Zdravím,
před nedávnem se mi dostal nějakým způsobem do PC prográmek Kyubey.exe .
Dle Vašeho fóra jsem jej po několika pokusech dokázal odstranit. Přesto není vše v pořádku - v prohlížeči se přepisuje startovací stránka, manuálně nejde změnit nastavení prohlížeče, z reportu Hijackthis se mi nezdají určité údaje co by tam neměli být.
Dle návodu zasílám log FRST
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Golfstar (15-04-2017 00:38:49)
Running from C:\Users\Golfstar\Desktop
Windows 10 Pro Version 1511 (X64) (2016-07-23 11:10:22)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1702488835-1983202832-4074137989-500 - Administrator - Disabled)
Bíba (S-1-5-21-1702488835-1983202832-4074137989-1003 - Limited - Enabled) => C:\Users\Bíba
DefaultAccount (S-1-5-21-1702488835-1983202832-4074137989-503 - Limited - Disabled)
Golfstar (S-1-5-21-1702488835-1983202832-4074137989-1001 - Administrator - Enabled) => C:\Users\Golfstar
Guest (S-1-5-21-1702488835-1983202832-4074137989-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1702488835-1983202832-4074137989-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 16.04 (HKLM-x32\...\{23170F69-40C1-2701-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Aktualizace NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.2.0 - Canon Inc.)
Canon MG2900 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2900_series) (Version: 1.01 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.5.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.5.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.7.1 - Canon Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0230 - Disc Soft Ltd)
Dropbox (HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\...\Dropbox) (Version: 6.4.14 - Dropbox, Inc.)
EVE Online (HKLM-x32\...\{345CEED5-9EAD-41BE-A90F-F3F4B85BABAF}) (Version: 3.0.0 - CCP Games Ltd.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Gameforge Live 2.0.6 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.6 - Gameforge)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
Happy Cloud Client (HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\...\HappyCloud) (Version: 4.28 - Happy Cloud, Inc.)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NVIDIA Ovladač 3D Vision 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenOffice 4.1.3 (HKLM-x32\...\{7308600A-5231-459C-A3E2-A637F842CACA}) (Version: 4.13.9783 - Apache Software Foundation)
Opera Stable 34.0.2036.50 (HKLM-x32\...\Opera 34.0.2036.50) (Version: 34.0.2036.50 - Opera Software)
Opera Stable 44.0.2510.857 (HKLM-x32\...\Opera 44.0.2510.857) (Version: 44.0.2510.857 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.4.3.15631 - Electronic Arts, Inc.)
Ovládací panel NVIDIA 342.01 (Version: 342.01 - NVIDIA Corporation) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.2 - pdfforge)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7293 - Realtek Semiconductor Corp.)
Registrace uživatele zařízení Canon MG2900 series (HKLM-x32\...\Registrace uživatele zařízení Canon MG2900 series) (Version: - Canon Inc.)
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
UFO Aftermath (HKLM-x32\...\{3699BC50-DA7B-4DA7-BB43-2981C9178FAD}) (Version: 1.4 - )
Unity Web Player (HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
youndoo - Uninstall (HKLM-x32\...\{743EE930-C9C3-4FE0-83C0-95B2544F3C71}) (Version: - ) <==== ATTENTION
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0A6FE069-5CDF-4D9B-9C4F-E1914735F01C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-11] (Adobe Systems Incorporated)
Task: {0B97D483-F3FF-47E9-A5DD-39F73D90B625} - System32\Tasks\{B0398A1E-36C7-43FB-9909-CFEF2DB23E1A} => pcalua.exe -a C:\Users\Golfstar\AppData\Local\Temp\Temp1_realtek_hd_audio.zip\Realtek_6.0.1.7293\Setup.exe <==== ATTENTION
Task: {21C2BF43-31B0-42DD-B520-C8F94F9CCFBC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {21E0D8FE-3E38-4EFC-BBBD-78E37A315D93} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {22E3C4B9-CF31-4D7A-851F-740850291ABD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {26637E59-CBD2-425C-98F5-ACB0EF26D2A2} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {2CD7CD30-B2A7-44AD-ACBC-CACED2F0A9FF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {325C5FA8-56E6-4F38-8F0B-D0C08199727E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3350CA44-F2DB-4495-9FF3-DBAD35A84FC5} - System32\Tasks\Ranient Host => C:\Program Files (x86)\Votyphalury\xrerqty.exe
Task: {351E4305-5CAF-4135-B01F-D8A81E0C30C4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_148_pepper.exe [2017-04-11] (Adobe Systems Incorporated)
Task: {35ADB62C-5AE3-4686-8C74-A75455923BA7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {3C290BF5-B1CF-4247-BD5A-08704D45A18C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {3EB4F7C0-D470-42AC-9F69-F75EB8924910} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1003Core => C:\Users\Bíba\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-09-22] (Facebook Inc.)
Task: {446A4685-4EF6-43E0-BCC8-1C265023A7DA} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {49F13AD9-E445-4192-9689-D6BCBA4B827F} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {5534D8DC-73FD-4290-B4BB-EAAD8B1B69EE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {590136F4-1338-441C-90CC-EE8CC9080098} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {5FD9F7D4-A622-48CB-9F0D-AB935077E1B4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {6244A5ED-BF59-461D-9803-A8B9D5E447A4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {645C87A4-F131-494C-9765-880D5899E9F5} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {64607E21-419A-4421-903B-A8C867C6C856} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {7054D474-3647-4FB4-8E98-BB6FF4F539AA} - System32\Tasks\SafeZone scheduled Autoupdate 1458712455 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {721363B0-D0E1-4411-99CC-48730BD18A95} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {74BD4118-8CB5-41BE-B8A0-3EBB5C4027D7} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1001Core => C:\Users\Golfstar\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {7760CE39-1015-470E-8C8A-AD987D7A803D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {788D79D3-4858-4C4C-B77D-76CAC4C65228} - System32\Tasks\{003EDB46-6616-4516-9878-8D6C1A36F450} => pcalua.exe -a F:\SCHMIDT\SpielefürKids\SpielefürKids.exe -d F:\SCHMIDT\SpielefürKids
Task: {7A237F8B-5BD8-4A0C-871C-6A75DFFEC5CE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {7AB30839-C362-48AA-B746-08DE0D5AAB55} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {81EB9F5C-B447-49F9-88DE-B24281D8CC28} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {86CEE7C3-ABA2-4C1F-BFC3-79E36ECB52A0} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-04] (AVAST Software)
Task: {880A33C5-7226-4395-9D58-FAE99A8988F4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8F9EA8C8-9746-40A0-A3A6-3AE2E6C9CC20} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {91E9D3D5-A53E-442F-850A-E64717B9CCC5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {92E24798-09B3-45C3-8AFE-902F2E509CF8} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {9C5D9140-0490-4ED6-A447-B1FCBD9312A9} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {9C7D3BB6-7582-4D77-AEE4-C9144D1204A0} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {9CD37173-D474-4555-B53F-56EA145611A5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {9E0D51EC-E685-4A22-8110-706C4BAD02A2} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
Task: {9F660A57-81D9-4D2C-84D4-8BD8D268535A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1003UA => C:\Users\Bíba\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-09-22] (Facebook Inc.)
Task: {A12164E5-1E40-4DD3-94BA-8E42211AFF1C} - System32\Tasks\Opera scheduled Autoupdate 1423217291 => C:\Program Files (x86)\Opera\launcher.exe [2017-03-21] (Opera Software)
Task: {A40E63B7-966A-4F40-9256-AC406E91BE31} - System32\Tasks\AdobeAAMUpdater-1.0-Golfstar1-Golfstar => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {B1D3E821-3952-4F44-BFBC-BBE02D001D8C} - System32\Tasks\AdobeAAMUpdater-1.0-Golfstar1-Bíba => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {B3B71E96-A33F-440B-8FA1-3865900981C0} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {B767CCB0-721D-4365-936A-F57044B527E2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BE1C3502-DB2A-47FC-B6F3-485E251E3D85} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {C4618E97-A197-4099-BC36-3FDC0B8D67D7} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {C735C0BA-ABCF-42EB-AE2A-64D8ADB52211} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {CA9B6304-F9D0-4CD8-8795-195BA6B71B45} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CBE3C887-0234-4EA7-AE9A-7E22F9F2983C} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {D192F2CE-6C2E-4245-82F9-D9441F56E6C2} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {D6C53E4D-4A1F-462B-A9CB-AFCF96F419AF} - System32\Tasks\avastBCLRestartS-1-5-21-1702488835-1983202832-4074137989-1001 => Firefox.exe
Task: {DE4A91E6-8380-4AE9-AC5F-4775F3D9E5BC} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {E2998301-C997-4304-B296-85E760F01E10} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {E53F24DE-2A42-4748-ABBA-57E33C47012B} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {E897ACDC-72BD-41F7-84F6-BED04469039F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {E8C19607-E8B5-4DE9-8B23-C08E2AA0B1E7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {ED764F08-434F-47C8-9F3C-5F6929DA7934} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1001UA => C:\Users\Golfstar\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {F2045078-5CC5-44FE-A7CD-83F549CCCAC5} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {F40FA315-4B44-48B8-A511-34E818B16087} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {FFB1792F-ACDA-43C2-946E-4E09461FF000} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1001Core.job => C:\Users\Golfstar\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1001UA.job => C:\Users\Golfstar\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1003Core.job => C:\Users\Bíba\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1003UA.job => C:\Users\Bíba\AppData\Local\Facebook\Update\FacebookUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Golfstar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Ballduck\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Golfstar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Ballduck\Application\chrome.exe (Google Inc.)
==================== Loaded Modules (Whitelisted) ==============
2017-03-15 08:39 - 2017-03-04 07:31 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-11-12 00:54 - 2013-06-28 16:28 - 00084616 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2016-09-04 22:40 - 2016-06-14 22:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-09-04 22:40 - 2016-06-14 22:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-09-04 22:40 - 2016-06-14 22:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-09-04 22:40 - 2016-06-14 22:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-09-04 22:40 - 2016-06-14 22:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-09-04 22:40 - 2016-06-14 22:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-09-04 22:40 - 2016-06-14 22:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-09-04 22:40 - 2016-06-14 22:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-09-04 22:40 - 2016-06-14 22:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-09-04 22:40 - 2016-06-14 22:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2017-04-11 20:25 - 2017-03-28 12:17 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-04-11 20:25 - 2017-03-28 12:17 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2017-03-15 08:39 - 2017-03-04 05:19 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 08:39 - 2017-03-04 05:14 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-04-11 20:25 - 2017-03-28 07:01 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-04-11 20:25 - 2017-03-28 07:04 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-27 08:15 - 2016-04-27 08:15 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-23 10:42 - 2016-07-23 10:42 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-23 10:03 - 2016-11-14 13:15 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-21 20:20 - 2017-02-19 10:22 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2017-04-04 19:20 - 2017-04-04 19:20 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-09-26 19:23 - 2016-09-26 19:23 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-04-04 19:20 - 2017-04-04 19:20 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-04-04 19:20 - 2017-04-04 19:20 - 00293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-04-04 19:20 - 2017-04-04 19:20 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-03-17 20:22 - 2017-02-01 11:01 - 01870168 _____ () C:\Program Files (x86)\Ballduck\Application\libglesv2.dll
2017-03-17 20:22 - 2017-02-01 11:01 - 00085848 _____ () C:\Program Files (x86)\Ballduck\Application\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Golfstar\Desktop\Fotograf_oponentura_Neználek Rob.doc:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Golfstar\Desktop\Historik_po oponenturách 2-Rob.doc:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Golfstar\Desktop\Odborka_Ježíšův učedník-definitiva.doc:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Golfstar\Desktop\Odborka_Poutník_za_ pravdou-definitiva.doc:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Golfstar\Desktop\Odborka_Znalec_krestan-tradic a bohosluzby-definitiva.doc:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Golfstar\Desktop\Plavec-připomínky-Smurf Rob.doc:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Golfstar\Desktop\Skautský historik_po oponentuře 2 Rob.doc:com.dropbox.attributes [168]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-09-04 23:50 - 2016-09-04 23:51 - 00001305 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HandyAndy.lnk => C:\Windows\pss\HandyAndy.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Golfstar^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Golfstar\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: Dropbox Update => "C:\Users\Golfstar\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{5F40314D-7EA2-40E2-B3A9-D06851200A1D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8DD743E3-8F24-4E16-80EB-C3D942192C56}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{95C4440B-BED8-413C-9A87-0E9062838982}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{879E121C-F5B0-4497-A72C-AC50C4D1E0C2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EC441F0B-8E7B-4A91-9441-8AB2B1475C12}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
FirewallRules: [{F81C4976-F08A-4499-AAE7-005DB2494C0B}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
FirewallRules: [{97B8823E-7902-45F7-A06E-FC13F752600B}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{6AFC7242-E8DC-4D81-B1E4-55E466BAB76F}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{148502C5-7BD8-460E-BF01-C92FBED0CD5F}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{09624E5E-1598-4332-B908-B7C26146B6DA}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{1091B4A5-7A93-471E-A531-14DC3646477B}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{10B05572-80A5-4E5A-B5A2-FE8C638BDF3B}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{074C047D-FC44-466B-8B56-C4CB0E23EF31}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{83366DAE-DD50-44BF-BDA7-05462ACD0740}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{FD22A214-7007-444D-AF46-1006B17EEEA5}] => (Allow) C:\Users\Golfstar\AppData\Local\Temp\andy-x64\Setup.exe
FirewallRules: [{1BD5A653-5DE7-4138-96B8-752DD744FC45}] => (Allow) C:\Users\Golfstar\AppData\Local\Temp\andy-x64\Setup.exe
FirewallRules: [{88566DB5-CB15-4113-9F8D-1B836527F969}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{CC61022C-F455-4A49-8BC0-63435A27C53F}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{17658538-7306-4856-AA3D-E8786B005C70}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{D87C97A7-8587-4F47-8D75-58A0654A12DC}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{A6406223-90A2-49D6-BACC-5AF2BA668F3B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{A446DAFA-0C04-44F0-B9D7-54F216F8BA8E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{4BCBEEF8-4379-4731-96C0-8761BC795229}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{D65D6BBC-CA7C-468B-8E43-1515908E5714}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{D0C2102F-47FC-4D3F-892A-1679665716FD}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{CF1CE978-2BD8-4D28-B35E-524FACB115A7}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{9C5301F0-14E1-4A9C-AEFD-58A8D4F1FEED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1F2CD24F-EB93-420B-9E48-C73095C0B4E0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{9BD45D29-C7E5-4EAF-89BD-DD09B279C14C}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Block) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [TCP Query User{DAF6837D-9B69-4F34-BFB3-FF3238808320}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Block) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [{D5580A2E-9275-4441-AE33-E7B5A44A73B5}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{88D825FB-61E0-4C0C-B4B0-14D6099F9B59}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{0BB3DD57-BEA7-409D-9207-F9CE4806C61F}] => (Allow) C:\Program Files (x86)\GameforgeLive\Games\GBR_eng\S.K.I.L.L\Binaries\Win32\sf2.exe
FirewallRules: [{94A400EF-77F5-4EB1-9BF5-125EB64B4460}] => (Allow) C:\Program Files (x86)\GameforgeLive\Games\GBR_eng\S.K.I.L.L\Binaries\Win32\sf2.exe
FirewallRules: [{4CC3E25E-4D64-4746-A65A-CC63646081A3}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [UDP Query User{8EEABDE4-8AE9-4A61-A121-1EBA5B7CD466}C:\users\golfstar\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\golfstar\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{77428CDA-1B5D-48BB-977E-6E2406BD7042}C:\users\golfstar\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\golfstar\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{1408C129-BF8E-472B-A935-B993C5570F9F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3C5CB880-B2B6-4BF2-AAB2-A844EE96C40B}] => (Allow) C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6D11B4DE-51DB-4E1A-BB63-A7EAA50BFB3C}] => (Allow) C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{8B805305-EE58-4A7A-A21D-5B2E8E69D006}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{91204E13-A122-42CB-865A-7716B615ACD5}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{D8A94AC4-0374-46C2-B469-8F03BBF6B53E}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{3C5829D9-3E81-4E27-B55B-EE83A40E9443}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{BFA072F4-30B2-452B-AE75-FE4AEF4911CB}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{821060F5-9E41-435F-8259-0481B0E9CB1A}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\TurbineLauncher.exe
FirewallRules: [{32DAE3F3-AAE2-4CAD-B228-FB84BACB3053}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\TurbineLauncher.exe
FirewallRules: [{C99281C3-B306-4F89-B141-370FDC975970}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\lotroclient.exe
FirewallRules: [{F17FEA22-420F-4BB8-8606-BF643899EED2}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\lotroclient.exe
FirewallRules: [{80EA73E5-5E84-4430-AB51-2EF40B9B75B6}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1 Open Beta\bf1.exe
FirewallRules: [{F9A313C9-E9BB-4F16-A983-BECFB4E3685C}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1 Open Beta\bf1.exe
FirewallRules: [{AB3265CB-46BF-47FB-9411-3F6834FAFF5D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C45C517B-E064-43EC-81CD-5D192391E0A3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{0698AEB3-8857-4FA2-8D1B-009BAA1A2C92}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{7B08F3F5-7158-46FA-A0C0-FBAB85A324C1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5924DDB8-55AA-4100-A1A5-36B323FB541E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4648FBD4-370B-4A36-B0E2-5BF9510D6C44}] => (Allow) C:\Hry\WarThunder\run.exe
FirewallRules: [{B2B3DC6F-33FD-4497-8A3A-FCB4D6D6D543}] => (Allow) C:\Hry\WarThunder\run.exe
FirewallRules: [{0C3C6FD3-793D-4ECD-90AB-2E181526EB0B}] => (Allow) LPort=80
FirewallRules: [{32E95327-A1F9-40CA-A5CB-BE755386E5B0}] => (Allow) LPort=443
FirewallRules: [{48EC70E6-BF81-4570-948B-E35E6D924386}] => (Allow) LPort=20010
FirewallRules: [{AC62C566-A783-45A4-80D9-57F3BC0001FC}] => (Allow) LPort=3478
FirewallRules: [{F17944BD-8336-4250-AB2F-9FAC54F58CDB}] => (Allow) LPort=7850
FirewallRules: [{8300C4B9-8EC2-43DE-A760-B85A85C8F03C}] => (Allow) LPort=7852
FirewallRules: [{BAE68FCA-C985-487A-ABC8-022AB0EABCD5}] => (Allow) LPort=7853
FirewallRules: [{3FD84B3C-92FA-459D-B9B2-F9D1D4F42541}] => (Allow) LPort=27022
FirewallRules: [{4CE2B0F9-82DA-483C-B6DA-A9E2074F6C69}] => (Allow) LPort=6881
FirewallRules: [{F6B0AE0B-22E4-4B3D-82E1-AD470A0D3EA2}] => (Allow) LPort=33333
FirewallRules: [{113407A7-43A5-4544-9443-D27AE39BCFE3}] => (Allow) LPort=20443
FirewallRules: [{97374C6D-2B12-40C5-962E-F3067A8804B9}] => (Allow) LPort=8090
FirewallRules: [TCP Query User{34AC58FC-F38D-4E0F-8671-946D6111DA62}C:\hry\warthunder\win64\aces.exe] => (Block) C:\hry\warthunder\win64\aces.exe
FirewallRules: [UDP Query User{FCC0F02D-5017-49B3-8EFF-36F00C089953}C:\hry\warthunder\win64\aces.exe] => (Block) C:\hry\warthunder\win64\aces.exe
FirewallRules: [{09E5C13B-C2A3-4A15-B21C-1AAF9F5A1931}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
FirewallRules: [{B1AC82C5-2BA4-4D7B-82AB-7862FFAB2EC6}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590\SZBrowser.exe
FirewallRules: [{B4057743-F6B8-4DDB-9128-6C0511197398}] => (Allow) C:\Program Files (x86)\Ballduck\Application\chrome.exe
FirewallRules: [{4D1F44E0-AE2A-4EF2-B238-352B4F161776}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
FirewallRules: [{20FE4D0D-3C8F-469B-91C3-A4049A72BB86}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
FirewallRules: [{272BF586-ACC4-479E-9B33-584AA0E96F3E}] => (Allow) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
FirewallRules: [{280CCEF0-8DCC-4B07-97A8-077084540CD3}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{FACF7159-EF9E-466C-B166-DDC4DEEE4B65}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{22C6373D-779A-4F87-B1F3-95D620336247}] => (Allow) C:\Program Files (x86)\MIO\loader\wdcxwd10eads-00m2b0_wd-wcav5494550345503.dat
FirewallRules: [{A0777183-AEAA-4324-BE10-072054CBB63B}] => (Allow) C:\Program Files (x86)\MIO\loader\wdcxwd10eads-00m2b0_wd-wcav5494550345503.dat
==================== Restore Points =========================
06-04-2017 08:13:02 Naplánovaný kontrolní bod
11-04-2017 20:56:42 Windows Update
12-04-2017 19:02:09 JRT Pre-Junkware Removal
13-04-2017 23:26:08 JRT Pre-Junkware Removal
15-04-2017 00:17:53 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/15/2017 12:18:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).
System Error:
Přístup byl odepřen.
.
Error: (04/15/2017 12:17:53 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak) došlo k neočekávané chybě. hr= 0x80070539, Struktura ID zabezpečení není platná.
.
Operace:
Událost OnIdentify
Shromažďování dat modulu pro zápis
Kontext:
Kontext spuštění: Shadow Copy Optimization Writer
ID třídy modulu pro zápis: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Název modulu pro zápis: Shadow Copy Optimization Writer
ID instance modulu pro zápis: {90353b78-bb96-46c1-8c70-0c891655d545}
Error: (04/14/2017 11:50:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program UFO.exe verze 0.0.0.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.
ID procesu: 12bc
Čas spuštění: 01d2b5659da9b36f
Čas ukončení: 4294967295
Cesta k aplikaci: C:\Program Files (x86)\CENEGA\UFO Aftermath\UFO.exe
ID hlášení: 6c3bfa49-215c-11e7-802d-002421e462e3
Úplný název balíčku s chybou:
ID aplikace související s balíčkem s chybou:
Error: (04/14/2017 11:25:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program UFO.exe verze 0.0.0.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.
ID procesu: d08
Čas spuštění: 01d2b5655ecb698f
Čas ukončení: 35
Cesta k aplikaci: C:\Program Files (x86)\CENEGA\UFO Aftermath\UFO.exe
ID hlášení: d5e74da1-2158-11e7-802d-002421e462e3
Úplný název balíčku s chybou:
ID aplikace související s balíčkem s chybou:
Error: (04/14/2017 11:23:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program UFO.exe verze 0.0.0.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.
ID procesu: 1600
Čas spuštění: 01d2b5653070a479
Čas ukončení: 39
Cesta k aplikaci: C:\Program Files (x86)\CENEGA\UFO Aftermath\UFO.exe
ID hlášení: 94c29c22-2158-11e7-802d-002421e462e3
Úplný název balíčku s chybou:
ID aplikace související s balíčkem s chybou:
Error: (04/14/2017 11:22:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program UFO.exe verze 0.0.0.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.
ID procesu: 1008
Čas spuštění: 01d2b564bd5f8a03
Čas ukončení: 37
Cesta k aplikaci: C:\Program Files (x86)\CENEGA\UFO Aftermath\UFO.exe
ID hlášení: 64b55e6b-2158-11e7-802d-002421e462e3
Úplný název balíčku s chybou:
ID aplikace související s balíčkem s chybou:
Error: (04/14/2017 09:48:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: NvStreamUserAgent.exe, verze: 7.1.2084.9592, časové razítko: 0x57605c64
Název chybujícího modulu: ntdll.dll, verze: 10.0.10586.672, časové razítko: 0x580ee321
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000002e909
ID chybujícího procesu: 0x118c
Čas spuštění chybující aplikace: 0x01d2b5581fa80d7a
Cesta k chybující aplikaci: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: 7408813a-a58b-481a-acdd-bd185b8585af
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (04/14/2017 09:32:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdDefrag.dll se nezdařilo.
Závislé sestavení Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error: (04/14/2017 09:32:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdFS.dll se nezdařilo.
Závislé sestavení Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error: (04/14/2017 09:32:41 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKEngine.dll se nezdařilo.
Závislé sestavení Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
System errors:
=============
Error: (04/15/2017 12:18:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Display Driver Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (04/15/2017 12:13:21 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba NetTcpActivator závisí na službě NetTcpPortSharing, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.
Error: (04/15/2017 12:13:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba VMnetBridge neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (04/15/2017 12:11:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Hostitel synchronizace_83c843 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
Error: (04/15/2017 12:11:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Disc Soft Lite Bus Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (04/15/2017 12:11:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.
Error: (04/15/2017 12:11:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Streamer Network Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (04/15/2017 12:11:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Origin Web Helper Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (04/15/2017 12:11:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Streamer Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (04/15/2017 12:11:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Řízení front zpráv byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.
CodeIntegrity:
===================================
Date: 2017-04-11 21:51:44.595
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-04-06 23:37:06.530
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTcli.exe that did not meet the Microsoft signing level requirements.
Date: 2017-03-30 06:56:32.071
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-03-19 18:08:42.263
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-03-18 07:06:09.150
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-03-18 06:23:12.774
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-03-18 06:23:12.643
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-03-18 00:37:36.324
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-03-17 22:18:33.505
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2017-03-17 22:16:10.706
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 24%
Total physical RAM: 8183.11 MB
Available physical RAM: 6214.96 MB
Total Virtual: 16375.11 MB
Available Virtual: 14384.06 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:642.67 GB) NTFS
Drive d: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.01 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (KRD10) (CDROM) (Total:0.29 GB) (Free:0 GB) CDFS
Drive f: (Zaloha) (Fixed) (Total:111.8 GB) (Free:11.2 GB) NTFS
Drive g: (201007251918) (CDROM) (Total:1.13 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7A0FD819)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 111.8 GB) (Disk ID: 1D551D54)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Zamořený PC
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119670
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zamořený PC
Zdravím!
Ještě potřebuji vidět log z FRST. Toto je pouze Additional. Děkuji.
Ještě potřebuji vidět log z FRST. Toto je pouze Additional. Děkuji.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zamořený PC
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017 (ATTENTION: ====> FRSTversion is 31 days old and could be outdated)
Ran by Golfstar (administrator) on GOLFSTAR1 (15-04-2017 00:37:12)
Running from C:\Users\Golfstar\Desktop
Loaded Profiles: Golfstar (Available Profiles: Golfstar & Bíba)
Platform: Windows 10 Pro Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(forum.viry.cz) C:\Users\Golfstar\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 2015-01-17] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1803976 2016-12-09] (NVIDIA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-04] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1314432 2016-06-09] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-07] (Disc Soft Ltd)
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM\...\Providers\0agqzdpi: C:\Program Files (x86)\Ranient Host\local64spl.dll
ShellExecuteHooks: No Name - {06BF8910-FD96-11E6-8F65-64006A5CFC23} - C:\Program Files (x86)\Votyphalury\Nacerph.dll -> No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-04] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-04] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox.lnk [2017-04-12]
ShortcutTarget: Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (No File)
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1702488835-1983202832-4074137989-1003\User: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{2a80756e-0938-4e11-99d0-0754bab631cf}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{71c2fb54-53e8-4da4-bf47-85d8ac52238d}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001 -> {4E739F84-3E81-4553-A622-9A839958943C} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-12] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-12] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001 -> hxxp://www.startpageing123.com/?type=hp&ts=148 ... J10XC18949
FireFox:
========
FF ProfilePath: C:\Users\Golfstar\AppData\Roaming\Mozilla\Firefox\Profiles\b2d0gye8.default-1492016320756 [2017-04-13]
FF Extension: (Disable Prefetch) - C:\Users\Golfstar\AppData\Roaming\Mozilla\Firefox\Profiles\b2d0gye8.default-1492016320756\features\{0b819a28-c59a-46e0-8f69-ea58ef041fba}\disable-prefetch@mozilla.org.xpi [2017-04-13]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-04-04]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-04-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-11] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2015-10-29] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-12] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1702488835-1983202832-4074137989-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Golfstar\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1702488835-1983202832-4074137989-1001: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-05-05] (The Happy Cloud)
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxps://www.google.com/
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.ourluckysites.com/search/?type=ds&t ... earchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> ourluckysites
CHR Profile: C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-04-12] <==== ATTENTION
CHR Extension: (Dokumenty Google) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Disk Google) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-04]
CHR Extension: (Vyhledávání Google) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Adobe Acrobat) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-13]
CHR Extension: (Avast SafePrice) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-01-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-24]
CHR Extension: (Avast Online Security) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-15]
CHR Extension: (Gmail) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-04] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-04] (AVAST Software)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2016-03-28] (BitRaider, LLC)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-07] (Disc Soft Ltd)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2017-02-19] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184208 2017-02-19] (Electronic Arts)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-03-28] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [307736 2017-04-04] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-04-04] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334088 2017-04-04] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-04-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-04-04] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-04-04] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [127112 2017-04-04] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-04-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-04-04] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1005048 2017-04-04] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [556784 2017-04-04] (AVAST Software)
S2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [164064 2017-04-04] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-04-04] (AVAST Software)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2016-03-28] (BitRaider)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-03-05] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-03-05] (Disc Soft Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S2 VMnetBridge; system32\DRIVERS\vmnetbridge.sys [X]
U3 wpcsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-15 00:37 - 2017-04-15 00:37 - 00019841 _____ C:\Users\Golfstar\Desktop\FRST.txt
2017-04-15 00:35 - 2017-04-15 00:37 - 00000000 ____D C:\FRST
2017-04-15 00:35 - 2017-04-15 00:35 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-04-15 00:33 - 2017-04-15 00:35 - 00112640 _____ (forum.viry.cz) C:\Users\Golfstar\Desktop\FRSTLauncher.exe
2017-04-15 00:29 - 2017-04-15 00:35 - 02424832 _____ (Farbar) C:\Users\Golfstar\Desktop\FRST64.exe
2017-04-15 00:01 - 2017-04-15 00:01 - 00001031 _____ C:\Users\Golfstar\Desktop\RegCleaner.lnk
2017-04-15 00:01 - 2017-04-15 00:01 - 00000000 ____D C:\Program Files (x86)\RegCleaner
2017-04-12 19:11 - 2017-04-15 00:11 - 00000000 ____D C:\AdwCleaner
2017-04-12 19:11 - 2017-04-12 19:11 - 04089296 _____ C:\Users\Golfstar\Downloads\adwcleaner_6.045.exe
2017-04-12 19:03 - 2017-04-15 00:20 - 00000555 _____ C:\Users\Golfstar\Desktop\JRT.txt
2017-04-11 21:43 - 2017-04-11 21:43 - 00388608 _____ (Trend Micro Inc.) C:\Users\Golfstar\Downloads\hijackthis(2).exe
2017-04-11 21:04 - 2017-04-11 21:04 - 00000000 _____ C:\WINDOWS\SysWOW64\1
2017-04-11 20:26 - 2017-03-28 10:51 - 00602256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-04-11 20:26 - 2017-03-28 10:50 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-04-11 20:26 - 2017-03-28 09:53 - 06958304 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-11 20:26 - 2017-03-28 09:45 - 00958120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-11 20:26 - 2017-03-28 09:44 - 02944592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-04-11 20:26 - 2017-03-28 09:44 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-04-11 20:26 - 2017-03-28 09:41 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-04-11 20:26 - 2017-03-28 09:40 - 05240440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-04-11 20:26 - 2017-03-28 09:08 - 00546968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-11 20:26 - 2017-03-28 09:08 - 00316248 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-11 20:26 - 2017-03-28 09:06 - 01522664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-11 20:26 - 2017-03-28 09:06 - 01370736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-04-11 20:26 - 2017-03-28 08:37 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-04-11 20:26 - 2017-03-28 08:23 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-11 20:26 - 2017-03-28 08:12 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-11 20:26 - 2017-03-28 08:07 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-04-11 20:26 - 2017-03-28 08:06 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oemlicense.dll
2017-04-11 20:26 - 2017-03-28 07:57 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-04-11 20:26 - 2017-03-28 07:56 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-04-11 20:26 - 2017-03-28 07:53 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-04-11 20:26 - 2017-03-28 07:47 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-04-11 20:26 - 2017-03-28 07:43 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll
2017-04-11 20:26 - 2017-03-28 07:42 - 00792576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-04-11 20:26 - 2017-03-28 07:41 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-04-11 20:26 - 2017-03-28 07:35 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2017-04-11 20:26 - 2017-03-28 07:33 - 03695104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-04-11 20:26 - 2017-03-28 07:33 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-04-11 20:26 - 2017-03-28 07:32 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licensingdiag.exe
2017-04-11 20:26 - 2017-03-28 07:18 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-04-11 20:26 - 2017-03-28 07:18 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-11 20:26 - 2017-03-28 07:11 - 01501696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-04-11 20:26 - 2017-03-28 07:08 - 02878976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-04-11 20:26 - 2017-03-28 07:04 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-04-11 20:26 - 2017-03-28 06:47 - 04405248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-04-11 20:26 - 2017-03-28 06:45 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-04-11 20:26 - 2017-03-28 06:41 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-04-11 20:26 - 2017-03-28 06:13 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-04-11 20:26 - 2017-03-18 18:41 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-04-11 20:25 - 2017-03-28 12:20 - 00100192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-04-11 20:25 - 2017-03-28 12:18 - 01997840 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-04-11 20:25 - 2017-03-28 12:17 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-04-11 20:25 - 2017-03-28 12:17 - 00800080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-04-11 20:25 - 2017-03-28 11:51 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2017-04-11 20:25 - 2017-03-28 11:18 - 08710320 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-04-11 20:25 - 2017-03-28 11:12 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-11 20:25 - 2017-03-28 11:11 - 03698216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-04-11 20:25 - 2017-03-28 11:11 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-04-11 20:25 - 2017-03-28 11:06 - 06604992 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-04-11 20:25 - 2017-03-28 11:05 - 06536248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-04-11 20:25 - 2017-03-28 10:59 - 00262400 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2017-04-11 20:25 - 2017-03-28 10:52 - 00168360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2017-04-11 20:25 - 2017-03-28 10:51 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-04-11 20:25 - 2017-03-28 10:28 - 01777792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-11 20:25 - 2017-03-28 10:12 - 00388888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-04-11 20:25 - 2017-03-28 10:05 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-04-11 20:25 - 2017-03-28 09:52 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-04-11 20:25 - 2017-03-28 09:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-11 20:25 - 2017-03-28 09:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-11 20:25 - 2017-03-28 09:42 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-11 20:25 - 2017-03-28 09:35 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-11 20:25 - 2017-03-28 09:31 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-04-11 20:25 - 2017-03-28 09:29 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-04-11 20:25 - 2017-03-28 09:21 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-04-11 20:25 - 2017-03-28 09:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-04-11 20:25 - 2017-03-28 09:17 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-04-11 20:25 - 2017-03-28 09:16 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2017-04-11 20:25 - 2017-03-28 09:14 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-04-11 20:25 - 2017-03-28 09:10 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-04-11 20:25 - 2017-03-28 09:01 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-04-11 20:25 - 2017-03-28 08:56 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2017-04-11 20:25 - 2017-03-28 08:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-04-11 20:25 - 2017-03-28 08:54 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-04-11 20:25 - 2017-03-28 08:53 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-04-11 20:25 - 2017-03-28 08:51 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-04-11 20:25 - 2017-03-28 08:48 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-04-11 20:25 - 2017-03-28 08:46 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-04-11 20:25 - 2017-03-28 08:44 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2017-04-11 20:25 - 2017-03-28 08:42 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\csc.sys
2017-04-11 20:25 - 2017-03-28 08:41 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-04-11 20:25 - 2017-03-28 08:26 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-04-11 20:25 - 2017-03-28 08:26 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-11 20:25 - 2017-03-28 08:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-04-11 20:25 - 2017-03-28 08:20 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-04-11 20:25 - 2017-03-28 08:17 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-11 20:25 - 2017-03-28 08:12 - 01729536 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-04-11 20:25 - 2017-03-28 08:10 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-11 20:25 - 2017-03-28 08:06 - 03405312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-04-11 20:25 - 2017-03-28 08:05 - 07977984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-04-11 20:25 - 2017-03-28 08:01 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-04-11 20:25 - 2017-03-28 08:01 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2017-04-11 20:25 - 2017-03-28 07:56 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-04-11 20:25 - 2017-03-28 07:53 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-04-11 20:25 - 2017-03-28 07:44 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-04-11 20:25 - 2017-03-28 07:42 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-04-11 20:25 - 2017-03-28 07:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-04-11 20:25 - 2017-03-28 07:41 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-04-11 20:25 - 2017-03-28 07:40 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-04-11 20:25 - 2017-03-28 07:39 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2017-04-11 20:25 - 2017-03-28 07:36 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-04-11 20:25 - 2017-03-28 07:36 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-04-11 20:25 - 2017-03-28 07:29 - 22375424 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-04-11 20:25 - 2017-03-28 07:22 - 06312448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-04-11 20:25 - 2017-03-28 07:20 - 24604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-11 20:25 - 2017-03-28 07:20 - 13392384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-11 20:25 - 2017-03-28 07:19 - 02911744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-04-11 20:25 - 2017-03-28 07:06 - 07856640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-04-11 20:25 - 2017-03-28 06:48 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-04-11 20:25 - 2017-03-28 06:46 - 19344896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-11 20:25 - 2017-03-28 06:45 - 18671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-04-11 20:25 - 2017-03-28 06:45 - 12134912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-11 20:25 - 2017-03-28 06:31 - 05670912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-04-11 20:25 - 2017-03-21 03:36 - 00448285 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-04-11 20:25 - 2017-03-18 22:39 - 22560744 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-04-11 20:24 - 2017-03-28 12:19 - 00202480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2017-04-11 20:24 - 2017-03-28 12:14 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-04-11 20:24 - 2017-03-28 12:12 - 00061792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-04-11 20:24 - 2017-03-28 11:08 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-04-11 20:24 - 2017-03-28 11:05 - 01540216 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-04-11 20:24 - 2017-03-28 11:05 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-04-11 20:24 - 2017-03-28 11:03 - 01128104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-04-11 20:24 - 2017-03-28 11:03 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-04-11 20:24 - 2017-03-28 10:30 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-11 20:24 - 2017-03-28 10:29 - 01986912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-11 20:24 - 2017-03-28 10:29 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-04-11 20:24 - 2017-03-28 10:29 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-11 20:24 - 2017-03-28 10:28 - 01594928 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-04-11 20:24 - 2017-03-28 09:52 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-04-11 20:24 - 2017-03-28 09:51 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-04-11 20:24 - 2017-03-28 09:50 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-04-11 20:24 - 2017-03-28 09:48 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-11 20:24 - 2017-03-28 09:40 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-04-11 20:24 - 2017-03-28 09:38 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2017-04-11 20:24 - 2017-03-28 09:37 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-04-11 20:24 - 2017-03-28 09:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oemlicense.dll
2017-04-11 20:24 - 2017-03-28 09:20 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-04-11 20:24 - 2017-03-28 09:20 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2017-04-11 20:24 - 2017-03-28 09:18 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-04-11 20:24 - 2017-03-28 09:15 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-04-11 20:24 - 2017-03-28 09:13 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-04-11 20:24 - 2017-03-28 09:09 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-04-11 20:24 - 2017-03-28 08:55 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2017-04-11 20:24 - 2017-03-28 08:53 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-04-11 20:24 - 2017-03-28 08:41 - 04456448 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-04-11 20:24 - 2017-03-28 08:40 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\licensingdiag.exe
2017-04-11 20:24 - 2017-03-28 08:21 - 03586048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-04-11 20:24 - 2017-03-28 08:19 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-11 20:24 - 2017-03-28 08:16 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-04-11 20:24 - 2017-03-28 07:55 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-04-11 20:24 - 2017-03-28 07:30 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-04-11 20:24 - 2017-03-28 07:01 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-04-08 19:26 - 2017-04-08 19:26 - 00645990 _____ C:\Users\Golfstar\Documents\Souhlas Mačeta.pdf
2017-04-08 19:25 - 2017-04-08 19:25 - 00672790 _____ C:\Users\Golfstar\Documents\Souhlas Azimut.pdf
2017-04-08 19:18 - 2017-04-08 19:18 - 00580455 _____ C:\Users\Golfstar\Documents\Souhlas Robin.pdf
2017-04-08 19:09 - 2017-04-08 19:09 - 01061427 _____ C:\Users\Golfstar\Downloads\ZkracenyVypis_1585.pdf
2017-04-08 13:25 - 2017-04-08 13:25 - 00493901 _____ C:\Users\Golfstar\Downloads\metodika_7_inventarizace (1).pdf
2017-04-08 13:24 - 2017-04-08 13:25 - 00493901 _____ C:\Users\Golfstar\Downloads\metodika_7_inventarizace.pdf
2017-04-08 13:15 - 2017-04-08 13:15 - 01576714 _____ C:\Users\Golfstar\Downloads\SouhlasyKandidatu_1585.zip
2017-04-07 12:51 - 2017-04-07 12:51 - 00000000 ____D C:\Users\Default\AppData\Local\AMD
2017-04-07 12:51 - 2017-04-07 12:51 - 00000000 ____D C:\Users\Default User\AppData\Local\AMD
2017-04-07 07:45 - 2017-04-12 00:08 - 00000000 ____D C:\Users\Golfstar\AppData\Local\AMD
2017-04-07 07:45 - 2017-04-07 07:45 - 00000000 ____D C:\Update
2017-04-07 07:43 - 2017-04-10 20:00 - 00000000 ____D C:\Program Files\MK
2017-04-07 07:43 - 2017-04-07 10:41 - 00000000 ____D C:\Program Files (x86)\{D00F2D36-EBED-4E47-9EBE-596D00DB7668}
2017-04-06 23:37 - 2017-04-06 23:37 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-04-06 23:37 - 2017-04-06 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-04-06 23:37 - 2017-04-06 23:37 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-04-06 23:34 - 2017-04-06 23:35 - 164764280 _____ (Sophos Limited) C:\Users\Golfstar\Downloads\Sophos Virus Removal Tool (1).exe
2017-04-06 23:32 - 2017-04-06 23:32 - 00000000 ____D C:\ProgramData\Sophos
2017-04-06 23:30 - 2017-04-12 19:01 - 01663904 _____ (Malwarebytes) C:\Users\Golfstar\Downloads\JRT.exe
2017-04-06 22:14 - 2017-04-06 22:14 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-04-06 22:12 - 2017-04-06 22:22 - 00136962 _____ C:\WINDOWS\ntbtlog.txt
2017-04-04 19:20 - 2017-04-04 19:20 - 00399944 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-04-03 20:45 - 2017-04-03 21:38 - 471699570 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E16.cz.tit..avi
2017-04-01 15:13 - 2017-04-01 15:13 - 00000000 ___HD C:\$WINDOWS.~BT
2017-03-29 21:00 - 2017-03-29 21:18 - 334823390 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E15.cz.tit..avi
2017-03-29 19:44 - 2017-03-29 20:04 - 356193958 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E14.cz.tit..avi
2017-03-29 19:13 - 2017-03-29 19:43 - 524679426 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E13.cz.tit..avi
2017-03-28 21:45 - 2017-03-28 22:16 - 527046222 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E12.cz.tit..avi
2017-03-28 21:11 - 2017-03-28 21:35 - 408304714 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E11.cz.tit..avi
2017-03-27 23:03 - 2017-03-27 23:38 - 626845494 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E10.cz.tit..avi
2017-03-27 22:38 - 2017-03-27 22:59 - 314294272 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E09.cz-tit.avi
2017-03-19 18:55 - 2017-03-19 18:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\Golfstar\Downloads\hijackthis(1).exe
2017-03-17 20:22 - 2017-04-12 19:17 - 00000000 ____D C:\WINDOWS\system32\log
2017-03-17 20:22 - 2017-03-17 20:22 - 00002003 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 ____D C:\Users\Golfstar\AppData\Local\Ballduck
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 ____D C:\Program Files (x86)\Ballduck
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 _____ C:\WINDOWS\SysWOW64\3
2017-03-17 20:21 - 2017-03-17 20:21 - 00000000 ____D C:\Program Files (x86)\58CC2944_cacayima
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-15 00:13 - 2016-07-23 10:03 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-15 00:13 - 2016-04-27 08:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-15 00:13 - 2015-06-18 06:31 - 00000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1001UA.job
2017-04-15 00:12 - 2015-10-30 08:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2017-04-14 23:05 - 2016-07-23 13:18 - 00002439 _____ C:\Users\Golfstar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-14 23:05 - 2016-07-23 13:18 - 00000000 ___RD C:\Users\Golfstar\OneDrive
2017-04-14 22:27 - 2014-09-22 13:21 - 00000924 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1003UA.job
2017-04-14 21:55 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-14 09:29 - 2014-09-02 18:13 - 00000000 ____D C:\Users\Bíba\AppData\Roaming\Skype
2017-04-13 23:34 - 2015-02-06 12:11 - 00000000 ____D C:\Program Files (x86)\PDF Architect 2
2017-04-13 23:32 - 2014-08-28 21:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-13 23:23 - 2016-11-19 00:10 - 00000000 ____D C:\Users\Golfstar\AppData\LocalLow\Mozilla
2017-04-13 23:20 - 2014-09-22 13:21 - 00000902 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1003Core.job
2017-04-13 23:18 - 2016-07-23 10:28 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-04-13 23:18 - 2015-11-10 07:32 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-13 23:18 - 2014-12-22 14:16 - 00001379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-13 14:42 - 2015-06-18 06:31 - 00000878 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1001Core.job
2017-04-13 07:08 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-13 07:02 - 2016-11-19 08:43 - 00000000 ____D C:\Users\Bíba\AppData\LocalLow\Mozilla
2017-04-12 19:28 - 2017-03-10 09:32 - 00000000 ____D C:\Users\Golfstar\Downloads\backups
2017-04-12 19:23 - 2017-03-09 23:43 - 00004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-04-12 19:19 - 2017-03-07 13:45 - 00000000 ____D C:\Users\Default\AppData\Roaming\Kyubey
2017-04-12 19:19 - 2017-03-07 13:45 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Kyubey
2017-04-12 07:12 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2017-04-12 04:26 - 2016-04-27 09:00 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-12 00:08 - 2014-12-22 14:16 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-11 22:29 - 2014-08-29 00:16 - 00000000 ____D C:\ProgramData\Turbine
2017-04-11 22:29 - 2014-08-29 00:15 - 00000000 ____D C:\ProgramData\HappyCloud
2017-04-11 22:27 - 2014-08-30 23:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-04-11 22:26 - 2016-09-04 21:32 - 00000000 ____D C:\ProgramData\Electronic Arts
2017-04-11 22:25 - 2016-07-23 10:28 - 00003470 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-11 22:25 - 2016-07-23 10:28 - 00003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-11 21:49 - 2016-04-26 23:46 - 04780000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows Defender
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-11 21:46 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2017-04-11 21:41 - 2016-09-09 00:12 - 00000000 ____D C:\Users\Golfstar\AppData\Local\CrashDumps
2017-04-11 21:41 - 2015-01-17 21:25 - 00000000 ___HD C:\Program Files (x86)\Temp
2017-04-11 21:04 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-11 21:04 - 2014-08-28 00:15 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-11 21:04 - 2014-08-28 00:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-11 19:42 - 2017-02-06 09:57 - 00000000 ____D C:\Users\Bíba\AppData\Local\CrashDumps
2017-04-11 15:02 - 2016-07-23 10:28 - 00004592 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-04-11 15:02 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-04-11 15:02 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-04-11 14:02 - 2016-12-23 00:44 - 00004470 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-04-08 00:40 - 2016-06-05 01:10 - 00000000 ____D C:\Users\Golfstar\AppData\Local\Battle.net
2017-04-07 22:10 - 2016-06-05 01:12 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2017-04-07 21:50 - 2016-06-05 01:09 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-04-05 08:19 - 2016-07-23 10:07 - 02039786 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-05 08:19 - 2016-04-27 08:11 - 00843726 _____ C:\WINDOWS\system32\perfh005.dat
2017-04-05 08:19 - 2016-04-27 08:11 - 00192740 _____ C:\WINDOWS\system32\perfc005.dat
2017-04-05 08:13 - 2016-07-23 10:28 - 00004010 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1458712455
2017-04-05 08:13 - 2016-03-23 07:54 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-04-04 19:20 - 2017-03-09 23:43 - 00334088 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-04-04 19:20 - 2017-03-09 23:43 - 00307736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-04-04 19:20 - 2017-03-09 23:43 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-04-04 19:20 - 2017-03-09 23:43 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-04-04 19:20 - 2016-03-23 07:53 - 00032600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 01005048 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00556784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00339696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00164064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00127112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00101152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-04-04 11:41 - 2016-11-12 00:54 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-04-01 21:05 - 2015-10-30 09:26 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-01 21:05 - 2015-10-30 09:26 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-01 15:13 - 2016-07-23 10:59 - 00000000 ___DC C:\WINDOWS\Panther
2017-03-31 01:13 - 2016-07-23 10:28 - 00003954 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1423217291
2017-03-31 01:13 - 2015-02-06 12:08 - 00001208 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-03-31 01:13 - 2015-02-06 12:07 - 00000000 ____D C:\Program Files (x86)\Opera
2017-03-28 11:15 - 2016-04-27 08:52 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-03-23 12:49 - 2016-11-12 08:13 - 00000000 ____D C:\Users\Bíba\AppData\Roaming\Canon
2017-03-19 10:54 - 2016-07-22 21:51 - 00000000 ____D C:\Users\Golfstar\AppData\Roaming\Andy
2017-03-18 23:49 - 2015-03-07 14:20 - 00000000 ____D C:\Program Files (x86)\GameforgeLive
2017-03-18 23:48 - 2015-03-07 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2017-03-18 23:46 - 2016-07-23 13:13 - 00000000 ____D C:\Users\Golfstar\AppData\Local\Packages
2017-03-18 23:46 - 2015-10-30 09:24 - 00000000 __RHD C:\Users\Public\Libraries
2017-03-18 23:38 - 2015-01-02 12:49 - 00000000 ____D C:\Program Files (x86)\7-Zip
2017-03-17 20:22 - 2015-10-29 23:06 - 00000000 ____D C:\ProgramData\Apple
2017-03-17 20:22 - 2014-08-28 21:22 - 00002072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-17 20:21 - 2017-03-07 13:42 - 00000000 ____D C:\Program Files (x86)\MK
2017-03-17 08:17 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
==================== Files in the root of some directories =======
2016-09-02 00:12 - 2016-09-02 00:12 - 0001907 _____ () C:\Users\Golfstar\AppData\Local\recently-used.xbel
2016-09-04 22:31 - 2016-09-04 22:31 - 0000017 _____ () C:\Users\Golfstar\AppData\Local\resmon.resmoncfg
Some files in TEMP:
====================
2017-03-18 23:42 - 2016-07-21 22:32 - 0949784 _____ (BlueStack Systems, Inc.) C:\Users\Golfstar\AppData\Local\Temp\BluestacksUninstaller.exe
2017-04-11 22:29 - 2013-11-12 17:48 - 0692632 _____ (Happy Cloud, Inc.) C:\Users\Golfstar\AppData\Local\Temp\hcuninstaller_20170411_222929_4428.exe
2017-03-18 23:42 - 2016-07-21 22:31 - 0187416 _____ (BlueStack Systems) C:\Users\Golfstar\AppData\Local\Temp\HD-LibraryHandler.dll
2017-03-18 23:42 - 2016-07-21 22:29 - 0246808 _____ (BlueStack Systems) C:\Users\Golfstar\AppData\Local\Temp\HD-Logger-Native.dll
2016-10-28 02:49 - 2016-10-28 02:49 - 0737856 _____ (Oracle Corporation) C:\Users\Golfstar\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-03-12 10:12 - 2017-03-12 10:12 - 0739904 _____ (Oracle Corporation) C:\Users\Golfstar\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-11-12 00:39 - 2015-01-19 19:48 - 1126480 ____N (CANON INC.) C:\Users\Golfstar\AppData\Local\Temp\MSETUP4.EXE
2014-08-28 22:51 - 2014-07-02 19:44 - 1214048 _____ (NVIDIA Corporation) C:\Users\Golfstar\AppData\Local\Temp\nvSCPAPI.dll
2014-08-28 22:51 - 2014-07-02 19:44 - 1398936 _____ (NVIDIA Corporation) C:\Users\Golfstar\AppData\Local\Temp\nvSCPAPI64.dll
2016-09-04 22:37 - 2014-07-02 19:44 - 0826712 _____ (NVIDIA Corporation) C:\Users\Golfstar\AppData\Local\Temp\nvStInst.exe
2017-03-19 10:53 - 2016-07-19 22:14 - 1328792 _____ (Andy OS, inc.) C:\Users\Golfstar\AppData\Local\Temp\RemoveTemp.exe
2017-03-15 21:20 - 2017-03-15 21:20 - 14456872 _____ (Microsoft Corporation) C:\Users\Golfstar\AppData\Local\Temp\vc_redist.x86.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1001Core.job => C:\Users\Golfstar\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1001UA.job => C:\Users\Golfstar\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1003Core.job => C:\Users\Bíba\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1003UA.job => C:\Users\Bíba\AppData\Local\Facebook\Update\FacebookUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Golfstar\Desktop" je 440 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface
"C:\Users\Golfstar\AppData\Local\Akamai\netsession_win.exe" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent
C:\Program Files (x86)\BlueStacks\HD-Agent.exe [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox Update
"C:\Users\Golfstar\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay
C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HandyAndy.lnk
C:\PROGRA~1\Andy\HANDYA~1.EXE [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Golfstar^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk
C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\Dropbox.exe
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000001
==================== End Of Log ==============================
Ran by Golfstar (administrator) on GOLFSTAR1 (15-04-2017 00:37:12)
Running from C:\Users\Golfstar\Desktop
Loaded Profiles: Golfstar (Available Profiles: Golfstar & Bíba)
Platform: Windows 10 Pro Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(forum.viry.cz) C:\Users\Golfstar\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 2015-01-17] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1803976 2016-12-09] (NVIDIA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-04] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1314432 2016-06-09] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-07] (Disc Soft Ltd)
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM\...\Providers\0agqzdpi: C:\Program Files (x86)\Ranient Host\local64spl.dll
ShellExecuteHooks: No Name - {06BF8910-FD96-11E6-8F65-64006A5CFC23} - C:\Program Files (x86)\Votyphalury\Nacerph.dll -> No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-04] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-04] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox.lnk [2017-04-12]
ShortcutTarget: Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (No File)
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1702488835-1983202832-4074137989-1003\User: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{2a80756e-0938-4e11-99d0-0754bab631cf}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{71c2fb54-53e8-4da4-bf47-85d8ac52238d}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001 -> {4E739F84-3E81-4553-A622-9A839958943C} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-12] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-12] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001 -> hxxp://www.startpageing123.com/?type=hp&ts=148 ... J10XC18949
FireFox:
========
FF ProfilePath: C:\Users\Golfstar\AppData\Roaming\Mozilla\Firefox\Profiles\b2d0gye8.default-1492016320756 [2017-04-13]
FF Extension: (Disable Prefetch) - C:\Users\Golfstar\AppData\Roaming\Mozilla\Firefox\Profiles\b2d0gye8.default-1492016320756\features\{0b819a28-c59a-46e0-8f69-ea58ef041fba}\disable-prefetch@mozilla.org.xpi [2017-04-13]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-04-04]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-04-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-11] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2015-10-29] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-12] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1702488835-1983202832-4074137989-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Golfstar\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1702488835-1983202832-4074137989-1001: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-05-05] (The Happy Cloud)
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxps://www.google.com/
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.ourluckysites.com/search/?type=ds&t ... earchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> ourluckysites
CHR Profile: C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-04-12] <==== ATTENTION
CHR Extension: (Dokumenty Google) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Disk Google) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-04]
CHR Extension: (Vyhledávání Google) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Adobe Acrobat) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-13]
CHR Extension: (Avast SafePrice) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-01-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-24]
CHR Extension: (Avast Online Security) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-15]
CHR Extension: (Gmail) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-04] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-04] (AVAST Software)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2016-03-28] (BitRaider, LLC)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-07] (Disc Soft Ltd)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2017-02-19] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184208 2017-02-19] (Electronic Arts)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-03-28] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [307736 2017-04-04] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-04-04] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334088 2017-04-04] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-04-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-04-04] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-04-04] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [127112 2017-04-04] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-04-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-04-04] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1005048 2017-04-04] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [556784 2017-04-04] (AVAST Software)
S2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [164064 2017-04-04] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-04-04] (AVAST Software)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2016-03-28] (BitRaider)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-03-05] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-03-05] (Disc Soft Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S2 VMnetBridge; system32\DRIVERS\vmnetbridge.sys [X]
U3 wpcsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-15 00:37 - 2017-04-15 00:37 - 00019841 _____ C:\Users\Golfstar\Desktop\FRST.txt
2017-04-15 00:35 - 2017-04-15 00:37 - 00000000 ____D C:\FRST
2017-04-15 00:35 - 2017-04-15 00:35 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-04-15 00:33 - 2017-04-15 00:35 - 00112640 _____ (forum.viry.cz) C:\Users\Golfstar\Desktop\FRSTLauncher.exe
2017-04-15 00:29 - 2017-04-15 00:35 - 02424832 _____ (Farbar) C:\Users\Golfstar\Desktop\FRST64.exe
2017-04-15 00:01 - 2017-04-15 00:01 - 00001031 _____ C:\Users\Golfstar\Desktop\RegCleaner.lnk
2017-04-15 00:01 - 2017-04-15 00:01 - 00000000 ____D C:\Program Files (x86)\RegCleaner
2017-04-12 19:11 - 2017-04-15 00:11 - 00000000 ____D C:\AdwCleaner
2017-04-12 19:11 - 2017-04-12 19:11 - 04089296 _____ C:\Users\Golfstar\Downloads\adwcleaner_6.045.exe
2017-04-12 19:03 - 2017-04-15 00:20 - 00000555 _____ C:\Users\Golfstar\Desktop\JRT.txt
2017-04-11 21:43 - 2017-04-11 21:43 - 00388608 _____ (Trend Micro Inc.) C:\Users\Golfstar\Downloads\hijackthis(2).exe
2017-04-11 21:04 - 2017-04-11 21:04 - 00000000 _____ C:\WINDOWS\SysWOW64\1
2017-04-11 20:26 - 2017-03-28 10:51 - 00602256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-04-11 20:26 - 2017-03-28 10:50 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-04-11 20:26 - 2017-03-28 09:53 - 06958304 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-11 20:26 - 2017-03-28 09:45 - 00958120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-11 20:26 - 2017-03-28 09:44 - 02944592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-04-11 20:26 - 2017-03-28 09:44 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-04-11 20:26 - 2017-03-28 09:41 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-04-11 20:26 - 2017-03-28 09:40 - 05240440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-04-11 20:26 - 2017-03-28 09:08 - 00546968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-11 20:26 - 2017-03-28 09:08 - 00316248 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-11 20:26 - 2017-03-28 09:06 - 01522664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-11 20:26 - 2017-03-28 09:06 - 01370736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-04-11 20:26 - 2017-03-28 08:37 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-04-11 20:26 - 2017-03-28 08:23 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-11 20:26 - 2017-03-28 08:12 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-11 20:26 - 2017-03-28 08:07 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-04-11 20:26 - 2017-03-28 08:06 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oemlicense.dll
2017-04-11 20:26 - 2017-03-28 07:57 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-04-11 20:26 - 2017-03-28 07:56 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-04-11 20:26 - 2017-03-28 07:53 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-04-11 20:26 - 2017-03-28 07:47 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-04-11 20:26 - 2017-03-28 07:43 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll
2017-04-11 20:26 - 2017-03-28 07:42 - 00792576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-04-11 20:26 - 2017-03-28 07:41 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-04-11 20:26 - 2017-03-28 07:35 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2017-04-11 20:26 - 2017-03-28 07:33 - 03695104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-04-11 20:26 - 2017-03-28 07:33 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-04-11 20:26 - 2017-03-28 07:32 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licensingdiag.exe
2017-04-11 20:26 - 2017-03-28 07:18 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-04-11 20:26 - 2017-03-28 07:18 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-11 20:26 - 2017-03-28 07:11 - 01501696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-04-11 20:26 - 2017-03-28 07:08 - 02878976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-04-11 20:26 - 2017-03-28 07:04 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-04-11 20:26 - 2017-03-28 06:47 - 04405248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-04-11 20:26 - 2017-03-28 06:45 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-04-11 20:26 - 2017-03-28 06:41 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-04-11 20:26 - 2017-03-28 06:13 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-04-11 20:26 - 2017-03-18 18:41 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-04-11 20:25 - 2017-03-28 12:20 - 00100192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-04-11 20:25 - 2017-03-28 12:18 - 01997840 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-04-11 20:25 - 2017-03-28 12:17 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-04-11 20:25 - 2017-03-28 12:17 - 00800080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-04-11 20:25 - 2017-03-28 11:51 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2017-04-11 20:25 - 2017-03-28 11:18 - 08710320 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-04-11 20:25 - 2017-03-28 11:12 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-11 20:25 - 2017-03-28 11:11 - 03698216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-04-11 20:25 - 2017-03-28 11:11 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-04-11 20:25 - 2017-03-28 11:06 - 06604992 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-04-11 20:25 - 2017-03-28 11:05 - 06536248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-04-11 20:25 - 2017-03-28 10:59 - 00262400 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2017-04-11 20:25 - 2017-03-28 10:52 - 00168360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2017-04-11 20:25 - 2017-03-28 10:51 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-04-11 20:25 - 2017-03-28 10:28 - 01777792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-11 20:25 - 2017-03-28 10:12 - 00388888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-04-11 20:25 - 2017-03-28 10:05 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-04-11 20:25 - 2017-03-28 09:52 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-04-11 20:25 - 2017-03-28 09:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-11 20:25 - 2017-03-28 09:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-11 20:25 - 2017-03-28 09:42 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-11 20:25 - 2017-03-28 09:35 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-11 20:25 - 2017-03-28 09:31 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-04-11 20:25 - 2017-03-28 09:29 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-04-11 20:25 - 2017-03-28 09:21 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-04-11 20:25 - 2017-03-28 09:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-04-11 20:25 - 2017-03-28 09:17 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-04-11 20:25 - 2017-03-28 09:16 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2017-04-11 20:25 - 2017-03-28 09:14 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-04-11 20:25 - 2017-03-28 09:10 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-04-11 20:25 - 2017-03-28 09:01 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-04-11 20:25 - 2017-03-28 08:56 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2017-04-11 20:25 - 2017-03-28 08:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-04-11 20:25 - 2017-03-28 08:54 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-04-11 20:25 - 2017-03-28 08:53 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-04-11 20:25 - 2017-03-28 08:51 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-04-11 20:25 - 2017-03-28 08:48 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-04-11 20:25 - 2017-03-28 08:46 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-04-11 20:25 - 2017-03-28 08:44 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2017-04-11 20:25 - 2017-03-28 08:42 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\csc.sys
2017-04-11 20:25 - 2017-03-28 08:41 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-04-11 20:25 - 2017-03-28 08:26 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-04-11 20:25 - 2017-03-28 08:26 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-11 20:25 - 2017-03-28 08:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-04-11 20:25 - 2017-03-28 08:20 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-04-11 20:25 - 2017-03-28 08:17 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-11 20:25 - 2017-03-28 08:12 - 01729536 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-04-11 20:25 - 2017-03-28 08:10 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-11 20:25 - 2017-03-28 08:06 - 03405312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-04-11 20:25 - 2017-03-28 08:05 - 07977984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-04-11 20:25 - 2017-03-28 08:01 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-04-11 20:25 - 2017-03-28 08:01 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2017-04-11 20:25 - 2017-03-28 07:56 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-04-11 20:25 - 2017-03-28 07:53 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-04-11 20:25 - 2017-03-28 07:44 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-04-11 20:25 - 2017-03-28 07:42 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-04-11 20:25 - 2017-03-28 07:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-04-11 20:25 - 2017-03-28 07:41 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-04-11 20:25 - 2017-03-28 07:40 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-04-11 20:25 - 2017-03-28 07:39 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2017-04-11 20:25 - 2017-03-28 07:36 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-04-11 20:25 - 2017-03-28 07:36 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-04-11 20:25 - 2017-03-28 07:29 - 22375424 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-04-11 20:25 - 2017-03-28 07:22 - 06312448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-04-11 20:25 - 2017-03-28 07:20 - 24604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-11 20:25 - 2017-03-28 07:20 - 13392384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-11 20:25 - 2017-03-28 07:19 - 02911744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-04-11 20:25 - 2017-03-28 07:06 - 07856640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-04-11 20:25 - 2017-03-28 06:48 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-04-11 20:25 - 2017-03-28 06:46 - 19344896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-11 20:25 - 2017-03-28 06:45 - 18671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-04-11 20:25 - 2017-03-28 06:45 - 12134912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-11 20:25 - 2017-03-28 06:31 - 05670912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-04-11 20:25 - 2017-03-21 03:36 - 00448285 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-04-11 20:25 - 2017-03-18 22:39 - 22560744 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-04-11 20:24 - 2017-03-28 12:19 - 00202480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2017-04-11 20:24 - 2017-03-28 12:14 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-04-11 20:24 - 2017-03-28 12:12 - 00061792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-04-11 20:24 - 2017-03-28 11:08 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-04-11 20:24 - 2017-03-28 11:05 - 01540216 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-04-11 20:24 - 2017-03-28 11:05 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-04-11 20:24 - 2017-03-28 11:03 - 01128104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-04-11 20:24 - 2017-03-28 11:03 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-04-11 20:24 - 2017-03-28 10:30 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-11 20:24 - 2017-03-28 10:29 - 01986912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-11 20:24 - 2017-03-28 10:29 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-04-11 20:24 - 2017-03-28 10:29 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-11 20:24 - 2017-03-28 10:28 - 01594928 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-04-11 20:24 - 2017-03-28 09:52 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-04-11 20:24 - 2017-03-28 09:51 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-04-11 20:24 - 2017-03-28 09:50 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-04-11 20:24 - 2017-03-28 09:48 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-11 20:24 - 2017-03-28 09:40 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-04-11 20:24 - 2017-03-28 09:38 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2017-04-11 20:24 - 2017-03-28 09:37 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-04-11 20:24 - 2017-03-28 09:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oemlicense.dll
2017-04-11 20:24 - 2017-03-28 09:20 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-04-11 20:24 - 2017-03-28 09:20 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2017-04-11 20:24 - 2017-03-28 09:18 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-04-11 20:24 - 2017-03-28 09:15 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-04-11 20:24 - 2017-03-28 09:13 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-04-11 20:24 - 2017-03-28 09:09 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-04-11 20:24 - 2017-03-28 08:55 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2017-04-11 20:24 - 2017-03-28 08:53 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-04-11 20:24 - 2017-03-28 08:41 - 04456448 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-04-11 20:24 - 2017-03-28 08:40 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\licensingdiag.exe
2017-04-11 20:24 - 2017-03-28 08:21 - 03586048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-04-11 20:24 - 2017-03-28 08:19 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-11 20:24 - 2017-03-28 08:16 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-04-11 20:24 - 2017-03-28 07:55 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-04-11 20:24 - 2017-03-28 07:30 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-04-11 20:24 - 2017-03-28 07:01 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-04-08 19:26 - 2017-04-08 19:26 - 00645990 _____ C:\Users\Golfstar\Documents\Souhlas Mačeta.pdf
2017-04-08 19:25 - 2017-04-08 19:25 - 00672790 _____ C:\Users\Golfstar\Documents\Souhlas Azimut.pdf
2017-04-08 19:18 - 2017-04-08 19:18 - 00580455 _____ C:\Users\Golfstar\Documents\Souhlas Robin.pdf
2017-04-08 19:09 - 2017-04-08 19:09 - 01061427 _____ C:\Users\Golfstar\Downloads\ZkracenyVypis_1585.pdf
2017-04-08 13:25 - 2017-04-08 13:25 - 00493901 _____ C:\Users\Golfstar\Downloads\metodika_7_inventarizace (1).pdf
2017-04-08 13:24 - 2017-04-08 13:25 - 00493901 _____ C:\Users\Golfstar\Downloads\metodika_7_inventarizace.pdf
2017-04-08 13:15 - 2017-04-08 13:15 - 01576714 _____ C:\Users\Golfstar\Downloads\SouhlasyKandidatu_1585.zip
2017-04-07 12:51 - 2017-04-07 12:51 - 00000000 ____D C:\Users\Default\AppData\Local\AMD
2017-04-07 12:51 - 2017-04-07 12:51 - 00000000 ____D C:\Users\Default User\AppData\Local\AMD
2017-04-07 07:45 - 2017-04-12 00:08 - 00000000 ____D C:\Users\Golfstar\AppData\Local\AMD
2017-04-07 07:45 - 2017-04-07 07:45 - 00000000 ____D C:\Update
2017-04-07 07:43 - 2017-04-10 20:00 - 00000000 ____D C:\Program Files\MK
2017-04-07 07:43 - 2017-04-07 10:41 - 00000000 ____D C:\Program Files (x86)\{D00F2D36-EBED-4E47-9EBE-596D00DB7668}
2017-04-06 23:37 - 2017-04-06 23:37 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-04-06 23:37 - 2017-04-06 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-04-06 23:37 - 2017-04-06 23:37 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-04-06 23:34 - 2017-04-06 23:35 - 164764280 _____ (Sophos Limited) C:\Users\Golfstar\Downloads\Sophos Virus Removal Tool (1).exe
2017-04-06 23:32 - 2017-04-06 23:32 - 00000000 ____D C:\ProgramData\Sophos
2017-04-06 23:30 - 2017-04-12 19:01 - 01663904 _____ (Malwarebytes) C:\Users\Golfstar\Downloads\JRT.exe
2017-04-06 22:14 - 2017-04-06 22:14 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-04-06 22:12 - 2017-04-06 22:22 - 00136962 _____ C:\WINDOWS\ntbtlog.txt
2017-04-04 19:20 - 2017-04-04 19:20 - 00399944 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-04-03 20:45 - 2017-04-03 21:38 - 471699570 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E16.cz.tit..avi
2017-04-01 15:13 - 2017-04-01 15:13 - 00000000 ___HD C:\$WINDOWS.~BT
2017-03-29 21:00 - 2017-03-29 21:18 - 334823390 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E15.cz.tit..avi
2017-03-29 19:44 - 2017-03-29 20:04 - 356193958 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E14.cz.tit..avi
2017-03-29 19:13 - 2017-03-29 19:43 - 524679426 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E13.cz.tit..avi
2017-03-28 21:45 - 2017-03-28 22:16 - 527046222 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E12.cz.tit..avi
2017-03-28 21:11 - 2017-03-28 21:35 - 408304714 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E11.cz.tit..avi
2017-03-27 23:03 - 2017-03-27 23:38 - 626845494 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E10.cz.tit..avi
2017-03-27 22:38 - 2017-03-27 22:59 - 314294272 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E09.cz-tit.avi
2017-03-19 18:55 - 2017-03-19 18:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\Golfstar\Downloads\hijackthis(1).exe
2017-03-17 20:22 - 2017-04-12 19:17 - 00000000 ____D C:\WINDOWS\system32\log
2017-03-17 20:22 - 2017-03-17 20:22 - 00002003 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 ____D C:\Users\Golfstar\AppData\Local\Ballduck
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 ____D C:\Program Files (x86)\Ballduck
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 _____ C:\WINDOWS\SysWOW64\3
2017-03-17 20:21 - 2017-03-17 20:21 - 00000000 ____D C:\Program Files (x86)\58CC2944_cacayima
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-15 00:13 - 2016-07-23 10:03 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-15 00:13 - 2016-04-27 08:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-15 00:13 - 2015-06-18 06:31 - 00000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1001UA.job
2017-04-15 00:12 - 2015-10-30 08:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2017-04-14 23:05 - 2016-07-23 13:18 - 00002439 _____ C:\Users\Golfstar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-14 23:05 - 2016-07-23 13:18 - 00000000 ___RD C:\Users\Golfstar\OneDrive
2017-04-14 22:27 - 2014-09-22 13:21 - 00000924 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1003UA.job
2017-04-14 21:55 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-14 09:29 - 2014-09-02 18:13 - 00000000 ____D C:\Users\Bíba\AppData\Roaming\Skype
2017-04-13 23:34 - 2015-02-06 12:11 - 00000000 ____D C:\Program Files (x86)\PDF Architect 2
2017-04-13 23:32 - 2014-08-28 21:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-13 23:23 - 2016-11-19 00:10 - 00000000 ____D C:\Users\Golfstar\AppData\LocalLow\Mozilla
2017-04-13 23:20 - 2014-09-22 13:21 - 00000902 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1003Core.job
2017-04-13 23:18 - 2016-07-23 10:28 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-04-13 23:18 - 2015-11-10 07:32 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-13 23:18 - 2014-12-22 14:16 - 00001379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-13 14:42 - 2015-06-18 06:31 - 00000878 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1001Core.job
2017-04-13 07:08 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-13 07:02 - 2016-11-19 08:43 - 00000000 ____D C:\Users\Bíba\AppData\LocalLow\Mozilla
2017-04-12 19:28 - 2017-03-10 09:32 - 00000000 ____D C:\Users\Golfstar\Downloads\backups
2017-04-12 19:23 - 2017-03-09 23:43 - 00004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-04-12 19:19 - 2017-03-07 13:45 - 00000000 ____D C:\Users\Default\AppData\Roaming\Kyubey
2017-04-12 19:19 - 2017-03-07 13:45 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Kyubey
2017-04-12 07:12 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2017-04-12 04:26 - 2016-04-27 09:00 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-12 00:08 - 2014-12-22 14:16 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-11 22:29 - 2014-08-29 00:16 - 00000000 ____D C:\ProgramData\Turbine
2017-04-11 22:29 - 2014-08-29 00:15 - 00000000 ____D C:\ProgramData\HappyCloud
2017-04-11 22:27 - 2014-08-30 23:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-04-11 22:26 - 2016-09-04 21:32 - 00000000 ____D C:\ProgramData\Electronic Arts
2017-04-11 22:25 - 2016-07-23 10:28 - 00003470 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-11 22:25 - 2016-07-23 10:28 - 00003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-11 21:49 - 2016-04-26 23:46 - 04780000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows Defender
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-11 21:46 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2017-04-11 21:41 - 2016-09-09 00:12 - 00000000 ____D C:\Users\Golfstar\AppData\Local\CrashDumps
2017-04-11 21:41 - 2015-01-17 21:25 - 00000000 ___HD C:\Program Files (x86)\Temp
2017-04-11 21:04 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-11 21:04 - 2014-08-28 00:15 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-11 21:04 - 2014-08-28 00:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-11 19:42 - 2017-02-06 09:57 - 00000000 ____D C:\Users\Bíba\AppData\Local\CrashDumps
2017-04-11 15:02 - 2016-07-23 10:28 - 00004592 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-04-11 15:02 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-04-11 15:02 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-04-11 14:02 - 2016-12-23 00:44 - 00004470 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-04-08 00:40 - 2016-06-05 01:10 - 00000000 ____D C:\Users\Golfstar\AppData\Local\Battle.net
2017-04-07 22:10 - 2016-06-05 01:12 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2017-04-07 21:50 - 2016-06-05 01:09 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-04-05 08:19 - 2016-07-23 10:07 - 02039786 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-05 08:19 - 2016-04-27 08:11 - 00843726 _____ C:\WINDOWS\system32\perfh005.dat
2017-04-05 08:19 - 2016-04-27 08:11 - 00192740 _____ C:\WINDOWS\system32\perfc005.dat
2017-04-05 08:13 - 2016-07-23 10:28 - 00004010 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1458712455
2017-04-05 08:13 - 2016-03-23 07:54 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-04-04 19:20 - 2017-03-09 23:43 - 00334088 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-04-04 19:20 - 2017-03-09 23:43 - 00307736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-04-04 19:20 - 2017-03-09 23:43 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-04-04 19:20 - 2017-03-09 23:43 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-04-04 19:20 - 2016-03-23 07:53 - 00032600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 01005048 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00556784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00339696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00164064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00127112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00101152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-04-04 11:41 - 2016-11-12 00:54 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-04-01 21:05 - 2015-10-30 09:26 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-01 21:05 - 2015-10-30 09:26 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-01 15:13 - 2016-07-23 10:59 - 00000000 ___DC C:\WINDOWS\Panther
2017-03-31 01:13 - 2016-07-23 10:28 - 00003954 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1423217291
2017-03-31 01:13 - 2015-02-06 12:08 - 00001208 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-03-31 01:13 - 2015-02-06 12:07 - 00000000 ____D C:\Program Files (x86)\Opera
2017-03-28 11:15 - 2016-04-27 08:52 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-03-23 12:49 - 2016-11-12 08:13 - 00000000 ____D C:\Users\Bíba\AppData\Roaming\Canon
2017-03-19 10:54 - 2016-07-22 21:51 - 00000000 ____D C:\Users\Golfstar\AppData\Roaming\Andy
2017-03-18 23:49 - 2015-03-07 14:20 - 00000000 ____D C:\Program Files (x86)\GameforgeLive
2017-03-18 23:48 - 2015-03-07 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2017-03-18 23:46 - 2016-07-23 13:13 - 00000000 ____D C:\Users\Golfstar\AppData\Local\Packages
2017-03-18 23:46 - 2015-10-30 09:24 - 00000000 __RHD C:\Users\Public\Libraries
2017-03-18 23:38 - 2015-01-02 12:49 - 00000000 ____D C:\Program Files (x86)\7-Zip
2017-03-17 20:22 - 2015-10-29 23:06 - 00000000 ____D C:\ProgramData\Apple
2017-03-17 20:22 - 2014-08-28 21:22 - 00002072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-17 20:21 - 2017-03-07 13:42 - 00000000 ____D C:\Program Files (x86)\MK
2017-03-17 08:17 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
==================== Files in the root of some directories =======
2016-09-02 00:12 - 2016-09-02 00:12 - 0001907 _____ () C:\Users\Golfstar\AppData\Local\recently-used.xbel
2016-09-04 22:31 - 2016-09-04 22:31 - 0000017 _____ () C:\Users\Golfstar\AppData\Local\resmon.resmoncfg
Some files in TEMP:
====================
2017-03-18 23:42 - 2016-07-21 22:32 - 0949784 _____ (BlueStack Systems, Inc.) C:\Users\Golfstar\AppData\Local\Temp\BluestacksUninstaller.exe
2017-04-11 22:29 - 2013-11-12 17:48 - 0692632 _____ (Happy Cloud, Inc.) C:\Users\Golfstar\AppData\Local\Temp\hcuninstaller_20170411_222929_4428.exe
2017-03-18 23:42 - 2016-07-21 22:31 - 0187416 _____ (BlueStack Systems) C:\Users\Golfstar\AppData\Local\Temp\HD-LibraryHandler.dll
2017-03-18 23:42 - 2016-07-21 22:29 - 0246808 _____ (BlueStack Systems) C:\Users\Golfstar\AppData\Local\Temp\HD-Logger-Native.dll
2016-10-28 02:49 - 2016-10-28 02:49 - 0737856 _____ (Oracle Corporation) C:\Users\Golfstar\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-03-12 10:12 - 2017-03-12 10:12 - 0739904 _____ (Oracle Corporation) C:\Users\Golfstar\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-11-12 00:39 - 2015-01-19 19:48 - 1126480 ____N (CANON INC.) C:\Users\Golfstar\AppData\Local\Temp\MSETUP4.EXE
2014-08-28 22:51 - 2014-07-02 19:44 - 1214048 _____ (NVIDIA Corporation) C:\Users\Golfstar\AppData\Local\Temp\nvSCPAPI.dll
2014-08-28 22:51 - 2014-07-02 19:44 - 1398936 _____ (NVIDIA Corporation) C:\Users\Golfstar\AppData\Local\Temp\nvSCPAPI64.dll
2016-09-04 22:37 - 2014-07-02 19:44 - 0826712 _____ (NVIDIA Corporation) C:\Users\Golfstar\AppData\Local\Temp\nvStInst.exe
2017-03-19 10:53 - 2016-07-19 22:14 - 1328792 _____ (Andy OS, inc.) C:\Users\Golfstar\AppData\Local\Temp\RemoveTemp.exe
2017-03-15 21:20 - 2017-03-15 21:20 - 14456872 _____ (Microsoft Corporation) C:\Users\Golfstar\AppData\Local\Temp\vc_redist.x86.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1001Core.job => C:\Users\Golfstar\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1001UA.job => C:\Users\Golfstar\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1003Core.job => C:\Users\Bíba\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1003UA.job => C:\Users\Bíba\AppData\Local\Facebook\Update\FacebookUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Golfstar\Desktop" je 440 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface
"C:\Users\Golfstar\AppData\Local\Akamai\netsession_win.exe" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent
C:\Program Files (x86)\BlueStacks\HD-Agent.exe [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox Update
"C:\Users\Golfstar\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay
C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HandyAndy.lnk
C:\PROGRA~1\Andy\HANDYA~1.EXE [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Golfstar^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk
C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\Dropbox.exe
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000001
==================== End Of Log ==============================
-
Rudy
- Site Admin
- Příspěvky: 119670
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zamořený PC
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zamořený PC
# AdwCleaner v6.045 - Log vytvořen 16/04/2017 v 12:26:17
# Aktualizováno dne 28/03/2017 z Malwarebytes
# Databáze : 2017-04-16.1 [Server]
# Operační systém : Windows 10 Pro (X64)
# Uživatelské jméno : Golfstar - GOLFSTAR1
# Spuštěno z : C:\Users\Golfstar\Downloads\adwcleaner_6.045.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
***** [ Soubory ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
***** [ Registry ] *****
***** [ Prohlížeče ] *****
[-] [C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [favicon_url] Smazáno: hxxp://www.ourluckysites.com/searchfavicon.ico
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [5031 Bajty] - [12/04/2017 19:17:28]
C:\AdwCleaner\AdwCleaner[C2].txt - [5709 Bajty] - [13/04/2017 23:19:12]
C:\AdwCleaner\AdwCleaner[C3].txt - [1606 Bajty] - [15/04/2017 00:11:50]
C:\AdwCleaner\AdwCleaner[C4].txt - [1690 Bajty] - [16/04/2017 02:51:03]
C:\AdwCleaner\AdwCleaner[C5].txt - [1244 Bajty] - [16/04/2017 12:26:17]
C:\AdwCleaner\AdwCleaner[S0].txt - [4805 Bajty] - [12/04/2017 19:14:13]
C:\AdwCleaner\AdwCleaner[S1].txt - [1519 Bajty] - [12/04/2017 19:31:16]
C:\AdwCleaner\AdwCleaner[S2].txt - [8001 Bajty] - [13/04/2017 23:18:07]
C:\AdwCleaner\AdwCleaner[S3].txt - [1855 Bajty] - [15/04/2017 00:11:24]
C:\AdwCleaner\AdwCleaner[S4].txt - [1989 Bajty] - [16/04/2017 02:50:50]
C:\AdwCleaner\AdwCleaner[S5].txt - [2133 Bajty] - [16/04/2017 12:26:03]
########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [1755 Bajty] ##########
# Aktualizováno dne 28/03/2017 z Malwarebytes
# Databáze : 2017-04-16.1 [Server]
# Operační systém : Windows 10 Pro (X64)
# Uživatelské jméno : Golfstar - GOLFSTAR1
# Spuštěno z : C:\Users\Golfstar\Downloads\adwcleaner_6.045.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
***** [ Soubory ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
***** [ Registry ] *****
***** [ Prohlížeče ] *****
[-] [C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [favicon_url] Smazáno: hxxp://www.ourluckysites.com/searchfavicon.ico
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [5031 Bajty] - [12/04/2017 19:17:28]
C:\AdwCleaner\AdwCleaner[C2].txt - [5709 Bajty] - [13/04/2017 23:19:12]
C:\AdwCleaner\AdwCleaner[C3].txt - [1606 Bajty] - [15/04/2017 00:11:50]
C:\AdwCleaner\AdwCleaner[C4].txt - [1690 Bajty] - [16/04/2017 02:51:03]
C:\AdwCleaner\AdwCleaner[C5].txt - [1244 Bajty] - [16/04/2017 12:26:17]
C:\AdwCleaner\AdwCleaner[S0].txt - [4805 Bajty] - [12/04/2017 19:14:13]
C:\AdwCleaner\AdwCleaner[S1].txt - [1519 Bajty] - [12/04/2017 19:31:16]
C:\AdwCleaner\AdwCleaner[S2].txt - [8001 Bajty] - [13/04/2017 23:18:07]
C:\AdwCleaner\AdwCleaner[S3].txt - [1855 Bajty] - [15/04/2017 00:11:24]
C:\AdwCleaner\AdwCleaner[S4].txt - [1989 Bajty] - [16/04/2017 02:50:50]
C:\AdwCleaner\AdwCleaner[S5].txt - [2133 Bajty] - [16/04/2017 12:26:03]
########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [1755 Bajty] ##########
-
Rudy
- Site Admin
- Příspěvky: 119670
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zamořený PC
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zamořený PC
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017 (ATTENTION: ====> FRSTversion is 32 days old and could be outdated)
Ran by Golfstar (administrator) on GOLFSTAR1 (16-04-2017 13:26:10)
Running from C:\Users\Golfstar\Desktop
Loaded Profiles: Golfstar (Available Profiles: Golfstar & Bíba)
Platform: Windows 10 Pro Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1703.601.0_x64__8wekyb3d8bbwe\Calculator.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 2015-01-17] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1803976 2016-12-09] (NVIDIA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-04] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1314432 2016-06-09] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-07] (Disc Soft Ltd)
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM\...\Providers\0agqzdpi: C:\Program Files (x86)\Ranient Host\local64spl.dll
ShellExecuteHooks: No Name - {06BF8910-FD96-11E6-8F65-64006A5CFC23} - C:\Program Files (x86)\Votyphalury\Nacerph.dll -> No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-04] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-04] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox.lnk [2017-04-12]
ShortcutTarget: Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (No File)
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1702488835-1983202832-4074137989-1003\User: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{2a80756e-0938-4e11-99d0-0754bab631cf}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{71c2fb54-53e8-4da4-bf47-85d8ac52238d}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001 -> {4E739F84-3E81-4553-A622-9A839958943C} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-12] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-12] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001 -> hxxp://www.startpageing123.com/?type=hp&ts=148 ... J10XC18949
FireFox:
========
FF ProfilePath: C:\Users\Golfstar\AppData\Roaming\Mozilla\Firefox\Profiles\b2d0gye8.default-1492016320756 [2017-04-13]
FF Extension: (Disable Prefetch) - C:\Users\Golfstar\AppData\Roaming\Mozilla\Firefox\Profiles\b2d0gye8.default-1492016320756\features\{0b819a28-c59a-46e0-8f69-ea58ef041fba}\disable-prefetch@mozilla.org.xpi [2017-04-13]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-04-04]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-04-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-11] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2015-10-29] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-12] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1702488835-1983202832-4074137989-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Golfstar\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1702488835-1983202832-4074137989-1001: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-05-05] (The Happy Cloud)
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxps://www.google.com/
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.ourluckysites.com/search/?type=ds&t ... earchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> ourluckysites
CHR Profile: C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-04-12] <==== ATTENTION
CHR Extension: (Dokumenty Google) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Disk Google) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-04]
CHR Extension: (Vyhledávání Google) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Adobe Acrobat) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-13]
CHR Extension: (Avast SafePrice) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-01-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-24]
CHR Extension: (Avast Online Security) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-15]
CHR Extension: (Gmail) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-04] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-04] (AVAST Software)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2016-03-28] (BitRaider, LLC)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-07] (Disc Soft Ltd)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2017-02-19] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184208 2017-02-19] (Electronic Arts)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-03-28] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [307736 2017-04-04] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-04-04] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334088 2017-04-04] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-04-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-04-04] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-04-04] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [127112 2017-04-04] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-04-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-04-04] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1005048 2017-04-04] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [556784 2017-04-04] (AVAST Software)
S2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [164064 2017-04-04] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-04-04] (AVAST Software)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2016-03-28] (BitRaider)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-03-05] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-03-05] (Disc Soft Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S2 VMnetBridge; system32\DRIVERS\vmnetbridge.sys [X]
U3 wpcsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-15 01:46 - 2017-04-16 13:26 - 00020279 _____ C:\Users\Golfstar\Desktop\FRST.txt
2017-04-15 00:39 - 2017-04-15 00:39 - 00058707 _____ C:\Users\Golfstar\Desktop\FRST3.txt
2017-04-15 00:38 - 2017-04-15 00:39 - 00053301 _____ C:\Users\Golfstar\Desktop\Addition.txt
2017-04-15 00:35 - 2017-04-16 13:26 - 00000000 ____D C:\FRST
2017-04-15 00:29 - 2017-04-15 00:35 - 02424832 _____ (Farbar) C:\Users\Golfstar\Desktop\FRST64.exe
2017-04-15 00:01 - 2017-04-15 00:01 - 00001031 _____ C:\Users\Golfstar\Desktop\RegCleaner.lnk
2017-04-15 00:01 - 2017-04-15 00:01 - 00000000 ____D C:\Program Files (x86)\RegCleaner
2017-04-12 19:11 - 2017-04-16 12:26 - 00000000 ____D C:\AdwCleaner
2017-04-12 19:11 - 2017-04-12 19:11 - 04089296 _____ C:\Users\Golfstar\Desktop\adwcleaner_6.045.exe
2017-04-12 19:03 - 2017-04-15 00:20 - 00000555 _____ C:\Users\Golfstar\Desktop\JRT.txt
2017-04-11 21:43 - 2017-04-11 21:43 - 00388608 _____ (Trend Micro Inc.) C:\Users\Golfstar\Downloads\hijackthis(2).exe
2017-04-11 21:04 - 2017-04-11 21:04 - 00000000 _____ C:\WINDOWS\SysWOW64\1
2017-04-11 20:26 - 2017-03-28 10:51 - 00602256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-04-11 20:26 - 2017-03-28 10:50 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-04-11 20:26 - 2017-03-28 09:53 - 06958304 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-11 20:26 - 2017-03-28 09:45 - 00958120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-11 20:26 - 2017-03-28 09:44 - 02944592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-04-11 20:26 - 2017-03-28 09:44 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-04-11 20:26 - 2017-03-28 09:41 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-04-11 20:26 - 2017-03-28 09:40 - 05240440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-04-11 20:26 - 2017-03-28 09:08 - 00546968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-11 20:26 - 2017-03-28 09:08 - 00316248 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-11 20:26 - 2017-03-28 09:06 - 01522664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-11 20:26 - 2017-03-28 09:06 - 01370736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-04-11 20:26 - 2017-03-28 08:37 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-04-11 20:26 - 2017-03-28 08:23 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-11 20:26 - 2017-03-28 08:12 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-11 20:26 - 2017-03-28 08:07 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-04-11 20:26 - 2017-03-28 08:06 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oemlicense.dll
2017-04-11 20:26 - 2017-03-28 07:57 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-04-11 20:26 - 2017-03-28 07:56 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-04-11 20:26 - 2017-03-28 07:53 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-04-11 20:26 - 2017-03-28 07:47 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-04-11 20:26 - 2017-03-28 07:43 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll
2017-04-11 20:26 - 2017-03-28 07:42 - 00792576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-04-11 20:26 - 2017-03-28 07:41 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-04-11 20:26 - 2017-03-28 07:35 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2017-04-11 20:26 - 2017-03-28 07:33 - 03695104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-04-11 20:26 - 2017-03-28 07:33 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-04-11 20:26 - 2017-03-28 07:32 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licensingdiag.exe
2017-04-11 20:26 - 2017-03-28 07:18 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-04-11 20:26 - 2017-03-28 07:18 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-11 20:26 - 2017-03-28 07:11 - 01501696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-04-11 20:26 - 2017-03-28 07:08 - 02878976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-04-11 20:26 - 2017-03-28 07:04 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-04-11 20:26 - 2017-03-28 06:47 - 04405248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-04-11 20:26 - 2017-03-28 06:45 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-04-11 20:26 - 2017-03-28 06:41 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-04-11 20:26 - 2017-03-28 06:13 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-04-11 20:26 - 2017-03-18 18:41 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-04-11 20:25 - 2017-03-28 12:20 - 00100192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-04-11 20:25 - 2017-03-28 12:18 - 01997840 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-04-11 20:25 - 2017-03-28 12:17 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-04-11 20:25 - 2017-03-28 12:17 - 00800080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-04-11 20:25 - 2017-03-28 11:51 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2017-04-11 20:25 - 2017-03-28 11:18 - 08710320 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-04-11 20:25 - 2017-03-28 11:12 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-11 20:25 - 2017-03-28 11:11 - 03698216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-04-11 20:25 - 2017-03-28 11:11 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-04-11 20:25 - 2017-03-28 11:06 - 06604992 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-04-11 20:25 - 2017-03-28 11:05 - 06536248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-04-11 20:25 - 2017-03-28 10:59 - 00262400 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2017-04-11 20:25 - 2017-03-28 10:52 - 00168360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2017-04-11 20:25 - 2017-03-28 10:51 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-04-11 20:25 - 2017-03-28 10:28 - 01777792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-11 20:25 - 2017-03-28 10:12 - 00388888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-04-11 20:25 - 2017-03-28 10:05 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-04-11 20:25 - 2017-03-28 09:52 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-04-11 20:25 - 2017-03-28 09:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-11 20:25 - 2017-03-28 09:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-11 20:25 - 2017-03-28 09:42 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-11 20:25 - 2017-03-28 09:35 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-11 20:25 - 2017-03-28 09:31 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-04-11 20:25 - 2017-03-28 09:29 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-04-11 20:25 - 2017-03-28 09:21 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-04-11 20:25 - 2017-03-28 09:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-04-11 20:25 - 2017-03-28 09:17 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-04-11 20:25 - 2017-03-28 09:16 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2017-04-11 20:25 - 2017-03-28 09:14 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-04-11 20:25 - 2017-03-28 09:10 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-04-11 20:25 - 2017-03-28 09:01 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-04-11 20:25 - 2017-03-28 08:56 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2017-04-11 20:25 - 2017-03-28 08:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-04-11 20:25 - 2017-03-28 08:54 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-04-11 20:25 - 2017-03-28 08:53 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-04-11 20:25 - 2017-03-28 08:51 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-04-11 20:25 - 2017-03-28 08:48 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-04-11 20:25 - 2017-03-28 08:46 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-04-11 20:25 - 2017-03-28 08:44 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2017-04-11 20:25 - 2017-03-28 08:42 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\csc.sys
2017-04-11 20:25 - 2017-03-28 08:41 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-04-11 20:25 - 2017-03-28 08:26 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-04-11 20:25 - 2017-03-28 08:26 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-11 20:25 - 2017-03-28 08:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-04-11 20:25 - 2017-03-28 08:20 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-04-11 20:25 - 2017-03-28 08:17 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-11 20:25 - 2017-03-28 08:12 - 01729536 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-04-11 20:25 - 2017-03-28 08:10 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-11 20:25 - 2017-03-28 08:06 - 03405312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-04-11 20:25 - 2017-03-28 08:05 - 07977984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-04-11 20:25 - 2017-03-28 08:01 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-04-11 20:25 - 2017-03-28 08:01 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2017-04-11 20:25 - 2017-03-28 07:56 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-04-11 20:25 - 2017-03-28 07:53 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-04-11 20:25 - 2017-03-28 07:44 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-04-11 20:25 - 2017-03-28 07:42 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-04-11 20:25 - 2017-03-28 07:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-04-11 20:25 - 2017-03-28 07:41 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-04-11 20:25 - 2017-03-28 07:40 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-04-11 20:25 - 2017-03-28 07:39 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2017-04-11 20:25 - 2017-03-28 07:36 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-04-11 20:25 - 2017-03-28 07:36 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-04-11 20:25 - 2017-03-28 07:29 - 22375424 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-04-11 20:25 - 2017-03-28 07:22 - 06312448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-04-11 20:25 - 2017-03-28 07:20 - 24604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-11 20:25 - 2017-03-28 07:20 - 13392384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-11 20:25 - 2017-03-28 07:19 - 02911744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-04-11 20:25 - 2017-03-28 07:06 - 07856640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-04-11 20:25 - 2017-03-28 06:48 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-04-11 20:25 - 2017-03-28 06:46 - 19344896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-11 20:25 - 2017-03-28 06:45 - 18671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-04-11 20:25 - 2017-03-28 06:45 - 12134912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-11 20:25 - 2017-03-28 06:31 - 05670912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-04-11 20:25 - 2017-03-21 03:36 - 00448285 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-04-11 20:25 - 2017-03-18 22:39 - 22560744 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-04-11 20:24 - 2017-03-28 12:19 - 00202480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2017-04-11 20:24 - 2017-03-28 12:14 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-04-11 20:24 - 2017-03-28 12:12 - 00061792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-04-11 20:24 - 2017-03-28 11:08 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-04-11 20:24 - 2017-03-28 11:05 - 01540216 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-04-11 20:24 - 2017-03-28 11:05 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-04-11 20:24 - 2017-03-28 11:03 - 01128104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-04-11 20:24 - 2017-03-28 11:03 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-04-11 20:24 - 2017-03-28 10:30 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-11 20:24 - 2017-03-28 10:29 - 01986912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-11 20:24 - 2017-03-28 10:29 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-04-11 20:24 - 2017-03-28 10:29 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-11 20:24 - 2017-03-28 10:28 - 01594928 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-04-11 20:24 - 2017-03-28 09:52 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-04-11 20:24 - 2017-03-28 09:51 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-04-11 20:24 - 2017-03-28 09:50 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-04-11 20:24 - 2017-03-28 09:48 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-11 20:24 - 2017-03-28 09:40 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-04-11 20:24 - 2017-03-28 09:38 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2017-04-11 20:24 - 2017-03-28 09:37 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-04-11 20:24 - 2017-03-28 09:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oemlicense.dll
2017-04-11 20:24 - 2017-03-28 09:20 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-04-11 20:24 - 2017-03-28 09:20 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2017-04-11 20:24 - 2017-03-28 09:18 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-04-11 20:24 - 2017-03-28 09:15 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-04-11 20:24 - 2017-03-28 09:13 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-04-11 20:24 - 2017-03-28 09:09 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-04-11 20:24 - 2017-03-28 08:55 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2017-04-11 20:24 - 2017-03-28 08:53 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-04-11 20:24 - 2017-03-28 08:41 - 04456448 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-04-11 20:24 - 2017-03-28 08:40 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\licensingdiag.exe
2017-04-11 20:24 - 2017-03-28 08:21 - 03586048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-04-11 20:24 - 2017-03-28 08:19 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-11 20:24 - 2017-03-28 08:16 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-04-11 20:24 - 2017-03-28 07:55 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-04-11 20:24 - 2017-03-28 07:30 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-04-11 20:24 - 2017-03-28 07:01 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-04-08 19:26 - 2017-04-08 19:26 - 00645990 _____ C:\Users\Golfstar\Documents\Souhlas Mačeta.pdf
2017-04-08 19:25 - 2017-04-08 19:25 - 00672790 _____ C:\Users\Golfstar\Documents\Souhlas Azimut.pdf
2017-04-08 19:18 - 2017-04-08 19:18 - 00580455 _____ C:\Users\Golfstar\Documents\Souhlas Robin.pdf
2017-04-08 19:09 - 2017-04-08 19:09 - 01061427 _____ C:\Users\Golfstar\Downloads\ZkracenyVypis_1585.pdf
2017-04-08 13:25 - 2017-04-08 13:25 - 00493901 _____ C:\Users\Golfstar\Downloads\metodika_7_inventarizace (1).pdf
2017-04-08 13:24 - 2017-04-08 13:25 - 00493901 _____ C:\Users\Golfstar\Downloads\metodika_7_inventarizace.pdf
2017-04-08 13:15 - 2017-04-08 13:15 - 01576714 _____ C:\Users\Golfstar\Downloads\SouhlasyKandidatu_1585.zip
2017-04-07 12:51 - 2017-04-07 12:51 - 00000000 ____D C:\Users\Default\AppData\Local\AMD
2017-04-07 12:51 - 2017-04-07 12:51 - 00000000 ____D C:\Users\Default User\AppData\Local\AMD
2017-04-07 07:45 - 2017-04-12 00:08 - 00000000 ____D C:\Users\Golfstar\AppData\Local\AMD
2017-04-07 07:45 - 2017-04-07 07:45 - 00000000 ____D C:\Update
2017-04-07 07:43 - 2017-04-10 20:00 - 00000000 ____D C:\Program Files\MK
2017-04-07 07:43 - 2017-04-07 10:41 - 00000000 ____D C:\Program Files (x86)\{D00F2D36-EBED-4E47-9EBE-596D00DB7668}
2017-04-06 23:37 - 2017-04-06 23:37 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-04-06 23:37 - 2017-04-06 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-04-06 23:37 - 2017-04-06 23:37 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-04-06 23:34 - 2017-04-06 23:35 - 164764280 _____ (Sophos Limited) C:\Users\Golfstar\Downloads\Sophos Virus Removal Tool (1).exe
2017-04-06 23:32 - 2017-04-06 23:32 - 00000000 ____D C:\ProgramData\Sophos
2017-04-06 23:30 - 2017-04-12 19:01 - 01663904 _____ (Malwarebytes) C:\Users\Golfstar\Downloads\JRT.exe
2017-04-06 22:14 - 2017-04-06 22:14 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-04-06 22:12 - 2017-04-06 22:22 - 00136962 _____ C:\WINDOWS\ntbtlog.txt
2017-04-04 19:20 - 2017-04-04 19:20 - 00399944 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-04-03 20:45 - 2017-04-03 21:38 - 471699570 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E16.cz.tit..avi
2017-04-01 15:13 - 2017-04-01 15:13 - 00000000 ___HD C:\$WINDOWS.~BT
2017-03-29 21:00 - 2017-03-29 21:18 - 334823390 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E15.cz.tit..avi
2017-03-29 19:44 - 2017-03-29 20:04 - 356193958 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E14.cz.tit..avi
2017-03-29 19:13 - 2017-03-29 19:43 - 524679426 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E13.cz.tit..avi
2017-03-28 21:45 - 2017-03-28 22:16 - 527046222 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E12.cz.tit..avi
2017-03-28 21:11 - 2017-03-28 21:35 - 408304714 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E11.cz.tit..avi
2017-03-27 23:03 - 2017-03-27 23:38 - 626845494 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E10.cz.tit..avi
2017-03-27 22:38 - 2017-03-27 22:59 - 314294272 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E09.cz-tit.avi
2017-03-19 18:55 - 2017-03-19 18:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\Golfstar\Downloads\hijackthis(1).exe
2017-03-17 20:22 - 2017-04-12 19:17 - 00000000 ____D C:\WINDOWS\system32\log
2017-03-17 20:22 - 2017-03-17 20:22 - 00002003 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 ____D C:\Users\Golfstar\AppData\Local\Ballduck
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 ____D C:\Program Files (x86)\Ballduck
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 _____ C:\WINDOWS\SysWOW64\3
2017-03-17 20:21 - 2017-03-17 20:21 - 00000000 ____D C:\Program Files (x86)\58CC2944_cacayima
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-16 13:27 - 2014-09-22 13:21 - 00000924 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1003UA.job
2017-04-16 13:27 - 2014-09-22 13:21 - 00000902 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1003Core.job
2017-04-16 12:43 - 2015-06-18 06:31 - 00000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1001UA.job
2017-04-16 12:27 - 2016-07-23 10:03 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-16 12:27 - 2016-04-27 08:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-16 12:26 - 2015-10-30 08:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2017-04-16 12:22 - 2016-07-23 10:07 - 02039786 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-16 12:22 - 2016-04-27 08:11 - 00843726 _____ C:\WINDOWS\system32\perfh005.dat
2017-04-16 12:22 - 2016-04-27 08:11 - 00192740 _____ C:\WINDOWS\system32\perfc005.dat
2017-04-16 12:22 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2017-04-16 10:06 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-15 08:41 - 2014-09-02 18:13 - 00000000 ____D C:\Users\Bíba\AppData\Roaming\Skype
2017-04-15 07:51 - 2016-12-15 08:15 - 00003276 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-15 07:51 - 2016-07-30 10:53 - 00002427 _____ C:\Users\Bíba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-15 07:51 - 2016-07-30 10:53 - 00000000 ___RD C:\Users\Bíba\OneDrive
2017-04-14 23:05 - 2016-07-23 13:18 - 00002439 _____ C:\Users\Golfstar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-14 23:05 - 2016-07-23 13:18 - 00000000 ___RD C:\Users\Golfstar\OneDrive
2017-04-13 23:34 - 2015-02-06 12:11 - 00000000 ____D C:\Program Files (x86)\PDF Architect 2
2017-04-13 23:32 - 2014-08-28 21:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-13 23:23 - 2016-11-19 00:10 - 00000000 ____D C:\Users\Golfstar\AppData\LocalLow\Mozilla
2017-04-13 23:18 - 2016-07-23 10:28 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-04-13 23:18 - 2015-11-10 07:32 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-13 23:18 - 2014-12-22 14:16 - 00001379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-13 14:42 - 2015-06-18 06:31 - 00000878 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1001Core.job
2017-04-13 07:08 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-13 07:02 - 2016-11-19 08:43 - 00000000 ____D C:\Users\Bíba\AppData\LocalLow\Mozilla
2017-04-12 19:28 - 2017-03-10 09:32 - 00000000 ____D C:\Users\Golfstar\Downloads\backups
2017-04-12 19:23 - 2017-03-09 23:43 - 00004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-04-12 19:19 - 2017-03-07 13:45 - 00000000 ____D C:\Users\Default\AppData\Roaming\Kyubey
2017-04-12 19:19 - 2017-03-07 13:45 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Kyubey
2017-04-12 07:12 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2017-04-12 04:26 - 2016-04-27 09:00 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-12 00:08 - 2014-12-22 14:16 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-11 22:29 - 2014-08-29 00:16 - 00000000 ____D C:\ProgramData\Turbine
2017-04-11 22:29 - 2014-08-29 00:15 - 00000000 ____D C:\ProgramData\HappyCloud
2017-04-11 22:27 - 2014-08-30 23:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-04-11 22:26 - 2016-09-04 21:32 - 00000000 ____D C:\ProgramData\Electronic Arts
2017-04-11 22:25 - 2016-07-23 10:28 - 00003470 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-11 22:25 - 2016-07-23 10:28 - 00003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-11 21:49 - 2016-04-26 23:46 - 04780000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows Defender
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-11 21:41 - 2016-09-09 00:12 - 00000000 ____D C:\Users\Golfstar\AppData\Local\CrashDumps
2017-04-11 21:41 - 2015-01-17 21:25 - 00000000 ___HD C:\Program Files (x86)\Temp
2017-04-11 21:04 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-11 21:04 - 2014-08-28 00:15 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-11 21:04 - 2014-08-28 00:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-11 19:42 - 2017-02-06 09:57 - 00000000 ____D C:\Users\Bíba\AppData\Local\CrashDumps
2017-04-11 15:02 - 2016-07-23 10:28 - 00004592 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-04-11 15:02 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-04-11 15:02 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-04-11 14:02 - 2016-12-23 00:44 - 00004470 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-04-08 00:40 - 2016-06-05 01:10 - 00000000 ____D C:\Users\Golfstar\AppData\Local\Battle.net
2017-04-07 22:10 - 2016-06-05 01:12 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2017-04-07 21:50 - 2016-06-05 01:09 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-04-05 08:13 - 2016-07-23 10:28 - 00004010 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1458712455
2017-04-05 08:13 - 2016-03-23 07:54 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-04-04 19:20 - 2017-03-09 23:43 - 00334088 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-04-04 19:20 - 2017-03-09 23:43 - 00307736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-04-04 19:20 - 2017-03-09 23:43 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-04-04 19:20 - 2017-03-09 23:43 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-04-04 19:20 - 2016-03-23 07:53 - 00032600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 01005048 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00556784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00339696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00164064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00127112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00101152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-04-04 11:41 - 2016-11-12 00:54 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-04-01 21:05 - 2015-10-30 09:26 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-01 21:05 - 2015-10-30 09:26 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-01 15:13 - 2016-07-23 10:59 - 00000000 ___DC C:\WINDOWS\Panther
2017-03-31 01:13 - 2016-07-23 10:28 - 00003954 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1423217291
2017-03-31 01:13 - 2015-02-06 12:08 - 00001208 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-03-31 01:13 - 2015-02-06 12:07 - 00000000 ____D C:\Program Files (x86)\Opera
2017-03-28 11:15 - 2016-04-27 08:52 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-03-23 12:49 - 2016-11-12 08:13 - 00000000 ____D C:\Users\Bíba\AppData\Roaming\Canon
2017-03-19 10:54 - 2016-07-22 21:51 - 00000000 ____D C:\Users\Golfstar\AppData\Roaming\Andy
2017-03-18 23:49 - 2015-03-07 14:20 - 00000000 ____D C:\Program Files (x86)\GameforgeLive
2017-03-18 23:48 - 2015-03-07 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2017-03-18 23:46 - 2016-07-23 13:13 - 00000000 ____D C:\Users\Golfstar\AppData\Local\Packages
2017-03-18 23:46 - 2015-10-30 09:24 - 00000000 __RHD C:\Users\Public\Libraries
2017-03-18 23:38 - 2015-01-02 12:49 - 00000000 ____D C:\Program Files (x86)\7-Zip
2017-03-17 20:22 - 2015-10-29 23:06 - 00000000 ____D C:\ProgramData\Apple
2017-03-17 20:22 - 2014-08-28 21:22 - 00002072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-17 20:21 - 2017-03-07 13:42 - 00000000 ____D C:\Program Files (x86)\MK
2017-03-17 08:17 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
==================== Files in the root of some directories =======
2016-09-02 00:12 - 2016-09-02 00:12 - 0001907 _____ () C:\Users\Golfstar\AppData\Local\recently-used.xbel
2016-09-04 22:31 - 2016-09-04 22:31 - 0000017 _____ () C:\Users\Golfstar\AppData\Local\resmon.resmoncfg
Some files in TEMP:
====================
2017-03-18 23:42 - 2016-07-21 22:32 - 0949784 _____ (BlueStack Systems, Inc.) C:\Users\Golfstar\AppData\Local\Temp\BluestacksUninstaller.exe
2017-04-11 22:29 - 2013-11-12 17:48 - 0692632 _____ (Happy Cloud, Inc.) C:\Users\Golfstar\AppData\Local\Temp\hcuninstaller_20170411_222929_4428.exe
2017-03-18 23:42 - 2016-07-21 22:31 - 0187416 _____ (BlueStack Systems) C:\Users\Golfstar\AppData\Local\Temp\HD-LibraryHandler.dll
2017-03-18 23:42 - 2016-07-21 22:29 - 0246808 _____ (BlueStack Systems) C:\Users\Golfstar\AppData\Local\Temp\HD-Logger-Native.dll
2016-10-28 02:49 - 2016-10-28 02:49 - 0737856 _____ (Oracle Corporation) C:\Users\Golfstar\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-03-12 10:12 - 2017-03-12 10:12 - 0739904 _____ (Oracle Corporation) C:\Users\Golfstar\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-11-12 00:39 - 2015-01-19 19:48 - 1126480 ____N (CANON INC.) C:\Users\Golfstar\AppData\Local\Temp\MSETUP4.EXE
2014-08-28 22:51 - 2014-07-02 19:44 - 1214048 _____ (NVIDIA Corporation) C:\Users\Golfstar\AppData\Local\Temp\nvSCPAPI.dll
2014-08-28 22:51 - 2014-07-02 19:44 - 1398936 _____ (NVIDIA Corporation) C:\Users\Golfstar\AppData\Local\Temp\nvSCPAPI64.dll
2016-09-04 22:37 - 2014-07-02 19:44 - 0826712 _____ (NVIDIA Corporation) C:\Users\Golfstar\AppData\Local\Temp\nvStInst.exe
2017-03-19 10:53 - 2016-07-19 22:14 - 1328792 _____ (Andy OS, inc.) C:\Users\Golfstar\AppData\Local\Temp\RemoveTemp.exe
2017-03-15 21:20 - 2017-03-15 21:20 - 14456872 _____ (Microsoft Corporation) C:\Users\Golfstar\AppData\Local\Temp\vc_redist.x86.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-13 08:09
==================== End of FRST.txt ============================
Ran by Golfstar (administrator) on GOLFSTAR1 (16-04-2017 13:26:10)
Running from C:\Users\Golfstar\Desktop
Loaded Profiles: Golfstar (Available Profiles: Golfstar & Bíba)
Platform: Windows 10 Pro Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1703.601.0_x64__8wekyb3d8bbwe\Calculator.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballduck\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 2015-01-17] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1803976 2016-12-09] (NVIDIA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-04] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1314432 2016-06-09] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-07] (Disc Soft Ltd)
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM\...\Providers\0agqzdpi: C:\Program Files (x86)\Ranient Host\local64spl.dll
ShellExecuteHooks: No Name - {06BF8910-FD96-11E6-8F65-64006A5CFC23} - C:\Program Files (x86)\Votyphalury\Nacerph.dll -> No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Golfstar\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-04] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-04] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox.lnk [2017-04-12]
ShortcutTarget: Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (No File)
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1702488835-1983202832-4074137989-1003\User: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{2a80756e-0938-4e11-99d0-0754bab631cf}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{71c2fb54-53e8-4da4-bf47-85d8ac52238d}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001 -> {4E739F84-3E81-4553-A622-9A839958943C} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-12] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-12] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001 -> hxxp://www.startpageing123.com/?type=hp&ts=148 ... J10XC18949
FireFox:
========
FF ProfilePath: C:\Users\Golfstar\AppData\Roaming\Mozilla\Firefox\Profiles\b2d0gye8.default-1492016320756 [2017-04-13]
FF Extension: (Disable Prefetch) - C:\Users\Golfstar\AppData\Roaming\Mozilla\Firefox\Profiles\b2d0gye8.default-1492016320756\features\{0b819a28-c59a-46e0-8f69-ea58ef041fba}\disable-prefetch@mozilla.org.xpi [2017-04-13]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-04-04]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-04-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-11] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2015-10-29] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-12] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1702488835-1983202832-4074137989-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Golfstar\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1702488835-1983202832-4074137989-1001: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-05-05] (The Happy Cloud)
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxps://www.google.com/
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.ourluckysites.com/search/?type=ds&t ... earchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> ourluckysites
CHR Profile: C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-04-12] <==== ATTENTION
CHR Extension: (Dokumenty Google) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Disk Google) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-04]
CHR Extension: (Vyhledávání Google) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Adobe Acrobat) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-13]
CHR Extension: (Avast SafePrice) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-01-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-24]
CHR Extension: (Avast Online Security) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-15]
CHR Extension: (Gmail) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-04] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-04] (AVAST Software)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2016-03-28] (BitRaider, LLC)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-07] (Disc Soft Ltd)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2017-02-19] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184208 2017-02-19] (Electronic Arts)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-03-28] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [307736 2017-04-04] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-04-04] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334088 2017-04-04] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-04-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-04-04] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-04-04] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [127112 2017-04-04] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-04-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-04-04] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1005048 2017-04-04] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [556784 2017-04-04] (AVAST Software)
S2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [164064 2017-04-04] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-04-04] (AVAST Software)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2016-03-28] (BitRaider)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-03-05] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-03-05] (Disc Soft Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S2 VMnetBridge; system32\DRIVERS\vmnetbridge.sys [X]
U3 wpcsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-15 01:46 - 2017-04-16 13:26 - 00020279 _____ C:\Users\Golfstar\Desktop\FRST.txt
2017-04-15 00:39 - 2017-04-15 00:39 - 00058707 _____ C:\Users\Golfstar\Desktop\FRST3.txt
2017-04-15 00:38 - 2017-04-15 00:39 - 00053301 _____ C:\Users\Golfstar\Desktop\Addition.txt
2017-04-15 00:35 - 2017-04-16 13:26 - 00000000 ____D C:\FRST
2017-04-15 00:29 - 2017-04-15 00:35 - 02424832 _____ (Farbar) C:\Users\Golfstar\Desktop\FRST64.exe
2017-04-15 00:01 - 2017-04-15 00:01 - 00001031 _____ C:\Users\Golfstar\Desktop\RegCleaner.lnk
2017-04-15 00:01 - 2017-04-15 00:01 - 00000000 ____D C:\Program Files (x86)\RegCleaner
2017-04-12 19:11 - 2017-04-16 12:26 - 00000000 ____D C:\AdwCleaner
2017-04-12 19:11 - 2017-04-12 19:11 - 04089296 _____ C:\Users\Golfstar\Desktop\adwcleaner_6.045.exe
2017-04-12 19:03 - 2017-04-15 00:20 - 00000555 _____ C:\Users\Golfstar\Desktop\JRT.txt
2017-04-11 21:43 - 2017-04-11 21:43 - 00388608 _____ (Trend Micro Inc.) C:\Users\Golfstar\Downloads\hijackthis(2).exe
2017-04-11 21:04 - 2017-04-11 21:04 - 00000000 _____ C:\WINDOWS\SysWOW64\1
2017-04-11 20:26 - 2017-03-28 10:51 - 00602256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-04-11 20:26 - 2017-03-28 10:50 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-04-11 20:26 - 2017-03-28 09:53 - 06958304 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-11 20:26 - 2017-03-28 09:45 - 00958120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-11 20:26 - 2017-03-28 09:44 - 02944592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-04-11 20:26 - 2017-03-28 09:44 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-04-11 20:26 - 2017-03-28 09:41 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-04-11 20:26 - 2017-03-28 09:40 - 05240440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-04-11 20:26 - 2017-03-28 09:08 - 00546968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-11 20:26 - 2017-03-28 09:08 - 00316248 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-11 20:26 - 2017-03-28 09:06 - 01522664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-11 20:26 - 2017-03-28 09:06 - 01370736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-04-11 20:26 - 2017-03-28 08:37 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-04-11 20:26 - 2017-03-28 08:23 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-11 20:26 - 2017-03-28 08:12 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-11 20:26 - 2017-03-28 08:07 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-04-11 20:26 - 2017-03-28 08:06 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oemlicense.dll
2017-04-11 20:26 - 2017-03-28 07:57 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-04-11 20:26 - 2017-03-28 07:56 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-04-11 20:26 - 2017-03-28 07:53 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-04-11 20:26 - 2017-03-28 07:47 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-04-11 20:26 - 2017-03-28 07:43 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll
2017-04-11 20:26 - 2017-03-28 07:42 - 00792576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-04-11 20:26 - 2017-03-28 07:41 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-04-11 20:26 - 2017-03-28 07:35 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2017-04-11 20:26 - 2017-03-28 07:33 - 03695104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-04-11 20:26 - 2017-03-28 07:33 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-04-11 20:26 - 2017-03-28 07:32 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licensingdiag.exe
2017-04-11 20:26 - 2017-03-28 07:18 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-04-11 20:26 - 2017-03-28 07:18 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-11 20:26 - 2017-03-28 07:11 - 01501696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-04-11 20:26 - 2017-03-28 07:08 - 02878976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-04-11 20:26 - 2017-03-28 07:04 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-04-11 20:26 - 2017-03-28 06:47 - 04405248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-04-11 20:26 - 2017-03-28 06:45 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-04-11 20:26 - 2017-03-28 06:41 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-04-11 20:26 - 2017-03-28 06:13 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-04-11 20:26 - 2017-03-18 18:41 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-04-11 20:25 - 2017-03-28 12:20 - 00100192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-04-11 20:25 - 2017-03-28 12:18 - 01997840 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-04-11 20:25 - 2017-03-28 12:17 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-04-11 20:25 - 2017-03-28 12:17 - 00800080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-04-11 20:25 - 2017-03-28 11:51 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2017-04-11 20:25 - 2017-03-28 11:18 - 08710320 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-04-11 20:25 - 2017-03-28 11:12 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-11 20:25 - 2017-03-28 11:11 - 03698216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-04-11 20:25 - 2017-03-28 11:11 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-04-11 20:25 - 2017-03-28 11:06 - 06604992 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-04-11 20:25 - 2017-03-28 11:05 - 06536248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-04-11 20:25 - 2017-03-28 10:59 - 00262400 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2017-04-11 20:25 - 2017-03-28 10:52 - 00168360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2017-04-11 20:25 - 2017-03-28 10:51 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-04-11 20:25 - 2017-03-28 10:28 - 01777792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-11 20:25 - 2017-03-28 10:12 - 00388888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-04-11 20:25 - 2017-03-28 10:05 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-04-11 20:25 - 2017-03-28 09:52 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-04-11 20:25 - 2017-03-28 09:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-11 20:25 - 2017-03-28 09:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-11 20:25 - 2017-03-28 09:42 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-11 20:25 - 2017-03-28 09:35 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-11 20:25 - 2017-03-28 09:31 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-04-11 20:25 - 2017-03-28 09:29 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-04-11 20:25 - 2017-03-28 09:21 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-04-11 20:25 - 2017-03-28 09:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-04-11 20:25 - 2017-03-28 09:17 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-04-11 20:25 - 2017-03-28 09:16 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2017-04-11 20:25 - 2017-03-28 09:14 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-04-11 20:25 - 2017-03-28 09:10 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-04-11 20:25 - 2017-03-28 09:01 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-04-11 20:25 - 2017-03-28 08:56 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2017-04-11 20:25 - 2017-03-28 08:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-04-11 20:25 - 2017-03-28 08:54 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-04-11 20:25 - 2017-03-28 08:53 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-04-11 20:25 - 2017-03-28 08:51 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-04-11 20:25 - 2017-03-28 08:48 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-04-11 20:25 - 2017-03-28 08:46 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-04-11 20:25 - 2017-03-28 08:44 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2017-04-11 20:25 - 2017-03-28 08:42 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\csc.sys
2017-04-11 20:25 - 2017-03-28 08:41 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-04-11 20:25 - 2017-03-28 08:26 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-04-11 20:25 - 2017-03-28 08:26 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-11 20:25 - 2017-03-28 08:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-04-11 20:25 - 2017-03-28 08:20 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-04-11 20:25 - 2017-03-28 08:17 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-11 20:25 - 2017-03-28 08:12 - 01729536 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-04-11 20:25 - 2017-03-28 08:10 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-11 20:25 - 2017-03-28 08:06 - 03405312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-04-11 20:25 - 2017-03-28 08:05 - 07977984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-04-11 20:25 - 2017-03-28 08:01 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-04-11 20:25 - 2017-03-28 08:01 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2017-04-11 20:25 - 2017-03-28 07:56 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-04-11 20:25 - 2017-03-28 07:53 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-04-11 20:25 - 2017-03-28 07:44 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-04-11 20:25 - 2017-03-28 07:42 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-04-11 20:25 - 2017-03-28 07:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-04-11 20:25 - 2017-03-28 07:41 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-04-11 20:25 - 2017-03-28 07:40 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-04-11 20:25 - 2017-03-28 07:39 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2017-04-11 20:25 - 2017-03-28 07:36 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-04-11 20:25 - 2017-03-28 07:36 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-04-11 20:25 - 2017-03-28 07:29 - 22375424 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-04-11 20:25 - 2017-03-28 07:22 - 06312448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-04-11 20:25 - 2017-03-28 07:20 - 24604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-11 20:25 - 2017-03-28 07:20 - 13392384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-11 20:25 - 2017-03-28 07:19 - 02911744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-04-11 20:25 - 2017-03-28 07:06 - 07856640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-04-11 20:25 - 2017-03-28 06:48 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-04-11 20:25 - 2017-03-28 06:46 - 19344896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-11 20:25 - 2017-03-28 06:45 - 18671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-04-11 20:25 - 2017-03-28 06:45 - 12134912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-11 20:25 - 2017-03-28 06:31 - 05670912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-04-11 20:25 - 2017-03-21 03:36 - 00448285 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-04-11 20:25 - 2017-03-18 22:39 - 22560744 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-04-11 20:24 - 2017-03-28 12:19 - 00202480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2017-04-11 20:24 - 2017-03-28 12:14 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-04-11 20:24 - 2017-03-28 12:12 - 00061792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-04-11 20:24 - 2017-03-28 11:08 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-04-11 20:24 - 2017-03-28 11:05 - 01540216 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-04-11 20:24 - 2017-03-28 11:05 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-04-11 20:24 - 2017-03-28 11:03 - 01128104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-04-11 20:24 - 2017-03-28 11:03 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-04-11 20:24 - 2017-03-28 10:30 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-11 20:24 - 2017-03-28 10:29 - 01986912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-11 20:24 - 2017-03-28 10:29 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-04-11 20:24 - 2017-03-28 10:29 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-11 20:24 - 2017-03-28 10:28 - 01594928 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-04-11 20:24 - 2017-03-28 09:52 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-04-11 20:24 - 2017-03-28 09:51 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-04-11 20:24 - 2017-03-28 09:50 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-04-11 20:24 - 2017-03-28 09:48 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-11 20:24 - 2017-03-28 09:40 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-04-11 20:24 - 2017-03-28 09:38 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2017-04-11 20:24 - 2017-03-28 09:37 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-04-11 20:24 - 2017-03-28 09:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oemlicense.dll
2017-04-11 20:24 - 2017-03-28 09:20 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-04-11 20:24 - 2017-03-28 09:20 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2017-04-11 20:24 - 2017-03-28 09:18 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-04-11 20:24 - 2017-03-28 09:15 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-04-11 20:24 - 2017-03-28 09:13 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-04-11 20:24 - 2017-03-28 09:09 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-04-11 20:24 - 2017-03-28 08:55 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2017-04-11 20:24 - 2017-03-28 08:53 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-04-11 20:24 - 2017-03-28 08:41 - 04456448 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-04-11 20:24 - 2017-03-28 08:40 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\licensingdiag.exe
2017-04-11 20:24 - 2017-03-28 08:21 - 03586048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-04-11 20:24 - 2017-03-28 08:19 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-11 20:24 - 2017-03-28 08:16 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-04-11 20:24 - 2017-03-28 07:55 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-04-11 20:24 - 2017-03-28 07:30 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-04-11 20:24 - 2017-03-28 07:01 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-04-08 19:26 - 2017-04-08 19:26 - 00645990 _____ C:\Users\Golfstar\Documents\Souhlas Mačeta.pdf
2017-04-08 19:25 - 2017-04-08 19:25 - 00672790 _____ C:\Users\Golfstar\Documents\Souhlas Azimut.pdf
2017-04-08 19:18 - 2017-04-08 19:18 - 00580455 _____ C:\Users\Golfstar\Documents\Souhlas Robin.pdf
2017-04-08 19:09 - 2017-04-08 19:09 - 01061427 _____ C:\Users\Golfstar\Downloads\ZkracenyVypis_1585.pdf
2017-04-08 13:25 - 2017-04-08 13:25 - 00493901 _____ C:\Users\Golfstar\Downloads\metodika_7_inventarizace (1).pdf
2017-04-08 13:24 - 2017-04-08 13:25 - 00493901 _____ C:\Users\Golfstar\Downloads\metodika_7_inventarizace.pdf
2017-04-08 13:15 - 2017-04-08 13:15 - 01576714 _____ C:\Users\Golfstar\Downloads\SouhlasyKandidatu_1585.zip
2017-04-07 12:51 - 2017-04-07 12:51 - 00000000 ____D C:\Users\Default\AppData\Local\AMD
2017-04-07 12:51 - 2017-04-07 12:51 - 00000000 ____D C:\Users\Default User\AppData\Local\AMD
2017-04-07 07:45 - 2017-04-12 00:08 - 00000000 ____D C:\Users\Golfstar\AppData\Local\AMD
2017-04-07 07:45 - 2017-04-07 07:45 - 00000000 ____D C:\Update
2017-04-07 07:43 - 2017-04-10 20:00 - 00000000 ____D C:\Program Files\MK
2017-04-07 07:43 - 2017-04-07 10:41 - 00000000 ____D C:\Program Files (x86)\{D00F2D36-EBED-4E47-9EBE-596D00DB7668}
2017-04-06 23:37 - 2017-04-06 23:37 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-04-06 23:37 - 2017-04-06 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-04-06 23:37 - 2017-04-06 23:37 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-04-06 23:34 - 2017-04-06 23:35 - 164764280 _____ (Sophos Limited) C:\Users\Golfstar\Downloads\Sophos Virus Removal Tool (1).exe
2017-04-06 23:32 - 2017-04-06 23:32 - 00000000 ____D C:\ProgramData\Sophos
2017-04-06 23:30 - 2017-04-12 19:01 - 01663904 _____ (Malwarebytes) C:\Users\Golfstar\Downloads\JRT.exe
2017-04-06 22:14 - 2017-04-06 22:14 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-04-06 22:12 - 2017-04-06 22:22 - 00136962 _____ C:\WINDOWS\ntbtlog.txt
2017-04-04 19:20 - 2017-04-04 19:20 - 00399944 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-04-03 20:45 - 2017-04-03 21:38 - 471699570 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E16.cz.tit..avi
2017-04-01 15:13 - 2017-04-01 15:13 - 00000000 ___HD C:\$WINDOWS.~BT
2017-03-29 21:00 - 2017-03-29 21:18 - 334823390 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E15.cz.tit..avi
2017-03-29 19:44 - 2017-03-29 20:04 - 356193958 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E14.cz.tit..avi
2017-03-29 19:13 - 2017-03-29 19:43 - 524679426 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E13.cz.tit..avi
2017-03-28 21:45 - 2017-03-28 22:16 - 527046222 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E12.cz.tit..avi
2017-03-28 21:11 - 2017-03-28 21:35 - 408304714 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E11.cz.tit..avi
2017-03-27 23:03 - 2017-03-27 23:38 - 626845494 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E10.cz.tit..avi
2017-03-27 22:38 - 2017-03-27 22:59 - 314294272 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E09.cz-tit.avi
2017-03-19 18:55 - 2017-03-19 18:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\Golfstar\Downloads\hijackthis(1).exe
2017-03-17 20:22 - 2017-04-12 19:17 - 00000000 ____D C:\WINDOWS\system32\log
2017-03-17 20:22 - 2017-03-17 20:22 - 00002003 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 ____D C:\Users\Golfstar\AppData\Local\Ballduck
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 ____D C:\Program Files (x86)\Ballduck
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 _____ C:\WINDOWS\SysWOW64\3
2017-03-17 20:21 - 2017-03-17 20:21 - 00000000 ____D C:\Program Files (x86)\58CC2944_cacayima
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-16 13:27 - 2014-09-22 13:21 - 00000924 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1003UA.job
2017-04-16 13:27 - 2014-09-22 13:21 - 00000902 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1003Core.job
2017-04-16 12:43 - 2015-06-18 06:31 - 00000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1001UA.job
2017-04-16 12:27 - 2016-07-23 10:03 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-16 12:27 - 2016-04-27 08:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-16 12:26 - 2015-10-30 08:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2017-04-16 12:22 - 2016-07-23 10:07 - 02039786 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-16 12:22 - 2016-04-27 08:11 - 00843726 _____ C:\WINDOWS\system32\perfh005.dat
2017-04-16 12:22 - 2016-04-27 08:11 - 00192740 _____ C:\WINDOWS\system32\perfc005.dat
2017-04-16 12:22 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2017-04-16 10:06 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-15 08:41 - 2014-09-02 18:13 - 00000000 ____D C:\Users\Bíba\AppData\Roaming\Skype
2017-04-15 07:51 - 2016-12-15 08:15 - 00003276 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-15 07:51 - 2016-07-30 10:53 - 00002427 _____ C:\Users\Bíba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-15 07:51 - 2016-07-30 10:53 - 00000000 ___RD C:\Users\Bíba\OneDrive
2017-04-14 23:05 - 2016-07-23 13:18 - 00002439 _____ C:\Users\Golfstar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-14 23:05 - 2016-07-23 13:18 - 00000000 ___RD C:\Users\Golfstar\OneDrive
2017-04-13 23:34 - 2015-02-06 12:11 - 00000000 ____D C:\Program Files (x86)\PDF Architect 2
2017-04-13 23:32 - 2014-08-28 21:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-13 23:23 - 2016-11-19 00:10 - 00000000 ____D C:\Users\Golfstar\AppData\LocalLow\Mozilla
2017-04-13 23:18 - 2016-07-23 10:28 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-04-13 23:18 - 2015-11-10 07:32 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-13 23:18 - 2014-12-22 14:16 - 00001379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-13 14:42 - 2015-06-18 06:31 - 00000878 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1001Core.job
2017-04-13 07:08 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-13 07:02 - 2016-11-19 08:43 - 00000000 ____D C:\Users\Bíba\AppData\LocalLow\Mozilla
2017-04-12 19:28 - 2017-03-10 09:32 - 00000000 ____D C:\Users\Golfstar\Downloads\backups
2017-04-12 19:23 - 2017-03-09 23:43 - 00004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-04-12 19:19 - 2017-03-07 13:45 - 00000000 ____D C:\Users\Default\AppData\Roaming\Kyubey
2017-04-12 19:19 - 2017-03-07 13:45 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Kyubey
2017-04-12 07:12 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2017-04-12 04:26 - 2016-04-27 09:00 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-12 00:08 - 2014-12-22 14:16 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-11 22:29 - 2014-08-29 00:16 - 00000000 ____D C:\ProgramData\Turbine
2017-04-11 22:29 - 2014-08-29 00:15 - 00000000 ____D C:\ProgramData\HappyCloud
2017-04-11 22:27 - 2014-08-30 23:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-04-11 22:26 - 2016-09-04 21:32 - 00000000 ____D C:\ProgramData\Electronic Arts
2017-04-11 22:25 - 2016-07-23 10:28 - 00003470 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-11 22:25 - 2016-07-23 10:28 - 00003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-11 21:49 - 2016-04-26 23:46 - 04780000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows Defender
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-11 21:41 - 2016-09-09 00:12 - 00000000 ____D C:\Users\Golfstar\AppData\Local\CrashDumps
2017-04-11 21:41 - 2015-01-17 21:25 - 00000000 ___HD C:\Program Files (x86)\Temp
2017-04-11 21:04 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-11 21:04 - 2014-08-28 00:15 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-11 21:04 - 2014-08-28 00:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-11 19:42 - 2017-02-06 09:57 - 00000000 ____D C:\Users\Bíba\AppData\Local\CrashDumps
2017-04-11 15:02 - 2016-07-23 10:28 - 00004592 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-04-11 15:02 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-04-11 15:02 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-04-11 14:02 - 2016-12-23 00:44 - 00004470 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-04-08 00:40 - 2016-06-05 01:10 - 00000000 ____D C:\Users\Golfstar\AppData\Local\Battle.net
2017-04-07 22:10 - 2016-06-05 01:12 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2017-04-07 21:50 - 2016-06-05 01:09 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-04-05 08:13 - 2016-07-23 10:28 - 00004010 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1458712455
2017-04-05 08:13 - 2016-03-23 07:54 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-04-04 19:20 - 2017-03-09 23:43 - 00334088 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-04-04 19:20 - 2017-03-09 23:43 - 00307736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-04-04 19:20 - 2017-03-09 23:43 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-04-04 19:20 - 2017-03-09 23:43 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-04-04 19:20 - 2016-03-23 07:53 - 00032600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 01005048 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00556784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00339696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00164064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00127112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00101152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-04-04 11:41 - 2016-11-12 00:54 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-04-01 21:05 - 2015-10-30 09:26 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-01 21:05 - 2015-10-30 09:26 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-01 15:13 - 2016-07-23 10:59 - 00000000 ___DC C:\WINDOWS\Panther
2017-03-31 01:13 - 2016-07-23 10:28 - 00003954 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1423217291
2017-03-31 01:13 - 2015-02-06 12:08 - 00001208 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-03-31 01:13 - 2015-02-06 12:07 - 00000000 ____D C:\Program Files (x86)\Opera
2017-03-28 11:15 - 2016-04-27 08:52 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-03-23 12:49 - 2016-11-12 08:13 - 00000000 ____D C:\Users\Bíba\AppData\Roaming\Canon
2017-03-19 10:54 - 2016-07-22 21:51 - 00000000 ____D C:\Users\Golfstar\AppData\Roaming\Andy
2017-03-18 23:49 - 2015-03-07 14:20 - 00000000 ____D C:\Program Files (x86)\GameforgeLive
2017-03-18 23:48 - 2015-03-07 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2017-03-18 23:46 - 2016-07-23 13:13 - 00000000 ____D C:\Users\Golfstar\AppData\Local\Packages
2017-03-18 23:46 - 2015-10-30 09:24 - 00000000 __RHD C:\Users\Public\Libraries
2017-03-18 23:38 - 2015-01-02 12:49 - 00000000 ____D C:\Program Files (x86)\7-Zip
2017-03-17 20:22 - 2015-10-29 23:06 - 00000000 ____D C:\ProgramData\Apple
2017-03-17 20:22 - 2014-08-28 21:22 - 00002072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-17 20:21 - 2017-03-07 13:42 - 00000000 ____D C:\Program Files (x86)\MK
2017-03-17 08:17 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
==================== Files in the root of some directories =======
2016-09-02 00:12 - 2016-09-02 00:12 - 0001907 _____ () C:\Users\Golfstar\AppData\Local\recently-used.xbel
2016-09-04 22:31 - 2016-09-04 22:31 - 0000017 _____ () C:\Users\Golfstar\AppData\Local\resmon.resmoncfg
Some files in TEMP:
====================
2017-03-18 23:42 - 2016-07-21 22:32 - 0949784 _____ (BlueStack Systems, Inc.) C:\Users\Golfstar\AppData\Local\Temp\BluestacksUninstaller.exe
2017-04-11 22:29 - 2013-11-12 17:48 - 0692632 _____ (Happy Cloud, Inc.) C:\Users\Golfstar\AppData\Local\Temp\hcuninstaller_20170411_222929_4428.exe
2017-03-18 23:42 - 2016-07-21 22:31 - 0187416 _____ (BlueStack Systems) C:\Users\Golfstar\AppData\Local\Temp\HD-LibraryHandler.dll
2017-03-18 23:42 - 2016-07-21 22:29 - 0246808 _____ (BlueStack Systems) C:\Users\Golfstar\AppData\Local\Temp\HD-Logger-Native.dll
2016-10-28 02:49 - 2016-10-28 02:49 - 0737856 _____ (Oracle Corporation) C:\Users\Golfstar\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-03-12 10:12 - 2017-03-12 10:12 - 0739904 _____ (Oracle Corporation) C:\Users\Golfstar\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-11-12 00:39 - 2015-01-19 19:48 - 1126480 ____N (CANON INC.) C:\Users\Golfstar\AppData\Local\Temp\MSETUP4.EXE
2014-08-28 22:51 - 2014-07-02 19:44 - 1214048 _____ (NVIDIA Corporation) C:\Users\Golfstar\AppData\Local\Temp\nvSCPAPI.dll
2014-08-28 22:51 - 2014-07-02 19:44 - 1398936 _____ (NVIDIA Corporation) C:\Users\Golfstar\AppData\Local\Temp\nvSCPAPI64.dll
2016-09-04 22:37 - 2014-07-02 19:44 - 0826712 _____ (NVIDIA Corporation) C:\Users\Golfstar\AppData\Local\Temp\nvStInst.exe
2017-03-19 10:53 - 2016-07-19 22:14 - 1328792 _____ (Andy OS, inc.) C:\Users\Golfstar\AppData\Local\Temp\RemoveTemp.exe
2017-03-15 21:20 - 2017-03-15 21:20 - 14456872 _____ (Microsoft Corporation) C:\Users\Golfstar\AppData\Local\Temp\vc_redist.x86.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-13 08:09
==================== End of FRST.txt ============================
-
Rudy
- Site Admin
- Příspěvky: 119670
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zamořený PC
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
ShellExecuteHooks: No Name - {06BF8910-FD96-11E6-8F65-64006A5CFC23} - C:\Program Files (x86)\Votyphalury\Nacerph.dll -> No File
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1702488835-1983202832-4074137989-1003\User: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Edge HomeButtonPage: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001 -> hxxp://www.startpageing123.com/?type=hp ... J10XC18949
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.ourluckysites.com/search/?ty ... 0345503&q={searchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> ourluckysites
CHR Profile: C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-04-12] <==== ATTENTION
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
C:\WINDOWS\system32\ApnDatabase.xml
C:\Program Files (x86)\58CC2944_cacayima
C:\Users\Golfstar\AppData\Local\Temp
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zamořený PC
Fix result of Farbar Recovery Scan Tool (x64) Version: 16-04-2017
Ran by Golfstar (16-04-2017 18:18:10) Run:1
Running from C:\Users\Golfstar\Desktop
Loaded Profiles: Golfstar (Available Profiles: Golfstar & Bíba)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
ShellExecuteHooks: No Name - {06BF8910-FD96-11E6-8F65-64006A5CFC23} - C:\Program Files (x86)\Votyphalury\Nacerph.dll -> No File
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1702488835-1983202832-4074137989-1003\User: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Edge HomeButtonPage: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001 -> hxxp://www.startpageing123.com/?type=hp ... J10XC18949
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.ourluckysites.com/search/?ty ... 0345503&q={searchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> ourluckysites
CHR Profile: C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-04-12] <==== ATTENTION
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
C:\WINDOWS\system32\ApnDatabase.xml
C:\Program Files (x86)\58CC2944_cacayima
C:\Users\Golfstar\AppData\Local\Temp
EmptyTemp:
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{06BF8910-FD96-11E6-8F65-64006A5CFC23} => value removed successfully
HKCR\CLSID\{06BF8910-FD96-11E6-8F65-64006A5CFC23} => key not found.
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-1702488835-1983202832-4074137989-1003\User => moved successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\\HomeButtonPage => value removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => moved successfully
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully
idsvc => service removed successfully
HKLM\System\CurrentControlSet\Services\wpcsvc => key removed successfully
wpcsvc => service removed successfully
C:\WINDOWS\system32\ApnDatabase.xml => moved successfully
C:\Program Files (x86)\58CC2944_cacayima => moved successfully
"C:\Users\Golfstar\AppData\Local\Temp" folder move:
Could not move "C:\Users\Golfstar\AppData\Local\Temp" => Scheduled to move on reboot.
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 407048496 B
Java, Flash, Steam htmlcache => 14717 B
Windows/system/drivers => 239717056 B
Edge => 6845726 B
Chrome => 0 B
Firefox => 87957722 B
Opera => 470558122 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 109541376 B
LocalService => 65150 B
NetworkService => 5464 B
Golfstar => 5272689196 B
Bíba => 742330183 B
DefaultAppPool => 0 B
RecycleBin => 853 B
EmptyTemp: => 6.8 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 16-04-2017 18:25:56)
C:\Users\Golfstar\AppData\Local\Temp => moved successfully
==== End of Fixlog 18:26:05 ====
Ran by Golfstar (16-04-2017 18:18:10) Run:1
Running from C:\Users\Golfstar\Desktop
Loaded Profiles: Golfstar (Available Profiles: Golfstar & Bíba)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
ShellExecuteHooks: No Name - {06BF8910-FD96-11E6-8F65-64006A5CFC23} - C:\Program Files (x86)\Votyphalury\Nacerph.dll -> No File
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1702488835-1983202832-4074137989-1003\User: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Edge HomeButtonPage: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001 -> hxxp://www.startpageing123.com/?type=hp ... J10XC18949
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.ourluckysites.com/search/?ty ... 0345503&q={searchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> ourluckysites
CHR Profile: C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-04-12] <==== ATTENTION
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
C:\WINDOWS\system32\ApnDatabase.xml
C:\Program Files (x86)\58CC2944_cacayima
C:\Users\Golfstar\AppData\Local\Temp
EmptyTemp:
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{06BF8910-FD96-11E6-8F65-64006A5CFC23} => value removed successfully
HKCR\CLSID\{06BF8910-FD96-11E6-8F65-64006A5CFC23} => key not found.
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-1702488835-1983202832-4074137989-1003\User => moved successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1702488835-1983202832-4074137989-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\\HomeButtonPage => value removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
C:\Users\Golfstar\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => moved successfully
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully
idsvc => service removed successfully
HKLM\System\CurrentControlSet\Services\wpcsvc => key removed successfully
wpcsvc => service removed successfully
C:\WINDOWS\system32\ApnDatabase.xml => moved successfully
C:\Program Files (x86)\58CC2944_cacayima => moved successfully
"C:\Users\Golfstar\AppData\Local\Temp" folder move:
Could not move "C:\Users\Golfstar\AppData\Local\Temp" => Scheduled to move on reboot.
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 407048496 B
Java, Flash, Steam htmlcache => 14717 B
Windows/system/drivers => 239717056 B
Edge => 6845726 B
Chrome => 0 B
Firefox => 87957722 B
Opera => 470558122 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 109541376 B
LocalService => 65150 B
NetworkService => 5464 B
Golfstar => 5272689196 B
Bíba => 742330183 B
DefaultAppPool => 0 B
RecycleBin => 853 B
EmptyTemp: => 6.8 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 16-04-2017 18:25:56)
C:\Users\Golfstar\AppData\Local\Temp => moved successfully
==== End of Fixlog 18:26:05 ====
Re: Zamořený PC
Bohužel tu stále něco mám.
Po otevření prohlížeče pro vložení logu se mi hned snažili naběhnout nějaké reklamy a startovací stránka byla zase nějaká luckisite123.com. proto přikládám nový FRXT log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-04-2017
Ran by Golfstar (administrator) on GOLFSTAR1 (16-04-2017 18:32:02)
Running from C:\Users\Golfstar\Desktop
Loaded Profiles: Golfstar (Available Profiles: Golfstar & Bíba)
Platform: Windows 10 Pro Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
==================== Registry (Whitelisted) ====================
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{2a80756e-0938-4e11-99d0-0754bab631cf}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{71c2fb54-53e8-4da4-bf47-85d8ac52238d}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001 -> {4E739F84-3E81-4553-A622-9A839958943C} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-12] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-12] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
FireFox:
========
FF ProfilePath: C:\Users\Golfstar\AppData\Roaming\Mozilla\Firefox\Profiles\b2d0gye8.default-1492016320756 [2017-04-16]
FF Extension: (Disable Prefetch) - C:\Users\Golfstar\AppData\Roaming\Mozilla\Firefox\Profiles\b2d0gye8.default-1492016320756\features\{0b819a28-c59a-46e0-8f69-ea58ef041fba}\disable-prefetch@mozilla.org.xpi [2017-04-13]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-04-04]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-04-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-11] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2015-10-29] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-12] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1702488835-1983202832-4074137989-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Golfstar\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1702488835-1983202832-4074137989-1001: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-05-05] (The Happy Cloud)
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-04] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-04] (AVAST Software)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2016-03-28] (BitRaider, LLC)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-07] (Disc Soft Ltd)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2017-02-19] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184208 2017-02-19] (Electronic Arts)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-03-28] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [307736 2017-04-04] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-04-04] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334088 2017-04-04] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-04-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-04-04] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-04-04] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [127112 2017-04-04] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-04-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-04-04] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1005048 2017-04-04] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [556784 2017-04-04] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [164064 2017-04-04] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-04-04] (AVAST Software)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2016-03-28] (BitRaider)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-03-05] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-03-05] (Disc Soft Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S2 VMnetBridge; system32\DRIVERS\vmnetbridge.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-16 18:25 - 2017-04-16 18:25 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-04-16 18:18 - 2017-04-16 18:26 - 00005681 _____ C:\Users\Golfstar\Desktop\Fixlog.txt
2017-04-16 18:17 - 2017-04-16 18:17 - 00000000 ____D C:\Users\Golfstar\Desktop\FRST-OlderVersion
2017-04-16 15:36 - 2017-04-16 15:36 - 00046990 _____ C:\Users\Golfstar\Downloads\00000000015101238840_255036339_20170331_3_MCZS.pdf
2017-04-15 01:46 - 2017-04-16 18:32 - 00010372 _____ C:\Users\Golfstar\Desktop\FRST.txt
2017-04-15 00:39 - 2017-04-15 00:39 - 00058707 _____ C:\Users\Golfstar\Desktop\FRST3.txt
2017-04-15 00:38 - 2017-04-16 13:28 - 00052712 _____ C:\Users\Golfstar\Desktop\Addition.txt
2017-04-15 00:35 - 2017-04-16 18:32 - 00000000 ____D C:\FRST
2017-04-15 00:29 - 2017-04-16 18:17 - 02424320 _____ (Farbar) C:\Users\Golfstar\Desktop\FRST64.exe
2017-04-15 00:01 - 2017-04-15 00:01 - 00001031 _____ C:\Users\Golfstar\Desktop\RegCleaner.lnk
2017-04-15 00:01 - 2017-04-15 00:01 - 00000000 ____D C:\Program Files (x86)\RegCleaner
2017-04-12 19:11 - 2017-04-16 12:26 - 00000000 ____D C:\AdwCleaner
2017-04-12 19:11 - 2017-04-12 19:11 - 04089296 _____ C:\Users\Golfstar\Desktop\adwcleaner_6.045.exe
2017-04-12 19:03 - 2017-04-15 00:20 - 00000555 _____ C:\Users\Golfstar\Desktop\JRT.txt
2017-04-11 21:43 - 2017-04-11 21:43 - 00388608 _____ (Trend Micro Inc.) C:\Users\Golfstar\Downloads\hijackthis(2).exe
2017-04-11 21:04 - 2017-04-11 21:04 - 00000000 _____ C:\WINDOWS\SysWOW64\1
2017-04-11 20:26 - 2017-03-28 10:51 - 00602256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-04-11 20:26 - 2017-03-28 10:50 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-04-11 20:26 - 2017-03-28 09:53 - 06958304 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-11 20:26 - 2017-03-28 09:45 - 00958120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-11 20:26 - 2017-03-28 09:44 - 02944592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-04-11 20:26 - 2017-03-28 09:44 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-04-11 20:26 - 2017-03-28 09:41 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-04-11 20:26 - 2017-03-28 09:40 - 05240440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-04-11 20:26 - 2017-03-28 09:08 - 00546968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-11 20:26 - 2017-03-28 09:08 - 00316248 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-11 20:26 - 2017-03-28 09:06 - 01522664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-11 20:26 - 2017-03-28 09:06 - 01370736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-04-11 20:26 - 2017-03-28 08:37 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-04-11 20:26 - 2017-03-28 08:23 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-11 20:26 - 2017-03-28 08:12 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-11 20:26 - 2017-03-28 08:07 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-04-11 20:26 - 2017-03-28 08:06 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oemlicense.dll
2017-04-11 20:26 - 2017-03-28 07:57 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-04-11 20:26 - 2017-03-28 07:56 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-04-11 20:26 - 2017-03-28 07:53 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-04-11 20:26 - 2017-03-28 07:47 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-04-11 20:26 - 2017-03-28 07:43 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll
2017-04-11 20:26 - 2017-03-28 07:42 - 00792576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-04-11 20:26 - 2017-03-28 07:41 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-04-11 20:26 - 2017-03-28 07:35 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2017-04-11 20:26 - 2017-03-28 07:33 - 03695104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-04-11 20:26 - 2017-03-28 07:33 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-04-11 20:26 - 2017-03-28 07:32 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licensingdiag.exe
2017-04-11 20:26 - 2017-03-28 07:18 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-04-11 20:26 - 2017-03-28 07:18 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-11 20:26 - 2017-03-28 07:11 - 01501696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-04-11 20:26 - 2017-03-28 07:08 - 02878976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-04-11 20:26 - 2017-03-28 07:04 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-04-11 20:26 - 2017-03-28 06:47 - 04405248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-04-11 20:26 - 2017-03-28 06:45 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-04-11 20:26 - 2017-03-28 06:41 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-04-11 20:26 - 2017-03-28 06:13 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-04-11 20:26 - 2017-03-18 18:41 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-04-11 20:25 - 2017-03-28 12:20 - 00100192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-04-11 20:25 - 2017-03-28 12:18 - 01997840 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-04-11 20:25 - 2017-03-28 12:17 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-04-11 20:25 - 2017-03-28 12:17 - 00800080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-04-11 20:25 - 2017-03-28 11:51 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2017-04-11 20:25 - 2017-03-28 11:18 - 08710320 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-04-11 20:25 - 2017-03-28 11:12 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-11 20:25 - 2017-03-28 11:11 - 03698216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-04-11 20:25 - 2017-03-28 11:11 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-04-11 20:25 - 2017-03-28 11:06 - 06604992 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-04-11 20:25 - 2017-03-28 11:05 - 06536248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-04-11 20:25 - 2017-03-28 10:59 - 00262400 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2017-04-11 20:25 - 2017-03-28 10:52 - 00168360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2017-04-11 20:25 - 2017-03-28 10:51 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-04-11 20:25 - 2017-03-28 10:28 - 01777792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-11 20:25 - 2017-03-28 10:12 - 00388888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-04-11 20:25 - 2017-03-28 10:05 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-04-11 20:25 - 2017-03-28 09:52 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-04-11 20:25 - 2017-03-28 09:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-11 20:25 - 2017-03-28 09:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-11 20:25 - 2017-03-28 09:42 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-11 20:25 - 2017-03-28 09:35 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-11 20:25 - 2017-03-28 09:31 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-04-11 20:25 - 2017-03-28 09:29 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-04-11 20:25 - 2017-03-28 09:21 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-04-11 20:25 - 2017-03-28 09:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-04-11 20:25 - 2017-03-28 09:17 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-04-11 20:25 - 2017-03-28 09:16 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2017-04-11 20:25 - 2017-03-28 09:14 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-04-11 20:25 - 2017-03-28 09:10 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-04-11 20:25 - 2017-03-28 09:01 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-04-11 20:25 - 2017-03-28 08:56 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2017-04-11 20:25 - 2017-03-28 08:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-04-11 20:25 - 2017-03-28 08:54 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-04-11 20:25 - 2017-03-28 08:53 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-04-11 20:25 - 2017-03-28 08:51 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-04-11 20:25 - 2017-03-28 08:48 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-04-11 20:25 - 2017-03-28 08:46 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-04-11 20:25 - 2017-03-28 08:44 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2017-04-11 20:25 - 2017-03-28 08:42 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\csc.sys
2017-04-11 20:25 - 2017-03-28 08:41 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-04-11 20:25 - 2017-03-28 08:26 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-04-11 20:25 - 2017-03-28 08:26 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-11 20:25 - 2017-03-28 08:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-04-11 20:25 - 2017-03-28 08:20 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-04-11 20:25 - 2017-03-28 08:17 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-11 20:25 - 2017-03-28 08:12 - 01729536 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-04-11 20:25 - 2017-03-28 08:10 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-11 20:25 - 2017-03-28 08:06 - 03405312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-04-11 20:25 - 2017-03-28 08:05 - 07977984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-04-11 20:25 - 2017-03-28 08:01 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-04-11 20:25 - 2017-03-28 08:01 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2017-04-11 20:25 - 2017-03-28 07:56 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-04-11 20:25 - 2017-03-28 07:53 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-04-11 20:25 - 2017-03-28 07:44 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-04-11 20:25 - 2017-03-28 07:42 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-04-11 20:25 - 2017-03-28 07:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-04-11 20:25 - 2017-03-28 07:41 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-04-11 20:25 - 2017-03-28 07:40 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-04-11 20:25 - 2017-03-28 07:39 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2017-04-11 20:25 - 2017-03-28 07:36 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-04-11 20:25 - 2017-03-28 07:36 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-04-11 20:25 - 2017-03-28 07:29 - 22375424 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-04-11 20:25 - 2017-03-28 07:22 - 06312448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-04-11 20:25 - 2017-03-28 07:20 - 24604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-11 20:25 - 2017-03-28 07:20 - 13392384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-11 20:25 - 2017-03-28 07:19 - 02911744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-04-11 20:25 - 2017-03-28 07:06 - 07856640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-04-11 20:25 - 2017-03-28 06:48 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-04-11 20:25 - 2017-03-28 06:46 - 19344896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-11 20:25 - 2017-03-28 06:45 - 18671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-04-11 20:25 - 2017-03-28 06:45 - 12134912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-11 20:25 - 2017-03-28 06:31 - 05670912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-04-11 20:25 - 2017-03-18 22:39 - 22560744 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-04-11 20:24 - 2017-03-28 12:19 - 00202480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2017-04-11 20:24 - 2017-03-28 12:14 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-04-11 20:24 - 2017-03-28 12:12 - 00061792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-04-11 20:24 - 2017-03-28 11:08 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-04-11 20:24 - 2017-03-28 11:05 - 01540216 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-04-11 20:24 - 2017-03-28 11:05 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-04-11 20:24 - 2017-03-28 11:03 - 01128104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-04-11 20:24 - 2017-03-28 11:03 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-04-11 20:24 - 2017-03-28 10:30 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-11 20:24 - 2017-03-28 10:29 - 01986912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-11 20:24 - 2017-03-28 10:29 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-04-11 20:24 - 2017-03-28 10:29 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-11 20:24 - 2017-03-28 10:28 - 01594928 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-04-11 20:24 - 2017-03-28 09:52 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-04-11 20:24 - 2017-03-28 09:51 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-04-11 20:24 - 2017-03-28 09:50 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-04-11 20:24 - 2017-03-28 09:48 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-11 20:24 - 2017-03-28 09:40 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-04-11 20:24 - 2017-03-28 09:38 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2017-04-11 20:24 - 2017-03-28 09:37 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-04-11 20:24 - 2017-03-28 09:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oemlicense.dll
2017-04-11 20:24 - 2017-03-28 09:20 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-04-11 20:24 - 2017-03-28 09:20 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2017-04-11 20:24 - 2017-03-28 09:18 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-04-11 20:24 - 2017-03-28 09:15 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-04-11 20:24 - 2017-03-28 09:13 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-04-11 20:24 - 2017-03-28 09:09 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-04-11 20:24 - 2017-03-28 08:55 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2017-04-11 20:24 - 2017-03-28 08:53 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-04-11 20:24 - 2017-03-28 08:41 - 04456448 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-04-11 20:24 - 2017-03-28 08:40 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\licensingdiag.exe
2017-04-11 20:24 - 2017-03-28 08:21 - 03586048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-04-11 20:24 - 2017-03-28 08:19 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-11 20:24 - 2017-03-28 08:16 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-04-11 20:24 - 2017-03-28 07:55 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-04-11 20:24 - 2017-03-28 07:30 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-04-11 20:24 - 2017-03-28 07:01 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-04-08 19:26 - 2017-04-08 19:26 - 00645990 _____ C:\Users\Golfstar\Documents\Souhlas Mačeta.pdf
2017-04-08 19:25 - 2017-04-08 19:25 - 00672790 _____ C:\Users\Golfstar\Documents\Souhlas Azimut.pdf
2017-04-08 19:18 - 2017-04-08 19:18 - 00580455 _____ C:\Users\Golfstar\Documents\Souhlas Robin.pdf
2017-04-08 19:09 - 2017-04-08 19:09 - 01061427 _____ C:\Users\Golfstar\Downloads\ZkracenyVypis_1585.pdf
2017-04-08 13:25 - 2017-04-08 13:25 - 00493901 _____ C:\Users\Golfstar\Downloads\metodika_7_inventarizace (1).pdf
2017-04-08 13:24 - 2017-04-08 13:25 - 00493901 _____ C:\Users\Golfstar\Downloads\metodika_7_inventarizace.pdf
2017-04-08 13:15 - 2017-04-08 13:15 - 01576714 _____ C:\Users\Golfstar\Downloads\SouhlasyKandidatu_1585.zip
2017-04-07 12:51 - 2017-04-07 12:51 - 00000000 ____D C:\Users\Default\AppData\Local\AMD
2017-04-07 12:51 - 2017-04-07 12:51 - 00000000 ____D C:\Users\Default User\AppData\Local\AMD
2017-04-07 07:45 - 2017-04-12 00:08 - 00000000 ____D C:\Users\Golfstar\AppData\Local\AMD
2017-04-07 07:45 - 2017-04-07 07:45 - 00000000 ____D C:\Update
2017-04-07 07:43 - 2017-04-10 20:00 - 00000000 ____D C:\Program Files\MK
2017-04-07 07:43 - 2017-04-07 10:41 - 00000000 ____D C:\Program Files (x86)\{D00F2D36-EBED-4E47-9EBE-596D00DB7668}
2017-04-06 23:37 - 2017-04-06 23:37 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-04-06 23:37 - 2017-04-06 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-04-06 23:37 - 2017-04-06 23:37 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-04-06 23:34 - 2017-04-06 23:35 - 164764280 _____ (Sophos Limited) C:\Users\Golfstar\Downloads\Sophos Virus Removal Tool (1).exe
2017-04-06 23:32 - 2017-04-06 23:32 - 00000000 ____D C:\ProgramData\Sophos
2017-04-06 23:30 - 2017-04-12 19:01 - 01663904 _____ (Malwarebytes) C:\Users\Golfstar\Downloads\JRT.exe
2017-04-06 22:14 - 2017-04-06 22:14 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-04-06 22:12 - 2017-04-06 22:22 - 00136962 _____ C:\WINDOWS\ntbtlog.txt
2017-04-04 19:20 - 2017-04-04 19:20 - 00399944 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-04-03 20:45 - 2017-04-03 21:38 - 471699570 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E16.cz.tit..avi
2017-04-01 15:13 - 2017-04-01 15:13 - 00000000 ___HD C:\$WINDOWS.~BT
2017-03-29 21:00 - 2017-03-29 21:18 - 334823390 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E15.cz.tit..avi
2017-03-29 19:44 - 2017-03-29 20:04 - 356193958 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E14.cz.tit..avi
2017-03-29 19:13 - 2017-03-29 19:43 - 524679426 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E13.cz.tit..avi
2017-03-28 21:45 - 2017-03-28 22:16 - 527046222 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E12.cz.tit..avi
2017-03-28 21:11 - 2017-03-28 21:35 - 408304714 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E11.cz.tit..avi
2017-03-27 23:03 - 2017-03-27 23:38 - 626845494 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E10.cz.tit..avi
2017-03-27 22:38 - 2017-03-27 22:59 - 314294272 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E09.cz-tit.avi
2017-03-19 18:55 - 2017-03-19 18:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\Golfstar\Downloads\hijackthis(1).exe
2017-03-17 20:22 - 2017-04-12 19:17 - 00000000 ____D C:\WINDOWS\system32\log
2017-03-17 20:22 - 2017-03-17 20:22 - 00002003 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 ____D C:\Users\Golfstar\AppData\Local\Ballduck
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 ____D C:\Program Files (x86)\Ballduck
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 _____ C:\WINDOWS\SysWOW64\3
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-16 18:28 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-16 18:25 - 2016-07-23 13:13 - 00000008 __RSH C:\Users\Golfstar\ntuser.pol
2017-04-16 18:25 - 2016-07-23 10:08 - 00000000 ____D C:\Users\Golfstar
2017-04-16 18:24 - 2016-07-23 10:03 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-16 18:24 - 2016-04-27 08:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-16 18:24 - 2015-06-18 06:31 - 00000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1001UA.job
2017-04-16 18:24 - 2015-06-18 06:31 - 00000878 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1001Core.job
2017-04-16 18:23 - 2015-10-30 08:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2017-04-16 18:20 - 2016-11-22 00:02 - 00000000 ____D C:\Users\Golfstar\AppData\LocalLow\Temp
2017-04-16 18:18 - 2009-07-14 05:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-04-16 16:27 - 2014-09-22 13:21 - 00000924 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1003UA.job
2017-04-16 15:36 - 2016-11-12 00:54 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-04-16 13:40 - 2014-11-29 23:30 - 00000000 ____D C:\Users\Golfstar\Documents\Skaut
2017-04-16 13:27 - 2014-09-22 13:21 - 00000902 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1003Core.job
2017-04-16 12:22 - 2016-07-23 10:07 - 02039786 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-16 12:22 - 2016-04-27 08:11 - 00843726 _____ C:\WINDOWS\system32\perfh005.dat
2017-04-16 12:22 - 2016-04-27 08:11 - 00192740 _____ C:\WINDOWS\system32\perfc005.dat
2017-04-16 12:22 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2017-04-15 08:41 - 2014-09-02 18:13 - 00000000 ____D C:\Users\Bíba\AppData\Roaming\Skype
2017-04-15 07:51 - 2016-12-15 08:15 - 00003276 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-15 07:51 - 2016-07-30 10:53 - 00002427 _____ C:\Users\Bíba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-15 07:51 - 2016-07-30 10:53 - 00000000 ___RD C:\Users\Bíba\OneDrive
2017-04-14 23:05 - 2016-07-23 13:18 - 00002439 _____ C:\Users\Golfstar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-14 23:05 - 2016-07-23 13:18 - 00000000 ___RD C:\Users\Golfstar\OneDrive
2017-04-13 23:34 - 2015-02-06 12:11 - 00000000 ____D C:\Program Files (x86)\PDF Architect 2
2017-04-13 23:32 - 2014-08-28 21:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-13 23:23 - 2016-11-19 00:10 - 00000000 ____D C:\Users\Golfstar\AppData\LocalLow\Mozilla
2017-04-13 23:18 - 2016-07-23 10:28 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-04-13 23:18 - 2015-11-10 07:32 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-13 23:18 - 2014-12-22 14:16 - 00001379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-13 07:08 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-13 07:02 - 2016-11-19 08:43 - 00000000 ____D C:\Users\Bíba\AppData\LocalLow\Mozilla
2017-04-12 19:28 - 2017-03-10 09:32 - 00000000 ____D C:\Users\Golfstar\Downloads\backups
2017-04-12 19:23 - 2017-03-09 23:43 - 00004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-04-12 19:19 - 2017-03-07 13:45 - 00000000 ____D C:\Users\Default\AppData\Roaming\Kyubey
2017-04-12 19:19 - 2017-03-07 13:45 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Kyubey
2017-04-12 07:12 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2017-04-12 04:26 - 2016-04-27 09:00 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-12 00:08 - 2014-12-22 14:16 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-11 22:29 - 2014-08-29 00:16 - 00000000 ____D C:\ProgramData\Turbine
2017-04-11 22:29 - 2014-08-29 00:15 - 00000000 ____D C:\ProgramData\HappyCloud
2017-04-11 22:27 - 2014-08-30 23:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-04-11 22:26 - 2016-09-04 21:32 - 00000000 ____D C:\ProgramData\Electronic Arts
2017-04-11 22:25 - 2016-07-23 10:28 - 00003470 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-11 22:25 - 2016-07-23 10:28 - 00003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-11 21:49 - 2016-04-26 23:46 - 04780000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows Defender
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-11 21:41 - 2016-09-09 00:12 - 00000000 ____D C:\Users\Golfstar\AppData\Local\CrashDumps
2017-04-11 21:41 - 2015-01-17 21:25 - 00000000 ___HD C:\Program Files (x86)\Temp
2017-04-11 21:04 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-11 21:04 - 2014-08-28 00:15 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-11 21:04 - 2014-08-28 00:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-11 19:42 - 2017-02-06 09:57 - 00000000 ____D C:\Users\Bíba\AppData\Local\CrashDumps
2017-04-11 15:02 - 2016-07-23 10:28 - 00004592 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-04-11 15:02 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-04-11 15:02 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-04-11 14:02 - 2016-12-23 00:44 - 00004470 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-04-08 00:40 - 2016-06-05 01:10 - 00000000 ____D C:\Users\Golfstar\AppData\Local\Battle.net
2017-04-07 22:10 - 2016-06-05 01:12 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2017-04-07 21:50 - 2016-06-05 01:09 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-04-05 08:13 - 2016-07-23 10:28 - 00004010 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1458712455
2017-04-05 08:13 - 2016-03-23 07:54 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-04-04 19:20 - 2017-03-09 23:43 - 00334088 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-04-04 19:20 - 2017-03-09 23:43 - 00307736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-04-04 19:20 - 2017-03-09 23:43 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-04-04 19:20 - 2017-03-09 23:43 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-04-04 19:20 - 2016-03-23 07:53 - 00032600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 01005048 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00556784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00339696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00164064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00127112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00101152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-04-01 21:05 - 2015-10-30 09:26 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-01 21:05 - 2015-10-30 09:26 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-01 15:13 - 2016-07-23 10:59 - 00000000 ___DC C:\WINDOWS\Panther
2017-03-31 01:13 - 2016-07-23 10:28 - 00003954 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1423217291
2017-03-31 01:13 - 2015-02-06 12:08 - 00001208 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-03-31 01:13 - 2015-02-06 12:07 - 00000000 ____D C:\Program Files (x86)\Opera
2017-03-28 11:15 - 2016-04-27 08:52 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-03-23 12:49 - 2016-11-12 08:13 - 00000000 ____D C:\Users\Bíba\AppData\Roaming\Canon
2017-03-19 10:54 - 2016-07-22 21:51 - 00000000 ____D C:\Users\Golfstar\AppData\Roaming\Andy
2017-03-18 23:49 - 2015-03-07 14:20 - 00000000 ____D C:\Program Files (x86)\GameforgeLive
2017-03-18 23:48 - 2015-03-07 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2017-03-18 23:46 - 2016-07-23 13:13 - 00000000 ____D C:\Users\Golfstar\AppData\Local\Packages
2017-03-18 23:46 - 2015-10-30 09:24 - 00000000 __RHD C:\Users\Public\Libraries
2017-03-18 23:38 - 2015-01-02 12:49 - 00000000 ____D C:\Program Files (x86)\7-Zip
2017-03-17 20:22 - 2015-10-29 23:06 - 00000000 ____D C:\ProgramData\Apple
2017-03-17 20:22 - 2014-08-28 21:22 - 00002072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-17 20:21 - 2017-03-07 13:42 - 00000000 ____D C:\Program Files (x86)\MK
2017-03-17 08:17 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
==================== Files in the root of some directories =======
2016-09-02 00:12 - 2016-09-02 00:12 - 0001907 _____ () C:\Users\Golfstar\AppData\Local\recently-used.xbel
2016-09-04 22:31 - 2016-09-04 22:31 - 0000017 _____ () C:\Users\Golfstar\AppData\Local\resmon.resmoncfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-13 08:09
==================== End of FRST.txt ============================
Po otevření prohlížeče pro vložení logu se mi hned snažili naběhnout nějaké reklamy a startovací stránka byla zase nějaká luckisite123.com. proto přikládám nový FRXT log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-04-2017
Ran by Golfstar (administrator) on GOLFSTAR1 (16-04-2017 18:32:02)
Running from C:\Users\Golfstar\Desktop
Loaded Profiles: Golfstar (Available Profiles: Golfstar & Bíba)
Platform: Windows 10 Pro Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
==================== Registry (Whitelisted) ====================
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{2a80756e-0938-4e11-99d0-0754bab631cf}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{71c2fb54-53e8-4da4-bf47-85d8ac52238d}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1702488835-1983202832-4074137989-1001 -> {4E739F84-3E81-4553-A622-9A839958943C} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-12] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-12] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
FireFox:
========
FF ProfilePath: C:\Users\Golfstar\AppData\Roaming\Mozilla\Firefox\Profiles\b2d0gye8.default-1492016320756 [2017-04-16]
FF Extension: (Disable Prefetch) - C:\Users\Golfstar\AppData\Roaming\Mozilla\Firefox\Profiles\b2d0gye8.default-1492016320756\features\{0b819a28-c59a-46e0-8f69-ea58ef041fba}\disable-prefetch@mozilla.org.xpi [2017-04-13]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-04-04]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-04-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-11] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2015-10-29] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-12] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1702488835-1983202832-4074137989-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Golfstar\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1702488835-1983202832-4074137989-1001: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-05-05] (The Happy Cloud)
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-04] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-04] (AVAST Software)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2016-03-28] (BitRaider, LLC)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-07] (Disc Soft Ltd)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2017-02-19] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184208 2017-02-19] (Electronic Arts)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-03-28] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [307736 2017-04-04] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-04-04] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334088 2017-04-04] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-04-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-04-04] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-04-04] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [127112 2017-04-04] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-04-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-04-04] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1005048 2017-04-04] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [556784 2017-04-04] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [164064 2017-04-04] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-04-04] (AVAST Software)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2016-03-28] (BitRaider)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-03-05] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-03-05] (Disc Soft Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S2 VMnetBridge; system32\DRIVERS\vmnetbridge.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-16 18:25 - 2017-04-16 18:25 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-04-16 18:18 - 2017-04-16 18:26 - 00005681 _____ C:\Users\Golfstar\Desktop\Fixlog.txt
2017-04-16 18:17 - 2017-04-16 18:17 - 00000000 ____D C:\Users\Golfstar\Desktop\FRST-OlderVersion
2017-04-16 15:36 - 2017-04-16 15:36 - 00046990 _____ C:\Users\Golfstar\Downloads\00000000015101238840_255036339_20170331_3_MCZS.pdf
2017-04-15 01:46 - 2017-04-16 18:32 - 00010372 _____ C:\Users\Golfstar\Desktop\FRST.txt
2017-04-15 00:39 - 2017-04-15 00:39 - 00058707 _____ C:\Users\Golfstar\Desktop\FRST3.txt
2017-04-15 00:38 - 2017-04-16 13:28 - 00052712 _____ C:\Users\Golfstar\Desktop\Addition.txt
2017-04-15 00:35 - 2017-04-16 18:32 - 00000000 ____D C:\FRST
2017-04-15 00:29 - 2017-04-16 18:17 - 02424320 _____ (Farbar) C:\Users\Golfstar\Desktop\FRST64.exe
2017-04-15 00:01 - 2017-04-15 00:01 - 00001031 _____ C:\Users\Golfstar\Desktop\RegCleaner.lnk
2017-04-15 00:01 - 2017-04-15 00:01 - 00000000 ____D C:\Program Files (x86)\RegCleaner
2017-04-12 19:11 - 2017-04-16 12:26 - 00000000 ____D C:\AdwCleaner
2017-04-12 19:11 - 2017-04-12 19:11 - 04089296 _____ C:\Users\Golfstar\Desktop\adwcleaner_6.045.exe
2017-04-12 19:03 - 2017-04-15 00:20 - 00000555 _____ C:\Users\Golfstar\Desktop\JRT.txt
2017-04-11 21:43 - 2017-04-11 21:43 - 00388608 _____ (Trend Micro Inc.) C:\Users\Golfstar\Downloads\hijackthis(2).exe
2017-04-11 21:04 - 2017-04-11 21:04 - 00000000 _____ C:\WINDOWS\SysWOW64\1
2017-04-11 20:26 - 2017-03-28 10:51 - 00602256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-04-11 20:26 - 2017-03-28 10:50 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-04-11 20:26 - 2017-03-28 09:53 - 06958304 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-11 20:26 - 2017-03-28 09:45 - 00958120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-11 20:26 - 2017-03-28 09:44 - 02944592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-04-11 20:26 - 2017-03-28 09:44 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-04-11 20:26 - 2017-03-28 09:41 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-04-11 20:26 - 2017-03-28 09:40 - 05240440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-04-11 20:26 - 2017-03-28 09:08 - 00546968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-11 20:26 - 2017-03-28 09:08 - 00316248 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-11 20:26 - 2017-03-28 09:06 - 01522664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-11 20:26 - 2017-03-28 09:06 - 01370736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-04-11 20:26 - 2017-03-28 08:37 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-04-11 20:26 - 2017-03-28 08:23 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-11 20:26 - 2017-03-28 08:12 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-11 20:26 - 2017-03-28 08:07 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-04-11 20:26 - 2017-03-28 08:06 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oemlicense.dll
2017-04-11 20:26 - 2017-03-28 07:57 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-04-11 20:26 - 2017-03-28 07:56 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-04-11 20:26 - 2017-03-28 07:53 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-04-11 20:26 - 2017-03-28 07:47 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-04-11 20:26 - 2017-03-28 07:43 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll
2017-04-11 20:26 - 2017-03-28 07:42 - 00792576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-04-11 20:26 - 2017-03-28 07:41 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-04-11 20:26 - 2017-03-28 07:35 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2017-04-11 20:26 - 2017-03-28 07:33 - 03695104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-04-11 20:26 - 2017-03-28 07:33 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-04-11 20:26 - 2017-03-28 07:32 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licensingdiag.exe
2017-04-11 20:26 - 2017-03-28 07:18 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-04-11 20:26 - 2017-03-28 07:18 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-11 20:26 - 2017-03-28 07:11 - 01501696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-04-11 20:26 - 2017-03-28 07:08 - 02878976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-04-11 20:26 - 2017-03-28 07:04 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-04-11 20:26 - 2017-03-28 06:47 - 04405248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-04-11 20:26 - 2017-03-28 06:45 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-04-11 20:26 - 2017-03-28 06:41 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-04-11 20:26 - 2017-03-28 06:13 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-04-11 20:26 - 2017-03-18 18:41 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-04-11 20:25 - 2017-03-28 12:20 - 00100192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-04-11 20:25 - 2017-03-28 12:18 - 01997840 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-04-11 20:25 - 2017-03-28 12:17 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-04-11 20:25 - 2017-03-28 12:17 - 00800080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-04-11 20:25 - 2017-03-28 11:51 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2017-04-11 20:25 - 2017-03-28 11:18 - 08710320 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-04-11 20:25 - 2017-03-28 11:12 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-11 20:25 - 2017-03-28 11:11 - 03698216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-04-11 20:25 - 2017-03-28 11:11 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-04-11 20:25 - 2017-03-28 11:06 - 06604992 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-04-11 20:25 - 2017-03-28 11:05 - 06536248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-04-11 20:25 - 2017-03-28 10:59 - 00262400 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2017-04-11 20:25 - 2017-03-28 10:52 - 00168360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2017-04-11 20:25 - 2017-03-28 10:51 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-04-11 20:25 - 2017-03-28 10:28 - 01777792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-11 20:25 - 2017-03-28 10:12 - 00388888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-04-11 20:25 - 2017-03-28 10:05 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-04-11 20:25 - 2017-03-28 09:52 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-04-11 20:25 - 2017-03-28 09:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-11 20:25 - 2017-03-28 09:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-11 20:25 - 2017-03-28 09:42 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-11 20:25 - 2017-03-28 09:35 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-11 20:25 - 2017-03-28 09:31 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-04-11 20:25 - 2017-03-28 09:29 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-04-11 20:25 - 2017-03-28 09:21 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-04-11 20:25 - 2017-03-28 09:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-04-11 20:25 - 2017-03-28 09:17 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-04-11 20:25 - 2017-03-28 09:16 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2017-04-11 20:25 - 2017-03-28 09:14 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-04-11 20:25 - 2017-03-28 09:10 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-04-11 20:25 - 2017-03-28 09:01 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-04-11 20:25 - 2017-03-28 08:56 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2017-04-11 20:25 - 2017-03-28 08:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-04-11 20:25 - 2017-03-28 08:54 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-04-11 20:25 - 2017-03-28 08:53 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-04-11 20:25 - 2017-03-28 08:51 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-04-11 20:25 - 2017-03-28 08:48 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-04-11 20:25 - 2017-03-28 08:46 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-04-11 20:25 - 2017-03-28 08:44 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2017-04-11 20:25 - 2017-03-28 08:42 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\csc.sys
2017-04-11 20:25 - 2017-03-28 08:41 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-04-11 20:25 - 2017-03-28 08:26 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-04-11 20:25 - 2017-03-28 08:26 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-11 20:25 - 2017-03-28 08:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-04-11 20:25 - 2017-03-28 08:20 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-04-11 20:25 - 2017-03-28 08:17 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-11 20:25 - 2017-03-28 08:12 - 01729536 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-04-11 20:25 - 2017-03-28 08:10 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-11 20:25 - 2017-03-28 08:06 - 03405312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-04-11 20:25 - 2017-03-28 08:05 - 07977984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-04-11 20:25 - 2017-03-28 08:01 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-04-11 20:25 - 2017-03-28 08:01 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2017-04-11 20:25 - 2017-03-28 07:56 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-04-11 20:25 - 2017-03-28 07:53 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-04-11 20:25 - 2017-03-28 07:44 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-04-11 20:25 - 2017-03-28 07:42 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-04-11 20:25 - 2017-03-28 07:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-04-11 20:25 - 2017-03-28 07:41 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-04-11 20:25 - 2017-03-28 07:40 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-04-11 20:25 - 2017-03-28 07:39 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2017-04-11 20:25 - 2017-03-28 07:36 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-04-11 20:25 - 2017-03-28 07:36 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-04-11 20:25 - 2017-03-28 07:29 - 22375424 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-04-11 20:25 - 2017-03-28 07:22 - 06312448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-04-11 20:25 - 2017-03-28 07:20 - 24604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-11 20:25 - 2017-03-28 07:20 - 13392384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-11 20:25 - 2017-03-28 07:19 - 02911744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-04-11 20:25 - 2017-03-28 07:06 - 07856640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-04-11 20:25 - 2017-03-28 06:48 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-04-11 20:25 - 2017-03-28 06:46 - 19344896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-11 20:25 - 2017-03-28 06:45 - 18671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-04-11 20:25 - 2017-03-28 06:45 - 12134912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-11 20:25 - 2017-03-28 06:31 - 05670912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-04-11 20:25 - 2017-03-18 22:39 - 22560744 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-04-11 20:24 - 2017-03-28 12:19 - 00202480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2017-04-11 20:24 - 2017-03-28 12:14 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-04-11 20:24 - 2017-03-28 12:12 - 00061792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-04-11 20:24 - 2017-03-28 11:08 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-04-11 20:24 - 2017-03-28 11:05 - 01540216 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-04-11 20:24 - 2017-03-28 11:05 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-04-11 20:24 - 2017-03-28 11:03 - 01128104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-04-11 20:24 - 2017-03-28 11:03 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-04-11 20:24 - 2017-03-28 10:30 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-11 20:24 - 2017-03-28 10:29 - 01986912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-11 20:24 - 2017-03-28 10:29 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-04-11 20:24 - 2017-03-28 10:29 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-11 20:24 - 2017-03-28 10:28 - 01594928 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-04-11 20:24 - 2017-03-28 09:52 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-04-11 20:24 - 2017-03-28 09:51 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-04-11 20:24 - 2017-03-28 09:50 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-04-11 20:24 - 2017-03-28 09:48 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-11 20:24 - 2017-03-28 09:40 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-04-11 20:24 - 2017-03-28 09:38 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2017-04-11 20:24 - 2017-03-28 09:37 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-04-11 20:24 - 2017-03-28 09:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oemlicense.dll
2017-04-11 20:24 - 2017-03-28 09:20 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-04-11 20:24 - 2017-03-28 09:20 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2017-04-11 20:24 - 2017-03-28 09:18 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-04-11 20:24 - 2017-03-28 09:15 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-04-11 20:24 - 2017-03-28 09:13 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-04-11 20:24 - 2017-03-28 09:09 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-04-11 20:24 - 2017-03-28 08:55 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2017-04-11 20:24 - 2017-03-28 08:53 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-04-11 20:24 - 2017-03-28 08:41 - 04456448 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-04-11 20:24 - 2017-03-28 08:40 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\licensingdiag.exe
2017-04-11 20:24 - 2017-03-28 08:21 - 03586048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-04-11 20:24 - 2017-03-28 08:19 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-11 20:24 - 2017-03-28 08:16 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-04-11 20:24 - 2017-03-28 07:55 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-04-11 20:24 - 2017-03-28 07:30 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-04-11 20:24 - 2017-03-28 07:01 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-04-08 19:26 - 2017-04-08 19:26 - 00645990 _____ C:\Users\Golfstar\Documents\Souhlas Mačeta.pdf
2017-04-08 19:25 - 2017-04-08 19:25 - 00672790 _____ C:\Users\Golfstar\Documents\Souhlas Azimut.pdf
2017-04-08 19:18 - 2017-04-08 19:18 - 00580455 _____ C:\Users\Golfstar\Documents\Souhlas Robin.pdf
2017-04-08 19:09 - 2017-04-08 19:09 - 01061427 _____ C:\Users\Golfstar\Downloads\ZkracenyVypis_1585.pdf
2017-04-08 13:25 - 2017-04-08 13:25 - 00493901 _____ C:\Users\Golfstar\Downloads\metodika_7_inventarizace (1).pdf
2017-04-08 13:24 - 2017-04-08 13:25 - 00493901 _____ C:\Users\Golfstar\Downloads\metodika_7_inventarizace.pdf
2017-04-08 13:15 - 2017-04-08 13:15 - 01576714 _____ C:\Users\Golfstar\Downloads\SouhlasyKandidatu_1585.zip
2017-04-07 12:51 - 2017-04-07 12:51 - 00000000 ____D C:\Users\Default\AppData\Local\AMD
2017-04-07 12:51 - 2017-04-07 12:51 - 00000000 ____D C:\Users\Default User\AppData\Local\AMD
2017-04-07 07:45 - 2017-04-12 00:08 - 00000000 ____D C:\Users\Golfstar\AppData\Local\AMD
2017-04-07 07:45 - 2017-04-07 07:45 - 00000000 ____D C:\Update
2017-04-07 07:43 - 2017-04-10 20:00 - 00000000 ____D C:\Program Files\MK
2017-04-07 07:43 - 2017-04-07 10:41 - 00000000 ____D C:\Program Files (x86)\{D00F2D36-EBED-4E47-9EBE-596D00DB7668}
2017-04-06 23:37 - 2017-04-06 23:37 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-04-06 23:37 - 2017-04-06 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-04-06 23:37 - 2017-04-06 23:37 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-04-06 23:34 - 2017-04-06 23:35 - 164764280 _____ (Sophos Limited) C:\Users\Golfstar\Downloads\Sophos Virus Removal Tool (1).exe
2017-04-06 23:32 - 2017-04-06 23:32 - 00000000 ____D C:\ProgramData\Sophos
2017-04-06 23:30 - 2017-04-12 19:01 - 01663904 _____ (Malwarebytes) C:\Users\Golfstar\Downloads\JRT.exe
2017-04-06 22:14 - 2017-04-06 22:14 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-04-06 22:12 - 2017-04-06 22:22 - 00136962 _____ C:\WINDOWS\ntbtlog.txt
2017-04-04 19:20 - 2017-04-04 19:20 - 00399944 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-04-03 20:45 - 2017-04-03 21:38 - 471699570 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E16.cz.tit..avi
2017-04-01 15:13 - 2017-04-01 15:13 - 00000000 ___HD C:\$WINDOWS.~BT
2017-03-29 21:00 - 2017-03-29 21:18 - 334823390 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E15.cz.tit..avi
2017-03-29 19:44 - 2017-03-29 20:04 - 356193958 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E14.cz.tit..avi
2017-03-29 19:13 - 2017-03-29 19:43 - 524679426 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E13.cz.tit..avi
2017-03-28 21:45 - 2017-03-28 22:16 - 527046222 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E12.cz.tit..avi
2017-03-28 21:11 - 2017-03-28 21:35 - 408304714 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E11.cz.tit..avi
2017-03-27 23:03 - 2017-03-27 23:38 - 626845494 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E10.cz.tit..avi
2017-03-27 22:38 - 2017-03-27 22:59 - 314294272 _____ C:\Users\Golfstar\Downloads\The.Walking.Dead.S07E09.cz-tit.avi
2017-03-19 18:55 - 2017-03-19 18:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\Golfstar\Downloads\hijackthis(1).exe
2017-03-17 20:22 - 2017-04-12 19:17 - 00000000 ____D C:\WINDOWS\system32\log
2017-03-17 20:22 - 2017-03-17 20:22 - 00002003 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 ____D C:\Users\Golfstar\AppData\Local\Ballduck
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 ____D C:\Program Files (x86)\Ballduck
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-03-17 20:22 - 2017-03-17 20:22 - 00000000 _____ C:\WINDOWS\SysWOW64\3
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-16 18:28 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-16 18:25 - 2016-07-23 13:13 - 00000008 __RSH C:\Users\Golfstar\ntuser.pol
2017-04-16 18:25 - 2016-07-23 10:08 - 00000000 ____D C:\Users\Golfstar
2017-04-16 18:24 - 2016-07-23 10:03 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-16 18:24 - 2016-04-27 08:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-16 18:24 - 2015-06-18 06:31 - 00000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1001UA.job
2017-04-16 18:24 - 2015-06-18 06:31 - 00000878 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1001Core.job
2017-04-16 18:23 - 2015-10-30 08:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2017-04-16 18:20 - 2016-11-22 00:02 - 00000000 ____D C:\Users\Golfstar\AppData\LocalLow\Temp
2017-04-16 18:18 - 2009-07-14 05:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-04-16 16:27 - 2014-09-22 13:21 - 00000924 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1003UA.job
2017-04-16 15:36 - 2016-11-12 00:54 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-04-16 13:40 - 2014-11-29 23:30 - 00000000 ____D C:\Users\Golfstar\Documents\Skaut
2017-04-16 13:27 - 2014-09-22 13:21 - 00000902 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1702488835-1983202832-4074137989-1003Core.job
2017-04-16 12:22 - 2016-07-23 10:07 - 02039786 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-16 12:22 - 2016-04-27 08:11 - 00843726 _____ C:\WINDOWS\system32\perfh005.dat
2017-04-16 12:22 - 2016-04-27 08:11 - 00192740 _____ C:\WINDOWS\system32\perfc005.dat
2017-04-16 12:22 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2017-04-15 08:41 - 2014-09-02 18:13 - 00000000 ____D C:\Users\Bíba\AppData\Roaming\Skype
2017-04-15 07:51 - 2016-12-15 08:15 - 00003276 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-15 07:51 - 2016-07-30 10:53 - 00002427 _____ C:\Users\Bíba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-15 07:51 - 2016-07-30 10:53 - 00000000 ___RD C:\Users\Bíba\OneDrive
2017-04-14 23:05 - 2016-07-23 13:18 - 00002439 _____ C:\Users\Golfstar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-14 23:05 - 2016-07-23 13:18 - 00000000 ___RD C:\Users\Golfstar\OneDrive
2017-04-13 23:34 - 2015-02-06 12:11 - 00000000 ____D C:\Program Files (x86)\PDF Architect 2
2017-04-13 23:32 - 2014-08-28 21:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-13 23:23 - 2016-11-19 00:10 - 00000000 ____D C:\Users\Golfstar\AppData\LocalLow\Mozilla
2017-04-13 23:18 - 2016-07-23 10:28 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-04-13 23:18 - 2015-11-10 07:32 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-13 23:18 - 2014-12-22 14:16 - 00001379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-13 07:08 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-13 07:02 - 2016-11-19 08:43 - 00000000 ____D C:\Users\Bíba\AppData\LocalLow\Mozilla
2017-04-12 19:28 - 2017-03-10 09:32 - 00000000 ____D C:\Users\Golfstar\Downloads\backups
2017-04-12 19:23 - 2017-03-09 23:43 - 00004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-04-12 19:19 - 2017-03-07 13:45 - 00000000 ____D C:\Users\Default\AppData\Roaming\Kyubey
2017-04-12 19:19 - 2017-03-07 13:45 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Kyubey
2017-04-12 07:12 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2017-04-12 04:26 - 2016-04-27 09:00 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-12 00:08 - 2014-12-22 14:16 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-11 22:29 - 2014-08-29 00:16 - 00000000 ____D C:\ProgramData\Turbine
2017-04-11 22:29 - 2014-08-29 00:15 - 00000000 ____D C:\ProgramData\HappyCloud
2017-04-11 22:27 - 2014-08-30 23:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-04-11 22:26 - 2016-09-04 21:32 - 00000000 ____D C:\ProgramData\Electronic Arts
2017-04-11 22:25 - 2016-07-23 10:28 - 00003470 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-11 22:25 - 2016-07-23 10:28 - 00003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-11 21:49 - 2016-04-26 23:46 - 04780000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows Defender
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-04-11 21:46 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-11 21:41 - 2016-09-09 00:12 - 00000000 ____D C:\Users\Golfstar\AppData\Local\CrashDumps
2017-04-11 21:41 - 2015-01-17 21:25 - 00000000 ___HD C:\Program Files (x86)\Temp
2017-04-11 21:04 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-11 21:04 - 2014-08-28 00:15 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-11 21:04 - 2014-08-28 00:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-11 19:42 - 2017-02-06 09:57 - 00000000 ____D C:\Users\Bíba\AppData\Local\CrashDumps
2017-04-11 15:02 - 2016-07-23 10:28 - 00004592 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-04-11 15:02 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-04-11 15:02 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-04-11 14:02 - 2016-12-23 00:44 - 00004470 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-04-08 00:40 - 2016-06-05 01:10 - 00000000 ____D C:\Users\Golfstar\AppData\Local\Battle.net
2017-04-07 22:10 - 2016-06-05 01:12 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2017-04-07 21:50 - 2016-06-05 01:09 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-04-05 08:13 - 2016-07-23 10:28 - 00004010 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1458712455
2017-04-05 08:13 - 2016-03-23 07:54 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-04-04 19:20 - 2017-03-09 23:43 - 00334088 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-04-04 19:20 - 2017-03-09 23:43 - 00307736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-04-04 19:20 - 2017-03-09 23:43 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-04-04 19:20 - 2017-03-09 23:43 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-04-04 19:20 - 2016-03-23 07:53 - 00032600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 01005048 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00556784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00339696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00164064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00127112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00101152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-04-04 19:20 - 2014-08-28 21:26 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-04-01 21:05 - 2015-10-30 09:26 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-01 21:05 - 2015-10-30 09:26 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-01 15:13 - 2016-07-23 10:59 - 00000000 ___DC C:\WINDOWS\Panther
2017-03-31 01:13 - 2016-07-23 10:28 - 00003954 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1423217291
2017-03-31 01:13 - 2015-02-06 12:08 - 00001208 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-03-31 01:13 - 2015-02-06 12:07 - 00000000 ____D C:\Program Files (x86)\Opera
2017-03-28 11:15 - 2016-04-27 08:52 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-03-23 12:49 - 2016-11-12 08:13 - 00000000 ____D C:\Users\Bíba\AppData\Roaming\Canon
2017-03-19 10:54 - 2016-07-22 21:51 - 00000000 ____D C:\Users\Golfstar\AppData\Roaming\Andy
2017-03-18 23:49 - 2015-03-07 14:20 - 00000000 ____D C:\Program Files (x86)\GameforgeLive
2017-03-18 23:48 - 2015-03-07 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2017-03-18 23:46 - 2016-07-23 13:13 - 00000000 ____D C:\Users\Golfstar\AppData\Local\Packages
2017-03-18 23:46 - 2015-10-30 09:24 - 00000000 __RHD C:\Users\Public\Libraries
2017-03-18 23:38 - 2015-01-02 12:49 - 00000000 ____D C:\Program Files (x86)\7-Zip
2017-03-17 20:22 - 2015-10-29 23:06 - 00000000 ____D C:\ProgramData\Apple
2017-03-17 20:22 - 2014-08-28 21:22 - 00002072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-17 20:21 - 2017-03-07 13:42 - 00000000 ____D C:\Program Files (x86)\MK
2017-03-17 08:17 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
==================== Files in the root of some directories =======
2016-09-02 00:12 - 2016-09-02 00:12 - 0001907 _____ () C:\Users\Golfstar\AppData\Local\recently-used.xbel
2016-09-04 22:31 - 2016-09-04 22:31 - 0000017 _____ () C:\Users\Golfstar\AppData\Local\resmon.resmoncfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-13 08:09
==================== End of FRST.txt ============================
-
Rudy
- Site Admin
- Příspěvky: 119670
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zamořený PC
Udělejte ještě tyto skeny:
1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize
Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.
a
2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize
autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;
Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.
a
2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zamořený PC
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Golfstar on ne 16.04.2017 at 21:59:09,79.
Microsoft Windows 10 Pro 10.0.10586 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Golfstar\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
16.4.2017 22:02:53 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\{D00F2D36-EBED-4E47-9EBE-596D00DB7668} deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\Turbine deleted successfully
C:\Users\DefaultAppPool\AppData\LocalLow deleted successfully
C:\Users\Golfstar\AppData\Local\ActiveSync deleted successfully
C:\Users\Golfstar\AppData\Local\AMD deleted successfully
C:\Users\Golfstar\AppData\Local\EmieSiteList deleted successfully
C:\Users\Golfstar\AppData\Local\EmieUserList deleted successfully
C:\Users\Golfstar\AppData\Local\PDFCreator deleted successfully
C:\Users\Golfstar\AppData\Local\PeerDistRepub deleted successfully
C:\Users\Golfstar\AppData\Local\Skype deleted successfully
C:\Users\BBA~1\AppData\Local\ActiveSync deleted successfully
C:\Users\BBA~1\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\BBA~1\AppData\Local\EmieSiteList deleted successfully
C:\Users\BBA~1\AppData\Local\EmieUserList deleted successfully
C:\Users\BBA~1\AppData\Local\PDFCreator deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\BBA~1\AppData\Roaming\Mozilla\Firefox\Profiles\3d5mkc3b.default-1472539226512\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.com/?bcutc=sp-006");
user_pref("browser.search.defaulturl", "https://www.google.com/search?bcutc=sp-006");
user_pref("browser.newtab.url", "about:newtab");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "https://www.google.com/search?bcutc=sp-006");
Added to C:\Users\BBA~1\AppData\Roaming\Mozilla\Firefox\Profiles\3d5mkc3b.default-1472539226512\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\Golfstar\AppData\Roaming\Profiles\Wijush.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.youndoo.com/?z=28c047374919b ... 03&type=hp");
user_pref("browser.search.defaulturl", "https://www.google.com/search/?trackid=sp-006");
user_pref("browser.newtab.url", "http://www.youndoo.com/?z=28c047374919b ... 03&type=hp");
user_pref("browser.search.defaultengine", "Google (avast)");
user_pref("browser.search.defaultenginename", "youndoo");
user_pref("browser.search.selectedEngine", "youndoo");
user_pref("browser.search.order.1", "Google (avast)");
user_pref("keyword.URL", "https://www.google.com/search/?trackid=sp-006");
Added to C:\Users\Golfstar\AppData\Roaming\Profiles\Wijush.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\Golfstar\AppData\Roaming\Mozilla\Firefox\Profiles\b2d0gye8.default-1492016320756\prefs.js:
Added to C:\Users\Golfstar\AppData\Roaming\Mozilla\Firefox\Profiles\b2d0gye8.default-1492016320756\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\BBA~1\AppData\Roaming\Mozilla\Firefox\Profiles\3d5mkc3b.default-1472539226512
user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----
prefs_16.04.2017_2317_.backup
ProfilePath: C:\Users\Golfstar\AppData\Roaming\Profiles\Wijush.default
user.js not found
---- Lines searches removed from prefs.js ----
user_pref("browser.urlbar.suggest.searches", true);
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- FireFox user.js and prefs.js backups ----
prefs_16.04.2017_2317_.backup
ProfilePath: C:\Users\Golfstar\AppData\Roaming\Mozilla\Firefox\Profiles\b2d0gye8.default-1492016320756
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_16.04.2017_2317_.backup
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SafeZoneStable\shell\open\command]
@="C:\\Program Files\\AVAST Software\\SZBrowser\\Launcher.exe"
==== Deleting Files \ Folders ======================
C:\PROGRA~2\AGEIA Technologies not found
C:\PROGRA~2\{D00F2D36-EBED-4E47-9EBE-596D00DB7668} not found
C:\Users\Golfstar\.android deleted
C:\Users\BBA~1\.android deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Golfstar\AppData\Local\Unity deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\windows\SysNative\Tasks\avastBCLRestartS-1-5-21-1702488835-1983202832-4074137989-1001 deleted
C:\Users\Golfstar\AppData\LocalLow\Unity deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\BBA~1\AppData\Roaming\Mozilla\Firefox\Profiles\3d5mkc3b.default-1472539226512
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Golfstar\AppData\Roaming\Profiles\Wijush.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Golfstar\AppData\Roaming\Mozilla\Firefox\Profiles\b2d0gye8.default-1492016320756
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF48" [04.04.2017 19:20]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF48" [04.04.2017 19:20]
==== Firefox Extensions ======================
ProfilePath: C:\Users\BBA~1\AppData\Roaming\Mozilla\Firefox\Profiles\3d5mkc3b.default-1472539226512
- Firefox Hotfix - %ProfilePath%\extensions\firefox-hotfix@mozilla.org.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\Golfstar\AppData\Roaming\Mozilla\Firefox\Profiles\b2d0gye8.default-1492016320756
5971E6AA5ED20C181395D8E91AFC49A4 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll - Shockwave Flash
4C07B5286D129DFD25C24B4A31B9B888 - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll - Happy Cloud Plugin
==== Chromium Look ======================
Google Chrome Version: 46.0.2490.86
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]
eofcbnmajmjmplflapaojjnihcjkigck - No path found[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[]
Chrome Media Router - Golfstar\AppData\Local\Ballduck\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Avast SafePrice - BBA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Avast Online Security - BBA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Chrome Media Router - BBA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
==== Chromium Fix ======================
C:\Users\BBA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{4E739F84-3E81-4553-A622-9A839958943C} Google Url="https://www.google.com/search?q={searchTerms}"
==== Reset Google Chrome ======================
C:\Users\Golfstar\AppData\Local\Ballduck\User Data\Default\Preferences was reset successfully
C:\Users\Golfstar\AppData\Local\Ballduck\User Data\Default\Secure Preferences was reset successfully
C:\Users\BBA~1\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\BBA~1\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Golfstar\AppData\Local\Ballduck\User Data\Default\Web Data was reset successfully
C:\Users\Golfstar\AppData\Local\Ballduck\User Data\Default\Web Data-journal was reset successfully
C:\Users\BBA~1\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\BBA~1\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Golfstar\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Golfstar\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
C:\Users\BBA~1\AppData\Local\Mozilla\Firefox\Profiles\3d5mkc3b.default-1472539226512\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Golfstar\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\BBA~1\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Golfstar\AppData\Local\Ballduck\User Data\Default\Cache emptied successfully
C:\Users\BBA~1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=879 folders=355 741234517 bytes)
==== Empty Temp Folders ======================
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\Golfstar\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on ne 16.04.2017 at 23:48:36,48 ======================
Tool run by Golfstar on ne 16.04.2017 at 21:59:09,79.
Microsoft Windows 10 Pro 10.0.10586 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Golfstar\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
16.4.2017 22:02:53 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\{D00F2D36-EBED-4E47-9EBE-596D00DB7668} deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\Turbine deleted successfully
C:\Users\DefaultAppPool\AppData\LocalLow deleted successfully
C:\Users\Golfstar\AppData\Local\ActiveSync deleted successfully
C:\Users\Golfstar\AppData\Local\AMD deleted successfully
C:\Users\Golfstar\AppData\Local\EmieSiteList deleted successfully
C:\Users\Golfstar\AppData\Local\EmieUserList deleted successfully
C:\Users\Golfstar\AppData\Local\PDFCreator deleted successfully
C:\Users\Golfstar\AppData\Local\PeerDistRepub deleted successfully
C:\Users\Golfstar\AppData\Local\Skype deleted successfully
C:\Users\BBA~1\AppData\Local\ActiveSync deleted successfully
C:\Users\BBA~1\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\BBA~1\AppData\Local\EmieSiteList deleted successfully
C:\Users\BBA~1\AppData\Local\EmieUserList deleted successfully
C:\Users\BBA~1\AppData\Local\PDFCreator deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\BBA~1\AppData\Roaming\Mozilla\Firefox\Profiles\3d5mkc3b.default-1472539226512\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.com/?bcutc=sp-006");
user_pref("browser.search.defaulturl", "https://www.google.com/search?bcutc=sp-006");
user_pref("browser.newtab.url", "about:newtab");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "https://www.google.com/search?bcutc=sp-006");
Added to C:\Users\BBA~1\AppData\Roaming\Mozilla\Firefox\Profiles\3d5mkc3b.default-1472539226512\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\Golfstar\AppData\Roaming\Profiles\Wijush.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.youndoo.com/?z=28c047374919b ... 03&type=hp");
user_pref("browser.search.defaulturl", "https://www.google.com/search/?trackid=sp-006");
user_pref("browser.newtab.url", "http://www.youndoo.com/?z=28c047374919b ... 03&type=hp");
user_pref("browser.search.defaultengine", "Google (avast)");
user_pref("browser.search.defaultenginename", "youndoo");
user_pref("browser.search.selectedEngine", "youndoo");
user_pref("browser.search.order.1", "Google (avast)");
user_pref("keyword.URL", "https://www.google.com/search/?trackid=sp-006");
Added to C:\Users\Golfstar\AppData\Roaming\Profiles\Wijush.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\Golfstar\AppData\Roaming\Mozilla\Firefox\Profiles\b2d0gye8.default-1492016320756\prefs.js:
Added to C:\Users\Golfstar\AppData\Roaming\Mozilla\Firefox\Profiles\b2d0gye8.default-1492016320756\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\BBA~1\AppData\Roaming\Mozilla\Firefox\Profiles\3d5mkc3b.default-1472539226512
user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----
prefs_16.04.2017_2317_.backup
ProfilePath: C:\Users\Golfstar\AppData\Roaming\Profiles\Wijush.default
user.js not found
---- Lines searches removed from prefs.js ----
user_pref("browser.urlbar.suggest.searches", true);
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- FireFox user.js and prefs.js backups ----
prefs_16.04.2017_2317_.backup
ProfilePath: C:\Users\Golfstar\AppData\Roaming\Mozilla\Firefox\Profiles\b2d0gye8.default-1492016320756
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_16.04.2017_2317_.backup
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SafeZoneStable\shell\open\command]
@="C:\\Program Files\\AVAST Software\\SZBrowser\\Launcher.exe"
==== Deleting Files \ Folders ======================
C:\PROGRA~2\AGEIA Technologies not found
C:\PROGRA~2\{D00F2D36-EBED-4E47-9EBE-596D00DB7668} not found
C:\Users\Golfstar\.android deleted
C:\Users\BBA~1\.android deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Golfstar\AppData\Local\Unity deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\windows\SysNative\Tasks\avastBCLRestartS-1-5-21-1702488835-1983202832-4074137989-1001 deleted
C:\Users\Golfstar\AppData\LocalLow\Unity deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\BBA~1\AppData\Roaming\Mozilla\Firefox\Profiles\3d5mkc3b.default-1472539226512
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Golfstar\AppData\Roaming\Profiles\Wijush.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Golfstar\AppData\Roaming\Mozilla\Firefox\Profiles\b2d0gye8.default-1492016320756
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF48" [04.04.2017 19:20]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF48" [04.04.2017 19:20]
==== Firefox Extensions ======================
ProfilePath: C:\Users\BBA~1\AppData\Roaming\Mozilla\Firefox\Profiles\3d5mkc3b.default-1472539226512
- Firefox Hotfix - %ProfilePath%\extensions\firefox-hotfix@mozilla.org.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\Golfstar\AppData\Roaming\Mozilla\Firefox\Profiles\b2d0gye8.default-1492016320756
5971E6AA5ED20C181395D8E91AFC49A4 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll - Shockwave Flash
4C07B5286D129DFD25C24B4A31B9B888 - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll - Happy Cloud Plugin
==== Chromium Look ======================
Google Chrome Version: 46.0.2490.86
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]
eofcbnmajmjmplflapaojjnihcjkigck - No path found[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[]
Chrome Media Router - Golfstar\AppData\Local\Ballduck\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Avast SafePrice - BBA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Avast Online Security - BBA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Chrome Media Router - BBA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
==== Chromium Fix ======================
C:\Users\BBA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{4E739F84-3E81-4553-A622-9A839958943C} Google Url="https://www.google.com/search?q={searchTerms}"
==== Reset Google Chrome ======================
C:\Users\Golfstar\AppData\Local\Ballduck\User Data\Default\Preferences was reset successfully
C:\Users\Golfstar\AppData\Local\Ballduck\User Data\Default\Secure Preferences was reset successfully
C:\Users\BBA~1\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\BBA~1\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Golfstar\AppData\Local\Ballduck\User Data\Default\Web Data was reset successfully
C:\Users\Golfstar\AppData\Local\Ballduck\User Data\Default\Web Data-journal was reset successfully
C:\Users\BBA~1\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\BBA~1\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Golfstar\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Golfstar\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
C:\Users\BBA~1\AppData\Local\Mozilla\Firefox\Profiles\3d5mkc3b.default-1472539226512\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Golfstar\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\BBA~1\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Golfstar\AppData\Local\Ballduck\User Data\Default\Cache emptied successfully
C:\Users\BBA~1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=879 folders=355 741234517 bytes)
==== Empty Temp Folders ======================
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\Golfstar\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on ne 16.04.2017 at 23:48:36,48 ======================
Re: Zamořený PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Pro x64
Ran by Golfstar (Administrator) on ne 16.04.2017 at 23:53:00,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 16.04.2017 at 23:55:07,13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Pro x64
Ran by Golfstar (Administrator) on ne 16.04.2017 at 23:53:00,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 16.04.2017 at 23:55:07,13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
Rudy
- Site Admin
- Příspěvky: 119670
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zamořený PC
OK. Změnilo se něco nyní?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zamořený PC
Bohužel je to stále stejné - po otevření prohlížeče najede stránka luckysite123.com (či jak to bylo) a po kliknutí na jakýkoliv odkaz i zde na foru okamžitě naskočí nové okno s reklamou
Přispějete na provoz fóra?