VIRY.CZ

Dobrý den,
dneska jsem stahoval věci na server a poté se mi začala samo spouštět prohlížeč mozilla firefox, kterou používám jako primární prohlížeč.
Mozilla se zapne s nabídkou, že PC může pracovat o 67% rychleji/lépe nebo něco v takovém smyslu a chápu že tohle je nesmysl.


Logfile of random's system information tool 1.14 (written by random/random)
Run by PC at 2017-01-20 00:52:30
Microsoft Windows 10 Home
System drive C: has 841 GB (88%) free of 953 GB
Total RAM: 8143 MB (70% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:52:36, on 20.01.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Games\World_of_Tanks\WargamingGameUpdater.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\SHU\SHU.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\SHU\QtWebEngineProcess.exe
C:\Program Files\trend micro\PC_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ru/cnt/10445?gp=818411
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: MRSearchPlugin - {8E8F97CD-60B5-456F-A201-73065652D099} - C:\Users\PC\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [StatusAlerts] "C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [World of Tanks] "C:\Games\World_of_Tanks\WargamingGameUpdater.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [SkypeVoiceChanger] C:\Program Files (x86)\AthTek\Voice Changer for Skype\SkypeVoiceChanger.exe /auto
O4 - HKCU\..\Run: [SHU] "C:\Program Files (x86)\SHU\SHU.exe" silent
O4 - HKCU\..\Run: [mailruhomesearch] "C:\Users\PC\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe" --pr_deferred
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-755872668-3960088791-3099136738-1003\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'UpdatusUser')
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\WINDOWS\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9165 bytes

======Enumerating Processes======

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalService
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\system32\atieclxx.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\sihost.exe
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
"C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe"
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\dashost.exe
"C:\WINDOWS\system32\rundll32.exe" Shell32.dll,Control_RunDLL mmsys.cpl
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Program Files (x86)\TeamViewer\TeamViewer.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -private-window
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files (x86)\TeamViewer\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer11_Logfile.log
"C:\Program Files (x86)\TeamViewer\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer11_Logfile.log
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe"
"C:\Program Files (x86)\Steam\Steam.exe" -silent
"C:\Games\World_of_Tanks\WargamingGameUpdater.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files (x86)\SHU\SHU.exe" silent
"C:\Program Files\Rainmeter\Rainmeter.exe"
"C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe"
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
"C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
"C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" "-cachedir=C:\Users\PC\AppData\Local\Steam\htmlcache" "-steampid=5720" "-buildid=1482202200" "-steamid=0" --disable-gpu-compositing --disable-gpu --process-per-tab --disable-spell-checking --disable-out-of-process-pac --disable-smooth-scrolling --enable-direct-write
"C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 "--database=C:\Users\PC\AppData\Local\Chromium\User Data\Crashpad" "--metrics-dir=C:\Users\PC\AppData\Local\Chromium\User Data" --annotation=channel= --annotation=plat=Win32 --annotation=prod= --annotation=ver=01.00.00.01-devel --handshake-handle=0x2dc
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="5912.0.669549967\770663487" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 5912 "\\.\pipe\gecko-crash-server-pipe.5912" tab
"C:\Program Files (x86)\SHU\QtWebEngineProcess.exe" --type=renderer --enable-threaded-compositing --no-sandbox --enable-deferred-image-decoding --lang=cs --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-gpu-compositing --channel="2840.0.1169965670\1613677028" /prefetch:673131151
"C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe"
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
C:\WINDOWS\system32\AUDIODG.EXE 0x49c
C:\WINDOWS\system32\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09}
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 636 640 648 8192 644
C:\Windows\System32\smartscreen.exe -Embedding
"C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe" -ServerName:App.AppXk7vvv12h4qrkhkbvf6j86ja45mzj5km9.mca
C:\Program Files\Windows Defender\MpCmdRun.exe
"C:\Users\PC\Downloads\RSITx64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\system32\tasks\HPLJCustParticipation - "C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe"
C:\WINDOWS\system32\tasks\hptop - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://hptop.ru/magicsm
C:\WINDOWS\system32\tasks\OneDrive Standalone Update Task v2 - %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTask - %windir%\System32\XblGameSaveTask.exe standby
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon - %windir%\System32\XblGameSaveTask.exe logon
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\WINDOWS\system32\sc.exe start wuauserv
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -upload
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - %ProgramFiles%\Windows Defender\MpCmdRun.exe Scan -ScheduleJob
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification
C:\WINDOWS\system32\tasks\Microsoft\Windows\WCM\WiFiTask - %SystemRoot%\System32\WiFiTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval - %systemroot%\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Reboot - %systemroot%\system32\MusNotification.exe RebootDialog
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Refresh Settings - %systemroot%\system32\usoclient.exe RefreshSettings
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot - %systemroot%\system32\usoclient.exe ResumeUpdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan - %systemroot%\system32\usoclient.exe StartScan
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display - %systemroot%\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot - %systemroot%\system32\MusNotification.exe ReadyToReboot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\WINDOWS\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\WINDOWS\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization - %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500
C:\WINDOWS\system32\tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask - %windir%\system32\speech_onecore\common\SpeechModelDownload.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\spaceman.exe /Work
C:\WINDOWS\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SharedPC\Account Cleanup - %windir%\System32\rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\WINDOWS\system32\tasks\Microsoft\Windows\NlaSvc\WiFiTask - %SystemRoot%\System32\WiFiTask.exe nla
C:\WINDOWS\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Logon - %windir%\system32\ProvTool.exe /turn 5
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotificationWindows.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClient - %windir%\system32\dmclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload - %windir%\system32\dmclient.exe utcwnf
C:\WINDOWS\system32\tasks\Microsoft\Windows\DUSM\dusmtask - %SystemRoot%\System32\dusmtask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskFootprint\Diagnostics - %windir%\system32\disksnapshot.exe -z
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\WINDOWS\system32\tasks\Microsoft\Windows\Device Information\Device - %windir%\system32\devicecensus.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\WINDOWS\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Clip\License Validation - %SystemRoot%\system32\ClipUp.exe -p -s -o
C:\WINDOWS\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierdaily - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierinstall - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattelrunner.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\WINDOWS\system32\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe /send
C:\WINDOWS\system32\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /f

=========Mozilla firefox=========

ProfilePath - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\t4og3rq4.default

prefs.js - "browser.startup.homepage" - "https://www.google.cz/?gfe_rd=cr&ei=0lx ... gws_rd=ssl"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll


C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\t4og3rq4.default\addons.json
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\t4og3rq4.default\extensions.json
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\t4og3rq4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\t4og3rq4.default\pluginreg.dat
Plugin - Google Update - 1.3.32.7 - C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
Plugin - NVIDIA 3D VISION - 7.17.13.2723 - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
Plugin - NVIDIA 3D Vision - 7.17.13.2723 - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
Plugin - Unity Player - 5.3.5.3775 - C:\Users\PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

=========Google Chrome=========

C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace Google 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension ccfifbojenkenpkmnbnndeadpfdiffof 1 Домашняя страница Mail.Ru 11.0.26
Extension cfhdojbkjhnklbpkdaibdccddilifddb 1 Adblock Plus 1.12.4
Extension dhdgffkkebhmkfjojejmpbldmpobfkfo 1 Tampermonkey 4.1.10
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky Google 1.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.38
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.1
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.0
Extension oelpkepjlgmehajehfeicfbjdiobdkfj 1 Визуальные Закладки Mail.Ru 7.1.30
Extension ojlcebdkbpjdpiligkdbbkdkfjmchbfd 1 Поиск Mail.Ru 12.0.11
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5516.1005.0.3
Homepage: http://mail.ru/cnt/10445?gp=818411
default_search_provider.search_url:
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd]
"Path"=


======Registry dump======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2017-01-18 553384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2017-01-18 210856]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099}]
Ďîčńę@Mail.Ru - C:\Users\PC\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll [2017-01-19 2551000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsDefender"=C:\Program Files\Windows Defender\MSASCuiL.exe [2016-09-06 631808]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2013-02-21 7018568]
"Nvtmru"=C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [2013-08-27 1028896]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2016-12-19 2876704]
"World of Tanks"=C:\Games\World_of_Tanks\WargamingGameUpdater.exe [2016-11-18 3135752]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-12-20 27250144]
"SkypeVoiceChanger"=C:\Program Files (x86)\AthTek\Voice Changer for Skype\SkypeVoiceChanger.exe /auto []
"SHU"=C:\Program Files (x86)\SHU\SHU.exe [2016-10-12 1058472]
"mailruhomesearch"=C:\Users\PC\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe --pr_deferred []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-11-04 767176]
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30 96056]
""= []
"StatusAlerts"=C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [2014-02-12 330040]

C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Rainmeter.lnk - C:\Program Files\Rainmeter\Rainmeter.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux4"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-01-20 00:52:31 ----D---- C:\Program Files\trend micro
2017-01-20 00:52:30 ----D---- C:\rsit
2017-01-19 21:50:15 ----D---- C:\Program Files (x86)\Mail.Ru
2017-01-19 21:49:27 ----D---- C:\ProgramData\Mail.Ru
2017-01-19 20:48:22 ----D---- C:\Users\PC\AppData\Roaming\GHISLER
2017-01-19 20:48:22 ----D---- C:\totalcmd
2017-01-19 10:42:56 ----D---- C:\WINDOWS\LastGood
2017-01-18 18:50:34 ----AD---- C:\Program Files (x86)\SHU
2017-01-18 18:36:54 ----D---- C:\Users\PC\AppData\Roaming\Rainmeter
2017-01-18 18:36:49 ----AD---- C:\Program Files\Rainmeter
2017-01-18 10:07:44 ----A---- C:\WINDOWS\system32\javaws.exe
2017-01-18 10:07:42 ----A---- C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-01-18 10:07:42 ----A---- C:\WINDOWS\system32\javaw.exe
2017-01-18 10:07:42 ----A---- C:\WINDOWS\system32\java.exe
2017-01-18 10:07:39 ----D---- C:\Program Files\Java
2017-01-16 17:56:43 ----D---- C:\Users\PC\AppData\Roaming\Curse
2017-01-16 17:55:05 ----D---- C:\Users\PC\AppData\Roaming\.technic
2017-01-13 14:17:32 ----D---- C:\WINDOWS\LastGood.Tmp
2017-01-11 21:20:26 ----D---- C:\ProgramData\NCH Software
2017-01-11 21:20:23 ----A---- C:\Users\PC\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2017-01-11 21:20:23 ----A---- C:\Users\PC\AppData\Roaming\trace_FilterInstaller.txt
2017-01-11 21:20:23 ----A---- C:\Users\PC\AppData\Roaming\trace_FilterInstaller.1.txt
2017-01-11 21:20:21 ----N---- C:\WINDOWS\system32\drivers\voxaldriverx64.sys
2017-01-11 21:20:21 ----D---- C:\Program Files (x86)\NCH Software
2017-01-11 21:20:19 ----D---- C:\Users\PC\AppData\Roaming\NCH Software
2017-01-11 20:38:43 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 20:38:42 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-11 20:38:41 ----A---- C:\WINDOWS\system32\Windows.Media.dll
2017-01-11 20:38:41 ----A---- C:\WINDOWS\system32\mfcore.dll
2017-01-11 20:38:40 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Logon.dll
2017-01-11 20:38:40 ----A---- C:\WINDOWS\SYSWOW64\InstallAgentUserBroker.exe
2017-01-11 20:38:40 ----A---- C:\WINDOWS\SYSWOW64\InstallAgent.exe
2017-01-11 20:38:40 ----A---- C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-11 20:38:39 ----A---- C:\WINDOWS\SYSWOW64\Windows.Storage.ApplicationData.dll
2017-01-11 20:38:39 ----A---- C:\WINDOWS\SYSWOW64\StoreAgent.dll
2017-01-11 20:38:39 ----A---- C:\WINDOWS\system32\mfnetsrc.dll
2017-01-11 20:38:39 ----A---- C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-11 20:38:39 ----A---- C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-11 20:38:39 ----A---- C:\WINDOWS\system32\d2d1.dll
2017-01-11 20:38:39 ----A---- C:\WINDOWS\system32\aeinv.dll
2017-01-11 20:38:38 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.CredDialogController.dll
2017-01-11 20:38:38 ----A---- C:\WINDOWS\system32\rdpencom.dll
2017-01-11 20:38:38 ----A---- C:\WINDOWS\system32\rdpcore.dll
2017-01-11 20:38:38 ----A---- C:\WINDOWS\system32\mstscax.dll
2017-01-11 20:38:38 ----A---- C:\WINDOWS\system32\mfnetcore.dll
2017-01-11 20:38:38 ----A---- C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-11 20:38:38 ----A---- C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-11 20:38:37 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Cred.dll
2017-01-11 20:38:37 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 20:38:37 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.BioFeedback.dll
2017-01-11 20:38:37 ----A---- C:\WINDOWS\SYSWOW64\msmpeg2vdec.dll
2017-01-11 20:38:37 ----A---- C:\WINDOWS\system32\wuuhext.dll
2017-01-11 20:38:37 ----A---- C:\WINDOWS\system32\wuaueng.dll
2017-01-11 20:38:37 ----A---- C:\WINDOWS\system32\winlogon.exe
2017-01-11 20:38:37 ----A---- C:\WINDOWS\system32\sppobjs.dll
2017-01-11 20:38:37 ----A---- C:\WINDOWS\system32\samsrv.dll
2017-01-11 20:38:37 ----A---- C:\WINDOWS\system32\lsasrv.dll
2017-01-11 20:38:37 ----A---- C:\WINDOWS\system32\D3D12.dll
2017-01-11 20:38:36 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2017-01-11 20:38:36 ----A---- C:\WINDOWS\SYSWOW64\aclui.dll
2017-01-11 20:38:36 ----A---- C:\WINDOWS\system32\shell32.dll
2017-01-11 20:38:35 ----A---- C:\WINDOWS\SYSWOW64\offlinesam.dll
2017-01-11 20:38:35 ----A---- C:\WINDOWS\system32\wuapi.dll
2017-01-11 20:38:35 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2017-01-11 20:38:34 ----A---- C:\WINDOWS\SYSWOW64\updatepolicy.dll
2017-01-11 20:38:34 ----A---- C:\WINDOWS\SYSWOW64\MSVP9DEC.dll
2017-01-11 20:38:34 ----A---- C:\WINDOWS\SYSWOW64\kerberos.dll
2017-01-11 20:38:34 ----A---- C:\WINDOWS\system32\wow64.dll
2017-01-11 20:38:34 ----A---- C:\WINDOWS\system32\WinSCard.dll
2017-01-11 20:38:34 ----A---- C:\WINDOWS\system32\updatepolicy.dll
2017-01-11 20:38:34 ----A---- C:\WINDOWS\system32\offlinesam.dll
2017-01-11 20:38:34 ----A---- C:\WINDOWS\system32\msv1_0.dll
2017-01-11 20:38:34 ----A---- C:\WINDOWS\system32\kerberos.dll
2017-01-11 20:38:34 ----A---- C:\WINDOWS\system32\ImplatSetup.dll
2017-01-11 20:38:33 ----A---- C:\WINDOWS\SYSWOW64\WinSCard.dll
2017-01-11 20:38:33 ----A---- C:\WINDOWS\SYSWOW64\indexeddbserver.dll
2017-01-11 20:38:33 ----A---- C:\WINDOWS\SYSWOW64\cryptui.dll
2017-01-11 20:38:33 ----A---- C:\WINDOWS\SYSWOW64\AudioSes.dll
2017-01-11 20:38:33 ----A---- C:\WINDOWS\SYSWOW64\AUDIOKSE.dll
2017-01-11 20:38:33 ----A---- C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-11 20:38:33 ----A---- C:\WINDOWS\system32\cryptui.dll
2017-01-11 20:38:33 ----A---- C:\WINDOWS\system32\certprop.dll
2017-01-11 20:38:32 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 20:38:32 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2017-01-11 20:38:32 ----A---- C:\WINDOWS\SYSWOW64\Chakradiag.dll
2017-01-11 20:38:30 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Xaml.dll
2017-01-11 20:38:30 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2017-01-11 20:38:30 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-11 20:38:29 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2017-01-11 20:38:29 ----A---- C:\WINDOWS\SYSWOW64\AzureSettingSyncProvider.dll
2017-01-11 20:38:28 ----A---- C:\WINDOWS\SYSWOW64\mspaint.exe
2017-01-11 20:38:28 ----A---- C:\WINDOWS\system32\win32kbase.sys
2017-01-11 20:38:28 ----A---- C:\WINDOWS\system32\Chakra.dll
2017-01-11 20:38:28 ----A---- C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-11 20:38:27 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2017-01-11 20:38:27 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-11 20:38:27 ----A---- C:\WINDOWS\system32\mspaint.exe
2017-01-11 20:38:26 ----A---- C:\WINDOWS\SYSWOW64\winmde.dll
2017-01-11 20:38:26 ----A---- C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-11 20:38:26 ----A---- C:\WINDOWS\system32\mshtml.dll
2017-01-11 20:38:26 ----A---- C:\WINDOWS\system32\indexeddbserver.dll
2017-01-11 20:38:25 ----A---- C:\WINDOWS\system32\winmde.dll
2017-01-11 20:38:25 ----A---- C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-11 20:38:25 ----A---- C:\WINDOWS\system32\twinui.dll
2017-01-11 20:38:25 ----A---- C:\WINDOWS\system32\aadcloudap.dll
2017-01-11 20:38:24 ----A---- C:\WINDOWS\system32\edgehtml.dll
2017-01-11 20:38:23 ----A---- C:\WINDOWS\system32\aadtb.dll
2017-01-11 20:38:22 ----A---- C:\WINDOWS\SYSWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-11 20:38:21 ----A---- C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 20:38:21 ----A---- C:\WINDOWS\system32\usocore.dll
2017-01-11 20:38:21 ----A---- C:\WINDOWS\system32\updatehandlers.dll
2017-01-11 20:38:21 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2017-01-11 20:38:21 ----A---- C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-11 20:38:20 ----A---- C:\WINDOWS\SYSWOW64\SyncSettings.dll
2017-01-11 20:38:20 ----A---- C:\WINDOWS\SYSWOW64\remoteaudioendpoint.dll
2017-01-11 20:38:20 ----A---- C:\WINDOWS\SYSWOW64\rdpencom.dll
2017-01-11 20:38:20 ----A---- C:\WINDOWS\SYSWOW64\rdpcore.dll
2017-01-11 20:38:20 ----A---- C:\WINDOWS\SYSWOW64\mstscax.dll
2017-01-11 20:38:20 ----A---- C:\WINDOWS\SYSWOW64\LaunchWinApp.exe
2017-01-11 20:38:20 ----A---- C:\WINDOWS\system32\rdpudd.dll
2017-01-11 20:38:20 ----A---- C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-11 20:38:20 ----A---- C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 20:38:19 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.dll
2017-01-11 20:38:19 ----A---- C:\WINDOWS\SYSWOW64\MSVPXENC.dll
2017-01-11 20:38:19 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2017-01-11 20:38:19 ----A---- C:\WINDOWS\SYSWOW64\LogonController.dll
2017-01-11 20:38:19 ----A---- C:\WINDOWS\SYSWOW64\CloudBackupSettings.dll
2017-01-11 20:38:19 ----A---- C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-11 20:38:19 ----A---- C:\WINDOWS\system32\win32kfull.sys
2017-01-11 20:38:19 ----A---- C:\WINDOWS\system32\win32k.sys
2017-01-11 20:38:19 ----A---- C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-11 20:38:18 ----A---- C:\WINDOWS\SYSWOW64\mfmp4srcsnk.dll
2017-01-11 20:38:18 ----A---- C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-11 20:38:18 ----A---- C:\WINDOWS\system32\SRHInproc.dll
2017-01-11 20:38:18 ----A---- C:\WINDOWS\system32\SRH.dll
2017-01-11 20:38:18 ----A---- C:\WINDOWS\system32\dosvc.dll
2017-01-11 20:38:18 ----A---- C:\WINDOWS\system32\domgmt.dll
2017-01-11 20:38:18 ----A---- C:\WINDOWS\system32\AudioSes.dll
2017-01-11 20:38:18 ----A---- C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-11 20:38:18 ----A---- C:\WINDOWS\system32\AudioEng.dll
2017-01-11 20:38:18 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-11 20:38:18 ----A---- C:\WINDOWS\system32\aclui.dll
2017-01-11 20:38:17 ----A---- C:\WINDOWS\SYSWOW64\mfnetsrc.dll
2017-01-11 20:38:17 ----A---- C:\WINDOWS\system32\StoreAgent.dll
2017-01-11 20:38:17 ----A---- C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-11 20:38:17 ----A---- C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-11 20:38:17 ----A---- C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-11 20:38:17 ----A---- C:\WINDOWS\system32\InstallAgent.exe
2017-01-11 20:38:17 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2017-01-11 20:38:17 ----A---- C:\WINDOWS\system32\ClipUp.exe
2017-01-11 20:38:17 ----A---- C:\WINDOWS\system32\audiosrv.dll
2017-01-11 20:38:16 ----A---- C:\WINDOWS\SYSWOW64\wuapi.dll
2017-01-11 20:38:16 ----A---- C:\WINDOWS\SYSWOW64\mfasfsrcsnk.dll
2017-01-11 20:38:16 ----A---- C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-11 20:38:16 ----A---- C:\WINDOWS\system32\wbiosrvc.dll
2017-01-11 20:38:16 ----A---- C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-11 20:38:16 ----A---- C:\WINDOWS\system32\drivers\vhdmp.sys
2017-01-11 20:38:15 ----A---- C:\WINDOWS\SYSWOW64\mfnetcore.dll
2017-01-11 20:38:15 ----A---- C:\WINDOWS\SYSWOW64\mfmpeg2srcsnk.dll
2017-01-11 20:38:15 ----A---- C:\WINDOWS\SYSWOW64\MCRecvSrc.dll
2017-01-11 20:38:15 ----A---- C:\WINDOWS\system32\winsrv.dll
2017-01-11 20:38:15 ----A---- C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 20:38:15 ----A---- C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-11 20:38:15 ----A---- C:\WINDOWS\system32\SyncSettings.dll
2017-01-11 20:38:15 ----A---- C:\WINDOWS\system32\securekernel.exe
2017-01-11 20:38:15 ----A---- C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-11 20:38:15 ----A---- C:\WINDOWS\system32\fhcfg.dll
2017-01-11 20:38:15 ----A---- C:\WINDOWS\system32\drivers\pci.sys
2017-01-11 20:38:15 ----A---- C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-11 20:38:15 ----A---- C:\WINDOWS\system32\cloudAP.dll
2017-01-11 20:38:14 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2017-01-11 20:38:10 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-11 20:38:09 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2017-01-11 20:38:09 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-11 20:38:08 ----A---- C:\WINDOWS\SYSWOW64\SettingSyncHost.exe
2017-01-11 20:38:08 ----A---- C:\WINDOWS\SYSWOW64\SettingSyncCore.dll
2017-01-11 20:38:07 ----A---- C:\WINDOWS\SYSWOW64\d2d1.dll
2017-01-11 20:38:07 ----A---- C:\WINDOWS\SYSWOW64\aadtb.dll
2017-01-11 20:38:07 ----A---- C:\WINDOWS\system32\LogonController.dll
2017-01-11 20:38:06 ----A---- C:\WINDOWS\SYSWOW64\win32k.sys
2017-01-11 20:38:06 ----A---- C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-11 20:38:06 ----A---- C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-11 20:38:05 ----A---- C:\WINDOWS\SYSWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 20:38:05 ----A---- C:\WINDOWS\SYSWOW64\msv1_0.dll
2017-01-11 20:38:05 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_47.dll
2017-01-11 20:38:05 ----A---- C:\WINDOWS\system32\provengine.dll
2017-01-11 20:38:05 ----A---- C:\WINDOWS\system32\MSVPXENC.dll
2017-01-11 20:38:04 ----A---- C:\WINDOWS\system32\KnobsCore.dll
2017-01-11 20:38:03 ----A---- C:\WINDOWS\SYSWOW64\D3D12.dll
2017-01-11 20:38:03 ----A---- C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-11 20:38:03 ----A---- C:\WINDOWS\system32\KnobsCsp.dll
2017-01-10 11:30:45 ----AD---- C:\Program Files\TeamSpeak 3 Client
2017-01-10 11:30:06 ----D---- C:\Users\PC\AppData\Roaming\java
2017-01-10 11:30:02 ----D---- C:\Users\PC\AppData\Roaming\.minecraft
2017-01-10 11:29:29 ----RD---- C:\Program Files (x86)\Skype
2017-01-10 11:29:25 ----D---- C:\ProgramData\Skype
2017-01-10 11:29:24 ----AD---- C:\Program Files (x86)\Minecraft
2017-01-08 20:24:00 ----D---- C:\Users\PC\AppData\Roaming\LolClient
2017-01-04 19:05:13 ----D---- C:\Users\PC\AppData\Roaming\Skype
2016-12-28 16:29:23 ----D---- C:\Users\PC\AppData\Roaming\Wargaming.net
2016-12-28 15:16:45 ----HD---- C:\WINDOWS\msdownld.tmp
2016-12-28 15:16:44 ----D---- C:\WINDOWS\SYSWOW64\directx
2016-12-28 15:16:39 ----D---- C:\Games
2016-12-28 11:51:25 ----D---- C:\ProgramData\Riot Games
2016-12-28 11:45:56 ----D---- C:\rads
2016-12-28 11:44:32 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_39.dll
2016-12-28 11:44:32 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_39.dll
2016-12-28 11:44:31 ----A---- C:\WINDOWS\SYSWOW64\D3DX9_39.dll
2016-12-28 11:44:18 ----D---- C:\Riot Games
2016-12-28 11:42:19 ----D---- C:\Users\PC\AppData\Roaming\Riot Games
2016-12-28 10:05:17 ----D---- C:\Users\PC\AppData\Roaming\Macromedia

======List of files/folders modified in the last 1 month======

2017-01-20 00:52:36 ----D---- C:\WINDOWS\prefetch
2017-01-20 00:52:31 ----RD---- C:\Program Files
2017-01-19 23:26:23 ----D---- C:\WINDOWS\Temp
2017-01-19 23:26:12 ----D---- C:\WINDOWS\System32
2017-01-19 23:26:12 ----D---- C:\ProgramData\NVIDIA
2017-01-19 23:21:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-19 23:20:38 ----D---- C:\Program Files (x86)\Steam
2017-01-19 23:14:32 ----D---- C:\WINDOWS\system32\sru
2017-01-19 23:14:24 ----D---- C:\WINDOWS\system32\SleepStudy
2017-01-19 21:50:40 ----RD---- C:\Program Files (x86)
2017-01-19 21:50:13 ----D---- C:\WINDOWS\system32\Tasks
2017-01-19 21:49:33 ----HD---- C:\WINDOWS\system32\GroupPolicy
2017-01-19 21:49:30 ----D---- C:\WINDOWS\SYSWOW64\GroupPolicy
2017-01-19 21:49:27 ----HD---- C:\ProgramData
2017-01-19 17:16:48 ----D---- C:\WINDOWS\system32\NDF
2017-01-19 16:39:50 ----AD---- C:\Program Files (x86)\TeamViewer
2017-01-19 16:38:49 ----D---- C:\WINDOWS\system32\catroot2
2017-01-19 14:49:23 ----SHD---- C:\System Volume Information
2017-01-19 14:07:48 ----D---- C:\WINDOWS\system32\config
2017-01-19 12:42:15 ----RD---- C:\WINDOWS\Microsoft.NET
2017-01-19 10:42:56 ----D---- C:\Windows
2017-01-19 10:29:21 ----D---- C:\WINDOWS\AppReadiness
2017-01-19 07:03:16 ----HD---- C:\Program Files\WindowsApps
2017-01-18 10:07:44 ----SHD---- C:\WINDOWS\Installer
2017-01-18 10:02:33 ----D---- C:\Program Files (x86)\Common Files
2017-01-18 10:02:23 ----D---- C:\WINDOWS\syswow64
2017-01-17 13:41:03 ----D---- C:\ProgramData\Oracle
2017-01-17 13:26:57 ----SD---- C:\Users\PC\AppData\Roaming\Microsoft
2017-01-16 07:41:23 ----D---- C:\WINDOWS\LiveKernelReports
2017-01-13 14:44:34 ----D---- C:\WINDOWS\rescache
2017-01-12 12:43:45 ----D---- C:\WINDOWS\WinSxS
2017-01-12 10:51:46 ----D---- C:\WINDOWS\INF
2017-01-12 08:52:04 ----D---- C:\WINDOWS\system32\DriverStore
2017-01-12 07:56:18 ----D---- C:\WINDOWS\system32\WinBioPlugIns
2017-01-12 07:56:18 ----D---- C:\WINDOWS\system32\wbem
2017-01-12 07:56:18 ----D---- C:\WINDOWS\system32\oobe
2017-01-12 07:56:18 ----D---- C:\WINDOWS\ShellExperiences
2017-01-12 07:56:17 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2017-01-12 07:56:17 ----D---- C:\WINDOWS\system32\drivers
2017-01-12 07:56:17 ----D---- C:\WINDOWS\Provisioning
2017-01-12 07:56:17 ----D---- C:\Program Files\Internet Explorer
2017-01-12 07:56:17 ----D---- C:\Program Files (x86)\Internet Explorer
2017-01-12 07:52:01 ----D---- C:\WINDOWS\CbsTemp
2017-01-12 07:46:49 ----D---- C:\WINDOWS\system32\MRT
2017-01-12 07:45:19 ----AC---- C:\WINDOWS\system32\MRT.exe
2017-01-03 07:51:32 ----AD---- C:\Program Files (x86)\Killing Room
2016-12-28 20:32:23 ----D---- C:\WINDOWS\system32\drivers\UMDF
2016-12-28 16:27:15 ----RSD---- C:\WINDOWS\Fonts
2016-12-28 13:25:40 ----D---- C:\WINDOWS\Minidump
2016-12-28 11:44:20 ----D---- C:\WINDOWS\Tasks
2016-12-25 17:10:18 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-25 17:10:18 ----AD---- C:\Program Files (x86)\Mozilla Firefox
2016-12-25 09:51:17 ----D---- C:\Users\PC\AppData\Roaming\uTorrent
2016-12-22 11:13:26 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe

File C:\WINDOWS\system32\winlogon.exe is digitally signed
File C:\WINDOWS\system32\wininit.exe is digitally signed
File C:\WINDOWS\explorer.exe is digitally signed
File C:\WINDOWS\SysWOW64\explorer.exe is digitally signed
File C:\WINDOWS\system32\svchost.exe is digitally signed
File C:\WINDOWS\SysWOW64\svchost.exe is digitally signed
File C:\WINDOWS\system32\services.exe is digitally signed
File C:\WINDOWS\system32\User32.dll is digitally signed
File C:\WINDOWS\SysWOW64\User32.dll is digitally signed
File C:\WINDOWS\system32\userinit.exe is digitally signed
File C:\WINDOWS\SysWOW64\userinit.exe is digitally signed
File C:\WINDOWS\system32\rpcss.dll is digitally signed
File C:\WINDOWS\system32\Drivers\volsnap.sys is digitally signed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\WINDOWS\System32\drivers\amd_sata.sys [2012-11-29 80552]
R0 amd_xata;amd_xata; C:\WINDOWS\System32\drivers\amd_xata.sys [2012-11-29 26280]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-100; C:\WINDOWS\system32\drivers\iorate.sys [2016-11-01 48992]
R2 AODDriver4.3;AODDriver4.3; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2014-02-11 59616]
R2 clreg;@%SystemRoot%\system32\drivers\registry.sys,-100; C:\WINDOWS\System32\drivers\registry.sys [2016-07-15 70144]
R3 NVHDA;@oem22.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda64v.sys [2013-06-16 196384]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys [2015-07-13 11139216]
R3 nvvad_WaveExtensible;@oem24.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\WINDOWS\system32\drivers\nvvad64v.sys [2013-08-20 39200]
R3 rt640x64;@rt640x64.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2016-07-15 589824]
R3 usbaudio;@wdma_usb.inf,%USBAudio.SvcDesc%;Ovladač zvuků USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2016-07-15 132096]
S0 amdkmafd;@oem9.inf,%AMDKMAFD_svcdesc%;AMD Audio Bus Lower Filter; C:\WINDOWS\System32\drivers\amdkmafd.sys [2012-09-22 21160]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-04 64352]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2016-07-15 88416]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-07-15 18432]
S3 amdkmdag;amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2015-12-16 21648880]
S3 amdkmdap;amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [2015-12-16 674288]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2016-07-15 15360]
S3 AtiHDAudioService;@oem1.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdWT6.sys [2015-05-27 102912]
S3 dtlitescsibus;@oem3.inf,%DTLITESCSIBUS.DeviceDesc%;DAEMON Tools Lite Virtual SCSI Bus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [2016-05-12 30264]
S3 dtliteusbbus;@oem0.inf,%DTLITEUSBBUS.DeviceDesc%;DAEMON Tools Lite Virtual USB Bus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [2016-05-12 47672]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2016-08-05 73568]
S3 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-07-15 346976]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-07-15 2104160]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2016-07-15 33280]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-07-15 64512]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-07-15 35840]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2016-07-15 120320]
S3 ISCT;@oem15.inf,%ISCT.DeviceDesc%;Intel(R) Smart Connect Technology Device Driver; C:\WINDOWS\System32\drivers\ISCTD64.sys [2012-07-23 46016]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2016-07-15 90624]
S3 RtlWlanu_OldIC;@rtwlanu_oldIC.inf,%RtlWlanu_OldIC.DeviceDesc.DispName%;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter; C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys [2016-07-15 3814400]
S3 scmdisk0101;@scmdisk0101.inf,%scmdisk0101.SvcDesc%;Microsoft NVDIMM-N disk driver; C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-07-15 123904]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys [2016-07-15 108544]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [2015-12-16 255472]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2015-11-04 351944]
R2 CDPUserSvc_27284;CDPUserSvc_27284; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
R2 HP LaserJet Service;HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2014-06-24 176128]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2016-12-07 31776]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-08-27 14997280]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-08-27 2155296]
R2 OneSyncSvc_27284;Hostitel synchronizace_27284; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-09-12 414496]
R2 TeamViewer;TeamViewer 11; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2016-08-25 7534864]
R3 PimIndexMaintenanceSvc_27284;Data kontaktů_27284; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-12-19 1467168]
R3 TimeBrokerSvc;@%windir%\system32\TimeBrokerServer.dll,-1001; %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\TimeBrokerServer.dll
R3 UnistoreSvc_27284;Úložiště uživatelských dat_27284; C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=%SystemRoot%\System32\CDPUserSvc.dll
S2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvvsvc.exe [2013-09-11 920864]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-09-20 324224]
S3 EasyAntiCheat;EasyAntiCheat; C:\WINDOWS\syswow64\EasyAntiCheat.exe [2016-12-11 392480]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2016-05-25 43696]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; %SystemRoot%\System32\svchost.exe -k Camera;"ServiceDll"=%SystemRoot%\system32\FrameServer.dll
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\hvhostsvc.dll
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\irmon.dll
S3 MessagingService_27284;Služba zasílání zpráv_27284; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-12-14 172488]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\RMapi.dll
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll"=%systemroot%\system32\Windows.SharedPC.AccountManager.dll

-----------------EOF-----------------

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

# AdwCleaner v6.042 - Log vytvořen 20/01/2017 v 18:35:26
# Aktualizováno dne 06/01/2017 z Malwarebytes
# Databáze : 2017-01-20.1 [Server]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : PC - DESKTOP-MQK8T6T
# Spuštěno z : C:\Users\PC\Desktop\adwcleaner_6.042.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

Nebyly nalezeny žádné škodlivé služby.


***** [ Složky ] *****

Složka nalezena: C:\Users\PC\AppData\Local\Mail.Ru
Složka nalezena: C:\ProgramData\Mail.Ru
Složka nalezena: C:\Program Files (x86)\Mail.Ru
Složka nalezena: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj
Složka nalezena: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd
Složka nalezena: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof


***** [ Soubory ] *****

Soubor nalezen: C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
Soubor nalezen: C:\Users\PC\Favorites\Mail.Ru.url
Soubor nalezen: C:\Users\PC\Favorites\Mail.Ru Агент - используй для общения!.url
Soubor nalezen: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oelpkepjlgmehajehfeicfbjdiobdkfj_0.localstorage
Soubor nalezen: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oelpkepjlgmehajehfeicfbjdiobdkfj_0.localstorage-journal
Soubor nalezen: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ojlcebdkbpjdpiligkdbbkdkfjmchbfd_0.localstorage
Soubor nalezen: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ccfifbojenkenpkmnbnndeadpfdiffof_0.localstorage
Soubor nalezen: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ccfifbojenkenpkmnbnndeadpfdiffof_0.localstorage-journal


***** [ DLL ] *****

Nebyly nalezeny žádné škodlivé DLL.


***** [ WMI ] *****

Nebyly nalezeny žádné škodlivé klíče.


***** [ Zástupci ] *****

Zástupce infikován: C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk ( url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811035" )


***** [ Naplánované úlohy ] *****

Žádná nebezpečná úloha nenalezena.


***** [ Registry ] *****

Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099}
Klíč nalezen: HKU\S-1-5-21-755872668-3960088791-3099136738-1002\Software\Mail.Ru
Klíč nalezen: HKU\S-1-5-21-755872668-3960088791-3099136738-1002\Software\AppDataLow\Software\Mail.Ru
Klíč nalezen: HKCU\Software\Mail.Ru
Klíč nalezen: HKCU\Software\AppDataLow\Software\Mail.Ru
Klíč nalezen: HKLM\SOFTWARE\Mail.Ru
Klíč nalezen: [x64] HKCU\Software\Mail.Ru
Klíč nalezen: [x64] HKCU\Software\AppDataLow\Software\Mail.Ru
Data nalezena: HKU\S-1-5-21-755872668-3960088791-3099136738-1002\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://mail.ru/cnt/10445?gp=818411
Data nalezena: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://mail.ru/cnt/10445?gp=818411
Data nalezena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://mail.ru/cnt/10445?gp=818411
Klíč nalezen: HKU\S-1-5-21-755872668-3960088791-3099136738-1002\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
Data nalezena: HKU\S-1-5-21-755872668-3960088791-3099136738-1002\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
Data nalezena: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Klíč nalezen: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
Data nalezena: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Klíč nalezen: HKLM\SOFTWARE\Google\Chrome\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj
Klíč nalezen: HKLM\SOFTWARE\Google\Chrome\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd
Klíč nalezen: HKLM\SOFTWARE\Google\Chrome\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof


***** [ Internetové prohlížeče ] *****

Nebyly nalezeny žádné škodlivé položky prohlížeče Firefox.
Chromium nastavení nalezeno: [C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://mail.ru/cnt/10445?gp=818411
Chromium nastavení nalezeno: [C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - ccfifbojenkenpkmnbnndeadpfdiffof
Chromium nastavení nalezeno: [C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - oelpkepjlgmehajehfeicfbjdiobdkfj
Chromium nastavení nalezeno: [C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - ojlcebdkbpjdpiligkdbbkdkfjmchbfd
Chromium nastavení nalezeno: [C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - hxxp://mail.ru/cnt/10445?gp=818411

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [5402 Bajty] - [20/01/2017 18:35:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5475 Bajty] ##########

ADW nemazal, neklikl jste na mazání. Zkuste ještě jednou.

Jak jsem všechno vypnul tak jsem zapomenul dát clean



# AdwCleaner v6.042 - Log vytvořen 21/01/2017 v 16:58:53
# Aktualizováno dne 06/01/2017 z Malwarebytes
# Databáze : 2017-01-21.1 [Server]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : PC - DESKTOP-MQK8T6T
# Spuštěno z : C:\Users\PC\Desktop\adwcleaner_6.042.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****

[-] Složka smazána: C:\Users\PC\AppData\Local\Mail.Ru
[-] Složka smazána: C:\ProgramData\Mail.Ru
[-] Složka smazána: C:\Program Files (x86)\Mail.Ru
[-] Složka smazána: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj
[-] Složka smazána: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd
[-] Složka smazána: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof


***** [ Soubory ] *****

[-] Soubor smazán: C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
[-] Soubor smazán: C:\Users\PC\Favorites\Mail.Ru.url
[-] Soubor smazán: C:\Users\PC\Favorites\Mail.Ru Агент - используй для общения!.url
[-] Soubor smazán: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oelpkepjlgmehajehfeicfbjdiobdkfj_0.localstorage
[-] Soubor smazán: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oelpkepjlgmehajehfeicfbjdiobdkfj_0.localstorage-journal
[-] Soubor smazán: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ojlcebdkbpjdpiligkdbbkdkfjmchbfd_0.localstorage
[-] Soubor smazán: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ccfifbojenkenpkmnbnndeadpfdiffof_0.localstorage
[-] Soubor smazán: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ccfifbojenkenpkmnbnndeadpfdiffof_0.localstorage-journal


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****

[!] Zástupce nelze smazat: C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk


***** [ Naplánované úlohy ] *****



***** [ Registry ] *****

[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099}
[-] Klíč smazán: HKU\S-1-5-21-755872668-3960088791-3099136738-1002\Software\Mail.Ru
[-] Klíč smazán: HKU\S-1-5-21-755872668-3960088791-3099136738-1002\Software\AppDataLow\Software\Mail.Ru
[#] Klíč smazán po restartu: HKCU\Software\Mail.Ru
[#] Klíč smazán po restartu: HKCU\Software\AppDataLow\Software\Mail.Ru
[-] Klíč smazán: HKLM\SOFTWARE\Mail.Ru
[#] Klíč smazán po restartu: [x64] HKCU\Software\Mail.Ru
[#] Klíč smazán po restartu: [x64] HKCU\Software\AppDataLow\Software\Mail.Ru
[-] Data obnovena: HKU\S-1-5-21-755872668-3960088791-3099136738-1002\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Klíč smazán: HKU\S-1-5-21-755872668-3960088791-3099136738-1002\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
[-] Data obnovena: HKU\S-1-5-21-755872668-3960088791-3099136738-1002\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Klíč smazán: HKLM\SOFTWARE\Google\Chrome\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj
[-] Klíč smazán: HKLM\SOFTWARE\Google\Chrome\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd
[-] Klíč smazán: HKLM\SOFTWARE\Google\Chrome\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof


***** [ Prohlížeče ] *****

[-] [C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Smazáno: hxxp://mail.ru/cnt/10445?gp=818411
[-] [C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazáno: ccfifbojenkenpkmnbnndeadpfdiffof
[-] [C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazáno: oelpkepjlgmehajehfeicfbjdiobdkfj
[-] [C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazáno: ojlcebdkbpjdpiligkdbbkdkfjmchbfd
[-] [C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default] [homepage] Smazáno: hxxp://mail.ru/cnt/10445?gp=818411


*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5263 Bajty] - [21/01/2017 16:58:53]
C:\AdwCleaner\AdwCleaner[S0].txt - [5574 Bajty] - [21/01/2017 07:35:26]
C:\AdwCleaner\AdwCleaner[S1].txt - [5647 Bajty] - [21/01/2017 16:58:18]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5482 Bajty] ##########

Teď dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017
Ran by PC (administrator) on DESKTOP-MQK8T6T (22-01-2017 15:16:46)
Running from C:\Users\PC\Desktop\FRST-OlderVersion
Loaded Profiles: PC & UpdatusUser (Available Profiles: defaultuser0 & PC & UpdatusUser)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Wargaming.net) C:\Games\World_of_Tanks\WargamingGameUpdater.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\SHU\SHU.exe
(Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\SHU\QtWebEngineProcess.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7018568 2013-02-22] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-31] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [330040 2014-02-12] (Hewlett-Packard Company)
HKU\S-1-5-21-755872668-3960088791-3099136738-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-755872668-3960088791-3099136738-1002\...\Run: [World of Tanks] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3135752 2016-11-18] (Wargaming.net)
HKU\S-1-5-21-755872668-3960088791-3099136738-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27250144 2016-12-21] (Skype Technologies S.A.)
HKU\S-1-5-21-755872668-3960088791-3099136738-1002\...\Run: [SkypeVoiceChanger] => C:\Program Files (x86)\AthTek\Voice Changer for Skype\SkypeVoiceChanger.exe /auto
HKU\S-1-5-21-755872668-3960088791-3099136738-1002\...\Run: [SHU] => C:\Program Files (x86)\SHU\SHU.exe [1058472 2016-10-13] ()
HKU\S-1-5-21-755872668-3960088791-3099136738-1002\...\Run: [mailruhomesearch] => "C:\Users\PC\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe" --pr_deferred
Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-01-19]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{9925c971-43d4-4182-8108-1a9395a63511}: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{c6c880b0-f7ef-4a70-a0f1-aa87fc29ad9e}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-755872668-3960088791-3099136738-1002\Software\Microsoft\Internet Explorer\Main,Start Page =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2017-01-18] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2017-01-18] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: t4og3rq4.default
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\t4og3rq4.default [2017-01-22]
FF Homepage: Mozilla\Firefox\Profiles\t4og3rq4.default -> hxxps://www.google.cz/?gfe_rd=cr&ei=0lxOWIvlBbG ... gws_rd=ssl
FF Extension: (Adblock Plus) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\t4og3rq4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-12]
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2017-01-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2017-01-18] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-09-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-09-12] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-755872668-3960088791-3099136738-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/distib/ep/?q={searchTerms}&product_id=%7BC1C519A8-45A1-4D45-AFA3-B09350290AB6%7D&gp=811041
CHR DefaultSearchKeyword: Default -> go.mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/ff3?q={searchTerms}
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default [2017-01-20]
CHR Extension: (Prezentace Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-30]
CHR Extension: (Dokumenty Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-30]
CHR Extension: (Disk Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-30]
CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-30]
CHR Extension: (Adblock Plus) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-05]
CHR Extension: (Tampermonkey) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-01-20]
CHR Extension: (Tabulky Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-30]
CHR Extension: (Dokumenty Google offline) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-30]
CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-30]
CHR Extension: (Chrome Media Router) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-25]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-05] (Advanced Micro Devices, Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [392480 2016-12-12] (EasyAntiCheat Ltd)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-25] (HP) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-12] (Advanced Micro Devices)
S3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-05-12] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-05-12] (Disc Soft Ltd)
S3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [46016 2012-07-24] ()
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S3 RtlWlanu_OldIC; C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys [3814400 2016-07-16] (Realtek Semiconductor Corporation )
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-22 15:16 - 2017-01-22 15:16 - 00000000 ____D C:\Users\PC\Desktop\FRST-OlderVersion
2017-01-22 15:16 - 2017-01-22 15:16 - 00000000 ____D C:\FRST
2017-01-22 08:06 - 2017-01-22 08:06 - 00066673 _____ C:\Users\PC\Downloads\V87QDZ.jpeg
2017-01-22 08:06 - 2017-01-22 08:06 - 00062766 _____ C:\Users\PC\Downloads\9lESNY.jpeg
2017-01-22 08:06 - 2017-01-22 08:06 - 00048998 _____ C:\Users\PC\Downloads\PXFUyB.jpeg
2017-01-22 08:06 - 2017-01-22 08:06 - 00042223 _____ C:\Users\PC\Downloads\j6ZOz1.jpeg
2017-01-22 08:05 - 2017-01-22 08:05 - 00064513 _____ C:\Users\PC\Downloads\mPgUEO.jpeg
2017-01-22 08:05 - 2017-01-22 08:05 - 00061519 _____ C:\Users\PC\Downloads\8MBM8z.jpeg
2017-01-22 08:00 - 2017-01-22 08:00 - 00040241 _____ C:\Users\PC\Downloads\mFHWQM.jpeg
2017-01-22 08:00 - 2017-01-22 08:00 - 00039898 _____ C:\Users\PC\Downloads\na8PCn.jpeg
2017-01-22 08:00 - 2017-01-22 08:00 - 00039490 _____ C:\Users\PC\Downloads\PKAU9P.jpeg
2017-01-22 07:59 - 2017-01-22 07:59 - 00093752 _____ C:\Users\PC\Downloads\IdHMkP.jpeg
2017-01-22 07:59 - 2017-01-22 07:59 - 00054708 _____ C:\Users\PC\Downloads\9xtjl.jpeg
2017-01-22 07:53 - 2017-01-22 07:53 - 00081100 _____ C:\Users\PC\Downloads\ECQURg.jpeg
2017-01-22 07:53 - 2017-01-22 07:53 - 00056006 _____ C:\Users\PC\Downloads\43IUOK.jpeg
2017-01-22 07:52 - 2017-01-22 07:52 - 00115569 _____ C:\Users\PC\Downloads\Mz3UXr.jpeg
2017-01-22 07:52 - 2017-01-22 07:52 - 00093897 _____ C:\Users\PC\Downloads\YuPURa.jpeg
2017-01-22 07:52 - 2017-01-22 07:52 - 00087011 _____ C:\Users\PC\Downloads\b4NUb6.jpeg
2017-01-22 07:52 - 2017-01-22 07:52 - 00073146 _____ C:\Users\PC\Downloads\8NrUc8.jpeg
2017-01-22 07:52 - 2017-01-22 07:52 - 00068955 _____ C:\Users\PC\Downloads\kx7DYC.jpeg
2017-01-22 07:52 - 2017-01-22 07:52 - 00066248 _____ C:\Users\PC\Downloads\7bFlZc.jpeg
2017-01-22 07:52 - 2017-01-22 07:52 - 00064381 _____ C:\Users\PC\Downloads\heMUaX.jpeg
2017-01-22 07:51 - 2017-01-22 07:51 - 00066106 _____ C:\Users\PC\Downloads\eyiUt2.jpeg
2017-01-22 07:50 - 2017-01-22 07:50 - 00080583 _____ C:\Users\PC\Downloads\DWKgT.jpeg
2017-01-22 07:50 - 2017-01-22 07:50 - 00038602 _____ C:\Users\PC\Downloads\KWRdxn.jpeg
2017-01-22 07:49 - 2017-01-22 07:49 - 00088878 _____ C:\Users\PC\Downloads\5BbUwv.jpeg
2017-01-22 07:49 - 2017-01-22 07:49 - 00058896 _____ C:\Users\PC\Downloads\rmfWQf.jpeg
2017-01-22 07:48 - 2017-01-22 07:48 - 00073702 _____ C:\Users\PC\Downloads\o8YVEw.jpeg
2017-01-22 07:48 - 2017-01-22 07:48 - 00057893 _____ C:\Users\PC\Downloads\EYcU22.jpeg
2017-01-22 07:48 - 2017-01-22 07:48 - 00055590 _____ C:\Users\PC\Downloads\IyAVEv.jpeg
2017-01-21 07:33 - 2017-01-21 16:58 - 00000000 ____D C:\AdwCleaner
2017-01-21 07:33 - 2017-01-21 07:33 - 03988944 _____ C:\Users\PC\Desktop\adwcleaner_6.042.exe
2017-01-21 03:12 - 2017-01-21 03:12 - 89267511 _____ C:\Users\PC\Desktop\fixes.zip
2017-01-20 13:52 - 2017-01-20 13:53 - 00000000 ____D C:\rsit
2017-01-20 13:52 - 2017-01-20 13:52 - 01323520 _____ C:\Users\PC\Desktop\RSITx64.exe
2017-01-20 13:52 - 2017-01-20 13:52 - 00000000 ____D C:\Program Files\trend micro
2017-01-20 13:51 - 2017-01-22 15:16 - 02420736 _____ (Farbar) C:\Users\PC\Desktop\FRST64.exe
2017-01-20 10:50 - 2017-01-20 10:50 - 00000000 ____D C:\Users\PC\AppData\Local\Unity
2017-01-20 10:48 - 2017-01-20 10:49 - 00003676 _____ C:\WINDOWS\System32\Tasks\hptop
2017-01-20 09:49 - 2017-01-20 09:49 - 00000000 ____D C:\Users\PC\AppData\Local\GHISLER
2017-01-20 09:48 - 2017-01-20 09:50 - 00000000 ____D C:\Users\PC\AppData\Roaming\GHISLER
2017-01-20 09:48 - 2017-01-20 09:49 - 00000000 ____D C:\totalcmd
2017-01-20 09:48 - 2017-01-20 09:48 - 00000683 _____ C:\Users\PC\Desktop\Total Commander 64 bit.lnk
2017-01-20 09:48 - 2017-01-20 09:48 - 00000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2017-01-20 09:47 - 2017-01-20 09:47 - 00000600 _____ C:\Users\PC\AppData\Roaming\winscp.rnd
2017-01-19 23:42 - 2017-01-19 23:42 - 00000000 ____D C:\WINDOWS\LastGood
2017-01-19 07:51 - 2017-01-22 15:13 - 00000000 ____D C:\Users\PC\AppData\Local\SHU
2017-01-19 07:51 - 2017-01-19 07:51 - 00000000 ____D C:\Users\PC\AppData\Local\ScreenShu
2017-01-19 07:51 - 2017-01-19 07:51 - 00000000 ____D C:\Users\PC\.SHU
2017-01-19 07:51 - 2017-01-19 07:51 - 00000000 ____D C:\Users\PC\.QtWebEngineProcess
2017-01-19 07:50 - 2017-01-19 07:50 - 00001004 _____ C:\Users\Public\Desktop\SHU.lnk
2017-01-19 07:50 - 2017-01-19 07:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHU
2017-01-19 07:50 - 2017-01-19 07:50 - 00000000 ____D C:\Program Files (x86)\SHU
2017-01-19 07:36 - 2017-01-19 07:36 - 00001747 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
2017-01-19 07:36 - 2017-01-19 07:36 - 00000000 ____D C:\Users\PC\Documents\Rainmeter
2017-01-19 07:36 - 2017-01-19 07:36 - 00000000 ____D C:\Users\PC\AppData\Roaming\Rainmeter
2017-01-19 07:36 - 2017-01-19 07:36 - 00000000 ____D C:\Program Files\Rainmeter
2017-01-19 07:32 - 2017-01-19 07:32 - 00000279 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Koš.lnk
2017-01-19 07:30 - 2017-01-19 07:31 - 00000000 ____D C:\Users\PC\Desktop\Hry
2017-01-18 23:07 - 2017-01-18 23:07 - 00312744 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2017-01-18 23:07 - 2017-01-18 23:07 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2017-01-18 23:07 - 2017-01-18 23:07 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2017-01-18 23:07 - 2017-01-18 23:07 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-01-18 23:07 - 2017-01-18 23:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-18 23:07 - 2017-01-18 23:07 - 00000000 ____D C:\Program Files\Java
2017-01-17 07:00 - 2017-01-17 07:00 - 00000000 ____D C:\Users\PC\Documents\Curse
2017-01-17 06:56 - 2017-01-17 06:56 - 00000000 ____D C:\Users\PC\AppData\Roaming\Curse
2017-01-17 06:55 - 2017-01-17 07:19 - 00000000 ____D C:\Users\PC\AppData\Roaming\.technic
2017-01-14 03:17 - 2017-01-14 03:17 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-01-12 10:20 - 2017-01-13 20:06 - 00000905 _____ C:\Users\PC\AppData\Roaming\trace_FilterInstaller.txt
2017-01-12 10:20 - 2017-01-13 20:06 - 00000000 ____D C:\Program Files (x86)\NCH Software
2017-01-12 10:20 - 2017-01-13 20:06 - 00000000 _____ C:\Users\PC\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2017-01-12 10:20 - 2017-01-13 20:04 - 00000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2017-01-12 10:20 - 2017-01-12 10:20 - 00043472 ____N C:\WINDOWS\system32\Drivers\voxaldriverx64.sys
2017-01-12 10:20 - 2017-01-12 10:20 - 00001167 _____ C:\Users\PC\AppData\Roaming\trace_FilterInstaller.1.txt
2017-01-12 10:20 - 2017-01-12 10:20 - 00000000 ____D C:\Users\PC\AppData\Roaming\NCH Software
2017-01-12 10:20 - 2017-01-12 10:20 - 00000000 ____D C:\ProgramData\NCH Software
2017-01-12 10:15 - 2017-01-12 10:16 - 00000000 ____D C:\Users\PC\Documents\svctest
2017-01-12 10:15 - 2017-01-12 10:16 - 00000000 ____D C:\Users\PC\Documents\svcrecord
2017-01-12 09:38 - 2016-12-21 09:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-12 09:38 - 2016-12-21 09:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-12 09:38 - 2016-12-21 09:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-12 09:38 - 2016-12-21 08:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-12 09:38 - 2016-12-21 08:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-12 09:38 - 2016-12-21 08:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-12 09:38 - 2016-12-21 08:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-12 09:38 - 2016-12-21 08:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-12 09:38 - 2016-12-21 08:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-12 09:38 - 2016-12-21 08:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-12 09:38 - 2016-12-21 08:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-12 09:38 - 2016-12-21 08:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-12 09:38 - 2016-12-21 08:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-12 09:38 - 2016-12-21 08:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-12 09:38 - 2016-12-21 08:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-12 09:38 - 2016-12-21 08:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-12 09:38 - 2016-12-21 08:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-12 09:38 - 2016-12-21 08:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-12 09:38 - 2016-12-21 08:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-12 09:38 - 2016-12-21 08:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-12 09:38 - 2016-12-21 08:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-12 09:38 - 2016-12-21 08:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-12 09:38 - 2016-12-21 08:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-12 09:38 - 2016-12-21 08:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-12 09:38 - 2016-12-21 08:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-12 09:38 - 2016-12-21 08:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-12 09:38 - 2016-12-21 08:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-12 09:38 - 2016-12-21 08:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-12 09:38 - 2016-12-21 08:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-12 09:38 - 2016-12-21 08:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-12 09:38 - 2016-12-21 08:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-12 09:38 - 2016-12-21 08:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-12 09:38 - 2016-12-21 08:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-12 09:38 - 2016-12-21 08:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-12 09:38 - 2016-12-21 08:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-12 09:38 - 2016-12-21 08:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-12 09:38 - 2016-12-21 08:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-12 09:38 - 2016-12-21 08:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-12 09:38 - 2016-12-21 08:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-12 09:38 - 2016-12-21 07:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-12 09:38 - 2016-12-21 07:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-12 09:38 - 2016-12-21 07:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-12 09:38 - 2016-12-21 07:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-12 09:38 - 2016-12-21 07:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-12 09:38 - 2016-12-21 07:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-12 09:38 - 2016-12-21 07:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-12 09:38 - 2016-12-21 07:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-12 09:38 - 2016-12-21 07:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-12 09:38 - 2016-12-21 07:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-12 09:38 - 2016-12-21 07:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-12 09:38 - 2016-12-21 07:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-12 09:38 - 2016-12-21 07:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-12 09:38 - 2016-12-21 07:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-12 09:38 - 2016-12-21 07:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-12 09:38 - 2016-12-21 07:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-12 09:38 - 2016-12-21 07:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-12 09:38 - 2016-12-21 07:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-12 09:38 - 2016-12-21 07:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-12 09:38 - 2016-12-21 07:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-12 09:38 - 2016-12-21 06:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-12 09:38 - 2016-12-21 06:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-12 09:38 - 2016-12-21 06:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-12 09:38 - 2016-12-21 06:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-12 09:38 - 2016-12-21 06:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-12 09:38 - 2016-12-21 06:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-12 09:38 - 2016-12-21 06:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-12 09:38 - 2016-12-21 06:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-12 09:38 - 2016-12-21 06:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-12 09:38 - 2016-12-21 05:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-12 09:38 - 2016-12-21 05:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-12 09:38 - 2016-12-21 05:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-12 09:38 - 2016-12-21 05:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-12 09:38 - 2016-12-21 05:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-12 09:38 - 2016-12-21 05:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-12 09:38 - 2016-12-21 05:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-12 09:38 - 2016-12-21 05:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-12 09:38 - 2016-12-21 05:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-12 09:38 - 2016-12-21 05:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-12 09:38 - 2016-12-21 05:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-12 09:38 - 2016-12-21 05:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-12 09:38 - 2016-12-21 05:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-12 09:38 - 2016-12-21 05:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-12 09:38 - 2016-12-21 05:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-12 09:38 - 2016-12-21 05:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-12 09:38 - 2016-12-21 05:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-12 09:38 - 2016-12-21 05:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-12 09:38 - 2016-12-21 05:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-12 09:38 - 2016-12-21 05:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-12 09:38 - 2016-12-21 05:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-12 09:38 - 2016-12-21 05:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-12 09:38 - 2016-12-21 05:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-12 09:38 - 2016-12-21 05:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-12 09:38 - 2016-12-21 05:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-12 09:38 - 2016-12-21 05:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-12 09:38 - 2016-12-21 05:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-12 09:38 - 2016-12-21 05:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-12 09:38 - 2016-12-14 06:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-12 09:38 - 2016-12-14 06:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-12 09:38 - 2016-12-14 06:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-12 09:38 - 2016-12-14 06:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-12 09:38 - 2016-12-14 06:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-12 09:38 - 2016-12-14 06:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-12 09:38 - 2016-12-14 06:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-12 09:38 - 2016-12-14 06:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-12 09:38 - 2016-12-14 06:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-12 09:38 - 2016-12-14 06:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-12 09:38 - 2016-12-14 06:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-12 09:38 - 2016-12-14 06:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-12 09:38 - 2016-12-14 06:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-12 09:38 - 2016-12-14 06:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-12 09:38 - 2016-12-14 06:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-12 09:38 - 2016-12-14 06:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-12 09:38 - 2016-12-14 06:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-12 09:38 - 2016-12-14 06:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-12 09:38 - 2016-12-14 05:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-12 09:38 - 2016-12-14 05:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-12 09:38 - 2016-12-14 05:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-12 09:38 - 2016-12-14 05:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-12 09:38 - 2016-12-14 05:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-12 09:38 - 2016-12-14 05:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-12 09:38 - 2016-12-14 05:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-12 09:38 - 2016-12-14 05:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-12 09:38 - 2016-12-14 05:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-12 09:38 - 2016-12-14 05:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-12 09:38 - 2016-12-14 05:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-12 09:38 - 2016-12-14 05:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-12 09:38 - 2016-12-14 05:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-12 09:38 - 2016-12-14 05:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-12 09:38 - 2016-12-14 05:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-12 09:38 - 2016-12-14 05:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-12 09:38 - 2016-12-14 05:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-12 09:38 - 2016-12-14 05:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-12 09:38 - 2016-12-14 05:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-12 09:38 - 2016-12-14 05:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-12 09:38 - 2016-12-14 05:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-12 09:38 - 2016-12-14 05:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-12 09:38 - 2016-12-14 05:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-12 09:38 - 2016-12-14 05:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-12 09:38 - 2016-12-14 05:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-12 09:38 - 2016-12-14 05:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-12 09:38 - 2016-12-14 05:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-12 09:38 - 2016-12-14 05:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-12 09:38 - 2016-12-14 05:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-12 09:38 - 2016-12-14 05:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-12 09:38 - 2016-12-14 05:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-12 09:38 - 2016-12-14 05:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-12 09:38 - 2016-12-14 05:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-12 09:38 - 2016-12-14 05:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-12 09:38 - 2016-12-14 05:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-12 09:38 - 2016-12-14 05:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-12 09:38 - 2016-12-14 05:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-12 09:38 - 2016-12-14 05:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-12 09:38 - 2016-12-14 05:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-12 09:38 - 2016-12-14 05:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-12 09:38 - 2016-12-14 05:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-12 09:38 - 2016-12-14 05:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-12 09:38 - 2016-12-14 05:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-12 09:38 - 2016-12-14 05:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-12 09:38 - 2016-12-14 05:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-12 09:38 - 2016-12-14 05:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-12 09:38 - 2016-11-02 13:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-12 09:38 - 2016-11-02 12:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-12 09:38 - 2016-11-02 11:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-12 09:38 - 2016-11-02 11:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-12 09:38 - 2016-11-02 11:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-12 09:38 - 2016-08-02 05:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-11 00:30 - 2017-01-18 23:14 - 00000000 ____D C:\Users\PC\AppData\Roaming\.minecraft
2017-01-11 00:30 - 2017-01-11 00:30 - 00001008 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2017-01-11 00:30 - 2017-01-11 00:30 - 00000970 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2017-01-11 00:30 - 2017-01-11 00:30 - 00000000 ____D C:\Users\PC\AppData\Roaming\java
2017-01-11 00:30 - 2017-01-11 00:30 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2017-01-11 00:29 - 2017-01-11 00:29 - 00002658 _____ C:\Users\Public\Desktop\Skype.lnk
2017-01-11 00:29 - 2017-01-11 00:29 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-01-11 00:29 - 2017-01-11 00:29 - 00000000 ____D C:\Users\PC\Tracing
2017-01-11 00:29 - 2017-01-11 00:29 - 00000000 ____D C:\ProgramData\Skype
2017-01-11 00:29 - 2017-01-11 00:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-01-11 00:29 - 2017-01-11 00:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2017-01-11 00:29 - 2017-01-11 00:29 - 00000000 ____D C:\Program Files (x86)\Minecraft
2017-01-10 10:24 - 2017-01-10 10:24 - 00000000 ____D C:\Users\PC\AppData\LocalLow\Raft
2017-01-09 09:24 - 2017-01-09 09:24 - 00000000 ____D C:\Users\PC\AppData\Roaming\LolClient
2017-01-05 08:06 - 2017-01-19 07:54 - 00003284 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-05 08:05 - 2017-01-22 15:14 - 00000000 ____D C:\Users\PC\AppData\Roaming\Skype
2016-12-30 10:50 - 2016-12-30 10:50 - 00000000 ____D C:\Users\PC\AppData\LocalLow\Ludeon Studios
2016-12-29 09:32 - 2016-12-29 09:32 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-12-29 05:29 - 2016-12-29 05:29 - 00000000 ____D C:\Users\PC\AppData\Roaming\Wargaming.net
2016-12-29 04:16 - 2016-12-29 04:16 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2016-12-29 04:16 - 2016-12-29 04:16 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2016-12-29 04:16 - 2016-12-29 04:16 - 00000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
2016-12-29 04:16 - 2016-12-29 04:16 - 00000000 ____D C:\Games
2016-12-29 02:25 - 2016-12-29 02:25 - 00466220 _____ C:\WINDOWS\Minidump\122816-20046-01.dmp
2016-12-29 00:51 - 2016-12-29 00:51 - 00000000 ____D C:\ProgramData\Riot Games
2016-12-29 00:45 - 2016-12-29 00:50 - 00000000 ____D C:\rads
2016-12-29 00:44 - 2016-12-29 00:44 - 00000000 ____D C:\Riot Games
2016-12-29 00:44 - 2016-12-29 00:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2016-12-29 00:44 - 2008-07-12 21:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2016-12-29 00:44 - 2008-07-12 21:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2016-12-29 00:44 - 2008-07-12 21:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2016-12-29 00:42 - 2016-12-29 00:45 - 00000000 ____D C:\Users\PC\AppData\Roaming\Riot Games
2016-12-28 23:26 - 2017-01-20 10:49 - 00000000 ____D C:\Users\PC\Desktop\Screen
2016-12-28 23:05 - 2016-12-28 23:05 - 00000000 ____D C:\Users\PC\AppData\Roaming\Macromedia
2016-12-25 22:49 - 2016-12-25 22:49 - 00000000 ____D C:\Users\PC\AppData\LocalLow\Payload

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-22 15:16 - 2016-12-12 10:48 - 00000000 ____D C:\Users\PC\AppData\LocalLow\Mozilla
2017-01-22 15:16 - 2016-10-31 01:09 - 00000000 ____D C:\Users\PC
2017-01-22 15:16 - 2016-10-30 13:11 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-22 15:16 - 2016-10-30 13:11 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-22 15:14 - 2016-11-05 09:03 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-22 10:06 - 2016-10-31 00:52 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-21 19:00 - 2016-12-12 07:00 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-21 17:05 - 2016-10-31 01:08 - 02868460 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-21 17:05 - 2016-10-30 13:17 - 01306108 _____ C:\WINDOWS\system32\perfh005.dat
2017-01-21 17:05 - 2016-10-30 13:17 - 00322382 _____ C:\WINDOWS\system32\perfc005.dat
2017-01-21 16:59 - 2016-10-31 00:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-21 16:59 - 2016-10-30 12:56 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2017-01-21 16:58 - 2016-12-12 07:05 - 00000000 ____D C:\Users\UpdatusUser
2017-01-21 05:07 - 2016-10-31 01:14 - 00000000 ____D C:\Users\PC\AppData\Local\ElevatedDiagnostics
2017-01-20 10:49 - 2016-10-30 13:11 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-01-20 10:49 - 2016-10-30 13:11 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-01-20 06:16 - 2016-10-30 13:11 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-20 05:39 - 2016-11-05 09:01 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-01-19 07:54 - 2016-10-31 01:11 - 00002378 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-19 07:54 - 2016-10-31 01:11 - 00000000 ___RD C:\Users\PC\OneDrive
2017-01-18 02:41 - 2016-12-12 06:57 - 00000000 ____D C:\ProgramData\Oracle
2017-01-16 20:41 - 2016-10-30 13:11 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-01-14 03:44 - 2016-10-30 13:11 - 00000000 ____D C:\WINDOWS\rescache
2017-01-12 23:51 - 2016-10-30 13:10 - 00000000 ____D C:\WINDOWS\INF
2017-01-12 21:53 - 2016-10-31 01:09 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-12 21:51 - 2016-10-31 00:52 - 00244888 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-12 20:56 - 2016-10-30 13:11 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-12 20:56 - 2016-10-30 13:11 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-12 20:56 - 2016-10-30 13:11 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-12 20:56 - 2016-10-30 13:11 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-12 20:56 - 2016-10-30 13:11 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-12 20:52 - 2016-10-30 13:00 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-12 20:46 - 2016-10-31 05:56 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-12 20:45 - 2016-10-31 05:56 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-03 20:51 - 2016-11-08 09:40 - 00000000 ____D C:\Program Files (x86)\Killing Room
2017-01-01 13:22 - 2016-12-15 02:41 - 00539896 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2016-12-29 09:32 - 2016-10-30 13:11 - 00000000 ____D C:\WINDOWS\system32\Drivers\UMDF
2016-12-29 05:27 - 2016-10-30 13:11 - 00000000 __RSD C:\WINDOWS\Fonts
2016-12-29 02:25 - 2016-12-12 07:36 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-29 02:25 - 2016-12-12 07:35 - 526431090 _____ C:\WINDOWS\MEMORY.DMP
2016-12-29 00:44 - 2016-10-30 13:11 - 00000000 ____D C:\WINDOWS\Tasks
2016-12-26 06:10 - 2016-12-15 10:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-26 06:10 - 2016-12-12 10:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-26 06:10 - 2016-10-31 06:54 - 00002046 _____ C:\WINDOWS\PFRO.log
2016-12-25 22:51 - 2016-11-08 05:32 - 00000000 ____D C:\Users\PC\AppData\Roaming\uTorrent
2016-12-25 06:36 - 2016-11-03 11:19 - 00000000 ____D C:\Users\PC\AppData\Local\Diagnostics
2016-12-23 00:13 - 2016-10-30 13:13 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-23 00:13 - 2016-10-30 13:13 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2017-01-12 10:20 - 2017-01-12 10:20 - 0001167 _____ () C:\Users\PC\AppData\Roaming\trace_FilterInstaller.1.txt
2017-01-12 10:20 - 2017-01-13 20:06 - 0000905 _____ () C:\Users\PC\AppData\Roaming\trace_FilterInstaller.txt
2017-01-12 10:20 - 2017-01-13 20:06 - 0000000 _____ () C:\Users\PC\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2017-01-20 09:47 - 2017-01-20 09:47 - 0000600 _____ () C:\Users\PC\AppData\Roaming\winscp.rnd
2016-11-16 06:51 - 2016-11-16 06:51 - 0000040 _____ () C:\ProgramData\ra3.ini

Some files in TEMP:
====================
2016-12-21 01:51 - 2016-12-01 22:31 - 0050720 _____ (HP Inc.) C:\Users\PC\AppData\Local\Temp\ACLMInstaller.exe
2017-01-17 10:18 - 2017-01-17 10:18 - 0017408 _____ () C:\Users\PC\AppData\Local\Temp\jansi-32-git-Bukkit-1.4.6-R0.1-b2561jnks.dll
2017-01-18 01:47 - 2017-01-18 01:47 - 0019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-2738236091239867132.dll
2017-01-18 09:46 - 2017-01-18 09:46 - 0019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-2774245075409228625.dll
2017-01-18 06:49 - 2017-01-18 06:49 - 0019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-3008656449057147476.dll
2017-01-18 06:02 - 2017-01-18 06:02 - 0019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-4507913890599784094.dll
2017-01-18 03:57 - 2017-01-18 03:57 - 0019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-5463386136000355264.dll
2017-01-17 11:07 - 2017-01-17 11:07 - 0019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-5550082212944111733.dll
2017-01-17 09:17 - 2017-01-17 09:17 - 0019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-5849409760183690778.dll
2017-01-17 09:18 - 2017-01-17 09:18 - 0019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-6998345432566861217.dll
2017-01-18 22:40 - 2017-01-18 22:40 - 0019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-7527406514466282341.dll
2017-01-17 11:06 - 2017-01-17 11:06 - 0019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-8324540649591191853.dll
2017-01-17 10:34 - 2017-01-17 10:34 - 0019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-8443715396410717010.dll
2017-01-17 09:39 - 2017-01-17 09:39 - 0019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-9001136835729166936.dll
2017-01-20 10:27 - 2017-01-20 10:27 - 0017408 _____ () C:\Users\PC\AppData\Local\Temp\jansi-64-git-MCPC-Plus-jenkins-MCPC-Plus-247.dll
2016-12-12 07:03 - 2015-07-13 18:17 - 0783504 _____ (NVIDIA Corporation) C:\Users\PC\AppData\Local\Temp\nvStInst.exe
2017-01-17 10:18 - 2017-01-17 10:18 - 0541696 _____ () C:\Users\PC\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-16 04:54

==================== End of FRST.txt ============================

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-755872668-3960088791-3099136738-1002\...\Run: [mailruhomesearch] => "C:\Users\PC\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe" --pr_deferred
C:\Users\PC\AppData\Local\Mail.Ru
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/distib/ep/?q={searchTerms}&product_id=%7BC1C519A8-45A1-4D45-AFA3-B09350290AB6%7D&gp=811041
CHR DefaultSearchKeyword: Default -> go.mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/ff3?q={searchTerms}
C:\ProgramData\ra3.ini

EmptyTemp:
End

Uložte do C:\Users\PC\Desktop\FRST-OlderVersion jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Nedalo mi to log, log není ani ve složce FRST-OlderVersion , mám postup znovu opakovat nebo udělat log z FRST?

Standardně se ukládá FRST na plochu pro přehlednost. Měl by ale být tam, kde je uložen FRST. Dejte tedy nový log.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017
Ran by PC (administrator) on DESKTOP-MQK8T6T (22-01-2017 19:41:09)
Running from C:\Users\PC\Desktop\FRST-OlderVersion
Loaded Profiles: PC & UpdatusUser (Available Profiles: defaultuser0 & PC & UpdatusUser)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Wargaming.net) C:\Games\World_of_Tanks\WargamingGameUpdater.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\SHU\SHU.exe
(Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\SHU\QtWebEngineProcess.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7018568 2013-02-22] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-31] (Hewlett-Packard)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [330040 2014-02-12] (Hewlett-Packard Company)
HKU\S-1-5-21-755872668-3960088791-3099136738-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-755872668-3960088791-3099136738-1002\...\Run: [World of Tanks] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3135752 2016-11-18] (Wargaming.net)
HKU\S-1-5-21-755872668-3960088791-3099136738-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27250144 2016-12-21] (Skype Technologies S.A.)
HKU\S-1-5-21-755872668-3960088791-3099136738-1002\...\Run: [SkypeVoiceChanger] => C:\Program Files (x86)\AthTek\Voice Changer for Skype\SkypeVoiceChanger.exe /auto
HKU\S-1-5-21-755872668-3960088791-3099136738-1002\...\Run: [SHU] => C:\Program Files (x86)\SHU\SHU.exe [1058472 2016-10-13] ()
Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-01-19]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{9925c971-43d4-4182-8108-1a9395a63511}: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{c6c880b0-f7ef-4a70-a0f1-aa87fc29ad9e}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-755872668-3960088791-3099136738-1002\Software\Microsoft\Internet Explorer\Main,Start Page =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2017-01-18] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2017-01-18] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: t4og3rq4.default
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\t4og3rq4.default [2017-01-22]
FF Homepage: Mozilla\Firefox\Profiles\t4og3rq4.default -> hxxps://www.google.cz/?gfe_rd=cr&ei=0lxOWIvlBbG ... gws_rd=ssl
FF Extension: (Adblock Plus) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\t4og3rq4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-12]
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2017-01-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2017-01-18] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-09-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-09-12] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-755872668-3960088791-3099136738-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default [2017-01-22]
CHR Extension: (Prezentace Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-30]
CHR Extension: (Dokumenty Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-30]
CHR Extension: (Disk Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-30]
CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-30]
CHR Extension: (Adblock Plus) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-05]
CHR Extension: (Tampermonkey) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-01-20]
CHR Extension: (Tabulky Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-30]
CHR Extension: (Dokumenty Google offline) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-30]
CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-30]
CHR Extension: (Chrome Media Router) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-25]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-05] (Advanced Micro Devices, Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [392480 2016-12-12] (EasyAntiCheat Ltd)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-25] (HP) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-12] (Advanced Micro Devices)
S3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-05-12] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-05-12] (Disc Soft Ltd)
S3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [46016 2012-07-24] ()
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S3 RtlWlanu_OldIC; C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys [3814400 2016-07-16] (Realtek Semiconductor Corporation )
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-22 18:15 - 2017-01-22 18:15 - 00071970 _____ C:\Users\PC\Downloads\2evjcZ.jpeg
2017-01-22 18:14 - 2017-01-22 18:14 - 00116308 _____ C:\Users\PC\Downloads\aQ2mP1.jpeg
2017-01-22 18:14 - 2017-01-22 18:14 - 00076850 _____ C:\Users\PC\Downloads\d04oSu.jpeg
2017-01-22 18:14 - 2017-01-22 18:14 - 00067539 _____ C:\Users\PC\Downloads\mrkBEhM.jpeg
2017-01-22 18:11 - 2017-01-22 18:11 - 00080210 _____ C:\Users\PC\Downloads\h0AK9X.jpeg
2017-01-22 18:10 - 2017-01-22 18:10 - 00116555 _____ C:\Users\PC\Downloads\Q9HVah.jpeg
2017-01-22 17:56 - 2017-01-22 17:56 - 00000647 _____ C:\Users\PC\Documents\fixlist.txt
2017-01-22 17:37 - 2017-01-22 17:37 - 00125218 _____ C:\Users\PC\Downloads\AJsUkl.jpeg
2017-01-22 17:36 - 2017-01-22 17:36 - 00119074 _____ C:\Users\PC\Downloads\EkvI0l.jpeg
2017-01-22 17:36 - 2017-01-22 17:36 - 00111858 _____ C:\Users\PC\Downloads\q3oKjg.jpeg
2017-01-22 17:36 - 2017-01-22 17:36 - 00094285 _____ C:\Users\PC\Downloads\jvLKo3.jpeg
2017-01-22 17:36 - 2017-01-22 17:36 - 00083939 _____ C:\Users\PC\Downloads\WM5I0n.jpeg
2017-01-22 17:36 - 2017-01-22 17:36 - 00078498 _____ C:\Users\PC\Downloads\Mr2UcM.jpeg
2017-01-22 17:36 - 2017-01-22 17:36 - 00076337 _____ C:\Users\PC\Downloads\D5aI0w.jpeg
2017-01-22 17:36 - 2017-01-22 17:36 - 00074478 _____ C:\Users\PC\Downloads\wSJI0o.jpeg
2017-01-22 17:36 - 2017-01-22 17:36 - 00073662 _____ C:\Users\PC\Downloads\BeNMyl.jpeg
2017-01-22 17:36 - 2017-01-22 17:36 - 00067654 _____ C:\Users\PC\Downloads\ouTUgM.jpeg
2017-01-22 17:36 - 2017-01-22 17:36 - 00067486 _____ C:\Users\PC\Downloads\ZgOUgO.jpeg
2017-01-22 17:36 - 2017-01-22 17:36 - 00067190 _____ C:\Users\PC\Downloads\fbCLJL.jpeg
2017-01-22 17:36 - 2017-01-22 17:36 - 00066686 _____ C:\Users\PC\Downloads\P6jLJM.jpeg
2017-01-22 17:36 - 2017-01-22 17:36 - 00058147 _____ C:\Users\PC\Downloads\N4MI0p.jpeg
2017-01-22 17:36 - 2017-01-22 17:36 - 00056454 _____ C:\Users\PC\Downloads\KccUJt.jpeg
2017-01-22 17:36 - 2017-01-22 17:36 - 00053654 _____ C:\Users\PC\Downloads\5CZLJK.jpeg
2017-01-22 17:36 - 2017-01-22 17:36 - 00052570 _____ C:\Users\PC\Downloads\mkdLOa.jpeg
2017-01-22 17:36 - 2017-01-22 17:36 - 00040428 _____ C:\Users\PC\Downloads\WxaUJs.jpeg
2017-01-22 17:35 - 2017-01-22 17:35 - 00097443 _____ C:\Users\PC\Downloads\NDWUWQ.jpeg
2017-01-22 17:35 - 2017-01-22 17:35 - 00091939 _____ C:\Users\PC\Downloads\903K18.jpeg
2017-01-22 17:35 - 2017-01-22 17:35 - 00070402 _____ C:\Users\PC\Downloads\UDNUf9.jpeg
2017-01-22 17:35 - 2017-01-22 17:35 - 00066160 _____ C:\Users\PC\Downloads\LCpUgB.jpeg
2017-01-22 17:35 - 2017-01-22 17:35 - 00060932 _____ C:\Users\PC\Downloads\K5dKo7.jpeg
2017-01-22 17:35 - 2017-01-22 17:35 - 00060615 _____ C:\Users\PC\Downloads\NHCUo6.jpeg
2017-01-22 17:35 - 2017-01-22 17:35 - 00058062 _____ C:\Users\PC\Downloads\mGtUWO.jpeg
2017-01-22 17:35 - 2017-01-22 17:35 - 00056602 _____ C:\Users\PC\Downloads\JxeUo5.jpeg
2017-01-22 17:35 - 2017-01-22 17:35 - 00050975 _____ C:\Users\PC\Downloads\roXUgA.jpeg
2017-01-22 17:34 - 2017-01-22 17:34 - 00077146 _____ C:\Users\PC\Downloads\rYaTix.jpeg
2017-01-22 17:34 - 2017-01-22 17:34 - 00070724 _____ C:\Users\PC\Downloads\7LTTnk.jpeg
2017-01-22 17:34 - 2017-01-22 17:34 - 00068329 _____ C:\Users\PC\Downloads\NgWORB.jpeg
2017-01-22 17:32 - 2017-01-22 17:32 - 00121194 _____ C:\Users\PC\Downloads\4UgWM5.jpeg
2017-01-22 17:32 - 2017-01-22 17:32 - 00088978 _____ C:\Users\PC\Downloads\OjyBANQ.jpeg
2017-01-22 17:31 - 2017-01-22 17:31 - 00094147 _____ C:\Users\PC\Downloads\B4lYmp.jpeg
2017-01-22 17:31 - 2017-01-22 17:31 - 00030758 _____ C:\Users\PC\Downloads\qPIDtL.jpeg
2017-01-22 17:30 - 2017-01-22 17:30 - 00088262 _____ C:\Users\PC\Downloads\SLiEBN.jpeg
2017-01-22 17:30 - 2017-01-22 17:30 - 00086522 _____ C:\Users\PC\Downloads\wvSECB.jpeg
2017-01-22 17:30 - 2017-01-22 17:30 - 00080134 _____ C:\Users\PC\Downloads\WoxPJ6.jpeg
2017-01-22 17:30 - 2017-01-22 17:30 - 00068704 _____ C:\Users\PC\Downloads\SnfUu8.jpeg
2017-01-22 17:30 - 2017-01-22 17:30 - 00059610 _____ C:\Users\PC\Downloads\GIoEBP.jpeg
2017-01-22 17:30 - 2017-01-22 17:30 - 00052237 _____ C:\Users\PC\Downloads\UPIU3m.jpeg
2017-01-22 17:13 - 2017-01-22 17:13 - 00076183 _____ C:\Users\PC\Downloads\rhCkPE.jpeg
2017-01-22 17:13 - 2017-01-22 17:13 - 00073229 _____ C:\Users\PC\Downloads\LEySTz.jpeg
2017-01-22 17:13 - 2017-01-22 17:13 - 00068300 _____ C:\Users\PC\Downloads\M4lkjH.jpeg
2017-01-22 17:13 - 2017-01-22 17:13 - 00065701 _____ C:\Users\PC\Downloads\6hUE54.jpeg
2017-01-22 17:12 - 2017-01-22 17:12 - 00070783 _____ C:\Users\PC\Downloads\9ucMGE.jpeg
2017-01-22 17:12 - 2017-01-22 17:12 - 00060629 _____ C:\Users\PC\Downloads\SACMGG.jpeg
2017-01-22 17:12 - 2017-01-22 17:12 - 00044770 _____ C:\Users\PC\Downloads\GETMHZ.jpeg
2017-01-22 17:09 - 2017-01-22 17:09 - 00080975 _____ C:\Users\PC\Downloads\b0Usmg.jpeg
2017-01-22 17:07 - 2017-01-22 17:07 - 00101288 _____ C:\Users\PC\Downloads\ugqrNL.jpeg
2017-01-22 17:07 - 2017-01-22 17:07 - 00066675 _____ C:\Users\PC\Downloads\yQVsmi.jpeg
2017-01-22 17:07 - 2017-01-22 17:07 - 00061623 _____ C:\Users\PC\Downloads\KKf13I.jpeg
2017-01-22 17:06 - 2017-01-22 17:06 - 00075716 _____ C:\Users\PC\Downloads\ckEUgP.jpeg
2017-01-22 17:06 - 2017-01-22 17:06 - 00070983 _____ C:\Users\PC\Downloads\GQ5Bk3.jpeg
2017-01-22 17:06 - 2017-01-22 17:06 - 00070544 _____ C:\Users\PC\Downloads\zNaU5A.jpeg
2017-01-22 17:06 - 2017-01-22 17:06 - 00066755 _____ C:\Users\PC\Downloads\Na3IBl.jpeg
2017-01-22 17:06 - 2017-01-22 17:06 - 00066043 _____ C:\Users\PC\Downloads\1JISXS.jpeg
2017-01-22 17:06 - 2017-01-22 17:06 - 00034952 _____ C:\Users\PC\Downloads\EfmSe2.jpeg
2017-01-22 17:06 - 2017-01-22 17:06 - 00031118 _____ C:\Users\PC\Downloads\ZbBJ0I.jpeg
2017-01-22 17:06 - 2017-01-22 17:06 - 00026949 _____ C:\Users\PC\Downloads\9PdJIm.jpeg
2017-01-22 17:05 - 2017-01-22 17:05 - 00081733 _____ C:\Users\PC\Downloads\5QRUqM.jpeg
2017-01-22 17:05 - 2017-01-22 17:05 - 00069590 _____ C:\Users\PC\Downloads\RMRVDl.jpeg
2017-01-22 17:05 - 2017-01-22 17:05 - 00060583 _____ C:\Users\PC\Downloads\oOWVDk.jpeg
2017-01-22 17:04 - 2017-01-22 17:04 - 00099409 _____ C:\Users\PC\Downloads\Yn3Uzk.jpeg
2017-01-22 17:04 - 2017-01-22 17:04 - 00079361 _____ C:\Users\PC\Downloads\vb6VDa.jpeg
2017-01-22 17:01 - 2017-01-22 17:01 - 00124721 _____ C:\Users\PC\Downloads\hPbCqq.jpeg
2017-01-22 17:01 - 2017-01-22 17:01 - 00081687 _____ C:\Users\PC\Downloads\MAqVMu.jpeg
2017-01-22 17:01 - 2017-01-22 17:01 - 00063723 _____ C:\Users\PC\Downloads\Ts3LmK.jpeg
2017-01-22 17:01 - 2017-01-22 17:01 - 00054864 _____ C:\Users\PC\Downloads\7myCqp.jpeg
2017-01-22 17:01 - 2017-01-22 17:01 - 00052729 _____ C:\Users\PC\Downloads\wtwVAe.jpeg
2017-01-22 17:01 - 2017-01-22 17:01 - 00049996 _____ C:\Users\PC\Downloads\gZYCde.jpeg
2017-01-22 17:00 - 2017-01-22 17:00 - 00083493 _____ C:\Users\PC\Downloads\2IDVMv.jpeg
2017-01-22 17:00 - 2017-01-22 17:00 - 00072487 _____ C:\Users\PC\Downloads\f9XRO.jpeg
2017-01-22 17:00 - 2017-01-22 17:00 - 00070315 _____ C:\Users\PC\Downloads\vrBPlT.jpeg
2017-01-22 17:00 - 2017-01-22 17:00 - 00060869 _____ C:\Users\PC\Downloads\bkNCn8.jpeg
2017-01-22 17:00 - 2017-01-22 17:00 - 00055876 _____ C:\Users\PC\Downloads\pQkQv.jpeg
2017-01-22 17:00 - 2017-01-22 17:00 - 00050709 _____ C:\Users\PC\Downloads\AW5SPf.jpeg
2017-01-22 16:49 - 2017-01-22 16:49 - 00123622 _____ C:\Users\PC\Downloads\ToayYZ.jpeg
2017-01-22 15:16 - 2017-01-22 19:41 - 00000000 ____D C:\FRST
2017-01-22 15:16 - 2017-01-22 17:59 - 00000000 ____D C:\Users\PC\Desktop\FRST-OlderVersion
2017-01-22 08:06 - 2017-01-22 08:06 - 00066673 _____ C:\Users\PC\Downloads\V87QDZ.jpeg
2017-01-22 08:06 - 2017-01-22 08:06 - 00062766 _____ C:\Users\PC\Downloads\9lESNY.jpeg
2017-01-22 08:06 - 2017-01-22 08:06 - 00048998 _____ C:\Users\PC\Downloads\PXFUyB.jpeg
2017-01-22 08:06 - 2017-01-22 08:06 - 00042223 _____ C:\Users\PC\Downloads\j6ZOz1.jpeg
2017-01-22 08:05 - 2017-01-22 08:05 - 00064513 _____ C:\Users\PC\Downloads\mPgUEO.jpeg
2017-01-22 08:05 - 2017-01-22 08:05 - 00061519 _____ C:\Users\PC\Downloads\8MBM8z.jpeg
2017-01-22 08:00 - 2017-01-22 08:00 - 00040241 _____ C:\Users\PC\Downloads\mFHWQM.jpeg
2017-01-22 08:00 - 2017-01-22 08:00 - 00039898 _____ C:\Users\PC\Downloads\na8PCn.jpeg
2017-01-22 08:00 - 2017-01-22 08:00 - 00039490 _____ C:\Users\PC\Downloads\PKAU9P.jpeg
2017-01-22 07:59 - 2017-01-22 07:59 - 00093752 _____ C:\Users\PC\Downloads\IdHMkP.jpeg
2017-01-22 07:59 - 2017-01-22 07:59 - 00054708 _____ C:\Users\PC\Downloads\9xtjl.jpeg
2017-01-22 07:53 - 2017-01-22 07:53 - 00081100 _____ C:\Users\PC\Downloads\ECQURg.jpeg
2017-01-22 07:53 - 2017-01-22 07:53 - 00056006 _____ C:\Users\PC\Downloads\43IUOK.jpeg
2017-01-22 07:52 - 2017-01-22 07:52 - 00115569 _____ C:\Users\PC\Downloads\Mz3UXr.jpeg
2017-01-22 07:52 - 2017-01-22 07:52 - 00093897 _____ C:\Users\PC\Downloads\YuPURa.jpeg
2017-01-22 07:52 - 2017-01-22 07:52 - 00087011 _____ C:\Users\PC\Downloads\b4NUb6.jpeg
2017-01-22 07:52 - 2017-01-22 07:52 - 00073146 _____ C:\Users\PC\Downloads\8NrUc8.jpeg
2017-01-22 07:52 - 2017-01-22 07:52 - 00068955 _____ C:\Users\PC\Downloads\kx7DYC.jpeg
2017-01-22 07:52 - 2017-01-22 07:52 - 00066248 _____ C:\Users\PC\Downloads\7bFlZc.jpeg
2017-01-22 07:52 - 2017-01-22 07:52 - 00064381 _____ C:\Users\PC\Downloads\heMUaX.jpeg
2017-01-22 07:51 - 2017-01-22 07:51 - 00066106 _____ C:\Users\PC\Downloads\eyiUt2.jpeg
2017-01-22 07:50 - 2017-01-22 07:50 - 00080583 _____ C:\Users\PC\Downloads\DWKgT.jpeg
2017-01-22 07:50 - 2017-01-22 07:50 - 00038602 _____ C:\Users\PC\Downloads\KWRdxn.jpeg
2017-01-22 07:49 - 2017-01-22 07:49 - 00088878 _____ C:\Users\PC\Downloads\5BbUwv.jpeg
2017-01-22 07:49 - 2017-01-22 07:49 - 00058896 _____ C:\Users\PC\Downloads\rmfWQf.jpeg
2017-01-22 07:48 - 2017-01-22 07:48 - 00073702 _____ C:\Users\PC\Downloads\o8YVEw.jpeg
2017-01-22 07:48 - 2017-01-22 07:48 - 00057893 _____ C:\Users\PC\Downloads\EYcU22.jpeg
2017-01-22 07:48 - 2017-01-22 07:48 - 00055590 _____ C:\Users\PC\Downloads\IyAVEv.jpeg
2017-01-21 07:33 - 2017-01-21 16:58 - 00000000 ____D C:\AdwCleaner
2017-01-21 07:33 - 2017-01-21 07:33 - 03988944 _____ C:\Users\PC\Desktop\adwcleaner_6.042.exe
2017-01-21 03:12 - 2017-01-21 03:12 - 89267511 _____ C:\Users\PC\Desktop\fixes.zip
2017-01-20 13:52 - 2017-01-20 13:53 - 00000000 ____D C:\rsit
2017-01-20 13:52 - 2017-01-20 13:52 - 01323520 _____ C:\Users\PC\Desktop\RSITx64.exe
2017-01-20 13:52 - 2017-01-20 13:52 - 00000000 ____D C:\Program Files\trend micro
2017-01-20 13:51 - 2017-01-22 15:16 - 02420736 _____ (Farbar) C:\Users\PC\Desktop\FRST64.exe
2017-01-20 10:50 - 2017-01-20 10:50 - 00000000 ____D C:\Users\PC\AppData\Local\Unity
2017-01-20 10:48 - 2017-01-20 10:49 - 00003676 _____ C:\WINDOWS\System32\Tasks\hptop
2017-01-20 09:49 - 2017-01-20 09:49 - 00000000 ____D C:\Users\PC\AppData\Local\GHISLER
2017-01-20 09:48 - 2017-01-20 09:50 - 00000000 ____D C:\Users\PC\AppData\Roaming\GHISLER
2017-01-20 09:48 - 2017-01-20 09:49 - 00000000 ____D C:\totalcmd
2017-01-20 09:48 - 2017-01-20 09:48 - 00000683 _____ C:\Users\PC\Desktop\Total Commander 64 bit.lnk
2017-01-20 09:48 - 2017-01-20 09:48 - 00000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2017-01-20 09:47 - 2017-01-20 09:47 - 00000600 _____ C:\Users\PC\AppData\Roaming\winscp.rnd
2017-01-19 23:42 - 2017-01-19 23:42 - 00000000 ____D C:\WINDOWS\LastGood
2017-01-19 07:51 - 2017-01-22 18:06 - 00000000 ____D C:\Users\PC\AppData\Local\SHU
2017-01-19 07:51 - 2017-01-19 07:51 - 00000000 ____D C:\Users\PC\AppData\Local\ScreenShu
2017-01-19 07:51 - 2017-01-19 07:51 - 00000000 ____D C:\Users\PC\.SHU
2017-01-19 07:51 - 2017-01-19 07:51 - 00000000 ____D C:\Users\PC\.QtWebEngineProcess
2017-01-19 07:50 - 2017-01-19 07:50 - 00001004 _____ C:\Users\Public\Desktop\SHU.lnk
2017-01-19 07:50 - 2017-01-19 07:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHU
2017-01-19 07:50 - 2017-01-19 07:50 - 00000000 ____D C:\Program Files (x86)\SHU
2017-01-19 07:36 - 2017-01-19 07:36 - 00001747 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
2017-01-19 07:36 - 2017-01-19 07:36 - 00000000 ____D C:\Users\PC\Documents\Rainmeter
2017-01-19 07:36 - 2017-01-19 07:36 - 00000000 ____D C:\Users\PC\AppData\Roaming\Rainmeter
2017-01-19 07:36 - 2017-01-19 07:36 - 00000000 ____D C:\Program Files\Rainmeter
2017-01-19 07:32 - 2017-01-19 07:32 - 00000279 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Koš.lnk
2017-01-19 07:30 - 2017-01-19 07:31 - 00000000 ____D C:\Users\PC\Desktop\Hry
2017-01-18 23:07 - 2017-01-18 23:07 - 00312744 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2017-01-18 23:07 - 2017-01-18 23:07 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2017-01-18 23:07 - 2017-01-18 23:07 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2017-01-18 23:07 - 2017-01-18 23:07 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-01-18 23:07 - 2017-01-18 23:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-18 23:07 - 2017-01-18 23:07 - 00000000 ____D C:\Program Files\Java
2017-01-17 07:00 - 2017-01-17 07:00 - 00000000 ____D C:\Users\PC\Documents\Curse
2017-01-17 06:56 - 2017-01-17 06:56 - 00000000 ____D C:\Users\PC\AppData\Roaming\Curse
2017-01-17 06:55 - 2017-01-17 07:19 - 00000000 ____D C:\Users\PC\AppData\Roaming\.technic
2017-01-14 03:17 - 2017-01-14 03:17 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-01-12 10:20 - 2017-01-13 20:06 - 00000905 _____ C:\Users\PC\AppData\Roaming\trace_FilterInstaller.txt
2017-01-12 10:20 - 2017-01-13 20:06 - 00000000 ____D C:\Program Files (x86)\NCH Software
2017-01-12 10:20 - 2017-01-13 20:06 - 00000000 _____ C:\Users\PC\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2017-01-12 10:20 - 2017-01-13 20:04 - 00000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2017-01-12 10:20 - 2017-01-12 10:20 - 00043472 ____N C:\WINDOWS\system32\Drivers\voxaldriverx64.sys
2017-01-12 10:20 - 2017-01-12 10:20 - 00001167 _____ C:\Users\PC\AppData\Roaming\trace_FilterInstaller.1.txt
2017-01-12 10:20 - 2017-01-12 10:20 - 00000000 ____D C:\Users\PC\AppData\Roaming\NCH Software
2017-01-12 10:20 - 2017-01-12 10:20 - 00000000 ____D C:\ProgramData\NCH Software
2017-01-12 10:15 - 2017-01-12 10:16 - 00000000 ____D C:\Users\PC\Documents\svctest
2017-01-12 10:15 - 2017-01-12 10:16 - 00000000 ____D C:\Users\PC\Documents\svcrecord
2017-01-12 09:38 - 2016-12-21 09:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-12 09:38 - 2016-12-21 09:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-12 09:38 - 2016-12-21 09:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-12 09:38 - 2016-12-21 08:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-12 09:38 - 2016-12-21 08:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-12 09:38 - 2016-12-21 08:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-12 09:38 - 2016-12-21 08:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-12 09:38 - 2016-12-21 08:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-12 09:38 - 2016-12-21 08:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-12 09:38 - 2016-12-21 08:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-12 09:38 - 2016-12-21 08:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-12 09:38 - 2016-12-21 08:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-12 09:38 - 2016-12-21 08:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-12 09:38 - 2016-12-21 08:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-12 09:38 - 2016-12-21 08:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-12 09:38 - 2016-12-21 08:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-12 09:38 - 2016-12-21 08:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-12 09:38 - 2016-12-21 08:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-12 09:38 - 2016-12-21 08:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-12 09:38 - 2016-12-21 08:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-12 09:38 - 2016-12-21 08:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-12 09:38 - 2016-12-21 08:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-12 09:38 - 2016-12-21 08:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-12 09:38 - 2016-12-21 08:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-12 09:38 - 2016-12-21 08:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-12 09:38 - 2016-12-21 08:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-12 09:38 - 2016-12-21 08:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-12 09:38 - 2016-12-21 08:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-12 09:38 - 2016-12-21 08:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-12 09:38 - 2016-12-21 08:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-12 09:38 - 2016-12-21 08:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-12 09:38 - 2016-12-21 08:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-12 09:38 - 2016-12-21 08:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-12 09:38 - 2016-12-21 08:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-12 09:38 - 2016-12-21 08:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-12 09:38 - 2016-12-21 08:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-12 09:38 - 2016-12-21 08:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-12 09:38 - 2016-12-21 08:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-12 09:38 - 2016-12-21 08:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-12 09:38 - 2016-12-21 07:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-12 09:38 - 2016-12-21 07:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-12 09:38 - 2016-12-21 07:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-12 09:38 - 2016-12-21 07:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-12 09:38 - 2016-12-21 07:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-12 09:38 - 2016-12-21 07:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-12 09:38 - 2016-12-21 07:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-12 09:38 - 2016-12-21 07:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-12 09:38 - 2016-12-21 07:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-12 09:38 - 2016-12-21 07:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-12 09:38 - 2016-12-21 07:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-12 09:38 - 2016-12-21 07:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-12 09:38 - 2016-12-21 07:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-12 09:38 - 2016-12-21 07:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-12 09:38 - 2016-12-21 07:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-12 09:38 - 2016-12-21 07:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-12 09:38 - 2016-12-21 07:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-12 09:38 - 2016-12-21 07:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-12 09:38 - 2016-12-21 07:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-12 09:38 - 2016-12-21 07:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-12 09:38 - 2016-12-21 06:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-12 09:38 - 2016-12-21 06:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-12 09:38 - 2016-12-21 06:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-12 09:38 - 2016-12-21 06:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-12 09:38 - 2016-12-21 06:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-12 09:38 - 2016-12-21 06:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-12 09:38 - 2016-12-21 06:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-12 09:38 - 2016-12-21 06:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-12 09:38 - 2016-12-21 06:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-12 09:38 - 2016-12-21 05:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-12 09:38 - 2016-12-21 05:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-12 09:38 - 2016-12-21 05:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-12 09:38 - 2016-12-21 05:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-12 09:38 - 2016-12-21 05:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-12 09:38 - 2016-12-21 05:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-12 09:38 - 2016-12-21 05:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-12 09:38 - 2016-12-21 05:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-12 09:38 - 2016-12-21 05:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-12 09:38 - 2016-12-21 05:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-12 09:38 - 2016-12-21 05:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-12 09:38 - 2016-12-21 05:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-12 09:38 - 2016-12-21 05:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-12 09:38 - 2016-12-21 05:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-12 09:38 - 2016-12-21 05:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-12 09:38 - 2016-12-21 05:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-12 09:38 - 2016-12-21 05:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-12 09:38 - 2016-12-21 05:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-12 09:38 - 2016-12-21 05:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-12 09:38 - 2016-12-21 05:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-12 09:38 - 2016-12-21 05:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-12 09:38 - 2016-12-21 05:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-12 09:38 - 2016-12-21 05:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-12 09:38 - 2016-12-21 05:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-12 09:38 - 2016-12-21 05:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-12 09:38 - 2016-12-21 05:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-12 09:38 - 2016-12-21 05:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-12 09:38 - 2016-12-21 05:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-12 09:38 - 2016-12-14 06:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-12 09:38 - 2016-12-14 06:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-12 09:38 - 2016-12-14 06:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-12 09:38 - 2016-12-14 06:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-12 09:38 - 2016-12-14 06:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-12 09:38 - 2016-12-14 06:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-12 09:38 - 2016-12-14 06:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-12 09:38 - 2016-12-14 06:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-12 09:38 - 2016-12-14 06:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-12 09:38 - 2016-12-14 06:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-12 09:38 - 2016-12-14 06:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-12 09:38 - 2016-12-14 06:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-12 09:38 - 2016-12-14 06:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-12 09:38 - 2016-12-14 06:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-12 09:38 - 2016-12-14 06:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-12 09:38 - 2016-12-14 06:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-12 09:38 - 2016-12-14 06:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-12 09:38 - 2016-12-14 06:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-12 09:38 - 2016-12-14 05:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-12 09:38 - 2016-12-14 05:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-12 09:38 - 2016-12-14 05:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-12 09:38 - 2016-12-14 05:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-12 09:38 - 2016-12-14 05:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-12 09:38 - 2016-12-14 05:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-12 09:38 - 2016-12-14 05:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-12 09:38 - 2016-12-14 05:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-12 09:38 - 2016-12-14 05:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-12 09:38 - 2016-12-14 05:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-12 09:38 - 2016-12-14 05:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-12 09:38 - 2016-12-14 05:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-12 09:38 - 2016-12-14 05:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-12 09:38 - 2016-12-14 05:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-12 09:38 - 2016-12-14 05:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-12 09:38 - 2016-12-14 05:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-12 09:38 - 2016-12-14 05:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-12 09:38 - 2016-12-14 05:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-12 09:38 - 2016-12-14 05:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-12 09:38 - 2016-12-14 05:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-12 09:38 - 2016-12-14 05:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-12 09:38 - 2016-12-14 05:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-12 09:38 - 2016-12-14 05:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-12 09:38 - 2016-12-14 05:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-12 09:38 - 2016-12-14 05:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-12 09:38 - 2016-12-14 05:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-12 09:38 - 2016-12-14 05:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-12 09:38 - 2016-12-14 05:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-12 09:38 - 2016-12-14 05:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-12 09:38 - 2016-12-14 05:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-12 09:38 - 2016-12-14 05:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-12 09:38 - 2016-12-14 05:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-12 09:38 - 2016-12-14 05:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-12 09:38 - 2016-12-14 05:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-12 09:38 - 2016-12-14 05:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-12 09:38 - 2016-12-14 05:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-12 09:38 - 2016-12-14 05:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-12 09:38 - 2016-12-14 05:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-12 09:38 - 2016-12-14 05:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-12 09:38 - 2016-12-14 05:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-12 09:38 - 2016-12-14 05:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-12 09:38 - 2016-12-14 05:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-12 09:38 - 2016-12-14 05:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-12 09:38 - 2016-12-14 05:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-12 09:38 - 2016-12-14 05:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-12 09:38 - 2016-12-14 05:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-12 09:38 - 2016-11-02 13:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-12 09:38 - 2016-11-02 12:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-12 09:38 - 2016-11-02 11:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-12 09:38 - 2016-11-02 11:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-12 09:38 - 2016-11-02 11:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-12 09:38 - 2016-08-02 05:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-11 00:30 - 2017-01-18 23:14 - 00000000 ____D C:\Users\PC\AppData\Roaming\.minecraft
2017-01-11 00:30 - 2017-01-11 00:30 - 00001008 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2017-01-11 00:30 - 2017-01-11 00:30 - 00000970 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2017-01-11 00:30 - 2017-01-11 00:30 - 00000000 ____D C:\Users\PC\AppData\Roaming\java
2017-01-11 00:30 - 2017-01-11 00:30 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2017-01-11 00:29 - 2017-01-11 00:29 - 00002658 _____ C:\Users\Public\Desktop\Skype.lnk
2017-01-11 00:29 - 2017-01-11 00:29 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-01-11 00:29 - 2017-01-11 00:29 - 00000000 ____D C:\Users\PC\Tracing
2017-01-11 00:29 - 2017-01-11 00:29 - 00000000 ____D C:\ProgramData\Skype
2017-01-11 00:29 - 2017-01-11 00:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-01-11 00:29 - 2017-01-11 00:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2017-01-11 00:29 - 2017-01-11 00:29 - 00000000 ____D C:\Program Files (x86)\Minecraft
2017-01-10 10:24 - 2017-01-10 10:24 - 00000000 ____D C:\Users\PC\AppData\LocalLow\Raft
2017-01-09 09:24 - 2017-01-09 09:24 - 00000000 ____D C:\Users\PC\AppData\Roaming\LolClient
2017-01-05 08:06 - 2017-01-19 07:54 - 00003284 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-05 08:05 - 2017-01-22 19:25 - 00000000 ____D C:\Users\PC\AppData\Roaming\Skype
2016-12-30 10:50 - 2016-12-30 10:50 - 00000000 ____D C:\Users\PC\AppData\LocalLow\Ludeon Studios
2016-12-29 09:32 - 2016-12-29 09:32 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-12-29 05:29 - 2016-12-29 05:29 - 00000000 ____D C:\Users\PC\AppData\Roaming\Wargaming.net
2016-12-29 04:16 - 2016-12-29 04:16 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2016-12-29 04:16 - 2016-12-29 04:16 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2016-12-29 04:16 - 2016-12-29 04:16 - 00000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
2016-12-29 04:16 - 2016-12-29 04:16 - 00000000 ____D C:\Games
2016-12-29 02:25 - 2016-12-29 02:25 - 00466220 _____ C:\WINDOWS\Minidump\122816-20046-01.dmp
2016-12-29 00:51 - 2016-12-29 00:51 - 00000000 ____D C:\ProgramData\Riot Games
2016-12-29 00:45 - 2016-12-29 00:50 - 00000000 ____D C:\rads
2016-12-29 00:44 - 2016-12-29 00:44 - 00000000 ____D C:\Riot Games
2016-12-29 00:44 - 2016-12-29 00:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2016-12-29 00:44 - 2008-07-12 21:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2016-12-29 00:44 - 2008-07-12 21:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2016-12-29 00:44 - 2008-07-12 21:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2016-12-29 00:42 - 2016-12-29 00:45 - 00000000 ____D C:\Users\PC\AppData\Roaming\Riot Games
2016-12-28 23:26 - 2017-01-20 10:49 - 00000000 ____D C:\Users\PC\Desktop\Screen
2016-12-28 23:05 - 2016-12-28 23:05 - 00000000 ____D C:\Users\PC\AppData\Roaming\Macromedia
2016-12-25 22:49 - 2016-12-25 22:49 - 00000000 ____D C:\Users\PC\AppData\LocalLow\Payload

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-22 18:13 - 2016-12-12 07:00 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-22 18:12 - 2016-11-05 09:03 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-22 18:11 - 2016-10-31 01:08 - 02895170 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-22 18:11 - 2016-10-30 13:17 - 01319652 _____ C:\WINDOWS\system32\perfh005.dat
2017-01-22 18:11 - 2016-10-30 13:17 - 00326564 _____ C:\WINDOWS\system32\perfc005.dat
2017-01-22 18:09 - 2016-12-12 10:48 - 00000000 ____D C:\Users\PC\AppData\LocalLow\Mozilla
2017-01-22 18:09 - 2016-10-31 01:09 - 00000000 ____D C:\Users\PC
2017-01-22 18:05 - 2016-10-31 00:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-22 18:05 - 2016-10-30 12:56 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2017-01-22 17:58 - 2016-10-30 13:11 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-01-22 17:58 - 2016-10-30 13:11 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-01-22 17:54 - 2016-10-31 00:52 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-22 15:16 - 2016-10-30 13:11 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-22 15:16 - 2016-10-30 13:11 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-21 16:58 - 2016-12-12 07:05 - 00000000 ____D C:\Users\UpdatusUser
2017-01-21 05:07 - 2016-10-31 01:14 - 00000000 ____D C:\Users\PC\AppData\Local\ElevatedDiagnostics
2017-01-20 06:16 - 2016-10-30 13:11 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-20 05:39 - 2016-11-05 09:01 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-01-19 07:54 - 2016-10-31 01:11 - 00002378 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-19 07:54 - 2016-10-31 01:11 - 00000000 ___RD C:\Users\PC\OneDrive
2017-01-18 02:41 - 2016-12-12 06:57 - 00000000 ____D C:\ProgramData\Oracle
2017-01-16 20:41 - 2016-10-30 13:11 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-01-14 03:44 - 2016-10-30 13:11 - 00000000 ____D C:\WINDOWS\rescache
2017-01-12 23:51 - 2016-10-30 13:10 - 00000000 ____D C:\WINDOWS\INF
2017-01-12 21:53 - 2016-10-31 01:09 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-12 21:51 - 2016-10-31 00:52 - 00244888 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-12 20:56 - 2016-10-30 13:11 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-12 20:56 - 2016-10-30 13:11 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-12 20:56 - 2016-10-30 13:11 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-12 20:56 - 2016-10-30 13:11 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-12 20:56 - 2016-10-30 13:11 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-12 20:52 - 2016-10-30 13:00 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-12 20:46 - 2016-10-31 05:56 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-12 20:45 - 2016-10-31 05:56 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-03 20:51 - 2016-11-08 09:40 - 00000000 ____D C:\Program Files (x86)\Killing Room
2017-01-01 13:22 - 2016-12-15 02:41 - 00539896 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2016-12-29 09:32 - 2016-10-30 13:11 - 00000000 ____D C:\WINDOWS\system32\Drivers\UMDF
2016-12-29 05:27 - 2016-10-30 13:11 - 00000000 __RSD C:\WINDOWS\Fonts
2016-12-29 02:25 - 2016-12-12 07:36 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-29 02:25 - 2016-12-12 07:35 - 526431090 _____ C:\WINDOWS\MEMORY.DMP
2016-12-29 00:44 - 2016-10-30 13:11 - 00000000 ____D C:\WINDOWS\Tasks
2016-12-26 06:10 - 2016-12-15 10:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-26 06:10 - 2016-12-12 10:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-26 06:10 - 2016-10-31 06:54 - 00002046 _____ C:\WINDOWS\PFRO.log
2016-12-25 22:51 - 2016-11-08 05:32 - 00000000 ____D C:\Users\PC\AppData\Roaming\uTorrent
2016-12-25 06:36 - 2016-11-03 11:19 - 00000000 ____D C:\Users\PC\AppData\Local\Diagnostics
2016-12-23 00:13 - 2016-10-30 13:13 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-23 00:13 - 2016-10-30 13:13 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2017-01-12 10:20 - 2017-01-12 10:20 - 0001167 _____ () C:\Users\PC\AppData\Roaming\trace_FilterInstaller.1.txt
2017-01-12 10:20 - 2017-01-13 20:06 - 0000905 _____ () C:\Users\PC\AppData\Roaming\trace_FilterInstaller.txt
2017-01-12 10:20 - 2017-01-13 20:06 - 0000000 _____ () C:\Users\PC\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2017-01-20 09:47 - 2017-01-20 09:47 - 0000600 _____ () C:\Users\PC\AppData\Roaming\winscp.rnd

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-16 04:54

==================== End of FRST.txt ============================

Smazáno. Nastala nějaká změna?

Změna je v tom, že už to nevyskakuje tak často jinak to pořád vyskakuje.

OK. Udělejte ještě tyto skeny:

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

Pro jistotu dávám první log


Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by PC on 23.01.2017 at 19:24:46,45.
Microsoft Windows 10 Home 10.0.14393 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\PC\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

23.01.2017 19:25:42 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\defaultuser0\AppData\LocalLow deleted successfully
C:\Users\UpdatusUser\AppData\LocalLow deleted successfully
C:\Users\defaultuser0\AppData\Local\VirtualStore deleted successfully
C:\Users\PC\AppData\Local\GHISLER deleted successfully
C:\Users\PC\AppData\Local\NetworkTiles deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-755872668-3960088791-3099136738-1002\SOFTWARE\Microsoft\Internet Explorer\Approved Extensions\{8E8F97CD-60B5-456F-A201-73065652D099} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\t4og3rq4.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.cz/?gfe_rd=cr&ei=0lx ... gws_rd=ssl");

Added to C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\t4og3rq4.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~2\AGEIA Technologies not found
C:\Users\PC\AppData\Roaming\.technic deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\PC\AppData\Local\Unity deleted
C:\Users\PC\AppData\LocalLow\Unity deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\t4og3rq4.default
user_pref("browser.startup.homepage", "https://www.google.cz/?gfe_rd=cr&ei=0lx ... gws_rd=ssl");

==== Firefox Extensions ======================

ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\t4og3rq4.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================


==== Chromium Look ======================


Tampermonkey - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo
Chrome Media Router - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IESR02

==== Reset Google Chrome ======================

C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5A11EF83-9E0A-4B5C-8D2F-1FF9551A5E8C} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\38FE11A5A0E9C5B4D8F2F19F55A1E5C8 deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\PC\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\PC\AppData\Local\Microsoft\Windows\INetCache\IE\4GMIA6GF will be deleted at reboot
C:\Users\PC\AppData\Local\Microsoft\Windows\INetCache\IE\K20HY4CY will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\PC\AppData\Local\Mozilla\Firefox\Profiles\t4og3rq4.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2930 folders=610 576860748 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\PC\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\PC\AppData\Local\Microsoft\Windows\INetCache\IE\4GMIA6GF" not found
"C:\Users\PC\AppData\Local\Microsoft\Windows\INetCache\IE\K20HY4CY" not found

==== EOF on 23.01.2017 at 19:46:17,02 ======================