VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

adware

https://forum.viry.cz:443/viewtopic.php?t=151630

Stránka 1 z 1

adware

Napsal: 14 bře 2017 20:06
od Gasour
Dobrý večer, před pár dni jsem psal tento post: https://forum.viry.cz/viewtopic.php?f=13&t=151615
Bohužel problém přetrvává a sám se nainstaloval Firefox, chtěl jsem počítač vrátit do továrního nastavení, ale to se nepovede. Poprosím o radu, děkuji.

# AdwCleaner v6.044 - Log vytvořen 14/03/2017 v 20:02:06
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-03-14.1 [Server]
# Operační systém : Windows 10 Pro (X64)
# Uživatelské jméno : Gasour - DESKTOP-C36U1O7
# Spuštěno z : C:\Users\Gasour\Desktop\adwcleaner_6.044.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

Služba nalezena: iSafeKrnl
Služba nalezena: iSafeKrnlBoot
Služba nalezena: iSafeKrnlKit
Služba nalezena: iSafeKrnlMon
Služba nalezena: iSafeKrnlR3
Služba nalezena: iSafeNetFilter
Služba nalezena: iSafeService
Služba nalezena: FirefoxU
Služba nalezena: WinSAPSvc
Služba nalezena: ed2kidle
Služba nalezena: WinSnare
Služba nalezena: Kyubey


***** [ Složky ] *****

Složka nalezena: C:\Program Files (x86)\WinSnare(4.3.0)
Složka nalezena: C:\Users\Gasour\AppData\Roaming\Elex-tech
Složka nalezena: C:\Users\Gasour\AppData\Roaming\WinSAPSvc
Složka nalezena: C:\Users\Gasour\AppData\Roaming\aMule
Složka nalezena: C:\Users\Gasour\AppData\Roaming\WinSnare
Složka nalezena: C:\Users\Gasour\AppData\Roaming\Kyubey
Složka nalezena: C:\Users\Gasour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
Složka nalezena: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ
Složka nalezena: C:\Program Files (x86)\Elex-tech
Složka nalezena: C:\Program Files (x86)\BikaQRss
Složka nalezena: C:\Program Files (x86)\amulell
Složka nalezena: C:\Program Files (x86)\Voniing
Složka nalezena: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\Tencent
Složka nalezena: C:\Program Files (x86)\Firefox
Složka nalezena: C:\Users\Gasour\AppData\Roaming\WinSnare
Složka nalezena: C:\Users\Gasour\AppData\Roaming\Firefox
Složka nalezena: C:\Users\Gasour\AppData\Local\Firefox


***** [ Soubory ] *****

Soubor nalezen: C:\WINDOWS\SysNative\log\iSafeKrnlCall.log
Soubor nalezen: C:\WINDOWS\SysNative\drivers\iSafeKrnlBoot.sys
Soubor nalezen: C:\WINDOWS\SysNative\drivers\iSafeNetFilter.sys
Soubor nalezen: C:\Users\Public\Documents\temp.dat
Soubor nalezen: C:\Users\Public\Documents\report.dat


***** [ DLL ] *****

Nebyly nalezeny žádné škodlivé DLL.


***** [ WMI ] *****

Nebyly nalezeny žádné škodlivé klíče.


***** [ Zástupci ] *****

Zástupce infikován: C:\Users\Gasour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=148 ... bt5w6g8qbq


***** [ Naplánované úlohy ] *****

Naplánovaná úloha nalezena: Milimili
Naplánovaná úloha nalezena: BikaQ_FetchAndUpgrade_CanBeDel


***** [ Registry ] *****

Klíč nalezen: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
Klíč nalezen: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
Klíč nalezen: HKU\.DEFAULT\Software\ecb`nl
Klíč nalezen: HKU\S-1-5-21-3321698757-2860505083-3092554707-1001\Software\WinSnare
Klíč nalezen: HKU\S-1-5-18\Software\ecb`nl
Klíč nalezen: HKCU\Software\WinSnare
Klíč nalezen: HKLM\SOFTWARE\Elex-tech
Klíč nalezen: HKLM\SOFTWARE\ScreenShot
Klíč nalezen: HKLM\SOFTWARE\ecb`nl
Klíč nalezen: HKLM\SOFTWARE\amule-custom
Klíč nalezen: HKLM\SOFTWARE\startpageing123Software
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78A2D999-4673-4FCC-818E-57B0AF8F3B70}
Klíč nalezen: [x64] HKCU\Software\WinSnare
Klíč nalezen: [x64] HKLM\SOFTWARE\ecb`nl
Klíč nalezen: [x64] HKLM\SOFTWARE\InterSect Alliance
Klíč nalezen: HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
Klíč nalezen: HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\999D2A873764CCF418E8750BFAF8B307
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
Data nalezena: HKU\S-1-5-21-3321698757-2860505083-3092554707-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=148 ... cbbt5w6g8q
Data nalezena: HKU\S-1-5-21-3321698757-2860505083-3092554707-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=148 ... 4d9g0zcbbt
Data nalezena: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=148 ... BW120H6_CV
Data nalezena: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=148 ... SSDSC2BW12
Data nalezena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=148 ... SSDSC2BW12
Data nalezena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.startpageing123.com/search/?type=ds ... id=INTELXS
Data nalezena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.startpageing123.com/search/?type=ds ... LXSSDSC2BW
Data nalezena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=148 ... BW120H6_CV
Data nalezena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=148 ... SC2BW120H6_
Data nalezena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=148 ... LXSSDSC2BW
Data nalezena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=148 ... LXSSDSC2BW
Data nalezena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.startpageing123.com/search/?type=ds ... &uid=INTEL
Data nalezena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.startpageing123.com/search/?type=ds ... TELXSSDSC2
Data nalezena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=148 ... SC2BW120H6_
Klíč nalezen: HKU\S-1-5-21-3321698757-2860505083-3092554707-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data nalezena: HKU\S-1-5-21-3321698757-2860505083-3092554707-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data nalezena: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data nalezena: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Klíč nalezen: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data nalezena: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data nalezena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Hodnota nalezena: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
Klíč nalezen: HKCU\SOFTWARE\Classes\ChromeHTML
Klíč nalezen: HKCU\SOFTWARE\Clients\StartMenuInternet\ChromeHTML


***** [ Internetové prohlížeče ] *****

Nebyly nalezeny žádné škodlivé položky prohlížeče Firefox.
Chromium nastavení nalezeno: [C:\Users\Gasour\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] - pokemon-go.en.softonic.com
Chromium nastavení nalezeno: [C:\Users\Gasour\AppData\Local\Google\Chrome\User Data\Profile 2\Secure Preferences] - hxxp://www.startpageing123.com/?type=hp&ts=148 ... che0812&ui
Chromium nastavení nalezeno: [C:\Users\Gasour\AppData\Local\Google\Chrome\User Data\Profile 2\Secure Preferences] - hxxp://www.startpageing123.com/searchfavicon.ico
Chromium nastavení nalezeno: [C:\Users\Gasour\AppData\Local\Google\Chrome\User Data\Profile 2\Secure Preferences ] - hxxp://www.startpageing123.com/?type=hp&ts=148 ... =che0812&u

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [7027 Bajty] - [12/03/2017 13:16:39]
C:\AdwCleaner\AdwCleaner[S0].txt - [8635 Bajty] - [12/03/2017 13:15:08]
C:\AdwCleaner\AdwCleaner[S1].txt - [1637 Bajty] - [12/03/2017 13:20:22]
C:\AdwCleaner\AdwCleaner[S2].txt - [9946 Bajty] - [14/03/2017 20:02:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [10019 Bajty] ##########

Re: adware

Napsal: 14 bře 2017 20:14
od altrok
Krasny den Vam preju :bye:



:arrow: Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pokud budete mit problemy se stazenim FRSTLauncheru, staci kdyz pouzijete samotny FRST.exe/FRST64.exe.

Re: adware

Napsal: 14 bře 2017 20:19
od Gasour
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-03-2017
Ran by Gasour (administrator) on DESKTOP-C36U1O7 (14-03-2017 20:15:58)
Running from C:\Users\Gasour\Desktop
Loaded Profiles: Gasour (Available Profiles: defaultuser0 & Gasour)
Platform: Windows 10 Pro Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Noflat\Application\chrome.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IEC) C:\Program Files (x86)\BikaQRss\BikaQ.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\syswow64\svchost.exe
(LogMeIn Inc.) D:\Instal\Hamchi\x64\hamachi-2.exe
(LogMeIn, Inc.) D:\Instal\Hamchi\x64\LMIGuardianSvc.exe
(LogMeIn Inc.) D:\Instal\Hamchi\hamachi-2-ui.exe
(LogMeIn, Inc.) D:\Instal\Hamchi\LMIGuardianSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
() D:\Steam\steamapps\common\wallpaper_engine\wallpaper64.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(forum.viry.cz) C:\Users\Gasour\Desktop\FRST-OlderVersion\FRSTLauncher.exe
(hxxp://www.amuleall.org/) C:\Program Files (x86)\amulell\ed2k.exe
() C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-11-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Instal\Hamchi\hamachi-2-ui.exe [5883912 2017-03-02] (LogMeIn Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-03-11] (AVAST Software)
HKU\S-1-5-21-3321698757-2860505083-3092554707-1001\...\Run: [Steam] => D:\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-3321698757-2860505083-3092554707-1001\...\Run: [WallpaperEngine] => D:\Steam\steamapps\common\wallpaper_engine\wallpaper64.exe [894464 2017-02-21] ()
HKU\S-1-5-21-3321698757-2860505083-3092554707-1001\...\Run: [Discord] => C:\Users\Gasour\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-3321698757-2860505083-3092554707-1001\...\Run: [DAEMON Tools Lite Automount] => D:\Instal\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-07] (Disc Soft Ltd)
HKU\S-1-5-21-3321698757-2860505083-3092554707-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
HKLM\...\Providers\m6w1mwfw: C:\Program Files (x86)\Gherceshbernotion Schedule\local64spl.dll [306176 2017-03-06] ()
ShellExecuteHooks: No Name - {8155A07A-FD98-11E6-8065-64006A5CFC23} - C:\Program Files (x86)\Voniing\Shuzutain.dll [144896 2017-03-06] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-11] (AVAST Software)
Startup: C:\Users\Gasour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk [2017-02-27]
ShortcutTarget: GameRanger.lnk -> C:\Users\Gasour\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{62b70a00-8814-4bbf-9e86-5de866e68299}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=148 ... 016X120AGN
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=148 ... 016X120AGN
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=148 ... 016X120AGN
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=148 ... 016X120AGN
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
HKU\S-1-5-21-3321698757-2860505083-3092554707-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=148 ... 016X120AGN
HKU\S-1-5-21-3321698757-2860505083-3092554707-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=148 ... 016X120AGN
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
SearchScopes: HKU\S-1-5-21-3321698757-2860505083-3092554707-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
SearchScopes: HKU\S-1-5-21-3321698757-2860505083-3092554707-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-3321698757-2860505083-3092554707-1001 -> hxxp://www.startpageing123.com/?type=hp&ts=148 ... 016X120AGN

FireFox:
========
FF DefaultProfile: fscuvsb6.default
FF ProfilePath: C:\Users\Gasour\AppData\Roaming\Firefox\Firefox\Profiles\fscuvsb6.default [2017-03-14]
FF Extension: (FF Adr) - C:\Users\Gasour\AppData\Roaming\Firefox\Firefox\Profiles\fscuvsb6.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-03-14] [not signed]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\Gasour\AppData\Roaming\Firefox\Firefox\Profiles\fscuvsb6.default\Extensions\langpack-cs@firefox.mozilla.org.xpi [2017-03-14] [not signed]
FF SearchPlugin: C:\Users\Gasour\AppData\Roaming\Firefox\Firefox\Profiles\fscuvsb6.default\searchplugins\startsearch.xml [2017-03-14]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-28] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-28] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-06] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-07-31] (Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Profile 2
CHR HomePage: Profile 2 -> hxxp://www.startpageing123.com/?type=hp&ts=148 ... 016X120AGN
CHR StartupUrls: Profile 2 -> "hxxp://www.google.com/","hxxps://www.google.cz ... 016X120AGN"
CHR Profile: C:\Users\Gasour\AppData\Local\Google\Chrome\User Data\Default [2017-03-12]
CHR Extension: (Prezentace Google) - C:\Users\Gasour\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-21]
CHR Extension: (Dokumenty Google) - C:\Users\Gasour\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-21]
CHR Extension: (Disk Google) - C:\Users\Gasour\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-21]
CHR Extension: (YouTube) - C:\Users\Gasour\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-21]
CHR Extension: (Tabulky Google) - C:\Users\Gasour\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-21]
CHR Extension: (Dokumenty Google offline) - C:\Users\Gasour\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-21]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Gasour\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Gmail) - C:\Users\Gasour\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-21]
CHR Extension: (Chrome Media Router) - C:\Users\Gasour\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-21]
CHR Profile: C:\Users\Gasour\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-03-12]
CHR Profile: C:\Users\Gasour\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-03-14]
CHR Extension: (Dokumenty Google) - C:\Users\Gasour\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-11]
CHR Extension: (Disk Google) - C:\Users\Gasour\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-11]
CHR Extension: (Image Downloader) - C:\Users\Gasour\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2017-03-11]
CHR Extension: (Dokumenty Google offline) - C:\Users\Gasour\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-11]
CHR Extension: (Speed Dial [FVD] - New Tab Page, 3D, Sync...) - C:\Users\Gasour\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\llaficoajjainaijghjlofdfmbjpebpa [2017-03-12]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Gasour\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (The Witcher Wild Hunt [FVD]) - C:\Users\Gasour\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\opnjkjfghakiipjljmclnfecgcpdkeik [2017-03-11]
CHR Extension: (Gmail) - C:\Users\Gasour\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-11]
CHR Extension: (Chrome Media Router) - C:\Users\Gasour\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-12]
HKU\S-1-5-21-3321698757-2860505083-3092554707-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Noflat\Application\chrome.exe (Google Inc.) <==== ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7147320 2017-03-11] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-03-11] (AVAST Software)
S3 Disc Soft Lite Bus Service; D:\Instal\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-07] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [392480 2017-02-21] (EasyAntiCheat Ltd)
R2 ed2kidle; C:\Program Files (x86)\amulell\ed2k.exe [214528 2017-03-10] (hxxp://www.amuleall.org/) [File not signed]
R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [104624 2017-03-10] ()
R2 Hamachi2Svc; D:\Instal\Hamchi\x64\hamachi-2.exe [3416584 2017-03-02] (LogMeIn Inc.)
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [131024 2016-12-02] (Elex do Brasil Participações Ltda)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-10-09] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WinSAPSvc; C:\Users\Gasour\AppData\Roaming\WinSAPSvc\WinSAP.dll [184320 2017-03-13] (Windows) [File not signed]
R2 WinSnare; C:\Users\Gasour\AppData\Roaming\WinSnare\WinSnare.dll [776704 2017-03-14] (InterSect Alliance Pty Ltd) [File not signed] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [23240 2016-03-21] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0309377.inf_amd64_7ab08912e1e1da0a\atikmdag.sys [26568848 2017-01-25] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0309377.inf_amd64_7ab08912e1e1da0a\atikmpag.sys [536600 2017-01-25] (Advanced Micro Devices, Inc.)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [309272 2017-03-11] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-03-11] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334600 2017-03-11] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-03-11] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-03-11] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32088 2017-03-11] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [126600 2017-03-11] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [100640 2017-03-11] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-03-11] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [993608 2017-03-11] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [548928 2017-03-11] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [162528 2017-03-11] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [337592 2017-03-14] (AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [118848 2016-07-28] (Advanced Micro Devices)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-12-28] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-03-06] (Disc Soft Ltd)
R3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2016-11-11] (LogMeIn Inc.)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-23] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\WINDOWS\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-23] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\WINDOWS\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participações Ltda)
S3 moufiltr; C:\WINDOWS\System32\drivers\MurGeeClicker.sys [23496 2016-03-30] (MurGee.com)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-15 04:58 - 2017-03-15 04:58 - 00000000 ____D C:\$WINDOWS.~BT
2017-03-14 20:15 - 2017-03-14 20:16 - 00021769 _____ C:\Users\Gasour\Desktop\FRST.txt
2017-03-14 20:01 - 2017-03-14 20:01 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-03-14 19:42 - 2017-03-14 19:42 - 00000000 ____D C:\Users\Gasour\AppData\Local\Noflat
2017-03-14 19:41 - 2017-03-14 19:41 - 00000000 ____D C:\ProgramData\VMware
2017-03-14 19:41 - 2017-03-14 19:41 - 00000000 ____D C:\Program Files (x86)\Noflat
2017-03-14 19:40 - 2017-03-14 19:42 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-03-14 19:40 - 2017-03-14 19:40 - 00000000 ____D C:\WINDOWS\system32\log
2017-03-14 19:40 - 2017-03-14 19:40 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\Elex-tech
2017-03-14 19:40 - 2017-03-14 19:40 - 00000000 ____D C:\Program Files (x86)\Elex-tech
2017-03-14 19:40 - 2016-05-23 03:41 - 00055056 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys
2017-03-14 19:40 - 2016-05-19 07:42 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
2017-03-14 19:39 - 2017-03-14 19:51 - 00000000 ____D C:\Users\Gasour\AppData\LocalLow\Mozilla
2017-03-14 19:39 - 2017-03-14 19:39 - 00002076 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-14 19:39 - 2017-03-14 19:39 - 00002006 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-14 19:39 - 2017-03-14 19:39 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\Mozilla
2017-03-14 19:39 - 2017-03-14 19:39 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\Firefox
2017-03-14 19:39 - 2017-03-14 19:39 - 00000000 ____D C:\Users\Gasour\AppData\Local\Firefox
2017-03-14 19:39 - 2017-03-14 19:39 - 00000000 ____D C:\Program Files (x86)\Firefox
2017-03-14 19:37 - 2017-03-14 20:15 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-03-14 19:37 - 2017-03-14 19:37 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
2017-03-14 19:37 - 2017-03-14 19:37 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\aMule
2017-03-14 19:37 - 2017-03-14 19:37 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.3.0)
2017-03-14 19:37 - 2017-03-14 19:37 - 00000000 ____D C:\Program Files (x86)\amulell
2017-03-14 19:37 - 2017-03-14 19:37 - 00000000 ____D C:\Program Files (x86)\58C83881_cacayima
2017-03-13 19:39 - 2017-03-13 19:39 - 00661803 _____ C:\Users\Gasour\Downloads\Minas_Tirith_Extended_Edition.zip
2017-03-13 19:09 - 2017-03-14 20:13 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\Kyubey
2017-03-13 19:09 - 2017-03-14 19:37 - 00003676 _____ C:\WINDOWS\System32\Tasks\Milimili
2017-03-13 19:09 - 2017-03-14 19:37 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\WinSnare
2017-03-13 19:09 - 2017-03-14 19:33 - 00000000 ____D C:\Program Files (x86)\BikaQRss
2017-03-13 19:09 - 2017-03-13 19:09 - 00003342 _____ C:\WINDOWS\System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel
2017-03-13 19:09 - 2017-03-13 19:09 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\WinSAPSvc
2017-03-13 19:09 - 2017-03-13 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ
2017-03-13 19:05 - 2017-03-13 19:05 - 00000000 ____D C:\Program Files\m6w1mwfw
2017-03-12 20:07 - 2017-03-12 20:07 - 00000201 _____ C:\Users\Gasour\Desktop\The Witcher 2 Assassins of Kings Enhanced Edition.url
2017-03-12 20:05 - 2017-03-12 20:05 - 00000202 _____ C:\Users\Gasour\Desktop\Terraria.url
2017-03-12 20:05 - 2017-03-12 20:05 - 00000199 _____ C:\Users\Gasour\Desktop\Left 4 Dead 2.url
2017-03-12 19:42 - 2017-03-12 19:42 - 00003326 _____ C:\Users\Gasour\Desktop\Fixlog.txt
2017-03-12 18:55 - 2013-07-01 06:33 - 355850696 _____ () C:\Users\Gasour\Downloads\Bioshock Infinite CZ v1.13.exe
2017-03-12 18:48 - 2017-03-12 18:55 - 355797793 _____ C:\Users\Gasour\Downloads\bioinfcz.zip
2017-03-12 18:45 - 2017-03-12 20:49 - 00000000 ____D C:\Users\Gasour\Documents\My Games
2017-03-12 18:33 - 2017-03-14 20:15 - 00000000 ____D C:\Users\Gasour\Desktop\FRST-OlderVersion
2017-03-12 15:52 - 2017-03-12 15:52 - 00000000 ____D C:\Users\Gasour\AppData\Local\GHISLER
2017-03-12 15:42 - 2017-03-12 15:53 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\GHISLER
2017-03-12 15:42 - 2017-03-12 15:49 - 00000000 ____D C:\Users\Gasour\.atom
2017-03-12 15:42 - 2017-03-12 15:42 - 00002253 _____ C:\Users\Gasour\Desktop\Atom.lnk
2017-03-12 15:42 - 2017-03-12 15:42 - 00000625 _____ C:\Users\Gasour\Desktop\Total Commander 64 bit.lnk
2017-03-12 15:42 - 2017-03-12 15:42 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2017-03-12 15:42 - 2017-03-12 15:42 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2017-03-12 15:42 - 2017-03-12 15:42 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\Atom
2017-03-12 15:42 - 2017-03-12 15:42 - 00000000 ____D C:\Users\Gasour\AppData\Local\atom
2017-03-12 15:41 - 2017-03-12 15:42 - 04987672 _____ (Ghisler Software GmbH) C:\Users\Gasour\Downloads\tcmd900ax64.exe
2017-03-12 15:40 - 2017-03-12 15:42 - 118796832 _____ (GitHub Inc.) C:\Users\Gasour\Downloads\AtomSetup-x64.exe
2017-03-12 13:13 - 2017-03-14 20:02 - 00000000 ____D C:\AdwCleaner
2017-03-12 13:12 - 2017-03-12 13:13 - 04031440 _____ C:\Users\Gasour\Desktop\adwcleaner_6.044.exe
2017-03-12 12:41 - 2017-03-14 20:15 - 00000000 ____D C:\FRST
2017-03-12 12:39 - 2017-03-12 12:39 - 00112640 _____ (forum.viry.cz) C:\Users\Gasour\Downloads\Nepotvrzeno 220302.crdownload
2017-03-12 12:38 - 2017-03-14 20:15 - 02424832 _____ (Farbar) C:\Users\Gasour\Desktop\FRST64.exe
2017-03-12 12:24 - 2017-03-12 12:24 - 00000000 ____D C:\rsit
2017-03-12 12:24 - 2017-03-12 12:24 - 00000000 ____D C:\Program Files\trend micro
2017-03-12 12:23 - 2017-03-12 12:24 - 01222144 _____ C:\Users\Gasour\Downloads\RSITx64.exe
2017-03-12 00:28 - 2017-03-12 00:28 - 00000000 ____D C:\WINDOWS\system32\˙˙˙˙˙˙˙˙
2017-03-11 23:17 - 2017-03-11 23:17 - 00000201 _____ C:\Users\Gasour\Desktop\The Elder Scrolls V Skyrim.url
2017-03-11 23:16 - 2017-03-11 23:16 - 00000200 _____ C:\Users\Gasour\Desktop\BioShock Infinite.url
2017-03-11 19:52 - 2017-03-11 19:52 - 00000202 _____ C:\Users\Gasour\Desktop\Age of Mythology Extended Edition.url
2017-03-11 19:44 - 2017-03-11 19:44 - 00000202 _____ C:\Users\Gasour\Desktop\The Forest.url
2017-03-11 19:20 - 2017-03-11 19:20 - 00000202 _____ C:\Users\Gasour\Desktop\Northgard.url
2017-03-11 17:13 - 2017-03-11 17:13 - 00000199 _____ C:\Users\Gasour\Desktop\Counter-Strike Global Offensive.url
2017-03-11 13:48 - 2017-03-11 13:48 - 00002872 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-03-11 13:48 - 2017-03-11 13:48 - 00000866 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-03-11 13:48 - 2017-03-11 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-03-11 13:48 - 2017-03-11 13:48 - 00000000 ____D C:\Program Files\CCleaner
2017-03-11 13:39 - 2017-03-12 13:32 - 00004022 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1489235987
2017-03-11 13:39 - 2017-03-12 13:32 - 00001091 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-03-11 13:39 - 2017-03-11 13:39 - 00032088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-03-11 13:39 - 2017-03-11 13:39 - 00001091 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-03-11 13:36 - 2017-03-11 13:36 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\AVAST Software
2017-03-11 13:35 - 2017-03-14 20:07 - 00337592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2017-03-11 13:35 - 2017-03-11 13:35 - 00993608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-03-11 13:35 - 2017-03-11 13:35 - 00548928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2017-03-11 13:35 - 2017-03-11 13:35 - 00398408 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-03-11 13:35 - 2017-03-11 13:35 - 00334600 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-03-11 13:35 - 2017-03-11 13:35 - 00309272 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-03-11 13:35 - 2017-03-11 13:35 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-03-11 13:35 - 2017-03-11 13:35 - 00162528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-03-11 13:35 - 2017-03-11 13:35 - 00126600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-03-11 13:35 - 2017-03-11 13:35 - 00100640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-03-11 13:35 - 2017-03-11 13:35 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-03-11 13:35 - 2017-03-11 13:35 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-03-11 13:35 - 2017-03-11 13:35 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-03-11 13:35 - 2017-03-11 13:35 - 00003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-03-11 13:35 - 2017-03-11 13:35 - 00001982 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-03-11 13:35 - 2017-03-11 13:35 - 00001970 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-03-11 13:35 - 2017-03-11 13:35 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-03-11 13:35 - 2017-03-11 13:35 - 00000000 ____D C:\Program Files\Common Files\AV
2017-03-11 13:34 - 2017-03-11 13:48 - 09261616 _____ (Piriform Ltd) C:\Users\Gasour\Downloads\ccsetup527.exe
2017-03-11 13:31 - 2017-03-14 19:41 - 00002170 _____ C:\Users\Gasour\Desktop\Google Chrome.lnk
2017-03-11 13:31 - 2017-03-11 13:39 - 00000000 ____D C:\Program Files\AVAST Software
2017-03-11 13:28 - 2017-03-11 15:29 - 00000000 ____D C:\ProgramData\AVAST Software
2017-03-11 13:27 - 2017-03-11 13:28 - 06656568 _____ (AVAST Software) C:\Users\Gasour\Downloads\avast_free_antivirus_setup_online.exe
2017-03-11 13:21 - 2017-03-11 13:22 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-03-11 13:21 - 2017-03-11 13:21 - 00000000 ____D C:\Users\Gasour\Documents\aMule Downloads
2017-03-11 11:59 - 2017-03-14 19:37 - 00000380 _____ C:\WINDOWS\SysWOW64\data.bin
2017-03-11 11:59 - 2017-03-14 19:37 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-03-11 11:59 - 2017-03-14 19:37 - 00000000 _____ C:\WINDOWS\SysWOW64\3
2017-03-09 20:41 - 2017-03-09 20:41 - 00000000 ____D C:\Program Files (x86)\MIO
2017-03-09 20:37 - 2017-03-14 19:37 - 00000000 ____D C:\Program Files (x86)\MK
2017-03-09 20:36 - 2017-03-09 20:36 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-03-09 20:35 - 2017-03-09 20:35 - 00000000 ____D C:\Program Files (x86)\m6w1mwfw
2017-03-06 21:00 - 2017-03-14 19:41 - 00002240 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-06 20:57 - 2017-03-06 20:57 - 01129376 _____ (Google Inc.) C:\Users\Gasour\Downloads\ChromeSetup.exe
2017-03-06 20:57 - 2017-03-06 20:57 - 00003470 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-03-06 20:57 - 2017-03-06 20:57 - 00003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-06 20:54 - 2017-03-06 20:54 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\Sibuspgucipy
2017-03-06 18:52 - 2017-03-06 19:02 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\My Battle for Middle-earth Files
2017-03-06 18:50 - 2017-03-06 18:50 - 00000731 _____ C:\Users\Public\Desktop\The Battle for Middle-earth (tm).lnk
2017-03-06 18:50 - 2017-03-06 18:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2017-03-06 18:47 - 2017-03-06 18:47 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2017-03-06 18:47 - 2017-03-06 18:47 - 00000000 ____D C:\Users\Gasour\AppData\Local\Disc_Soft_Ltd
2017-03-06 18:46 - 2017-03-13 19:05 - 00000000 ____D C:\Program Files (x86)\Voniing
2017-03-06 18:46 - 2017-03-06 18:47 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\DAEMON Tools Lite
2017-03-06 18:46 - 2017-03-06 18:47 - 00000000 ____D C:\Users\Gasour\AppData\Local\Cumospthejise
2017-03-06 18:46 - 2017-03-06 18:46 - 00047672 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtliteusbbus.sys
2017-03-06 18:46 - 2017-03-06 18:46 - 00006168 _____ C:\WINDOWS\System32\Tasks\Gherceshbernotion Schedule
2017-03-06 18:46 - 2017-03-06 18:46 - 00000839 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2017-03-06 18:46 - 2017-03-06 18:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2017-03-06 18:46 - 2017-03-06 18:46 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2017-03-06 18:46 - 2017-03-06 18:46 - 00000000 ____D C:\Program Files (x86)\Gherceshbernotion Schedule
2017-03-06 17:22 - 2017-03-06 17:22 - 00000000 ____D C:\Users\Gasour\AppData\LocalLow\uTorrent
2017-03-06 17:18 - 2017-03-06 17:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2017-03-05 17:02 - 2017-03-05 17:02 - 00000202 _____ C:\Users\Gasour\Desktop\ARK Survival Evolved.url
2017-02-28 01:23 - 2017-02-28 01:23 - 00000000 ____D C:\Users\Gasour\Documents\Vlastní šablony Office
2017-02-27 22:46 - 2017-02-28 16:19 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-27 22:46 - 2017-02-28 01:03 - 00003900 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-02-27 22:45 - 2017-02-27 22:45 - 00001123 _____ C:\Users\Gasour\Desktop\GameRanger.lnk
2017-02-27 22:45 - 2017-02-27 22:45 - 00001109 _____ C:\Users\Gasour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
2017-02-27 22:45 - 2017-02-27 22:45 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\GameRanger
2017-02-27 21:36 - 2017-02-27 21:36 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2017-02-27 21:33 - 2017-02-27 21:33 - 00002729 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-02-27 21:33 - 2017-02-27 21:33 - 00002662 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive pro firmy.lnk
2017-02-27 21:33 - 2017-02-27 21:33 - 00002656 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-02-27 21:33 - 2017-02-27 21:33 - 00002656 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype pro firmy 2016.lnk
2017-02-27 21:33 - 2017-02-27 21:33 - 00002656 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-02-27 21:33 - 2017-02-27 21:33 - 00002648 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-02-27 21:33 - 2017-02-27 21:33 - 00002648 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-02-27 21:33 - 2017-02-27 21:33 - 00002642 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-02-27 21:33 - 2017-02-27 21:33 - 00002628 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-02-27 21:33 - 2017-02-27 21:33 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office 2016
2017-02-27 21:33 - 2017-02-27 21:33 - 00000000 ____D C:\WINDOWS\PCHEALTH
2017-02-27 21:33 - 2017-02-27 21:33 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2017-02-27 21:33 - 2017-02-27 21:33 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-02-27 21:33 - 2017-02-27 21:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-27 21:33 - 2017-02-27 21:33 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2017-02-27 21:32 - 2017-02-27 21:33 - 00000000 ____D C:\WINDOWS\SHELLNEW
2017-02-27 21:32 - 2017-02-27 21:33 - 00000000 ____D C:\Program Files\Microsoft Office
2017-02-27 21:32 - 2017-02-27 21:32 - 00000000 __RHD C:\MSOCache
2017-02-27 21:32 - 2017-02-27 21:32 - 00000000 ____D C:\Users\Gasour\AppData\Local\Microsoft Help
2017-02-27 21:32 - 2017-02-27 21:32 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2017-02-27 21:32 - 2017-02-27 21:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-02-27 21:32 - 2017-02-27 21:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2017-02-27 19:21 - 2017-02-27 19:21 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\WinRAR
2017-02-27 19:21 - 2017-02-27 19:21 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-27 19:21 - 2017-02-27 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-27 18:57 - 2017-03-13 21:20 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2017-02-27 18:55 - 2017-02-27 18:55 - 00000741 _____ C:\Users\Public\Desktop\The Battle for Middle-earth (tm) II.lnk
2017-02-27 18:55 - 2017-02-27 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2017-02-27 18:53 - 2017-02-27 18:53 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\Macromedia
2017-02-27 16:17 - 2017-02-27 16:17 - 00002692 _____ C:\Users\Gasour\Desktop\µTorrent.lnk
2017-02-27 16:17 - 2017-02-27 16:17 - 00002692 _____ C:\Users\Gasour\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-02-27 16:16 - 2017-03-06 23:02 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\uTorrent
2017-02-26 23:14 - 2017-03-12 15:42 - 00000000 ____D C:\Users\Gasour\AppData\Local\SquirrelTemp
2017-02-26 23:14 - 2017-02-27 11:02 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\discord
2017-02-26 23:14 - 2017-02-26 23:14 - 00002245 _____ C:\Users\Gasour\Desktop\Discord.lnk
2017-02-26 23:14 - 2017-02-26 23:14 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-02-26 23:14 - 2017-02-26 23:14 - 00000000 ____D C:\Users\Gasour\AppData\Local\Discord
2017-02-24 22:55 - 2017-02-24 22:55 - 00000000 ____D C:\WINDOWS\system32\˙˙˙˙˙˙˙˙8
2017-02-24 00:12 - 2017-02-24 00:12 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-02-24 00:09 - 2017-02-24 00:09 - 00000000 ____D C:\Users\Gasour\AppData\Local\2K Games
2017-02-24 00:09 - 2017-02-24 00:09 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-24 00:09 - 2017-02-24 00:09 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2017-02-24 00:08 - 2017-03-14 19:36 - 00004214 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{19160A94-8D03-4237-A476-2ED2154CA940}
2017-02-22 22:15 - 2017-02-22 22:15 - 00000000 ____D C:\Users\Gasour\AppData\Local\PeerDistRepub
2017-02-22 03:12 - 2017-03-12 12:15 - 00000000 ____D C:\Users\Default\AppData\Local\LogMeIn Hamachi
2017-02-22 03:12 - 2017-03-12 12:15 - 00000000 ____D C:\Users\Default User\AppData\Local\LogMeIn Hamachi
2017-02-22 03:12 - 2017-02-22 03:12 - 00000000 ____D C:\Users\Gasour\AppData\Local\LogMeIn
2017-02-22 03:12 - 2017-02-22 03:12 - 00000000 ____D C:\ProgramData\LogMeIn
2017-02-22 03:11 - 2017-03-14 20:13 - 00000000 ____D C:\Users\Gasour\AppData\Local\LogMeIn Hamachi
2017-02-22 01:31 - 2017-02-22 01:31 - 00000000 _SHDL C:\Users\Public\Documents\My Videos
2017-02-22 01:31 - 2017-02-22 01:31 - 00000000 _SHDL C:\Users\Public\Documents\My Pictures
2017-02-22 01:31 - 2017-02-22 01:31 - 00000000 _SHDL C:\Users\Public\Documents\My Music
2017-02-22 01:31 - 2017-02-22 01:31 - 00000000 _SHDL C:\Users\Default\My Documents
2017-02-22 01:31 - 2017-02-22 01:31 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2017-02-22 01:31 - 2017-02-22 01:31 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2017-02-22 01:31 - 2017-02-22 01:31 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2017-02-22 01:31 - 2017-02-22 01:31 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2017-02-22 01:31 - 2017-02-22 01:31 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2017-02-22 01:31 - 2017-02-22 01:31 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2017-02-22 01:31 - 2017-02-22 01:31 - 00000000 _SHDL C:\Users\Default User
2017-02-22 01:31 - 2017-02-22 01:31 - 00000000 _SHDL C:\Users\All Users
2017-02-22 01:31 - 2017-02-22 01:31 - 00000000 _SHDL C:\Documents and Settings
2017-02-22 01:28 - 2017-02-22 01:28 - 00000000 ____D C:\ProgramData\USOShared
2017-02-22 01:27 - 2017-03-14 20:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-22 01:27 - 2017-03-14 19:55 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-02-22 01:27 - 2017-02-22 23:20 - 00000000 ____D C:\Program Files\AMD
2017-02-22 01:27 - 2017-02-22 01:27 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2017-02-22 01:26 - 2017-03-14 20:13 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-22 01:26 - 2017-02-28 16:19 - 00332304 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-22 01:26 - 2017-02-22 01:26 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-02-22 01:20 - 2017-02-22 01:20 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-02-22 01:20 - 2017-02-22 01:20 - 00000000 ____D C:\WINDOWS\InfusedApps
2017-02-22 01:20 - 2017-02-21 16:33 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-22 01:20 - 2016-07-16 12:43 - 00000001 ___SH C:\BOOTNXT
2017-02-22 01:19 - 2017-02-22 01:19 - 00000000 ____D C:\WINDOWS\Setup
2017-02-22 01:17 - 2017-02-22 01:17 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2017-02-22 01:17 - 2017-02-22 01:17 - 00000000 ____D C:\WINDOWS\OCR
2017-02-22 01:17 - 2017-02-22 01:17 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-02-22 01:17 - 2017-02-22 01:17 - 00000000 ____D C:\Program Files\MSBuild
2017-02-22 01:17 - 2017-02-22 01:17 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-02-22 01:17 - 2017-02-22 01:17 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-02-22 01:16 - 2017-03-14 20:05 - 00913462 _____ C:\WINDOWS\system32\perfh005.dat
2017-02-22 01:16 - 2017-03-14 20:05 - 00201234 _____ C:\WINDOWS\system32\perfc005.dat
2017-02-22 01:16 - 2017-02-22 01:17 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-02-22 01:16 - 2017-02-22 01:17 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-02-22 01:16 - 2017-02-22 01:17 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-02-22 01:16 - 2017-02-22 01:17 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-02-22 01:16 - 2017-02-22 01:17 - 00000000 ____D C:\WINDOWS\system32\winrm
2017-02-22 01:16 - 2017-02-22 01:17 - 00000000 ____D C:\WINDOWS\system32\WCN
2017-02-22 01:16 - 2017-02-22 01:17 - 00000000 ____D C:\WINDOWS\system32\slmgr
2017-02-22 01:16 - 2017-02-22 01:17 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-02-22 01:16 - 2017-02-22 01:16 - 00296654 _____ C:\WINDOWS\system32\perfi005.dat
2017-02-22 01:16 - 2017-02-22 01:16 - 00038682 _____ C:\WINDOWS\system32\perfd005.dat
2017-02-22 01:16 - 2017-02-22 01:16 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2017-02-22 01:16 - 2017-02-22 01:16 - 00000000 ____D C:\WINDOWS\SysWOW64\cs
2017-02-22 01:16 - 2017-02-22 01:16 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
2017-02-22 01:16 - 2017-02-22 01:16 - 00000000 ____D C:\WINDOWS\system32\cs
2017-02-22 01:16 - 2017-02-22 01:16 - 00000000 ____D C:\WINDOWS\system32\0409
2017-02-22 01:16 - 2017-02-22 01:16 - 00000000 ____D C:\WINDOWS\DigitalLocker
2017-02-22 01:14 - 2017-02-06 20:48 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-22 01:14 - 2017-02-06 20:48 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-22 01:13 - 2017-03-14 19:37 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-22 01:13 - 2017-03-13 19:07 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-22 01:13 - 2017-03-12 12:18 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-22 01:13 - 2017-02-28 01:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-22 01:13 - 2017-02-28 01:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-22 01:13 - 2017-02-27 21:33 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-02-22 01:13 - 2017-02-27 21:33 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-02-22 01:13 - 2017-02-27 21:32 - 00000167 _____ C:\WINDOWS\win.ini
2017-02-22 01:13 - 2017-02-27 21:32 - 00000000 ____D C:\Program Files\Common Files\System
2017-02-22 01:13 - 2017-02-24 18:40 - 00000000 ____D C:\WINDOWS\rescache
2017-02-22 01:13 - 2017-02-22 03:57 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-02-22 01:13 - 2017-02-22 03:57 - 00000000 ____D C:\WINDOWS\appcompat
2017-02-22 01:13 - 2017-02-22 01:28 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-02-22 01:13 - 2017-02-22 01:28 - 00000000 ___RD C:\WINDOWS\MiracastView
2017-02-22 01:13 - 2017-02-22 01:28 - 00000000 ____D C:\ProgramData\USOPrivate
2017-02-22 01:13 - 2017-02-22 01:20 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-02-22 01:13 - 2017-02-22 01:17 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-02-22 01:13 - 2017-02-22 01:17 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-02-22 01:13 - 2017-02-22 01:17 - 00000000 ____D C:\WINDOWS\SystemApps
2017-02-22 01:13 - 2017-02-22 01:17 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-02-22 01:13 - 2017-02-22 01:17 - 00000000 ____D C:\WINDOWS\system32\MUI
2017-02-22 01:13 - 2017-02-22 01:16 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2017-02-22 01:13 - 2017-02-22 01:16 - 00000000 ____D C:\WINDOWS\system32\Com
2017-02-22 01:13 - 2017-02-22 01:16 - 00000000 ____D C:\WINDOWS\IME
2017-02-22 01:13 - 2017-02-22 01:16 - 00000000 ____D C:\WINDOWS\Help
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 __SHD C:\Program Files\Windows Sidebar
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 __RSD C:\WINDOWS\Media
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 __RHD C:\Users\Public\Libraries
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ___SD C:\WINDOWS\system32\Nui
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\Web
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\Vss
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\tracing
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\TAPI
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\SysWOW64\NDF
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\SystemResources
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\system32\winevt
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\system32\ras
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\system32\ProximityToast
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\system32\PointOfService
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\system32\Ipmi
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\system32\IME
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\system32\icsxml
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\system32\ias
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\system32\downlevel
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\system32\DDFs
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\system32\config\Journal
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\System
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\SKB
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\schemas
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\SchCache
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\security
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\Resources
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\RemotePackages
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\Registration
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\PLA
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\Performance
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\ModemLogs
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\L2Schemas
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\InputMethod
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\Globalization
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\GameBarPresenceWriter
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\Cursors
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\Branding
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\addins
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\ProgramData\Comms
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\Program Files\Windows Portable Devices
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\Program Files\Windows NT
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\Program Files\Common Files\Services
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\Program Files (x86)\Windows NT
2017-02-22 01:13 - 2017-02-22 01:13 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2017-02-22 01:13 - 2017-02-22 01:11 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-02-22 01:13 - 2017-02-22 01:11 - 00215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2017-02-22 01:13 - 2017-02-22 01:11 - 00215943 _____ C:\WINDOWS\system32\dssec.dat
2017-02-22 01:13 - 2017-02-22 01:11 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-02-22 01:13 - 2017-02-22 01:11 - 00017463 _____ C:\WINDOWS\system32\Drivers\etc\services
2017-02-22 01:13 - 2017-02-22 01:11 - 00004096 _____ C:\WINDOWS\system32\config\VSMIDK
2017-02-22 01:13 - 2017-02-22 01:11 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2017-02-22 01:13 - 2017-02-22 01:11 - 00001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2017-02-22 01:13 - 2017-02-22 01:11 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2017-02-22 01:13 - 2017-02-22 01:11 - 00000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2017-02-22 01:13 - 2017-02-22 01:11 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT
2017-02-22 01:13 - 2017-02-22 01:11 - 00000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2017-02-22 01:13 - 2017-02-22 01:11 - 00000219 _____ C:\WINDOWS\system.ini
2017-02-22 01:13 - 2017-02-21 22:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-02-22 01:13 - 2017-02-21 22:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-02-22 01:13 - 2017-02-21 22:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
2017-02-22 01:13 - 2017-02-21 22:47 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-02-22 01:13 - 2017-02-21 22:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-02-22 01:13 - 2017-02-21 22:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-02-22 01:13 - 2017-02-21 22:47 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-02-22 01:13 - 2017-02-21 22:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-02-22 01:13 - 2017-02-21 22:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-02-22 01:13 - 2017-02-21 22:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-02-22 01:13 - 2017-02-21 22:47 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-02-22 01:13 - 2017-02-21 22:47 - 00000000 ____D C:\WINDOWS\system32\setup
2017-02-22 01:13 - 2017-02-21 22:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-02-22 01:13 - 2017-02-21 22:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-02-22 01:13 - 2017-02-21 22:47 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-02-22 01:13 - 2017-02-21 22:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-02-22 01:13 - 2017-02-21 22:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-02-22 01:13 - 2017-02-21 22:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-02-22 01:13 - 2017-02-21 22:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-02-22 01:13 - 2017-02-21 22:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2017-02-22 01:13 - 2017-02-21 22:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-02-22 01:13 - 2017-02-21 22:47 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2017-02-22 01:13 - 2017-02-21 22:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-02-22 01:13 - 2017-02-21 22:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-02-22 01:13 - 2017-02-21 22:46 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2017-02-22 01:13 - 2017-02-21 16:33 - 00000000 ____D C:\WINDOWS\system32\spool
2017-02-22 01:13 - 2017-02-21 16:33 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-02-22 01:13 - 2017-02-21 16:33 - 00000000 ____D C:\WINDOWS\CSC
2017-02-22 01:12 - 2017-03-06 18:46 - 00000000 ____D C:\WINDOWS\INF
2017-02-22 01:08 - 2017-03-14 20:08 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-22 01:07 - 2017-03-14 19:55 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2017-02-22 01:07 - 2017-02-22 01:27 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-22 01:07 - 2017-02-22 01:13 - 00000000 ____D C:\WINDOWS\system32\SMI
2017-02-22 01:07 - 2017-02-21 22:47 - 00000000 ____D C:\WINDOWS\servicing
2017-02-21 22:49 - 2017-02-21 22:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2017-02-21 22:49 - 2017-02-21 22:49 - 00000000 ____D C:\Program Files\ATI Technologies
2017-02-21 22:49 - 2017-02-21 22:49 - 00000000 ____D C:\Program Files (x86)\AMD
2017-02-21 22:44 - 2017-02-21 22:44 - 773380443 _____ C:\WINDOWS\MEMORY.DMP
2017-02-21 22:44 - 2017-02-21 22:44 - 00412108 _____ C:\WINDOWS\Minidump\022117-12015-01.dmp
2017-02-21 22:44 - 2017-02-21 22:44 - 00000000 ____D C:\WINDOWS\system32\˙˙˙˙˙˙˙˙erStore
2017-02-21 22:44 - 2017-02-21 22:44 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-21 22:39 - 2017-02-21 22:39 - 00000000 ____D C:\Users\Gasour\Documents\League of Legends
2017-02-21 21:58 - 2017-02-21 21:58 - 00000000 ____D C:\ProgramData\Riot Games
2017-02-21 21:56 - 2017-02-21 22:40 - 00001752 _____ C:\Users\Public\Desktop\League of Legends.lnk
2017-02-21 21:56 - 2017-02-21 21:56 - 00000000 ____D C:\Riot Games
2017-02-21 21:56 - 2017-02-21 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2017-02-21 21:56 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2017-02-21 21:56 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2017-02-21 21:56 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2017-02-21 21:55 - 2017-02-21 21:57 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\Riot Games
2017-02-21 19:00 - 2017-02-23 15:13 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-21 19:00 - 2017-02-23 15:13 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-21 18:49 - 2017-02-21 18:36 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-02-21 18:19 - 2017-03-12 15:06 - 00572456 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-02-21 18:19 - 2017-02-21 17:25 - 00392480 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe
2017-02-21 17:24 - 2017-02-21 17:24 - 00000202 _____ C:\Users\Gasour\Desktop\Grand Theft Auto V.url
2017-02-21 17:17 - 2017-02-21 17:17 - 00000201 _____ C:\Users\Gasour\Desktop\Mafia II.url
2017-02-21 17:04 - 2017-02-21 17:04 - 00000202 _____ C:\Users\Gasour\Desktop\Rust.url
2017-02-21 17:04 - 2017-02-21 17:04 - 00000000 ____D C:\Steam
2017-02-21 17:03 - 2017-02-21 22:44 - 00000422 _____ C:\WINDOWS\Tasks\update-sys.job
2017-02-21 17:03 - 2017-02-21 22:44 - 00000422 _____ C:\WINDOWS\Tasks\update-S-1-5-21-3321698757-2860505083-3092554707-1001.job
2017-02-21 17:03 - 2017-02-21 17:03 - 00003414 _____ C:\WINDOWS\System32\Tasks\update-S-1-5-21-3321698757-2860505083-3092554707-1001
2017-02-21 17:03 - 2017-02-21 17:03 - 00003348 _____ C:\WINDOWS\System32\Tasks\update-sys
2017-02-21 17:03 - 2017-02-21 17:03 - 00000424 _____ C:\Users\Gasour\AppData\Local\UserProducts.xml
2017-02-21 17:03 - 2017-02-21 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2017-02-21 17:03 - 2017-02-21 17:03 - 00000000 ____D C:\Program Files (x86)\Skillbrains
2017-02-21 17:02 - 2017-03-13 22:42 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\TS3Client
2017-02-21 17:02 - 2017-02-21 17:02 - 00000000 ____D C:\Users\Gasour\AppData\Local\TeamSpeak 3
2017-02-21 17:02 - 2017-02-21 17:02 - 00000000 ____D C:\Users\Gasour\.TeamSpeak 3
2017-02-21 17:02 - 2017-02-21 17:02 - 00000000 ____D C:\Users\Gasour\.QtWebEngineProcess
2017-02-21 17:01 - 2017-02-21 17:01 - 00001011 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2017-02-21 17:00 - 2017-02-21 17:01 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2017-02-21 17:00 - 2017-02-21 17:00 - 00000973 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2017-02-21 16:57 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2017-02-21 16:57 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2017-02-21 16:57 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2017-02-21 16:57 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2017-02-21 16:57 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2017-02-21 16:57 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2017-02-21 16:57 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2017-02-21 16:57 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2017-02-21 16:57 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2017-02-21 16:57 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2017-02-21 16:57 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2017-02-21 16:57 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2017-02-21 16:57 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2017-02-21 16:57 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2017-02-21 16:57 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2017-02-21 16:57 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2017-02-21 16:57 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2017-02-21 16:57 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2017-02-21 16:57 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2017-02-21 16:57 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2017-02-21 16:57 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2017-02-21 16:57 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2017-02-21 16:57 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2017-02-21 16:57 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2017-02-21 16:57 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2017-02-21 16:57 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2017-02-21 16:57 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2017-02-21 16:57 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2017-02-21 16:57 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2017-02-21 16:57 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2017-02-21 16:57 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2017-02-21 16:57 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2017-02-21 16:57 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2017-02-21 16:57 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2017-02-21 16:57 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2017-02-21 16:57 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2017-02-21 16:57 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2017-02-21 16:57 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2017-02-21 16:57 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2017-02-21 16:57 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2017-02-21 16:57 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2017-02-21 16:57 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
2017-02-21 16:57 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll
2017-02-21 16:57 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2017-02-21 16:57 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2017-02-21 16:57 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll
2017-02-21 16:57 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2017-02-21 16:57 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll
2017-02-21 16:57 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2017-02-21 16:57 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_41.dll
2017-02-21 16:57 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2017-02-21 16:57 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_41.dll
2017-02-21 16:57 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2017-02-21 16:57 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2017-02-21 16:57 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2017-02-21 16:57 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2017-02-21 16:57 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2017-02-21 16:57 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2017-02-21 16:57 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2017-02-21 16:57 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2017-02-21 16:57 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2017-02-21 16:57 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2017-02-21 16:57 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2017-02-21 16:57 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2017-02-21 16:57 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2017-02-21 16:57 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2017-02-21 16:57 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2017-02-21 16:57 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2017-02-21 16:57 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2017-02-21 16:57 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2017-02-21 16:57 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2017-02-21 16:57 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2017-02-21 16:57 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2017-02-21 16:57 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2017-02-21 16:57 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2017-02-21 16:57 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2017-02-21 16:57 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
2017-02-21 16:57 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
2017-02-21 16:57 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2017-02-21 16:57 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2017-02-21 16:57 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
2017-02-21 16:57 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
2017-02-21 16:57 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2017-02-21 16:57 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2017-02-21 16:57 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
2017-02-21 16:57 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2017-02-21 16:57 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
2017-02-21 16:57 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2017-02-21 16:57 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
2017-02-21 16:57 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2017-02-21 16:57 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
2017-02-21 16:57 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
2017-02-21 16:57 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2017-02-21 16:57 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2017-02-21 16:57 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
2017-02-21 16:57 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2017-02-21 16:57 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
2017-02-21 16:57 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2017-02-21 16:57 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
2017-02-21 16:57 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2017-02-21 16:57 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
2017-02-21 16:57 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2017-02-21 16:57 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
2017-02-21 16:57 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2017-02-21 16:57 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
2017-02-21 16:57 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2017-02-21 16:57 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
2017-02-21 16:57 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2017-02-21 16:57 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
2017-02-21 16:57 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2017-02-21 16:57 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
2017-02-21 16:57 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2017-02-21 16:57 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
2017-02-21 16:57 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2017-02-21 16:57 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
2017-02-21 16:57 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2017-02-21 16:57 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
2017-02-21 16:57 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2017-02-21 16:57 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
2017-02-21 16:57 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2017-02-21 16:57 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
2017-02-21 16:57 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2017-02-21 16:57 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
2017-02-21 16:57 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2017-02-21 16:57 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
2017-02-21 16:57 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2017-02-21 16:57 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
2017-02-21 16:57 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2017-02-21 16:57 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2017-02-21 16:57 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2017-02-21 16:57 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2017-02-21 16:57 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2017-02-21 16:57 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2017-02-21 16:57 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2017-02-21 16:57 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2017-02-21 16:57 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2017-02-21 16:57 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2017-02-21 16:57 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2017-02-21 16:57 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2017-02-21 16:57 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2017-02-21 16:57 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
2017-02-21 16:57 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
2017-02-21 16:57 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2017-02-21 16:57 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2017-02-21 16:57 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2017-02-21 16:57 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2017-02-21 16:57 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
2017-02-21 16:57 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2017-02-21 16:57 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2017-02-21 16:57 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
2017-02-21 16:57 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2017-02-21 16:57 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2017-02-21 16:57 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2017-02-21 16:57 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
2017-02-21 16:57 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2017-02-21 16:57 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2017-02-21 16:57 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2017-02-21 16:57 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2017-02-21 16:57 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2017-02-21 16:57 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2017-02-21 16:57 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2017-02-21 16:57 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2017-02-21 16:57 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2017-02-21 16:57 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2017-02-21 16:57 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2017-02-21 16:57 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2017-02-21 16:57 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2017-02-21 16:57 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2017-02-21 16:57 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2017-02-21 16:57 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2017-02-21 16:57 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2017-02-21 16:57 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2017-02-21 16:57 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2017-02-21 16:57 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2017-02-21 16:57 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2017-02-21 16:56 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2017-02-21 16:56 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2017-02-21 16:56 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2017-02-21 16:56 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
2017-02-21 16:52 - 2017-02-21 16:52 - 00000000 ____D C:\Users\Gasour\AppData\Local\Steam
2017-02-21 16:52 - 2017-02-21 16:52 - 00000000 ____D C:\Users\Gasour\AppData\Local\CEF
2017-02-21 16:51 - 2017-02-23 15:02 - 00000000 ____D C:\Users\Gasour\AppData\Local\AMD
2017-02-21 16:51 - 2017-02-21 16:51 - 00000000 ____D C:\Users\Gasour\AppData\Local\Comms
2017-02-21 16:49 - 2017-02-21 16:49 - 00000555 _____ C:\Users\Public\Desktop\Steam.lnk
2017-02-21 16:49 - 2017-02-21 16:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-21 16:41 - 2017-03-06 21:00 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-21 16:41 - 2017-02-21 16:48 - 00000000 ____D C:\Users\Gasour\AppData\Local\Google
2017-02-21 16:41 - 2017-02-21 16:41 - 00000000 ____D C:\Users\Gasour\AppData\LocalLow\AMD
2017-02-21 16:39 - 2017-03-14 20:05 - 02094390 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-21 16:39 - 2017-02-22 23:20 - 00000000 ____D C:\AMD
2017-02-21 16:39 - 2017-02-21 17:01 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-21 16:38 - 2017-03-03 18:47 - 00003292 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-21 16:38 - 2017-02-21 16:38 - 00000000 ____D C:\Users\Gasour\AppData\Local\MicrosoftEdge
2017-02-21 16:37 - 2017-03-03 18:47 - 00002397 _____ C:\Users\Gasour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-21 16:37 - 2017-03-03 18:47 - 00000000 ___RD C:\Users\Gasour\OneDrive
2017-02-21 16:37 - 2017-02-21 16:37 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\Skype
2017-02-21 16:36 - 2017-02-21 16:36 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-02-21 16:35 - 2017-03-13 20:23 - 00000000 ____D C:\Users\Gasour\AppData\Local\Packages
2017-02-21 16:35 - 2017-03-12 23:42 - 00000000 ____D C:\Users\Gasour
2017-02-21 16:35 - 2017-02-21 22:49 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-21 16:35 - 2017-02-21 22:49 - 00000000 ____D C:\Users\Gasour\AppData\Local\ConnectedDevicesPlatform
2017-02-21 16:35 - 2017-02-21 16:35 - 00000020 ___SH C:\Users\Gasour\ntuser.ini
2017-02-21 16:35 - 2017-02-21 16:35 - 00000000 _SHDL C:\Users\Gasour\Šablony
2017-02-21 16:35 - 2017-02-21 16:35 - 00000000 _SHDL C:\Users\Gasour\Soubory cookie
2017-02-21 16:35 - 2017-02-21 16:35 - 00000000 _SHDL C:\Users\Gasour\Poslední
2017-02-21 16:35 - 2017-02-21 16:35 - 00000000 _SHDL C:\Users\Gasour\Okolní tiskárny
2017-02-21 16:35 - 2017-02-21 16:35 - 00000000 _SHDL C:\Users\Gasour\Okolní síť
2017-02-21 16:35 - 2017-02-21 16:35 - 00000000 _SHDL C:\Users\Gasour\Nabídka Start
2017-02-21 16:35 - 2017-02-21 16:35 - 00000000 _SHDL C:\Users\Gasour\Dokumenty
2017-02-21 16:35 - 2017-02-21 16:35 - 00000000 _SHDL C:\Users\Gasour\Documents\Obrázky
2017-02-21 16:35 - 2017-02-21 16:35 - 00000000 _SHDL C:\Users\Gasour\Documents\Hudba
2017-02-21 16:35 - 2017-02-21 16:35 - 00000000 _SHDL C:\Users\Gasour\Documents\Filmy
2017-02-21 16:35 - 2017-02-21 16:35 - 00000000 _SHDL C:\Users\Gasour\Data aplikací
2017-02-21 16:35 - 2017-02-21 16:35 - 00000000 _SHDL C:\Users\Gasour\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2017-02-21 16:35 - 2017-02-21 16:35 - 00000000 _SHDL C:\Users\Gasour\AppData\Local\Data aplikací
2017-02-21 16:35 - 2017-02-21 16:35 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\Adobe
2017-02-21 16:35 - 2017-02-21 16:35 - 00000000 ____D C:\Users\Gasour\AppData\Local\VirtualStore
2017-02-21 16:35 - 2017-02-21 16:35 - 00000000 ____D C:\Users\Gasour\AppData\Local\TileDataLayer
2017-02-21 16:35 - 2017-02-21 16:35 - 00000000 ____D C:\Users\Gasour\AppData\Local\Publishers
2017-02-21 16:34 - 2017-02-21 16:34 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\VirtualStore
2017-02-21 16:34 - 2017-02-21 16:34 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\TileDataLayer
2017-02-21 16:34 - 2017-02-21 16:34 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2017-02-21 16:34 - 2017-02-21 16:34 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\ConnectedDevicesPlatform
2017-02-21 16:33 - 2017-02-21 16:33 - 00000020 ___SH C:\Users\defaultuser0\ntuser.ini
2017-02-21 16:33 - 2017-02-21 16:33 - 00000000 _SHDL C:\Users\defaultuser0\My Documents
2017-02-21 16:33 - 2017-02-21 16:33 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Videos
2017-02-21 16:33 - 2017-02-21 16:33 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Pictures
2017-02-21 16:33 - 2017-02-21 16:33 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Music
2017-02-21 16:33 - 2017-02-21 16:33 - 00000000 ____D C:\Users\defaultuser0
2017-02-21 16:33 - 2016-07-16 12:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-02-21 16:02 - 2017-03-14 20:08 - 00000000 ___HD C:\$SysReset

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-22 01:20 - 2015-12-25 03:55 - 00008192 __RSH C:\BOOTSECT.BAK
2017-02-22 01:10 - 2016-07-16 07:04 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-02-22 01:10 - 2016-07-16 07:04 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe

==================== Files in the root of some directories =======

2017-02-21 17:03 - 2017-02-21 17:03 - 0000003 _____ () C:\Users\Gasour\AppData\Local\updater.log
2017-02-21 17:03 - 2017-02-21 17:03 - 0000424 _____ () C:\Users\Gasour\AppData\Local\UserProducts.xml

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-11 12:03

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (SSD) (Fixed) (Total:111.35 GB) (Free:51.7 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Instal) (Fixed) (Total:2794.39 GB) (Free:2585.42 GB) NTFS
Drive f: (Zaloha) (Fixed) (Total:931.41 GB) (Free:929.81 GB) NTFS

Available physical RAM: 6488.21 MB
Total physical RAM: 8093.58 MB
Percentage of memory in use: 19%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 3FD74DAD)
Partition 1: (Active) - (Size=111.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: ECBEDB4D)
Partition 1: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-3321698757-2860505083-3092554707-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Gasour\Desktop" je 8 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]


==================== End Of Log ==============================

Re: adware

Napsal: 14 bře 2017 20:20
od Gasour
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-03-2017
Ran by Gasour (14-03-2017 20:16:34)
Running from C:\Users\Gasour\Desktop
Windows 10 Pro Version 1607 (X64) (2017-02-21 15:34:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3321698757-2860505083-3092554707-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3321698757-2860505083-3092554707-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3321698757-2860505083-3092554707-1000 - Limited - Disabled) => C:\Users\defaultuser0
Gasour (S-1-5-21-3321698757-2860505083-3092554707-1001 - Administrator - Enabled) => C:\Users\Gasour
Guest (S-1-5-21-3321698757-2860505083-3092554707-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3321698757-2860505083-3092554707-1001\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Age of Mythology: Extended Edition (HKLM\...\Steam App 266840) (Version: - SkyBox Labs)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.)
amulesw (HKLM-x32\...\{13D7C2E9-08E7-4889-94FF-87E707184E53}) (Version: 1.0.7 - amules) <==== ATTENTION
ARK: Survival Evolved (HKLM\...\Steam App 346110) (Version: - Studio Wildcard)
Atom (HKU\S-1-5-21-3321698757-2860505083-3092554707-1001\...\atom) (Version: 1.15.0 - GitHub Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.2.2288 - AVAST Software)
BikaQ Rss (HKLM-x32\...\{78A2D999-4673-4FCC-818E-57B0AF8F3B70}) (Version: 2.0.16 - BikaQ) <==== ATTENTION
BioShock Infinite (HKLM\...\Steam App 8870) (Version: - Irrational Games)
Catalyst Control Center Next Localization BR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0230 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-3321698757-2860505083-3092554707-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
GameRanger (HKU\S-1-5-21-3321698757-2860505083-3092554707-1001\...\GameRanger) (Version: - GameRanger Technologies)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.98 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grand Theft Auto V (HKLM\...\Steam App 271590) (Version: - Rockstar North)
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
League of Legends (x32 Version: 4.2.1 - Riot Games) Hidden
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version: - Valve)
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.558 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.558 - LogMeIn, Inc.) Hidden
Mafia II (HKLM\...\Steam App 50130) (Version: - 2K Czech)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3321698757-2860505083-3092554707-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2016 - slovenčina (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Northgard (HKLM\...\Steam App 466560) (Version: - Shiro Games)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Rust (HKLM\...\Steam App 252490) (Version: - Facepunch Studios)
SafeZone Stable 3.55.2393.590 (x32 Version: 3.55.2393.590 - Avast Software) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.1 - TeamSpeak Systems GmbH)
Terraria (HKLM\...\Steam App 105600) (Version: - Re-Logic)
The Battle for Middle-earth (tm) (HKLM-x32\...\{962E05CF-3394-496D-0091-850CF1762F6B}) (Version: - )
The Battle for Middle-earth (tm) II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version: - )
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Forest (HKLM\...\Steam App 242760) (Version: - Endnight Games Ltd)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM\...\Steam App 20920) (Version: - CD PROJEKT RED)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.0a - Ghisler Software GmbH)
Update_msi (HKLM-x32\...\{59B5A9CD-253D-4C41-A073-B387D4C9672D}) (Version: 1.0.0 - Default Company Name)
Wallpaper Engine (HKLM\...\Steam App 431960) (Version: - Kristjan Skutta)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinSnare (HKLM-x32\...\{36C065F3-1232-4BEF-9948-B47CD2ED68CF}) (Version: 4.3.0 - WinSnare) <==== ATTENTION
YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-3321698757-2860505083-3092554707-1001\...\ChromeHTML: -> C:\Program Files (x86)\Noflat\Application\chrome.exe (Google Inc.) <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C4F8C65-29B0-4C9B-BBFD-89DEEB2B86C2} - System32\Tasks\Gherceshbernotion Schedule => C:\Program Files (x86)\Voniing\xcervoly.exe [2017-03-06] (Glarysoft Ltd)
Task: {214AD234-282D-4BB2-9AAD-3B1B6445FBEE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-06] (Google Inc.)
Task: {300D5146-02ED-446E-99E8-5012D540D235} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
Task: {44F7F869-76E5-47CD-8A4D-F7172E604577} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2016-07-11] ()
Task: {4E9D5F46-B5E5-435E-8038-571CBA9EF7E6} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-03-11] (AVAST Software)
Task: {7C7947DB-FA5B-497C-9A70-976CBD56B59C} - System32\Tasks\update-S-1-5-21-3321698757-2860505083-3092554707-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2016-07-11] ()
Task: {9844DCD9-0AC2-422F-A591-87921CA9B169} - System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel => C:\Program Files (x86)\BikaQRss\BikaQ.exe [2017-02-23] (IEC) <==== ATTENTION
Task: {AC2A6845-9140-4FDD-A40E-4D558F98B4C5} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-02-06] ()
Task: {C08F0B81-463A-470E-A31A-DDE041734CC0} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-03-11] (AVAST Software)
Task: {D240BB0B-1AFF-4AF5-932C-543147F7CC04} - System32\Tasks\SafeZone scheduled Autoupdate 1489235987 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-03] (Avast Software)
Task: {D3F08142-009D-475C-B127-7633C9F581E2} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-28] (Adobe Systems Incorporated)
Task: {D7546116-4EF9-4B07-8DB6-536C82E60F7C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {DFC4C692-68DB-41D0-9A11-7B1E65672F99} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {E28CDD2D-F7E7-4FF0-9177-265E7AC973BB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-06] (Google Inc.)
Task: {EFC4878B-0A0E-4924-883F-207FB39D6B35} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-3321698757-2860505083-3092554707-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Gasour\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Noflat\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Gasour\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Noflat\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Gasour\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Noflat\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Noflat\Application\chrome.exe (Google Inc.)

ShortcutWithArgument: C:\Users\Gasour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.startpageing123.com/?type=sc&ts=148 ... 016X120AGN

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-16 17:10 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-03-06 18:46 - 2017-03-06 18:46 - 00306176 _____ () C:\Program Files (x86)\Gherceshbernotion Schedule\local64spl.dll
2016-12-16 17:10 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-16 17:10 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-09 05:45 - 2016-10-09 05:45 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-12 17:06 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-12 17:05 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-12 17:05 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-12 17:05 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-12 17:05 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-12 17:06 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-21 16:54 - 2017-02-21 16:55 - 00894464 _____ () D:\Steam\steamapps\common\wallpaper_engine\wallpaper64.exe
2017-03-14 19:39 - 2017-03-10 03:23 - 00104624 _____ () C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
2017-03-09 20:37 - 2017-03-09 20:38 - 00055808 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.79.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2017-02-22 15:55 - 2017-02-22 15:55 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 15:55 - 2017-02-22 15:55 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 15:55 - 2017-02-22 15:55 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-21 17:18 - 2017-02-21 17:18 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2017-03-14 19:40 - 2016-05-23 03:37 - 00065696 _____ () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
2017-03-14 19:40 - 2016-05-23 03:37 - 00179200 _____ () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
2017-03-11 13:35 - 2017-03-11 13:35 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-03-11 13:35 - 2017-03-11 13:35 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-03-11 13:35 - 2017-03-11 13:35 - 00290352 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-02-22 01:13 - 2017-02-22 01:11 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3321698757-2860505083-3092554707-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-3321698757-2860505083-3092554707-1001\...\StartupApproved\StartupFolder: => "GameRanger.lnk"
HKU\S-1-5-21-3321698757-2860505083-3092554707-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3321698757-2860505083-3092554707-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3321698757-2860505083-3092554707-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3321698757-2860505083-3092554707-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3321698757-2860505083-3092554707-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{340960F5-3AFB-4670-BB9A-8FD5D7B1684F}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{39E86A1B-B85E-4B4E-BD50-95363754B5B8}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{D7B84A0D-13ED-474D-9FD0-4BAB8B72E333}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8228489A-0524-49B4-822A-7978326E939F}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{AB050691-2A83-44A8-857F-EB48539176BD}] => (Allow) D:\Steam\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{0710AB61-DD77-404C-B811-DF2596B24398}] => (Allow) D:\Steam\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{D499766B-073E-4A9B-838B-2228D049D6F2}] => (Allow) C:\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{E93AB0EC-65C8-4DFD-A6A6-E509A20699DB}] => (Allow) C:\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{E58D86DA-6B03-4F3B-A70F-F986C4966734}] => (Allow) D:\Steam\steamapps\common\Mafia II\pc\mafia2.exe
FirewallRules: [{951D8ADE-E143-4983-81C6-9A271E956036}] => (Allow) D:\Steam\steamapps\common\Mafia II\pc\mafia2.exe
FirewallRules: [TCP Query User{21C1ADF1-66A1-4117-9239-D90846CD47B0}D:\rustserver\rustdedicated.exe] => (Allow) D:\rustserver\rustdedicated.exe
FirewallRules: [UDP Query User{4D336F64-B2D4-4ADD-BF39-F7AE5F519F3D}D:\rustserver\rustdedicated.exe] => (Allow) D:\rustserver\rustdedicated.exe
FirewallRules: [{0F4A7D2C-1E07-47F4-AF40-6FEECD90860A}] => (Allow) C:\Users\Gasour\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0E89DEE0-0350-4711-83A0-3FB3752FC6DD}] => (Allow) C:\Users\Gasour\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{730AA4F6-4052-4D12-A8DB-3370FAFB61AF}] => (Allow) C:\Users\Gasour\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{428FF396-46F2-4C0C-A2AF-CDD4F40CDE56}] => (Allow) C:\Users\Gasour\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8E2AC46A-D2EB-44C5-9595-E4A281693F67}] => (Allow) C:\Users\Gasour\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B7F04778-B8DB-40F2-B4D4-09192F7EE549}] => (Allow) C:\Users\Gasour\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{99E8629B-9FC2-484C-AAB8-77366F4167C5}] => (Allow) D:\Games\Lotr II\game.dat
FirewallRules: [{2C407BC0-D2F0-4B1F-9F08-01D08DAA20E9}] => (Allow) D:\Games\Lotr II\game.dat
FirewallRules: [{27AE3800-0021-43EA-B1B6-C63F2B4A2A3C}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{280AFA17-2770-4AE3-851B-A8DA36CCE941}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{ABBD484E-CCB5-4B3D-97E6-BAF754A483DD}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{806EBD85-1A1D-41DB-BBF8-ABF0D4DEF7A5}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [TCP Query User{9398B812-5BEB-4D61-BD44-B8C2AAE9F310}C:\users\gasour\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\gasour\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [UDP Query User{32D91834-1799-4029-ABF6-D7729B477A81}C:\users\gasour\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\gasour\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [{13F12A1C-B57A-426A-AD43-987C4978CB25}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{BF539132-6D82-44A1-947D-372BEDC33C0E}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{668F6947-3549-40F1-B8F4-131F6ABD7110}] => (Allow) D:\Games\Lotr I\game.dat
FirewallRules: [{06125E9F-9D76-45E7-8297-FDD29876E255}] => (Allow) D:\Games\Lotr I\game.dat
FirewallRules: [{025C978B-C266-4BD5-BADE-8A67A6388903}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{11968BC0-FC9A-4DAF-8F27-B4D7075086DB}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
FirewallRules: [{ABB98072-8937-477D-B03F-F5F584D25E23}] => (Allow) D:\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{669B841F-2D13-4C2A-9933-0275153C8B54}] => (Allow) D:\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{4E463D5C-D1D5-4977-B720-3594273D39B8}] => (Allow) D:\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{B1439EB2-D1B9-4456-BF9A-73BE26D186AA}] => (Allow) D:\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{7733B230-6598-4807-86B5-B0E3C1E4960B}] => (Allow) C:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{063D1951-CBC5-4AD7-9478-4EDD5B733E3F}] => (Allow) C:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{FAF337BA-6127-4031-AA07-42D700EB443C}] => (Allow) D:\Steam\steamapps\common\Northgard\Northgard.exe
FirewallRules: [{FE19603F-2680-44EF-8F82-054AD1EBD54E}] => (Allow) D:\Steam\steamapps\common\Northgard\Northgard.exe
FirewallRules: [{FEC59FFD-6587-42E3-A6BE-D43EFB74FD8C}] => (Allow) D:\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{ED7A567A-6BE2-4438-ADD6-996A20EBB9FF}] => (Allow) D:\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{F4DA7898-B379-482F-9AB6-FFBA10D826FD}] => (Allow) D:\Steam\steamapps\common\Age of Mythology\Launcher.exe
FirewallRules: [{CDA5E8EB-AC8D-494F-990A-569924144A9B}] => (Allow) D:\Steam\steamapps\common\Age of Mythology\Launcher.exe
FirewallRules: [{9E86CE74-98EB-4FD3-A906-67E95CABEF37}] => (Allow) D:\Steam\steamapps\common\Age of Mythology\aomx.exe
FirewallRules: [{EF96999F-73BE-4FD2-A19C-B3A0E0F9CE1D}] => (Allow) D:\Steam\steamapps\common\Age of Mythology\aomx.exe
FirewallRules: [{A7AC6340-2EDC-4074-AD33-2FBE5526E6CD}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590\SZBrowser.exe
FirewallRules: [TCP Query User{FAD51EA8-1F19-48DD-AAFB-AFC04CDC3397}D:\totalcmd\totalcmd64.exe] => (Allow) D:\totalcmd\totalcmd64.exe
FirewallRules: [UDP Query User{356D4BC3-285C-4BA3-B013-18083D043EBF}D:\totalcmd\totalcmd64.exe] => (Allow) D:\totalcmd\totalcmd64.exe
FirewallRules: [{2174AF16-5DB8-4F7A-9D72-C83D3A6F59D0}] => (Allow) D:\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{E0CB0FDD-73FA-470E-B5B3-704C010772F8}] => (Allow) D:\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{52458338-3959-40CD-B2C0-5EF464D22457}] => (Allow) D:\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{91C210E1-288C-4BE2-A12A-7F1A73433BD9}] => (Allow) D:\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{B6D538CE-7C45-44D1-8873-BDE5618849D6}] => (Allow) D:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{3A546836-E911-460B-8A25-294A9F6616FC}] => (Allow) D:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{6ADB59AA-129F-4B98-8AD2-6F2B01C565E0}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
FirewallRules: [{38494418-5228-4D70-B661-0304209CF09D}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
FirewallRules: [{E6E2EED3-4CF5-41AF-8F9F-7B618494F1F7}] => (Allow) C:\Program Files (x86)\Noflat\Application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/14/2017 07:44:29 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Při aktualizaci stavu Avast Antivirus na SECURITY_PRODUCT_STATE_ON došlo k chybě (chyba %3).

Error: (03/14/2017 07:44:29 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Při aktualizaci stavu Avast Antivirus na SECURITY_PRODUCT_STATE_ON došlo k chybě (chyba %3).

Error: (03/14/2017 07:36:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_wuauserv, verze: 10.0.14393.0, časové razítko: 0x57899b1c
Název chybujícího modulu: ntdll.dll, verze: 10.0.14393.479, časové razítko: 0x5825887f
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000009648f
ID chybujícího procesu: 0x20c
Čas spuštění chybující aplikace: 0x01d29cf16ae22d91
Cesta k chybující aplikaci: C:\WINDOWS\System32\svchost.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: 7b5f177d-5e84-4724-8310-d77f3ec75f57
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/13/2017 08:51:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: WorldBuilder.exe, verze: 2.0.0.0, časové razítko: 0x43dac0de
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x105e9c90
ID chybujícího procesu: 0x1684
Čas spuštění chybující aplikace: 0x01d29c33391b65c3
Cesta k chybující aplikaci: D:\Games\Lotr II\WorldBuilder.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: d0890516-49b5-4b9e-a544-ee3f92fdee75
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/13/2017 07:39:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Worldbuilder.exe verze 2.0.0.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 1edc

Čas spuštění: 01d29c24b8016cf5

Čas ukončení: 4294967295

Cesta k aplikaci: D:\Games\Lotr II\Worldbuilder.exe

ID hlášení: 5c639f23-081c-11e7-9ce9-74d02b359879

Úplný název balíčku s chybou:

ID aplikace související s balíčkem s chybou:

Error: (03/12/2017 11:07:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program game.dat verze 1.0.2194.40862 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 1bc8

Čas spuštění: 01d29b7c92bcd75d

Čas ukončení: 4294967295

Cesta k aplikaci: D:\Games\Lotr II\game.dat

ID hlášení: 3ad29b7e-0770-11e7-9ce8-74d02b359879

Úplný název balíčku s chybou:

ID aplikace související s balíčkem s chybou:

Error: (03/12/2017 10:38:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: game.dat, verze: 1.0.2194.40862, časové razítko: 0x43e44b4a
Název chybujícího modulu: game.dat, verze: 1.0.2194.40862, časové razítko: 0x43e44b4a
Kód výjimky: 0xc0000005
Posun chyby: 0x0026a7ef
ID chybujícího procesu: 0x1e34
Čas spuštění chybující aplikace: 0x01d29b77cac8117f
Cesta k chybující aplikaci: D:\Games\Lotr II\game.dat
Cesta k chybujícímu modulu: D:\Games\Lotr II\game.dat
ID zprávy: c87bac36-73d7-48ec-89f3-1392e0e07d47
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/11/2017 06:08:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Video.UI.exe, verze: 10.17012.1030.0, časové razítko: 0x58a42d56
Název chybujícího modulu: twinapi.appcore.dll, verze: 10.0.14393.206, časové razítko: 0x57daca78
Kód výjimky: 0xc000027b
Posun chyby: 0x000000000006d1c4
ID chybujícího procesu: 0x1938
Čas spuštění chybující aplikace: 0x01d29a8a041c0542
Cesta k chybující aplikaci: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17012.10301.0_x64__8wekyb3d8bbwe\Video.UI.exe
Cesta k chybujícímu modulu: C:\Windows\System32\twinapi.appcore.dll
ID zprávy: 7cdd921d-8f03-4392-accc-ea13d87a0127
Úplný název chybujícího balíčku: Microsoft.ZuneVideo_10.17012.10301.0_x64__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: Microsoft.ZuneVideo

Error: (03/11/2017 01:35:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll se nezdařilo.
Závislé sestavení Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (03/11/2017 01:22:09 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: DESKTOP-C36U1O7)
Description: Aplikaci nebo službu ed2k idle service nelze restartovat.


System errors:
=============
Error: (03/14/2017 08:13:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
a APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/14/2017 08:13:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Kyubey neuspěla při spuštění v důsledku následující chyby:
Aplikaci Kyubey nelze spustit v režimu Win32.

Error: (03/14/2017 08:13:32 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (19:59:53, ‎14.‎03.‎2017) bylo neočekávané.

Error: (03/14/2017 08:08:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/14/2017 08:00:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
a APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/14/2017 07:55:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/14/2017 07:53:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba WIM Performance Adapter byla ukončena s následující chybou:
Operace nebyla úspěšně dokončena, protože soubor obsahuje virus nebo potenciálně nežádoucí software.

Error: (03/14/2017 07:51:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
a APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/14/2017 07:49:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/14/2017 07:40:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba YAC Kit Driver neuspěla při spuštění v důsledku následující chyby:
Požadavek není podporován.


CodeIntegrity:
===================================
Date: 2017-03-14 20:15:38.190
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2017-03-14 20:01:15.842
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2017-03-14 19:53:22.091
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2017-03-06 17:33:07.198
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-05 17:14:03.087
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-03 18:56:55.027
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD FX(tm)-6300 Six-Core Processor
Percentage of memory in use: 19%
Total physical RAM: 8093.58 MB
Available physical RAM: 6488.21 MB
Total Virtual: 13981.58 MB
Available Virtual: 12251.68 MB

==================== Drives ================================

Drive c: (SSD) (Fixed) (Total:111.35 GB) (Free:51.7 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Instal) (Fixed) (Total:2794.39 GB) (Free:2585.42 GB) NTFS
Drive f: (Zaloha) (Fixed) (Total:931.41 GB) (Free:929.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 3FD74DAD)
Partition 1: (Active) - (Size=111.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: ECBEDB4D)
Partition 1: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Re: adware

Napsal: 14 bře 2017 20:51
od altrok
:arrow: Od minuleho topicu je pocitac zaplevelenej jeste mnohem vic. Tohle je opravdu sila. Modni prehlidka nejcastejsi soucasne haveti. Nuz, zacneme ji odstrelovat :baby:



:arrow: Mate vypnutou funkci bodu obnoveni - velice doporucuji tuto funkci zapnout.
  • Kliknete pravym na Tento pocitac -> Vlastnosti -> Upresnit nastaveni systemu -> nahore zalozka Ochrana systemu -> oznacte systemovy disk (vetsinou C: ) -> Konfigurovat -> vyberte Obnovit nastaveni systemu a predchozi verze souboru a ulozte klikem na Pouzit.
  • Pokud si chcete hrat s velikosti mista na disku, ktere je vyuzito body obnoveni, nedoporucuji tuto hranici snizovat pod 1 GB. Pokud mate mista na disku dost, ponechte defaultni 3-5% vyuziti disku.

  • Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
  • ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
  • znovu spustte FRST a kliknete na Fix
  • po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

    Kód: Vybrat vše

    Start
CreateRestorePoint:
CloseProcesses:
File: C:\Program Files (x86)\Gherceshbernotion Schedule\local64spl.dll
Folder: C:\Program Files (x86)\Gherceshbernotion Schedule
File: C:\Program Files (x86)\Voniing\Shuzutain.dll
Folder: C:\Program Files (x86)\Voniing
File: C:\Users\Gasour\AppData\Roaming\WinSnare\WinSnare.dll
File: C:\Users\Gasour\AppData\Roaming\WinSAPSvc\WinSAP.dll
File: C:\Program Files (x86)\Voniing\xcervoly.exe
HKU\S-1-5-21-3321698757-2860505083-3092554707-1001\...\Run: [DAEMON Tools Lite Automount] => D:\Instal\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-07] (Disc Soft Ltd)
HKLM\...\Providers\m6w1mwfw: C:\Program Files (x86)\Gherceshbernotion Schedule\local64spl.dll [306176 2017-03-06] ()
ShellExecuteHooks: No Name - {8155A07A-FD98-11E6-8065-64006A5CFC23} - C:\Program Files (x86)\Voniing\Shuzutain.dll [144896 2017-03-06] ()
File: C:\Users\Gasour\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp ... 016X120AGN
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp ... 016X120AGN
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/? ... X120AGN&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/? ... X120AGN&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp ... 016X120AGN
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp ... 016X120AGN
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/? ... X120AGN&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/? ... X120AGN&q={searchTerms}
HKU\S-1-5-21-3321698757-2860505083-3092554707-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp ... 016X120AGN
HKU\S-1-5-21-3321698757-2860505083-3092554707-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp ... 016X120AGN
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/? ... X120AGN&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/? ... X120AGN&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/? ... X120AGN&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/? ... X120AGN&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3321698757-2860505083-3092554707-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/? ... X120AGN&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3321698757-2860505083-3092554707-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/? ... X120AGN&q={searchTerms}
Edge HomeButtonPage: HKU\S-1-5-21-3321698757-2860505083-3092554707-1001 -> hxxp://www.startpageing123.com/?type=hp ... 016X120AGN
FF Extension: (FF Adr) - C:\Users\Gasour\AppData\Roaming\Firefox\Firefox\Profiles\fscuvsb6.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-03-14] [not signed]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\Gasour\AppData\Roaming\Firefox\Firefox\Profiles\fscuvsb6.default\Extensions\langpack-cs@firefox.mozilla.org.xpi [2017-03-14] [not signed]
FF SearchPlugin: C:\Users\Gasour\AppData\Roaming\Firefox\Firefox\Profiles\fscuvsb6.default\searchplugins\startsearch.xml [2017-03-14]
CHR HomePage: Profile 2 -> hxxp://www.startpageing123.com/?type=hp ... 016X120AGN
CHR StartupUrls: Profile 2 -> "hxxp://www.google.com/","hxxps://www.google.cz/","hxxp://www.startpageing123.com/?type=hp&ts=1489516656&z=6fea166b863877980f694d9g0zcbbt5w6g8qbq3w0g&from=che0812&uid=INTELXSSDSC2BW120H6_CVTR5292016X120AGN"
HKU\S-1-5-21-3321698757-2860505083-3092554707-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Noflat\Application\chrome.exe (Google Inc.) <==== ATTENTION
R2 ed2kidle; C:\Program Files (x86)\amulell\ed2k.exe [214528 2017-03-10] (hxxp://www.amuleall.org/) [File not signed]
File: C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
DisableService: FirefoxU
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [131024 2016-12-02] (Elex do Brasil Participações Ltda)
R2 WinSAPSvc; C:\Users\Gasour\AppData\Roaming\WinSAPSvc\WinSAP.dll [184320 2017-03-13] (Windows) [File not signed]
R2 WinSnare; C:\Users\Gasour\AppData\Roaming\WinSnare\WinSnare.dll [776704 2017-03-14] (InterSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-23] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\WINDOWS\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-23] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\WINDOWS\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participações Ltda)
2017-03-14 19:40 - 2017-03-14 19:40 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\Elex-tech
2017-03-14 19:40 - 2017-03-14 19:40 - 00000000 ____D C:\Program Files (x86)\Elex-tech
2017-03-14 19:40 - 2016-05-23 03:41 - 00055056 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys
2017-03-14 19:40 - 2016-05-19 07:42 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
2017-03-14 19:37 - 2017-03-14 19:37 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
2017-03-14 19:37 - 2017-03-14 19:37 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\aMule
2017-03-14 19:37 - 2017-03-14 19:37 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.3.0)
2017-03-14 19:37 - 2017-03-14 19:37 - 00000000 ____D C:\Program Files (x86)\amulell
2017-03-14 19:37 - 2017-03-14 19:37 - 00000000 ____D C:\Program Files (x86)\58C83881_cacayima
2017-03-13 19:09 - 2017-03-14 20:13 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\Kyubey
2017-03-13 19:09 - 2017-03-14 19:37 - 00003676 _____ C:\WINDOWS\System32\Tasks\Milimili
2017-03-13 19:09 - 2017-03-14 19:37 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\WinSnare
2017-03-13 19:09 - 2017-03-14 19:33 - 00000000 ____D C:\Program Files (x86)\BikaQRss
2017-03-13 19:09 - 2017-03-13 19:09 - 00003342 _____ C:\WINDOWS\System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel
2017-03-13 19:09 - 2017-03-13 19:09 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\WinSAPSvc
2017-03-13 19:09 - 2017-03-13 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ
2017-03-13 19:05 - 2017-03-13 19:05 - 00000000 ____D C:\Program Files\m6w1mwfw
2017-03-12 12:24 - 2017-03-12 12:24 - 00000000 ____D C:\rsit
2017-03-12 12:24 - 2017-03-12 12:24 - 00000000 ____D C:\Program Files\trend micro
2017-03-12 12:23 - 2017-03-12 12:24 - 01222144 _____ C:\Users\Gasour\Downloads\RSITx64.exe
2017-03-11 13:21 - 2017-03-11 13:21 - 00000000 ____D C:\Users\Gasour\Documents\aMule Downloads
2017-03-06 20:54 - 2017-03-06 20:54 - 00000000 ____D C:\Users\Gasour\AppData\Roaming\Sibuspgucipy
2017-03-06 18:46 - 2017-03-13 19:05 - 00000000 ____D C:\Program Files (x86)\Voniing
2017-03-06 18:46 - 2017-03-06 18:47 - 00000000 ____D C:\Users\Gasour\AppData\Local\Cumospthejise
2017-03-06 18:46 - 2017-03-06 18:46 - 00006168 _____ C:\WINDOWS\System32\Tasks\Gherceshbernotion Schedule
2017-03-06 18:46 - 2017-03-06 18:46 - 00000000 ____D C:\Program Files (x86)\Gherceshbernotion Schedule
Folder: "C:\WINDOWS\system32\˙˙˙˙˙˙˙˙8"
Task: {9844DCD9-0AC2-422F-A591-87921CA9B169} - System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel => C:\Program Files (x86)\BikaQRss\BikaQ.exe [2017-02-23] (IEC) <==== ATTENTION
Task: C:\WINDOWS\Tasks\update-S-1-5-21-3321698757-2860505083-3092554707-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: {44F7F869-76E5-47CD-8A4D-F7172E604577} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2016-07-11] ()
Task: {0C4F8C65-29B0-4C9B-BBFD-89DEEB2B86C2} - System32\Tasks\Gherceshbernotion Schedule => C:\Program Files (x86)\Voniing\xcervoly.exe [2017-03-06] (Glarysoft Ltd)
ShortcutWithArgument: C:\Users\Gasour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.startpageing123.com/?type=sc ... 016X120AGN
FirewallRules: [{6ADB59AA-129F-4B98-8AD2-6F2B01C565E0}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
FirewallRules: [{38494418-5228-4D70-B661-0304209CF09D}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
FirewallRules: [{E6E2EED3-4CF5-41AF-8F9F-7B618494F1F7}] => (Allow) C:\Program Files (x86)\Noflat\Application\chrome.exe
CMD: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromeHTML" /s
CMD: reg query HKU
CMD: dir "C:\Windows\Inf" /AD
CMD: dir "C:\PROGRA~1"
CMD: dir "C:\PROGRA~2"
CMD: dir "C:\PROGRA~3"
CMD: dir "%localappdata%"
CMD: dir "%appdata%"
Hosts:
EmptyTemp:
End

Re: adware

Napsal: 14 bře 2017 21:29
od Gasour
Nevím proč zdálo se to čísté. Udělal jsem nějakou podivnou reinstalaci systému. Data jsem v PC skoro žádná neměl a tak to nevadí. Udělal jsem log z FRST a chtěl bych se zeptat jestli to je čisté nebo pořád něco hrozí.

https://hastebin.com/lukusemumu.tex

Re: adware

Napsal: 14 bře 2017 21:39
od altrok
:arrow: Potrebuju videt i C:\Users\Gasour\Desktop\fixlog.txt


:arrow: Kdy jste sestrojil stroj casu? Co se delo zitra o pul seste rano? Jak dneska dopadne liga mistru?
Ran by Gasour (administrator) on DESKTOP-C36U1O7 (14-03-2017 21:21:22)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-15 05:49 - 2017-03-15 06:07 - 00000000 ____D C:\Windows.old

:arrow: Stale mate vypnute body obnoveni.

Re: adware

Napsal: 14 bře 2017 21:49
od Gasour
Fixlog není, protože jsem PC reinstaloval a udělal nový log zde: https://hastebin.com/rozicuyuli.tex

Přišlo mi to rozumnější než to celé pracně mazat. Je to týden co jsem dělal kompletní čistou reinstalaci. Tak se chci jen zeptat jestli tam teď už opravdu nic není.

Re: adware

Napsal: 14 bře 2017 21:58
od altrok
Takze chapu spravne, ze jste postnul logy, abyste hned v zapeti cely PC preinstaloval a ja nad nimi mezitim zbytecne travil 20 minut?

Tady uz havet nevidim, log je cisty.

Re: adware

Napsal: 14 bře 2017 22:07
od Gasour
Ano omlouvám se a děkuji za ochotu a pomoc a určitě pošlu dar na chod serveru.

Re: adware

Napsal: 14 bře 2017 22:08
od altrok
Nemate zac.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz