fcc3 ... 8013641596
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=d ... 816482X&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=d ... 816482X&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=d ... 816482X&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=d ... 816482X&q={searchTerms}
HKU\S-1-5-21-1863964426-3214914518-2053773727-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... _mSmq0,&q={searchTerms}
HKU\S-1-5-21-1863964426-3214914518-2053773727-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=14 ... 482816482X
HKU\S-1-5-21-1863964426-3214914518-2053773727-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... _mSmq0,&q={searchTerms}
HKU\S-1-5-21-1863964426-3214914518-2053773727-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... _mSmq0,&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=d ... 816482X&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=d ... 816482X&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... _mSmq0,&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=d ... 816482X&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1863964426-3214914518-2053773727-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... _mSmq0,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1863964426-3214914518-2053773727-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=d ... 816482X&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1863964426-3214914518-2053773727-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... _mSmq0,&q={searchTerms}
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\ProgramData\DP45977C.lfl
C:\Users\Juraj\AppData\Local\Temp
Task: {2FB7BDB2-B12F-4A01-A136-01ADE412FC6E} - System32\Tasks\DocineUpdateTaskMachineCore => C:\Program Files (x86)\Docine\Update\DocineUpdate.exe <==== ATTENTION
Task: {3EAC8618-58B1-4A4B-B5B5-C323EBE6DAC0} - System32\Tasks\Ateredomkefisp Cache => C:\Program Files (x86)\Ateredomkefisp\AteredomkefispCchtask.exe <==== ATTENTION
Task: {99E0B0EE-AB8E-4355-B560-F051363F8257} - System32\Tasks\LuckyBrowse => C:\Program Files (x86)\LuckyBrowse\app\luckybrowse.exe <==== ATTENTION
Task: {AD7457F3-1D6F-44E6-9AA0-3D988C486EF5} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\AutoKMS\AutoKMS.exe
Task: {B0BEA5A4-37ED-4CBE-BBE1-398F98600FEE} - System32\Tasks\DocineUpdateTaskMachineUA => C:\Program Files (x86)\Docine\Update\DocineUpdate.exe <==== ATTENTION
Task: {CDE95124-7715-49CB-AA4A-33FBF81D3F6D} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\TXQQBrowser\Update\E82FEFE3DCCA25D33F386251D3A0F444\Update\BrowserUpdate.exe <==== ATTENTION
Task: {DBDAAD7D-4848-4760-BFDB-50B93D26C8B4} - System32\Tasks\snp => C:\ProgramData\Ronzap\Ronzap.exe <==== ATTENTION
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: ADWARE+dodatocna kontrola

Napsal: 28 srp 2016 18:41
od xXxJurajxXx
Obrázek

No toto mi ukazuje

Re: ADWARE+dodatocna kontrola

Napsal: 28 srp 2016 18:46
od Rudy
To je důkaz, že ESS funguje, jak má. Zkuste ještě tyto skeny:

1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;




Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

Re: ADWARE+dodatocna kontrola

Napsal: 28 srp 2016 19:28
od xXxJurajxXx
Tu je ten fixlist.

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-08-2016
Ran by Juraj (28-08-2016 20:18:59) Run:2
Running from C:\Users\Juraj\Desktop
Loaded Profiles: Juraj (Available Profiles: Juraj)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-1863964426-3214914518-2053773727-1000\...\MountPoints2: {e872f350-0d49-11e6-bb44-806e6f6e6963} - E:\Setup.exe
ShellExecuteHooks: - {7AD1C0F5-07A2-40E5-8608-C6EAA0FF362F} - No File [ ]
AutoConfigURL: [S-1-5-21-1863964426-3214914518-2053773727-1000] => hxxp://stoppblock.net/wpad.dat?d042fcc3 ... 8013641596
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=d ... 816482X&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=d ... 816482X&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=d ... 816482X&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=d ... 816482X&q={searchTerms}
HKU\S-1-5-21-1863964426-3214914518-2053773727-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... _mSmq0,&q={searchTerms}
HKU\S-1-5-21-1863964426-3214914518-2053773727-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=14 ... 482816482X
HKU\S-1-5-21-1863964426-3214914518-2053773727-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... _mSmq0,&q={searchTerms}
HKU\S-1-5-21-1863964426-3214914518-2053773727-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... _mSmq0,&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=d ... 816482X&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=d ... 816482X&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... _mSmq0,&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=d ... 816482X&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1863964426-3214914518-2053773727-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... _mSmq0,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1863964426-3214914518-2053773727-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=d ... 816482X&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1863964426-3214914518-2053773727-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... _mSmq0,&q={searchTerms}
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\ProgramData\DP45977C.lfl
C:\Users\Juraj\AppData\Local\Temp
Task: {2FB7BDB2-B12F-4A01-A136-01ADE412FC6E} - System32\Tasks\DocineUpdateTaskMachineCore => C:\Program Files (x86)\Docine\Update\DocineUpdate.exe <==== ATTENTION
Task: {3EAC8618-58B1-4A4B-B5B5-C323EBE6DAC0} - System32\Tasks\Ateredomkefisp Cache => C:\Program Files (x86)\Ateredomkefisp\AteredomkefispCchtask.exe <==== ATTENTION
Task: {99E0B0EE-AB8E-4355-B560-F051363F8257} - System32\Tasks\LuckyBrowse => C:\Program Files (x86)\LuckyBrowse\app\luckybrowse.exe <==== ATTENTION
Task: {AD7457F3-1D6F-44E6-9AA0-3D988C486EF5} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\AutoKMS\AutoKMS.exe
Task: {B0BEA5A4-37ED-4CBE-BBE1-398F98600FEE} - System32\Tasks\DocineUpdateTaskMachineUA => C:\Program Files (x86)\Docine\Update\DocineUpdate.exe <==== ATTENTION
Task: {CDE95124-7715-49CB-AA4A-33FBF81D3F6D} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\TXQQBrowser\Update\E82FEFE3DCCA25D33F386251D3A0F444\Update\BrowserUpdate.exe <==== ATTENTION
Task: {DBDAAD7D-4848-4760-BFDB-50B93D26C8B4} - System32\Tasks\snp => C:\ProgramData\Ronzap\Ronzap.exe <==== ATTENTION
End
*****************

HKU\S-1-5-21-1863964426-3214914518-2053773727-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e872f350-0d49-11e6-bb44-806e6f6e6963} => key not found.
HKCR\CLSID\{e872f350-0d49-11e6-bb44-806e6f6e6963} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{7AD1C0F5-07A2-40E5-8608-C6EAA0FF362F} => value not found.
HKCR\CLSID\{7AD1C0F5-07A2-40E5-8608-C6EAA0FF362F} => key not found.
HKU\S-1-5-21-1863964426-3214914518-2053773727-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-1863964426-3214914518-2053773727-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-1863964426-3214914518-2053773727-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-1863964426-3214914518-2053773727-1000\Software\Microsoft\Internet Explorer\Main\\Search Bar => value not found.
HKU\S-1-5-21-1863964426-3214914518-2053773727-1000\Software\Microsoft\Internet Explorer\Main\\SearchAssistant => value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch => key not found.
HKCR\Wow6432Node\CLSID\ielnksrch => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKU\S-1-5-21-1863964426-3214914518-2053773727-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-1863964426-3214914518-2053773727-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKU\S-1-5-21-1863964426-3214914518-2053773727-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} => key not found.
HKCR\CLSID\{ielnksrch} => key not found.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key not found.
"C:\ProgramData\DP45977C.lfl" => not found.

"C:\Users\Juraj\AppData\Local\Temp" folder move:

Could not move "C:\Users\Juraj\AppData\Local\Temp" => Scheduled to move on reboot.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FB7BDB2-B12F-4A01-A136-01ADE412FC6E} => key not found.
C:\Windows\System32\Tasks\DocineUpdateTaskMachineCore => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DocineUpdateTaskMachineCore => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EAC8618-58B1-4A4B-B5B5-C323EBE6DAC0} => key not found.
C:\Windows\System32\Tasks\Ateredomkefisp Cache => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ateredomkefisp Cache => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99E0B0EE-AB8E-4355-B560-F051363F8257} => key not found.
C:\Windows\System32\Tasks\LuckyBrowse => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LuckyBrowse => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD7457F3-1D6F-44E6-9AA0-3D988C486EF5} => key not found.
C:\Windows\System32\Tasks\AutoKMS => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => key not found.
"C:\Windows\AutoKMS\AutoKMS.exe" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0BEA5A4-37ED-4CBE-BBE1-398F98600FEE} => key not found.
C:\Windows\System32\Tasks\DocineUpdateTaskMachineUA => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DocineUpdateTaskMachineUA => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CDE95124-7715-49CB-AA4A-33FBF81D3F6D} => key not found.
C:\Windows\System32\Tasks\Browser Updater Task(Core) => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Updater Task(Core) => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBDAAD7D-4848-4760-BFDB-50B93D26C8B4} => key not found.
C:\Windows\System32\Tasks\snp => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\snp => key not found.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 28-08-2016 20:20:10)

C:\Users\Juraj\AppData\Local\Temp => moved successfully

==== End of Fixlog 20:20:11 ====


Tu je zoek



Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Juraj on ne 28. 08. 2016 at 20:24:43,62.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Juraj\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

28. 8. 2016 20:25:40 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\GUM118C.tmp deleted successfully
C:\PROGRA~2\Pucupy deleted successfully
C:\PROGRA~2\COMMON~1\Single-Ing deleted successfully
C:\Program Files\Google deleted successfully
C:\PROGRA~3\Docine deleted successfully
C:\Users\Juraj\AppData\Roaming\Checkers deleted successfully
C:\Users\Juraj\AppData\Roaming\eCyber deleted successfully
C:\Users\Juraj\AppData\Roaming\Opera Software deleted successfully
C:\Users\Juraj\AppData\Roaming\VMware deleted successfully
C:\Users\Juraj\AppData\Local\Opera Software deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CloudPrinter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\CloudPrinter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QMUdisk deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\QMUdisk deleted successfully

==== Deleting Files \ Folders ======================

C:\PROGRA~2\AGEIA Technologies not found
C:\PROGRA~2\GUM118C.tmp not found
C:\PROGRA~2\Pucupy not found
C:\Users\Juraj\AppData\Roaming\TSv deleted
C:\Users\Juraj\.android deleted
C:\PROGRA~2\SFK deleted
C:\Users\Juraj\AppData\Roaming\uninstall_temp.ico deleted
C:\Users\Juraj\AppData\Roaming\Tencent deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Tencent deleted
C:\PROGRA~3\TXQMPC deleted
C:\PROGRA~3\Tencent deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Juraj\AppData\Local\Lottexon.exe.config deleted
C:\Users\Juraj\AppData\Local\MSGBOX.EXE deleted
C:\Users\Juraj\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108 deleted
C:\windows\SysNative\drivers\TFsFltX64.sys deleted
C:\END deleted
C:\windows\SysNative\GroupPolicy\Adm deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fcgnigmofekcllgbiejhmigggmgehkip - No path found[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuELOv6gcKLJwcuqUSUXMrHX-2desIuPG7m1DZsIn45ub0CNHCv97QTGHfBH-0-d6l0VcxYzFQ6JAe9O9DCxZzJ0UgwCEIjSHMi75xFxhGv1zer6FMtM9KEbXGP7MWIIxqqYh-yuSemM1DxD27kgCXJP0ayvYuaMTo5E2c_mSmq0,&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuELOv6gcKLJwcuqUSUXMrHX-2desIuPG7m1DZsIn45ub0CNHCv97QTGHfBH-0-d6l0VcxYzFQ6JAe9O9DCxZzJ0UgwCEIjSHMi75xFxhGv1zer6FMtM9KEbXGP7MWIIxqqYh-yuSemM1DxD27kgCXJP0ayvYuaMTo5E2c_mSmq0,&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuELOv6gcKLJwcuqUSUXMrHX-2desIuPG7m1DZsIn45ub0CNHCv97QTGHfBH-0-d6l0VcxYzFQ6JAe9O9DCxZzJ0UgwCEIjSHMi75xFxhGv1zer6FMtM9KEbXGP7MWIIxqqYh-yuSemM1DxD27kgCXJP0ayvYuaMTo5E2c_mSmq0,&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuELOv6gcKLJwcuqUSUXMrHX-2desIuPG7m1DZsIn45ub0CNHCv97QTGHfBH-0-d6l0VcxYzFQ6JAe9O9DCxZzJ0UgwCEIjSHMi75xFxhGv1zer6FMtM9KEbXGP7MWIIxqqYh-yuSemM1DxD27kgCXJP0ayvYuaMTo5E2c_mSmq0,&q={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchT ... urceid=ie7
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchT ... urceid=ie7
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchT ... urceid=ie7

==== Reset Google Chrome ======================

C:\Users\Juraj\AppData\Local\Maelstrom\User Data\Default\Preferences was reset successfully
C:\Users\Juraj\AppData\Local\Maelstrom\User Data\Default\Web Data was reset successfully
C:\Users\Juraj\AppData\Local\Maelstrom\User Data\Default\Web Data-journal was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Juraj\Desktop\ Crossout Launcher.lnk - D:\Games\Crossout\launcher.exe "http://safesurfs.net/?ssid=1470089005&a ... 41d1694d3a"
C:\Users\Juraj\Desktop\D3DGear.lnk - C:\Program Files\D3DGear\d3dGear.exe
C:\Users\Juraj\Desktop\Grand Theft Auto V.lnk - D:\Games\Grand Theft Auto V\PlayGTAV.exe
C:\Users\Juraj\Desktop\GTA Online.lnk - D:\Games\Grand Theft Auto V\PlayGTAV.exe -StraightIntoFreemode
C:\Users\Juraj\Desktop\GTAV verify_files.lnk - D:\Games\Grand Theft Auto V\GTAVLauncher.exe -verify
C:\Users\Juraj\Desktop\Uplay.lnk - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\A-Tuning.lnk - C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\ATuning.exe
C:\Users\Public\Desktop\Adobe Reader 9.lnk - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Battlefield 4.lnk - C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
C:\Users\Public\Desktop\ESET Ochrana online platieb.lnk - C:\Program Files (x86)\ESET\ESET Smart Security\ecmd.exe /startprotectedbrowser
C:\Users\Public\Desktop\Euro Truck Simulator 2 Multiplayer.lnk - D:\Games\TruckersMP\launcher_ets2mp.exe
C:\Users\Public\Desktop\GeForce Experience.lnk - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe
C:\Users\Public\Desktop\Maxthon Cloud Browser.lnk - C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
C:\Users\Public\Desktop\Origin.lnk - C:\Program Files (x86)\Origin\Origin.exe
C:\Users\Public\Desktop\Overwolf.lnk - C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe
C:\Users\Public\Desktop\Start Andy.lnk - C:\Program Files\Andy\HandyAndy.exe startandy
C:\Users\Public\Desktop\Steam.lnk - D:\Steam\Steam.exe
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Juraj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSnapdoAMRev&co=SK&userid=1d07b5de-cb82-6e17-d4cf-b545a2f9ab94&searchtype=sc&installDate=04.
C:\Users\Juraj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe "http://safesurfs.net/?ssid=1470089005&a ... 41d1694d3a"
C:\Users\Juraj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossout\ Crossout Launcher.lnk - D:\Games\Crossout\launcher.exe "http://safesurfs.net/?ssid=1470089005&a ... 41d1694d3a"
C:\Users\Juraj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf\Overwolf.lnk - C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe
C:\Users\Juraj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf\Uninstall Overwolf.lnk - C:\Program Files (x86)\Overwolf\OWUninstaller.exe
C:\Users\Juraj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uninstall.lnk - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe
C:\Users\Juraj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uplay.lnk - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\LuckyBrowse\Remove.lnk - C:\Program Files (x86)\LuckyBrowse\misc\uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andy\HandyAndy.lnk - C:\Program Files\Andy\HandyAndy.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andy\Start Andy.lnk - C:\Program Files\Andy\HandyAndy.exe startandy
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D3DGear\D3DGear.lnk - C:\Program Files\D3DGear\d3dGear.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D3DGear\Uninstall D3DGear.lnk - C:\Program Files\D3DGear\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Smart Security\ESET Ochrana online platieb.lnk - C:\Program Files (x86)\ESET\ESET Smart Security\ecmd.exe /startprotectedbrowser
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Smart Security\ESET Smart Security.lnk - C:\Program Files (x86)\ESET\ESET Smart Security\egui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Smart Security\ESET SysInspector.lnk - C:\Program Files (x86)\ESET\ESET Smart Security\SysInspector.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Smart Security\ESET SysRescue.lnk - C:\Program Files (x86)\ESET\ESET Smart Security\SysRescue.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Smart Security\Licenčná dohoda.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Smart Security\Odinštalovať.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Battlefield 4™ (64 bit).lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Battlefield 4™.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxthon 5\Maxthon 5.lnk - C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe "http://safesurfs.net/?ssid=1470089005&a ... 41d1694d3a"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxthon 5\Uninstall.lnk - C:\Program Files (x86)\Maxthon5\Bin\Mx3UnInstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxthon Cloud Browser\Maxthon Cloud Browser.lnk - C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxthon Cloud Browser\Uninstall.lnk - C:\Program Files (x86)\Maxthon\Bin\Mx3UnInstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\Grand Theft Auto V\Grand Theft Auto V.lnk - D:\Games\Grand Theft Auto V\PlayGTAV.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\Grand Theft Auto V\GTA Online.lnk - D:\Games\Grand Theft Auto V\PlayGTAV.exe -StraightIntoFreemode
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HandyAndy.lnk - C:\Program Files\Andy\HandyAndy.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TruckersMP\Euro Truck Simulator 2 Multiplayer.lnk - D:\Games\TruckersMP\launcher_ets2mp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware\VMware Workstation 12 Player.lnk - C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Juraj\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\D3DGear.lnk - C:\Program Files\D3DGear\d3dGear.exe
C:\Users\Juraj\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSnapdoAMRev&co=SK&userid=1d07b5de-cb82-6e17-d4cf-b545a2f9ab94&searchtype=sc&installDate=04.
C:\Users\Juraj\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Juraj\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Juraj\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Juraj\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\8a181d740b7b756d\Docine.lnk - C:\Program Files (x86)\Docine\Application\chrome.exe "http://safesurfs.net/?ssid=1470089005&a ... 41d1694d3a"
C:\Users\Juraj\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files (x86)\Docine\Application\chrome.exe http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSnapdoAMRev&co=SK&userid=1d07b5de-cb82-6e17-d4cf-b545a2f9ab94&searchtype=sc&installDate=04.
C:\Users\Juraj\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Grand Theft Auto V.lnk - D:\Games\Grand Theft Auto V\PlayGTAV.exe
C:\Users\Juraj\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\GTA Online.lnk - D:\Games\Grand Theft Auto V\PlayGTAV.exe -StraightIntoFreemode
C:\Users\Juraj\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Docine\Application\chrome.exe http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSnapdoAMRev&co=SK&userid=1d07b5de-cb82-6e17-d4cf-b545a2f9ab94&searchtype=sc&installDate=04.
C:\Users\Juraj\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSnapdoAMRev&co=SK&userid=1d07b5de-cb82-6e17-d4cf-b545a2f9ab94&searchtype=sc&installDate=04.
C:\Users\Juraj\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Maxthon Cloud Browser.lnk - C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
C:\Users\Juraj\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Juraj\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

==== shortcuts After Repair ======================

C:\Users\Juraj\Desktop\ Crossout Launcher.lnk - D:\Games\Crossout\launcher.exe
C:\Users\Juraj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Juraj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff
C:\Users\Juraj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossout\ Crossout Launcher.lnk - D:\Games\Crossout\launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxthon 5\Maxthon 5.lnk - C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
C:\Users\Juraj\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Juraj\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\8a181d740b7b756d\Docine.lnk - C:\Program Files (x86)\Docine\Application\chrome.exe
C:\Users\Juraj\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files (x86)\Docine\Application\chrome.exe
C:\Users\Juraj\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Docine\Application\chrome.exe
C:\Users\Juraj\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Juraj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Juraj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Juraj\AppData\Local\Maelstrom\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=660 folders=341 151341758 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Juraj\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Juraj\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found

==== EOF on ne 28. 08. 2016 at 20:37:17,70 ======================


A tu je Junkware


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Home Premium x64
Ran by Juraj (Administrator) on ne 28. 08. 2016 at 20:40:27,81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 11

Successfully deleted: C:\ProgramData\cloudprinter (Folder)
Successfully deleted: C:\Windows\SysWOW64\findit.xml (File)
Successfully deleted: C:\Program Files\Common Files\tencent (Folder)
Successfully deleted: C:\Users\Juraj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\250Z7O7C (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Juraj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2JC358OX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Juraj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6K08ACAZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Juraj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7696N81L (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\250Z7O7C (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2JC358OX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6K08ACAZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7696N81L (Temporary Internet Files Folder)



Registry: 1

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\TSSKX64 (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 28. 08. 2016 at 20:41:18,75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Re: ADWARE+dodatocna kontrola

Napsal: 28 srp 2016 20:19
od Rudy
Změnilo se něco nyní?

Re: ADWARE+dodatocna kontrola

Napsal: 28 srp 2016 20:24
od xXxJurajxXx
Reklamy zdása zmizly ale ten stoppblock sa mi stále ukazuje. Dík aspoň zatie reklamy :)

Re: ADWARE+dodatocna kontrola

Napsal: 28 srp 2016 20:29
od Rudy
Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Re: ADWARE+dodatocna kontrola

Napsal: 28 srp 2016 20:46
od xXxJurajxXx
Správu dávam do prílohy je vraj moc dlhá.
Obrázek
Anti-Malware mam ak tak stále zapnutý.

Re: ADWARE+dodatocna kontrola

Napsal: 28 srp 2016 21:39
od Rudy
Všechny nálezy smažte.

Re: ADWARE+dodatocna kontrola

Napsal: 28 srp 2016 21:44
od xXxJurajxXx
Ok vymazal som a pre istotu dal som skontrolovať znova.

Re: ADWARE+dodatocna kontrola

Napsal: 28 srp 2016 21:48
od Rudy
OK.

Re: ADWARE+dodatocna kontrola

Napsal: 28 srp 2016 21:55
od xXxJurajxXx
No dal reštartovať PC ako si žiadalo a teraz mám len čiernu obrazovku tak píšem z mobilu.

Hmm až po niekoľkých minútach naskočil obraz a zvučka spustenia windowsu bolo to normálne?

Vymazalo mi síce Google Chrome ale už mi neukazuje ten stoppblocker
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz