VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Zřejmě Hijacker - http://search.queryrouter.com

https://forum.viry.cz:443/viewtopic.php?t=151458

Stránka 1 z 1

Zřejmě Hijacker - http://search.queryrouter.com

Napsal: 19 úno 2017 19:47
od Pedroso
Dobrý večer, na druhém počítači, na kterém se "seznamuju" s Windows 10 (32 bit) se mi do prohlížeče Google Chrome dostal zřejmě Hijacker, který se projevuje tak, že mi vnucuje občasně vyhledávač http://search.queryrouter.com a občas otevírá nevyžádané stránky. Report níže + přikládám addition.txt a předem děkuji.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-02-2017 01
Ran by Petr Martens (administrator) on TESTER (19-02-2017 19:35:50)
Running from C:\Users\petrm\Desktop
Loaded Profiles: Petr Martens (Available Profiles: defaultuser0 & Petr Martens)
Platform: Microsoft Windows 10 Pro Version 1607 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x86__kzf8qxf38zg5c\SkypeHost.exe
(Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.25.0_x86__8wekyb3d8bbwe\WinStore.App.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Ghisler Software GmbH) C:\Total Commander\TOTALCMD.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(forum.viry.cz) C:\Users\petrm\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMan] => C:\Windows\SOUNDMAN.EXE [604704 2017-02-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-05-28] (Nero AG)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe
HKU\S-1-5-21-1638243601-2278729000-55199083-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2008-01-22] (Nero AG)
Startup: C:\Users\petrm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoogleUpdate.lnk [2017-02-17]
ShortcutTarget: GoogleUpdate.lnk -> C:\Users\petrm\AppData\Local\Temp\Google Updates\seachEn.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{be5a3be4-cc03-4839-8ee9-756edc594f66}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1638243601-2278729000-55199083-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-17] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-17] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-17] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-17] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-02-17] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)

Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\petrm\AppData\Local\Google\Chrome\User Data\Default [2017-02-19]
CHR Extension: (Prezentace Google) - C:\Users\petrm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-16]
CHR Extension: (Dokumenty Google) - C:\Users\petrm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-16]
CHR Extension: (Disk Google) - C:\Users\petrm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-16]
CHR Extension: (YouTube) - C:\Users\petrm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-16]
CHR Extension: (Tabulky Google) - C:\Users\petrm\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-16]
CHR Extension: (Dokumenty Google offline) - C:\Users\petrm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\petrm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-16]
CHR Extension: (Gmail) - C:\Users\petrm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-16]
CHR Extension: (Chrome Media Router) - C:\Users\petrm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-16]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-11-16] (Advanced Micro Devices, Inc.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2538184 2017-01-29] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2241992 2016-12-14] (ESET)
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [1887272 2016-11-20] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271496 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84928 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALCXWDM; C:\Windows\system32\drivers\RTKVAC.SYS [4172064 2017-02-16] (Realtek Semiconductor Corp.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [113544 2017-01-17] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [91104 2017-01-17] (ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [14976 2017-01-17] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [140984 2017-01-17] (ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [43920 2017-01-17] (ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [69304 2017-01-17] (ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [81264 2017-01-17] (ESET)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] ()
R0 Si3114r5; C:\Windows\System32\DRIVERS\Si3114r5.sys [210472 2008-04-29] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17064 2008-04-29] (Silicon Image, Inc.)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12200 2008-04-29] (Silicon Image, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation)
R3 yukonw8; C:\Windows\System32\drivers\yk63x86.sys [242688 2016-07-16] (Marvell)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-19 19:35 - 2017-02-19 19:36 - 00010842 _____ C:\Users\petrm\Desktop\FRST.txt
2017-02-19 19:35 - 2017-02-19 19:35 - 00000000 ____D C:\FRST
2017-02-19 17:37 - 2017-02-19 19:34 - 00112640 _____ (forum.viry.cz) C:\Users\petrm\Desktop\FRSTLauncher.exe
2017-02-19 17:34 - 2017-02-19 17:35 - 01764352 _____ (Farbar) C:\Users\petrm\Desktop\FRST.exe
2017-02-19 11:21 - 2017-02-19 11:21 - 00000000 ____D C:\Users\petrm\AppData\LocalLow\Adobe
2017-02-19 11:20 - 2017-02-19 11:30 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-02-19 11:20 - 2017-02-19 11:21 - 00000000 ____D C:\ProgramData\Adobe
2017-02-19 11:20 - 2017-02-19 11:20 - 00002089 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2017-02-19 11:20 - 2017-02-19 11:20 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-02-19 11:20 - 2017-02-19 11:20 - 00000000 ____D C:\Program Files\Adobe
2017-02-19 11:19 - 2017-02-19 11:21 - 00000000 ____D C:\Users\petrm\AppData\Local\Adobe
2017-02-18 14:12 - 2017-02-18 14:12 - 00000000 ____D C:\Windows\system32\appmgmt
2017-02-18 14:07 - 2017-02-18 14:07 - 328291144 _____ C:\Windows\MEMORY.DMP
2017-02-18 14:07 - 2017-02-18 14:07 - 00278740 _____ C:\Windows\Minidump\021817-23328-01.dmp
2017-02-18 12:43 - 2017-02-18 12:43 - 00000000 ____D C:\Users\petrm\AppData\Local\Ahead
2017-02-18 12:35 - 2017-02-18 12:37 - 00141830 _____ C:\Windows\ntbtlog.txt
2017-02-18 12:35 - 2017-02-18 12:35 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-02-18 12:11 - 2017-02-18 14:07 - 00000000 ____D C:\Windows\Minidump
2017-02-18 12:05 - 2017-02-18 14:04 - 00000000 ____D C:\Windows\system32\oodag
2017-02-17 20:48 - 2017-02-17 20:48 - 00002796 _____ C:\Users\Public\Desktop\Nero StartSmart.lnk
2017-02-17 20:48 - 2017-02-17 20:48 - 00002688 _____ C:\Users\Public\Desktop\Nero Home.lnk
2017-02-17 20:48 - 2017-02-17 20:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition
2017-02-17 20:45 - 2017-02-17 20:49 - 00000000 ____D C:\Users\petrm\AppData\Roaming\Ahead
2017-02-17 20:45 - 2017-02-17 20:45 - 00000000 ____D C:\ProgramData\Ahead
2017-02-17 20:44 - 2017-02-17 20:45 - 00000000 ____D C:\Program Files\Common Files\Ahead
2017-02-17 20:44 - 2017-02-17 20:44 - 00000000 ____D C:\ProgramData\Nero
2017-02-17 20:44 - 2017-02-17 20:44 - 00000000 ____D C:\Program Files\Nero
2017-02-17 20:42 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2017-02-17 20:42 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2017-02-17 20:37 - 2017-02-17 20:37 - 00001985 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2017-02-17 20:37 - 2017-02-17 20:37 - 00001937 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2017-02-17 20:37 - 2017-02-17 20:37 - 00000000 ____D C:\Users\petrm\AppData\Roaming\Canneverbe Limited
2017-02-17 20:37 - 2017-02-17 20:37 - 00000000 ____D C:\Program Files\CDBurnerXP
2017-02-17 20:21 - 2017-02-17 20:21 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-02-17 20:14 - 2017-02-17 20:14 - 00002564 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio 2016.lnk
2017-02-17 20:14 - 2017-02-17 20:14 - 00002540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-02-17 20:14 - 2017-02-17 20:14 - 00002534 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-02-17 20:14 - 2017-02-17 20:14 - 00002516 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 2016.lnk
2017-02-17 20:14 - 2017-02-17 20:14 - 00002511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-02-17 20:14 - 2017-02-17 20:14 - 00002506 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-02-17 20:14 - 2017-02-17 20:14 - 00002467 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-02-17 20:14 - 2017-02-17 20:14 - 00002432 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-02-17 20:14 - 2017-02-17 20:14 - 00002428 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-02-17 20:14 - 2017-02-17 20:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office 2016
2017-02-17 20:11 - 2017-02-18 14:38 - 00000000 ____D C:\Program Files\Microsoft Office
2017-02-17 20:11 - 2017-02-17 20:11 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-02-17 20:06 - 2017-02-17 20:06 - 00440120 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2017-02-17 20:06 - 2017-02-17 20:06 - 00083784 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2017-02-17 19:03 - 2017-02-17 19:03 - 00000000 ____D C:\Users\petrm\AppData\Local\PeerDistRepub
2017-02-17 17:30 - 2017-02-17 18:21 - 00000000 ____D C:\Users\petrm\AppData\Roaming\vlc
2017-02-17 17:30 - 2017-02-17 17:30 - 00001120 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-02-17 17:30 - 2017-02-17 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-02-17 17:30 - 2017-02-17 17:30 - 00000000 ____D C:\Program Files\VideoLAN
2017-02-17 17:28 - 2017-02-19 17:26 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-17 17:28 - 2017-02-17 17:28 - 00001152 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-02-17 17:28 - 2017-02-17 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-02-17 17:27 - 2017-02-17 17:28 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2017-02-17 17:27 - 2017-02-17 17:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-17 17:27 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2017-02-17 17:27 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-02-17 17:27 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-02-17 15:06 - 2017-02-17 15:06 - 00000000 ____D C:\Windows\LastGood
2017-02-17 14:54 - 2017-02-17 14:54 - 00000000 ____D C:\Users\petrm\AppData\Local\ESET
2017-02-17 14:46 - 2017-02-17 14:46 - 00002123 _____ C:\Users\Public\Desktop\ESET Ochrana bankovnictví a online plateb.lnk
2017-02-17 14:46 - 2017-02-17 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-02-17 14:46 - 2017-02-17 14:46 - 00000000 ____D C:\ProgramData\ESET
2017-02-17 14:46 - 2017-02-17 14:46 - 00000000 ____D C:\Program Files\ESET
2017-02-17 11:51 - 2017-02-17 11:51 - 00000000 ____D C:\Users\petrm\AppData\Local\GHISLER
2017-02-17 11:50 - 2017-02-17 11:54 - 00000000 ____D C:\Users\petrm\AppData\Roaming\GHISLER
2017-02-17 11:50 - 2017-02-17 11:51 - 00000000 ____D C:\Total Commander
2017-02-17 11:50 - 2017-02-17 11:50 - 00000741 _____ C:\Users\Public\Desktop\Total Commander.lnk
2017-02-17 11:50 - 2017-02-17 11:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2017-02-17 11:43 - 2017-02-17 11:43 - 00000000 ____D C:\Users\petrm\AppData\Roaming\WinRAR
2017-02-17 11:43 - 2017-02-17 11:43 - 00000000 ____D C:\Users\petrm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-17 11:43 - 2017-02-17 11:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-17 11:42 - 2017-02-17 11:43 - 00000000 ____D C:\Program Files\WinRAR
2017-02-16 20:22 - 2017-02-16 20:22 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-02-16 20:14 - 2017-02-16 20:14 - 00000000 ____D C:\Users\petrm\AppData\Roaming\ATI
2017-02-16 20:14 - 2017-02-16 20:14 - 00000000 ____D C:\Users\petrm\AppData\Local\ATI
2017-02-16 20:14 - 2017-02-16 20:14 - 00000000 ____D C:\Users\petrm\AppData\Local\AMD
2017-02-16 20:14 - 2017-02-16 20:14 - 00000000 ____D C:\ProgramData\ATI
2017-02-16 20:14 - 2017-02-16 20:14 - 00000000 ____D C:\Program Files\AMD AVT
2017-02-16 20:14 - 2017-02-16 20:14 - 00000000 ____D C:\Program Files\AMD APP
2017-02-16 20:13 - 2017-02-16 20:14 - 00000000 ____D C:\ProgramData\AMD
2017-02-16 20:13 - 2017-02-16 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
2017-02-16 20:13 - 2017-02-16 20:13 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2017-02-16 20:13 - 2017-02-16 20:13 - 00000000 ____D C:\Program Files\ATI Technologies
2017-02-16 20:13 - 2017-02-16 20:13 - 00000000 ____D C:\Program Files\ATI
2017-02-16 20:13 - 2010-02-18 09:18 - 00037944 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdiox86.sys
2017-02-16 20:12 - 2017-02-16 20:12 - 00000000 ____D C:\AMD
2017-02-16 20:06 - 2017-02-16 20:06 - 00319488 _____ (Realtek Semiconductor Corp.) C:\Windows\HideWin.exe
2017-02-16 20:06 - 2017-02-16 20:06 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2017-02-16 20:06 - 2017-02-16 20:06 - 00000000 ____D C:\Program Files\Realtek AC97
2017-02-16 20:06 - 2017-02-16 20:05 - 19036704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\ALSNDMGR.CPL
2017-02-16 20:06 - 2017-02-16 20:05 - 10975264 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTLCPL.EXE
2017-02-16 20:06 - 2017-02-16 20:05 - 04172064 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVAC.SYS
2017-02-16 20:06 - 2017-02-16 20:05 - 02510368 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2017-02-16 20:06 - 2017-02-16 20:05 - 00965664 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2017-02-16 20:06 - 2017-02-16 20:05 - 00604704 _____ (Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
2017-02-16 20:06 - 2017-02-16 20:05 - 00524288 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2017-02-16 20:06 - 2017-02-16 20:05 - 00315392 _____ (Realtek Semiconductor Corp.) C:\Windows\alcupd.exe
2017-02-16 20:06 - 2017-02-16 20:05 - 00223776 _____ (Realtek Semiconductor Corp.) C:\Windows\alcrmv.exe
2017-02-16 20:06 - 2017-02-16 20:05 - 00154144 _____ () C:\Windows\system32\RTLCPAPI.dll
2017-02-16 20:06 - 2017-02-16 20:05 - 00141856 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg.dll
2017-02-16 20:06 - 2017-02-16 20:05 - 00141016 _____ C:\Windows\system32\ALSNDMGR.WAV
2017-02-16 20:00 - 2017-02-16 20:00 - 00000000 ____D C:\Users\petrm\AppData\Local\TeamViewer
2017-02-16 19:56 - 2017-02-18 14:10 - 00000000 ____D C:\Program Files\TeamViewer
2017-02-16 19:56 - 2017-02-17 16:12 - 00000000 ____D C:\Users\petrm\AppData\Roaming\TeamViewer
2017-02-16 19:56 - 2017-02-16 19:56 - 00001070 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-02-16 19:56 - 2017-02-16 19:56 - 00001058 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-02-16 19:51 - 2017-02-16 19:51 - 00002290 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-16 19:51 - 2017-02-16 19:51 - 00002278 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-16 19:50 - 2017-02-16 19:58 - 00000000 ____D C:\Users\petrm\AppData\Local\Google
2017-02-16 19:50 - 2017-02-16 19:51 - 00000000 ____D C:\Program Files\Google
2017-02-16 19:47 - 2017-02-16 19:47 - 00000000 ____D C:\Users\petrm\AppData\Local\MicrosoftEdge
2017-02-16 19:25 - 2017-02-16 19:12 - 00407720 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-02-16 19:24 - 2017-02-16 19:25 - 00000000 ____D C:\Windows\system32\MRT
2017-02-16 19:24 - 2017-02-16 19:24 - 133456224 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-16 19:22 - 2016-12-21 05:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCsp.dll
2017-02-16 19:22 - 2016-12-21 05:45 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\ProvPluginEng.dll
2017-02-16 19:22 - 2016-12-21 05:44 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCore.dll
2017-02-16 19:22 - 2016-12-21 05:43 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BlockedShutdown.dll
2017-02-16 19:22 - 2016-12-21 05:41 - 00253952 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BioFeedback.dll
2017-02-16 19:22 - 2016-12-21 05:40 - 00557568 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2017-02-16 19:22 - 2016-12-21 05:40 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2017-02-16 19:22 - 2016-12-21 05:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgentUserBroker.exe
2017-02-16 19:22 - 2016-12-21 05:30 - 01406976 _____ (Microsoft Corporation) C:\Windows\system32\LocationFramework.dll
2017-02-16 19:22 - 2016-12-21 05:22 - 01883648 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2017-02-16 19:22 - 2016-12-14 06:04 - 00261984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2017-02-16 19:22 - 2016-12-14 05:46 - 01631232 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.dll
2017-02-16 19:22 - 2016-12-14 05:40 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2017-02-16 19:22 - 2016-12-14 05:38 - 13869056 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2017-02-16 19:22 - 2016-12-14 05:38 - 00213504 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.CredDialogController.dll
2017-02-16 19:22 - 2016-12-14 05:22 - 02748416 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2017-02-16 19:22 - 2016-12-09 11:10 - 00583136 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2017-02-16 19:22 - 2016-12-09 10:57 - 06668040 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2017-02-16 19:22 - 2016-11-11 08:47 - 05722832 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2017-02-16 19:22 - 2016-11-11 08:47 - 01430720 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2017-02-16 19:22 - 2016-11-11 08:47 - 00861024 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2017-02-16 19:22 - 2016-11-11 08:46 - 00186720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-02-16 19:22 - 2016-11-11 08:45 - 00355680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2017-02-16 19:22 - 2016-11-11 08:42 - 20969928 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-02-16 19:22 - 2016-11-11 08:38 - 01263856 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-02-16 19:22 - 2016-11-11 08:29 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\CbtBackgroundManagerPolicy.dll
2017-02-16 19:22 - 2016-11-11 08:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2017-02-16 19:22 - 2016-11-11 08:21 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2017-02-16 19:22 - 2016-11-11 08:18 - 02333184 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-02-16 19:22 - 2016-11-11 08:17 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2017-02-16 19:22 - 2016-11-11 08:16 - 00253952 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-02-16 19:22 - 2016-11-11 08:15 - 00348672 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2017-02-16 19:22 - 2016-11-11 08:13 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-02-16 19:22 - 2016-11-11 08:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2017-02-16 19:22 - 2016-11-11 08:07 - 01136128 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2017-02-16 19:22 - 2016-11-11 08:03 - 00772608 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2017-02-16 19:21 - 2016-12-21 06:59 - 00218976 _____ (Microsoft Corporation) C:\Windows\system32\offlinesam.dll
2017-02-16 19:21 - 2016-12-21 06:59 - 00101728 _____ (Microsoft Corporation) C:\Windows\system32\ImplatSetup.dll
2017-02-16 19:21 - 2016-12-21 06:20 - 06020448 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-02-16 19:21 - 2016-12-21 06:09 - 00263472 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2017-02-16 19:21 - 2016-12-21 06:05 - 00523784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-02-16 19:21 - 2016-12-21 06:02 - 03892864 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2017-02-16 19:21 - 2016-12-21 06:02 - 01852720 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2017-02-16 19:21 - 2016-12-21 06:02 - 01360464 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2017-02-16 19:21 - 2016-12-21 06:02 - 01277344 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2017-02-16 19:21 - 2016-12-21 06:02 - 01201872 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2017-02-16 19:21 - 2016-12-21 06:02 - 00980832 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2017-02-16 19:21 - 2016-12-21 06:02 - 00080224 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-02-16 19:21 - 2016-12-21 06:01 - 00198496 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHost.dll
2017-02-16 19:21 - 2016-12-21 06:00 - 01384704 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2017-02-16 19:21 - 2016-12-21 05:42 - 00330752 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll
2017-02-16 19:21 - 2016-12-21 05:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2017-02-16 19:21 - 2016-12-21 05:40 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\SyncSettings.dll
2017-02-16 19:21 - 2016-12-21 05:40 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\DeveloperOptionsSettingsHandlers.dll
2017-02-16 19:21 - 2016-12-21 05:38 - 00866816 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Cred.dll
2017-02-16 19:21 - 2016-12-21 05:35 - 04612608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2017-02-16 19:21 - 2016-12-21 05:35 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\indexeddbserver.dll
2017-02-16 19:21 - 2016-12-21 05:33 - 19413504 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-02-16 19:21 - 2016-12-21 05:32 - 19417600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-02-16 19:21 - 2016-12-21 05:30 - 05398016 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll
2017-02-16 19:21 - 2016-12-21 05:30 - 01255936 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2017-02-16 19:21 - 2016-12-21 05:30 - 00734208 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-02-16 19:21 - 2016-12-21 05:27 - 00640000 _____ (Microsoft Corporation) C:\Windows\system32\MCRecvSrc.dll
2017-02-16 19:21 - 2016-12-21 05:26 - 03776000 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2017-02-16 19:21 - 2016-12-21 05:25 - 07469056 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-02-16 19:21 - 2016-12-21 05:25 - 06474752 _____ (Microsoft Corporation) C:\Windows\system32\mspaint.exe
2017-02-16 19:21 - 2016-12-21 05:24 - 06044160 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-02-16 19:21 - 2016-12-21 05:24 - 03733504 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-02-16 19:21 - 2016-12-21 05:24 - 00886272 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2017-02-16 19:21 - 2016-12-21 05:23 - 01120256 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-02-16 19:21 - 2016-12-21 05:22 - 03596800 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-02-16 19:21 - 2016-12-14 06:58 - 01026912 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-02-16 19:21 - 2016-12-14 06:26 - 01469792 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystems32.dll
2017-02-16 19:21 - 2016-12-14 06:26 - 01136992 _____ (Microsoft Corporation) C:\Windows\system32\AppVIntegration.dll
2017-02-16 19:21 - 2016-12-14 06:26 - 01127040 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2017-02-16 19:21 - 2016-12-14 06:26 - 00911712 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystemController.dll
2017-02-16 19:21 - 2016-12-14 06:26 - 00812896 _____ (Microsoft Corporation) C:\Windows\system32\AppVPolicy.dll
2017-02-16 19:21 - 2016-12-14 06:26 - 00615264 _____ (Microsoft Corporation) C:\Windows\system32\AppVClient.exe
2017-02-16 19:21 - 2016-12-14 06:26 - 00558432 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntStreamingManager.dll
2017-02-16 19:21 - 2016-12-14 06:26 - 00550240 _____ (Microsoft Corporation) C:\Windows\system32\AppVOrchestration.dll
2017-02-16 19:21 - 2016-12-14 06:26 - 00541024 _____ (Microsoft Corporation) C:\Windows\system32\AppVReporting.dll
2017-02-16 19:21 - 2016-12-14 06:26 - 00498016 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntVirtualization.dll
2017-02-16 19:21 - 2016-12-14 06:26 - 00492384 _____ (Microsoft Corporation) C:\Windows\system32\AppVPublishing.dll
2017-02-16 19:21 - 2016-12-14 06:26 - 00401248 _____ (Microsoft Corporation) C:\Windows\system32\AppVCatalog.dll
2017-02-16 19:21 - 2016-12-14 06:26 - 00372576 _____ (Microsoft Corporation) C:\Windows\system32\TransportDSA.dll
2017-02-16 19:21 - 2016-12-14 06:26 - 00290656 _____ (Microsoft Corporation) C:\Windows\system32\AppVScripting.dll
2017-02-16 19:21 - 2016-12-14 06:26 - 00141664 _____ (Microsoft Corporation) C:\Windows\system32\AppVNice.exe
2017-02-16 19:21 - 2016-12-14 06:21 - 02206496 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2017-02-16 19:21 - 2016-12-14 06:08 - 00341344 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-02-16 19:21 - 2016-12-14 06:06 - 00509792 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2017-02-16 19:21 - 2016-12-14 06:05 - 00544608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2017-02-16 19:21 - 2016-12-14 06:01 - 01557808 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2017-02-16 19:21 - 2016-12-14 06:01 - 00382784 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2017-02-16 19:21 - 2016-12-14 06:01 - 00076984 _____ (Microsoft Corporation) C:\Windows\system32\remoteaudioendpoint.dll
2017-02-16 19:21 - 2016-12-14 05:45 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-02-16 19:21 - 2016-12-14 05:43 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netvsc.sys
2017-02-16 19:21 - 2016-12-14 05:42 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2017-02-16 19:21 - 2016-12-14 05:41 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\ScDeviceEnum.dll
2017-02-16 19:21 - 2016-12-14 05:40 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2017-02-16 19:21 - 2016-12-14 05:40 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\CloudBackupSettings.dll
2017-02-16 19:21 - 2016-12-14 05:40 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-02-16 19:21 - 2016-12-14 05:38 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2017-02-16 19:21 - 2016-12-14 05:37 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2017-02-16 19:21 - 2016-12-14 05:37 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\ConsoleLogon.dll
2017-02-16 19:21 - 2016-12-14 05:37 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-02-16 19:21 - 2016-12-14 05:36 - 00824320 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2017-02-16 19:21 - 2016-12-14 05:36 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
2017-02-16 19:21 - 2016-12-14 05:36 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2017-02-16 19:21 - 2016-12-14 05:36 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2017-02-16 19:21 - 2016-12-14 05:35 - 01722368 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2017-02-16 19:21 - 2016-12-14 05:35 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-02-16 19:21 - 2016-12-14 05:35 - 00712192 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-02-16 19:21 - 2016-12-14 05:35 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2017-02-16 19:21 - 2016-12-14 05:35 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2017-02-16 19:21 - 2016-12-14 05:32 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\D3D12.dll
2017-02-16 19:21 - 2016-12-14 05:32 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2017-02-16 19:21 - 2016-12-14 05:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\MSVP9DEC.dll
2017-02-16 19:21 - 2016-12-14 05:23 - 00578560 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2017-02-16 19:21 - 2016-12-14 05:23 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2017-02-16 19:21 - 2016-12-14 05:22 - 02998272 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2017-02-16 19:21 - 2016-12-14 05:22 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-02-16 19:21 - 2016-12-14 05:22 - 01235456 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2017-02-16 19:21 - 2016-12-14 05:22 - 00920064 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2017-02-16 19:21 - 2016-12-14 05:21 - 00860672 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2017-02-16 19:21 - 2016-12-09 11:54 - 01415520 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-02-16 19:21 - 2016-12-09 11:54 - 00115552 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-02-16 19:21 - 2016-12-09 11:16 - 00890984 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-02-16 19:21 - 2016-12-09 11:16 - 00784064 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2017-02-16 19:21 - 2016-12-09 11:12 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2017-02-16 19:21 - 2016-12-09 11:11 - 02048496 _____ C:\Windows\system32\CoreUIComponents.dll
2017-02-16 19:21 - 2016-12-09 11:09 - 00133296 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-02-16 19:21 - 2016-12-09 11:01 - 02323728 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2017-02-16 19:21 - 2016-12-09 11:01 - 01897824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-02-16 19:21 - 2016-12-09 11:01 - 01503544 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2017-02-16 19:21 - 2016-12-09 11:01 - 00551264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2017-02-16 19:21 - 2016-12-09 11:01 - 00342880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-02-16 19:21 - 2016-12-09 11:00 - 00117720 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-02-16 19:21 - 2016-12-09 10:52 - 01413664 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2017-02-16 19:21 - 2016-12-09 10:52 - 01344992 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-02-16 19:21 - 2016-12-09 10:41 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\WordBreakers.dll
2017-02-16 19:21 - 2016-12-09 10:37 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-02-16 19:21 - 2016-12-09 10:35 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\facecredentialprovider.dll
2017-02-16 19:21 - 2016-12-09 10:32 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-02-16 19:21 - 2016-12-09 10:31 - 03689984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2017-02-16 19:21 - 2016-12-09 10:31 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2017-02-16 19:21 - 2016-12-09 10:28 - 01284096 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2017-02-16 19:21 - 2016-12-09 10:23 - 12177920 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-02-16 19:21 - 2016-12-09 10:20 - 03198464 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
2017-02-16 19:21 - 2016-12-09 10:18 - 03666432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-02-16 19:21 - 2016-12-09 10:18 - 02138112 _____ (Microsoft Corporation) C:\Windows\system32\InputService.dll
2017-02-16 19:21 - 2016-12-09 10:18 - 00165376 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2017-02-16 19:21 - 2016-12-09 10:17 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\ShareHost.dll
2017-02-16 19:21 - 2016-12-09 10:16 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2017-02-16 19:21 - 2016-12-09 10:16 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\TextInputFramework.dll
2017-02-16 19:21 - 2016-12-09 10:15 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Core.TextInput.dll
2017-02-16 19:21 - 2016-12-09 10:15 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\InputLocaleManager.dll
2017-02-16 19:21 - 2016-12-09 10:15 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\EditBufferTestHook.dll
2017-02-16 19:21 - 2016-11-11 09:07 - 00448864 _____ (Microsoft Corporation) C:\Windows\system32\ContentDeliveryManager.Utilities.dll
2017-02-16 19:21 - 2016-11-11 09:07 - 00081760 _____ (Microsoft Corporation) C:\Windows\system32\DeviceReactivation.dll
2017-02-16 19:21 - 2016-11-11 09:01 - 01969912 _____ (Microsoft Corporation) C:\Windows\system32\hevcdecoder.dll
2017-02-16 19:21 - 2016-11-11 09:01 - 00167848 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2017-02-16 19:21 - 2016-11-11 09:00 - 01725136 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-02-16 19:21 - 2016-11-11 08:59 - 01586736 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-02-16 19:21 - 2016-11-11 08:59 - 00292192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2017-02-16 19:21 - 2016-11-11 08:59 - 00106336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2017-02-16 19:21 - 2016-11-11 08:54 - 00122208 _____ (Microsoft Corporation) C:\Windows\system32\migisol.dll
2017-02-16 19:21 - 2016-11-11 08:49 - 00869848 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2017-02-16 19:21 - 2016-11-11 08:49 - 00248480 _____ (Microsoft Corporation) C:\Windows\system32\policymanager.dll
2017-02-16 19:21 - 2016-11-11 08:48 - 02277248 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2017-02-16 19:21 - 2016-11-11 08:47 - 00527880 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2017-02-16 19:21 - 2016-11-11 08:45 - 02166752 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2017-02-16 19:21 - 2016-11-11 08:45 - 00846560 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2017-02-16 19:21 - 2016-11-11 08:45 - 00175968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2017-02-16 19:21 - 2016-11-11 08:42 - 01123912 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2017-02-16 19:21 - 2016-11-11 08:42 - 00959112 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-02-16 19:21 - 2016-11-11 08:42 - 00952416 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2017-02-16 19:21 - 2016-11-11 08:42 - 00152416 _____ (Microsoft Corporation) C:\Windows\system32\RTWorkQ.dll
2017-02-16 19:21 - 2016-11-11 08:42 - 00091936 _____ (Microsoft Corporation) C:\Windows\system32\mfaudiocnv.dll
2017-02-16 19:21 - 2016-11-11 08:41 - 04311736 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2017-02-16 19:21 - 2016-11-11 08:41 - 00802608 _____ (Microsoft Corporation) C:\Windows\system32\EditionUpgradeManagerObj.dll
2017-02-16 19:21 - 2016-11-11 08:41 - 00675568 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2017-02-16 19:21 - 2016-11-11 08:37 - 00381720 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2017-02-16 19:21 - 2016-11-11 08:30 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\RDXTaskFactory.dll
2017-02-16 19:21 - 2016-11-11 08:27 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\VPNv2CSP.dll
2017-02-16 19:21 - 2016-11-11 08:27 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\ReportingCSP.dll
2017-02-16 19:21 - 2016-11-11 08:27 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\NetCfgNotifyObjectHost.exe
2017-02-16 19:21 - 2016-11-11 08:27 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\LaunchWinApp.exe
2017-02-16 19:21 - 2016-11-11 08:26 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xboxgip.sys
2017-02-16 19:21 - 2016-11-11 08:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\ReAgentc.exe
2017-02-16 19:21 - 2016-11-11 08:25 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseModernAppMgmtCSP.dll
2017-02-16 19:21 - 2016-11-11 08:25 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\MapsBtSvc.dll
2017-02-16 19:21 - 2016-11-11 08:25 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\dmcertinst.exe
2017-02-16 19:21 - 2016-11-11 08:25 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\MosStorage.dll
2017-02-16 19:21 - 2016-11-11 08:25 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys
2017-02-16 19:21 - 2016-11-11 08:24 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2017-02-16 19:21 - 2016-11-11 08:24 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\ngccredprov.dll
2017-02-16 19:21 - 2016-11-11 08:24 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\BcastDVRHelper.dll
2017-02-16 19:21 - 2016-11-11 08:24 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\DisplayManager.dll
2017-02-16 19:21 - 2016-11-11 08:24 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\VEStoreEventHandlers.dll
2017-02-16 19:21 - 2016-11-11 08:24 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\moshost.dll
2017-02-16 19:21 - 2016-11-11 08:23 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cdpusersvc.dll
2017-02-16 19:21 - 2016-11-11 08:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\AppCapture.dll
2017-02-16 19:21 - 2016-11-11 08:23 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\ACPBackgroundManagerPolicy.dll
2017-02-16 19:21 - 2016-11-11 08:23 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryClient.dll
2017-02-16 19:21 - 2016-11-11 08:22 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvr.exe
2017-02-16 19:21 - 2016-11-11 08:22 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\NgcCtnr.dll
2017-02-16 19:21 - 2016-11-11 08:22 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\sendmail.dll
2017-02-16 19:21 - 2016-11-11 08:22 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\HttpsDataSource.dll
2017-02-16 19:21 - 2016-11-11 08:22 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\lpremove.exe
2017-02-16 19:21 - 2016-11-11 08:22 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\EAMProgressHandler.dll
2017-02-16 19:21 - 2016-11-11 08:21 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2017-02-16 19:21 - 2016-11-11 08:21 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseAppMgmtSvc.dll
2017-02-16 19:21 - 2016-11-11 08:21 - 00240128 _____ (Microsoft Corporation) C:\Windows\system32\moshostcore.dll
2017-02-16 19:21 - 2016-11-11 08:21 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2017-02-16 19:21 - 2016-11-11 08:20 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2017-02-16 19:21 - 2016-11-11 08:20 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\wincorlib.dll
2017-02-16 19:21 - 2016-11-11 08:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\EDPCleanup.exe
2017-02-16 19:21 - 2016-11-11 08:19 - 01755136 _____ (Microsoft Corporation) C:\Windows\system32\DeviceFlows.DataModel.dll
2017-02-16 19:21 - 2016-11-11 08:19 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2017-02-16 19:21 - 2016-11-11 08:19 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_StorageSense.dll
2017-02-16 19:21 - 2016-11-11 08:19 - 00384512 _____ (Microsoft Corporation) C:\Windows\system32\DataSenseHandlers.dll
2017-02-16 19:21 - 2016-11-11 08:19 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll
2017-02-16 19:21 - 2016-11-11 08:19 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2017-02-16 19:21 - 2016-11-11 08:19 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2017-02-16 19:21 - 2016-11-11 08:19 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2017-02-16 19:21 - 2016-11-11 08:19 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\setupugc.exe
2017-02-16 19:21 - 2016-11-11 08:18 - 01336320 _____ (Microsoft Corporation) C:\Windows\system32\wsecedit.dll
2017-02-16 19:21 - 2016-11-11 08:18 - 01196544 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2017-02-16 19:21 - 2016-11-11 08:18 - 00790528 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2017-02-16 19:21 - 2016-11-11 08:18 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2017-02-16 19:21 - 2016-11-11 08:18 - 00431616 _____ (Microsoft Corporation) C:\Windows\system32\efswrt.dll
2017-02-16 19:21 - 2016-11-11 08:18 - 00294400 _____ (Microsoft Corporation) C:\Windows\system32\cdpsvc.dll
2017-02-16 19:21 - 2016-11-11 08:18 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2017-02-16 19:21 - 2016-11-11 08:18 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\wscinterop.dll
2017-02-16 19:21 - 2016-11-11 08:18 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\RjvMDMConfig.dll
2017-02-16 19:21 - 2016-11-11 08:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\ProvSysprep.dll
2017-02-16 19:21 - 2016-11-11 08:17 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\ActivationManager.dll
2017-02-16 19:21 - 2016-11-11 08:17 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\AppXApplicabilityBlob.dll
2017-02-16 19:21 - 2016-11-11 08:16 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2017-02-16 19:21 - 2016-11-11 08:15 - 07626752 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2017-02-16 19:21 - 2016-11-11 08:15 - 01357824 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2017-02-16 19:21 - 2016-11-11 08:15 - 00838144 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll
2017-02-16 19:21 - 2016-11-11 08:15 - 00561152 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2017-02-16 19:21 - 2016-11-11 08:15 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\AppReadiness.dll
2017-02-16 19:21 - 2016-11-11 08:15 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2017-02-16 19:21 - 2016-11-11 08:14 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2017-02-16 19:21 - 2016-11-11 08:14 - 00395264 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
2017-02-16 19:21 - 2016-11-11 08:14 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\EditionUpgradeHelper.dll
2017-02-16 19:21 - 2016-11-11 08:13 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-02-16 19:21 - 2016-11-11 08:13 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEnroller.exe
2017-02-16 19:21 - 2016-11-11 08:12 - 01584128 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2017-02-16 19:21 - 2016-11-11 08:12 - 00529408 _____ (Microsoft Corporation) C:\Windows\system32\wpnprv.dll
2017-02-16 19:21 - 2016-11-11 08:12 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msdtcuiu.dll
2017-02-16 19:21 - 2016-11-11 08:12 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\sppnp.dll
2017-02-16 19:21 - 2016-11-11 08:11 - 03306496 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2017-02-16 19:21 - 2016-11-11 08:10 - 06109184 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2017-02-16 19:21 - 2016-11-11 08:10 - 00746496 _____ (Microsoft Corporation) C:\Windows\system32\msdtcprx.dll
2017-02-16 19:21 - 2016-11-11 08:10 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\umpoext.dll
2017-02-16 19:21 - 2016-11-11 08:09 - 05380608 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2017-02-16 19:21 - 2016-11-11 08:09 - 00545280 _____ (Microsoft Corporation) C:\Windows\system32\mfmkvsrcsnk.dll
2017-02-16 19:21 - 2016-11-11 08:08 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\xolehlp.dll
2017-02-16 19:21 - 2016-11-11 08:07 - 01948160 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2017-02-16 19:21 - 2016-11-11 08:07 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\dialserver.dll
2017-02-16 19:21 - 2016-11-11 08:06 - 02362880 _____ (Microsoft Corporation) C:\Windows\system32\MapRouter.dll
2017-02-16 19:21 - 2016-11-11 08:06 - 02109952 _____ (Microsoft Corporation) C:\Windows\system32\MapGeocoder.dll
2017-02-16 19:21 - 2016-11-11 08:06 - 01602048 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-02-16 19:21 - 2016-11-11 08:06 - 01228288 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2017-02-16 19:21 - 2016-11-11 08:06 - 00400384 _____ (Microsoft Corporation) C:\Windows\system32\PlayToManager.dll
2017-02-16 19:21 - 2016-11-11 08:06 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\mtxclu.dll
2017-02-16 19:21 - 2016-11-11 08:05 - 04423680 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-02-16 19:21 - 2016-11-11 08:05 - 03370496 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll
2017-02-16 19:21 - 2016-11-11 08:04 - 02682880 _____ (Microsoft Corporation) C:\Windows\system32\netshell.dll
2017-02-16 19:21 - 2016-11-11 08:04 - 01992704 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2017-02-16 19:21 - 2016-11-11 08:04 - 01595392 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-02-16 19:21 - 2016-11-11 08:04 - 00818176 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2017-02-16 19:21 - 2016-11-11 08:04 - 00715264 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2017-02-16 19:21 - 2016-11-11 08:04 - 00706048 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2017-02-16 19:21 - 2016-11-11 08:04 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2017-02-16 19:21 - 2016-11-11 08:03 - 02484736 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2017-02-16 19:21 - 2016-11-11 08:03 - 02256384 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-02-16 19:21 - 2016-11-11 08:03 - 01556480 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2017-02-16 19:21 - 2016-11-11 08:03 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\NMAA.dll
2017-02-16 19:21 - 2016-11-11 08:03 - 00565248 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2017-02-16 19:21 - 2016-11-11 08:02 - 00612352 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2017-02-16 19:17 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-02-16 19:05 - 2017-02-16 19:06 - 00002387 _____ C:\Users\petrm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-16 19:05 - 2017-02-16 19:06 - 00000000 ___RD C:\Users\petrm\OneDrive
2017-02-16 19:05 - 2017-02-16 19:05 - 00000000 ____D C:\Users\petrm\AppData\Roaming\Skype
2017-02-16 19:04 - 2017-02-16 19:04 - 00000000 ____D C:\Users\petrm\AppData\Local\Comms
2017-02-16 19:03 - 2017-02-16 19:03 - 00000000 ____D C:\Users\petrm\AppData\Local\Publishers
2017-02-16 19:02 - 2017-02-19 15:41 - 00000000 ____D C:\Users\petrm
2017-02-16 19:02 - 2017-02-19 11:21 - 00000000 ____D C:\Users\petrm\AppData\Roaming\Adobe
2017-02-16 19:02 - 2017-02-18 12:46 - 00000000 ____D C:\Users\petrm\AppData\Local\VirtualStore
2017-02-16 19:02 - 2017-02-17 08:55 - 00000000 ____D C:\Users\petrm\AppData\Local\Packages
2017-02-16 19:02 - 2017-02-16 19:09 - 00000000 ____D C:\Users\petrm\AppData\Local\ConnectedDevicesPlatform
2017-02-16 19:02 - 2017-02-16 19:02 - 00000020 ___SH C:\Users\petrm\ntuser.ini
2017-02-16 19:02 - 2017-02-16 19:02 - 00000000 _SHDL C:\Users\petrm\Šablony
2017-02-16 19:02 - 2017-02-16 19:02 - 00000000 _SHDL C:\Users\petrm\Soubory cookie
2017-02-16 19:02 - 2017-02-16 19:02 - 00000000 _SHDL C:\Users\petrm\Poslední
2017-02-16 19:02 - 2017-02-16 19:02 - 00000000 _SHDL C:\Users\petrm\Okolní tiskárny
2017-02-16 19:02 - 2017-02-16 19:02 - 00000000 _SHDL C:\Users\petrm\Okolní síť
2017-02-16 19:02 - 2017-02-16 19:02 - 00000000 _SHDL C:\Users\petrm\Nabídka Start
2017-02-16 19:02 - 2017-02-16 19:02 - 00000000 _SHDL C:\Users\petrm\Dokumenty
2017-02-16 19:02 - 2017-02-16 19:02 - 00000000 _SHDL C:\Users\petrm\Documents\Obrázky
2017-02-16 19:02 - 2017-02-16 19:02 - 00000000 _SHDL C:\Users\petrm\Documents\Hudba
2017-02-16 19:02 - 2017-02-16 19:02 - 00000000 _SHDL C:\Users\petrm\Documents\Filmy
2017-02-16 19:02 - 2017-02-16 19:02 - 00000000 _SHDL C:\Users\petrm\Data aplikací
2017-02-16 19:02 - 2017-02-16 19:02 - 00000000 _SHDL C:\Users\petrm\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2017-02-16 19:02 - 2017-02-16 19:02 - 00000000 _SHDL C:\Users\petrm\AppData\Local\Data aplikací
2017-02-16 19:02 - 2017-02-16 19:02 - 00000000 ____D C:\Users\petrm\AppData\Local\TileDataLayer
2017-02-16 18:55 - 2017-02-16 18:55 - 00000000 _____ C:\Windows\ativpsrm.bin
2017-02-16 18:53 - 2017-02-16 18:55 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2017-02-16 18:53 - 2017-02-16 18:53 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\VirtualStore
2017-02-16 18:53 - 2017-02-16 18:53 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\TileDataLayer
2017-02-16 18:53 - 2017-02-16 18:53 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\ConnectedDevicesPlatform
2017-02-16 18:31 - 2017-02-19 15:45 - 01544124 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-16 18:27 - 2017-02-16 18:27 - 00000020 ___SH C:\Users\defaultuser0\ntuser.ini
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Users\Public\Documents\Obrázky
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Users\Public\Documents\Hudba
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Users\Public\Documents\Filmy
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Users\defaultuser0\Šablony
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Users\defaultuser0\Soubory cookie
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Users\defaultuser0\Poslední
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Users\defaultuser0\Okolní tiskárny
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Users\defaultuser0\Okolní síť
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Users\defaultuser0\Nabídka Start
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Users\defaultuser0\Dokumenty
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Users\defaultuser0\Documents\Obrázky
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Users\defaultuser0\Documents\Hudba
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Users\defaultuser0\Documents\Filmy
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Users\defaultuser0\Data aplikací
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Users\defaultuser0\AppData\Local\Data aplikací
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Users\Default\Šablony
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Users\Default\Soubory cookie
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Users\Default\Poslední
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Users\Default\Okolní tiskárny
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Users\Default\Okolní síť
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Users\Default\Nabídka Start
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Users\Default\Dokumenty
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Users\Default\Documents\Obrázky
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Users\Default\Documents\Hudba
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Users\Default\Documents\Filmy
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Users\Default\Data aplikací
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Users\Default\AppData\Local\Data aplikací
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Users\Default User\Documents\Obrázky
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Users\Default User\Documents\Hudba
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Users\Default User\Documents\Filmy
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Data aplikací
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\ProgramData\Šablony
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\ProgramData\Plocha
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\ProgramData\Nabídka Start
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programy
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\ProgramData\Dokumenty
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\ProgramData\Data aplikací
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 _SHDL C:\Documents and Settings
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 ____D C:\Windows\CSC
2017-02-16 18:27 - 2017-02-16 18:27 - 00000000 ____D C:\Users\defaultuser0
2017-02-16 18:23 - 2017-02-16 18:23 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-02-16 18:21 - 2017-02-16 18:25 - 00000000 ____D C:\Windows\Panther

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-19 15:45 - 2016-11-20 14:08 - 00504854 _____ C:\Windows\system32\perfh005.dat
2017-02-19 15:45 - 2016-11-20 14:08 - 00103068 _____ C:\Windows\system32\perfc005.dat
2017-02-19 15:40 - 2016-11-20 14:30 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-19 15:40 - 2016-07-16 03:22 - 00262144 _____ C:\Windows\system32\config\BBI
2017-02-18 20:45 - 2016-11-20 05:30 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-02-18 17:41 - 2016-07-16 09:29 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-18 17:41 - 2016-07-16 09:29 - 00000000 ____D C:\Windows\AppReadiness
2017-02-18 13:58 - 2016-07-16 09:29 - 00000000 ____D C:\Windows\system32\MsDtc
2017-02-18 12:14 - 2016-07-16 09:28 - 00000000 ____D C:\Windows\INF
2017-02-17 20:22 - 2016-07-16 09:29 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-02-17 20:21 - 2016-07-16 09:29 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-02-17 19:58 - 2016-11-20 05:30 - 00332688 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-17 14:47 - 2016-07-16 09:29 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-02-17 08:49 - 2016-07-16 09:29 - 00000000 ____D C:\Windows\appcompat
2017-02-16 19:43 - 2016-11-20 14:39 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-16 19:38 - 2016-07-16 09:29 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-02-16 19:38 - 2016-07-16 09:29 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2017-02-16 19:38 - 2016-07-16 09:29 - 00000000 ____D C:\Windows\system32\oobe
2017-02-16 19:38 - 2016-07-16 09:29 - 00000000 ____D C:\Windows\ShellExperiences
2017-02-16 19:38 - 2016-07-16 09:29 - 00000000 ____D C:\Windows\Provisioning
2017-02-16 19:38 - 2016-07-16 09:29 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-02-16 19:38 - 2016-07-16 09:29 - 00000000 ____D C:\Windows\bcastdvr
2017-02-16 19:38 - 2016-07-16 03:22 - 00000000 ____D C:\Windows\system32\Sysprep
2017-02-16 19:38 - 2016-07-16 03:22 - 00000000 ____D C:\Windows\system32\Dism
2017-02-16 19:38 - 2016-07-16 03:22 - 00000000 ____D C:\Windows\servicing
2017-02-16 19:25 - 2016-07-16 09:19 - 00000000 ____D C:\Windows\CbsTemp
2017-02-16 19:02 - 2016-07-16 09:29 - 00000000 ____D C:\Windows\system32\WinBioDatabase
2017-02-16 18:28 - 2016-07-16 09:29 - 00000000 ____D C:\Windows\rescache
2017-02-16 18:27 - 2016-07-16 09:29 - 00000000 ____D C:\Program Files\Windows NT
2017-02-16 18:21 - 2016-07-16 09:30 - 00028672 _____ C:\Windows\system32\config\BCD-Template

==================== Files in the root of some directories =======


Files to move or delete:
====================
C:\Windows\System32\cscui.dll


Some files in TEMP:
====================
2017-02-17 19:10 - 2017-02-17 19:10 - 0680448 _____ () C:\Users\petrm\AppData\Local\Temp\is-4751E.tmpsetup.exe
2017-02-17 19:13 - 2017-02-17 19:13 - 0680448 _____ () C:\Users\petrm\AppData\Local\Temp\is-VMNU4.tmpsetup.exe
2017-02-16 20:11 - 2017-02-16 20:11 - 0372736 _____ (Realtek Semiconductor Corp.) C:\Users\petrm\AppData\Local\Temp\RTBK.EXE

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Smart Security 10.0.390.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 10.0.390.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\petrm\Desktop" je 1 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000001


==================== End Of Log ==============================

Re: Zřejmě Hijacker - http://search.queryrouter.com

Napsal: 19 úno 2017 20:10
od Rudy
Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: Zřejmě Hijacker - http://search.queryrouter.com

Napsal: 20 úno 2017 07:51
od Pedroso
Zdravím a děkuji za reakci. Níže log z ADW cleaneru. Nehlásil žádnou infekci.

Edit: Ještě doplním, že jsem se pokusil odstranit některé věci ručně (např. se mi do místní sítě, nastavení proxy serveru vepsala adresa - položka použití skriptu pro automatickou konfiguraci - tu jsem vypnul, ale adresa v řádku tam visí nadále, případně jsem resetoval Chrome do základního nastavení).

# AdwCleaner v6.043 - Log vytvořen 20/02/2017 v 07:39:56
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-02-13.1 [Server]
# Operační systém : Windows 10 Pro (X86)
# Uživatelské jméno : Petr Martens - TESTER
# Spuštěno z : C:\Users\petrm\Downloads\adwcleaner_6.043.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****



***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****



***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [798 Bajty] - [20/02/2017 07:39:56]
C:\AdwCleaner\AdwCleaner[S0].txt - [1369 Bajty] - [20/02/2017 07:39:37]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [943 Bajty] ##########

Re: Zřejmě Hijacker - http://search.queryrouter.com

Napsal: 20 úno 2017 17:27
od Rudy
Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:
Start
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-05-28] (Nero AG)
C:\Windows\LastGood.Tmp
C:\Windows\System32\cscui.dll
C:\Users\petrm\AppData\Local\Temp

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Jelikož to, co se bude mazat, jsou jen zbytečnosti, proveďte ještě tyto skeny:

1.Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;





Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

Re: Zřejmě Hijacker - http://search.queryrouter.com

Napsal: 20 úno 2017 18:19
od Pedroso
FRST:

Fix result of Farbar Recovery Scan Tool (x86) Version: 19-02-2017
Ran by Petr Martens (20-02-2017 17:49:17) Run:1
Running from C:\Users\petrm\Desktop
Loaded Profiles: Petr Martens (Available Profiles: defaultuser0 & Petr Martens)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-05-28] (Nero AG)
C:\Windows\LastGood.Tmp
C:\Windows\System32\cscui.dll
C:\Users\petrm\AppData\Local\Temp

EmptyTemp:
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck => value removed successfully.
C:\Windows\LastGood.Tmp => moved successfully
C:\Windows\System32\cscui.dll => moved successfully

"C:\Users\petrm\AppData\Local\Temp" folder move:

Could not move "C:\Users\petrm\AppData\Local\Temp" => Scheduled to move on reboot.


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20002520 B
Java, Flash, Steam htmlcache => 789 B
Windows/system/drivers => 11354364 B
Edge => 16586597 B
Chrome => 166679616 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
LocalService => 10666 B
NetworkService => 8084 B
defaultuser0 => 588289 B
petrm => 1619672987 B

RecycleBin => 0 B
EmptyTemp: => 1.7 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 20-02-2017 17:52:16)

C:\Users\petrm\AppData\Local\Temp => moved successfully

==== End of Fixlog 17:52:19 ====

Zoek:


Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Petr Martens on 20.02.2017 at 17:57:01,67.
Microsoft Windows 10 Pro 10.0.14393 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\petrm\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

20.02.2017 17:58:09 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\Comms deleted successfully
C:\PROGRA~2\SoftwareDistribution deleted successfully
C:\Users\defaultuser0\AppData\Local\VirtualStore deleted successfully
C:\Users\petrm\AppData\Local\GHISLER deleted successfully
C:\Users\petrm\AppData\Local\PeerDistRepub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

"C:\Program Files\Windows Defender Advanced Threat Protection" deleted
"C:\Program Files\Windows Defender Advanced Threat Protection" deleted

==== Chromium Look ======================

Chrome Media Router - petrm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IESR02"

==== Reset Google Chrome ======================

C:\Users\petrm\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\petrm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\petrm\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\petrm\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Users\petrm\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\petrm\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\petrm\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=7 folders=2 4051534 bytes)

==== Empty Temp Folders ======================

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\petrm\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 20.02.2017 at 18:12:52,44 ======================

Junkware:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Pro x86
Ran by Petr Martens (Administrator) on 20.02.2017 at 18:15:13,03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.02.2017 at 18:17:20,54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Re: Zřejmě Hijacker - http://search.queryrouter.com

Napsal: 20 úno 2017 19:03
od Rudy
OK. Nastala nějaká změna?

Re: Zřejmě Hijacker - http://search.queryrouter.com

Napsal: 20 úno 2017 19:20
od Pedroso
Zatím nic nikde nevyskočilo, tak snad dobrý:-) Dám vědět zítra jak se to chová s nějakým odstupem času (ono to před tím taky nepřesměrovalo pokaždé). Každopádně zatím moc děkuji!

Re: Zřejmě Hijacker - http://search.queryrouter.com

Napsal: 20 úno 2017 20:03
od Rudy
Zatím nemáte zač! :)

Re: Zřejmě Hijacker - http://search.queryrouter.com

Napsal: 08 bře 2017 14:58
od Pedroso
Omlouvám se za opožděnou odpověď, vše vypadá v pořádku:-) Jediná věc na kterou jsem narazil je, že občas když PC probudím z režimu spánku, některé stránky v chrome se jeví jako by neexistovaly (pomůže buď reset prohlížeče nebo PC, ale to je maličkost). Ještě jednou děkuji za pomoc! Vlákno je možné uzavřít :) :closed:

Re: Zřejmě Hijacker - http://search.queryrouter.com

Napsal: 08 bře 2017 18:06
od Rudy
Rádo se stalo! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz