VIRY.CZ

Dobrý večer, rád bych vás požádal o pomoc s odstraněním škůdce, který mi (vypadá to, že pouze ve FF otevírá reklamní stránky). Můj uBlock zaznamenal i stránku, která provede redirekt a doména je Wonderlandads...

Zde jest log a můj dík:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-05-2017
Ran by necro (administrator) on X4 (06-05-2017 21:24:29)
Running from C:\Users\necro\Desktop
Loaded Profiles: necro (Available Profiles: necro)
Platform: Windows 10 Pro Version 1703 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(ANDREA VACONDIO) C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\runonce.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows10Upgrade\Windows10UpgraderApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.675.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.99.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(forum.viry.cz) C:\Users\necro\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [454792 2016-05-25] (Power Software Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2389767171-3205384170-2924529595-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-26] (Valve Corporation)
HKU\S-1-5-21-2389767171-3205384170-2924529595-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2389767171-3205384170-2924529595-1001\...\RunOnce: [Uninstall 17.3.6799.0327\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\necro\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64"
HKU\S-1-5-21-2389767171-3205384170-2924529595-1001\...\RunOnce: [Uninstall 17.3.6799.0327] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\necro\AppData\Local\Microsoft\OneDrive\17.3.6799.0327"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2017-03-12]
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{b5fbcd0b-dcab-4cbf-b1d5-263fd2ffab55}: [DhcpNameServer] 192.168.100.1

Internet Explorer:
==================
HKU\S-1-5-21-2389767171-3205384170-2924529595-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-2389767171-3205384170-2924529595-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-05] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-05] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 23zg2mxx.default-1494074872078
FF ProfilePath: C:\Users\necro\AppData\Roaming\Mozilla\Firefox\Profiles\23zg2mxx.default-1494074872078 [2017-05-06]
FF Extension: (uBlock Origin) - C:\Users\necro\AppData\Roaming\Mozilla\Firefox\Profiles\23zg2mxx.default-1494074872078\Extensions\uBlock0@raymondhill.net.xpi [2017-05-06]
FF Extension: (Shield Recipe Client) - C:\Users\necro\AppData\Roaming\Mozilla\Firefox\Profiles\23zg2mxx.default-1494074872078\features\{969250c6-15c3-46a2-9b89-b4c0867dcb2c}\shield-recipe-client@mozilla.org.xpi [2017-05-06]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-12] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-12] ()
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2389767171-3205384170-2924529595-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\necro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2836296 2017-02-14] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2146704 2017-04-18] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3115928 2017-04-18] (Electronic Arts)
R2 PDFsam Manager; C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe [1050224 2015-11-13] (ANDREA VACONDIO)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2016-11-13] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10888944 2017-04-25] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2016-09-16] (VIA Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [132272 2017-02-14] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [106768 2017-02-14] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2016-10-13] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180544 2017-02-14] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [49672 2017-02-14] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [77616 2017-02-14] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [96856 2017-02-14] (ESET)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2016-12-14] ()
S3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [102856 2017-05-06] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-05-06] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2017-05-06] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-05-06] (Malwarebytes)
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2016-09-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)
S3 NVVADARM; C:\WINDOWS\system32\drivers\nvvadarm.sys [40256 2014-09-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 RTL8023x64; C:\WINDOWS\System32\drivers\Rtnic64.sys [51712 2017-03-18] (Realtek Semiconductor Corporation )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 VMfilt; C:\WINDOWS\system32\drivers\VMfilt64.sys [42192 2016-09-16] (Creative Technology Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 ykinw8; C:\WINDOWS\System32\drivers\ykinx64.sys [288768 2017-03-18] (Marvell)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-06 21:24 - 2017-05-06 21:24 - 00015315 _____ C:\Users\necro\Desktop\FRST.txt
2017-05-06 21:24 - 2017-05-06 21:24 - 00000000 ____D C:\FRST
2017-05-06 21:23 - 2017-05-06 21:23 - 00015327 _____ C:\Users\necro\Desktop\LM.bat
2017-05-06 21:22 - 2017-05-06 21:23 - 00029696 _____ C:\Users\necro\AppData\Local\MSGBOX.EXE
2017-05-06 21:22 - 2017-05-06 21:22 - 00112640 _____ (forum.viry.cz) C:\Users\necro\Desktop\FRSTLauncher.exe
2017-05-06 21:21 - 2017-05-06 21:21 - 02429440 _____ (Farbar) C:\Users\necro\Desktop\FRST64.exe
2017-05-06 20:45 - 2017-05-06 20:45 - 00000000 ___HD C:\OneDriveTemp
2017-05-06 20:43 - 2017-05-06 20:43 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-05-06 20:41 - 2017-05-06 20:41 - 00000020 ___SH C:\Users\necro\ntuser.ini
2017-05-06 19:22 - 2017-05-06 19:22 - 00000000 ____D C:\Windows.old
2017-05-06 19:21 - 2017-05-06 19:21 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 01627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-05-06 19:21 - 2017-05-06 19:21 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00387416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-05-06 19:21 - 2017-05-06 19:21 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-05-06 19:21 - 2017-05-06 19:21 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 23680512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 20506112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 20374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 08321440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 08246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 06761048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 04848440 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02651648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02444184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-06 19:20 - 2017-05-06 19:20 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-06 19:20 - 2017-05-06 19:20 - 01885696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01452960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01411640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01323880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 01103872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01074688 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01024416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00986592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00626520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-05-06 19:20 - 2017-05-06 19:20 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-05-06 19:20 - 2017-05-06 19:20 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00206232 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-05-06 19:20 - 2017-05-06 19:20 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-05-06 19:16 - 2017-05-06 19:16 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-05-06 19:16 - 2017-05-06 19:16 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-05-06 19:16 - 2017-03-17 23:00 - 05739008 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0009.dll
2017-05-06 19:16 - 2017-03-17 22:59 - 02629120 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0009.dll
2017-05-06 19:16 - 2017-03-17 22:48 - 06348288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0009.dll
2017-05-06 19:16 - 2017-03-17 22:43 - 02629120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0009.dll
2017-05-06 19:16 - 2017-03-17 22:35 - 05484544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0009.dll
2017-05-06 19:10 - 2017-05-06 19:10 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-05-06 19:10 - 2017-05-06 18:25 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-05-06 19:08 - 2017-05-06 19:08 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2017-05-06 19:08 - 2017-05-06 19:08 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-05-06 19:08 - 2017-05-06 19:08 - 00000000 ____D C:\Program Files\MSBuild
2017-05-06 19:08 - 2017-05-06 19:08 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-05-06 19:08 - 2017-05-06 18:37 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-05-06 19:08 - 2017-02-10 12:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-05-06 19:08 - 2017-02-10 12:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-05-06 19:08 - 2017-02-10 12:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-05-06 19:08 - 2017-02-10 12:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-05-06 19:08 - 2017-02-10 12:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-05-06 19:08 - 2017-02-10 12:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-05-06 18:49 - 2017-05-06 18:50 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-05-06 18:49 - 2017-05-06 18:50 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-05-06 18:46 - 2017-05-06 18:46 - 01791806 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-06 18:45 - 2017-05-06 20:45 - 00003264 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-05-06 18:45 - 2017-05-06 18:45 - 00003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-05-06 18:45 - 2017-05-06 18:45 - 00003362 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-05-06 18:45 - 2017-05-06 18:45 - 00002594 _____ C:\WINDOWS\System32\Tasks\news1freeorgvcomm
2017-05-06 18:45 - 2017-05-06 18:45 - 00002128 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2017-05-06 18:45 - 2017-05-06 18:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-06 18:45 - 2017-05-06 18:45 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-05-06 18:45 - 2017-05-06 18:45 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-05-06 18:36 - 2017-05-06 18:36 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-05-06 18:36 - 2017-05-06 18:36 - 00000000 ____D C:\ProgramData\USOShared
2017-05-06 18:32 - 2017-05-06 18:37 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-05-06 18:30 - 2017-05-06 20:43 - 00000000 ____D C:\Users\necro
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Šablony
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Soubory cookie
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Poslední
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Okolní tiskárny
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Okolní síť
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Nabídka Start
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Dokumenty
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Documents\Obrázky
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Documents\Hudba
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Documents\Filmy
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Data aplikací
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\AppData\Local\Data aplikací
2017-05-06 18:29 - 2017-05-06 18:33 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-05-06 18:29 - 2017-05-06 18:33 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-05-06 18:29 - 2017-05-06 18:33 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-05-06 18:29 - 2017-05-06 18:29 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2017-05-06 18:29 - 2017-05-06 18:29 - 00000000 ____D C:\Program Files\VIA
2017-05-06 18:29 - 2016-12-29 14:44 - 06386232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-05-06 18:29 - 2016-12-29 14:44 - 02477624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-05-06 18:29 - 2016-12-29 14:44 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-05-06 18:29 - 2016-12-29 14:44 - 00546752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-05-06 18:29 - 2016-12-29 14:44 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-05-06 18:29 - 2016-12-29 14:44 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-05-06 18:29 - 2016-12-29 14:44 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-05-06 18:29 - 2016-12-19 09:26 - 07651057 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-05-06 18:28 - 2017-05-06 18:28 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-05-06 18:28 - 2017-03-18 22:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-05-06 18:25 - 2017-05-06 20:40 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-06 18:25 - 2017-05-06 18:38 - 00217328 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-06 17:52 - 2017-05-06 17:52 - 00001568 _____ C:\EsgInstallerResumeAction_8cd65407ae08cb56a786a82cb034ae18
2017-05-06 17:35 - 2017-05-06 20:41 - 00000000 ___DC C:\WINDOWS\Panther
2017-05-06 17:35 - 2017-05-06 17:44 - 00000000 ___HD C:\$WINDOWS.~BT
2017-05-06 17:33 - 2017-05-06 17:35 - 00000036 _____ C:\WINDOWS\progress.ini
2017-05-06 17:27 - 2017-05-06 20:41 - 00000000 ____D C:\Windows10Upgrade
2017-05-06 17:27 - 2017-05-06 20:40 - 00000000 ___HD C:\$GetCurrent
2017-05-06 17:27 - 2017-05-06 17:27 - 00000731 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pomocník při upgradu na Windows 10.lnk
2017-05-06 17:26 - 2017-05-06 17:27 - 06385872 _____ (Microsoft Corporation) C:\Users\necro\Downloads\Windows10Upgrade9252.exe
2017-05-06 16:35 - 2017-05-06 16:35 - 00000000 ____D C:\Users\necro\AppData\Roaming\Enigma Software Group
2017-05-06 16:35 - 2017-05-06 16:35 - 00000000 ____D C:\sh4ldr
2017-05-06 16:35 - 2017-05-06 16:35 - 00000000 _____ C:\autoexec.bat
2017-05-06 16:34 - 2017-05-06 16:34 - 00000000 ____D C:\Program Files\Enigma Software Group
2017-05-06 15:21 - 2017-05-06 15:27 - 00001051 _____ C:\runcheck.txt
2017-05-06 15:21 - 2017-05-06 15:21 - 00000000 ____D C:\zoek_backup
2017-05-06 14:54 - 2017-05-06 15:21 - 01309184 _____ C:\Users\necro\Downloads\zoek.exe
2017-05-06 14:52 - 2017-05-06 14:52 - 09390672 _____ (Piriform Ltd) C:\Users\necro\Downloads\ccsetup529.exe
2017-05-06 14:37 - 2017-05-06 14:37 - 00388608 _____ (Trend Micro Inc.) C:\Users\necro\Downloads\hijackthis.exe
2017-05-06 14:05 - 2017-05-06 20:44 - 00000000 ____D C:\Users\necro\AppData\LocalLow\Mozilla
2017-05-06 14:05 - 2017-05-06 14:09 - 00000000 ____D C:\Users\necro\AppData\Local\Mozilla
2017-05-06 14:05 - 2017-05-06 14:05 - 00000000 ____D C:\Users\necro\AppData\Roaming\Mozilla
2017-05-06 14:05 - 2017-05-06 14:05 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-05-06 14:05 - 2017-05-06 14:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-06 14:04 - 2017-05-06 14:04 - 46872456 _____ (Mozilla) C:\Users\necro\Downloads\Firefox Setup 53.0.2.exe
2017-05-06 13:57 - 2017-05-06 13:57 - 00048892 _____ C:\Users\necro\Desktop\bookmarks-2017-05-06.json
2017-05-06 13:26 - 2017-05-06 13:26 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-06 11:26 - 2017-05-06 18:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-05-06 11:26 - 2017-05-06 13:44 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-05-06 11:26 - 2017-05-06 11:26 - 00001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-05-06 11:26 - 2017-05-06 11:26 - 00001452 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-05-06 11:26 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2017-05-06 11:25 - 2017-05-06 13:26 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-05-06 11:17 - 2017-05-06 11:21 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-05-06 11:17 - 2017-05-06 11:21 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-05-06 11:17 - 2017-05-06 11:21 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-05-06 11:17 - 2017-05-06 11:20 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-06 11:17 - 2017-05-06 11:20 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-05-06 11:17 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-05-06 11:16 - 2017-05-06 11:16 - 54199488 _____ (Malwarebytes ) C:\Users\necro\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2017-05-06 11:16 - 2017-05-06 11:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-06 10:40 - 2017-05-06 11:00 - 00000000 ____D C:\Users\necro\AppData\Local\{12A8CCFE-3C33-4995-BAD8-074E4C5B22FD}
2017-05-06 01:20 - 2017-05-06 01:20 - 00007605 _____ C:\Users\necro\AppData\Local\Resmon.ResmonCfg
2017-05-05 23:58 - 2017-05-05 23:58 - 00000000 ____D C:\Users\necro\AppData\Local\AdAwareDesktop
2017-05-05 23:55 - 2017-05-05 23:55 - 00000000 ____D C:\Users\necro\AppData\Local\AdAwareUpdater
2017-05-05 23:54 - 2017-05-05 23:54 - 00000000 ____D C:\ProgramData\Lavasoft
2017-05-05 23:54 - 2017-05-05 23:54 - 00000000 ____D C:\Program Files\Common Files\adaware
2017-05-05 22:57 - 2017-05-06 18:31 - 00000000 ____D C:\Users\necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2017-05-05 22:57 - 2017-05-06 13:09 - 00000000 ____D C:\Users\necro\AppData\Local\Ubisoft Game Launcher
2017-05-05 22:57 - 2017-05-05 22:57 - 00001278 _____ C:\Users\necro\Desktop\Uplay.lnk
2017-05-05 22:57 - 2017-05-05 22:57 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2017-05-05 20:40 - 2017-05-06 01:16 - 00000000 ____D C:\AdwCleaner
2017-05-05 19:17 - 2017-05-05 19:17 - 00000000 ____D C:\Users\necro\AppData\Roaming\ESET
2017-05-05 19:14 - 2017-05-05 19:14 - 00000000 ____D C:\Users\necro\AppData\LocalLow\Unity
2017-05-05 19:14 - 2017-05-05 19:14 - 00000000 ____D C:\Users\necro\AppData\Local\Unity
2017-05-05 08:03 - 2017-05-05 08:03 - 00707298 _____ C:\Users\necro\Downloads\2286711.ppt
2017-05-01 13:18 - 2017-05-01 13:18 - 00048560 _____ C:\Users\necro\Downloads\nodemcu-cs.pdf
2017-04-15 23:19 - 2017-04-15 23:19 - 00000000 ____D C:\Users\necro\AppData\Roaming\The Creative Assembly
2017-04-15 22:27 - 2017-05-02 21:23 - 00000000 ____D C:\Napoleon---Total-War
2017-04-15 13:27 - 2017-04-15 13:29 - 00000000 ____D C:\Users\necro\Documents\Caribbean!
2017-04-15 13:27 - 2017-04-15 13:28 - 00000000 ____D C:\Users\necro\AppData\Roaming\Caribbean!
2017-04-15 13:27 - 2017-04-15 13:27 - 00000000 ____D C:\Users\necro\Documents\SkidRow
2017-04-15 13:08 - 2017-04-15 13:08 - 00000000 ____D C:\Users\necro\AppData\Roaming\NVIDIA
2017-04-12 19:30 - 2017-03-28 07:37 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcWnsListener.dll
2017-04-12 19:30 - 2017-03-28 07:28 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-06 21:14 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-06 21:14 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-06 20:58 - 2016-09-16 23:55 - 00000000 ____D C:\Users\necro\AppData\Local\Packages
2017-05-06 20:49 - 2016-09-18 14:12 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-06 20:45 - 2016-09-16 23:57 - 00002391 _____ C:\Users\necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-05-06 20:45 - 2016-09-16 23:57 - 00000000 ___RD C:\Users\necro\OneDrive
2017-05-06 20:42 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF
2017-05-06 20:42 - 2017-02-06 23:44 - 00000000 ____D C:\Users\necro\AppData\Local\ConnectedDevicesPlatform
2017-05-06 20:41 - 2017-03-18 23:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-05-06 20:41 - 2017-01-27 00:04 - 00000412 __RSH C:\ProgramData\ntuser.pol
2017-05-06 20:41 - 2016-11-21 06:46 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-06 19:24 - 2017-03-18 23:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-05-06 19:22 - 2017-03-18 23:06 - 00000000 ____D C:\WINDOWS\Setup
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\en-GB
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-05-06 19:21 - 2017-03-18 22:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-06 19:21 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-05-06 19:17 - 2017-03-20 06:40 - 00000000 ____D C:\WINDOWS\OCR
2017-05-06 19:15 - 2017-03-20 06:41 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\system32\winrm
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\system32\WCN
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\system32\slmgr
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\IME
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-05-06 19:15 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\servicing
2017-05-06 19:08 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-05-06 19:08 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\MUI
2017-05-06 18:54 - 2016-09-19 04:36 - 00000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2017-05-06 18:52 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache
2017-05-06 18:52 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows NT
2017-05-06 18:51 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-05-06 18:51 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Registration
2017-05-06 18:51 - 2017-03-18 13:40 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2017-05-06 18:48 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-05-06 18:46 - 2017-03-20 06:39 - 00757646 _____ C:\WINDOWS\system32\perfh005.dat
2017-05-06 18:46 - 2017-03-20 06:39 - 00152942 _____ C:\WINDOWS\system32\perfc005.dat
2017-05-06 18:45 - 2017-03-20 06:41 - 00000000 ____D C:\WINDOWS\HoloShell
2017-05-06 18:45 - 2016-09-19 04:22 - 00023020 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-05-06 18:44 - 2017-03-18 23:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-05-06 18:39 - 2017-03-12 18:32 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-06 18:37 - 2017-03-18 13:40 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-05-06 18:37 - 2017-03-12 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-05-06 18:37 - 2017-01-23 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY
2017-05-06 18:37 - 2017-01-07 19:00 - 00000000 ____D C:\Users\necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Razor
2017-05-06 18:37 - 2016-12-04 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm Launcher
2017-05-06 18:37 - 2016-11-26 19:24 - 00000000 ____D C:\Users\necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mount&Blade Warband
2017-05-06 18:37 - 2016-11-24 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-05-06 18:37 - 2016-11-08 19:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFsam Basic
2017-05-06 18:37 - 2016-10-16 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-05-06 18:37 - 2016-09-27 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
2017-05-06 18:37 - 2016-09-18 14:13 - 00000000 ____D C:\Users\necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-05-06 18:37 - 2016-09-18 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-05-06 18:37 - 2016-09-18 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-05-06 18:37 - 2016-09-17 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2017-05-06 18:37 - 2016-09-17 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-05-06 18:37 - 2016-09-17 16:37 - 00000000 ____D C:\WINDOWS\SHELLNEW
2017-05-06 18:37 - 2016-09-17 14:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icewind Dale Enhanced Edition [GOG.com]
2017-05-06 18:37 - 2016-09-17 12:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2017-05-06 18:36 - 2017-03-18 23:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-05-06 18:36 - 2017-03-18 23:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-06 18:34 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-05-06 18:34 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-05-06 18:34 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-05-06 18:34 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-05-06 18:34 - 2017-03-11 19:52 - 00000000 ____D C:\WINDOWS\SysWOW64\Futuremark
2017-05-06 18:34 - 2016-11-09 04:30 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-05-06 18:33 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-05-06 18:33 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-05-06 18:33 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Common Files\System
2017-05-06 18:33 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-05-06 18:33 - 2017-03-12 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2017-05-06 18:33 - 2017-03-11 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
2017-05-06 18:33 - 2016-12-25 18:46 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-05-06 18:33 - 2016-11-09 04:30 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2017-05-06 18:33 - 2016-11-04 19:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-05-06 18:32 - 2015-07-10 13:04 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-05-06 18:29 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Help
2017-05-06 18:29 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-05-06 16:58 - 2017-03-12 22:12 - 00000000 ____D C:\Users\necro\AppData\Local\CrashDumps
2017-05-06 14:37 - 2016-09-16 23:55 - 00000000 ____D C:\Users\necro\AppData\Local\VirtualStore
2017-05-06 13:23 - 2016-09-17 02:39 - 00532136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-05-05 23:02 - 2016-09-21 19:25 - 00000000 ____D C:\Users\necro\Documents\My Games
2017-05-05 22:57 - 2016-09-19 20:28 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-05 21:09 - 2016-10-16 18:12 - 00000000 ____D C:\ProgramData\Oracle
2017-05-05 21:03 - 2016-10-16 18:12 - 00000000 ____D C:\Program Files (x86)\Java
2017-05-05 21:02 - 2016-10-16 18:12 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-05-05 19:49 - 2016-12-04 22:22 - 00000000 ____D C:\Program Files (x86)\FirestormLauncher
2017-05-05 19:33 - 2016-09-18 14:27 - 00000000 ____D C:\Users\necro\AppData\Local\Steam
2017-05-04 12:02 - 2016-09-17 00:17 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-05-02 21:22 - 2016-09-17 00:10 - 00000000 ____D C:\Users\necro\AppData\Local\Battle.net
2017-05-02 21:22 - 2016-09-17 00:09 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-05-02 21:12 - 2016-09-17 21:33 - 00215128 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2017-05-02 21:12 - 2016-09-17 21:32 - 00215128 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2017-05-02 18:32 - 2016-12-22 21:42 - 00001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-05-02 18:32 - 2016-12-22 21:42 - 00001028 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-04-28 21:38 - 2016-09-20 20:17 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-28 18:38 - 2016-11-12 00:52 - 00000000 ____D C:\Users\necro\AppData\Roaming\Origin
2017-04-24 19:11 - 2016-10-16 17:59 - 00000000 ____D C:\Users\necro\Downloads\Subs
2017-04-21 20:43 - 2016-09-17 21:32 - 00348360 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2017-04-21 20:42 - 2016-11-12 00:50 - 00000000 ____D C:\ProgramData\Origin
2017-04-18 21:08 - 2016-11-12 00:51 - 00000000 ____D C:\Program Files (x86)\Origin
2017-04-12 23:14 - 2016-11-24 20:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-04-12 23:14 - 2016-11-24 20:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-04-11 23:02 - 2016-09-17 14:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-11 23:00 - 2016-09-17 14:00 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-11 22:58 - 2015-07-10 13:04 - 00000167 _____ C:\WINDOWS\win.ini

==================== Files in the root of some directories =======

2017-03-11 20:40 - 2017-03-12 19:03 - 1307648 _____ () C:\Users\necro\AppData\Local\file__0.localstorage
2017-05-06 21:22 - 2017-05-06 21:23 - 0029696 _____ () C:\Users\necro\AppData\Local\MSGBOX.EXE
2017-01-23 20:55 - 2017-01-23 20:55 - 0000600 _____ () C:\Users\necro\AppData\Local\PUTTY.RND
2017-05-06 01:20 - 2017-05-06 01:20 - 0007605 _____ () C:\Users\necro\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-06 18:25

==================== End of FRST.txt ============================

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Tuto aplikaci jsem již zkoušel, občas něco najde a odstraní, občas nic nenajde, nicméně problém přetrvává. Nyní zase našla, uznávám, že ranec Provedeno dle návodu:

# AdwCleaner v6.046 - Log vytvořen 06/05/2017 v 22:37:24
# Aktualizováno dne 24/04/2017 z Malwarebytes
# Databáze : 2017-05-05.1 [Místní]
# Operační systém : Windows 10 Pro (X64)
# Uživatelské jméno : necro - X4
# Spuštěno z : C:\Users\necro\Downloads\adwcleaner_6.046.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****

[-] Složka smazána: C:\Users\necro\AppData\Local\{12A8CCFE-3C33-4995-BAD8-074E4C5B22FD}
[-] Složka smazána: C:\Users\necro\AppData\Roaming\Enigma Software Group
[-] Složka smazána: C:\Program Files\Enigma Software Group
[-] Složka smazána: C:\sh4ldr


***** [ Soubory ] *****

[-] Soubor smazán: C:\Users\necro\Downloads\ReimageRepair.exe


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****

[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Klíč smazán: HKLM\SOFTWARE\Reimage
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter
[-] Klíč smazán: [x64] HKLM\SOFTWARE\EnigmaSoftwareGroup
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\slunecnice.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.slunecnice.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.solvusoft.com
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\slunecnice.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.slunecnice.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.solvusoft.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.solvusoft.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.solvusoft.com
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe


***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3895 Bajty] - [05/05/2017 20:51:37]
C:\AdwCleaner\AdwCleaner[C2].txt - [1365 Bajty] - [05/05/2017 22:45:57]
C:\AdwCleaner\AdwCleaner[C3].txt - [5629 Bajty] - [06/05/2017 22:37:24]
C:\AdwCleaner\AdwCleaner[S0].txt - [3912 Bajty] - [05/05/2017 20:44:23]
C:\AdwCleaner\AdwCleaner[S1].txt - [1619 Bajty] - [05/05/2017 22:05:58]
C:\AdwCleaner\AdwCleaner[S2].txt - [1650 Bajty] - [05/05/2017 22:51:04]
C:\AdwCleaner\AdwCleaner[S3].txt - [1725 Bajty] - [05/05/2017 22:53:18]
C:\AdwCleaner\AdwCleaner[S4].txt - [1798 Bajty] - [05/05/2017 23:53:07]
C:\AdwCleaner\AdwCleaner[S5].txt - [1871 Bajty] - [06/05/2017 01:16:58]
C:\AdwCleaner\AdwCleaner[S6].txt - [6306 Bajty] - [06/05/2017 22:36:43]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [6213 Bajty] ##########

PS nyní vyskočila reklama..

Dejte nový log FRST.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-05-2017
Ran by necro (administrator) on X4 (07-05-2017 12:06:03)
Running from C:\Users\necro\Desktop
Loaded Profiles: necro (Available Profiles: necro)
Platform: Windows 10 Pro Version 1703 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(ANDREA VACONDIO) C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.675.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.99.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\necro\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [454792 2016-05-25] (Power Software Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2389767171-3205384170-2924529595-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-26] (Valve Corporation)
HKU\S-1-5-21-2389767171-3205384170-2924529595-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2017-03-12]
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{b5fbcd0b-dcab-4cbf-b1d5-263fd2ffab55}: [DhcpNameServer] 192.168.100.1

Internet Explorer:
==================
HKU\S-1-5-21-2389767171-3205384170-2924529595-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-2389767171-3205384170-2924529595-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-05] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-05] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 23zg2mxx.default-1494074872078
FF ProfilePath: C:\Users\necro\AppData\Roaming\Mozilla\Firefox\Profiles\23zg2mxx.default-1494074872078 [2017-05-07]
FF Extension: (uBlock Origin) - C:\Users\necro\AppData\Roaming\Mozilla\Firefox\Profiles\23zg2mxx.default-1494074872078\Extensions\uBlock0@raymondhill.net.xpi [2017-05-06]
FF Extension: (Shield Recipe Client) - C:\Users\necro\AppData\Roaming\Mozilla\Firefox\Profiles\23zg2mxx.default-1494074872078\features\{969250c6-15c3-46a2-9b89-b4c0867dcb2c}\shield-recipe-client@mozilla.org.xpi [2017-05-06]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-12] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-12] ()
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2389767171-3205384170-2924529595-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\necro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2836296 2017-02-14] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2146704 2017-04-18] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3115928 2017-04-18] (Electronic Arts)
R2 PDFsam Manager; C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe [1050224 2015-11-13] (ANDREA VACONDIO)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2016-11-13] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10888944 2017-04-25] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2016-09-16] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [132272 2017-02-14] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [106768 2017-02-14] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2016-10-13] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180544 2017-02-14] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [49672 2017-02-14] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [77616 2017-02-14] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [96856 2017-02-14] (ESET)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2016-12-14] ()
S3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [102856 2017-05-06] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-05-06] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2017-05-06] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-05-06] (Malwarebytes)
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2016-09-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)
S3 NVVADARM; C:\WINDOWS\system32\drivers\nvvadarm.sys [40256 2014-09-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 RTL8023x64; C:\WINDOWS\System32\drivers\Rtnic64.sys [51712 2017-03-18] (Realtek Semiconductor Corporation )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 VMfilt; C:\WINDOWS\system32\drivers\VMfilt64.sys [42192 2016-09-16] (Creative Technology Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 ykinw8; C:\WINDOWS\System32\drivers\ykinx64.sys [288768 2017-03-18] (Marvell)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-07 10:03 - 2015-07-10 13:02 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170507-100300.backup
2017-05-06 22:44 - 2017-05-06 22:44 - 00000000 ____D C:\Users\necro\AppData\Local\DBG
2017-05-06 22:37 - 2017-05-06 22:37 - 00000000 ____D C:\Users\necro\AppData\Local\PeerDistRepub
2017-05-06 22:34 - 2017-05-06 22:34 - 04102600 _____ C:\Users\necro\Desktop\adwcleaner_6.046.exe
2017-05-06 21:24 - 2017-05-07 12:07 - 00014720 _____ C:\Users\necro\Desktop\FRST.txt
2017-05-06 21:24 - 2017-05-07 12:06 - 00000000 ____D C:\FRST
2017-05-06 21:22 - 2017-05-06 21:23 - 00001376 _____ C:\Users\necro\Desktop\Rkill.txt
2017-05-06 21:22 - 2017-05-06 21:22 - 00112640 _____ (forum.viry.cz) C:\Users\necro\Desktop\FRSTLauncher.exe
2017-05-06 21:21 - 2017-05-06 21:21 - 02429440 _____ (Farbar) C:\Users\necro\Desktop\FRST64.exe
2017-05-06 20:45 - 2017-05-06 20:45 - 00000000 ___HD C:\OneDriveTemp
2017-05-06 20:43 - 2017-05-06 20:43 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-05-06 20:41 - 2017-05-06 20:41 - 00000020 ___SH C:\Users\necro\ntuser.ini
2017-05-06 19:22 - 2017-05-06 19:22 - 00000000 ____D C:\Windows.old
2017-05-06 19:21 - 2017-05-06 19:21 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 01627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-05-06 19:21 - 2017-05-06 19:21 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00387416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-05-06 19:21 - 2017-05-06 19:21 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-05-06 19:21 - 2017-05-06 19:21 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-05-06 19:21 - 2017-05-06 19:21 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 23680512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 20506112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 20374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 08321440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 08246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 06761048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 04848440 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02651648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02444184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-06 19:20 - 2017-05-06 19:20 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-06 19:20 - 2017-05-06 19:20 - 01885696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01452960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01411640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01323880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 01103872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01074688 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 01024416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00986592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00626520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-05-06 19:20 - 2017-05-06 19:20 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-05-06 19:20 - 2017-05-06 19:20 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-06 19:20 - 2017-05-06 19:20 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00206232 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-05-06 19:20 - 2017-05-06 19:20 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-05-06 19:20 - 2017-05-06 19:20 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-06 19:20 - 2017-05-06 19:20 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-05-06 19:16 - 2017-05-06 19:16 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-05-06 19:16 - 2017-05-06 19:16 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-05-06 19:16 - 2017-03-17 23:00 - 05739008 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0009.dll
2017-05-06 19:16 - 2017-03-17 22:59 - 02629120 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0009.dll
2017-05-06 19:16 - 2017-03-17 22:48 - 06348288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0009.dll
2017-05-06 19:16 - 2017-03-17 22:43 - 02629120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0009.dll
2017-05-06 19:16 - 2017-03-17 22:35 - 05484544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0009.dll
2017-05-06 19:10 - 2017-05-06 19:10 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-05-06 19:10 - 2017-05-06 18:25 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-05-06 19:08 - 2017-05-06 19:08 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2017-05-06 19:08 - 2017-05-06 19:08 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-05-06 19:08 - 2017-05-06 19:08 - 00000000 ____D C:\Program Files\MSBuild
2017-05-06 19:08 - 2017-05-06 19:08 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-05-06 19:08 - 2017-05-06 18:37 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-05-06 19:08 - 2017-02-10 12:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-05-06 19:08 - 2017-02-10 12:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-05-06 19:08 - 2017-02-10 12:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-05-06 19:08 - 2017-02-10 12:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-05-06 19:08 - 2017-02-10 12:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-05-06 19:08 - 2017-02-10 12:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-05-06 18:49 - 2017-05-06 18:50 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-05-06 18:49 - 2017-05-06 18:50 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-05-06 18:46 - 2017-05-06 22:45 - 01817844 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-06 18:45 - 2017-05-06 22:53 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-05-06 18:45 - 2017-05-06 22:39 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-06 18:45 - 2017-05-06 20:45 - 00003264 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-05-06 18:45 - 2017-05-06 18:45 - 00003362 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-05-06 18:45 - 2017-05-06 18:45 - 00002594 _____ C:\WINDOWS\System32\Tasks\news1freeorgvcomm
2017-05-06 18:45 - 2017-05-06 18:45 - 00002128 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2017-05-06 18:45 - 2017-05-06 18:45 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-05-06 18:45 - 2017-05-06 18:45 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-05-06 18:36 - 2017-05-06 18:36 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-05-06 18:36 - 2017-05-06 18:36 - 00000000 ____D C:\ProgramData\USOShared
2017-05-06 18:32 - 2017-05-06 18:37 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-05-06 18:30 - 2017-05-06 22:41 - 00000000 ____D C:\Users\necro
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Šablony
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Soubory cookie
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Poslední
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Okolní tiskárny
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Okolní síť
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Nabídka Start
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Dokumenty
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Documents\Obrázky
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Documents\Hudba
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Documents\Filmy
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\Data aplikací
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2017-05-06 18:30 - 2017-05-06 18:30 - 00000000 _SHDL C:\Users\necro\AppData\Local\Data aplikací
2017-05-06 18:29 - 2017-05-06 18:33 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-05-06 18:29 - 2017-05-06 18:33 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-05-06 18:29 - 2017-05-06 18:33 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-05-06 18:29 - 2017-05-06 18:29 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2017-05-06 18:29 - 2017-05-06 18:29 - 00000000 ____D C:\Program Files\VIA
2017-05-06 18:29 - 2016-12-29 14:44 - 06386232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-05-06 18:29 - 2016-12-29 14:44 - 02477624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-05-06 18:29 - 2016-12-29 14:44 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-05-06 18:29 - 2016-12-29 14:44 - 00546752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-05-06 18:29 - 2016-12-29 14:44 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-05-06 18:29 - 2016-12-29 14:44 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-05-06 18:29 - 2016-12-29 14:44 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-05-06 18:29 - 2016-12-19 09:26 - 07651057 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-05-06 18:28 - 2017-05-06 18:28 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-05-06 18:28 - 2017-03-18 22:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-05-06 18:25 - 2017-05-07 12:01 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-06 18:25 - 2017-05-06 22:40 - 00390768 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-06 17:52 - 2017-05-06 17:52 - 00001568 _____ C:\EsgInstallerResumeAction_8cd65407ae08cb56a786a82cb034ae18
2017-05-06 17:35 - 2017-05-06 20:41 - 00000000 ___DC C:\WINDOWS\Panther
2017-05-06 17:35 - 2017-05-06 17:44 - 00000000 ___HD C:\$WINDOWS.~BT
2017-05-06 17:33 - 2017-05-06 17:35 - 00000036 _____ C:\WINDOWS\progress.ini
2017-05-06 17:27 - 2017-05-06 20:41 - 00000000 ____D C:\Windows10Upgrade
2017-05-06 17:27 - 2017-05-06 20:40 - 00000000 ___HD C:\$GetCurrent
2017-05-06 17:27 - 2017-05-06 17:27 - 00000731 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pomocník při upgradu na Windows 10.lnk
2017-05-06 17:26 - 2017-05-06 17:27 - 06385872 _____ (Microsoft Corporation) C:\Users\necro\Downloads\Windows10Upgrade9252.exe
2017-05-06 16:35 - 2017-05-06 16:35 - 00000000 _____ C:\autoexec.bat
2017-05-06 15:21 - 2017-05-06 15:27 - 00001051 _____ C:\runcheck.txt
2017-05-06 14:54 - 2017-05-06 15:21 - 01309184 _____ C:\Users\necro\Downloads\zoek.exe
2017-05-06 14:54 - 2017-05-06 15:18 - 01663672 _____ (Malwarebytes) C:\Users\necro\Downloads\JRT.exe
2017-05-06 14:52 - 2017-05-06 14:52 - 09390672 _____ (Piriform Ltd) C:\Users\necro\Downloads\ccsetup529.exe
2017-05-06 14:37 - 2017-05-06 14:37 - 00388608 _____ (Trend Micro Inc.) C:\Users\necro\Downloads\hijackthis.exe
2017-05-06 14:05 - 2017-05-07 12:04 - 00000000 ____D C:\Users\necro\AppData\LocalLow\Mozilla
2017-05-06 14:05 - 2017-05-06 14:09 - 00000000 ____D C:\Users\necro\AppData\Local\Mozilla
2017-05-06 14:05 - 2017-05-06 14:05 - 00000000 ____D C:\Users\necro\AppData\Roaming\Mozilla
2017-05-06 14:05 - 2017-05-06 14:05 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-05-06 14:05 - 2017-05-06 14:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-06 14:04 - 2017-05-06 14:04 - 46872456 _____ (Mozilla) C:\Users\necro\Downloads\Firefox Setup 53.0.2.exe
2017-05-06 13:57 - 2017-05-06 13:57 - 00048892 _____ C:\Users\necro\Desktop\bookmarks-2017-05-06.json
2017-05-06 13:26 - 2017-05-06 13:26 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-06 11:26 - 2017-05-06 18:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-05-06 11:26 - 2017-05-06 13:44 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-05-06 11:26 - 2017-05-06 11:26 - 00001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-05-06 11:26 - 2017-05-06 11:26 - 00001452 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-05-06 11:26 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2017-05-06 11:25 - 2017-05-06 13:26 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-05-06 11:17 - 2017-05-06 11:21 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-05-06 11:17 - 2017-05-06 11:21 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-05-06 11:17 - 2017-05-06 11:21 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-05-06 11:17 - 2017-05-06 11:20 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-06 11:17 - 2017-05-06 11:20 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-05-06 11:17 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-05-06 11:16 - 2017-05-06 11:16 - 54199488 _____ (Malwarebytes ) C:\Users\necro\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2017-05-06 11:16 - 2017-05-06 11:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-06 01:20 - 2017-05-06 01:20 - 00007605 _____ C:\Users\necro\AppData\Local\Resmon.ResmonCfg
2017-05-05 23:58 - 2017-05-05 23:58 - 00000000 ____D C:\Users\necro\AppData\Local\AdAwareDesktop
2017-05-05 23:55 - 2017-05-05 23:55 - 00000000 ____D C:\Users\necro\AppData\Local\AdAwareUpdater
2017-05-05 23:54 - 2017-05-05 23:54 - 00000000 ____D C:\ProgramData\Lavasoft
2017-05-05 23:54 - 2017-05-05 23:54 - 00000000 ____D C:\Program Files\Common Files\adaware
2017-05-05 22:57 - 2017-05-06 18:31 - 00000000 ____D C:\Users\necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2017-05-05 22:57 - 2017-05-06 13:09 - 00000000 ____D C:\Users\necro\AppData\Local\Ubisoft Game Launcher
2017-05-05 22:57 - 2017-05-05 22:57 - 00001278 _____ C:\Users\necro\Desktop\Uplay.lnk
2017-05-05 22:57 - 2017-05-05 22:57 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2017-05-05 20:40 - 2017-05-07 09:57 - 00000000 ____D C:\AdwCleaner
2017-05-05 19:17 - 2017-05-05 19:17 - 00000000 ____D C:\Users\necro\AppData\Roaming\ESET
2017-05-05 19:14 - 2017-05-05 19:14 - 00000000 ____D C:\Users\necro\AppData\LocalLow\Unity
2017-05-05 19:14 - 2017-05-05 19:14 - 00000000 ____D C:\Users\necro\AppData\Local\Unity
2017-05-05 08:03 - 2017-05-05 08:03 - 00707298 _____ C:\Users\necro\Downloads\2286711.ppt
2017-05-01 13:18 - 2017-05-01 13:18 - 00048560 _____ C:\Users\necro\Downloads\nodemcu-cs.pdf
2017-04-15 23:19 - 2017-04-15 23:19 - 00000000 ____D C:\Users\necro\AppData\Roaming\The Creative Assembly
2017-04-15 13:27 - 2017-04-15 13:29 - 00000000 ____D C:\Users\necro\Documents\Caribbean!
2017-04-15 13:27 - 2017-04-15 13:28 - 00000000 ____D C:\Users\necro\AppData\Roaming\Caribbean!
2017-04-15 13:27 - 2017-04-15 13:27 - 00000000 ____D C:\Users\necro\Documents\SkidRow
2017-04-15 13:08 - 2017-04-15 13:08 - 00000000 ____D C:\Users\necro\AppData\Roaming\NVIDIA
2017-04-12 19:30 - 2017-03-28 07:37 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcWnsListener.dll
2017-04-12 19:30 - 2017-03-28 07:28 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-07 04:09 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-05-07 04:09 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF
2017-05-07 00:39 - 2017-03-18 22:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-06 23:09 - 2016-09-18 14:12 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-06 22:45 - 2017-03-20 06:39 - 00771022 _____ C:\WINDOWS\system32\perfh005.dat
2017-05-06 22:45 - 2017-03-20 06:39 - 00156956 _____ C:\WINDOWS\system32\perfc005.dat
2017-05-06 22:42 - 2016-09-16 23:57 - 00000000 ___RD C:\Users\necro\OneDrive
2017-05-06 22:40 - 2017-01-27 00:04 - 00000412 __RSH C:\ProgramData\ntuser.pol
2017-05-06 22:39 - 2017-03-12 18:32 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-06 22:38 - 2017-03-18 13:40 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-05-06 22:37 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Registration
2017-05-06 21:14 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-06 21:14 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-06 20:58 - 2016-09-16 23:55 - 00000000 ____D C:\Users\necro\AppData\Local\Packages
2017-05-06 20:45 - 2016-09-16 23:57 - 00002391 _____ C:\Users\necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-05-06 20:42 - 2017-02-06 23:44 - 00000000 ____D C:\Users\necro\AppData\Local\ConnectedDevicesPlatform
2017-05-06 20:41 - 2017-03-18 23:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-05-06 20:41 - 2016-11-21 06:46 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-06 19:24 - 2017-03-18 23:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-05-06 19:22 - 2017-03-18 23:06 - 00000000 ____D C:\WINDOWS\Setup
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\en-GB
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-06 19:21 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-05-06 19:21 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-05-06 19:17 - 2017-03-20 06:40 - 00000000 ____D C:\WINDOWS\OCR
2017-05-06 19:15 - 2017-03-20 06:41 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\system32\winrm
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\system32\WCN
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\system32\slmgr
2017-05-06 19:15 - 2017-03-20 06:39 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\IME
2017-05-06 19:15 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-05-06 19:15 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\servicing
2017-05-06 19:08 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-05-06 19:08 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\MUI
2017-05-06 18:54 - 2016-09-19 04:36 - 00000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2017-05-06 18:52 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache
2017-05-06 18:52 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows NT
2017-05-06 18:51 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-05-06 18:51 - 2017-03-18 13:40 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2017-05-06 18:48 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-05-06 18:45 - 2017-03-20 06:41 - 00000000 ____D C:\WINDOWS\HoloShell
2017-05-06 18:45 - 2016-09-19 04:22 - 00023020 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-05-06 18:44 - 2017-03-18 23:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-05-06 18:37 - 2017-03-12 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-05-06 18:37 - 2017-01-23 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY
2017-05-06 18:37 - 2017-01-07 19:00 - 00000000 ____D C:\Users\necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Razor
2017-05-06 18:37 - 2016-12-04 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm Launcher
2017-05-06 18:37 - 2016-11-26 19:24 - 00000000 ____D C:\Users\necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mount&Blade Warband
2017-05-06 18:37 - 2016-11-24 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-05-06 18:37 - 2016-11-08 19:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFsam Basic
2017-05-06 18:37 - 2016-10-16 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-05-06 18:37 - 2016-09-27 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
2017-05-06 18:37 - 2016-09-18 14:13 - 00000000 ____D C:\Users\necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-05-06 18:37 - 2016-09-18 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-05-06 18:37 - 2016-09-18 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-05-06 18:37 - 2016-09-17 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2017-05-06 18:37 - 2016-09-17 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-05-06 18:37 - 2016-09-17 16:37 - 00000000 ____D C:\WINDOWS\SHELLNEW
2017-05-06 18:37 - 2016-09-17 14:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icewind Dale Enhanced Edition [GOG.com]
2017-05-06 18:37 - 2016-09-17 12:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2017-05-06 18:36 - 2017-03-18 23:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-05-06 18:36 - 2017-03-18 23:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-06 18:34 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-05-06 18:34 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-05-06 18:34 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-05-06 18:34 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-05-06 18:34 - 2017-03-11 19:52 - 00000000 ____D C:\WINDOWS\SysWOW64\Futuremark
2017-05-06 18:34 - 2016-11-09 04:30 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-05-06 18:33 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-05-06 18:33 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-05-06 18:33 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Common Files\System
2017-05-06 18:33 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-05-06 18:33 - 2017-03-12 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2017-05-06 18:33 - 2017-03-11 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
2017-05-06 18:33 - 2016-12-25 18:46 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-05-06 18:33 - 2016-11-09 04:30 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2017-05-06 18:33 - 2016-11-04 19:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-05-06 18:32 - 2015-07-10 13:04 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-05-06 18:29 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Help
2017-05-06 18:29 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-05-06 16:58 - 2017-03-12 22:12 - 00000000 ____D C:\Users\necro\AppData\Local\CrashDumps
2017-05-06 14:37 - 2016-09-16 23:55 - 00000000 ____D C:\Users\necro\AppData\Local\VirtualStore
2017-05-06 13:23 - 2016-09-17 02:39 - 00532136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-05-05 23:02 - 2016-09-21 19:25 - 00000000 ____D C:\Users\necro\Documents\My Games
2017-05-05 22:57 - 2016-09-19 20:28 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-05 21:09 - 2016-10-16 18:12 - 00000000 ____D C:\ProgramData\Oracle
2017-05-05 21:03 - 2016-10-16 18:12 - 00000000 ____D C:\Program Files (x86)\Java
2017-05-05 21:02 - 2016-10-16 18:12 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-05-05 19:49 - 2016-12-04 22:22 - 00000000 ____D C:\Program Files (x86)\FirestormLauncher
2017-05-05 19:33 - 2016-09-18 14:27 - 00000000 ____D C:\Users\necro\AppData\Local\Steam
2017-05-04 12:02 - 2016-09-17 00:17 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-05-02 21:22 - 2016-09-17 00:10 - 00000000 ____D C:\Users\necro\AppData\Local\Battle.net
2017-05-02 21:22 - 2016-09-17 00:09 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-05-02 21:12 - 2016-09-17 21:33 - 00215128 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2017-05-02 21:12 - 2016-09-17 21:32 - 00215128 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2017-05-02 18:32 - 2016-12-22 21:42 - 00001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-05-02 18:32 - 2016-12-22 21:42 - 00001028 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-04-28 21:38 - 2016-09-20 20:17 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-28 18:38 - 2016-11-12 00:52 - 00000000 ____D C:\Users\necro\AppData\Roaming\Origin
2017-04-24 19:11 - 2016-10-16 17:59 - 00000000 ____D C:\Users\necro\Downloads\Subs
2017-04-21 20:43 - 2016-09-17 21:32 - 00348360 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2017-04-21 20:42 - 2016-11-12 00:50 - 00000000 ____D C:\ProgramData\Origin
2017-04-18 21:08 - 2016-11-12 00:51 - 00000000 ____D C:\Program Files (x86)\Origin
2017-04-12 23:14 - 2016-11-24 20:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-04-12 23:14 - 2016-11-24 20:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-04-11 23:02 - 2016-09-17 14:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-11 23:00 - 2016-09-17 14:00 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-11 22:58 - 2015-07-10 13:04 - 00000167 _____ C:\WINDOWS\win.ini

==================== Files in the root of some directories =======

2017-03-11 20:40 - 2017-03-12 19:03 - 1307648 _____ () C:\Users\necro\AppData\Local\file__0.localstorage
2017-01-23 20:55 - 2017-01-23 20:55 - 0000600 _____ () C:\Users\necro\AppData\Local\PUTTY.RND
2017-05-06 01:20 - 2017-05-06 01:20 - 0007605 _____ () C:\Users\necro\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Smart Security 10.0.390.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: ESET Smart Security 10.0.390.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\necro\Desktop" je 834 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDFSSvc.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdate.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]


==================== End Of Log ==============================

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
HKU\S-1-5-21-2389767171-3205384170-2924529595-1001\Software\Microsoft\Internet Explorer\Main,Start Page =

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-05-2017
Ran by necro (07-05-2017 12:56:23) Run:1
Running from C:\Users\necro\Desktop
Loaded Profiles: necro (Available Profiles: necro)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
HKU\S-1-5-21-2389767171-3205384170-2924529595-1001\Software\Microsoft\Internet Explorer\Main,Start Page =

EmptyTemp:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found.
"C:\WINDOWS\system32\GroupPolicy\User" => not found.
HKU\S-1-5-21-2389767171-3205384170-2924529595-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully

=========== EmptyTemp: ==========

BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7469044 B
Java, Flash, Steam htmlcache => 35460500 B
Windows/system/drivers => 685951 B
Edge => 262593798 B
Chrome => 0 B
Firefox => 380047805 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 3266 B
NetworkService => 14280 B
necro => 10299861 B

RecycleBin => 68767269 B
EmptyTemp: => 735.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:56:45 ====

Smazáno. Nastala nějaká změna?

Nikoliv, stále se zhruba jednou do hodiny otevře odkaz s reklamou

Spusťte ještě tyto skeny:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by necro on po 08. 05. 2017 at 7:38:52,93.
Microsoft Windows 10 Pro 10.0.15063 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\necro\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2017-05-06-132418.log 970 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\LocalLow deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\LocalLow deleted successfully
C:\Users\necro\AppData\Local\DBG deleted successfully
C:\Users\necro\AppData\Local\PeerDistRepub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\necro\AppData\Roaming\Mozilla\Firefox\Profiles\23zg2mxx.default-1494074872078\prefs.js:

Added to C:\Users\necro\AppData\Roaming\Mozilla\Firefox\Profiles\23zg2mxx.default-1494074872078\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\found.000 deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\necro\AppData\Local\Unity deleted
C:\Users\necro\AppData\LocalLow\Unity deleted
C:\Users\necro\Downloads\UO_Renaissance_Client_Full.exe deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\necro\AppData\Roaming\Mozilla\Firefox\Profiles\23zg2mxx.default-1494074872078
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\necro\AppData\Roaming\Mozilla\Firefox\Profiles\23zg2mxx.default-1494074872078
- uBlock Origin - %ProfilePath%\extensions\uBlock0@raymondhill.net.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\necro\AppData\Roaming\Mozilla\Firefox\Profiles\23zg2mxx.default-1494074872078
F3CA2CB85343242C90065137BED6357D - c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll - Silverlight Plug-In
906061B57CF52CFE36F307F255B4D44E - c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrlui.dll - Microsoft® Silverlight


==== Chromium Look ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IESR02"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{85204665-3317-4953-BDB8-3BB60C75C130} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\necro\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\necro\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\necro\AppData\Local\Mozilla\Firefox\Profiles\23zg2mxx.default-1494074872078\cache2 will be emptied at reboot

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=53 folders=51 389781944 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\necro\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on po 08. 05. 2017 at 8:01:09,69 ======================



------------------------------------------------------------------------------------------------------------------------------------------------------------------------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Pro x64
Ran by necro (Administrator) on po 08. 05. 2017 at 8:03:34,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on po 08. 05. 2017 at 8:06:08,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A nyní ruská stránka s reklamou

FF zazálohujte pomocí MozBackup: http://www.stahuj.centrum.cz/utility_a_ ... mozbackup/ . Pak FF kompletně odinstalujte vč. jeho profilu (podadresáře Mozilla v c:\users\necro\appdata\local, c:\users\necro\appdata\roaming, c:\users\necro\data aplikací, c:\users\necro\local settings a v c:\program data musí být smazány). Potom udělejte novou, čistou instalaci FF a zpět ze zálohy nakopírujte pouze záložky a hesla.

Dnes přeinstalováno + vymazáno vše s pojmenováním firefox/mozilla, instalace proveda do jiné složky a zatím to vypadá ok, dám vědět večer.